830 files changed, 207830 insertions, 0 deletions
diff --git a/crypto/README b/crypto/README
new file mode 100644
index 0000000..efa958a
--- /dev/null
+++ b/crypto/README
@@ -0,0 +1,11 @@
+This directory is for the EXACT same use as src/contrib, execpt it
+holds crypto sources. As a consequence of USA law, this makes it export
+controlled, so it has to be kept separate.
+
+Please do not export the contents of this direcory and its
+subdirectories from the USA without the necessary permits.
+
+Please co-ordinate any changes you make here with markm@freebsd.org.
+
+Mark Murray
+3 May, 1997
diff --git a/crypto/kerberosIV/COPYRIGHT b/crypto/kerberosIV/COPYRIGHT
new file mode 100644
index 0000000..4222459
--- /dev/null
+++ b/crypto/kerberosIV/COPYRIGHT
@@ -0,0 +1,161 @@
+Copyright (c) 1995-1999 Kungliga Tekniska H�gskolan 
+(Royal Institute of Technology, Stockholm, Sweden).
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the Institute nor the names of its contributors
+   may be used to endorse or promote products derived from this software
+   without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+
+
+Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+   This product includes software developed by Eric Young (eay@mincom.oz.au)
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+
+
+Copyright (c) 1983, 1990 The Regents of the University of California.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+     This product includes software developed by the University of
+     California, Berkeley and its contributors.
+
+4. Neither the name of the University nor the names of its contributors
+   may be used to endorse or promote products derived from this software
+   without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+
+
+Copyright (C) 1990 by the Massachusetts Institute of Technology
+
+Export of this software from the United States of America is assumed
+to require a specific license from the United States Government.
+It is the responsibility of any person or organization contemplating
+export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+
+
+Copyright 1987, 1989 by the Student Information Processing Board
+	of the Massachusetts Institute of Technology
+
+Permission to use, copy, modify, and distribute this software
+and its documentation for any purpose and without fee is
+hereby granted, provided that the above copyright notice
+appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation,
+and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+used in advertising or publicity pertaining to distribution
+of the software without specific, written prior permission.
+M.I.T. and the M.I.T. S.I.P.B. make no representations about
+the suitability of this software for any purpose.  It is
+provided "as is" without express or implied warranty.
+
+
+
+Copyright 1992 Simmule Turner and Rich Salz.  All rights reserved. 
+
+This software is not subject to any license of the American Telephone 
+and Telegraph Company or of the Regents of the University of California. 
+
+Permission is granted to anyone to use this software for any purpose on
+any computer system, and to alter it and redistribute it freely, subject
+to the following restrictions:
+
+1. The authors are not responsible for the consequences of use of this
+   software, no matter how awful, even if they arise from flaws in it.
+
+2. The origin of this software must not be misrepresented, either by
+   explicit claim or by omission.  Since few users ever read sources,
+   credits must appear in the documentation.
+
+3. Altered versions must be plainly marked as such, and must not be
+   misrepresented as being the original software.  Since few users
+   ever read sources, credits must appear in the documentation.
+
+4. This notice may not be removed or altered.
+
diff --git a/crypto/kerberosIV/ChangeLog b/crypto/kerberosIV/ChangeLog
new file mode 100644
index 0000000..cd39323
--- /dev/null
+++ b/crypto/kerberosIV/ChangeLog
@@ -0,0 +1,5384 @@
+1999-11-29
+
+	* lib/krb/krb-protos.h (tf_get_cred_addr): add prototype
+	* lib/krb/tf_util.c (tf_get_cred_addr): new function for fetching
+	the NAT addresses stored in the ticket file. From
+	<thn@stacken.kth.se>
+
+	* kuser/klist.c (display_tktfile): dump the IP address being used
+	when in NAT-mode.  From <thn@stacken.kth.se>
+
+1999-11-25
+
+	* appl/bsd/rlogind.c (main): getopt returns -1 and not EOF.  From
+	<art@stacken.kth.se>
+
+	* lib/krb/krb_ip_realm.c (krb_add_our_ip_for_realm): new function
+	for obtaining the IP address that the KDC sees us as coming from.
+	From <thn@stacken.kth.se>
+
+	* lib/krb/tf_util.c (tf_get_addr, tf_store_addr): new functions
+	for storing the NAT-ed address per realm
+	(tf_get_cred): make sure to ignore all magic credentials
+
+	* lib/krb/get_in_tkt.c (krb_get_pw_in_tkt2): if using NAT, store
+	the address the the KDC saw. (krb_add_our_ip_for_realm)
+
+	* lib/krb/send_to_kdc.c: rewrite some.  Make sure that we do not
+	do any hostname lookups when using http through a proxy (the proxy
+	is supposed to do that in the `real' name-space).
+
+1999-11-19
+
+	* appl/bsd/rcmd_util.c (conv): add EXTA and EXTB
+	
+Tue Nov 16 1999
+
+	* lib/krb/defaults.c (krb_get_default_keyfile): Get value of
+ 	KEYFILE from /etc/krb.extra.
+
+1999-11-13
+
+	* **/*.c (main): getopt returns -1 not EOF.  From
+	<art@stacken.kth.se>
+
+	* configure.in: check for fields in `struct tm' and variable
+	`timezone', used by strftime
+	* configure.in (AC_BROKEN): strptime is a new function in roken
+	opt*: more header files for the tests
+	
+Tue Nov 2 1999
+
+	* lib/krb/krb.h (TKT_ROOT): Change the definition of TKT_ROOT to a
+ 	function call. The returned value is settable in /etc/krb.extra
+ 	with the construct krb_default_tkt_root = /tmp/tkt_.
+
+1999-10-06
+
+	* lib/krb/verify_user.c: remove ERICSSON_COMPAT, it's apparently
+ 	no longer needed
+
+Mon Oct 4 1999
+
+	* appl/bsd/klogin.c (multiple_get_tkt): Must use appropiate realm
+ 	name when calling krb_get_pw_in_tkt or else you will receive an
+ 	inter-realm TGT.
+
+1999-10-03
+
+	* doc/problems.texi: add blurb about irix abi:s
+
+1999-09-27
+
+	* lib/krb/tf_util.c (tf_init): cygwin work-around
+
+1999-09-16
+
+	* configure.in: test for strlcpy, strlcat
+
+	* admin/kdb_util.c (main): support `-' as an alias for stdout.
+  	originally from Fredrik Ljungberg <flag@astrogator.se>
+
+1999-09-15
+
+	* include/Makefile.in: remove duplicate parse_time.h
+
+	* kadmin/ksrvutil_get.c (get_srvtab_ent): better error messages
+
+1999-09-12
+
+	* configure.in: revert back awk test, now worked around in
+ 	roken.awk
+
+1999-09-06
+
+	* doc/problems.texi: document a really working fix for the xlc
+	-qnolm bug
+
+1999-09-04
+
+	* doc/problems.texi: comment about xlc -E brokenness
+
+1999-09-01
+
+	* lib/krb/get_krbrlm.c (krb_get_lrealm_f): treat n = 0 the same as
+	if it were 1 (this should make it backwards compatible with apps
+	that pass 0 for n)
+
+1999-08-25
+
+	* appl/bsd/login.c: surround SGI capability stuff with
+	`defined(HAVE_CAP_SET_PROC)'
+
+1999-08-24
+
+	* kadmin/kadmin.c (add_new_key): add missing space when printing
+ 	generated passwords.  bug reported by Per Eriksson DMC
+ 	<perixon@dsv.su.se>
+	
+	* lib/krb/verify_user.c (krb_verify_user_srvtab): return last
+ 	error instead of KFAILURE when everything fails.
+
+	* appl/bsd/klogin.c (multiple_get_tkt): return last error instead
+ 	of KFAILURE when everything fails.
+
+1999-08-18
+
+	* doc/problems.texi: some y2k stuff
+
+	* doc/kth-krb.texi: update copyright, and menu
+
+	* doc/intro.texi: remove unix-system section, since it's
+	impossible to keep up to date
+
+1999-08-13
+
+	* configure.in: test for inet_pton include <sys/types.h> in all
+ 	utmp tests
+
+1999-07-27
+
+	* configure.in: test for struct sockaddr_storage and sa_family
+ 	brokenize inet_ntop
+
+1999-07-24
+
+	* kadmin/ksrvutil_get.c (get_srvtab_ent): try to print better
+ 	error messages
+
+	* configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \#
+ 	in lib/roken/roken.awk
+
+1999-07-22
+
+	* acconfig.h (SunOS): remove definition
+
+	* configure.in: define SunOS to xy for SunOS x.y
+
+1999-07-19
+
+	* configure.in (AC_BROKEN): check for copyhostent, freehostent,
+ 	getipnodebyname, getipnodebyaddr
+
+1999-07-13
+
+	* configure.in: use AC_FUNC_GETLOGIN
+
+1999-07-07
+
+	* kadmin/admin_server.c (main): call krb_get_lrealm correctly
+
+	* appl/bsd/rlogind.c (lowtmp): fill in ut_id
+
+1999-07-06
+
+	* include/bits.c: move around __attribute__ to make it work with
+ 	old gcc
+
+	* appl/bsd/rcp.c (rsource): remove trailing slashes which
+ 	otherwise makes us fail
+
+1999-07-04
+
+	* appl/afsutil/aklog.c (epxand_cell_name): terminate on #
+
+	* lib/kadm/kadm_cli_wrap.c (kadm_cli_send): free the right memory
+ 	(none) when kadm_cli_out fails.  based on a patch by Buck Huppmann
+ 	<Charles-Huppmann@UIowa.edu>
+
+1999-06-24
+
+	* configure.in: check for sgi capability stuff
+
+	* appl/bsd/login.c: add some kind of sgi capability capability
+
+1999-06-23
+
+	* acconfig.h (HAVE_KRB_DISABLE_DEBUG): always define.  this makes
+ 	the telnet code easier when building heimdal with an older krb4
+
+	* lib/krb/kuserok.c (krb_kuserok): add support for multiple local
+ 	realms and de-support entries without realm in ~/.klogin
+
+1999-06-19
+
+	* lib/krb/send_to_kdc.c: and a new variable `timeout' in krb.extra
+ 	instead of always having a timeout of four seconds.  based on a
+ 	patch by Mattias Amnefelt <mattiasa@stacken.kth.se>
+
+1999-06-17
+
+	* appl/bsd/rshd.c: use DES_RW_MAXWRITE instead of BUFSIZ (for
+ 	consistency)
+
+	* appl/bsd/rsh.c: use DES_RW_MAXWRITE instead of BUFSIZ.
+  	Otherwise, des_enc_read might be buffering data to us and it can
+ 	get returned on a des_enc_read to another fd that the original one
+ 	:-(
+
+	* appl/bsd/bsd_locl.h: DES_RW_{MAXWRITE,BSIZE}
+
+	* appl/bsd/encrypt.c: move MAXWRITE and BSIZE to bsd_locl.h and
+ 	rename them to DES_RW_\1
+
+1999-06-16
+
+	* kuser/kdestroy.c: make unlog and tickets function correctly
+
+	* configure.in: correct variables used for socks includes and libs
+
+
+	* lib/krb/{debug_decl.c,krb-protos.h}: add krb_disable_debug
+
+1999-06-15
+
+	* kuser/klist.c (display_tokens): type correctness
+
+	* lib/krb/send_to_kdc.c (url_parse): always return the port in
+ 	network byte order (and be more careful when parsing the port
+ 	number)
+
+	* lib/krb/send_to_kdc.c (http_recv): handle both HTTP/1.0 and
+ 	HTTP/1.1 in reply
+
+1999-06-06
+
+	* configure.in: use KRB_CHECK_X
+	
+	* kuser/kdestroy.c: use print_version
+	
+Wed Jun 2 1999
+
+	* kadmin/kadmin.c: use print_version; (mod_entry): add command
+	line options
+	
+1999-05-21
+
+	* appl/bsd/login.c: limit more stuff for crays; fix call to
+	login_access
+
+1999-05-19
+
+	* man/Makefile.in (install, uninstall): handle relative paths (fix
+ 	editline)
+
+1999-05-18
+
+	* appl/bsd/bsd_locl.h: update prototype for login_access; declare
+	`struct aud_rec' to keep AIX xlc happy
+
+1999-05-14
+
+	* appl/bsd/login_access.c: merge in more recent code
+
+	* configure.in (CHECK_NETINET_IP_AND_TCP): use
+
+1999-05-10
+
+	* lib/krb/get_host.c (parse_address): remove trailing slash
+	
+	* lib/krb/send_to_kdc.c (prog): nuke
+	(send_to_kdc): restructure.  make sure we have used all of the
+	addresses from gethostbyname before calling send_recv
+	(send_recv): removed unused parameters
+	(url_parse): remove trailing slash
+	(http_recv): make sure the http transaction was succesful
+
+1999-05-08
+
+	* configure.in: use the correct include files for the utmp tests
+
+	* appl/movemail/pop.c: rename getline -> pop_getline removed
+ 	duplicate prototypes
+
+	* configure.in: db.h: test for
+	(getmsg): check for existence before checking if it works (otherwise
+	it fails with glibc2.1 that implements an always failing getmsg)
+
+	* acconfig.h (_GNU_SOURCE): define this to enable (used)
+ 	extensions on glibc-based systems such as linux
+
+	* configure.in: test for strndup
+
+1999-04-21
+
+	* configure.in: replace AC_TEST_PACKAGE with AC_TEST_PACKAGE_NEW
+ 	fix test for readline.h add test for four argument el_init
+ 	remember to link with $LIB_tgetent when trying linking with
+ 	readline
+
+1999-04-16
+
+	* configure.in: check for prototype of strsep
+
+Sat Apr 10 1999
+
+	* configure.in: fix readline logic
+
+Fri Apr 9 1999
+
+	* man/Makefile.in: add editline and push.  make install rules
+ 	handle paths
+
+Wed Apr 7 1999
+
+	* appl/movemail/Makefile.in: fix names of hesiod variables
+
+	* configure.in: fix readline flags
+
+Mon Mar 29 1999
+
+	* appl/bsd/utmpx_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
+
+	* appl/bsd/utmp_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
+
+	* appl/bsd/rlogind.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
+
+	* configure.in: include <sys/types.h> in test for ut_*; use
+ 	AC_CHECK_XAU
+
+	* configure.in: utmp{,x} -> struct utmp{,x}
+
+Sat Mar 27 1999
+
+	* configure.in: AC_CHECK_OSFC2
+
+Fri Mar 19 1999
+
+	* configure.in: use AC_SHARED_LIBS
+
+	* configure.in: remove AIX install hack (fixed in autoconf 2.13)
+
+
+	* server/kerberos.c: fix some printf format strings
+
+Wed Mar 17 1999
+
+	* lib/krb/krb.h (KRB_VERIFY_NOT_SECURE): add for completeness
+
+	* lib/auth/sia/sia.c (common_auth): use KRB_VERIFY_SECURE instead
+ 	of 1
+
+	* lib/auth/pam/pam.c (doit): use KRB_VERIFY_SECURE instead of 1
+
+	* lib/auth/afskauthlib/verify.c (afs_verify): use
+ 	KRB_VERIFY_SECURE instead of 1
+
+Tue Mar 16 1999
+
+	* lib/krb/verify_user.c (krb_verify_user): handle multiple local
+ 	realms
+	(krb_verify_user_multiple): remove
+
+	* lib/krb/krb-protos.h (krb_verify_user_multiple): remove
+
+	* lib/auth/pam/pam.c: krb_verify_user_multiple -> krb_verify_user
+
+	* lib/auth/sia/sia.c: krb_verify_user_multiple -> krb_verify_user
+
+	* lib/auth/afskauthlib/verify.c: krb_verify_user_multiple ->
+ 	krb_verify_user
+
+
+	* lib/krb/getaddrs.c: SOCKADDR_HAS_SA_LEN ->
+ 	HAVE_STRUCT_SOCKADDR_SA_LEN
+
+Sat Mar 13 1999
+
+	* lib/kadm/check_password.c (kadm_check_pw): cast when calling is*
+ 	to get rid of a warning
+
+	* lib/acl/acl_files.c (nuke_whitespace): cast when calling is* to
+ 	get rid of a warning
+
+	* kadmin/ksrvutil.c (usage): update. improve error messages
+	
+	* appl/bsd/sysv_default.c (trim): cast when calling is* to get rid
+ 	of a warning
+
+	* appl/bsd/rshd.c (doit): more parenthesis to make gcc happy
+
+	* appl/bsd/rsh.c: add `-p'
+
+	* appl/bsd/rlogin.c (main): more paranoid parsing of `-p'
+
+	* appl/bsd/rcp.c (sink): cast when calling is* to get rid of a
+ 	warning
+
+	* appl/bsd/login_access.c (login_access): cast when calling
+ 	isspace to get rid of a warning
+
+	* include/bits.c (my_strupr): rename to strupr and ifdef
+	(try_signed, try_unsigned): add __attribute__ junk to get rid of two
+	warnings
+
+	* appl/bsd/Makefile.in (SOURCES): add osfc2.c
+
+	* admin/kdb_util.c (update_ok_file): add fallback utimes (some
+ 	systems seem to fail updating the timestamp with open(), close())
+
+	* server/kerberos.c (main): more paranoid parsing of `-a' and `-p'
+
+Thu Mar 11 1999
+
+	* configure.in: AC_BROKEN innetgr
+
+	* lib/krb/send_to_kdc.c: fix types in format string
+
+	* lib/krb/get_host.c: add some if-braces to keep gcc happy
+
+	* lib/kadm/kadm_supp.c: fix types in format string
+
+	* lib/auth/sia/Makefile.in: WFLAGS
+
+	* include/bits.c: fix types in format string
+
+	* appl/bsd/su.c: add some if-braces to keep gcc happy
+
+	* appl/bsd/rlogind.c: add some if-braces to keep gcc happy
+
+	* appl/bsd/rlogin.c: add some if-braces to keep gcc happy
+
+	* appl/bsd/login.c: add some if-braces to keep gcc happy
+
+	* appl/afsutil/pagsh.c: fix types in format string
+
+Wed Mar 10 1999
+
+	* server/kerberos.c: remove unused k_instance
+
+	* lib/krb/krb-protos.h (read_service_key): add some consts to
+ 	prototype
+
+	* lib/krb/read_service_key.c (read_service_key): add some consts
+ 	to prototype
+
+	* appl/sample/sample_server.c: openlog -> roken_openlog
+
+	* appl/kip/kipd.c: openlog -> roken_openlog
+
+	* configure.in: use AC_WFLAGS
+
+Mon Mar 1 1999
+
+	* acinclude.m4: add
+
+	* configure.in: typo
+
+	* Makefile.in: use aclocal
+
+	* Makefile.export: use aclocal
+
+	* configure.in: update to autoconf 2.13
+
+	* aclocal.m4.in: have-struct-field.m4, check-type-extra.m4
+
+	* acconfig.h: update to autoconf 2.13
+
+	* lib/auth/sia/sia.c: SIAENTITY_HAS_OUID -> HAVE_SIAENTITY_OUID
+
+Tue Feb 23 1999
+
+	* configure.in: don't include afsl.exp in libkafs.a if building
+ 	with dynamic afs support (breaks egcs 1.1.1)
+
+	* configure.in: don't build rxkad if not building afs-support
+
+Mon Feb 22 1999
+
+	* include/Makefile.in: clean up handling of missing system headers
+
+	* configure.in: clean up handling of missing system headers
+
+	* aclocal.m4.in: broken-snprintf.m4 broken-glob.m4
+
+	* acconfig.h: NEED_{SNPRINTF,GLOB}_PROTO
+
+Mon Feb 15 1999
+
+	* configure.in (gethostname, mkstemp): test for prototype
+
+	* configure.in: homogenize broken detection with heimdal
+
+Thu Feb 11 1999
+
+	* lib/krb/verify_user.c: If secure == KRB_VERIFY_SECURE_FAIL,
+ 	return ok if there isn't any service key (or if it can't be read).
+
+	* lib/krb/krb.h: KRB_VERIFY_SECURE, KRB_VERIFY_SECURE_FAIL
+
+Wed Jan 13 1999
+
+	* kadmin/kadmin.c (add_new_key): enable the `-p password' option
+ 	and add the missing code.
+
+	* appl/bsd/login_fbtab.c (login_protect): remove `/*' from string
+ 	before reading the directory.  From "Brandon S. Allbery"
+ 	<allbery@ece.cmu.edu>
+
+Fri Dec 18 1998
+
+	* man/kadmin.8 (-t): add a note about using `kinit -p'
+
+Mon Dec 14 1998
+
+	* lib/krb/name2name.c (krb_name_to_name): really verify we have an
+ 	alias before trying to use it as the primary name.
+
+Fri Nov 27 1998
+
+	* lib/krb/send_to_kdc.c (url_parse): use correct length when
+ 	copying the hostname
+
+Sun Nov 22 1998
+
+	* configure.in, acconfig.h: NEED_HSTRERROR_PROTO
+
+
+	* configure.in: use AC_KRB_STRUCT_SPWD
+
+	* slave/Makefile.in (WFLAGS): set
+
+	* server/Makefile.in (WFLAGS): set
+
+	* lib/krb/send_to_kdc.c (send_recv): add `int'
+
+	* lib/krb/decomp_ticket.c (decomp_ticket): if the realm is empty,
+ 	use the local realm.
+
+	* lib/krb/Makefile.in (WFLAGS): set
+
+	* lib/kdb/krb_lib.c (kerb_get_principal): correct test
+	(kerb_put_principal): remove unused variable
+
+	* lib/kdb/Makefile.in (WFLAGS): set
+
+	* lib/auth/pam/Makefile.in (WFLAGS): set
+
+	* lib/auth/afskauthlib/Makefile.in (WFLAGS): set
+
+	* lib/acl/Makefile.in (WFLAGS): set
+
+	* kuser/Makefile.in (WFLAGS): set
+
+	* kadmin/Makefile.in (WFLAGS): set
+
+	* include/Makefile.in (WFLAGS): set
+
+	* appl/sample/sample_client.c (main): remove unused variable
+
+	* appl/sample/Makefile.in (WFLAGS): set
+
+	* appl/movemail/Makefile.in (WFLAGS): set
+
+	* appl/kip/Makefile.in (WFLAGS): set
+
+	* appl/bsd/Makefile.in (WFLAGS): set
+
+	* appl/afsutil/pagsh.c (main): fall back to running /bin/sh if
+ 	execvp fails.
+
+	* appl/afsutil/Makefile.in (WFLAGS): set
+
+	* admin/kdb_edit.c (change_principal): remove unused variable
+
+	* admin/Makefile.in (WFLAGS): set
+
+	* configure.in: check for crypt, environ and struct spwd
+
+Thu Nov 19 1998
+
+	* appl/movemail/Makefile.in: link and include hesiod
+
+	* configure.in: test for hesiod
+
+Wed Nov 18 1998
+
+	* kadmin/kadm_locl.h: include <arpa/inet.h>
+
+	* configure.in (freebsd3): seems to like symbolic links for the
+ 	shared libraries
+
+1998-11-07
+
+	* Makefile.export (ChangeLOG): handle emacs20-style changelog
+	entries
+
+	* lib/kdb/krb_dbm.c (kerb_db_get_principal, kerb_db_iterate):
+	check return value from `dbm_open'
+
+Fri Oct 23 1998
+
+	* lib/kadm/kadm.h: enable new extended kadmin fields by default
+
+Thu Oct 22 1998
+
+	* lib/krb/get_host.c (read_file): add more kinds of whitespace
+
+	* lib/krb/lsb_addr_comp.c: fix(?) calculations regrding
+ 	`firewall_address'
+
+	* kadmin/kadmin.c: change timeout to 5 minutes, (sigarlm): only
+ 	print message if any tickets were actually destroyed, (main): less
+ 	noise, (add_new_key): some cleanup, (del_entry): allow more than
+ 	one principal on command line, (get_entry): set more flags
+
+	* lib/kadm/kadm.h: add code to get modification date, modifier and
+ 	key version number
+
+	* lib/kadm/kadm_supp.c: add code to get modification date,
+ 	modifier and key version number
+
+	* lib/kadm/kadm_stream.c: add code to get modification date,
+ 	modifier and key version number
+
+Tue Oct 13 1998
+
+	* lib/kadm/Makefile.in: ROKEN_RENAME
+
+	* lib/krb/roken_rename.h: add strnlen
+
+	* lib/krb/Makefile.in: add strnlen
+
+Sat Oct 3 1998
+
+	* doc/install.texi: add comment about afskauthlib being in the
+ 	correct object format
+
+Thu Oct 1 1998
+
+	* kadmin/kadmin.c (change_admin_password): add `alarm(0)' to
+ 	prevent it from timing out
+
+
+	* lib/krb/time.c (krb_kdctimeofday): set `tv'.  fix from Thomas
+ 	Nystr�m <thn@stacken.kth.se>
+
+Mon Sep 28 1998
+
+	* appl/bsd/osfc2.c: lots of C2 magic
+
+	* appl/bsd/{rshd,rcp_util,rcp}.c: do C2 stuff
+
+	* appl/bsd/login.c: move C2 stuff to osfc2.c
+
+	* appl/bsd/login.c: call `set_auth_parameters' if OSFC2
+
+Sun Sep 27 1998
+
+	* appl/bsd/login.c: add some code to call setluid
+
+Sat Sep 26 1998
+
+	* appl/sample/sample_client.c (main): correct test
+
+Sat Sep 12 1998
+
+	* configure.in (XauReadAuth): reverse test and check for -lX11
+ 	before -lXau, otherwise the test fails on Irix 6.5
+
+Sun Sep 6 1998
+
+	* lib/krb/krb-protos.h: fix prototypes for krb_net_{read,write}
+
+	* lib/krb/krb_net_{read,write}.c: new files
+
+	* lib/krb/Makefile.in: add krb_net_{read,write}
+
+Fri Sep 4 1998
+
+	* lib/auth/sia/sia.c (siad_ses_launch, siad_ses_reauthent): use
+ 	krb_afslog_home
+
+	* lib/auth/pam/pam.c (pam_sm_open_session): use krb_afslog_home
+
+	* lib/auth/afskauthlib/verify.c (afs_verify): use
+ 	krb_afslog_uid_home
+
+Sun Aug 30 1998
+
+	* lib/krb/get_host.c: patch from Derrick J Brashear
+ 	<shadow@dementia.org> for doing less DNS lookups
+
+Sun Aug 23 1998
+
+	* lib/krb/ticket_memory.c (tf_save_cred): use memcpy to copy the
+ 	session key.
+
+Tue Aug 18 1998
+
+	* kadmin/kadmin.c (change_password): add `--random'.  From Love
+ 	H�rnquist-�strand <lha@elixir.e.kth.se>
+
+Thu Aug 13 1998
+
+	* lib/kclient/KClient.c (KClientErrorText): copy the string.
+  	Patch from Daniel Staaf <d96-dst@nada.kth.se>
+
+Tue Jul 28 1998
+
+	* appl/bsd/rsh.c (main): make sure not to send `-K' before the
+ 	hostname when re-execing
+
+	* appl/bsd/su.c: openlog LOG_AUTH
+
+Fri Jul 24 1998
+
+	* lib/krb/create_ciph.c: typo: s/tmp/rem/
+
+Wed Jul 22 1998
+
+	* lib/krb/send_to_kdc.c (send_recv): return FALSE if recv failed
+ 	so that we try the next server
+
+	* configure.in (*-*-sunos): no lib_deps
+
+	* include/protos.H (utime): update prototype
+
+Thu Jul 16 1998
+
+	* acconfig.h (DBDIR, MATCH_SUBDOMAINS): added
+
+	* configure.in (--enable-match-subdomains): added
+	(--with-db-dir): added
+
+	* lib/krb/getrealm.c (file_find_realm): fix MATCH_SUBDOMAINS code.
+  	Patch originally from R Lindsay Todd <toddr@rpi.edu>
+
+	* lib/krb/dllmain.c: clean-up patch from <d96-dst@nada.kth.se>
+
+	* appl/krbmanager: patches from <d96-dst>
+
+Mon Jul 13 1998
+
+	* appl/sample/sample_client.c (main): don't advance
+ 	hostent->h_addr_list, use a copy instead
+
+	* appl/bsd/kcmd.c (kcmd): don't advance hostent->h_addr_list, use
+ 	a copy instead
+
+Fri Jul 10 1998
+
+	* lib/krb/net{read,write}.c: removed
+
+	* lib/krb/Makefile.in: grab net_{read,write}.c from roken
+
+	* lib/krb/roken_rename.h: add krb_net_{write,read}
+
+	* lib/krb/create_ciph.c (create_ciph): return KFAILURE instead of
+ 	NULL
+
+	* lib/kadm/kadm_cli_wrap.c (kadm_get): return KADM_NOMEM, not NULL
+
+Wed Jul 8 1998
+
+	* server/kerberos.c (make_sockets): strdup the port specification
+ 	before strtok_r:ing it
+
+	* lib/krb/extra.c (define_variable): return 0
+
+	* kuser/klist.c (display_tktfile): only print time diff and
+ 	newline if using the longform
+
+Tue Jun 30 1998
+
+	* lib/krb/send_to_kdc.c (send_to_kdc): be careful in not advancing
+ 	the h_addr_list pointer in the hostent structure
+
+	* lib/krb/time.c (krb_kdctimeofday): handle the case of `time_t'
+ 	and the type of `tv_sec' being different.  patch originally from
+ 	<art@stacken.kth.se>
+
+	* man/afslog.1: add refs to kafs and kauth
+
+	* man/kauth.1: add refs to kafs
+
+	* lib/krb/krb_get_in_tkt.c (krb_mk_as_req): remove old code laying
+ 	around.
+
+	* lib/krb/Makefile.in: add strcat_truncate.c
+
+	* lib/auth/sia/krb4+c2_matrix.conf: fix broken lines and typos
+
+	* kuser/klist.c (display_tokens): print expired for expired tokens
+
+Sat Jun 13 1998
+
+	* kadmin/kadm_ser_wrap.c (kadm_ser_init): new argument `addr'
+
+	* kadmin/admin_server.c: new argument `-i' for listening on a
+ 	single address
+
+Mon Jun 8 1998
+
+	*  Release 0.9.9
+
+Wed Jun 3 1998
+
+	* lib/krb/extra.c: implement read_extra_file() for Win32
+
+Fri May 29 1998
+
+	* configure.in: removed duplicate crypt
+
+	* lib/kdb/Makefile.in (roken_rename.h): remove dependency
+
+	* lib/acl/Makefile.in (roken_rename.h): remove dependency
+
+	* lib/krb/roken_rename.h: remove duplicate flock
+
+	* appl/afsutil/aklog.c (createuser): fclose the file
+
+Wed May 27 1998
+
+	* lib/krb/Makefile.in (extra.c): add
+
+	* slave/kpropd.c: k_flock -> flock
+
+	* slave/kprop.c: k_flock -> flock
+
+	* lib/krb/tf_util.c: k_flock -> flock
+
+	* lib/krb/roken_rename.h: add base64* and flock
+
+	* lib/krb/kntoln.c: k_flock -> flock
+
+	* lib/kdb/krb_dbm.c: k_flock -> flock
+
+	* lib/kdb/Makefile.in: use ROKEN_RENAME to get hold of renames
+ 	symbols
+
+Tue May 26 1998
+
+	* lib/krb/extra.c: add read flag, so we don't have to look for
+ 	non-existant files several times
+
+	* lib/krb/send_to_kdc.c: use krb_get_config_string()
+
+	* lib/krb/lsb_addr_comp.c: use krb_get_config_bool()
+
+	* lib/krb/krb_get_in_tkt.c: use krb_get_config_bool()
+
+	* lib/krb/extra.c: parse and use krb.extra file for special
+ 	configurations, to lessen the number of environment variables used
+
+	* lib/krb/getfile.c: cleanup and add `krb_get_krbextra'
+
+	* lib/krb/debug_decl.c: add krb_enable_debug
+
+	* lib/krb/lsb_addr_comp.c (lsb_time): if KRB_REVERSE_DIRECTION is
+ 	set, negate time (fix for some firewalls)
+
+Mon May 25 1998
+
+	* lib/krb/Makefile.in (clean): try to remove shared library debris
+	(LIBDES and LIB_DEPS): try to figure out dependencies
+
+	* lib/kdb/Makefile.in (clean): try to remove shared library debris
+
+	* lib/kadm/Makefile.in (clean): try to remove shared library
+ 	debris
+
+	* configure.in: make symlink magic work with libsl
+
+Mon May 18 1998
+
+	* appl/bsd/login.c: Hack for AIX 4.3.
+
+Thu May 14 1998
+
+	* configure.in: mips-api support.  From Derrick J Brashear
+ 	<shadow@dementia.org>
+
+	* configure.in: --enable-legacy-kdestroy: added.  From Derrick J
+ 	Brashear <shadow@dementia.org>
+
+	* kuser/kdestroy.c: LEGACY_KDESTROY: add
+
+Wed May 13 1998
+
+	* lib/krb/krb.h (const, signed): define when compiling with
+ 	non-ANSI comilers.  From Derrick J Brashear <shadow@dementia.org>
+
+Mon May 11 1998
+
+	* kadmin/admin_server.c: Fix reallocation bug.
+
+Fri May 1 1998
+
+	* configure.in: don't test for winsock.h
+
+	* slave/kprop.c: unifdef -DHAVE_H_ERRNO
+
+	* appl/sample/sample_client.c: unifdef -DHAVE_H_ERRNO
+
+	* appl/movemail/pop.c: unifdef -DHAVE_H_ERRNO
+
+	* appl/kip/kip.c: unifdef -DHAVE_H_ERRNO
+
+Mon Apr 27 1998
+
+	* appl/ftp/ftpd/krb4.c (krb4_adat): applied patch from Love
+ 	<lha@elixir.e.kth.se> for checking address in krb_rd_req
+
+Sun Apr 26 1998
+
+	* appl/Makefile.in (SUBDIRS): add push
+
+Sun Apr 19 1998
+
+	* configure.in: fix for the symlink magic. From Gregory S. Stark
+ 	<gsstark@mit.edu>
+
+	* doc/Makefile.in (install): ignore failures from install-info.
+
+	* lib/krb/Makefile.in (install): don't install include files with
+ 	x bit
+
+	* lib/kadm/Makefile.in (install): don't install include files with
+ 	x bit
+
+	* man/Makefile.in: don't install getusershell
+
+	* lib/krb/Makefile.in: add symlink magic for linux.
+	only link in com_err.o and error.o if building shared
+
+	* lib/kdb/Makefile.in: add symlink magic for linux
+
+	* lib/kadm/Makefile.in: add symlink magic for linux
+
+	* configure.in: add symlink magic for Linux
+
+	* appl/kx/common.c (connect_local_xsocket): update to try the list
+ 	of potential socket pathnames
+
+Tue Apr 7 1998
+
+	* lib/krb/getaddrs.c: Don't bail out if various ioctl's fail.
+
+
+	* doc/Makefile.in (kth-krb.info): use `--no-split'
+
+Mon Apr 6 1998
+
+	* configure.in: add --disable-cat-manpages
+
+	* configure.in: call the shared libraries so.0.9.9 on linux
+
+Sat Apr 4 1998
+
+	* lib/Makefile.in (SUBDIRS): changed order so that editline is
+ 	built before sl
+
+	* lib/*/Makefile.in: shared library dependency information
+
+	* doc/Makefile.in (clean): remove *.info*
+
+	* merge in win32 changes from <flag@astrogator.se> and
+ 	<jfa@pobox.se>
+
+	* Makefile.export: aux -> cf
+
+	* Makefile.in: aux -> cf
+
+	* appl/voodoo/TelnetEngine.cpp (TelnetEngine::Connect): check the
+ 	return from `gethostbyname'
+
+	* appl/bsd/bsd_locl.h: Check for <io.h> and conditionalize
+ 	prepare_utmp.  From <d96-mst@nada.kth.se>
+
+	* acconfig.h (__EMX__): define MAIL_USE_SYSTEM_LOCK.  From
+ 	<d96-mst@nada.kth.se>
+
+	* include/bits.c: renamed `strupr' to `my_strupr' not to conflict
+ 	with any exiting strupr.
+
+Sat Mar 28 1998
+
+	* Makefile.in (install): use DESTDIR
+
+	* include/Makefile.in (install): depend on all
+
+	* man/Makefile.in (install, uninstall): use transform correctly
+
+Fri Mar 27 1998
+
+	* configure.in: don't look for dbopen.  From Derrick J Brashear
+ 	<shadow@dementia.org>
+	(termcap.h): check for
+
+	* lib/krb/Makefile.in: fix for LD options on solaris.  From
+ 	Derrick J Brashear <shadow@dementia.org>
+
+Thu Mar 19 1998
+
+	* appl/kx/common.c: Trying binding sockets in the special
+	directories for some versions of Solaris and HP-UX
+
+
+	* lib/krb/kdc_reply.c: Check for error code of zero in error
+ 	packet from KDC.
+
+Wed Mar 18 1998
+
+	* appl/kx/common.c (get_xsockets): try getting sockets in lots of
+ 	places
+	
+	* appl/kauth/kauth.c: return error code from child (plus shell
+ 	magic)
+
+
+	* lib/krb/getrealm.c (krb_realmofhost), lib/krb/get_krbrlm.c
+ 	(krb_get_lrealm, krb_get_default_realm): When figuring out a
+ 	default local realm name avoid going into infinite loops.
+
+Sun Mar 15 1998
+
+	* configure.in: test for <term.h> and search for `tgetent' in
+	ncurses.  From Gregory S. Stark <gsstark@mit.edu>
+
+	* **/Makefile.in: add DESTDIR support and .PHONY
+
+Sat Mar 7 1998
+
+	* kadmin/ksrvutil.c: Remove kvno zero restriction.
+
+	* configure.in: Add option `--disable-dynamic-afs' do disable AIX
+ 	dynamic loading of afs syscall library. This should hopefully also
+ 	work with AIX 3.
+
+	* kadmin/ksrvutil.c: Add `delete' function (from Chris Chiappa
+ 	<griffon+@cmu.edu>).
+
+Thu Feb 26 1998
+
+	* kadmin/kadmin.c (do_init): fix check of return value from
+ 	krb_get_default_principal
+
+	* lib/kadm/kadm_stream.c (stv_string): use correct offset
+
+Sat Feb 21 1998
+
+	* include/Makefile.in: add parse_time.h
+
+	* lib/krb/solaris_compat.c: new file with alternative entry points
+	compatible with solaris's libkrb.
+
+Thu Feb 19 1998
+
+	* lib/krb/time.c: Various time related functions.
+
+Tue Feb 17 1998
+
+	* lib/krb/send_to_kdc.c: Add some more connection debug traces.
+
+Sun Feb 15 1998
+
+	* lib/krb/get_host.c (init_hosts): call k_getportbyname with proto
+ 	== "udp" instead of NULL.  NULL would be the right thing, but some
+ 	libraries are not happy with that.
+
+	* appl/bsd/rcp.c: renamed `{local,foreign}' to \1_addr to avoid
+ 	conflicts with system header files on mklinux.
+
+
+	* lib/kadm/Makefile.in: Fix rules for kadm_err.[ch].
+
+	* lib/krb/krb_err.et: Fix for changes to compile_et.
+
+	* lib/com_err/{error.c,com_err.h,com_right.h}: Rename error.h to
+ 	com_right.h.
+
+	* lib/com_err/{compile_et.c,compile_et.h,lex.l,parse.y}: Switch
+ 	back to a yacc-based compile_et.
+
+Tue Feb 10 1998
+
+	* appl/kx/kxd.c (doit): fix stupid mistake when marshalling
+
+	* lib/krb/Makefile.in: add strcpy_truncate
+
+Sun Feb 8 1998
+
+	* lib/krb/netwrite.c (krb_net_write): restart if errno == EINTR
+
+	* lib/krb/netread.c (krb_net_read): restart if errno == EINTR
+
+	* appl/kx/rxterm.in: redirect std{in,out,err} of xterm to make
+ 	sure rshd does not hang.
+
+Sat Feb 7 1998
+
+	* lib/acl/acl_files.c (acl_canonicalize_principal): use
+ 	krb_parse_name
+
+
+	* lib/krb/rw.c: add a parameter containting maximum size.  Change
+	all callers.
+
+	* lots-of-files: replace {REALM_SZ, *_SZ, MaxPathLen,
+ 	MaxHostNameLen} + 1 with \1
+
+	* appl/bsd/rlogind.c (cleanup): logout -> rlogind_logout
+
+	* lib/acl/acl_files.c (acl_canonicalize_principal): use
+ 	strcpy_truncate
+
+	* include/Makefile.in: fnmatch.h
+
+	* appl/ftp/ftpd/ftpd.c: <fnmatch.h>
+
+	* lib/kadm/kadm_stream.c (stv_string): don't use strncpy
+
+	* lib/auth/sia/sia.c (siad_ses_suauthent): do ugly magic to make
+ 	sure `entity->name' is long enough.
+
+	* appl/ftp/ftpd/ftpcmd.y: HASSETPROCTITLE -> HAVE_SETPROCTITLE
+
+	* appl/bsd/rlogind.c (logout): renamed to rlogind_logout to avoid
+ 	conflict with logout() in libutil.
+	(doit): use forkpty_truncate it there's one
+
+	* appl/afsutil/kstring2key.c (krb5_string_to_key): don't use
+ 	strcat
+
+	* configure.in: add lots of functions and headers that were used
+ 	in the code but not tested for.
+
+	* lib/krb/send_to_kdc.c (url_parse): re-structured
+
+	* kadmin/kadm_locl.h: add prototype for random_password and remove
+ 	__P
+
+	* appl/bsd/forkpty.c (forkpty_truncate): new function.
+	use strcpy_truncate instead of strcpy
+
+	* appl/bsd/bsd_locl.h: include <libutil.h>.
+	prototype for forkpty_truncate()
+
+	* configure.in: test for <libutil.h>
+
+Fri Feb 6 1998
+
+	* kadmin/random_password.c: Random password generation.
+
+	* kadmin/kadmin.c: Add some functionality to add_new_key, to make
+ 	it more useful with batch creation.
+
+Wed Feb 4 1998
+
+	* appl/bsd/login.c (find_in_etc_securetty): new function
+	(rootterm): call `find_in_etc_securetty'
+
+	* appl/bsd/pathnames.h (_PATH_ETC_SECURETTY): add
+
+Tue Feb 3 1998
+
+	* kadmin/kadmin.c: Fix `-t' flag. Centralize the calling of
+ 	alarm() to a modified sl_loop().
+
+	* kadmin/kadmin.c: Add support for `batch' processing, taking a
+ 	command from the command line. Remove the automatic destruction of
+ 	tickets, instead add a timeout (initially set to 1 minute), after
+ 	which any tickets will be destroyed. Option `-m' now sets this
+ 	timeout to 0 (disabling timeout). Options `-p' takes a full
+ 	principal, and `-u' takes a `username' that is used as the name of
+ 	the admin principal to use.
+
+Sat Jan 31 1998
+
+	* lib/auth/sia/sia.c: Chown ticket file when doing reauth.
+
+Thu Jan 29 1998
+
+	* lib/auth/sia/sia.c: Add support for reauthentication.
+
+Mon Jan 26 1998
+
+	* appl/kauth/kauth.c (main): Add debug switch -d to kauth to aid
+ 	in finding miss-configurations.
+
+Mon Jan 19 1998
+
+	* lib/krb/name2name.c: If inet_addr thinks host's a valid
+ 	ip-address, assume it is, and don't call gethostbyname().  This
+ 	should fix things like `rsh 1.2.3.4'.
+
+Sat Jan 17 1998
+
+	* lib/krb/get_host.c: Check for http-srv records.
+
+	* lib/krb/get_host.c: Don't use getprotobyname. Check for `http'
+ 	as well as `udp' and `tcp'.
+
+	* lib/auth/sia/sia.c: Add password changing support.
+
+	* kadmin/new_pwd.c: Use kadm_check_pw.
+
+	* lib/kadm/check_password.c: Password quality check, moved from
+ 	kpasswd.c.
+
+Fri Jan 16 1998
+
+	* kadmin/ksrvutil_get.c: Add `-u' flag to put each key in a
+ 	separate file.
+
+Mon Jan 12 1998
+
+	* kadmin/admin_server.c: Fix broken realloc of pidarray.
+
+Fri Jan 9 1998
+
+	* rename logwtmp -> ftpd_logwtmp not to conflict with libc.
+
+Sun Dec 21 1997
+
+	* lib/krb/verify_user.c (krb_verify_user): new argument `srvtab'.
+	Changed all callers.
+
+Sat Dec 13 1997
+
+	* lib/kdb/krb_dbm.c: check return value from dbm_store
+
+Thu Dec 11 1997
+
+	* lib/krb/k_flock.c (k_flock): Re-included an implementaion of
+ 	k_flock. Changed all library and core application source to use
+ 	k_flock.
+
+Tue Dec 9 1997
+
+	* appl/kx/kxd.c,common.c: more error testing from Love
+ 	H�rnquist-�strand <e96_lho@elixir.e.kth.se>
+	Use the correct number of X for mkstemp.
+
+
+	* Release 0.9.8
+
+	* Add `--disable-mmap' configure option, do disable all use of
+ 	mmap.
+
+	* Rename all k_afsklog to krb_afslog.
+
+Mon Dec 8 1997
+
+	* kuser/klist.c: Add a header for tokens.
+
+Fri Dec 5 1997
+
+	* lib/krb/krb.h: Moved prototypes to krb-protos.h, cruft to
+ 	krb-archaeology.h.
+
+Thu Dec 4 1997
+
+	* appl/kauth/kauth.c: Use krb_get_pw_in_tkt2.
+
+	* lib/krb/get_in_tkt.c: krb_get_pw_in_tkt2 that returns key.
+
+Sun Nov 30 1997
+
+	* configure.in: check for tgetent in libcurses
+
+Mon Nov 24 1997
+
+	* appl/krbmanager: incorporate patches from <d96-dst@nada.kth.se>
+	for making sure there's only one instance of krbmanager.
+
+Fri Nov 21 1997
+
+	* admin/ext_srvtab.c: use atexit() to stamp out secrets.
+
+Thu Nov 20 1997
+
+	* server/kerberos.c: Log funny HTTP requests.
+
+	* server/kerberos.c: Add comma to list of port separators for
+ 	`-P'.
+
+
+	* appl/voodoo/TelnetEngine.cpp (TelnetEngine::Connect): better
+ 	error message (from <d96-dst@nada.kth.se>)
+
+Wed Nov 12 1997
+
+	* kuser/klist.c (display_tokens): patch from <e96_lho@e.kth.se>
+
+Sun Nov 9 1997
+
+	* Release 0.9.7
+
+
+	* configure.in: test for ssize_t
+
+	* appl/bsd/rlogind.c: Fill in ut_type, and ut_exit if they exist.
+
+	* appl/kx/common.c (create_and_write_cookie): Create temp file
+ 	with mkstemp.
+
+
+	* appl/ftp/ftpd/ftpd.c: conditionalize otp
+
+	* appl/bsd/login.c: conditionalize otp
+
+	* configure.in: add --disable-otp.  update Makefile.in's
+
+	* configure.in: define CANONICAL_HOST
+	
+	* configure.in, aclocal.m4: remove <bind/bitypes.h>.  contains
+ 	bogus information on Crays.
+
+	* include/bits.c: stolen from Heimdal
+
+	* include/Makefile.in: replace ktypes.c with bits.c
+
+	* lib/krb/getaddrs.c (k_get_all_addrs): cray fix
+
+	* configure.in: updated header files
+
+
+	* slave/kpropd.c: Make sure it's the kprop service that tries to
+ 	send data.
+
+Fri Nov 7 1997
+
+	* configure.in: Added option --with-afsws=/usr/afsws.
+
+	* lib/Makefile.in: Build lib/rxkad if we have include file rx/rx.h
+
+Thu Nov 6 1997
+
+	* appl/ftp/ftp/ftp.c (sendrequest, recvrequest): do correct tests
+ 	for `-'
+
+	* appl/ftp/ftp/cmds.c (getit): removed stupid goto
+
+
+	* appl/kauth/kauth.c: Use krb_get_pw_in_tkt(), now that it is
+ 	fixed.
+
+	* appl/ftp/ftp/cmds.c: Don't retrieve files that start with `..'
+ 	or `/' without asking.  Reverse test in confirm() to check for `y'
+ 	rather than not `n'.  Use mkstemp.
+
+	* appl/ftp/ftp/ftp.c: Add extra parameter to recvrequest,
+ 	specifying if local filenames should be parsed as "-" and "|".
+
+Mon Nov 3 1997
+
+	* configure.in: updated broken list.  add fclose for proto check.
+
+	* kadmin/kadmin.c: updated functions to new style of sl
+
+	* appl/bsd/rcp.c, rlogin.c, rsh.c: setuid before doing kerberos
+ 	authentication.  if that fails, exec ourselves with -K
+
+	* appl/bsd/pathnames.h: add _PATH_RCP
+
+	* configure.in: test for readv, writev
+
+Fri Oct 24 1997
+
+	* lib/krb/tkt_string.c (krb_set_tkt_string): const-ized
+
+	* appl/ftp/ftp{,d}: new commands: kdestroy, krbtkfile and afslog.
+
+	* appl/afsutil/aklog.c (expand_cell_name): fix parsing of
+ 	CellServDB
+
+Sat Oct 11 1997
+
+	* appl/telnet/telnetd/sys_term.c (start_login): moved `user' so it
+ 	works even if !defined(HAVE_UTMPX_H)
+
+Fri Oct 10 1997
+
+	* lib/krb/send_to_kdc.c: Change send_recv* to use a lookup table
+ 	indexed by protocol.
+	
+	Implement http proxy use, enabled via `krb4_proxy' environment
+ 	variable.
+
+Thu Oct 9 1997
+
+	* lib/krb/getrealm.c: Don't lookup top-level domains. Try files
+ 	before doing DNS.
+
+Thu Oct 2 1997
+
+	* appl/krbmanager: Turned into a ticket management program.
+
+	* lib/krb/{dllmain,ticket_memory}.c: Add some KrbManager
+ 	interaction.
+
+Sat Sep 27 1997
+
+	* appl/voodoo: Major fixes of terminal emulation, and other
+	things.
+
+Fri Sep 26 1997
+
+	* server/kerberos.c: Cleanup socket-opening code. Add HTTP
+ 	support.
+
+	* lib/krb/send_to_kdc.c: Add Kerberos over HTTP.
+
+	* lib/krb/get_host.c: Parse URL-style host-specifications.
+
+
+	* include/win32: add `version.h' and `ktypes.h'
+
+	* lib/kclient/KClient.def: rename kclnt32 to make Eudora
+ 	happy. Add SendTicketForService
+
+	* lib/kclient/KClient.c: implement SendTicketForService.  Used by
+ 	Eudora.
+
+	* appl/voodoo/voodoo.mak: kclient renamed as kclnt32
+
+Thu Sep 25 1997
+
+	* Moved various base64 implementations to roken.
+
+Thu Sep 18 1997
+
+	* appl/telnet/telnetd/telnetd.c: Move the call to startslave()
+ 	into the telnet() loop. This way we'll maximise the chance that
+ 	the transmission is encrypted before starting login. This will
+ 	hopefully remove the irritating warning you would get with some
+ 	macintosh telnet clients.
+
+Wed Sep 17 1997
+
+	* appl/telnet/telnetd/sys_term.c: Fix for duplicate `-- user'.
+
+Tue Sep 9 1997
+
+	* server/kerberos.c: More detailed logging
+
+Fri Sep 5 1997
+
+	* lib/kafs/afssysdefs.h: HP-UX 10.20 seems to use 48
+
+Thu Sep 4 1997
+
+	* lib/des/Makefile.in: quote the test for $(CC) correctly
+
+Wed Sep 3 1997
+
+	* include/ktypes.c: Move __BIT_TYPES_DEFINED__ to after including
+ 	other stuff.
+
+
+	* lib/rxkad/rxk_locl.c (rxkad_calc_header_iv): Simplify header IV
+ 	calculation.
+
+	* lib/rxkad/osi_alloc.c (osi_Alloc): Memory allocation routines
+ 	for user space. There is no longer any need for conditional
+ 	compilation of user/kernel-space versions of librxkad.a.
+
+	* lib/rxkad/rxk_clnt.c (rxkad_NewClientSecurityObject): Use
+ 	Transarc FC-crypto to generate random numbers. We no longer need
+ 	to link a DES library into the kernel.
+
+Tue Sep 2 1997
+
+	* appl/ftp/ftpd/ftpd.c (pass): chown the ticket file is logging in
+ 	with clear-text passwords and using kerberos
+
+	* lib/krb/krb_log.h: new file
+
+	* lib/krb/krb.h: moved all logging functions to krb_log.h.
+  	Include krb_log.h in appropriate places.  From
+ 	<shadow@dementia.org>
+
+Mon Sep 1 1997
+
+	* appl/kx/kx.c: more intelligent check for passive mode new option
+ 	`-P' to force passive mode
+
+Sat Aug 23 1997
+
+	* lib/krb/krb_get_in_tkt.c: rename krb_as_req -> krb_mk_as_req
+
+Wed Aug 20 1997
+
+	* lib/rxkad/rxkad.h, rxk_serv.c (server_CheckResponse): Increase
+ 	limit of ticket lengths to 1024 at server end.
+
+	* lib/rxkad/rxk_clnt.c (rxkad_NewClientSecurityObject): Support
+ 	for almost arbitrary ticket lengths.
+
+Tue Aug 19 1997
+
+	* kadmin/ksrvutil_get.c: Make sure we're talking to the admin
+ 	server when getting ticket.
+
+	* lib/krb/send_to_kdc.c: Add flag to always use admin server.
+
+Sun Aug 17 1997
+
+	* appl/kx/rxtelnet.in: reverse the looking for xterm loops Use
+ 	`-n' and not `-name' to xterm
+	
+	* server/kerberos.c: implement `-i' for only listening on one
+ 	address
+
+	* lib/kadm/kadm_cli_wrap.c: Implement kadm_change_pw2 to be
+ 	compatible with CNS.  From <shadow@dementia.org>
+
+	* appl/ftp/ftpd/ftpd.c: removed bogus reset of `debug'
+
+	* appl/ftp/ftpd/extern.h: define NBBY if needed
+
+	* configure.in: os2 fixes: -Zcrtdll and check for chroot
+
+Wed Aug 13 1997
+
+	* lib/krb/get_in_tkt.c: Use new get_in_tkt functions, and
+ 	implement kerberos 5 salts.
+
+	* lib/krb/krb_get_in_tkt.c: Split krb_get_in_tkt in two functions
+ 	so it's possible to try several key-procs with just one request to
+ 	the KDC.
+
+Wed Jul 23 1997
+
+	* lib/rxkad/rxk_serv.c (decode_krb4_ticket): New functions
+ 	decode_xxx_ticket so that it is possible to also decode kerberos
+ 	version 5 tickets.
+
+Sat Jul 19 1997
+
+	* doc/Makefile.in: `test -f' is more portable than `test -e'
+
+Tue Jul 15 1997
+
+	* lib/kafs/kafs.h, lib/krb/krb.h: swap order of <sys/cdefs.h> and
+ 	<ktypes.h>.  Another fix form <shadow@dementia.org>
+
+Fri Jul 11 1997
+
+	* lib/krb/krb.h: non-ANSI fix from <shadow@dementia.org>
+
+Fri Jun 27 1997
+
+	* man/otp.1: `-o' option
+
+	* appl/otp/otp.c: List lock-time with `-l'.  New option `-o' to
+ 	open an locked entry.
+
+	* lib/otp/otp_db.c (otp_get_internal): Save lock_time in returned
+ 	struct.
+
+	* lib/otp/otp.h: New field `lock_time' in OtpContext
+
+Thu Jun 26 1997
+
+	* man/otp.1, man/otpprint.1: Update changed default to `md5'
+
+	* appl/bsd/rsh.c: Don't use a hard-coded constant in `select'
+
+	* configure.in, include/ktypes.c: Handle the case of there being
+ 	an old version of our `sys/bitypes.h'.
+
+Sun Jun 22 1997
+
+	* lib/des: Merge in changes from libdes 4.01. The optimizations
+ 	written in assembler are not used since they in general wont't
+ 	work with shared libraries.
+
+Fri Jun 20 1997
+
+	* lib/krb/netread.c, netwrite.c: Handle windows discrimation of
+	sockets.
+
+Sun Jun 15 1997
+
+	* appl/kpopper/pop_init.c: Use `STDIN_FILENO' and `STDOUT_FILENO'
+ 	instead of `sp'.  OSF's libc isn't quite prepared to have two
+ 	different FILEs refer to the same file descriptor.
+
+Thu Jun 12 1997
+
+	* doc/dir: Add dir template file.
+
+
+	* appl/kauth/kauth.c (main): AFS style positional argument for -n
+ 	option.
+
+	* appl/xnlock/xnlock.c (verify): New resource destroyTickets and
+ 	corresponding option -nodestroytickets. First try local
+ 	authentication and if it fails try kerberos.
+	
+Sun Jun 8 1997
+
+	* appl/ftp/ftpd/popen.c (ftpd_popen): Correct initialization of
+ 	`foo' before call to `strtok_r'
+
+Wed Jun 4 1997
+
+	* doc/*.texi: Use @url.
+
+	* doc/setup.texi: Added @ifinfo around @dircategory
+
+Tue Jun 3 1997
+
+	* Release 0.9.6
+
+	* appl/kx/rxtelnet.in, appl/kx/rxterm.in: new argument '-w
+ 	term_emulator' for specifiying which terminal emulator to use.
+  	Based on a patch from <arve@nada.kth.se>.
+
+Mon Jun 2 1997
+
+	* appl/xnlock/Makefile.in, appl/kx/Makefile.in,
+ 	lib/auth/Makefile.in: fix the Makefile to do the for loops the
+ 	automake way.
+
+Sun Jun 1 1997
+
+	* appl/xnlock/Makefile.in, appl/kx/Makefile.in: do install
+ 	correctly even if there are no programs to install
+
+	* configure.in: Check for `h_nerr'.
+
+	* lib/auth/pam/pam.c: Include <security/pam_appl.h> to make it
+ 	compile on Solaris 2.6
+
+	lib/sl/sl.c, lib/krb/realm_parse.c, appl/ftp/ftpd/popen.c,
+ 	appl/ftp/ftpd/ftpd.c, appl/bsd/login_fbtab.c,
+ 	appl/bsd/login_access.c: Initialize the `lasts' to NULL before
+ 	calling strtok_r the first time.  With our strtok_r it's not
+ 	necessary, but the man-page on SGIs says it should be done.
+
+Fri May 30 1997
+
+	* lib/krb/mk_req.c (krb_mk_req, get_ad_tkt): Support for
+ 	multi-realm ticket files by using the best matching TGT to define
+ 	the realm of the ticket holder.
+
+
+	* appl/bsd/utmpx_login.c (utmpx_update): Set `ut_id' if we're
+ 	using utmpx
+
+	* appl/telnet/telnetd/sys_term.c (start_login): Set `ut_id' if
+ 	we're using utmpx
+
+Wed May 28 1997
+
+	* lib/roken/daemon.c: New file.
+
+	* include/protos.H: <sys/types.h> needed on solaris 2.4
+
+Mon May 26 1997
+
+	* appl/bsd/su.c (kerberos): If kerberos password is zero length
+ 	immediately try next scheme.
+
+
+	* lib/kafs/afskrb.c (k_afsklog_uid): Token lifetime should be even
+ 	if we don't know the proper ViceId.
+
+
+	* Release 0.9.5
+
+	* man/Makefile.in: Install preformatted manual pages with correct
+ 	suffix on *BSD.
+
+Sun May 25 1997
+
+	* appl/kpopper/popper.h: Remove XTND, and XTND XMIT. Rename XTND
+ 	XOVER to XOVER.
+
+
+	* appl/telnet/telnetd/sys_term.c: Only include <utmp.h> and
+ 	<utmpx.h> once
+
+	* fix-export: Also create cat manpages.
+
+	* appl/ftp/ftpd/logwtmp.c: Check for `_PATH_WTMP'
+
+	* appl/telnet/telnetd/sys_term.c: Ditto.
+	Remove stupid macros.
+
+	* appl/ftp/ftp/cmds.c (setpeer): Check for `__unix'.  This is
+ 	(apparently) a standard with many representations.
+
+	* appl/ftp/ftpd/ftpcmd.y (SYST): Ditto.
+
+	* appl/ftp/ftpd/ftpd.c (retrieve): file must exist to apply a
+ 	command to it.
+
+	* appl/ftp/ftpd/ftpd.c (retrieve): Generalise list of commands and
+ 	basename argument.
+
+	* appl/ftp/ftpd/popen.c (ftpd_popen): Try standard binary if the
+ 	one in ~ftp fails.
+
+	* appl/telnet/telnetd/sys_term.c: Use `_getpty' if there's one
+
+	* appl/bsd/forkpty.c: Use `_getpty' if there's one
+
+	* configure.in: check for `_getpty'
+
+	* acconfig.h: correct test for IRIX
+
+	* lib/roken/snprintf.c: code for checking the correct functioning
+ 	of *nprintf is now #ifdef PARANOIA
+
+	* appl/bsd/rlogind.c: fix logging in wtmp and parsing of winsize
+
+	* appl/bsd/rlogin.c: New option `-p'.
+
+	* lib/des/fcrypt.c: removed `inline' from `des_set_key'
+
+Thu May 22 1997
+
+	* lib/des/md5.c (MD5Final): Made signature compliant with FreeBSD.
+	
+	* lib/des/md5.h: Remove digest from MD5_CTX, it is now an argument
+ 	to MD5Final instead.
+
+	* lib/des/fcrypt.c: Also support MD5 style crypt(2).
+
+Tue May 20 1997
+
+	* appl/telnet/telnetd/sys_term.c: utmp stuff now seems to be
+ 	compatible with login
+
+	* appl/ftp/ftpd/logwtmp.c: Add support for logging to wtmpx
+
+
+	* (*/)*/Makefile.in:s (install): Avoid redundant multiple
+ 	recursion in install targets.
+
+	* Made things compile with socks5-v1.0r1.
+
+
+	* appl/telnet/telnetd/sys_term.c: changed utmp-stuff not to use
+ 	ut_id at all
+
+	* appl/bsd/utmpx_login.c: handle case where there's no wtmpx (such
+ 	as HP-UX 10)
+
+	* appl/bsd/rlogind.c: Added support for utmpx
+
+Sun May 18 1997
+
+	* lib/roken: removed herror, strchr, and strrchr
+
+ 	* lib/krb/dest_tkt.c(dest_tkt): Only use `lstat' iff HAVE_LSTAT
+
+	* lib/krb: snprintf, strdup, strtok_r, and strcasecmp always live
+ 	in lib/roken and get linked here when needed.
+
+	* lib/roken: removed strchr, strrchr.
+
+	* appl/telnet/telnet/telnet.c: Always use our own `setupterm' for
+ 	compatibility reasons.
+
+	* appl/telnet/telnetd/telnetd.c: Removed <curses.h> and <term.h>.
+  	They doesn't seem to be used and breaks on fujitsu.
+
+	* appl/kx/kx.c: try to give a better error message (than a core
+ 	dump :-) when talking to an old kxd.
+
+	* appl/kx/kxd.c, appl/kip/kipd.c, appl/kauth/kauthd.c: corrected
+	fencepost error with KRB_SENDAUTH_VLEN.
+
+	* appl/ftp/common/buffer.c: new file.
+
+	* configure.in: cray hides their bitypes in <bind/bitypes.h>.
+  	Also check for this file.
+
+	* appl/telnet/telnet/telnet_locl.h: moved termios.h before
+ 	curses.h.  This was needed to compile on cray, but will probably
+ 	break on some other host.
+
+Thu May 15 1997
+
+	* server/kerberos.c: Implement changes to the tcp protocol, while
+ 	being compatible with the old protocol.
+
+	* lib/krb/send_to_kdc.c: The old method to signal end of
+ 	transmission by closing the sending side of the socket does not
+ 	work well through some firewalls. This is now changed so that the
+ 	client instead sends the length of the request as a four byte
+ 	integer (in network byte order) before sending the data.
+
+Wed May 14 1997
+
+	* appl/telnet/telnetd/sys_term.c: HAVE_UTMPX -> HAVE_UTMPX_H.  Fix
+ 	for OSF1.
+
+	* appl/bsd/utmp_login.c: UTMPX_DOES_UTMP_LOGGING -> HAVE_UTMPX_H
+
+	* appl/bsd/sysv_environ.c: Use k_concat rather than snprintf.
+
+Tue May 13 1997
+
+	* kuser/klist.c: updated usage string
+
+	* lib/otp/otp_print.c: make word table and reverse word table
+ 	constant
+
+Sun May 11 1997
+
+	* */*: Added some __attribute__ ((format (printf))) and fixes
+	where needed.
+
+	* appl/ftp/common/sockbuf.c: start probing at 4Mb
+
+	* appl/ftp/ftpd/ftpd.c: use MAP_FAILED
+
+	* appl/ftp/ftp/ftp.c: Use MAP_FAILED.
+	(alloc_buffer): new function for allocating a buffer of size
+ 	max(BUFSIZ, st.st_blksize) (Based on a patch from
+ 	<haba@pdc.kth.se>)
+
+	* appl/ftpd/ftpdcmd.y: hack for reget.
+
+	* appl/kx/kxd.c: Give a error message to old-version kx.
+
+	* replaced vsprintf with vsnprintf.
+	
+	* lib/roken/vsyslog.c: not used. removed.
+	
+	* Changed <sys/bitypes.h> -> <ktypes.h>
+
+	* include/Makefile.in: Added ktypes.h
+
+	* include/sys/Makefile.in: removed bitypes.h
+
+Wed May 7 1997
+
+	* appl/ftp/ftp/ftp.c: Open files in binary mode.
+
+	* appl/ftp/ftpd/ftpd.c (checkaccess): Changed to make absent file
+ 	mean `allow'. Added shell matching to names (if fnmatch is
+ 	available).
+
+
+	* appl/ftp/ftpd/kauth.c (kauth): Use `DEFAULT_TKT_LIFE'
+
+	* appl/ftp/ftpd/ftpcmd.y, appl/ftp/ftpd/ftpd.c: always cast to
+ 	(long) before printing out an `off_t'
+
+	* lib/kdb/print_princ.c (krb_print_principal),
+	  lib/kdb/krb_lib.c (kerb_put_principal),
+	  admin/kdb_edit.c (change_principal),
+	  admin/kdb_util.c (print_time) : gmtime should never return
+ 	tm_year > 1900
+
+	* appl/ftp/ftpd/ftpcmd.y: Year 2000 fix
+
+	* appl/telnet/telnetd/telnetd.c: removed code that used `getent'
+
+	* lib/roken/getent.c: removed
+
+Mon May 5 1997
+
+	* appl/ftp/ftpd/ftpd.c: fix for mmap and restart_point
+
+	* kadmin/ksrvutil_get.c (ksrvutil_get): get correct default realm
+
+Sun May 4 1997
+
+	* configure.in (REAL_PICFLAGS): Use `-fPIC' instead of `-fpic',
+ 	otherwise it's not possible to make libotp on hpux.
+
+	* configure.in: try sending picflags even when linking a shared
+ 	library with $CC
+
+	* lib/roken/getent.c: remove getstr
+
+	* configure.in: removed unneeded REAL_-variables working shared
+ 	libraries on *bsd*
+
+	* appl/kip/kip.h: Added <net/if_var.h>
+
+	* */Makefile.in: Use @LDSHARED@
+
+	* configure.in: Fix shared libraries on HP/UX.
+	check for curses.h
+ 	check for `getstr' and `cgetstr' in curses
+
+	* appl/telnet/telnet: clean-up
+
+	* lib/kafs/afssys.c: ifdef-out the code that is not used to avoid
+ 	referencing `syscall' on AIX.
+
+	* lib/krb/et_list.c: s/WEAK_PRAGMA/PRAGMA_WEAK/
+
+	* aclocal.m4 (AC_HAVE_PRAGMA_WEAK): redirect output
+
+	* lib/roken/snprintf.c: fix for the case of max_sz == 0
+
+	* doc/kth-krb.texi: Add @dircategory and @direntry to enable
+ 	`install-info' to install this entry in `dir'.
+
+	* appl/telnet/telnetd/Makefile.in: Don't link with getstr
+
+
+	* lib/auth/sia/krb4_matrix.conf: Fix entries for ses_release and
+ 	chk_user.
+
+Sat May 3 1997
+
+	* lib/auth/sia/sia.c: Some cleanup.
+
+Fri May 2 1997
+
+	* configure.in: only link the programs that need it with the
+ 	db/dbm library
+
+
+	* lib/auth/sia/sia.c: Merge code for for normal and su
+ 	authentication.
+
+
+	* Replaced sprintf with snprintf and asprintf all over the place.
+
+	* lib/roken/snprintf.c: Added asnprintf and vasnprintf
+
+	* lib/roken/snprintf.c: implemented asprintf, vasprintf
+
+	* lib/roken/snprintf.c: new file
+
+Thu May 1 1997
+
+	* lib/kafs/afskrb.c (k_afsklog_all_local_cells): Use `k_concat'
+
+Wed Apr 30 1997
+
+	* lib/krb/{get_host,get_krbrlm,getrealm,realm_parse}.c: Fix some
+ 	potential buffer overruns.
+
+	* lib/krb/k_concat.c: Safely concatenate two strings.
+
+Sat Apr 26 1997
+
+	* appl/telnet/libtelnet/kerberos.c: removed stupid #if 0
+
+	* appl/bsd/rlogind.c (send_oob): different default for `last_oob'
+ 	to avoid losing first OOB packet
+
+Fri Apr 25 1997
+
+	* appl/voodoo/AuthOption.cpp: provoke the telnetd in turning on
+ 	encryption
+
+Wed Apr 23 1997
+
+	* lib/kafs/afskrb.c (realm_of_cell): don't overflow buffer with
+ 	result from `gethostbyaddr'
+
+	* lib/krb/name2name.c (krb_name_to_name): new parameter
+ 	`phost_size' to disable buffer overflowing.  Changed all callers.
+
+	* lib/krb/k_getsockinst.c: New parameter `inst_size' to disable
+ 	buffer overflowing.  Changed all callers.
+
+	* appl/kpopper/Makefile.in: soriasis make stupidity
+
+	* appl/kx/Makefile.in: don't include encdata.c in SOURCES_COMMON,
+ 	otherwise DEC make gets upset.
+
+Tue Apr 22 1997
+
+	* lib/krb/k_getsockinst.c: Use same name as in krb_get_phost.
+
+
+	* acconfig.h: hp-ux 10 also has `pututxline' that writes both to
+ 	utmp and utmpx.
+
+Sun Apr 20 1997
+
+	* include/win32/config.h: adapted to win95/NT
+
+	* appl/voodoo: Merged in win32-telnet from <d93-jka@nada.kth.se>
+
+	* lib/krb/tkt_string.c: dummy `getuid' function.
+
+	* lib/krb/ticket_memory.c (tf_setup): implement
+
+	* lib/roken/roken.mak, roken.def: new files
+
+	* lib/des/des.def: Removed des_random_{seed,key}
+
+	* lib/krb/dllmain.c: Rewrote `msg'.
+	Better explanation when it fails to spawn `krbmanager'.
+
+	* lib/krb/tf_util.c: backwards `in_tkt' added.
+
+	* lib/krb/in_tkt.c: removed
+
+	* lib/kclient/KClient: Reformatted and fixed.
+
+Sat Apr 19 1997
+
+	* appl/ftp/ftpd/ftpd.c: Incorporate /etc/ftpusers changes from
+ 	NetBSD.
+
+	* appl/ftp/ftpd/ftpd.c: Handle oob-stuff better.
+
+Fri Apr 18 1997
+
+	* appl/kpopper/pop_{dropinfo,send,updt}.c: Fix 'From ' line
+ 	parsing bug.
+
+	* appl/kpopper/pop_dropinfo.c: Add support for xover.
+
+	* appl/kpopper/pop_xover.c: Add some kind of xover support.
+
+	* appl/kpopper/pop_debug.c: New tiny popper debugging program.
+
+Tue Apr 15 1997
+
+	* lib/krb/kdc_reply.c (kdc_reply_cred): fix sanity checks.
+
+	* appl/bsd/rshd.c: k_afsklog so that remote command gets a token.
+  	fix usage string.
+
+Sat Apr 12 1997
+
+	* appl/bsd/rcp.c (main): Rcp implements encrypted file transfer
+ 	without using the kshell service.
+
+
+	* lib/krb/mk_safe.c: Emit new checksum.
+
+	* lib/krb/rd_safe.c: New code to handle both new and old
+ 	checksums.
+
+	* lib/des/qud_cksm.c: Fix compatibility with mit deslib.
+
+Fri Apr 11 1997
+
+	* lib/sl/sl.c (sl_match): initialize `partial_cmd'
+
+Sun Apr 6 1997
+
+	* lib/kafs/kafs.h: Ugly addition of `_P'
+
+	* lib/kafs/afssys.c: <sys/socket.h> contains the definition of
+ 	`_IOW' on cygwin32.
+
+	* appl/telnet/telnet/utilities.c: <sys/socket.h> needed by
+ 	cygwin32
+
+	* doc/Makefile.in: always run $(MAKEINFO).
+	
+	* lib/otp/otp_md.c (sha_finito_little_endian): byte-swap
+ 	correctly.
+
+	* include/sys/bitypes.H: Added #ifndef for types
+
+	* configure.in: test for types
+
+	* aclocal.m4: Stolen AC_GROK_TYPES? from heimdal
+
+
+	* appl/ftp/ftp/ftp.c: Fix passive mode.
+
+Sat Apr 5 1997
+
+	* appl/kauth/ksrvtgt.in: New ksrvtgt script.
+
+Fri Apr 4 1997
+
+	* lib/krb/kdc_reply.c: Add some range checking.
+
+
+	* lib/otp/otptest.c: Updated tests from `draft-ietf-otp-01.txt'.
+	Passes verification examples from appendix C.
+
+	* admin/kdb_util.c: All usage strings are now consistent (and even
+ 	with the code)!
+
+Thu Apr 3 1997
+
+	* lib/kafs/afssys.c (k_pioctl): Separate syscall functionality and
+ 	kerberos convenience routines into afssys.c and afskrb.c. This to
+ 	make it possible to use k_pioctl() without linking in all
+ 	libraries in the world.
+
+Tue Apr 1 1997
+
+	* appl/telnet/telnet/commands.c: Rename suspend to telnetsuspend,
+ 	since Unicos has one of its own.
+
+Sun Mar 30 1997
+
+	* appl/bsd/{rsh,rlogin}.c: Don't look at argv[0].
+
+
+	* man/tenletxr.1: new file
+
+	* appl/kx/rxtelnet.in, appl/kx/rxterm.in, appl/kx/tenletxr.in:
+ 	Support `-k'
+
+	* appl/kx/tenletxr.in: new script for running kx in backwards
+ 	mode.
+
+	* appl/kx: New version of protocol.
+
+	* appl/kauth: Use err & c:o
+
+	* appl/kauth/encdata.c (read_encrypted): Give better return code
+ 	for EOF
+
+
+	* appl/ftp/ftp/krb4.c: Use stdout rather than stderr. Add newlines
+ 	to many strings.
+
+	* kuser/kdestroy.c: Use set_progname, make -q equal to -f, remove
+ 	bell.
+
+	* lib/roken/warnerr.c: New function set_progname.
+	* aclocal.m4: Invert test of AC_NEED_DECLARATION and rename it to
+ 	AC_CHECK_DECLARATION.  Add new function AC_CHECK_VAR, that looks
+ 	for a variable, including a declaration.
+
+	* lib/roken/roken.h: Add optional declaration for __progname.
+
+	* lib/roken/*{err,warn}.c: Restructure err and warn functions.
+
+Sat Mar 29 1997
+
+	* appl/telnet/telnet/sys_bsd.c: Maybe-fix for HP-UX 10: Ifdef
+ 	SO_OOBINLINE, don't even select for exceptional conditions.
+
+	* lib/otp/otp_md.c: always downcase the seed.
+	byte-swap the SHA result.
+
+Thu Mar 27 1997
+
+	* appl/otp/otp.c: removed bad free of global data
+
+Sun Mar 23 1997
+
+	* configure.in: moved version.h and config.h to include
+
+
+	* acconfig.h: Fix utmp/utmpx stuff on OSF/1.
+
+
+	* appl/bsd/rlogind.c (control): Rewritten to handle the case of
+ 	there being no `ws_xpixel' and `ws_ypixel'
+
+	* appl/bsd/rlogin.c (sendwindow): Rewritten to handle the case of
+ 	there being no `ws_xpixel' and `ws_ypixel'
+
+	* aclocal.m4 (AC_KRB_STRUCT_WINSIZE): Also test for `ws_xpixel'
+ 	and `ws_ypixel'
+
+	* lib/otp/otp.h: Change default global timeout
+
+	* lib/krb/tf_util.c (tf_setup): Also take `pname' and `pinst'
+
+	* appl/telnet/telnetd/sys_term.c, appl/bsd/utmpx_login.c: Do
+ 	gettimeofday and then copy the data for the sake of those systems
+ 	like SGI that can have different timevals in file and memory.
+
+	* configure.in: Allow `--with-readline'
+
+	* lib/editline/edit_compat.c (readline): strdup data before
+ 	returning it.
+
+
+	* appl/telnet/telnetd/state.c: Change size of subbuffer to 2k.
+
+Thu Mar 20 1997
+
+	* lib/krb/decomp_ticket.c: Add some range checking.
+
+	* appl/ftp/ftpd/krb4.c: Check return value from krb_net_write.
+
+	* appl/ftp/ftp/ftp.c: Fix hash mark printing.
+
+Wed Mar 19 1997
+
+	* appl/kauth/kauthd.c: more logging
+
+	* man/kx.1, man/kxd.8: Updated.
+
+	* appl/kx/kx.c, kxd.c: Hacked so that all TCP-connections are kx
+ 	-> kxd
+
+
+	* lib/editline/edit_compat.c: BSD libedit comatibility.
+
+Wed Mar 12 1997
+
+	* appl/ftp/ftpd/ftpd.c: Set `byte_count' even when using mmap.
+	Log foreign IP address together with hostname.
+
+Mon Mar 10 1997
+
+	* server/kerberos.c: Fix log file muddle.
+
+Sun Mar 9 1997
+
+	* appl/bsd/kcmd.c (kcmd): check malloc for failure.
+
+Tue Feb 25 1997
+
+	* man/ftpd.8: Documented the `-g' option.
+
+	* appl/ftp/ftpd/ftpd.c: New option `-g umask' for specifying the
+ 	umask for anonymous users.
+
+	* appl/ftp/ftpd/ftpd.c: conditionalize SIGURG
+
+	* appl/otp/otp.c: More fixes from Fabien COELHO
+ 	<coelho@cri.ensmp.fr>.  Check for current OTP before allowing the
+ 	update.
+
+Wed Feb 19 1997
+
+	* appl/otp/otp.c: updated help string
+
+	* appl/bsd/Makefile.in: Fixed installation of suid programs.
+
+	* appl/telnet/libtelnet/kerberos.c: fix some stuff to get
+ 	forwarding code to compile
+
+	* lib/otp/otp_db.c: fix for signed char overflow.
+
+
+	* lib/krb/resolve.c: Patch from J�rgen Wahlsten
+ 	<wahlsten@pathfinder.com>: Zero out resource record, and send
+ 	correct length to dn_expand.
+
+Mon Feb 17 1997
+
+	* lib/roken/roken.h: Check for `_setsid'
+
+	* appl/ftp/ftp/ftp.c: s/__CYGWIN32__/HAVE_H_ERRNO/
+
+	* include/Makefile.in: Generete krb_err.h and kadm_err.h before
+ 	linking/copying them
+
+	* aclocal.m4: AC_FIND_FUNC: Add the library at the beginning of
+ 	the list.
+
+	* configure.in: Use AC_PROG_RANLIB
+	Always use EMXOMF under OS/2
+	Check for sys/termio.h and _setsid
+
+
+	* configure.in: A preliminary fix for editline.
+
+	* appl/telnet/libtelnet/kerberos.c: Include ticket forwarding
+ 	stuff.
+
+	* lib/krb/krb_get_in_tkt.c: Use tf_setup.
+
+	* lib/krb/krb_get_in_tkt.c: New function tf_setup.
+
+Sat Feb 15 1997
+
+	* man/otp.1: updated
+
+	* appl/otp/otp.c: New options `-d' and `-r'.  From Fabien COELHO
+ 	<coelho@cri.ensmp.fr>
+
+	* lib/otp/otp.h: Changed default from md4 to md5
+	* lib/otp/otp_db.c (otp_get, otp_simple_get): New functions.
+
+Thu Feb 13 1997
+
+	* appl/kx/rxtelnet.in: allow specification of port number
+
+	* appl/otp/otp.c: Add `-u' option
+
+Sun Feb 9 1997
+
+	* appl/ftp/common/glob.c: Rename FOO -> CHAR_FOO to avoid
+ 	collision with symbol in sys/ioctl.h
+
+Fri Feb 7 1997
+
+	* man/kpropd.8: updated
+
+	* appl/bsd/rcmd_util.c: warning needs to know what program is
+ 	used.
+
+	* slave/kpropd.c: New explicit flag `-i' for interactive.  Don't
+ 	use AI to figure out if we have been started by inetd or not.
+
+Thu Feb 6 1997
+
+	* appl/kx/rxtelnet.in, appl/kx/rxterm.in: Patch for sending -l to
+ 	kx.  From <map@stacken.kth.se>
+
+	* kuser/klist.c: corrected alignment of `expired'
+
+	* appl/telnet/telnet/commands.c: replaced lots of \n by \r\n
+
+Mon Feb 3 1997
+
+	* configure.in (socket, gethostbyname, getsockopt, setsockopt):
+ 	Better tests.
+	(HAVE_H_ERRNO): New test
+
+	* lib/roken/herror.c (herror): Check HAVE_H_ERRNO
+	lots of other files as well.
+
+Sat Feb 1 1997
+
+	* appl/bsd/rcp.c: Work around the non-working getpw* in cygwin32
+
+	* lib/krb/logging.c: Init function for `std_log�
+
+	* appl/telnet/telnet/utilities.c: Remove `upcase�
+	Check HAVE_SETSOCKOPT
+
+	* appl/telnet/telnet/telnet.c: Use `strupr� instead of `upcase�
+
+	* appl/telnet/telnet/commands.c, appl/movemail/pop.c,
+ 	appl/kauth/rkinit.c, appl/ftp/ftp/ftp.c,
+ 	appl/sample/sample_client.c: Ifdef around for the non-existence of
+ 	`h_errno' in cygwin32.
+
+	* lib/des/read_pwd.c: work-around for cygwin32
+
+	* appl/telnet/telnet/sys_bsd.c: work-around for cygwin32
+
+Fri Jan 31 1997
+
+	* lib/krb/tf_util.c: gnu-win32 needs to open files with O_BINARY.
+
+Sun Jan 26 1997
+
+	* configure.in: removed duplicate of initgroups and lstat
+	Use AC_KRB_STRUCT_WINSIZE
+
+	* aclocal.m4 (AC_KRB_STRUCT_WINSIZE): New test
+
+	* lib/krb/getaddrs.c: Check for SIOCGIFFLAGS and SIOCGIFADDR
+
+	* appl/bsd/rlogin.c: conditional on SIGWINCH
+
+	* appl/bsd/rcmd_util.c et al: conditional getsockopt
+
+	* configure.in (cygwin32): New target
+	(getsockopt, getsockopt): Test for
+	(herror, hstrerror): Better tests
+
+	* aclocal.m4 (AC_FIND_IF_NOT_BROKEN): Pass arguments to
+ 	AC_FIND_FUNC
+
+Thu Jan 23 1997
+
+	* configure.in: Add EXECSUFFIX
+
+	* appl/kx/rxterm.in: rsh -n
+
+	* lib/krb/unparse_name.c (krb_unparse_name_long_r): new function
+
+
+	* lib/auth/sia/sia.c: Fix a bug with ticket filename. Add afs
+ 	support.
+
+	* lib/krb/get_host.c: Use KRB_SERVICE.
+
+Wed Jan 22 1997
+
+	* lib/auth/sia/Makefile.in: Add linker magic fix for broken,
+ 	conflicting kerberos code in xdm.
+
+Tue Jan 21 1997
+
+	* appl/xnlock/xnlock.c (verify): Change the "LOGOUT" password to
+ 	be manageable as X-resource XNlock*logoutPasswd. The password is
+ 	stored in UNIX crypt format so that it can be stored in a global
+ 	resource file for sites that whish to keep it a secret.
+
+
+	* configure.in: Check for winsize in sys/ioctl.h also.
+
+Sat Jan 18 1997
+
+	* lib/krb/get_default_principal.c: Use principal from
+ 	KRB4PRINCIPAL before using uid.
+
+Wed Jan 15 1997
+
+	* appl/telnet/telnet/sys_bsd.c: Use `get_window_size'
+
+	* lib/roken/get_window_size.c: New file
+
+	* appl/bsd/rlogin.c: Use `get_window_size'
+
+	* appl/bsd/forkpty.c, appl/bsd/rlogind.c: conditionalize on
+ 	TIOCSWINSZ
+
+	* configure.in: Check for `_scrsize' and `struct winsize'
+
+Tue Jan 14 1997
+
+	* Makefile.in (install-strip, travelkit-strip): New targets.
+
+Thu Jan 9 1997
+
+	* */Makefile.in: Use @foo_prefix@ and @program_transform_name@
+ 	Add code to uninstall target
+
+Thu Dec 19 1996
+
+	* configure.in: Set LIBPREFIX
+
+	* config.sub: Add os2 as a system
+
+	* config.guess: Try to recognize i386-pc-os2_emx
+
+	* configure.in: case for *-*-os2_emx
+	NEED_PROTO for `strtok_r'
+	
+	* aclocal.m4: ranlib is apparently calld EMXOMF on OS/2
+	(AC_KRB_PROG_LN_S): New test that uses cp if ln fails
+
+Wed Dec 18 1996
+
+	* appl/bsd/login.c (main): First try to verify password using
+ 	standard UNIX method and if it fails try kerberos authentication.
+	
+Sat Dec 14 1996
+
+	* appl/bsd/rcp.c: consider case of no fchmod
+
+	* appl/kpopper/pop_init.c: Use k_getsockinst.
+
+	* lib/roken/{strupr,strlwr,strchr,strrchr,lstat,initgroups,chown,
+	fchown,rcmd}.c: new files
+
+	* appl/kpopper/pop_lower.c: Removed.
+
+	* Makefile.in (travelkit): New target.
+
+Tue Dec 10 1996
+
+	* lib/krb/parse_name.c (kname_parse): Only copy realm if it is
+ 	specified.
+
+	* lib/krb/get_host.c (krb_get_host): Treat no realm as local
+ 	realm.
+
+Mon Dec 9 1996
+
+	* appl/ftp/ftpd/ftpd.c: Get afs-tokens when logging in with
+ 	password.
+
+
+	* slave/kprop.c: flock with K_LOCK_SH
+
+Wed Dec 4 1996
+
+	* appl/telnet/telnet/commands.c: Also export XAUTHORITY
+
+Sun Dec 1 1996
+
+	* kadmin/ksrvutil.c: If realm is not specified, use the local one.
+
+Sat Nov 30 1996
+
+	* appl/kauth/kauthd.c: Use KAUTH_VERSION.  Try to give correct
+ 	error messages back to kauth.
+
+	* config.sub, config.guess: Merged in changes from autoconf 2.12
+
+	* appl/bsd/rsh.c: quick hack to make `-n' to the right thing.
+
+	* kadmin/kadm_locl.h: Add prototype for FascistCheck.
+
+Thu Nov 28 1996
+
+	* man/afslog.1: Documented `-createuser'
+
+	* appl/afsutil/aklog.c: removed `cell_of_file' Added option
+ 	`-createuser' to run pts to create a foreign principal.
+
+Tue Nov 26 1996
+
+	* lib/otp/otp_challenge.c: Initialize error string and check for
+ 	NULL from strdup.
+
+	* lib/roken/mini_inetd.c: Initialize `sin_family'
+
+	* appl/kpopper/pop_init.c: Add `-p' option and make `-a'
+ 	auth-style
+
+	* appl/bsd/rshd.c: Add `-p' option.
+
+	* appl/bsd/rlogind.c: Handle `-p' correctly.
+
+	* appl/bsd/login.c: Removed confusing initialization of
+ 	`login_timeout'
+
+	* appl/kpopper/pop_dropinfo.c: Remove white-space at the beginning
+ 	of UIDL-string.
+
+Sun Nov 24 1996
+
+	* Release 0.9.3
+
+Sat Nov 23 1996
+
+	* kadmin/ksrvutil_get.c: Use `krb_unparse_name_long' Better
+ 	defaults.
+
+	* lib/krb/krb.h: Added *_to_key
+
+	* lib/krb/get_svc_in_tkt.c (srvtab_to_key): Make public
+
+	* kadmin/kadmin.c (do_init): `-p' is a synonym for `-u'
+	(do_init): more logical defaults
+	(help): removed old code
+	better error messages
+
+	* lib/krb/get_in_tkt.c (passwd_to_key, passwd_to_afskey): Export
+ 	and remove functionality for reading passwords.
+
+	* lib/sl/sl.c: Nicer help output.
+
+	* lib/otp/otp_challenge.c: Initialize `challengep'
+
+	* lib/krb/Makefile.in: Removed get_pw_tkt.c
+
+Fri Nov 22 1996
+
+	* lib/auth/sia/sia.c: Now compiles under Digital UNIX 4.0.
+
+Wed Nov 20 1996
+
+	* lib/auth/pam/pam.c: Chown ticketfile to correct GID.
+
+Tue Nov 19 1996
+
+	* appl/kx/rxtelnet.in: Try to set the screen number as well.
+
+	* Be careful not to thrust `h_length' from gethostby{name,addr}
+
+	* appl/bsd/rcmd_util.c (ip_options_and_die): New function.
+
+	* configure.in: moved headers before functions.
+	call AC_PATH_XTRA_XTRA.
+	Add strchr, index, rindex, and strrchr to AC_CHECK_FUNCS.
+	remove strchr and strrchr, add strtok_r from/to AC_BROKEN.
+
+	* aclocal.m4 (AC_PATH_XTRA_XTRA): New macro.
+
+	* aclocal.m4 (AC_FIND_FUNC, AC_FIND_FUNC_NO_LIBS): Two new
+ 	arguments: includes and arguments)
+
+	* configure.in: Need to supply arguments and includes to test for
+ 	`res_search' and `dn_expand'
+
+	* lib/kafs/afssys.c (k_setpag): Handle AFS_SYSCALL3
+
+	* Use `k_getpw{nam,uid}' instead of getpw{nam,uid}.
+
+	* Replace lots of `strtok' with `strtok_r'.
+
+	* lib/sl/sl.c: Allow unlimited number of arguments.  Use
+ 	`strtok_r' to divide up string into arguments.
+
+	* lib/roken/roken.h: Added `strtok_r'
+
+	* configure.in: Test for `strtok_r'
+
+	* include/Makefile.in: Don't build in ss
+
+	* Makefile.export: Fixed ChangeLog-generation
+
+	* lib/sl/sl.c: Let `readline' to the \n-removal.  Handle empty
+ 	lines.  Don't store empty lines in the history.
+
+Mon Nov 18 1996
+
+	* lib/sl/sl.c: Use readline compatible i/o.
+
+
+	* lib/otp/otp_locl.h: Changed location of otp database to /etc
+
+	* appl/otp/Makefile.in: Install otp setuid root.
+
+	* util/Makefile.in: don't build SS
+
+	* lib/sl: New directory.
+
+	* kadmin/kadmin.c: Replaced SS by SL.
+
+Sun Nov 17 1996
+
+	* kadmin/kadm_funcs.c: Improved log messages.
+
+
+	* Use KRB_TICKET_GRANTING_TICKET.
+
+
+	* server/kerberos.c: Don't do any special logging when running as
+ 	slave.
+
+
+	* Lots of files: remove unnecessary `(void)'
+
+	* Lots of files: remove unnecessary `register' declaration.
+
+
+	* lib/krb/get_host.c: Only keep list of hosts from requested
+ 	realm.
+
+
+	* man/otpprint.1, otp.1: New files.
+
+	* appl/otp/otp.c: `-s' is now default.
+
+	* appl/otp/otp.c: removed count
+
+	* lib/des/destest.c: more general quad_cksum test.
+
+	* lib/otp/otp_print.c (otp_print_stddict_extended,
+ 	otp_print_hex_extended): New functions.
+
+	* lib/otp/otptest.c: New file.
+
+
+	* appl/ftp/ftpd/ftpd.c: Change default auth level to what was
+ 	formerly known as `user'.
+
+	* appl/ftp/ftpd/ftpd.c: Orthogonalize arguments to -a
+
+
+	* appl/kip/kip.c: Try all addresses we get back from the name
+ 	server.
+
+	* kadmin/kpasswd.c: updated to new functions.
+
+	* lib/otp/otp_db.c (otp_db_open): Do a few retries.  Unlock in
+ 	case this file cannot be opened.
+
+	* doc/kth-krb.texi: New chapter about OTPs.
+
+	* appl/otp/otpprint.c, appl/otp/otp.c: Use OTP_ALG_DEFAULT.
+  	Consistent language Check return value from des_read_pw_string.
+
+	* lib/otp/otp.h: Add OTP_ALG_DEFAULT
+
+
+	* lib/krb/parse_name.c: New function krb_parse_name
+
+Sat Nov 16 1996
+
+	* appl/bsd/login.c: removed S/Key.
+	Added OTP with option `-a otp'
+	Reorganized verification loop.
+
+	* appl/bsd/Makefile.in (login): Remove skey and add OTP
+
+	* configure.in: Test for `uid_t' and `off_t'
+
+	* appl/telnet/telnetd/telnetd.c: Removed `-s' for securID and
+ 	added `-a otp' for OTP.
+
+	* appl/kpopper: removed s/key and added OTP support.  Updated
+ 	man-page.
+
+	* lib/otp/otp.h: more fields in the struct and a new function.
+
+	* appl/ftp/ftpd/ftpd.c: Full OTP support.
+
+	* appl/kx/rxterm.in: Add options: -l username, -r args_to_rsh, and
+ 	-x args_to_xterm
+
+	* appl/kx/rxtelnet.in: Add options: -l username, -t
+ 	args_to_telnet, and -x args_to_xterm
+
+	* man/kx.cat1: regenerated
+
+	* man/kx.1: Added `-l' option.
+
+	* appl/kx/kxd.c: Accept username from `kx'
+
+	* appl/kx/kx.c: Introduced option `-l user' to be able to login as
+ 	some other user.
+
+Fri Nov 15 1996
+
+	* appl/kx/kx.c: Print out display and not display_nr
+
+	* lib/auth/Makefile.in: Fix the case with empty SUBDIRS.
+
+	* */Makefile.in: Use $(LN_S) instead of ln -s
+
+	* */Makefile.in: Add @SET_MAKE@
+
+	* doc/latin1.tex: New file.
+
+	* doc/kth-krb.texi: Use latin1.tex to be able to use one letter
+ 	that some bear seem to think is important.
+
+	* doc/kth-krb.texi: Added acknowledgements.
+
+	* lib/auth/Makefile.in: Only build relevant subdirectories.
+
+	* configure.in: Set @LIB_AUTH_SUBDIRS@ to the subdirectories of
+ 	lib/auth that should be built.
+
+
+	* lib/kafs/afssys.c: Only get tokens for each cell once.
+
+Thu Nov 14 1996
+
+	* man: Added man pages for movemail(1) and kerberos(8).
+
+
+	* kadmin/kadmin_cmds.ct: Add `add' for add_new_key and `passwd'
+ 	for change_password.
+
+
+	* lib/krb/logging.c: Now actually compiles!
+
+
+	* config.{guess,sub}: Merge changes from Autoconf
+
+
+	* lib/krb/{recv,send}auth.c: Don't return errno if there is a
+ 	system error.
+
+Wed Nov 13 1996
+
+	* util/ss/Makefile.in: Now even compiles with BSD make!
+
+	* appl/kx: Now send the complete display from `kxd' to `kx'.  This
+ 	should enable it to work better with Xlibraries that don't support
+ 	unix sockets.
+
+	* kuser/klist.c: conditionally include <sys/ioctl.h> and
+ 	<sys/ioccom.h> before <kafs.h>
+
+	* lib/krb/resolve.h: Add fallback for `T_TXT'.
+
+	* appl/otp/otp.c: removed print-functionality.
+
+	* appl/otp/otpprint.c: New file.
+
+	* appl/otp/Makefile.in: New program `otpprint'
+
+	* lots of Makefile.in: Now should be possible to build with makes
+ 	that have broken VPATH-handling.
+
+	* configure.in: Always replace REAL_SHARED & c:o so that some
+ 	libraries may be built as shared.
+	Removed unused AC_SUBST.
+	Only build afskauthlib on irix.
+
+	* lib/auth/afskauthlib/Makefile.in, lib/auth/sia/Makefile.in,
+ 	lib/auth/pam/Makefile.in: Always build as a shared library.
+
+	* appl/kx/rxtelnet.in, appl/kx/rxterm.in: export PATH (from
+ 	<jas@pdc.kth.se>).
+
+
+	* lib/krb/{pkt_cipher,fgetst}.c: Removed
+
+	* lib/krb/name2name.c: Renamed k_name_to_name to krb_name_to_name
+
+Mon Nov 11 1996
+
+	* appl/telnet/telnetd/sys_term.c: Really remove bad stuff from
+ 	environment.
+
+Fri Nov 8 1996
+
+	* appl/bsd/rlogind.c (main): `portnum' should be int.
+
+	* appl/bsd/sysv_environ.c: Use _PATH_ETC_ENVIRONMENT
+
+	* appl/bsd/pathnames.h: _PATH_ETC_ENVIRONMENT: new
+
+	* lib/krb/get_host.c (srv_find_realm): New parameter `service'
+
+
+	* lib/krb/unparse_name.c: New function.
+
+Tue Nov 5 1996
+
+	* lib/auth/pam/pam.c: Add PAM Kerberos module.
+
+Mon Nov 4 1996
+
+	* configure.in: configure in lib/auth/afskauthlib
+
+	* lib/kafs/afssys.c: New function `k_afsklog_uid'.
+
+	* lib/auth/afskauthlib: New library that works like
+	`afskauthlib.so' from Transarc.
+
+
+	*lib/krb/get_host.c, lib/krb/getrealm.c, lib/kafs/afssys.c: Use
+ 	dns_lookup().
+	
+	* lib/krb/resolve.c (dns_lookup): Replaced several different
+ 	resolver functions with one more generalized.
+
+Sun Nov 3 1996
+
+	* Add check target in lib/krb.
+	
+	* appl/bsd/login.c (main): Sleep 10 seconds before bailing out so
+ 	that there is a chance of reading the error message.
+
+	* appl/bsd/rsh.c (main): When invoked as rlogin equivalent change
+ 	to real uid before execing rlogin.
+
+Sat Nov 2 1996
+
+	* appl/bsd/utmp_login.c: Do the right thing on systems where
+ 	UTMPX_DOES_UTMP_LOGGING is defined.
+
+
+	* lib/krb/krb.h: names for `krb_kuserok' prototype
+
+	* lib/krb/get_host.c: Add tcp/kerberos.REALM as well.
+
+	* appl/bsd/su.c: Replace call to `kuserok' by `krb_kuserok'.
+
+	* lib/otp/otp_parse.c: Add support for parsing extended responses
+ 	(draft-ietf-otp-ext-01).
+
+	* lib/otp/otp.h: Define OTP_HEXPREFIX and OTP_WORDPREFIX.
+
+	* appl/otp/otp.c: Add option `-e' for printing responses in
+ 	extended mode (according to draft-ietf-otp-ext-01.txt).
+
+
+	* lib/krb/kuserok.c: Function krb_kuserok now takes name,
+ 	instance, realm rather than an AUTH_DAT.
+
+Fri Nov 1 1996
+
+	* lib/auth/sia: Add SIA Kerberos module.
+
+
+	* lib/roken/roken.h: Need to include signal.h prior to defining
+ 	SIG_ERR.
+
+	* appl/bsd/utmpx_login.c (utmpx_update): Minor restructuring for
+ 	simplified maintainability.
+
+	* appl/bsd/utmp_login.c (utmp_login): Even when there are utmpx
+ 	files on this system we should also log to the utmp files. If
+ 	there are no utmp files we of course don't have to log to them.
+
+
+	* Makefile.export: now generate PROBLEMS and COPYRIGHT as well.
+
+	* PROBLEMS, COPYRIGHT, doc/kth-krb.info: removed
+
+	* doc/kth-krb.texi: Put copyrights in marketing order.
+
+	* appl/kpopper/popper.h: client and ipaddr should be char [] so
+ 	that we can store the names there.
+
+	* appl/kpopper/pop_init.c: save copies of addresses that otherwise
+ 	get overwritten.
+
+Mon Oct 28 1996
+
+	* lib/krb/send_to_kdc.c (send_recv_it): Use `recv' not `recvfrom'
+ 	to make winsock happy.  Also don't care anymore about from which
+ 	address we got the answer since we do a `connect'.
+
+	* admin/adm_locl.h, lib/kdb/kdb_locl.h, kadmin/kadm_locl.h,
+ 	lib/krb/krb_locl.h, lib/roken/strftime.c, server/kerberos.c: Do
+ 	not use #if, use #ifdef.
+
+	* configure.in: Test for `rand' and `getuid'
+
+
+	* slave/kprop.c: Don't terminate on trivial errors in slaves-file.
+
+Sun Oct 27 1996
+
+	* doc/Makefile.in: Install from source directory if necessary.
+
+	* lib/krb/kuserok.c: Do not use `k_getpwnam' in libkrb.
+
+	* configure.in: You can't even use `unset', Ultrix sh does not
+ 	have it.
+
+
+	* several files: Check status from des_read_pw_string.
+
+
+	* server/kerberos.c: Make sure all data is recieved on a tcp
+ 	socket before trying to reply.
+
+
+	* lib/krb/krb.h: Add <time.h> for `struct tm'
+
+	* appl/kx/Makefile.in: Both kx and kxd requires @XauWriteAuth@
+
+	* configure.in: Fix test for `XauReadAuth'
+
+Fri Oct 25 1996
+
+	* lib/krb/get_host.c (init_hosts): Must ntohs(KRB_PORT) on
+ 	machines running backwards.
+
+	* More consistent use of CRLF in telnet and telnetd.
+
+	* Removed redundant -I$(srcsdir)/../../include from compiler args.
+	
+
+	* appl/ftp/ftpd/ftpd.c: New option `-a otp' to allow OTPs but no
+ 	ordinary passwords in cleartext.
+
+	* appl/ftp/ftpd/Makefile.in: Link `ftpd' with -lotp
+
+	* lib/Makefile.in: Add otp
+
+	* include/Makefile.in: Add otp.h
+
+	* configure.in: Test for ndbm.h
+	Generate Makefiles in lib/otp and appl/otp
+
+	* appl/otp: New program to set up and generate OTPs.
+	
+	* lib/otp: New library for one-time passwords (RFC1938).
+
+	* lib/krb/get_host.c (srv_find_realm): Added parameter `proto'
+
+	* lib/des/Makefile.in: Add md4 and sha.  run `mdtest' from check.
+
+	* lib/des/md4.h, lib/des/md4.c, lib/des/sha.c, lib/des/sha.h,
+ 	lib/des/mdtest.c: New files.
+
+	* appl/kauth/Makefile.in: Make $(libexedir) as well.
+
+Thu Oct 24 1996
+
+	* appl/bsd/rlogind.c (setup_term): Actually set the speed of the
+ 	terminal.
+
+	* appl/bsd/rlogin.c (main): Do a `speed_t2int' before putting the
+ 	speed in the TERM variable.
+
+	* appl/bsd/rcmd_util.c: New functions: `speed_t2int' and
+ 	`int2speed_t'.
+
+	* appl/bsd/bsd_locl.h: Added prototype of `speed_t2int' and
+ 	`int2speed_t'.
+
+Sun Oct 20 1996
+
+	* appl/bsd/login.c: Do `getspnam' before change the UID. Also call
+ 	`endspent'
+
+	* appl/krbmanager: New program used on PCs by kclient.
+
+	* lib/kclient: New library.
+
+	* lib/des, lib/krb: Added some PC-specific files.
+
+	* doc/kth-krb.info: Regenerated.
+
+	* doc/Makefile.in (kth-krb.info): Some stupid makes don't
+ 	understand $<
+	(kth-krb.html): New rule.
+
+	* doc/kth-krb.texi (Compiling from source): Added some references
+ 	about Socks.
+
+Sat Oct 19 1996
+
+	* doc/kth-krb.texi: Added text about ``--with-socks''.
+
+	* configure.in: Use `AC_TEST_PACKAGE' for skey and socks.
+
+	* aclocal.m4: Replaced `AC_TEST_SOCKS' and `AC_TEST_SKEY' with the
+ 	more general `AC_TEST_PACKAGE'.
+
+Fri Oct 18 1996
+
+	* configure.in: call AC_TEST_SOCKS
+
+	* acconfig.h: SOCKS
+
+	* aclocal.m4: Added AC_TEST_SOCKS
+
+	* lib/krb/send_to_kdc.c (send_to_kdc): Removed unused `f' and
+ 	close.
+
+Thu Oct 17 1996
+
+	* man/popper.8: Option `-i'
+
+	* appl/kpopper/pop_send.c: clean-up
+
+	* appl/kpopper/popper.h: Removed old garbage and added SKEY.
+
+	* appl/kpopper/pop_xmit.c: clean up
+
+	* appl/kpopper/pop_user.c: SKEY-support
+
+	* appl/kpopper/pop_pass.c: Added support for spaces in passwords
+ 	and S/Key.
+
+	* appl/kpopper/pop_init.c: Moved some variables into struct pop
+	(main): Added support for `-i'
+
+	* appl/kpopper/pop_get_command.c: New command "HELP".
+
+	* appl/kpopper/Makefile.in: Add SKEY-stuff.
+
+	* lib/krb/get_host.c: Use `k_getportbyname(KRB_SERVICE,...)' as a
+ 	default instead of KRB_PORT
+
+	* lib/krb/getaddrs.c (k_get_all_addrs): Add
+ 	gethostbyname(k_gethostname()) as a fallback.
+
+	* lib/krb/k_getport.c (k_getportbyname): proto can be NULL
+
+	* lib/krb/krb.h: Only include <sys/types.h> if HAVE_SYS_TYPES_H
+
+	* lib/krb/prot.h: KRB_SERVICE: Added
+
+
+	* server/kerberos.c: Replaced linked list with a vector.
+
+Wed Oct 16 1996
+
+	* server/kerberos.c: Add support for TCP connections.
+
+	* lib/krb/send_to_kdc.c: On stream sockets, use krb_net_read
+ 	rather than recvfrom.
+
+Mon Oct 14 1996
+	
+	* doc/kth-krb.texi: Only use `kdb_edit' to add the initial
+ 	`nisse.admin'.  Add all other users with `kadmin'.
+
+	* doc/kth-krb.info: new file.
+
+	* doc/kth-krb.texi: Added some text about kx and ftp.
+
+	* appl/ftp/ftpd/ftpcmd.y,
+	  util/ss/ct.y,
+	  util/et/error_table.y :
+ 	Added code for handling the case of using `bison' and having no
+ 	`alloca'.  Alloca is usually never called anyway, so we just use
+ 	`malloc'.
+
+	* appl/kx/kxd.c: All static variables are now global and in
+ 	common.c.
+	(doit_conn, doit): Turn on TCP_NODELAY.
+	(create_and_write_cookie, suspicious_address): Moved to common.c
+
+	* appl/kx/kx.c (connect_host): Try all addresses of `host'. Turn
+ 	on TCP_NODELAY.
+	(doit): prepare for TCP-only hosts.
+	(usage,main): add `-t'
+	(main): Passive mode is possible again.
+
+	* appl/kx/kx.h: More #ifdefs for include files.  Declarations for
+ 	global variables.
+
+	* appl/kx/common.c (get_xsockets): Try to chmod
+ 	dirname(`X_UNIX_PATH')
+	(get_xsockets): Turn on TCP_NODELAY on TCP connections.
+
+	* doc/Makefile.in: New file
+
+	* Makefile.in: Added `doc' to `SUBDIRS'
+
+	* configure.in: Generate `doc/Makefile'
+
+Sun Oct 13 1996
+
+	* appl/bsd/rcp.c (main): Made rcp AFS aware.
+
+	* lib/krb/kuserok.c (kuserok): Act as if luser@LOCALREALM is
+ 	always an entry of .klogin.
+
+Sat Oct 12 1996
+
+	* appl/kx/rxtelnet.in: Start the `xterm' process correctly.
+
+	* lib/des/rnd_keys.c (sumFile): consider the case that `res' is
+ 	not longword-aligned.
+
+	* lib/krb/get_host.c (parse_address): `getservbyname' should
+ 	really get proto = NULL
+
+	* lib/krb/send_to_kdc.c (krb_udp_port): removed
+	(send_to_kdc): removed `addrlist'
+
+	* lib/krb/send_to_kdc.c: Support not only UDP.
+
+	* lib/krb/get_host.c (krb_get_admhst): Really ask for a admin host
+ 	if that's what we want.
+
+Thu Oct 10 1996
+
+	* lib/krb/get_host.c: Simplified some code. Added stub-support for
+ 	SRV-records.
+
+Wed Oct 9 1996
+
+	* appl/kx/rxtelnet.in, appl/kx/rxterm.in: PDC are unable to give
+ 	correct instructions to their users and therefore we have to add
+ 	strange directories to the PATH.
+
+	* appl/kx/rxtelnet.in: Support sending arguments to telnet.
+
+	* appl/kx/rxterm.in: rsh can reside in path or %bindir% support
+ 	extra arguments to xterm (from <jas@pdc.kth.se>).
+
+	* appl/kx/rxtelnet.in: Try to find some kind of terminal emulator
+ 	for X.
+
+	* appl/kx/rxterm.in, appl/kx/rxtelnet.in: Look for kx in $PATH and
+ 	%bindir%.
+
+	* appl/kx/common.c (get_xsockets): `mkdir' the correct directory.
+  	From <jas@pdc.kth.se>
+
+
+	* lib/krb/send_to_kdc.c: Changes to allow other than udp port 750
+ 	connections.
+
+	* lib/krb/get_host.c: rewrite of krb_get_{adm,krb}hst.
+
+Sun Oct 6 1996
+
+	* appl/ftp/ftpd/ftpd.c (retrieve): Got rid of `sprintf'.
+
+	* configure.in: Fix order for x libs.  From <jas@pdc.kth.se>.
+  	Check for `fcntl', `alloca', `winsock.h', and `io.h'.
+
+	* lib/krb/krb_locl.h: Check for <io.h> and <winsock.h>
+
+	* lib/krb/krb.h: Check for winsock.h
+
+	* lib/krb/k_flock.c: Better test for `fcntl' with locking.
+
+	* lib/krb/et_list.c: Hopefully correct pragma this time.  From
+ 	<jas@pdc.kth.se>
+
+Thu Oct 3 1996
+
+	* lib/krb/klog.c (klog): Do not forget to print the text.
+
+	* lib/krb/log.c (krb_log): Print space after time in log.
+
+Wed Oct 2 1996
+
+	* appl/kpopper/popper.h: Add field msg_id to hold Message-Id for
+ 	UIDL command.
+
+	* appl/kpopper/pop_dropinfo.c (pop_dropinfo): Support for UIDL
+ 	command. Saves Message-Id to be used as unique id. Everything is
+ 	#ifdef:ed UIDL.
+
+	* appl/kpopper/pop_get_command.c: Recognize UIDL command.
+
+	* appl/kpopper/pop_uidl.c (pop_uidl): POP3 UIDL command
+ 	implementation.
+
+	* appl/kpopper/Makefile.in: New file pop_uidl.c.
+
+
+	* configure.in: Made some of the tests into macros defined in
+ 	aclocal.m4
+
+	* appl/telnet/libtelnet/kerberos.c: Given better error message
+ 	when user is not authorized to login.
+
+	* lib/roken/k_getpwuid.c, lib/roken/k_getpwnam.c: Call `endpwent'.
+  	If we are using a BSD-kind of system we should not leave the
+ 	shadow password database open.
+
+	* appl/xnlock/xnlock.c: Got rid of all `register' declarations.
+
+	* appl/kx/rxterm.in, appl/kx/rxtelnet.in: Use `set --'
+
+Mon Sep 30 1996
+
+	* lib/roken/k_getpwnam.c, lib/roken_k_getpwuid.c: Call `endspent'
+ 	to try to close the shadow password file.
+
+	* appl/ftp/ftpd/ftpd.c (retrieve): Cut the argument to the command
+ 	and the first character of the extension.
+
+	* lib/krb/send_to_kdc.c: Sun doesn't have any strerror so we can't
+ 	use that here.  We are only printing debug messages anyway, so
+ 	just print errno for now.
+
+	* appl/kx/rxtelnet.in: Now using SIGUSR2.
+
+	* appl/kx/kx.c: Now using SIGUSR1 to mean `exit when number of
+ 	children goes down to zero'.  SIGUSR2 is `exit when number of
+ 	children is equal to zero'.
+
+	* appl/xnlock/xnlock.c: More fixup of old code.
+
+	* appl/ftp/ftpd/ftpd.c: Only call `filename_check' for guest
+ 	users.
+
+	* configure.in: Added tests for more header files.  Also added
+	more ifdefs when actually including those files.
+
+	* appl/kx/Makefile.in: Do not build programs if we have no X11.
+	
+Sun Sep 29 1996
+
+	* appl/xnlock/xnlock.c (main): Support for shadow passwords.
+
+	* lib/roken/k_getpwuid.c: New file, better support for shadow
+ 	passwords.
+
+
+	* appl/telnet/Makefile.in: Use SET_MAKE
+
+
+	* appl/ftp/ftpd/ftpcmd.y: Remove access to several commands for
+ 	anonymous users.
+
+	* lib/krb/get_krbhst.c: Look for kerberos-#.realm.
+
+	* appl/ftp/ftpd/popen.c: Execute files from ~ftp if possible.
+
+	* appl/ftp/ftpd/ftpd.c: Add find site command.
+
+	* appl/ftp/ftpd/ftpd.c: Add special handling of nonexistant files
+ 	with extensions {,.tar}{,.gz,Z}.
+
+Sat Sep 28 1996
+
+	* configure.in: Check for sys/times.h, sys/param.h, and
+ 	sys/timeb.h
+
+	* lib/des: autoconfed a little to make it compile.
+
+	* lib/roken/roken.h: Add `max', `min', and definitions for broken
+ 	syslogs.
+
+	* appl/bsd/bsd_locl.h: Removed SYSLOG-garbage and max.
+
+	* appl/kx/kx.h: Remove prototype of childhandler.
+
+	* appl/kx/common.c: Remove childhandler.  Not common any more.
+
+	* appl/kx/rxterm.in: Send SIGUSR1 to kx before starting xterm.
+
+	* appl/kx/rxtelnet.in: Send USR1 to kx at appropriate moment.
+
+	* appl/kx/kx.c: Die after receiving SIGUSR1 and when number of
+ 	children goes to zero.
+
+	* lib/roken/roken.h: Add STDERR_FILENO
+
+	* lib/roken/mini_inetd.c (mini_inetd): Also dup onto stderr.
+
+	* lib/kafs/Makefile.in (afslib.so): Change argument so they work
+ 	with `ld' instead of `cc'
+
+	* appl/kx/kxd.c: writeauth.c as separate file.
+
+	* appl/kx/kx.c: `-d' option to disable forking.
+
+	* appl/kx/Makefile.in: Compile and link writeauth.c if necessary.
+  	For some stupid reason $< does not work correctly in BSD make.
+  	Use $(srcdir) instead.
+
+	* appl/ftp/ftp/ftp_locl.h: Only include <roken.h> once.
+
+	* configure.in: Use strange X flags when looking for XauReadAuth.
+  	Add XauWriteAuth if we need to include it.
+
+Fri Sep 27 1996
+
+	* appl/sample: Sample programs work again.
+
+
+	* appl/kx/kxd.c (main): use `mini_inetd'
+
+	* appl/kx/kx.c: Use KX_PORT
+
+	* appl/kx/kx.h: Remove SOMAXCONN and add KX_PORT
+
+	* appl/kauth/kauthd.c (main): use `mini_inetd'
+
+	* appl/ftp/ftpd/ftpd.c: Removed `conn_wait' and use `mini_inetd'
+ 	instead.
+
+	* appl/bsd/bsd_locl.h: Prototypes for `get_shell_port' and
+ 	`get_login_port'
+
+	* appl/bsd/rcmd_util.c: New file.
+
+	* appl/bsd/Makefile.in: Added rcmd_util.c
+
+	* appl/bsd/rcp.c: Moved `get_shell_port' to rcmd_util.c
+
+	* appl/bsd/rsh.c: Moved `get_shell_port' to rcmd_util.c
+
+	* appl/bsd/rlogind.c (main): Use `mini_inetd'
+
+	* appl/bsd/rshd.c (main): Add support for interactive mode with
+ 	`-i'.
+
+	* appl/telnet/telnetd/telnetd.c (main): use `mini_inetd'
+
+	* lib/roken/roken.h: Added prototype for `mini_inetd', and
+ 	fallback definitions for SOMAXCONN, STDIN_FILENO, and
+ 	STDOUT_FILENO.
+
+	* lib/roken/Makefile.in: Added mini_inetd.o
+
+	* lib/roken/mini_inetd.c: New file.
+
+Thu Sep 26 1996
+
+	* appl/kx/kxd.c (doit): read port number in ascii.
+
+	* appl/kx/kx.c (doit): write port number in ascii.
+
+	* appl/kauth/rkinit.c (doit_host): Check return value from
+ 	`read_encrypted'.
+
+	* appl/kauth/kauthd.c (doit): Removed unnecessary sprintf's before
+ 	syslog.
+
+	* lib/krb/krb_get_in_tkt.c (krb_get_in_tkt): Return error code
+ 	from `tf_create' and not always INTK_ERR.
+
+	* lib/krb/tf_util.c (tf_create): Correct check for return value
+ 	from `open'.
+
+	* lib/des/rnd_keys.c (des_rand_data): Try /dev/urandom as well.
+
+Wed Sep 25 1996
+
+	* appl/afsutil/pagsh.c (main): One-of error hopefully fixed this
+ 	time.
+
+	* configure.in: Add test for <sys/un.h>
+
+	* kadmin/Makefile.in: Add back $(CRACKLIB)
+
+Mon Sep 16 1996
+
+	* appl/kx/Makefile.in: Create rxterm and rxtelnet at compile time.
+
+	* kstring2key moved to appl/afsutil.
+
+Sun Sep 15 1996
+
+	* appl/kx/kx.c (main): For now always use passive mode.  That's
+ 	the only thing that has been tested and not a lot of people are
+ 	going to use non-passive anyways.
+
+	* appl/kx/kx.c (connect_host): write display_number in ascii.
+
+	* appl/kx/kxd.c (doit): read display_number in ascii.
+
+	* appl/kx/common.c (get_local_xsocket): Generate the
+ 	/tmp/.X11-unix directory with the sticky bit set.
+
+	* configure.in: Generate appl/kx/rxterm and appl/kx/rxtelnet.
+
+	* appl/kx/Makefile.in: Install rxterm and rxtelnet.
+
+	* appl/kx/rxterm.in, appl/kx/rxtelnet.in: New files.
+
+	* appl/kx/common.c (get_local_xsocket): try to bind the socket
+ 	instead of checking for existence with lstat.
+
+
+	* appl/kx/kxd.c: Detect remote termination and cleanup on exit.
+
+Sat Sep 14 1996
+
+	* lib/des/rnd_keys.c: Hack for systems that lack setitimer (like
+ 	crays).
+
+
+	* appl/kx/kxd.c (doit): Send over the display number and the
+ 	authority file actually used to kx.
+	
+	(create_and_write_cookie):  New function to generate and write into a
+	file a local cookie used between this pseudo-server and the
+ 	clients on this host.
+	
+	(start_session):  New function to check and remove the local cookie
+	before the data is sent over to `kx'.
+
+	* appl/kx/kx.c (display_num, xauthfile): New variables.  Now `kx'
+ 	prints out the values of those two variables and then goes to the
+ 	background to enable some script to set these on the other host.
+	
+	(start_session): New function that adds a local cookie before sending
+	the rest of the connection to the local X-server.
+	
+	(main): Also recognize "unix" as a local DISPLAY.
+
+	* appl/kx/kx.h: <X11/Xauth.h> used.
+	(get_local_xsocket): Changed parameter.
+
+	* appl/kx/common.c (get_local_xsocket): Now try to allocate the
+ 	first free socket in /tmp/.X11-unix.  Also `mkdir' this directory
+ 	first.  Return the number of the display opened.
+
+	* appl/kx/Makefile.in: Added X libraries.
+
+	* lib/des/des.h: Added prototype for `des_rand_data'.
+
+	* lib/des/rnd_keys.c: Made `des_rand_data' non-static.  This
+ 	function is useful and now even used.
+
+Wed Sep 11 1996
+
+	* appl/bsd/login.c: Use k_afs_cell_of_file() to get tokens for the
+ 	cell of the home catalog rather than the local cell.
+
+	* lib/kafs/afssys.c: Add k_afs_cell_of_file.
+
+Tue Sep 10 1996
+
+	* appl/telnet/telnetd/telnetd.c, appl/telnet/telnetd/sys_term.c:
+ 	Removed all convex code.
+
+Mon Sep 9 1996
+
+	* appl/telnet/telnetd/termstat.c: UNICOS5: removed
+
+	* appl/telnet/telnetd/telnetd.c, appl/telnet/telnetd/sys_term.c:
+ 	NEWINIT, UNICOS7x, UNICOS5: removed
+	
+	STREAMSPTY: added variable `really_stream' Now able to handle the
+ 	case where the OS supports stream ptys but we run out of them and
+ 	start using ordinary BSD ones.
+
+	* appl/telnet/telnetd/state.c: UNICOS5: removed
+
+	* appl/telnet/telnetd/pathnames.h: BFTPPATH: removed
+
+	* appl/telnet/telnetd/ext.h, appl/telnet/telnetd/global.c:
+	BFTPDAEMON: removed.
+	UNICOS5: removed.
+	
+	* appl/telnet/telnetd/ext.h: STREAMSPTY: added variable
+ 	`really_stream'.
+
+	* lib/krb/stime.c (krb_stime): argument should be `time_t'.
+	lib/krb/krb_locl.h: changed prototype.
+
+Sun Sep 8 1996
+
+	* configure.in: Also generate `appl/sample/Makefile'
+
+	* appl/Makefile.in: Use @SET_MAKE@.
+	Include sample
+
+	* lib/krb/Makefile.in: Add krb_stime, krb_mk_auth, and
+ 	krb_check_auth.
+
+	* util/et/compile_et.c (main): Include <foo.h> in foo.c
+
+	* slave/kprop.c: exit with return code == 1 to indicate failure.
+
+	* server/kerberos.c (usage): Fixed usage string.
+
+	* lib/krb/tkt_string.c (tkt_string): Removed bogus extern
+ 	declaration of `getuid'.
+
+	* lib/krb/tf_util.c (tf_save_cred): Removed bogus extern
+ 	declaration of `lseek'.
+
+	* lib/krb/stime.c (stime): Renamed to `krb_stime'
+
+	* lib/krb/sendauth.c (krb_sendauth): reimplemented using
+ 	`krb_mk_auth' and `krb_check_auth'.
+
+	* lib/krb/send_to_kdc.c (send_recv): Removed stupid cast.
+
+	* lib/krb/recvauth.c: Removed KRB_SENDAUTH_VERS
+
+	* lib/krb/prot.h: create_auth_reply: correct prototype.
+  	krb_create_death_packet: ditto.
+	KRB_SENDAUTH_VERS: moved here from sendauth.c and recvauth.c
+
+	* lib/krb/month_sname.c: Made `month_sname' const.
+
+	* lib/krb/mk_req.c: Remove stupid `register'
+
+	* lib/krb/log.c (krb_log): Use `krb_stime'
+
+	* lib/krb/kuserok.c (kuserok): Nightmare Filesystem might return
+ 	ESTALE.  Treat it the same way as ENOENT.
+
+	* lib/krb/krb_locl.h: Added prototype for `krb_stime'
+
+	* lib/krb/krb_check_auth.c: New file with `krb_check_auth',
+	implemented for compatibility with CNS.
+	lib/krb/krb_mk_auth.c: Ditto.
+
+	* lib/krb/krb.h: Removed duplicate declarations of `get_request'
+ 	and `krb_get_admhst'.
+	Added declarations for `krb_mk_auth' and `krb_check_auth'.
+
+	* lib/krb/kparse.h: removed prototype for `strsave'
+
+	* lib/krb/kparse.c (fGetParameterSet): Use `strdup' instead of
+ 	`strsave'.
+	(strsave): Removed.
+
+	* lib/krb/kname_parse.c: Removed stupid `register' declarations.
+
+	* lib/krb/klog.c (klog): Use `krb_stime'
+
+	* lib/krb/get_phost.c: Handle the case where the name has no dots
+ 	in it by just returning it as-is.
+
+	* lib/knet/Imakefile, lib/knet/getkdata.c, lib/knet/phost.c,
+	lib/knet/sendkdata.c: removed unused files.
+
+	* lib/kadm/kadm_cli_wrap.c (kadm_init_link): use `k_getportbyname'
+
+	* kadmin/ksrvutil_get.c (get_srvtab_ent): Erase the key if
+ 	something goes wrong.  Include realm in the message when writing a
+ 	key.
+	(parseinput): New function that removes quotes and backslashes
+ 	from input.
+	(ksrvutil_get): Use `parseinput' to read input.
+
+	* kadmin/ksrvutil.c (safe_read_stdin): Correct use of printf.
+  	Removed bogus casts and fflush of stdin.
+	(main): Use `return' instead of `exit'.
+
+	* kadmin/kpasswd.c (main): Use `return' instead of `exit'.
+
+	* kadmin/admin_server.c: exit with return code == 1 to indicate
+ 	failure.
+
+	* appl/sample/sample_server.c: Rewrote to use all new functions.
+
+	* appl/sample/sample_client.c: Rewrote to use all new functions.
+
+	* appl/sample/sample.h: new file.
+
+	* appl/sample/Makefile.in: new file.
+
+	* appl/movemail/pop.c (socket_connection): use `k_getportbyname'
+
+	* appl/kpopper/pop_init.c: exit with return code == 1 to indicate
+ 	failure.
+
+	* appl/kauth/kauth.c (doexec): new-style definition.  ret should
+ 	be a `pid_t'.
+	(main): new-style definition.  Use `prog' instead of `argv[0]'
+
+	* appl/ftp/ftp/extern.h: Removed unused `abortsend'
+
+	* appl/ftp/Makefile.in: Use @SET_MAKE@
+
+	* appl/bsd/rsh.c: get_shell_port: use `k_getportbyname'
+
+	* appl/bsd/rlogin.c: get_login_port: use `k_getportbyname'
+
+	* appl/bsd/kcmd.c: Removed bogus casts to `caddr_t'
+
+	* admin/kstash.c: Removed bogus flushing of stderr.  Replaced lots
+ 	of `exit(-1)' by `return 1'
+
+	* admin/kdb_util.c: Removed unused variable `aprinc'.
+	Removed bogus flushing of stderr.
+	Replaced lots of `exit(-1)' by `return 1'.
+
+	* admin/kdb_edit.c, admin/kdb_init.c: use `return' instead of
+ 	calling `exit' and use 1, not -1, for failure.
+
+	* Makefile.in: Use @SET_MAKE@
+
+	* aclocal.m4: AC_NEED_PROTO: need macro to determine if we need to
+ 	define a prototype for a function.
+
+	* configure.in: Reordered.  Removed unused stuff.  Start using
+ 	AC_NEED_PROTO.
+
+	* config.guess: merged in FSF version from 960908.
+
+Tue Sep 3 1996
+
+	* include/protos.H: Added optarg, opterr, optind, optopt and
+ 	(fclose under Sunos 4).  Removed these declarations from lots of
+	other files.
+
+	* acconfig.h: Add undefs for h_errno, h_errlist, optarg, optind,
+ 	opterr, and optopt.
+
+	* configure.in: Use `AC_NEED_DECLARATION' for h_errno, h_errlist,
+ 	optarg, optind, opterr, and optopt.
+
+	* aclocal.m4: New macro `AC_NEED_DECLARATION' to figure out if we
+ 	need to have an external declaration of a variable.
+
+Mon Sep 2 1996
+
+	* lib/krb/krb.h: Removed unused `req_act_vno' and `k_log'.
+  	Changed all callers.
+
+	* lib/krb/krb.h: Removed definition of `MAX_HSTNM'.
+
+	* lib/krb/send_to_kdc.c: Removed use of `MAX_HSTNM'.
+
+	* appl/afsutil/pagsh.c: Some reformatting and fixed the off-by-one
+ 	args bug.
+
+Sat Aug 31 1996
+
+	* lib/krb/{send_to_kdc.c, getrealm.c}, appl/xnlock/xnlock.c,
+ 	appl/kauthkauth.c, appl/bsd/{rshd.c,rlogind.c}: Removed '#if 0'-ed
+ 	code.
+
+	* lib/krb/get_in_tkt.c: Removed '#if 0'-ed code and now compiles
+ 	with NOENCRYPTION.
+
+	* kadmin/ksrvutil.c: Now compiles with NOENCRYPTION.
+
+	* appl/ftp/ftpd/ftpcmd.y: Throw away passwd after use.
+
+	* appl/ftp/ftpd/ftpd.c: Fixed old comment.
+
+	* slave/kpropd.c: s/sa_len/salen/ Irix has a #define for sa_len.
+	
+	* lib/kdb/krb_dbm.c: If key->dptr is not a `char *' we have to
+ 	cast it before adding to it.
+
+	* configure.in: Old test for `sa_len' in `struct sockaddr' fails
+ 	on IRIX 6.2.  Try to compile a program refering to that field
+ 	instead of grepping for it in <sys/socket.h>.
+
+	* appl/bsd/kcmd.c: Removed old and broken code.
+
+	* configure.in: Check for `gethostname', `uname', and
+ 	<sys/utsname.h>
+
+	* lib/krb/k_gethostname.c: Try to use `uname' if we have no
+ 	`gethostname'.
+
+	* appl/ftp/ftpd/klogin.c: Incorrect use of `gethostname' replaced
+ 	by correct use of `k_gethostname'.
+
+
+	* lib/roken/verify.c: Change name verify_unix_user ->
+ 	unix_verify_user in analogy with krb_verify_user.
+
+Fri Aug 30 1996
+
+	* appl/xnlock/Makefile.in: Install man-page.
+
+	* configure.in, */Makefile.in: Replace `-shared' with some other
+ 	option when not using gcc.
+
+	* lib/kafs/afssys.c: Do not start by checking if we have AFS in
+ 	`k_afsklog'.
+
+	* appl/bsd/rlogin.c: More kludges to make it work with rlogin on
+ 	linux: Do not select for an exceptional condition on `rem' after
+ 	having received EINVAL.
+	
+	Also rewrote ifndef NOENCRYPTION stuff.
+
+	* appl/bsd/rlogind.c: More kludges to make it work with rlogin on
+ 	linux: Only send oob data just after having sent normal data to
+ 	make sure we never send two consecutive bytes of oob data.
+
+	Also rewrote ifndef NOENCRYPTION stuff.
+
+Thu Aug 29 1996
+
+	* lib/kafs/Makefile.in: Use `ld' instead of `cc' for linking
+ 	afslib.so.  Not everybody has cc.
+
+Wed Aug 28 1996
+
+	* Release 0.9.2a
+
+Mon Aug 26 1996
+
+	* appl/bsd/login.c: Clean-up.  Made static a lot of functions and
+ 	variables.  Rewrote some function definitions to ANSI-style.
+
+	* appl/bsd/sysv_environ.c: KRB4_MAILDIR may and may not contain a
+ 	trailing slash.  We need to be very careful to make sure the
+ 	contents of $MAIL does not contain two, because RMAIL in emacs
+ 	uses it and emacs is no friend with double slashing.
+
+
+	* lib/kafs/afssys.c (k_afsklog_all_local_cells): Now should return
+ 	correct value.
+
+Sun Aug 25 1996
+
+	* Release 0.9.2.
+
+Sat Aug 24 1996
+
+	* lib/roken/hstrerror.c: Check for h_errlist prototype.
+
+Thu Aug 22 1996
+
+	* lib/krb/send_to_kdc.c, etc/services.append, server/kerberos.c:
+ 	Changed `kerberos' to `kerberos-iv' now that it has been
+ 	registered with IANA.
+
+	* man/rshd.8, man/rlogind.8: updated documentation of `-a'
+
+	* lib/roken/roken.h: Added declaration of `h_errno'
+
+	* kuser/Makefile.in: Link kdestroy with KRB_KAFS_LIB
+
+	* appl/kauth/kauth.h: Stupid declarations for syslog.
+
+	* appl/kauth/kauthd.c: syslog errors and success.
+
+	* include/protos.H: Removed `h_errno', now in roken.h Declare
+ 	`getusershell' under solaris.
+
+	* configure.in, acconfig.h: Figure out if we have to declare
+ 	`h_errno'.
+
+	* appl/ftp/ftp/kauth.c: Added support for afs_string_to_key.
+
+Wed Aug 21 1996
+
+	* lib/kafs/afssys.c: Look for AFS database servers in dns also.
+
+	* lib/kafs/afssys.c: Add support for a ~/.TheseCells-file.
+
+Sun Aug 18 1996
+
+	* appl/bsd/rlogind.c: Removed unused `check_all' variable.  Use
+ 	`inaddr2str'.
+
+	* appl/bsd/rshd.c: Use `inaddr2str'.
+	
+	* appl/bsd/iruserok.c: Removed potential buffer overrun after
+ 	`gethostbyaddr'.
+
+	* lib/roken/inet_aton.c: Some const-ness.
+
+	* lib/roken/Makefile.in: Add `inaddr2str.o'.
+
+	* appl/ftp/ftpd/ftpd.c: Use `inaddr2str'.
+
+	* lib/roken/inaddr2str.c, lib/roken/roken.h: New function
+ 	`inaddr2str' to convert an IP address into a verified hostname or
+ 	a string of the form x.y.z.a
+
+	* lib/krb/{krb_locl.h, krb.h, k_name_to_name.c, k_getsockinst.c,
+ 	getrealm.c}: Some const-ness.
+	
+	* appl/bsd/bsd_locl.h: Removed another prototype for `crypt'.
+
+	* appl/kpopper/popper.h: Some const-ness to get rid of a warning.
+
+	* appl/bsd/rshd.c: Always check reverse mapping.  Removed
+ 	`local_domain' and `top_domain'.  Added some const-ness.
+
+Sat Aug 17 1996
+
+	* include/Makefile.in: Removed VPATH.  With it this makefile does
+ 	not work correctly.
+
+	* lib/krb/rw.c, lib/krb/krb_locl.h: Changed parameters to
+ 	`krb_{get,put}'-functions to void *.
+
+	* include/protos.H: Add `getusershell' in solaris.
+
+	* appl/kauth/kauthd.c, appl/bsd/{rlogin.c,rlogind.c}: Less
+ 	warnings because of arguments to `setsockopt'.
+
+	* lib/roken/roken.h: Fixed prototype of `inet_aton'
+
+Wed Aug 14 1996
+
+	* lib/roken/verify.c: Use <crypt.h> if there is one.
+
+	* lib/kafs/Makefile.in: AFS_EXTRA_LIBS is always called
+ 	`afslib.so'.  Otherwise some makes get upset when there is no such
+ 	library to be made.
+
+	* appl/telnet/telnetd/telnetd.h: <protos.h> are needed to get
+ 	prototype for `ptsname'.
+
+	* appl/bsd/rlogind.c, appl/kpopper/pop_dropinfo.c,
+	appl/telnet/libtelnet/{auth.h,enc_des.c,kerberos.c},
+	appl/telnet/telnet/utilities.c, appl/telnet/telnetd/{sys_term.c,
+	telnetd.h, kadmin/admin_server.c, kuser/klist.c,
+	lib/kdb/{krb_cache.c, krb_dbm.c}, lib/krb/{fgetst.c, getst.c,
+	log.c, tf_util.c}: Include type `int' on all definitions and
+ 	remove unnecessary `register'.
+
+	* appl/bsd/login_access.c: Fix parameter declaration to
+ 	`netgroup_match'.
+
+	* appl/bsd/forkpty.c, include/protos.h: s/__sgi__/__sgi//g
+
+	* admin/kdb_util.c: Use `errno' for error message instead of
+ 	uninitialized variable.
+
+Tue Aug 13 1996
+
+	* appl/kauth/rkinit.c: Default port should be the same in kauth
+ 	and kauthd.
+
+Sun Aug 11 1996
+
+	* configure.in: Added `AC_REVISION'
+
+	* slave/kpropd.c: Cleaned up structure.  Now returns useful value.
+
+	* lib/roken/verify.c: Broken OSes need declartion of `crypt'.
+
+	* lib/roken/roken.h: Added prototype for `verify_unix_user'.
+
+	* lib/krb/lsb_addr_comp.h: Added prototype for `lsb_time'.
+
+	* lib/krb/{get_admhst.c, get_default_principal.c, get_krbhst.c,
+ 	get_krbrlm.c, getrealm.c, realm_parse.c} : Check for buffer
+ 	overwrite correctly.
+
+	* lib/krb/rw.c, lib/krb/krb_locl.h: Prepended `krb_' to `get_int',
+ 	`put_int', `get_address', `put_address', `put_string',
+ 	`get_string', `get_nir', and `put_nir'.  Changed all callers.
+
+	* lib/kdb/krb_db.h: Added prototype for `kerb_delete_principal'
+ 	and `kerb_db_delete_principal'.
+
+	* lib/kadm/kadm_cli_wrap.c: Removed unused variable.
+
+	* appl/telnet/telnetd/telnetd.c: Changed bogus `strncpy' to
+ 	`strcpy'.
+
+	* appl/bsd/su.c: Fixed error messages from execv.
+
+	* appl/bsd/rlogin.c: Fixed potential buffer overrun when reading
+ 	"TERM".
+
+Thu Aug 8 1996
+
+	* appl/telnet/telnet/commands.c, appl/kauth/rkinit.c: Replaced
+ 	`herror' by `hstrerror'.
+	
+	* appl/bsd/login.c: chmod the tty so that it is writable for group
+ 	tty.
+
+	* configure.in: Use AC_FIND_IF_NOT_BROKEN for herror and
+ 	hstrerror.
+
+	* aclocal.m4: New macro `AC_FIND_IF_NOT_BROKEN'
+
+	* config.guess: Add 686
+
+Tue Aug 6 1996
+
+	* lib/krb/getrealm.c: Fallback for `T_TXT'
+
+	* configure.in: Look for `res_search' and `dn_expand' in
+ 	libresolv.
+
+Mon Aug 5 1996
+
+	* */Makefile.in: Add Id to those missing it.
+
+	* configure.in: Small fix in comment.
+
+
+	* Release 0.9.1.
+
+
+	* appl/ftp/ftpd/ftpcmd.y: s/timeout/ftpd_timeout/
+
+	* appl/kstring2key/kstring2key.c: `usage' changed to void.
+
+	* lib/krb/mk_req.c: `build_request' changed to void.
+
+	* appl/ftp/ftp/ftp_locl.h: Changed order of includes.
+
+	* appl/bsd/login.c, appl/ftp/ftpd/*: s/timeout/login_timeout/
+
+	* lib/kafs/afssysdefs.h: undef AFS_SYSCALL if we are defining it.
+
+Sun Aug 4 1996
+
+	* lib/kafs/afssys.c: AIX systems will now correctly (I hope)
+ 	detect whether AFS is loaded or not. This is currently a bit
+ 	kludgy, and involves loading an external shared library,
+ 	afslib.so, which can be put in athena/lib or pointed to with
+ 	environment variable AFSLIBPATH.  This is only tested on AIX 4
+ 	(due to lack of an AIX 3 system).
+
+
+	* lib/krb/getrealm.c: Range-check the result from the DNS.
+
+	* lib/krb/get_krbrlm.c: Try to use the DNS to find out which realm
+ 	this host belongs to.
+
+	* kadmin/ksrvutil_get.c: Fixed error message.
+
+
+	* lib/kafs/*: Fix aix/afs brokenness.
+
+	* lib/kadm/kadm_stream.c (stv_string): Range check.
+
+Fri Jul 26 1996
+
+	* appl/ftp/common/{ftp,ruserpass}.c: Less bogus domain name
+ 	handling.
+
+Mon Jul 22 1996
+
+	* lib/krb/mk_req.c: Use encrypt_ktext()
+
+	* configure.in, lib/kafs/afssys.c: Add option to exclude AFS
+ 	support (this is useful only on AIX systems that doesn't have
+ 	AFS).
+
+	* configure.in: Removed configuration from subdirectories.
+
+Sat Jul 13 1996
+
+	* appl/ftp/ftp/extern.h, appl/ftp/ftp/ftp.c: Substitute `struct
+ 	fd_set' with `fd_set'.
+
+Mon Jul 8 1996
+
+	* Makefile.in: install should depend on all.
+
+Sun Jul 7 1996
+
+	* appl/bsd/su.c: Allow root to set the uid without entering a
+ 	password.
+
+Fri Jul 5 1996
+
+	* lib/krb/getrealm.c: Add automatic dns realm search.
+
+Thu Jul 4 1996
+
+	* lib/krb/log.c (krb_log): Renamed k_log(...) to krb_log(...) for
+ 	compatibility with CNS. There is still a #define k_log krb_log.
+
+	* util/et/et_list.c: Hack to resolve _et_list in shared libraries.
+
+Fri Jun 28 1996
+
+	* appl/bsd/rlogin.c (reader): If after a select rlogin fails to
+ 	read expected OOB data try to read ordinary data before	continuing.
+
+	* appl/bsd/rlogin.c (oob_real): SunOS5 tty race kludge.
+
+	* appl/bsd/rlogind.c: Cleanup oobdata stuff.
+
+Thu Jun 27 1996
+
+	* appl/bsd/login.c (main): Also check for complete tty name with
+ 	`rootterm'.
+
+	* lib/krb/check_time.c: New function `krb_check_tm'.
+
+	* lib/roken/tm2time.c: New function `tm2time', mktime generalized
+	to local timezone and UTC.
+
+	* kadmin, admin: Use `tm2time' and `krb_check_time' instead of
+ 	`maketime'.
+
+Tue Jun 25 1996
+
+	* lib/krb/mk_priv.c (krb_mk_priv): Send correct address.
+
+	* appl/kauth/kauthd.c: Set ticket file to some sane default, and
+ 	add -i debugging switch.
+
+Mon Jun 24 1996
+
+	* appl/xnlock, appl/kauth, appl/telnet/telnetd: Use BINDIR and not
+	`/usr/athena/bin'.
+
+Wed Jun 19 1996
+
+	* appl/bsd/rlogin.c: consistent usage of oob_real.
+
+	* appl/bsd/rlogind.c: Do not send oob garbage when running
+ 	solaris?  Seems that linux is unable to handle the duplicate
+ 	urgent data that is the result.
+	
+	* appl/bsd/rlogind.c: Fix usage.
+
+	* appl/bsd/kcmd.c: Don't F_SETOWN.
+
+Mon Jun 17 1996
+
+	* lib/krb/rw.c: Add get_address() and put_address().
+
+
+	* appl/telnet/telnetd/telnetd.c: updated usage
+
+	* appl/bsd/su.c: Replaced getpass by des_read_pw_string
+
+	* appl/bsd/forkpty.c (ptym_open): Removed unused `ptr2'.
+
+	* appl/bsd/rlogind.c: Removed unused functions and made others
+ 	static.
+
+Sun Jun 16 1996
+
+	* Release 0.9.
+	
+
+	* appl/ftp/ftpd/ftpd.c: Don't just send data in plain when doing
+ 	NLST.
+
+
+	* configure.in: test for setresgid.
+
+	* kadmin/ksrvutil_get.c: Fixed byte manipulations of keys.
+
+Sat Jun 15 1996
+
+	* lib/des/rnd_keys.c (des_rand_data): At least `srandom'.
+
+	* appl/ftp/ftp/cmds.c: Support longer passwords when retrying
+ 	login.
+
+	* kadmin/admin_server.c, man/kadmind.8, kth-krb.texi: Reading key
+ 	file from file is now the default.  Use `-m' to enter it manually.
+  	`-n' is currently a no-op.
+
+	* appl/ftp/ftpd/ftpd.c: Add S/Key support.
+
+	* appl/ftp/ftpd/Makefile.in: Link with S/Key.
+
+	* appl/ftp/configure.in: Test for S/key.
+	
+	* configure.in, aclocal.m4: Moved skey test
+	to aclocal.m4.
+
+	* appl/bsd/login.c: Correct argument to `skeyaccess'.
+
+Fri Jun 14 1996
+
+	* lib/krb/verify_user.c: New parameter to specify service key
+	instance, NULL means "rcmd".
+
+	* lots of files: All ticket filenames uses `TKT_ROOT'.
+
+	* appl/bsd/rlogind.c: Check for uid == 0 and user != "root".
+
+Tue Jun 11 1996
+
+	* appl/kpopper/pop_init.c(pop_init): Got rid of some old ifdef'ed
+	code.
+
+	* lib/kdb/krb_dbm.c: Add macro for `dbm_delete' for the people
+ 	that are ndbm challenged.
+
+Mon Jun 10 1996
+
+	* lib/krb/kname_parse.c: Got rid of duplicate defintions.
+
+	* appl/ftp/ftp/ruserpass.c: Get hostname even if user has no
+ 	'.netrc' file.
+
+
+	* lib/kadm, lib/kdb, kadmin: Add database delete operation.
+
+	* lib/krb/kname_parse.c: Allow dots in instances.
+
+
+	* appl/bsd/rlogind.c (logwtmp): Only define `logwtmp' if it does
+	not exist.  Log more garbage.
+
+Sun Jun 9 1996
+
+	* appl/telnet/configure.in: Check for `logwtmp'.
+
+	* appl/ftp/configure.in: Use `AC_FUNC_MMAP'
+
+
+	* appl/bsd/forkpty.c: Removed all ugly pty search stuff from
+ 	ptym_open().
+
+	* configure.in: Modified the creation of version.h, now actually
+ 	shows up with ident.It is now also slightly more keen on creating
+ 	a new version.h.
+
+Sat Jun 8 1996
+
+	* lib/roken/verify.c: <stdio.h> for NULL.
+
+	* appl/xnlock/xnlock.c (leave): Call XCloseDisplay, otherwise
+ 	screen saver changes are not updated before closing the X
+ 	connection.
+
+
+	* appl/bsd/utmp_login.c: Remove tty-prefix from ut_id; this field
+ 	is usually very short.
+
+Fri Jun 7 1996
+
+	* slave/kpropd.c: Add option -m to merge rather then load
+ 	database.
+
+Thu Jun 6 1996
+
+	* admin/kdb_util.c: Add a merge operation.  (One day it might be
+ 	used to propagate only patches to the database)
+
+Wed Jun 5 1996
+
+	* appl/kpopper: Support both POP3 and KPOP3.
+
+	* appl/xnlock/xnlock.c: Use `verify_unix_user'
+
+	* lib/roken/verify.c: verify_unix_user: New function from xnlock
+ 	for checking passwd in `/etc/passwd'.
+
+	* appl/telnet/telnetd/sys_term.c: gettimeofday buglet
+
+
+	* slave/kpropd.c: Rewrite of kpropd.
+
+	* admin/kdb_util.c: Sanity check on input to load_db.
+
+	* slave/kpropd.c: Use default value for fname.
+
+	* slave/kprop.c: Use some sane default values for data_file and
+ 	slaves_file.
+
+	* admin/kdb_util.c: If there isn't any database when loading,
+ 	create an empty one.
+
+Mon Jun 3 1996
+
+	* appl/telnet/telnetd/sys_term.c: Somewhat changed the way utmpx
+ 	entries are created. It should now work on both Solaris and IRIX,
+ 	without stale login information.
+
+Sat Jun 1 1996
+
+	* lib/krb/k_gethostname.c (k_gethostname): Fallback.
+
+	* lib/krb/send_to_kdc.c (send_to_kdc),
+	  kadmin/kadm_ser_wrap.c (kadm_ser_init),
+	  slave/kprop.c (prop_to_slaves),
+	  slave/kpropd.c (main): Use `k_getportbyname'.
+
+Fri May 31 1996
+
+	* Lots of files: more #includes ifdefad and cleaned up.
+
+Thu May 30 1996
+
+	* Lots of files: Replaced bcopy/bzero/bcmp with
+ 	memcpy/memset/memcmp.
+
+
+	* lib/krb/get_default_principal.c: Use getlogin() if it is the BSD
+ 	variant that actually gives some information.
+
+	* lib/krb/create_ticket.c: Write correct address byteorder.
+
+	* lib/kadm/kadm_stream.c,kadm_cli_wrap.c: Don't assume int32_t is
+ 	four bytes.
+
+	* kadmin/kpasswd.c: Allow principal without -n.
+
+	* kadmin/kadmin.c: Use krb_get_default_principal.
+
+	* appl/ftp/ftpd/ftpd.c: Fix bare newline bug.
+
+	* appl/bsd/rlogind.c: Add -i and -p options to start rlogind from
+ 	command line (for debugging).
+
+	* INSTALL: Rewritten.
+
+Wed May 29 1996
+
+	* appl/ftp/ftp/krb4.c: Handle different sizes of returned
+ 	checksum.
+
+
+	* appl/bsd/Makefile.in: Don't install login setuid.
+
+Fri May 24 1996
+
+	* appl/bsd/rsh.c: Don't run away yelling if someone calls you
+ 	`remsh'.
+
+Sun May 19 1996
+
+	* lib/krb/kdc_reply.c: Remove unused function decrypt_tkt. Sanity
+ 	check on decrypted ticket.
+
+Wed May 15 1996
+
+	* server/kerberos.c: Should work with the new libkrb
+
+	* appl/kip: Support more than one tunnel device.
+
+
+	* lib/krb/*.c: All functions that create or decode kerberos
+ 	packets have been rewritten.  Hopefully, everything still
+ 	works. This is to eliminate problems with wierd systems, like
+ 	Crays, that doesn't have any two or four byte integers. Some of
+ 	these changes could be a lot more pretty, and *many* assumptions
+ 	that sizeof(int32) == 4 still exist in the rest of the code,
+ 	though.
+
+	As a side effect, all packets sent are now in network byte order.
+
+Mon May 13 1996
+
+	* configure.in: Shared libraries for Irix
+
+
+	* Several fixes for UNICOS.
+
+	* appl/ftp/ftp/krb4.c: Allow default data protection level through
+ 	a "prot level" in .netrc. This really should be done in a more
+ 	useful manner.
+
+Sun May 12 1996
+
+	* appl/xnlock/xnlock.c: Cleaned up user verification code. Now
+ 	uses new function krb_verify_user.  Also fixed a few problems with
+ 	the password prompt box.
+
+	* lib/krb/verify_user.c: New function krb_verify_user to verify a
+ 	user with kerberos.
+
+
+	* appl/kip: New program for forwarding IP packets over kerberised
+	connections using tunnel devices.
+
+	* appl/kauth/kauth.c, kadmin/ksrvutil.c: Use
+ 	krb_get_default_principal
+
+	* appl/bsd/rlogind.c: Do not change portnumber to host order if
+ 	using kerberos.  This will cause the magic
+ 	`reverse-time-if-port-is-less-than' to fail.
+
+	* lib/des/GNUmakefile: Removed file.  This file causes problem
+	when building in the source directory and when using GNU make
+	which prefers this file to the generated Makefile.
+
+	* appl/bsd/login.c: More careful when handling returned value from
+ 	`getspnam'.
+
+Sat May 11 1996
+
+	* lib/krb/realm_parse.c: New function to expand a non-complete
+ 	realm to its official name, e.g nada -> NADA.KTH.SE.
+
+	* lib/krb/get_default_principal.c: New function to guess the
+ 	default principal to use. Looks at any existing ticket file first,
+ 	then at uid/logname etc.
+
+
+	* kadmin/kadmin.c: Use kname_parse and allow different instances
+ 	and realms.
+
+	* lib/roken/k_getpwnam.c: New function k_getpwnam that should work
+ 	with and without shadow passwords.
+
+	* Lots of files: s/getpwnam/k_&/g.
+
+Tue May 7 1996
+
+	* lib/des/des_locl.h: DES library updated to version 3.23,
+ 	des_locl.h now includes configure.h to get HAVE_TERMIOS etc.
+
+	* lib/des/des.h: On the alpha define DES_LONG to unsigned int.
+	
+
+	* kuser/kinit.c: Handle passwords longer than 16 characters.
+
+	* appl/xnlock/xnlock.c (GetPasswd): Handle longer passwords than
+	16 characters.
+
+Sun May 5 1996
+
+	* Release 0.8.
+
+
+	* appl/ftp/ftpd/kauth.c: Klist command.
+
+
+	* appl/ftp/ftpd: Removed `-g' from calls to ls.
+
+	* appl/ftp/ftp/cmds.c (setpeer): Fix so that opening a second
+	connection to a specified port works.
+
+	* appl/telnet/telnet: Default is binary.
+
+	* appl: Now build under Ultrix.
+
+	* appl/kx: Now even builds on AIX.
+
+Sat May 4 1996
+
+	* lib/des: Now merged in libdes 3.21 on main branch.
+
+
+	* appl/ftp/ftpd/logwtmp.c: Slightly different functionality. Works
+ 	on systems that has more fields in struct utmp such as OSF/1.
+  	Still some questions about Solaris.
+
+	* lib/krb/lsb_addr_comp.c: Now byteorder independent.
+
+
+	* appl/kx: Rewrote kx & kxd to share more code.  They are also now
+ 	able to talk both ways.
+
+	* lib/kdb/krb_dbm.c (kerb_db_rename): Now works properly when
+	using berkeley DB.
+
+Thu Apr 25 1996
+
+	* lib/krb/get_krbrlm.c (krb_get_default_realm): New function for
+ 	SunOS5 compat.
+
+	* When building shared libraries link libkrb with libdes to be
+ 	compatible with SunOS5.
+
+	* Move lib/krb/krb_err.et to lib/kadm since it is only used there,
+ 	no longer need to link libkrb against libcom_err.
+	
+Wed Apr 24 1996
+
+	* lib/krb/lsb_addr_comp.h: Renamed ugly lsb_addr_comp.
+
+	* Some porting to UNICOS.
+
+Tue Apr 23 1996
+
+	* Moved some junk from appl/bsd to libroken.
+	
+	* lib/roken/Makefile.in (LIBNAME): Added header file roken.h for
+ 	library libroken.a.
+
+
+	* Add kerberized ftp.
+
+	* Add libroken.
+
+Mon Apr 22 1996
+
+	* appl/kauth/kauth.c: When commands are given to kauth, a new
+ 	ticket file is used.
+
+Sat Apr 20 1996
+
+	* appl/xnlock/xnlock.c: Fixed a potential overwrite bug. Also
+ 	works with more than one screen, only fancy stuff on screen 0,
+ 	though.
+
+Fri Apr 19 1996
+
+	* appl/bsd/login.c, su.c, rshd.c, rlogind.c: Syslog and abort when
+ 	getpwnam returns uid == 0 but user is not root. This is usually
+ 	the result of an attack on NIS (former YP).
+
+Wed Apr 17 1996
+
+	* kadmin/ksrvutil.c (get_key_from_password): Support for
+ 	generating AFS keys.  From <flag@it.kth.se>
+
+Sun Apr 14 1996
+
+	* appl/kx: New program for forwarding a X connection.
+
+Mon Apr 8 1996
+
+	* appl/bsd/rsh.c (get_shell_port): Default port number for ekshell
+ 	changed from 2106 to 545.
+
+	* appl/bsd/login.c (doremotelogin): Remove terminal speed from the
+ 	value of $TERM in the case of an ancient rlogind being used.
+
+Thu Apr 4 1996
+
+	* lib/kafs/afssys.c (k_afsklog): Try to read from
+	/usr/vice/etc/TheseCells for list of cells we should try to obtain
+	tokens for.
+
+	* appl/kauth/kauth.c (renew): Use cell even when renewing.
+	
+	* appl/kauth/kauth.c, appl/xnlock/xnlock.c: Always call k_afsklog
+ 	with realm == NULL.
+
+
+	* lib/kafs/afssys.c: More thorough guessing of what realm a cell
+ 	belongs to.
+
+Wed Apr 3 1996
+
+	* appl/bsd/login.c: If setuid() failes and not logging in as root,
+ 	exit.
+
+Tue Apr 2 1996
+
+	* server/kerberos.c: Set name, inst, and realm to NULL in
+ 	APPL_REQUEST, error replies tend to look a bit funny otherwise.
+
+Thu Mar 28 1996
+
+	* appl/bsd/iruserok.c (iruserok): Imported iruserok() FreeBSD.
+
+Tue Mar 26 1996
+
+	* lib/des/Makefile.in: Removed enc_read.c enc_writ.c.
+	
+	* appl/bsd/Makefile.in: New file with the old functions from
+ 	libdes.
+
+
+	* appl/bsd/utmp_login.c: Fixed (hopefully) double utmp-entries in
+ 	Solaris. Only put entries in one of utmp/utmpx, since they both
+ 	get updated by putut*ent() anyway.
+
+Mon Mar 25 1996
+
+	* kuser/klist.c (main): Use verbose option (-v) to list key
+ 	version numbers.
+
+
+	* Release 0.7.
+
+Sun Mar 24 1996
+
+	* appl/bsd/rlogin.c (doit): Moved signal junk (as far as possible)
+        to doit().
+
+
+	* configure.in: Check for getmsg with AC_TRY_RUN instead.
+	Otherwise it fails under AIx 3.2.  Now rlogind works on this
+	so-called OS.  Also cache value of berkeley db check.
+
+
+	* lib/kdb/krb_kdb_utils.c: New experimental masterkey generation,
+ 	enabled with --enable-random-mkey. This makes kdb_init et al
+ 	generate random master keys, based on random input from the
+ 	user. This comes in a package with auto-kstash, and possibility to
+ 	enter lost master keys as base64.
+
+	Moved default master key file from /.k to
+ 	/var/kerberos/master-key, override with --with-mkey=file.
+
+
+	* kadmin/kadmin.c (do_init): Handle the `-t' option to kadmin,
+	meaning do not get a new ticket file.  (From CNS).
+
+Fri Mar 22 1996
+
+	* appl/xnlock/xnlock.c: Removed some dead code, and a few unused
+ 	header files.
+
+
+	* kadmin/pw_check.c (kadm_pw_check): If kadm_pw_check()
+ 	fails *pw_msg can't be 0! At the very least use the
+	empty string but a descriptive error-message is preferred.
+
+	* libtelnet: add nonbroken signal() function.
+
+Wed Mar 20 1996
+
+	* appl/kpopper/pop_pass.c (pop_pass): Use kuserok to determine if
+	user is allowed to fetch mail.
+
+	* appl/kpopper/*. Got rid of some ugly codes and some warnings.
+
+	* appl/bsd/Makefile.in: signal.o was not included in OBJECTS,
+	which made strange makes not doing what they should.
+
+	* configure.in, appl/kpopper/popper.h, appl/bsd/pathnames.h: Now
+ 	should work on systems that do not have mail spool files in
+ 	/var/spool/mail.  Looks for MAILDIR or _PATH_MAILDIR, usually from
+ 	<paths.h> or <maillock.h>.  Defaults to /var/spool/mail.
+
+Mon Mar 18 1996
+
+	* appl/bsd/bsd_locl.h: TIOCPKT for those systems missing it.
+
+Fri Mar 15 1996
+
+	* lib/kafs/kafs.h: Use <sys/ioctl.h> instead of <sys/ioccom.h>
+
+	* appl/bsd/rshd.c (doit): Don't set environ, send it as an
+ 	argument to execle instead.
+
+	* lib/kafs/kafs.h: Find definition of _IOW.
+
+	* configure.in: Check for random.
+
+	* appl/bsd/bsd_locl.h: Including <crypt.h> gives too many conflicts.
+
+	* appl/afsutil/pagsh.c: Check for random.
+
+Thu Mar 14 1996
+
+	* appl/bsd/bsd_locl.h, appl/telnet/telnetd/defs.h: Default values
+	of `TIOCPKT_FLUSHWRITE' & c:o.
+
+	* appl/telnet/telnet{,d}/Makefile.in (telnetd): Change order of
+	linking in libraries.
+
+	* configure.in: Check for interesting functions in libsocket and
+	libnsl and not strange soriasis inventions.
+
+Wed Mar 13 1996
+
+	* appl/bsd/bsd_locl.h (fatal): Only use prototype or iruserok if
+	the function does not exist.
+
+Mon Mar 11 1996
+
+	* lib/krb/krb_err_txt.c (krb_get_err_text): Changed name of
+ 	krb_err_msg to krb_get_err_text(int) to be compatible with the CNS
+ 	distribution. This function is used for instance by CVS-1.7.
+
+Sun Mar 10 1996
+
+	* configure.in, appl/Makefile.in: removed rkinit
+
+	* etc/inetd.conf.changes, etc/services.append: Added kauth.
+
+	* appl/kauth: Integrated rkinit into kauth.
+	
+	* appl/kauth/kauth.c (main): Only look for principal name if no -p
+	has been given.
+
+	* lots of files: prototypes and other small fixes.
+	
+	* appl/bsd/sysv_shadow.h: spwd multiple defined.
+
+	* appl/bsd/bsd_locl.h: include <crypt.h>
+
+	* configure.in: Added afsutil and rkinit.
+
+	* */Makefile.in: Do cd $$i && $(MAKE).  Otherwise, if cd fails you
+	end up with an infinite recursion.
+
+	* kuser/klist.c (display_tktfile): Another warning removed.
+
+Tue Mar 5 1996
+
+	* appl/bsd/forkpty.c (forkpty): Kludge for Ultrix, rlogind now
+ 	works properly also under this system.
+
+
+	* appl/afsutil: New aklog and pagsh
+
+
+	* lib/krb/krb_equiv.c (krb_equiv): Fix bugs with '\\'.
+
+	* lib/des/rnd_keys.c: Include <sys/time.h>.
+
+Mon Mar 4 1996
+
+	* appl/kauth/kauth.c (main): Handle name when given after options.
+
+Sun Mar 3 1996
+
+	* appl/rkinit/rkinit.c (getalladdrs): Check for herror.  Solaris
+	apparently does not have any.
+	(main): Use memset instead of bzero.
+
+	* appl/rkinit/rkinitd.c (decrypt_remote_tkt): bcopy -> memcpy.
+
+	* kuser/kinit.c (main): Corrected lifetime.
+
+	* lib/krb/krb_equiv.c (krb_equiv): Now handles longer lines,
+	continuation lines and addresses of the form 193.10.156.0/24.
+
+
+	* kuser/Makefile.in (kdestroy): Link kdestroy with libkafs.
+
+Wed Feb 28 1996
+
+	* Replaced all occurencies of krb_err_txt[] with new function
+ 	krb_err_msg(), that does some sanity checks before indexing
+ 	krb_err_txt.
+
+Mon Feb 26 1996
+
+	* appl/telnet/telnetd: Added flags -z to have telnetd log
+ 	unauthenticated logins, such as when using an old telnet
+ 	client. Unfortunately in most of these cases, the user name is not
+ 	known.
+	
+	There should also be a way to tell the difference between bad
+ 	authentication (such as with expired tickets) and no attempt to
+ 	provide authentication (such as with an old client).
+
+Sun Feb 25 1996
+
+	* kuser/kdestroy.c: Remove afs-tokens as well as tickets, -t flags
+ 	added to prevent this.
+
+Thu Feb 22 1996
+
+	* appl/rkinit/rkinitd.c (doit): Use k_getsockinst to make it work
+	correctly for multi-homed hosts.
+
+	* appl/rkinit: New program with rkinit functionality.
+
+	* lib/krb/k_getport.c: Function for finding port in /etc/services
+	with fallback.
+
+	* lib/krb/netread.c,netwrite.c (krb_net_{read,write}): Now correct
+	prototype with void * and size_t.
+
+Wed Feb 21 1996
+
+	* kadmin/new_pwd.c (get_pw_new_pwd): Moved get_pw_new_pwd to
+	seperate file.  Now called both from kadmin and kpasswd.
+
+	* kadmin/pw_check.c (kadm_pw_check): Handle the case of no
+	password provided.  This is really a policy decision.  The server
+	should be able to say `use a client that sends the password'.
+
+	* appl/bsd/rlogind.c (local_domain): MAXHOSTNAMELEN -> MaxHostNameLen.
+
+Sun Feb 18 1996
+
+	* appl/bsd/rcp.c (answer_auth): Made rcp multihome aware.
+
+	* appl/bsd/rlogind.c (do_krb_login): Made rlogind multihome aware.
+
+	* appl/bsd/rshd.c (doit): Made rshd multihome aware.
+
+	* lib/krb/k_getsockinst.c (k_getsockinst): New function to figure
+        out the instance name of interfaces on multihomed hosts. Use this
+        function when making daemons multihome aware.
+
+	* appl/telnet/libtelnet/kerberos.c (kerberos4_is): Made telnetd
+        multihome aware.
+
+Mon Feb 12 1996
+
+	* Release 0.6.
+
+Sun Feb 11 1996
+
+	* lots of files: hacks to make it all compile.
+
+	* configure.in, appl/telnet/configure.in: More broken AIX.
+
+
+	* appl/bsd/bsd_locl.h: Fix for old syslogs (as in Ultrix).
+
+
+	* appl/telnet/libtelnet/encrypt.c: encrypt_verbose by default.
+
+
+	* appl/telnet/libtelnet/kerberos.c: Show difference between
+ 	MUTUAL and ONE_WAY KERBEROS4.
+
+	* appl/telnet/libtelnet/encrypt.c:
+	Print message about not encrypting when receiving WONT or DONT encrypt.
+
+
+	* configure.in: Automatic check for HAVE_NEW_DB.
+
+
+	* lib/krb/getaddrs.c (k_get_all_addrs): Fixed for systems with
+        SOCKADDR_HAS_SA_LEN, aka 4.4BSD-based.
+
+	* appl/telnet/telnetd/global.c: Removed some multiple defined
+        variables.
+
+	* appl/bsd/rlogind.c (cleanup): ifndef HAVE_VHANGUP.
+
+	* appl/bsd/sysv_shadow.h: Add DAY and DAY_NOW ifndef.
+
+	* configure.in: Check if `struct sockaddr' has `sa_len'.
+
+Sat Feb 10 1996
+
+	* appl/telnet/telnetd/telnetd.c (recv_ayt): pty -> ourpty.
+
+	* appl/bsd/bsd_locl.h: More include-files: <sys/uio.h> and <userpw.h>
+
+	* appl/kpopper/popper.c (catchSIGHUP): Got rid of some warnings.
+
+	* lib/krb/log.c (new_log): Yet another year 2000.
+
+	* appl/bsd/sysv_environ.c (read_etc_environment): Support setting
+	environment variables from /etc/environment.
+
+	* appl/bsd/bsd_locl.h: <usersec.h>
+
+	* configure.in: check for setpcred, libs.a and <usersec.h>.
+
+	* appl/bsd/login.c (main): setpcred is used on AIX.
+
+	* appl/bsd/rshd.c (doit): Added setpcred for AIX.
+
+	* lib/krb/getaddrs.c: <sys/sockio.h> is sometimes needed.
+
+	* admin/kdb_init.c (main): Now verifies master key.
+
+	* lib/kdb/krb_kdb_utils.c (kdb_get_master_key): Added possibility
+	of asking for verfication.
+
+	* appl/bsd/bsd_locl.h: Try to include <sys/stream.h>
+
+	* appl/telnet/telnetd/utility.c (printsub): Mismatch arguments.
+
+	* lib/krb/send_to_kdc.c (send_to_kdc): Send to all A records and
+	accept an answer from anything we have sent to.
+
+	* appl/kauth/kauth.c (renew): Use strange return types for strange
+	OSes.
+	(doexec): Remove tokens.
+
+	* server/kerberos.c (main): Uses k_get_all_addrs and binds to each
+	of these addresses.
+
+	* kadmin/ksrvutil_get.c (ksrvutil_get): Added support for
+	specifying key to create on command line to get.
+
+Wed Feb 7 1996
+
+	* lib/krb/log.c (k_log): Now using YYYY for years.
+
+	* lib/krb/klog.c (klog): Preparing for the year 2000.
+
+	* kuser/kinit.c (main): Added option -p to get changepw-tickets.
+
+	* lib/krb/getaddrs.c: New file to get all the addresses of all the
+	interfaces on this machine.
+
+Tue Feb 6 1996
+
+	* configure.in: Support for S/Key in login.c. Use --with-skeylib
+        switch to configure. The code assumes that the skeylib.a comes
+        from logdaemon.
+
+	* General support for shadow password files if there is an
+        shadow.h.
+
+	* appl/bsd/su.c: Arrange so that it supports shadow passords.
+
+Sun Feb 4 1996
+
+	* appl/telnet/*: Hacks to make it work on strange OSes.
+
+	* appl/bsd/bsd_locl.h: Check for sys/ptyvar.h
+
+	* appl/telnet/configure.in (telnet_msg): sys/str_tty.h, sys/uio.h
+
+	* configure.in: test for crypt.h and sys/ptyvar.h
+
+	* appl/telnet/telnetd/*.c: pty -> ourpty.
+
+
+	* telnetd: Changes to make more systems work better, specifically
+ 	AIX 4. Hopefully this will work on both STREAM and BSD
+ 	systems. Not tested on some systems, like CRAY and Linux.
+
+
+	* util/ss/mk_cmds.c: Generating cleaner code.
+
+	* lib/krb/krb_err_txt.c (krb_err_txt): Clarification.
+
+	* kadmin/admin_server.c: Less varnings.
+
+	* appl/xnlock/xnlock.c: Changed some types and added some casts.
+
+	* appl/movemail/movemail.c: Not using syswait.h anymore.
+
+	* appl/xnlock/xnlock.c: God rid of some warnings.
+
+	* util/ss/*.[ch]: cleanup
+
+	* util/et/*.[ch]: cleanup
+
+	* appl/bsd/rcp.c: Less warnings.
+
+	* kadmin/admin_server.c (kadm_listen): Get rid of another warning.
+
+	* kadmin/pw_check.c (kadm_pw_check): Support for letting cracklib
+	check the quality of the password.
+
+	* kadmin/pw_check.h (kadm_pw_check): New argument to
+	kadm_pw_check: list of useful strings to check for.
+
+	* kadmin/kadm_server.c (kadm_ser_cpw): Send a few `useful' strings
+	to kadm_pw_check (name, instance, and realm).
+
+	* kadmin/Makefile.in (kadmind): Linking with -lcrack.
+
+	* configure.in: Support for --with-cracklib and --with-dictpath.
+
+	* kadmin/ksrvutil_get.c: Now seems to be working.
+
+	* kadmin/ksrvutil.h: Some new parameters.
+
+	* kadmin/ksrvutil.c: Some reorganisation and uses a working
+	ksrvutil_get.
+
+	* appl/movemail/movemail.c: Some more include-files.
+
+	* appl/bsd/rlogind.c: Testing for the existence of vhangup.
+
+Wed Jan 31 1996
+
+	* configure.in: Massaged the configure files so that we can build
+        under NEXTSTEP 3.3. Some kludges to prevent cpp bugs and link
+        errors where also neccessary.
+
+Tue Jan 30 1996
+
+        * appl/xnlock/xnlock.c (main): Improved user feedback on password
+        input.
+
+	* appl/xnlock/xnlock.c: Applied patch made by flag@it.kth.se that
+        enables C-u to erase the password field.
+
+	* lib/krb/lifetime.c: configure now creates a version string which
+        is referenced here. Use what and grep version to figure out where,
+        when and by whom binaries where created.
+
+	* appl/bsd/forkpty.c (ptys_open): Call revoke before pty slave is
+        opened. Add revoke using vhangup for those system lacking revoke.
+        Also call vhangup when rlogind exits.
+
+Mon Jan 29 1996
+
+	* lib/krb/send_to_kdc.c (send_to_kdc): Removed kludge for SunOS
+        3.2 and Ultrix 2.2 that prevented multihomed kerberos servers to
+        operate correctly.
+
+	* kadmin/kadmin.c (change_key): Add new subcommand change_key so
+        that it is possible to enter keys in the DB on binary form. Most
+        usefull for sites running AFS.
+
+Fri Jan 26 1996
+
+	* appl/bsd/su.c (koktologin): New option -i root-instance. If you
+        want a user.afs ticket in a root shell and user.afs is on root's
+        ACL then do a "su -i afs".
+
+	* Makefile.in: Rearrange the order of object files to make shared
+        libraries slightly more efficient.
+
+	* appl/kauth/kauth.c (main): Always up case realm. Better error
+        messages on failed exec.
+
+Mon Jan 22 1996
+
+	* appl/bsd/rshd.c (main): New option -P to prevent rshd from using
+        a new PAG. Expert use only!
+
+	* appl/bsd/rlogind.c (doit): Avoid race when setting tty size.
+
+	* appl/bsd/rlogin.c (reader): Use select rather than horrible
+        signal hacks to handle OOB data.
+
+	* appl/bsd/login.c (main) sysv_environ.c (sysv_newenv): Login does
+        now honor the -p switch when invoked by root. This is used by
+        telnetd to export environment variables.
+
+Fri Jan 5 1996
+
+	* appl/bsd/signal.c (signal): New BSD compatible signal
+        function. Most r* applications assume reliable signals.
+
+
+	* appl/bsd/login.c (main): Check HAVE_ULIMIT.
+
+	* appl/bsd/bsd_locl.h: Include sys/ioctl.h.
+
+	* configure.in: Check for ulimit.
+
+	* admin/kdb_edit.c: Flush stdout after printing prompts.
+
+	* appl/kpopper/pop_xmit.c: Remember to include config.h.
+
+Tue Jan 2 1996
+
+	* appl/bsd/login.c (main): New function stty_default to setup
+        default tty settings.
+
+Fri Dec 29 1995
+
+	* appl/kstring2key/kstring2key.c (main): New program that converts
+        passwords to DES keys, either using des_string_to_key or
+        afs_string_to_key.
+
+	* server/kerberos.c: Kerberos server now listen on 2 ports,
+        kerberos/udp and kerberos-sec/udp.
+
+Wed Dec 27 1995
+
+	* appl/bsd/rcp.c (main): Integrated -x option to rcp. This
+        required some real horrible hacks in lib/des/enc_{read,write}.c
+
+	* acconfig.h: Enabled MULTIHOMED_KADMIN in acconfig.h.
+
+	* Add RCSID stuff to telnet files.
+
+Fri Dec 22 1995
+
+	* appl/bsd/login.c (main): The login program does now by default
+	read /etc/default/login, even on non Psoriasis systems. Unifdef
+	SYSV4, this was essentially only for prompting.
+
+Mon Dec 18 1995
+
+	* appl/kpopper/popper.c (main): Integrate default timeout of 120
+        seconds from Qualcomm popper. Timeout is also set able with -T
+        seconds.
+
+
+	* lib/kadm/kadm_cli_wrap.c (kadm_change_pw_plain): If there's no
+	password, don't even send the empty string.
+
+Thu Dec 7 1995
+
+	* lots of files: all debug messages now printed to stderr (from
+ 	<lama@pdc.kth.se>)
+
+	* lib/krb/tf_util.c (tf_create): New method for creating a new
+ 	ticket file.  Remove the old old and then open with O_CREAT and
+ 	O_EXCL.
+
+	* server/kerberos.c, slave/kpropd.c: Some casts to get rid of warnings.
+
+	* configure.in: Added checks for unistd.h, memmove and const.
+
+	* appl/telnet/telnet/commands.c: Changed types of functions to
+	confirm with struct Command.
+
+	* appl/telnet/configure.in: Check for setpgid.
+
+	* appl/bsd/rlogin.c: Get rid of another warning.
+
+	* appl/bsd/bsd_locl.h, appl/telnet/acconfig.h: New synonym for
+ 	solaris.
+
+Wed Dec 6 1995
+
+	* (movemail): Now from emacs-19.30. If you have a newish emacs
+ 	there is no reason to use this movemail.
+
+	* (kadm): Added support for server side password checks. Hopefully
+ 	this is compatible with kerberos 4.10. Old kpasswd:s will give
+ 	funny error messages. For examples of checks, see
+ 	kadmin/pw_check.c. Since this is mostly political matters,
+ 	kadm_pw_check() should probably return KADM_SUCCESS by default.
+
+Mon Nov 27 1995
+
+	* appl/telnet/telnetd/telnetd.c (main): Kludge to fix encryption
+        problem with Mac NCSA telnet 2.6.
+
+
+	* lib/krb/stime.c: Now using YYYY for years.  (2000 is soon here).
+
+	* appl/bsd/rsh.c, rcp.c, rlogin.c: Fixed fallback for port number
+ 	(added missing ntohs).
+
+Sun Nov 12 1995
+
+	* (many files): More ANSI/ISO 9899-1990 to the people!  
+	Now actually builds (not including util) with DEC "cc -std1" and
+ 	Sun "acc -Xc".  There are still major prototype conflicts, but
+ 	there isn't much to do about this.
+
+Sat Oct 28 1995
+
+	* lib/kadm/kadm_cli_wrap.c: Fallback for kerberos and
+ 	kerberos_master services.
+
+Fri Oct 27 1995
+
+	* Released version 0.5
+
+
+	* lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the
+        same code is used both for posix termios and others.
+
+	* rsh, rlogin: Add environment variable RSTAR_NO_WARN which when
+	set to "yes" make warnings about "rlogin: warning, using standard
+	rlogin: remote host doesn't support Kerberos." go away.
+
+Tue Oct 24 1995
+
+	* admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update):
+        Optimized so that it can handle large databases, previously a
+        10000 entry DB would take *many* minutes, this can now be done in
+        under a minute.
+
+Sat Oct 21 1995
+
+	* Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64
+        bit machines. Source should now be free of 64 bit assumptions.
+
+	* admin/copykey.c (copy_from_key): New functions for copying to
+        and from keys. Neccessary to solve som problems with longs on 64
+        bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab.
+
+	* lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems
+        with longs on 64 bit machines.
+
+Mon Oct 16 1995
+
+	* appl/bsd/login.c (main): Lots of stuff to support Psoriasis
+        login. Courtesy of gertz@lysator.liu.se.
+
+	* configure.in, all Makefile.in's: Support for Linux shared
+        libraries. Courtesy of svedja@lysator.liu.se.
+
+	* lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno
+	= KRB_PROT_VERSION; from server kode to libkrb where it really
+	belongs.
+
+        * appl/bsd/forkpty.c (forkpty): New function that allocates master
+        and slave ptys in a portable way. Used by rlogind.
+
+	* appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the
+	same utmpx slot got used by sevral sessions. Courtesy of
+	gertz@lysator.liu.se.
+
+Wed Oct 4 1995
+
+	* util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of
+        svedja@lysator.liu.se.
+
+	* Fix the above Makefiles to work around bugs in Solaris and OSF/1
+        make rules that was triggered by VPATH functionality in the yacc
+        and lex rules.
+
+Mon Oct 2 1995
+
+	* appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg):
+	Use stdarg instead of varargs. The code is still broken though,
+	you'll realize	that on a machine with 64 bit pointers and 32 bit 
+	int:s and no vsprintf, let's hope there will be no such beasts ;-).
+
+	* appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems
+	 have (or need) modules ttcompat and pckt so don't flag it as a
+	 fatal error if they don't exist.
+
+Mon Sep 25 1995
+
+	* kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c
+	(kadm_listen): Add kludge for kadmind running on a multihomed
+	server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h
+	if you need this feature.
+
+	* appl/Makefile.in (SUBDIRS): Add applications movemail kpopper
+        and xnlock.
+
+Wed Sep 20 1995
+
+	* appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not
+        implemented yet though.
+
+Wed Sep 13 1995
+
+	* appl/xnlock/Makefile.in: Some stubs for X11 programs in
+        configure.in as well as a kerberized version of xnlock.
+
+	* appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback
+        port numbers if they can not be found using getservbyname.
+
+Tue Sep 12 1995
+
+	* appl/bsd/klogin.c (klogin): Use differnet ticket files for each
+        login so that a malicous user won't be able to destroy our tickets
+        with a failed login attempt.
+
+	* lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if
+	there is no such thing try afs@CELL instead. There is now two
+	arguments to k_afslog(char *cell, char *realm).
+
+Mon Sep 11 1995
+
+	* kadmin/admin_server.c (kadm_listen): If we are multihomed we
+        need to figure out which local address that is used this time
+        since it is used in "direction" comparison.
+
+Wed Sep 6 1995
+
+	* kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default
+        port number.
+
+	* lib/krb/send_to_kdc.c (send_to_kdc): Default port number
+        (KRB_PORT) was not in network byte order.
+
+Tue Sep 5 1995
+
+	* lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct
+        when selecting.
+
+
+Mon Sep 4 1995
+
+	* appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c:
+	Now does fallback if there isn't any entries in /etc/services for
+	klogin/kshell. This also made the code a bit more pretty.
+
+
+	* appl/bsd/login.c: Added support for lots of more struct utmp fields.
+	If there is no ttyslot() use setutent and friends.
+
+	* appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c:
+	Added extern iruserok().
+
+	* appl/bsd/iruserok.c: Initial revision
+
+	* appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis.
+
+	* appl/bsd/Makefile.in: New install
+
+	* appl/bsd/pathnames.h: Fix default path, rsh and rlogin.
+
+	* appl/bsd/rshd.c: Extend default PATH with bindir to find rcp.
+
+
+	* appl/bsd/login.c (login): If there is no ttyslot use setutent
+	and friends. Added support for lots of more struct utmp fields.
+
+	* server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h:
+        Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros.
+
+	* appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than
+        _PATH_DEF.
+
+	* appl/bsd/login.c, su.c (main): Use fallback to bourne shell if
+        running as root.
+
+	* appl/bsd/su.c (main): Update usage message to reflect that '-'
+	option must come after the ordinary options and before login-id.
+
+Sat Sep 2 1995
+
+	* appl/telnet/telnetd/telnetd.c (doit): If remote host name is to
+	long to fit into utmp try to remove domain part if it does match
+	our local domain.
+
+	(main): Add new option -L /bin/login so that it is possible to 
+	specify an alternate login program.
+
+	* appl/telnet/telnet/commands.c (env_init): When exporting
+	variable DISPLAY and if hostname is not the full name, try to get
+	the full name from DNS.
+
+	* appl/telnet/telnet/main.c (main): Option -k realm was broken due
+        to a bogous external declaration.
+
+Fri Sep 1 1995
+
+	* kadmin/kadmin.c (add_new_key): Kadmin now properly sets
+	lifetime, expiration date and attributes in add_new_key command.
+
+Wed Aug 30 1995
+
+	* appl/bsd/su.c (main): Don't handle '-' option with getopt.
+
+	* appl/telnet/telnet/externs.h: Removed protection for multiple
+	inclusions of termio(s).h since it broke definition of termio
+	macro on POSIX systems.
+
+Tue Aug 29 1995
+
+	* lib/krb/lifetime.c (krb_life_to_time): If you want to disable
+	AFS compatible long lifetimes set krb_no_long_lifetimes = 1.
+	
+	Please note that the long lifetimes are 100% compatible up to
+	10h so this should rarely be necessary.
+
+	* lib/krb/krb_equiv.c (krb_equiv): If you don't want to use
+	ipaddress protection of tickets set krb_ignore_ip_address. This
+	makes it possible for an intruder to steal a ticket and then use
+	it from som other machine anywhere on the net.
+
+Mon Aug 28 1995
+
+	* kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one
+        local address. Accept request on all interfaces.
+
+	* admin/kdb_edit.c (change_principal): Don't accept illegal
+        dates. Courtesy of gertz@lysator.liu.se.
+
+Sat Aug 26 1995
+
+	* configure.in: AIX specific libraries needed when using standard
+        libc routine getttyent, IBM should be ashamed!
+
+	* lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t
+        problem.
+
+	* Added strdup for su and rlogin.
+
+	* Fix for old syslog macros in appl/bsd/bsd_locl.
+
+Fri Aug 25 1995
+
+	* lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New
+        ifdef HAVE_NEW_DB for new databases residing in one file only.
+
+	* appl/bsd/rlogin.c (oob): Add workaround for Linux.
+
+Mon Aug 21 1995
+
+	* appl/bsd/getpass.c: New routine that reads up to 127 char
+        passwords. Used in su.c and login.c.
+
+Tue Aug 15 1995
+
+	* appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY
+        should not be used on HP-UX.
+
+Mon Aug 14 1995
+
+	* appl/bsd/rlogin.c (main): Added dummy rlogind that tells user to
+        rather use telnet.
+
+Thu Aug 10 1995
+
+	* lib/krb/ krb.h, decomp_ticket.c, getrealm.c, get_krbhst.c,
+	get_krbrlm.c, get_admhst.c: 
+
+	Use multiple configuration directories for krb.conf and
+	krb.realms, KRB_CONF and KRB_REALM_TRANS macros substituted with
+	KRB_CNF_FILES and KRB_RLM_FILES. Currently /etc and
+	/etc/kerberosIV are searched. Directory specified by envioronment
+	variable KRBCONFDIR is searched first if set. No hardcoded
+	realmname or kerberos server. Instead use domainname for deafult
+	realm and kerberos.domain as kerberos server if they are not
+	listed in krb.conf and/or krb.realms. In the normal case there
+	should be no need for configuration files if administrators add a
+	CNAME pointing to the kerberos server.
+
+	* appl/bsd/Makefile.in and friends: GNU make should no longer be
+        neccessary unless building with VPATH.
+
+Wed Aug 9 1995
+
+	* appl/bsd/klogin.c (klogin): Old ticket file need to be removed
+	before we call krb_get_pw_in_tkt or we might get a Kerberos intkt
+	error because the wrong user owns the file.
+
+Tue Aug 8 1995
+
+	* configure.in : Telnet.beta2 is now official and has been moved
+        to appl/telnet.
+
+	* appl/bsd/su.c (main): Reenable -K flag, won't work if not
+        PASSWD_FALLBACK is enabled. Cosmetics for Password prompt.
+
+Fri Aug 4 1995
+
+	* appl/bsd/su.c (kerberos): Don't allow su from possibly bogous
+        kerberos server. Controlled by #ifdef KLOGIN_PARANOID.
+
+	* lib/kafs/afssys.c (SIGSYS_handler): Need to reinstall handler on
+        SYSV.
+
+Mon Jul 24 1995
+
+	* lib/kafs/afssys.c (k_afsklog): Use default realm on null argument.
+
+	* appl/bsd/rlogin.c, login.c: New programs.
+
+Fri Jul 21 1995
+
+	* appl/bsd/kcmd.c rsh.c rlogin.c: Use POSIX signals.
+
+	* appl/telnet.95.05.31.NE/telnetd/sys_term.c, telnetd.c: Port to
+        IRIX.
+
+Tue Jul 11 1995
+
+	* admin/kdb_init.c (main): Use new random generator.  Dito in
+	admin/kdb_edit.c. Use master key to initialize random sequence.
+
+Mon Jul 10 1995
+
+	* kadmin/kadmin.c (get_password): Fix for random passwords.
+	Dito for admin/kdb_edit.c
+
+	* appl/kauth/kauth.c (main): Updated for krb distribution, now
+        uses new library libkafs.
+
+	* appl/telnet.beta/telnet/main.c (main): New telnet with
+        encryption hacks from ftp.funet.fi:/pub/unix/security/esrasrc-1.0.
+        Encryption does not currently work though.
+
+Tue Jun 20 1995
+
+	* New library to support AFS. Routines:
+
+	  int k_hasafs(void);
+	  int k_afsklog(...);
+	  int k_setpag(void);
+	  int k_unlog(void);
+	  int k_pioctl(char *, int, struct ViceIoctl *, int);
+
+	  Modified it to support more than one single entry point AFS
+	  syscalls (needed by HPUX and OSF/1 when running DFS). Don't rely
+	  on transarc headers or library code.
+
+	  This has not been tested and will most probably need some
+	  serious violence to get working under AIX. (AIX has since been
+	  fixed to. /bg)
+
+Fri Jun 16 1995
+
+	* lib/krb/krb_equiv.c (krb_equiv): Compare IP adresses using
+        krb_equiv() to allow for hosts with more than one address in files
+        rd_priv.c rd_req.c and rd_safe.c.
+
+	* slave/kpropd.c (main): Fix uninitialized variables and rewind
+        file in kprop.c.
+
+Thu Jun 15 1995
+
+	* appl/bsd/rcp.c (allocbuf): Fix various bugs.
+
+	* slave/kpropd.c (main): Responder uses
+        KPROP_SERVICE_NAME.`hostname' and requestor always uses
+        KPROP_SERVICE_NAME.KRB_MASTER, i.e rcmd.kerberos in kprop/kpropd
+        protocol.
+
+Wed Jun 14 1995
+
+	* appl/bsd/rshd.c (doit): Encryption should now work both ways.
+
+Tue Jun 13 1995
+
+	* appl/bsd/pathnames.h: Fixup paths.
+
+	* server/Makefile.in and friends (install): Install daemons in in
+	libexec and administrator programs in sbin.
+
+
+	* Makefile.in: Joda (d91-jda) added install target
+
+Wed Jun 7 1995
+
+	* lib/krb/k_strerror.c: New function k_strerror() to use instead
+        of the non portable sys_errlist[].
diff --git a/crypto/kerberosIV/Makefile.in b/crypto/kerberosIV/Makefile.in
new file mode 100644
index 0000000..b2e9864
--- /dev/null
+++ b/crypto/kerberosIV/Makefile.in
@@ -0,0 +1,73 @@
+# $Id: Makefile.in,v 1.36 1999/03/01 13:04:23 joda Exp $
+
+srcdir		= @srcdir@
+prefix		= @prefix@
+VPATH		= @srcdir@
+
+SHELL		= /bin/sh
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_DATA = @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+TRAVELKIT = appl/kauth/kauth kuser/klist appl/telnet/telnet/telnet \
+	    appl/ftp/ftp/ftp appl/kx/kx appl/kx/rxtelnet
+
+@SET_MAKE@
+
+SUBDIRS		= include lib kuser server slave admin kadmin appl man doc
+
+all:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+check:
+	cd lib && $(MAKE) $(MFLAGS) check
+
+install:
+	$(MKINSTALLDIRS) $(DESTDIR)$(prefix)
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+install-strip:
+	$(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' install
+
+uninstall:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+travelkit:	all
+	$(MKINSTALLDIRS) tmp
+	for i in $(TRAVELKIT); \
+	do $(INSTALL_PROGRAM) $$i tmp; done
+	(cd tmp; tar cf ../travelkit.tar `for i in $(TRAVELKIT); do basename $$i; done`)
+	rm -rf tmp
+
+travelkit-strip:
+	$(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' travelkit
+
+TAGS:
+	find . -name '*.[chyl]' -print | etags -
+
+clean:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+mostlyclean:	clean
+
+distclean:
+	$(MAKE) clean
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+	rm -f Makefile config.status config.cache config.log version.h newversion.h.in version.h.in *~
+
+realclean:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
+
+$(srcdir)/aclocal.m4:
+	cd $(srcdir) && aclocal -I cf
+
+.PHONY: all Wall check install install-strip uninstall travelkit travelkit-strip clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/NEWS b/crypto/kerberosIV/NEWS
new file mode 100644
index 0000000..f839116
--- /dev/null
+++ b/crypto/kerberosIV/NEWS
@@ -0,0 +1,682 @@
+Changes in release 1.0:
+
+* A new configuration option `nat_in_use' in krb.extra to ease use
+  through Network Address Translators.
+
+* Support configuration value of KEYFILE and TKT_ROOT in krb.extra
+
+* Easier building on some platforms
+
+* built-in ls in ftpd.
+
+* Bug fixes.
+
+Changes in release 0.10:
+
+* Some support for Irix 6.5 capabilities
+
+* Improved kadmin interface; you can get more info via kadmin.
+
+* Some improved support for OSF C2.
+
+* General bug-fixes and improvements, including a large number of
+  potential buffer overrun fixes.  A large number of portability
+  improvements.
+
+* Support for multiple local realms.
+
+* Support batch kadmin operation.
+
+* Heimdal support in push.
+
+* Removed `--with-shared' configure option (use `--enable-shared'.)
+
+* Now uses Autoconf 2.13.
+
+Changes in release 0.9.9:
+
+* New configuration file /etc/krb.extra
+
+* New program `push' for popping mail.
+
+* Add (still little tested) support for maildir spool files in popper.
+
+* Added `delete' to ksrvutil.
+
+* Support the strange X11 sockets used on HP-UX and some versions of
+  Solaris.
+
+* Arla compatibility in libkafs.
+
+* More compatibility with the Solaris version of libkrb.
+
+* New configure option `--with-mips-abi'
+
+* Support `/etc/securetty' in login.
+
+* Bug fixes and improvements to the Win32 telnet.
+
+* Add support for installing with DESTDIR
+
+* SIA module with added support for password changing, and
+  reauthentication.
+
+* Add better support for MIT `compile_et' and `mk_cmds', this should
+  make it easier to build things like `zephyr'.
+
+* Bug fixes:
+  - Krb: fixed dangling references to flock in libkrb
+  - FTP: fixed `logwtmp' name conflict
+  - Telnet: fix a few literal IP-number bugs
+  - Telnet: hopefully fixed stair-stepping bug
+  - Kafs: don't store expired tokens in the kernel
+  - Kafs: fix broken installation of afslib.so in AIX
+
+Changes in release 0.9.8:
+
+* several bug fixes; some which deserve mentioning:
+  - fix non-working `kauth -h'
+  - the sia-module should work again
+  - don't leave tickets in popper
+
+Changes in release 0.9.7:
+
+* new configure option --disable-otp
+
+* new configure option --with-afsws
+
+* includes rxkad implementation
+
+* ftp client is more careful with suspicious filenames (|, .., /)
+
+* fixed setuid-vulnerability of rcp, rlogin, and rsh.
+
+* removed use of tgetent from telnetd (thereby eliminating buffer-overflow)
+
+* new commands in ftp and ftpd: kdestroy, krbtkfile, and afslog.
+
+* implement HTTP transport in libkrb and KDC.
+
+* win32 terminal program much improved.  also implemented ticket
+  management program.
+
+* introduce `-i' option to kerberos server for listening only on one
+  interface.
+
+* updated otp applications and man pages.
+
+* merged in libdes 4.01
+
+* popper is more resilient to badly formatted mails.
+
+* minor fixes for Cray support.
+
+* fix popen bug i ftpd.
+
+* lots of bug fixes and portability fixes.
+
+* better compatibility with Heimdal.
+
+Minor changes in release 0.9.6:
+
+* utmp(x) works correctly on systems with utmpx.
+
+* A security-related bug in ftpd fixed.
+
+* Compiles on solaris 2.4, 2.6 and on WinNT/95 with cygwin32 beta18.
+
+* New option `-w' to rxtelnet, rxterm.
+
+Major changes in release 0.9.5:
+
+* We made some changes to be compatible with the other kerberised ftp
+  implementations and this means that an old kerberised ftp client will
+  not be able to talk to a new ftp server.  So try to upgrade your ftp
+  clients and servers at the same time.  The reason for this change is
+  described in more detail below.
+
+* The interpretation of /etc/ftpusers has changed slightly, see
+  ftpusers(5). These changes come from NetBSD.
+
+* The function `des_quad_cksum', which is used by `krb_rd_safe', and
+  `krb_mk_safe', has never been compatible with MIT's DES
+  library. This has now been fixed.
+
+  This fix will however break some programs that used those functions,
+  for instance `ftp'. In this version `krb_rd_safe' is modified to
+  accept checksums of both the new and the old format; `krb_mk_safe'
+  will always emit checksums of the new type *unless* `krb_rd_safe'
+  has detected that the client is using the old checksum (this feature
+  may be removed in some future release).
+
+  If you have programs that use `krb_mk_safe' and `krb_rd_safe' you
+  should upgrade all clients before upgrading your servers. Client is
+  here defined as the program that first calls `krb_rd_safe'.
+
+  If you are using some protocol that talks to more than one client or
+  server in one session, the heuristics to detect which kind of
+  checksum to use might fail.
+
+  The problem with `des_quad_cksum' was just a byte-order problem, so
+  there are no security problems with using the old versions. Thanks
+  to Derrick J Brashear <shadow@DEMENTIA.ORG> for pointing in the
+  right general direction.
+
+* Rewrote kx to work always open TCP connections in the same
+  direction.  This was needed to make it work through NATs and is
+  generally a cleaner way of doing it.  Also added `tenletxr'.
+  Unfortunately the new protocol is not compatible with the old one.
+  The new kx and kxd programs try to figure out if they are talking to
+  old versions.
+
+* Quite a bit of new functionality in otp.  Changed default hash
+  function to `md5'.  Fixed implementation of SHA and added downcasing
+  of seed to conform with `draft-ietf-otp-01.txt'.  All verification
+  examples in the draft now work.
+
+* Fixed buffer overflows.
+
+* Add history/line editing in kadmin and ftp.
+
+* utmp/utmpx and wtmp/wtmpx might work better on strange machines.
+
+* Bug fixes for `rsh -n' and `rcp -x'.
+
+* reget now works in ftp and ftpd.  Passive mode works.  Other minor
+  bug fixes as well.
+
+* New option `-g umask' to ftpd for specifying the umask for anonymous users.
+
+* Fix for `-l' option in rxtelnet and rxterm.
+
+* XOVER support in popper.
+
+* Better support for building shared libraries.
+
+* Better support for talking to the KDC over TCP.  This could make it
+  easier to use brain-damaged firewalls.
+
+* Support FreeBSD-style MD5 /etc/passwd.
+
+* New option `-createuser' to afslog.
+
+* Upgraded to work with socks5-v1.0r1.
+
+* Almost compiles and works on OS/2 with EMX, and Win95/NT with gnu-win32.
+
+* Merged in win32-telnet, see README-WIN32 for more details.
+
+* Possibly fixed telnet bug on HP-UX 10.
+
+* Updated man-pages.
+
+* Support for NetBSD/OpenBSD manual page circus.
+
+* Bug fixes.
+
+Major changes in release 0.9.3:
+
+* kx has been rewritten and is now a lot easier to use.  Two new
+  scripts: rxtelnet and rxterm.  It also works on machines such as
+  Cray where the X-libraries cannot talk unix sockets.
+	
+* experimental OTP (RFC1938).  Included in login, ftpd, and popper.
+
+* authentication modules: PAM for linux, SIA for OSF/1, and
+  afskauthlib for Irix.
+
+* popper now has the UIDL command.
+
+* ftpd can now tar and compress files and directories on the fly, also
+  added a find site command.
+
+* updated documentation and man pages.
+
+* Change kuserok so that it acts as if luser@LOCALREALM is always an
+  entry of .klogin, even when it's not possible to verify that there
+  is no such file or the file is unreadable.
+
+* Support for SRV-records.
+
+* Socks v5 support.
+
+* rcp is AFS-aware.
+
+* allow for other transport mechanisms than udp (useful for firewall
+  tormented souls); as a side effect the format of krb.conf had to
+  become more flexible
+
+* sample programs included.
+
+* work arounds for Linux networking bugs in rlogind and rlogin.
+
+* more portable
+
+* quite a number of improvments/bugfixes
+
+* New platforms: HP-UX 10, Irix 6.2
+
+Major changes in release 0.9.2a:
+
+* fix annoying bug with kauth (et al) returning incorrect error
+
+Major changes in release 0.9.2:
+
+* service `kerberos-iv' and port 750 has been registered with IANA.
+
+* Bugfixes.
+
+  - Compiles with gcc on AIX.
+
+  - Compiles with really old resolvers.
+
+  - ftp works with afs string-to-key.
+
+  - shared libraries should work on Linux/ELF.
+
+  - some potential buffer overruns.
+
+  - general code clean-up.
+
+* Better Cray/UNICOS support.
+
+* New platforms: AIX 4.2, IRIX 6.1, and Linux 2.0
+
+Major changes in release 0.9.1:
+
+* Mostly bugfixes.
+
+  - No hardcoded references to /usr/athena
+
+  - Better Linux support with rlogin
+
+  - Fix for broken handling of NULL password in kadmind (such as with
+    `ksrvutil change')
+
+  - AFS-aware programs should work on AIX systems without AFS
+
+* New platforms: Digital UNIX 4.0 and Fujitsu UXP/V
+
+* New mechanism to determine realm from hostname based on DNS. To find
+  the realm of a.b.c.d it tries to find krb4-realm.a.b.c.d and then
+  krb4-realm.b.c.d and so on. The entry in DNS should be a TXT record
+  with the realm name.
+
+  krb4-realm.pdc.kth.se.  7200    TXT     "NADA.KTH.SE"
+
+Major changes in release 0.9:
+
+* Tested platforms:
+
+Dec Alpha	OSF/1 3.2	with cc -std1
+HP 9000/735	HP/UX 9.05	with gcc
+DEC Pmax	Ultrix 4.4	with gcc (cc does not work)
+IBM RS/6000	AIX 4.1		with xlc (gcc works, cc does not)
+SGI		IRIX 5.3	with cc
+Sun		SunOS 4.1.4	with gcc (cc is not ANSI and does not work)
+Sun		SunOS 5.5	with gcc
+Intel i386	NetBSD 1.2	with gcc
+Intel i386	Linux 1.3.95	with gcc
+Cray J90	Unicos 9	with cc
+
+* Mostly ported to Crays running Unicos 9.
+
+* S/Key-support in ftpd.
+
+* Delete operation supported in kerberos database.
+
+* Cleaner and more portable code.
+
+* Even less bugs than before.
+
+* kpopper now supports the old pop3 protocol and has been renamed to popper.
+
+* rsh can be renamed remsh.
+
+* Experimental program for forwarding IP over a kerberos tunnel.
+
+* Updated to libdes 3.23.
+
+Major changes in release 0.8:
+
+* New programs: ftp & ftpd.
+
+* New programs: kx & kxd.  These programs forward X connections over
+  kerberos-encrypted connections.
+
+* Incorporated version 3.21 of libdes.
+
+* login: No double utmp-entries on Solaris.
+
+* kafs
+
+  * Better guessing of what realm a cell belongs to.
+
+  * Support for authenticating to several cells.  Reads
+    /usr/vice/etc/TheseCells, if present.
+
+* ksrvutil: Support for generating AFS keys.
+
+* login, su, rshd, rlogind: tries to counter possible NIS-attack.
+
+* xnlock: several bug fixes and support for more than one screen.
+
+* Default port number for ekshell changed from 2106 to 545.  kauth
+  port changed from 4711 to 2120.
+
+* Rumored to work on Fujitsu UXP/V and Cray UNICOS.
+
+Major changes in release 0.7:
+
+* New experimental masterkey generation.   Enable with
+  --enable-random-mkey. Also the default place for the master key has
+  moved from /.k to /var/kerberos/master-key. This is customizable
+  with --with-mkey=file. If you don't want you master key to be on the
+  same backup medium as your database, remember to use this flag. All
+  relevant programs still checks for /.k.
+
+* `-t' option to kadmin.
+
+* Kpopper uses kuserok to verify if user is allowed to pop mail.
+
+* Kpopper tries to locate the mail spool directory: /var/mail or
+  /var/spool/mail.
+
+* kauth has ability to get ticket on a remove host with the `-h' option.
+
+* afslog (aklog clone) and pagsh included.
+
+* New format for /etc/krb.equiv.
+
+* Better multi-homed hosts support in kauth, rcp, rlogin, rlogind,
+  rshd, telnet, telnetd.
+
+* rlogind works on ultrix and aix 3.2.
+
+* lots of bug fixes.
+
+Major changes in release 0.6:
+
+* Tested platforms:
+
+DEC/Alpha	OSF3.2
+HP700		HPux 9.x
+Dec/Pmax	Ultrix 4.4	(rlogind not working)
+IBM RS/6000	AIX 3.2		(rlogind not working)
+IBM RS/6000	AIX 4.1
+SGI		Irix 5.3
+Sun		Sunos 4.1.x
+Sun		Sunos 5.4
+386		BSD/OS 2.0.1
+386		NetBSD 1.1
+386		Linux 1.2.13
+
+It is rumored to work to some extent on NextStep 3.3.
+
+* ksrvutil get to create new keys and put them in the database at the
+same time.
+
+* Support for S/Key in login.
+
+* kstring2key: new program to show string to key conversion.
+
+* Kerberos server should now listen on all available network
+interfaces and on both port 88 and 750.
+
+* Timeout in kpopper.
+
+* Support password quality checks in kadmind.  Use --with-crack-lib to
+link kadmind with cracklib.  The patches in cracklib.patch are needed.
+
+* Movemail from emacs 19.30.
+
+* Logging format uses four digits for years.
+
+* Fallback if port numbers are not listed in /etc/services.
+
+
+	* Relesed version 0.5
+
+	* lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the
+        same code is used both for posix termios and others.
+
+	* rsh, rlogin: Add environment variable RSTAR_NO_WARN which when
+	set to "yes" make warnings about "rlogin: warning, using standard
+	rlogin: remote host doesn't support Kerberos." go away.
+
+	* admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update):
+        Optimized so that it can handle large databases, previously a
+        10000 entry DB would take *many* minutes, this can now be done in
+        under a minute.
+
+	* Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64
+        bit machines. Source should now be free of 64 bit assumptions.
+
+	* admin/copykey.c (copy_from_key): New functions for copying to
+        and from keys. Neccessary to solve som problems with longs on 64
+        bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab.
+
+	* lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems
+        with longs on 64 bit machines.
+
+	* appl/bsd/login.c (main): Lots of stuff to support Psoriasis
+        login. Courtesy of gertz@lysator.liu.se.
+
+	* configure.in, all Makefile.in's: Support for Linux shared
+        libraries. Courtesy of svedja@lysator.liu.se.
+
+	* lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno
+	= KRB_PROT_VERSION; from server kode to libkrb where it really
+	belongs.
+
+        * appl/bsd/forkpty.c (forkpty): New function that allocates master
+        and slave ptys in a portable way. Used by rlogind.
+
+	* appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the
+	same utmpx slot got used by sevral sessions. Courtesy of
+	gertz@lysator.liu.se.
+
+	* util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of
+        svedja@lysator.liu.se.
+
+	* Fix the above Makefiles to work around bugs in Solaris and OSF/1
+        make rules that was triggered by VPATH functionality in the yacc
+        and lex rules.
+
+	* appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg):
+	Use stdarg instead of varargs. The code is still broken though,
+	you'll realize	that on a machine with 64 bit pointers and 32 bit 
+	int:s and no vsprintf, let's hope there will be no such beasts ;-).
+
+	* appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems
+	 have (or need) modules ttcompat and pckt so don't flag it as a
+	 fatal error if they don't exist.
+
+	* kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c
+	(kadm_listen): Add kludge for kadmind running on a multihomed
+	server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h
+	if you need this feature.
+
+	* appl/Makefile.in (SUBDIRS): Add applications movemail kpopper
+        and xnlock.
+
+	* appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not
+        implemented yet though.
+
+	* appl/xnlock/Makefile.in: Some stubs for X11 programs in
+        configure.in as well as a kerberized version of xnlock.
+
+	* appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback
+        port numbers if they can not be found using getservbyname.
+
+	* appl/bsd/klogin.c (klogin): Use differnet ticket files for each
+        login so that a malicous user won't be able to destroy our tickets
+        with a failed login attempt.
+
+	* lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if
+	there is no such thing try afs@CELL instead. There is now two
+	arguments to k_afslog(char *cell, char *realm).
+
+	* kadmin/admin_server.c (kadm_listen): If we are multihomed we
+        need to figure out which local address that is used this time
+        since it is used in "direction" comparison.
+
+	* kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default
+        port number.
+
+	* lib/krb/send_to_kdc.c (send_to_kdc): Default port number
+        (KRB_PORT) was not in network byte order.
+
+	* lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct
+        when selecting.
+
+	* appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c:
+	Now does fallback if there isn't any entries in /etc/services for
+	klogin/kshell. This also made the code a bit more pretty.
+
+	* appl/bsd/login.c: Added support for lots of more struct utmp fields.
+	If there is no ttyslot() use setutent and friends.
+
+	* appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c:
+	Added extern iruserok().
+
+	* appl/bsd/iruserok.c: Initial revision
+
+	* appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis.
+
+	* appl/bsd/Makefile.in: New install
+
+	* appl/bsd/pathnames.h: Fix default path, rsh and rlogin.
+
+	* appl/bsd/rshd.c: Extend default PATH with bindir to find rcp.
+
+	* appl/bsd/login.c (login): If there is no ttyslot use setutent
+	and friends. Added support for lots of more struct utmp fields.
+
+	* server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h:
+        Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros.
+
+	* appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than
+        _PATH_DEF.
+
+	* appl/bsd/login.c, su.c (main): Use fallback to bourne shell if
+        running as root.
+
+	* appl/bsd/su.c (main): Update usage message to reflect that '-'
+	option must come after the ordinary options and before login-id.
+
+	* appl/telnet/telnetd/telnetd.c (doit): If remote host name is to
+	long to fit into utmp try to remove domain part if it does match
+	our local domain.
+
+	(main): Add new option -L /bin/login so that it is possible to 
+	specify an alternate login program.
+
+	* appl/telnet/telnet/commands.c (env_init): When exporting
+	variable DISPLAY and if hostname is not the full name, try to get
+	the full name from DNS.
+
+	* appl/telnet/telnet/main.c (main): Option -k realm was broken due
+        to a bogous external declaration.
+
+	* kadmin/kadmin.c (add_new_key): Kadmin now properly sets
+	lifetime, expiration date and attributes in add_new_key command.
+
+	* appl/bsd/su.c (main): Don't handle '-' option with getopt.
+
+	* appl/telnet/telnet/externs.h: Removed protection for multiple
+	inclusions of termio(s).h since it broke definition of termio
+	macro on POSIX systems.
+
+	* lib/krb/lifetime.c (krb_life_to_time): If you want to disable
+	AFS compatible long lifetimes set krb_no_long_lifetimes = 1.
+	
+	Please note that the long lifetimes are 100% compatible up to
+	10h so this should rarely be necessary.
+
+	* lib/krb/krb_equiv.c (krb_equiv): If you don't want to use
+	ipaddress protection of tickets set krb_ignore_ip_address. This
+	makes it possible for an intruder to steal a ticket and then use
+	it from som other machine anywhere on the net.
+
+	* kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one
+        local address. Accept request on all interfaces.
+
+	* admin/kdb_edit.c (change_principal): Don't accept illegal
+        dates. Courtesy of gertz@lysator.liu.se.
+
+	* configure.in: AIX specific libraries needed when using standard
+        libc routine getttyent, IBM should be ashamed!
+
+	* lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t
+        problem.
+
+	* Added strdup for su and rlogin.
+
+	* Fix for old syslog macros in appl/bsd/bsd_locl.
+
+	* lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New
+        ifdef HAVE_NEW_DB for new databases residing in one file only.
+
+	* appl/bsd/rlogin.c (oob): Add workaround for Linux.
+
+	* appl/bsd/getpass.c: New routine that reads up to 127 char
+        passwords. Used in su.c and login.c.
+
+	* appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY
+        should not be used on HP-UX.
+
+==========================*** Released 0.2? ***=============================
+
+ksrvutil
+  If there is a dot in the about to be added principals name there is
+  no need to ask for instance name.
+
+kerberos & kadmind
+  Logfiles are created with small permissions (600).
+
+krb.conf and krb.realms
+ Use domain part as realm name if there is no match in krb.realms.
+ Use kerberos.REALMNAME if there is no match in krb.realms.
+
+rlogin
+  The rlogin client is supported both with and without encryption,
+  there is no rlogind yet though.
+
+login
+  There is login program that supports the -f option. Both kerberos
+  and /etc/passwd authentication is enabled.
+
+  Vendors login programs typically have no -f option (needed by
+  telnetd) and also does not know how to verify passwords againts
+  kerberos.
+
+appl/bsd/*
+  Now uses POSIX signals.
+
+kdb_edit, kadmin
+  Generate random passwords if administrator enters empty password.
+
+lib/kafs
+  New library to support AFS. Routines:
+  int k_hasafs(void);
+  int k_afsklog(...); or some other name
+  int k_setpag(void);
+  int k_unlog(void);
+  int k_pioctl(char *, int, struct ViceIoctl *, int);
+
+  Library supports more than one single entry point AFS syscalls
+  (needed be HP/UX and OSF/1 when running DFS). Doesn't rely on
+  transarc headers or library code. Same binaries can be used both on
+  machines running AFS and others.
+
+  This library is used in telnetd, login and the r* programs.
+
+telnet & telnetd
+  Based on telnet.95.05.31.NE but with the encryption hacks from
+  ftp.funet.fi:/pub/unix/security/esrasrc-1.0 added.  This encryption
+  stuff needed some more modifications (done by joda@nada.kth.se)
+  before it was usable. Telnet has also been modified to use GNU
+  autoconf.
+
+Numerous other changes that are long since forgotten.
diff --git a/crypto/kerberosIV/PROBLEMS b/crypto/kerberosIV/PROBLEMS
new file mode 100644
index 0000000..b72c521
--- /dev/null
+++ b/crypto/kerberosIV/PROBLEMS
@@ -0,0 +1,147 @@
+
+Problems compiling Kerberos
+===========================
+
+Many compilers require a switch to become ANSI compliant. Since krb4 is
+written in ANSI C it is necessary to specify the name of the compiler
+to be used and the required switch to make it ANSI compliant. This is
+most easily done when running configure using the `env' command. For
+instance to build under HP-UX using the native compiler do:
+
+     datan$ env CC="cc -Ae" ./configure
+
+In general `gcc' works. The following combinations have also been
+verified to successfully compile the distribution:
+
+`HP-UX'
+     `cc -Ae'
+
+`Digital UNIX'
+     `cc -std1'
+
+`AIX'
+     `xlc'
+
+`Solaris 2.x'
+     `cc' (unbundled one)
+
+`IRIX'
+     `cc'
+
+Linux problems
+--------------
+
+The libc functions gethostby*() under RedHat4.2 can sometimes cause
+core dumps. If you experience these problems make sure that the file
+`/etc/nsswitch.conf' contains a hosts entry no more complex than the
+line
+
+hosts: files dns
+
+Some systems have lost `/usr/include/ndbm.h' which is necessary to
+build krb4 correctly. There is a `ndbm.h.Linux' right next to the
+source distribution.
+
+There has been reports of non-working `libdb' on some Linux
+distributions.  If that happens, use the `--without-berkeley-db' when
+configuring.
+
+SunOS 5 (aka Solaris 2) problems
+--------------------------------
+
+When building shared libraries and using some combinations of GNU gcc/ld
+you better set the environment variable RUN_PATH to /usr/athena/lib
+(your target libdir). If you don't, then you will have to set
+LD_LIBRARY_PATH during runtime and the PAM module will not work.
+
+HP-UX problems
+--------------
+
+The shared library `/usr/lib/libndbm.sl' doesn't exist on all systems.
+To make problems even worse, there is never an archive version for
+static linking either. Therefore, when building "truly portable"
+binaries first install GNU gdbm or Berkeley DB, and make sure that you
+are linking against that library.
+
+Cray problems
+-------------
+
+`rlogind' won't work on Crays until `forkpty()' has been ported, in the
+mean time use `telnetd'.
+
+IRIX problems
+-------------
+
+IRIX has three different ABI:s (Application Binary Interface), there's
+an old 32 bit interface (known as O32, or just 32), a new 32 bit
+interface (N32), and a 64 bit interface (64). O32 and N32 are both 32
+bits, but they have different calling conventions, and alignment
+constraints, and similar. The N32 format is the default format from IRIX
+6.4.
+
+You select ABI at compile time, and you can do this with the
+`--with-mips-abi' configure option. The valid arguments are `o32',
+`n32', and `64', N32 is the default. Libraries for the three different
+ABI:s are normally installed installed in different directories (`lib',
+`lib32', and `lib64'). If you want more than one set of libraries you
+have to reconfigure and recompile for each ABI, but you should probably
+install only N32 binaries.
+
+GCC had had some known problems with the different ABI:s. Old GCC could
+only handle O32, newer GCC can handle N32, and 64, but not O32, but in
+some versions of GCC the structure alignment was broken in N32.
+
+This confusion with different ABI:s can cause some trouble. For
+instance, the `afskauthlib.so' library has to use the same ABI as
+`xdm', and `login'. The easiest way to check what ABI to use is to run
+`file' on `/usr/bin/X11/xdm'.
+
+Another problem that you might encounter if you run AFS is that Transarc
+apparently doesn't support the 64-bit ABI, and because of this you can't
+get tokens with a 64 bit application. If you really need to do this,
+there is a kernel module that provides this functionality at
+<ftp://ftp.pdc.kth.se/home/joda/irix-afs64.tar.gz>.
+
+AIX problems
+------------
+
+`gcc' version 2.7.2.* has a bug which makes it miscompile
+`appl/telnet/telnetd/sys_term.c' (and possibily `appl/bsd/forkpty.c'),
+if used with too much optimization.
+
+Some versions of the `xlc' preprocessor doesn't recognise the
+(undocumented) `-qnolm' option. If this option is passed to the
+preprocessor (like via the configuration file `/etc/ibmcxx.cfg',
+configure will fail.
+
+The solution is to remove this option from the configuration file,
+either globally, or for just the preprocessor:
+
+     $ cp /etc/ibmcxx.cfg /tmp
+     $ed /tmp/ibmcxx.cfg
+     8328
+     /nolm
+             options   = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000,-qnolm
+     s/,-qnolm//p
+             options   = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000
+     w
+     8321
+     q
+     $ env CC=xlc CPP="xlc -E -F/tmp/ibmcxx.cfg" configure
+
+There is a bug in AFS 3.4 version 5.38 for AIX 4.3 that causes the
+kernel to panic in some cases. There is a hack for this in `login', but
+other programs could be affected also. This seems to be fixed in
+version 5.55.
+
+C2 problems
+-----------
+
+The programs that checks passwords works with `passwd', OTP, and
+Kerberos paswords. This is problem if you use C2 security (or use some
+other password database), that normally keeps passwords in some obscure
+place. If you want to use Kerberos with C2 security you will have to
+think about what kind of changes are necessary. See also the discussion
+about Digital's SIA and C2 security, see *Note Digital SIA::.
+
+
diff --git a/crypto/kerberosIV/README b/crypto/kerberosIV/README
new file mode 100644
index 0000000..9c2f4a1
--- /dev/null
+++ b/crypto/kerberosIV/README
@@ -0,0 +1,47 @@
+
+*** PLEASE REPORT BUGS AND PROBLEMS TO kth-krb-bugs@nada.kth.se ***
+
+This is a severly hacked up version of Eric Young's eBones-p9 kerberos
+version. The DES library has been updated with his 3.23 version and
+numerous patches collected over the years have been applied to both
+the kerberos and DES sources, most notably the CMU patches for extended
+lifetimes that AFS uses. There is also support for AFS built into most
+programs. 
+
+The source has been changed to use ANSI C and POSIX to the largest
+possible extent. The code in util/et and appl/bsd have not been
+updated in this way though (they really need it).
+
+Telnet and telnetd are based on the telnet.95.10.23.NE.tar.Z. Kerberos
+authentication is the default and warnings are issued by telnetd if
+the telnet client does not turn on encryption.
+
+The r* programs in appl/bsd have been updated with newer sources from
+NetBSD and FreeBSD. NOTE: use of telnet is prefered to the use of
+rlogin which is a temporary hack and not an Internet standard (and has
+only been documented quite recently).  Telnet uses kerberos
+authentication to prevent the passing of cleartext passwords and is
+thus superior to rlogin.
+
+The distribution has been configured to primarily use kerberos
+authentication with a fallback to /etc/passwd passwords. This should
+make it easy to do a slow migration to kerberos.  OTP support is also
+included in login, popper, and ftpd.
+
+All programs in this distribution follow these conventions:
+
+/usr/athena/bin:	User programs
+/usr/athena/sbin:	Administrator programs
+/usr/athena/libexec:	Daemons
+/etc:			Configuration files
+/var/log:		Logfiles
+/var/kerberos:		Kerberos database and ACL files
+
+A W3-page is at http://www.pdc.kth.se/kth-krb/
+
+You can get some documentation from ftp://ftp.pdc.kth.se/pub/krb/doc.
+
+Please report bugs and problems to kth-krb-bugs@nada.kth.se
+
+There is a mailing list discussing kerberos at krb4@sics.se, send a
+message to majordomo@sics.se to subscribe.
diff --git a/crypto/kerberosIV/README-WIN32 b/crypto/kerberosIV/README-WIN32
new file mode 100644
index 0000000..ba74c46
--- /dev/null
+++ b/crypto/kerberosIV/README-WIN32
@@ -0,0 +1,30 @@
+It should be possible to build several of the libraries and the GUI
+telnet ``voodoo'' on Win95/NT.  In case you don't want to try there
+are binaries available at
+ftp://ftp.pdc.kth.se/pub/krb/binaries/i386-unknown-winnt4.0.
+
+In case you want to build from source and possibly hack some on them
+yourself here's a short guide:
+
+You need to build the libraries (DLLs) first and in this order:
+
+lib/roken
+lib/des
+lib/krb
+lib/kclient
+
+And then the two applications:
+
+appl/krbmanager
+appl/voodoo
+
+In each case there is a Visual-C++ generated makefile with the name
+*.mak in the corresponding directory.  You might be able to load that
+into Microsoft whatever Studio and you might be able to just run nmake
+on them.
+
+Once you have ended up with 4 DLLs and 2 EXEs you only have to place
+them in a directory in your PATH and start voodoo.
+
+In case it doesn't work, you have discovered bugs or added some more
+features the mail address to use is <kth-krb-bugs@nada.kth.se>
diff --git a/crypto/kerberosIV/TODO b/crypto/kerberosIV/TODO
new file mode 100644
index 0000000..83c308e
--- /dev/null
+++ b/crypto/kerberosIV/TODO
@@ -0,0 +1,42 @@
+-*- indented-text -*-
+rlogind, rshd, popper, ftpd (telnetd uses nonce?)
+  Add a replay cache.
+
+rcp
+  figure out how it should really behave with -r
+
+telnet, rlogin, rsh, rcp
+  Some form of support for ticket forwarding, perhaps only for AFS tickets.
+
+telnet, telnetd
+  Add negotiation for keep-alives.
+
+rlogind
+  Fix utmp logging.
+
+documentation
+  Write more info on:
+  * how to use
+
+rshd
+  Read default environment from /etc/default/login and other files.
+  Encryption without secondary port is bugged, it currently does no
+  encryption. But, nobody uses it anyway.
+
+autoconf
+
+libraries
+  generate archive and shared libraries in some portable way.
+
+ftpd
+
+kx
+  Compress and recode X protocol?
+
+kip
+  Other kinds of encapsulations?
+  Tunnel device as loadable kernel module.
+  Speed?
+
+BUGS
+  Where?
diff --git a/crypto/kerberosIV/acconfig.h b/crypto/kerberosIV/acconfig.h
new file mode 100644
index 0000000..771207b
--- /dev/null
+++ b/crypto/kerberosIV/acconfig.h
@@ -0,0 +1,172 @@
+/* $Id: acconfig.h,v 1.105 1999/12/02 13:09:41 joda Exp $ */
+
+@BOTTOM@
+
+#undef HAVE_INT8_T
+#undef HAVE_INT16_T
+#undef HAVE_INT32_T
+#undef HAVE_INT64_T
+#undef HAVE_U_INT8_T
+#undef HAVE_U_INT16_T
+#undef HAVE_U_INT32_T
+#undef HAVE_U_INT64_T
+
+/* This for compat with heimdal (or something) */
+#define KRB_PUT_INT(f, t, l, s) krb_put_int((f), (t), (l), (s))
+
+#define HAVE_KRB_ENABLE_DEBUG 1
+
+#define HAVE_KRB_DISABLE_DEBUG 1
+
+#define HAVE_KRB_GET_OUR_IP_FOR_REALM 1
+
+#define RCSID(msg) \
+static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
+
+/*
+ * Set ORGANIZATION to be the desired organization string printed
+ * by the 'kinit' program.  It may have spaces.
+ */
+#define ORGANIZATION "eBones International"
+
+#if 0
+#undef BINDIR 
+#undef LIBDIR
+#undef LIBEXECDIR
+#undef SBINDIR
+#endif
+
+#if 0
+#define KRB_CNF_FILES	{ "/etc/krb.conf",   "/etc/kerberosIV/krb.conf", 0}
+#define KRB_RLM_FILES	{ "/etc/krb.realms", "/etc/kerberosIV/krb.realms", 0}
+#define KRB_EQUIV	"/etc/krb.equiv"
+
+#define KEYFILE		"/etc/srvtab"
+
+#define KRBDIR		"/var/kerberos"
+#define DBM_FILE	KRBDIR "/principal"
+#define DEFAULT_ACL_DIR	KRBDIR
+
+#define KRBLOG		"/var/log/kerberos.log"	/* master server  */
+#define KRBSLAVELOG	"/var/log/kerberos_slave.log" /* slave server  */
+#define KADM_SYSLOG	"/var/log/admin_server.syslog"
+#define K_LOGFIL	"/var/log/kpropd.log"
+#endif
+
+/* Maximum values on all known systems */
+#define MaxHostNameLen (64+4)
+#define MaxPathLen (1024+4)
+
+/* ftp stuff -------------------------------------------------- */
+
+#define KERBEROS
+
+/* telnet stuff ----------------------------------------------- */
+
+/* define this for OTP support */
+#undef OTP
+
+/* define this if you have kerberos 4 */
+#undef KRB4
+
+/* define this if you want encryption */
+#undef ENCRYPTION
+
+/* define this if you want authentication */
+#undef AUTHENTICATION
+
+#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
+#define AUTHENTICATION 1
+#endif
+
+/* Set this if you want des encryption */
+#undef DES_ENCRYPTION
+
+/* Set this to the default system lead string for telnetd 
+ * can contain %-escapes: %s=sysname, %m=machine, %r=os-release
+ * %v=os-version, %t=tty, %h=hostname, %d=date and time
+ */
+#undef USE_IM
+
+/* define this if you want diagnostics in telnetd */
+#undef DIAGNOSTICS
+
+/* define this if you want support for broken ENV_{VALUE,VAR} systems  */
+#undef ENV_HACK
+
+/*  */
+#undef OLD_ENVIRON
+
+/* Used with login -p */
+#undef LOGIN_ARGS
+
+/* set this to a sensible login */
+#ifndef LOGIN_PATH
+#define LOGIN_PATH BINDIR "/login"
+#endif
+
+
+/* ------------------------------------------------------------ */
+
+#ifdef BROKEN_REALLOC
+#define realloc(X, Y) isoc_realloc((X), (Y))
+#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
+#endif
+
+#ifdef VOID_RETSIGTYPE
+#define SIGRETURN(x) return
+#else
+#define SIGRETURN(x) return (RETSIGTYPE)(x)
+#endif
+
+/* Temporary fixes for krb_{rd,mk}_safe */
+#define DES_QUAD_GUESS 0
+#define DES_QUAD_NEW 1
+#define DES_QUAD_OLD 2
+
+/*
+ * All these are system-specific defines that I would rather not have at all.
+ */
+
+/*
+ * AIX braindamage!
+ */
+#if _AIX
+#define _ALL_SOURCE
+/* XXX this is gross, but kills about a gazillion warnings */
+struct ether_addr;
+struct sockaddr;
+struct sockaddr_dl;
+struct sockaddr_in;
+#endif
+
+#if defined(__sgi) || defined(sgi)
+#if defined(__SYSTYPE_SVR4) || defined(_SYSTYPE_SVR4)
+#define IRIX 5
+#else
+#define IRIX 4
+#endif
+#endif
+
+/* IRIX 4 braindamage */
+#if IRIX == 4 && !defined(__STDC__)
+#define __STDC__ 0
+#endif
+
+/*
+ * Defining this enables lots of useful (and used) extensions on
+ * glibc-based systems such as Linux
+ */
+
+#define _GNU_SOURCE
+
+/* some strange OS/2 stuff.  From <d96-mst@nada.kth.se> */
+
+#ifdef __EMX__
+#define _EMX_TCPIP
+#define MAIL_USE_SYSTEM_LOCK
+#endif
+
+#ifdef ROKEN_RENAME
+#include "roken_rename.h"
+#endif
diff --git a/crypto/kerberosIV/acinclude.m4 b/crypto/kerberosIV/acinclude.m4
new file mode 100644
index 0000000..7e7de6f
--- /dev/null
+++ b/crypto/kerberosIV/acinclude.m4
@@ -0,0 +1,9 @@
+dnl $Id: acinclude.m4,v 1.2 1999/03/01 13:06:21 joda Exp $
+dnl
+dnl Only put things that for some reason can't live in the `cf'
+dnl directory in this file.
+dnl
+
+dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
+dnl
+define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
diff --git a/crypto/kerberosIV/aclocal.m4 b/crypto/kerberosIV/aclocal.m4
new file mode 100644
index 0000000..d2e1e94
--- /dev/null
+++ b/crypto/kerberosIV/aclocal.m4
@@ -0,0 +1,1365 @@
+dnl aclocal.m4 generated automatically by aclocal 1.4
+
+dnl Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl This program is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+dnl PARTICULAR PURPOSE.
+
+dnl $Id: acinclude.m4,v 1.2 1999/03/01 13:06:21 joda Exp $
+dnl
+dnl Only put things that for some reason can't live in the `cf'
+dnl directory in this file.
+dnl
+
+dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
+dnl
+define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
+
+dnl $Id: krb-prog-ln-s.m4,v 1.1 1997/12/14 15:59:01 joda Exp $
+dnl
+dnl
+dnl Better test for ln -s, ln or cp
+dnl
+
+AC_DEFUN(AC_KRB_PROG_LN_S,
+[AC_MSG_CHECKING(for ln -s or something else)
+AC_CACHE_VAL(ac_cv_prog_LN_S,
+[rm -f conftestdata
+if ln -s X conftestdata 2>/dev/null
+then
+  rm -f conftestdata
+  ac_cv_prog_LN_S="ln -s"
+else
+  touch conftestdata1
+  if ln conftestdata1 conftestdata2; then
+    rm -f conftestdata*
+    ac_cv_prog_LN_S=ln
+  else
+    ac_cv_prog_LN_S=cp
+  fi
+fi])dnl
+LN_S="$ac_cv_prog_LN_S"
+AC_MSG_RESULT($ac_cv_prog_LN_S)
+AC_SUBST(LN_S)dnl
+])
+
+
+dnl $Id: krb-prog-yacc.m4,v 1.1 1997/12/14 15:59:02 joda Exp $
+dnl
+dnl
+dnl We prefer byacc or yacc because they do not use `alloca'
+dnl
+
+AC_DEFUN(AC_KRB_PROG_YACC,
+[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y')])
+
+dnl $Id: test-package.m4,v 1.7 1999/04/19 13:33:05 assar Exp $
+dnl
+dnl AC_TEST_PACKAGE_NEW(package,headers,libraries,extra libs,default locations)
+
+AC_DEFUN(AC_TEST_PACKAGE,[AC_TEST_PACKAGE_NEW($1,[#include <$2>],$4,,$5)])
+
+AC_DEFUN(AC_TEST_PACKAGE_NEW,[
+AC_ARG_WITH($1,
+[  --with-$1=dir                use $1 in dir])
+AC_ARG_WITH($1-lib,
+[  --with-$1-lib=dir            use $1 libraries in dir],
+[if test "$withval" = "yes" -o "$withval" = "no"; then
+  AC_MSG_ERROR([No argument for --with-$1-lib])
+elif test "X$with_$1" = "X"; then
+  with_$1=yes
+fi])
+AC_ARG_WITH($1-include,
+[  --with-$1-include=dir        use $1 headers in dir],
+[if test "$withval" = "yes" -o "$withval" = "no"; then
+  AC_MSG_ERROR([No argument for --with-$1-include])
+elif test "X$with_$1" = "X"; then
+  with_$1=yes
+fi])
+
+AC_MSG_CHECKING(for $1)
+
+case "$with_$1" in
+yes)	;;
+no)	;;
+"")	;;
+*)	if test "$with_$1_include" = ""; then
+		with_$1_include="$with_$1/include"
+	fi
+	if test "$with_$1_lib" = ""; then
+		with_$1_lib="$with_$1/lib$abilibdirext"
+	fi
+	;;
+esac
+header_dirs=
+lib_dirs=
+d='$5'
+for i in $d; do
+	header_dirs="$header_dirs $i/include"
+	lib_dirs="$lib_dirs $i/lib$abilibdirext"
+done
+
+case "$with_$1_include" in
+yes) ;;
+no)  ;;
+*)   header_dirs="$with_$1_include $header_dirs";;
+esac
+case "$with_$1_lib" in
+yes) ;;
+no)  ;;
+*)   lib_dirs="$with_$1_lib $lib_dirs";;
+esac
+
+save_CFLAGS="$CFLAGS"
+save_LIBS="$LIBS"
+ires= lres=
+for i in $header_dirs; do
+	CFLAGS="-I$i $save_CFLAGS"
+	AC_TRY_COMPILE([$2],,ires=$i;break)
+done
+for i in $lib_dirs; do
+	LIBS="-L$i $3 $4 $save_LIBS"
+	AC_TRY_LINK([$2],,lres=$i;break)
+done
+CFLAGS="$save_CFLAGS"
+LIBS="$save_LIBS"
+
+if test "$ires" -a "$lres" -a "$with_$1" != "no"; then
+	$1_includedir="$ires"
+	$1_libdir="$lres"
+	INCLUDE_$1="-I$$1_includedir"
+	LIB_$1="-L$$1_libdir $3"
+	AC_DEFINE_UNQUOTED(upcase($1),1,[Define if you have the $1 package.])
+	with_$1=yes
+	AC_MSG_RESULT([headers $ires, libraries $lres])
+else
+	INCLUDE_$1=
+	LIB_$1=
+	with_$1=no
+	AC_MSG_RESULT($with_$1)
+fi
+AC_SUBST(INCLUDE_$1)
+AC_SUBST(LIB_$1)
+])
+
+dnl $Id: osfc2.m4,v 1.2 1999/03/27 17:28:16 joda Exp $
+dnl
+dnl enable OSF C2 stuff
+
+AC_DEFUN(AC_CHECK_OSFC2,[
+AC_ARG_ENABLE(osfc2,
+[  --enable-osfc2          enable some OSF C2 support])
+LIB_security=
+if test "$enable_osfc2" = yes; then
+	AC_DEFINE(HAVE_OSFC2, 1, [Define to enable basic OSF C2 support.])
+	LIB_security=-lsecurity
+fi
+AC_SUBST(LIB_security)
+])
+
+dnl $Id: mips-abi.m4,v 1.4 1998/05/16 20:44:15 joda Exp $
+dnl
+dnl
+dnl Check for MIPS/IRIX ABI flags. Sets $abi and $abilibdirext to some
+dnl value.
+
+AC_DEFUN(AC_MIPS_ABI, [
+AC_ARG_WITH(mips_abi,
+[  --with-mips-abi=abi     ABI to use for IRIX (32, n32, or 64)])
+
+case "$host_os" in
+irix*)
+with_mips_abi="${with_mips_abi:-yes}"
+if test -n "$GCC"; then
+
+# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select
+# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs.
+#
+# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old
+# GCC and revert back to O32. The same goes if O32 is asked for - old
+# GCCs doesn't like the -mabi option, and new GCCs can't output O32.
+#
+# Don't you just love *all* the different SGI ABIs?
+
+case "${with_mips_abi}" in 
+        32|o32) abi='-mabi=32';  abilibdirext=''     ;;
+       n32|yes) abi='-mabi=n32'; abilibdirext='32'  ;;
+        64) abi='-mabi=64';  abilibdirext='64'   ;;
+	no) abi=''; abilibdirext='';;
+         *) AC_ERROR("Invalid ABI specified") ;;
+esac
+if test -n "$abi" ; then
+ac_foo=krb_cv_gcc_`echo $abi | tr =- __`
+dnl
+dnl can't use AC_CACHE_CHECK here, since it doesn't quote CACHE-ID to
+dnl AC_MSG_RESULT
+dnl
+AC_MSG_CHECKING([if $CC supports the $abi option])
+AC_CACHE_VAL($ac_foo, [
+save_CFLAGS="$CFLAGS"
+CFLAGS="$CFLAGS $abi"
+AC_TRY_COMPILE(,int x;, eval $ac_foo=yes, eval $ac_foo=no)
+CFLAGS="$save_CFLAGS"
+])
+ac_res=`eval echo \\\$$ac_foo`
+AC_MSG_RESULT($ac_res)
+if test $ac_res = no; then
+# Try to figure out why that failed...
+case $abi in
+	-mabi=32) 
+	save_CFLAGS="$CFLAGS"
+	CFLAGS="$CFLAGS -mabi=n32"
+	AC_TRY_COMPILE(,int x;, ac_res=yes, ac_res=no)
+	CLAGS="$save_CFLAGS"
+	if test $ac_res = yes; then
+		# New GCC
+		AC_ERROR([$CC does not support the $with_mips_abi ABI])
+	fi
+	# Old GCC
+	abi=''
+	abilibdirext=''
+	;;
+	-mabi=n32|-mabi=64)
+		if test $with_mips_abi = yes; then
+			# Old GCC, default to O32
+			abi=''
+			abilibdirext=''
+		else
+			# Some broken GCC
+			AC_ERROR([$CC does not support the $with_mips_abi ABI])
+		fi
+	;;
+esac
+fi #if test $ac_res = no; then
+fi #if test -n "$abi" ; then
+else
+case "${with_mips_abi}" in
+        32|o32) abi='-32'; abilibdirext=''     ;;
+       n32|yes) abi='-n32'; abilibdirext='32'  ;;
+        64) abi='-64'; abilibdirext='64'   ;;
+	no) abi=''; abilibdirext='';;
+         *) AC_ERROR("Invalid ABI specified") ;;
+esac
+fi #if test -n "$GCC"; then
+;;
+esac
+])
+
+dnl
+dnl $Id: shared-libs.m4,v 1.4 1999/07/13 17:47:09 assar Exp $
+dnl
+dnl Shared library stuff has to be different everywhere
+dnl
+
+AC_DEFUN(AC_SHARED_LIBS, [
+
+dnl Check if we want to use shared libraries
+AC_ARG_ENABLE(shared,
+[  --enable-shared         create shared libraries for Kerberos])
+
+AC_SUBST(CFLAGS)dnl
+AC_SUBST(LDFLAGS)dnl
+
+case ${enable_shared} in
+  yes ) enable_shared=yes;;
+  no  ) enable_shared=no;;
+  *   ) enable_shared=no;;
+esac
+
+# NOTE: Building shared libraries may not work if you do not use gcc!
+#
+# OS		$SHLIBEXT
+# HP-UX		sl
+# Linux		so
+# NetBSD	so
+# FreeBSD	so
+# OSF		so
+# SunOS5	so
+# SunOS4	so.0.5
+# Irix		so
+#
+# LIBEXT is the extension we should build (.a or $SHLIBEXT)
+LINK='$(CC)'
+AC_SUBST(LINK)
+lib_deps=yes
+REAL_PICFLAGS="-fpic"
+LDSHARED='$(CC) $(PICFLAGS) -shared'
+LIBPREFIX=lib
+build_symlink_command=@true
+install_symlink_command=@true
+install_symlink_command2=@true
+REAL_SHLIBEXT=so
+changequote({,})dnl
+SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'`
+SHLIB_SONAME=`echo $VERSION | sed 's/\([0-9]*\).*/\1/'`
+changequote([,])dnl
+case "${host}" in
+*-*-hpux*)
+	REAL_SHLIBEXT=sl
+	REAL_LD_FLAGS='-Wl,+b$(libdir)'
+	if test -z "$GCC"; then
+		LDSHARED="ld -b"
+		REAL_PICFLAGS="+z"
+	fi
+	lib_deps=no
+	;;
+*-*-linux*)
+	LDSHARED='$(CC) -shared -Wl,-soname,$(LIBNAME).so.'"${SHLIB_SONAME}"
+	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	build_symlink_command='$(LN_S) -f [$][@] $(LIBNAME).so'
+	install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
+	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
+	;;
+changequote(,)dnl
+*-*-freebsd[34]*)
+changequote([,])dnl
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	REAL_LD_FLAGS='-Wl,-R$(libdir)'
+	build_symlink_command='$(LN_S) -f [$][@] $(LIBNAME).so'
+	install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
+	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
+	;;
+*-*-*bsd*)
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	LDSHARED='ld -Bshareable'
+	REAL_LD_FLAGS='-Wl,-R$(libdir)'
+	;;
+*-*-osf*)
+	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+	REAL_PICFLAGS=
+	LDSHARED='ld -shared -expect_unresolved \*'
+	;;
+*-*-solaris2*)
+	REAL_LD_FLAGS='-Wl,-R$(libdir)'
+	if test -z "$GCC"; then
+		LDSHARED='$(CC) -G'
+		REAL_PICFLAGS="-Kpic"
+	fi
+	;;
+*-fujitsu-uxpv*)
+	REAL_LD_FLAGS='' # really: LD_RUN_PATH=$(libdir) cc -o ...
+	REAL_LINK='LD_RUN_PATH=$(libdir) $(CC)'
+	LDSHARED='$(CC) -G'
+	REAL_PICFLAGS="-Kpic"
+	lib_deps=no # fails in mysterious ways
+	;;
+*-*-sunos*)
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	REAL_LD_FLAGS='-Wl,-L$(libdir)'
+	lib_deps=no
+	;;
+*-*-irix*)
+        libdir="${libdir}${abilibdirext}"
+        REAL_LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)"
+        LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)"
+	LDSHARED="\$(CC) -shared ${abi}"
+        REAL_PICFLAGS=
+        CFLAGS="${abi} ${CFLAGS}"
+	;;
+*-*-os2*)
+	LIBPREFIX=
+	EXECSUFFIX='.exe'
+	RANLIB=EMXOMF
+	LD_FLAGS=-Zcrtdll
+	REAL_SHLIBEXT=nobuild
+	;;
+*-*-cygwin32*)
+	EXECSUFFIX='.exe'
+	REAL_SHLIBEXT=nobuild
+	;;
+*)	REAL_SHLIBEXT=nobuild
+	REAL_PICFLAGS= 
+	;;
+esac
+
+if test "${enable_shared}" != "yes" ; then 
+ PICFLAGS=""
+ SHLIBEXT="nobuild"
+ LIBEXT="a"
+ build_symlink_command=@true
+ install_symlink_command=@true
+ install_symlink_command2=@true
+else
+ PICFLAGS="$REAL_PICFLAGS"
+ SHLIBEXT="$REAL_SHLIBEXT"
+ LIBEXT="$SHLIBEXT"
+ AC_MSG_CHECKING(whether to use -rpath)
+ case "$libdir" in
+   /lib | /usr/lib | /usr/local/lib)
+     AC_MSG_RESULT(no)
+     REAL_LD_FLAGS=
+     LD_FLAGS=
+     ;;
+   *)
+     LD_FLAGS="$REAL_LD_FLAGS"
+     test "$REAL_LINK" && LINK="$REAL_LINK"
+     AC_MSG_RESULT($LD_FLAGS)
+     ;;
+   esac
+fi
+
+if test "$lib_deps" = yes; then
+	lib_deps_yes=""
+	lib_deps_no="# "
+else
+	lib_deps_yes="# "
+	lib_deps_no=""
+fi
+AC_SUBST(lib_deps_yes)
+AC_SUBST(lib_deps_no)
+
+# use supplied ld-flags, or none if `no'
+if test "$with_ld_flags" = no; then
+	LD_FLAGS=
+elif test -n "$with_ld_flags"; then
+	LD_FLAGS="$with_ld_flags"
+fi
+
+AC_SUBST(REAL_PICFLAGS) dnl
+AC_SUBST(REAL_SHLIBEXT) dnl
+AC_SUBST(REAL_LD_FLAGS) dnl
+
+AC_SUBST(PICFLAGS) dnl
+AC_SUBST(SHLIBEXT) dnl
+AC_SUBST(LDSHARED) dnl
+AC_SUBST(LD_FLAGS) dnl
+AC_SUBST(LIBEXT) dnl
+AC_SUBST(LIBPREFIX) dnl
+AC_SUBST(EXECSUFFIX) dnl
+
+AC_SUBST(build_symlink_command)dnl
+AC_SUBST(install_symlink_command)dnl
+AC_SUBST(install_symlink_command2)dnl
+])
+
+dnl
+dnl $Id: c-attribute.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+
+dnl
+dnl Test for __attribute__
+dnl
+
+AC_DEFUN(AC_C___ATTRIBUTE__, [
+AC_MSG_CHECKING(for __attribute__)
+AC_CACHE_VAL(ac_cv___attribute__, [
+AC_TRY_COMPILE([
+#include <stdlib.h>
+],
+[
+static void foo(void) __attribute__ ((noreturn));
+
+static void
+foo(void)
+{
+  exit(1);
+}
+],
+ac_cv___attribute__=yes,
+ac_cv___attribute__=no)])
+if test "$ac_cv___attribute__" = "yes"; then
+  AC_DEFINE(HAVE___ATTRIBUTE__, 1, [define if your compiler has __attribute__])
+fi
+AC_MSG_RESULT($ac_cv___attribute__)
+])
+
+
+dnl $Id: krb-sys-nextstep.m4,v 1.2 1998/06/03 23:48:40 joda Exp $
+dnl
+dnl
+dnl NEXTSTEP is not posix compliant by default,
+dnl you need a switch -posix to the compiler
+dnl
+
+AC_DEFUN(AC_KRB_SYS_NEXTSTEP, [
+AC_MSG_CHECKING(for NEXTSTEP)
+AC_CACHE_VAL(krb_cv_sys_nextstep,
+AC_EGREP_CPP(yes, 
+[#if defined(NeXT) && !defined(__APPLE__)
+	yes
+#endif 
+], krb_cv_sys_nextstep=yes, krb_cv_sys_nextstep=no) )
+if test "$krb_cv_sys_nextstep" = "yes"; then
+  CFLAGS="$CFLAGS -posix"
+  LIBS="$LIBS -posix"
+fi
+AC_MSG_RESULT($krb_cv_sys_nextstep)
+])
+
+dnl $Id: krb-sys-aix.m4,v 1.1 1997/12/14 15:59:02 joda Exp $
+dnl
+dnl
+dnl AIX have a very different syscall convention
+dnl
+AC_DEFUN(AC_KRB_SYS_AIX, [
+AC_MSG_CHECKING(for AIX)
+AC_CACHE_VAL(krb_cv_sys_aix,
+AC_EGREP_CPP(yes, 
+[#ifdef _AIX
+	yes
+#endif 
+], krb_cv_sys_aix=yes, krb_cv_sys_aix=no) )
+AC_MSG_RESULT($krb_cv_sys_aix)
+])
+
+dnl $Id: find-func-no-libs.m4,v 1.5 1999/10/30 21:08:18 assar Exp $
+dnl
+dnl
+dnl Look for function in any of the specified libraries
+dnl
+
+dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra args)
+AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [
+AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])])
+
+dnl $Id: find-func-no-libs2.m4,v 1.3 1999/10/30 21:09:53 assar Exp $
+dnl
+dnl
+dnl Look for function in any of the specified libraries
+dnl
+
+dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments, extra libs, extra args)
+AC_DEFUN(AC_FIND_FUNC_NO_LIBS2, [
+
+AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(ac_cv_funclib_$1,
+[
+if eval "test \"\$ac_cv_func_$1\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in $2; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS="$6 $ac_lib $5 $ac_save_LIBS"
+		AC_TRY_LINK([$3],[$1($4)],eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break)
+	done
+	eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}"
+	LIBS="$ac_save_LIBS"
+fi
+])
+
+eval "ac_res=\$ac_cv_funclib_$1"
+
+dnl autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs $1"@@@
+@@@libs="$libs $2"@@@
+END
+
+# $1
+eval "ac_tr_func=HAVE_[]upcase($1)"
+eval "ac_tr_lib=HAVE_LIB[]upcase($ac_res | sed -e 's/-l//')"
+eval "LIB_$1=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_$1=yes"
+	eval "LIB_$1="
+	AC_DEFINE_UNQUOTED($ac_tr_func)
+	AC_MSG_RESULT([yes])
+	;;
+	no)
+	eval "ac_cv_func_$1=no"
+	eval "LIB_$1="
+	AC_MSG_RESULT([no])
+	;;
+	*)
+	eval "ac_cv_func_$1=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	AC_DEFINE_UNQUOTED($ac_tr_func)
+	AC_DEFINE_UNQUOTED($ac_tr_lib)
+	AC_MSG_RESULT([yes, in $ac_res])
+	;;
+esac
+AC_SUBST(LIB_$1)
+])
+
+dnl
+dnl $Id: check-netinet-ip-and-tcp.m4,v 1.2 1999/05/14 13:15:40 assar Exp $
+dnl
+
+dnl extra magic check for netinet/{ip.h,tcp.h} because on irix 6.5.3
+dnl you have to include standards.h before including these files
+
+AC_DEFUN(CHECK_NETINET_IP_AND_TCP,
+[
+AC_CHECK_HEADERS(standards.h)
+for i in netinet/ip.h netinet/tcp.h; do
+
+cv=`echo "$i" | sed 'y%./+-%__p_%'`
+
+AC_MSG_CHECKING([for $i])
+AC_CACHE_VAL([ac_cv_header_$cv],
+[AC_TRY_CPP([\
+#ifdef HAVE_STANDARDS_H
+#include <standards.h>
+#endif
+#include <$i>
+],
+eval "ac_cv_header_$cv=yes",
+eval "ac_cv_header_$cv=no")])
+AC_MSG_RESULT(`eval echo \\$ac_cv_header_$cv`)
+changequote(, )dnl
+if test `eval echo \\$ac_cv_header_$cv` = yes; then
+  ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+changequote([, ])dnl
+  AC_DEFINE_UNQUOTED($ac_tr_hdr, 1)
+fi
+done
+dnl autoheader tricks *sigh*
+: << END
+@@@headers="$headers netinet/ip.h netinet/tcp.h"@@@
+END
+
+])
+
+dnl $Id: grok-type.m4,v 1.4 1999/11/29 11:16:48 joda Exp $
+dnl
+AC_DEFUN(AC_GROK_TYPE, [
+AC_CACHE_VAL(ac_cv_type_$1, 
+AC_TRY_COMPILE([
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+],
+$i x;
+,
+eval ac_cv_type_$1=yes,
+eval ac_cv_type_$1=no))])
+
+AC_DEFUN(AC_GROK_TYPES, [
+for i in $1; do
+	AC_MSG_CHECKING(for $i)
+	AC_GROK_TYPE($i)
+	eval ac_res=\$ac_cv_type_$i
+	if test "$ac_res" = yes; then
+		type=HAVE_[]upcase($i)
+		AC_DEFINE_UNQUOTED($type)
+	fi
+	AC_MSG_RESULT($ac_res)
+done
+])
+
+dnl $Id: find-func.m4,v 1.1 1997/12/14 15:58:58 joda Exp $
+dnl
+dnl AC_FIND_FUNC(func, libraries, includes, arguments)
+AC_DEFUN(AC_FIND_FUNC, [
+AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4])
+if test -n "$LIB_$1"; then
+	LIBS="$LIB_$1 $LIBS"
+fi
+])
+
+dnl 
+dnl See if there is any X11 present
+dnl
+dnl $Id: check-x.m4,v 1.2 1999/11/05 04:25:23 assar Exp $
+
+AC_DEFUN(KRB_CHECK_X,[
+AC_PATH_XTRA
+
+# try to figure out if we need any additional ld flags, like -R
+# and yes, the autoconf X test is utterly broken
+if test "$no_x" != yes; then
+	AC_CACHE_CHECK(for special X linker flags,krb_cv_sys_x_libs_rpath,[
+	ac_save_libs="$LIBS"
+	ac_save_cflags="$CFLAGS"
+	CFLAGS="$CFLAGS $X_CFLAGS"
+	krb_cv_sys_x_libs_rpath=""
+	krb_cv_sys_x_libs=""
+	for rflag in "" "-R" "-R " "-rpath "; do
+		if test "$rflag" = ""; then
+			foo="$X_LIBS"
+		else
+			foo=""
+			for flag in $X_LIBS; do
+			case $flag in
+			-L*)
+				foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`"
+				;;
+			*)
+				foo="$foo $flag"
+				;;
+			esac
+			done
+		fi
+		LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS"
+		AC_TRY_RUN([
+		#include <X11/Xlib.h>
+		foo()
+		{
+		XOpenDisplay(NULL);
+		}
+		main()
+		{
+		return 0;
+		}
+		], krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break,:)
+	done
+	LIBS="$ac_save_libs"
+	CFLAGS="$ac_save_cflags"
+	])
+	X_LIBS="$krb_cv_sys_x_libs"
+fi
+])
+
+dnl $Id: check-xau.m4,v 1.3 1999/05/14 01:17:06 assar Exp $
+dnl
+dnl check for Xau{Read,Write}Auth and XauFileName
+dnl
+AC_DEFUN(AC_CHECK_XAU,[
+save_CFLAGS="$CFLAGS"
+CFLAGS="$X_CFLAGS $CFLAGS"
+save_LIBS="$LIBS"
+dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+save_LDFLAGS="$LDFLAGS"
+LDFLAGS="$LDFLAGS $X_LIBS"
+
+
+AC_FIND_FUNC_NO_LIBS(XauWriteAuth, X11 Xau)
+ac_xxx="$LIBS"
+LIBS="$LIB_XauWriteAuth $LIBS"
+AC_FIND_FUNC_NO_LIBS(XauReadAuth, X11 Xau)
+LIBS="$LIB_XauReadAauth $LIBS"
+AC_FIND_FUNC_NO_LIBS(XauFileName, X11 Xau)
+LIBS="$ac_xxx"
+
+case "$ac_cv_funclib_XauWriteAuth" in
+yes)	;;
+no)	;;
+*)	if test "$ac_cv_funclib_XauReadAuth" = yes; then
+		if test "$ac_cv_funclib_XauFileName" = yes; then
+			LIB_XauReadAuth="$LIB_XauWriteAuth"
+		else
+			LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName"
+		fi
+	else
+		if test "$ac_cv_funclib_XauFileName" = yes; then
+			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth"
+		else
+			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName"
+		fi
+	fi
+	;;
+esac
+
+if test "$AUTOMAKE" != ""; then
+	AM_CONDITIONAL(NEED_WRITEAUTH, test "$ac_cv_func_XauWriteAuth" != "yes")
+else
+	AC_SUBST(NEED_WRITEAUTH_TRUE)
+	AC_SUBST(NEED_WRITEAUTH_FALSE)
+	if test "$ac_cv_func_XauWriteAuth" != "yes"; then
+		NEED_WRITEAUTH_TRUE=
+		NEED_WRITEAUTH_FALSE='#'
+	else
+		NEED_WRITEAUTH_TRUE='#'
+		NEED_WRITEAUTH_FALSE=
+	fi
+fi
+CFLAGS=$save_CFLAGS
+LIBS=$save_LIBS
+LDFLAGS=$save_LDFLAGS
+])
+
+# Define a conditional.
+
+AC_DEFUN(AM_CONDITIONAL,
+[AC_SUBST($1_TRUE)
+AC_SUBST($1_FALSE)
+if $2; then
+  $1_TRUE=
+  $1_FALSE='#'
+else
+  $1_TRUE='#'
+  $1_FALSE=
+fi])
+
+dnl $Id: krb-find-db.m4,v 1.5 1999/05/08 02:24:04 assar Exp $
+dnl
+dnl find a suitable database library
+dnl
+dnl AC_FIND_DB(libraries)
+AC_DEFUN(KRB_FIND_DB, [
+
+lib_dbm=no
+lib_db=no
+
+for i in $1; do
+
+	if test "$i"; then
+		m="lib$i"
+		l="-l$i"
+	else
+		m="libc"
+		l=""
+	fi	
+
+	AC_MSG_CHECKING(for dbm_open in $m)
+	AC_CACHE_VAL(ac_cv_krb_dbm_open_$m, [
+
+	save_LIBS="$LIBS"
+	LIBS="$l $LIBS"
+	AC_TRY_RUN([
+#include <unistd.h>
+#include <fcntl.h>
+#if defined(HAVE_NDBM_H)
+#include <ndbm.h>
+#elif defined(HAVE_DBM_H)
+#include <dbm.h>
+#elif defined(HAVE_RPCSVC_DBM_H)
+#include <rpcsvc/dbm.h>
+#elif defined(HAVE_DB_H)
+#define DB_DBM_HSEARCH 1
+#include <db.h>
+#endif
+int main()
+{
+  DBM *d;
+
+  d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
+  if(d == NULL)
+    return 1;
+  dbm_close(d);
+  return 0;
+}], [
+	if test -f conftest.db; then
+		ac_res=db
+	else
+		ac_res=dbm
+	fi], ac_res=no, ac_res=no)
+
+	LIBS="$save_LIBS"
+
+	eval ac_cv_krb_dbm_open_$m=$ac_res])
+	eval ac_res=\$ac_cv_krb_dbm_open_$m
+	AC_MSG_RESULT($ac_res)
+
+	if test "$lib_dbm" = no -a $ac_res = dbm; then
+		lib_dbm="$l"
+	elif test "$lib_db" = no -a $ac_res = db; then
+		lib_db="$l"
+		break
+	fi
+done
+
+AC_MSG_CHECKING(for NDBM library)
+ac_ndbm=no
+if test "$lib_db" != no; then
+	LIB_DBM="$lib_db"
+	ac_ndbm=yes
+	AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files ending in .db).])
+	if test "$LIB_DBM"; then
+		ac_res="yes, $LIB_DBM"
+	else
+		ac_res=yes
+	fi
+elif test "$lib_dbm" != no; then
+	LIB_DBM="$lib_dbm"
+	ac_ndbm=yes
+	if test "$LIB_DBM"; then
+		ac_res="yes, $LIB_DBM"
+	else
+		ac_res=yes
+	fi
+else
+	LIB_DBM=""
+	ac_res=no
+fi
+test "$ac_ndbm" = yes && AC_DEFINE(NDBM, 1, [Define if you have NDBM (and not DBM)])dnl
+AC_SUBST(LIB_DBM)
+DBLIB="$LIB_DBM"
+AC_SUBST(DBLIB)
+AC_MSG_RESULT($ac_res)
+
+])
+
+dnl $Id: broken-snprintf.m4,v 1.3 1999/03/01 09:52:22 joda Exp $
+dnl
+AC_DEFUN(AC_BROKEN_SNPRINTF, [
+AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working,
+ac_cv_func_snprintf_working=yes
+AC_TRY_RUN([
+#include <stdio.h>
+#include <string.h>
+int main()
+{
+changequote(`,')dnl
+	char foo[3];
+changequote([,])dnl
+	snprintf(foo, 2, "12");
+	return strcmp(foo, "1");
+}],:,ac_cv_func_snprintf_working=no,:))
+
+if test "$ac_cv_func_snprintf_working" = yes; then
+	AC_DEFINE_UNQUOTED(HAVE_SNPRINTF, 1, [define if you have a working snprintf])
+fi
+if test "$ac_cv_func_snprintf_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>],snprintf)
+fi
+])
+
+AC_DEFUN(AC_BROKEN_VSNPRINTF,[
+AC_CACHE_CHECK(for working vsnprintf,ac_cv_func_vsnprintf_working,
+ac_cv_func_vsnprintf_working=yes
+AC_TRY_RUN([
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+
+int foo(int num, ...)
+{
+changequote(`,')dnl
+	char bar[3];
+changequote([,])dnl
+	va_list arg;
+	va_start(arg, num);
+	vsnprintf(bar, 2, "%s", arg);
+	va_end(arg);
+	return strcmp(bar, "1");
+}
+
+
+int main()
+{
+	return foo(0, "12");
+}],:,ac_cv_func_vsnprintf_working=no,:))
+
+if test "$ac_cv_func_vsnprintf_working" = yes; then
+	AC_DEFINE_UNQUOTED(HAVE_VSNPRINTF, 1, [define if you have a working vsnprintf])
+fi
+if test "$ac_cv_func_vsnprintf_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>],vsnprintf)
+fi
+])
+
+dnl $Id: need-proto.m4,v 1.2 1999/03/01 09:52:24 joda Exp $
+dnl
+dnl
+dnl Check if we need the prototype for a function
+dnl
+
+dnl AC_NEED_PROTO(includes, function)
+
+AC_DEFUN(AC_NEED_PROTO, [
+if test "$ac_cv_func_$2+set" != set -o "$ac_cv_func_$2" = yes; then
+AC_CACHE_CHECK([if $2 needs a prototype], ac_cv_func_$2_noproto,
+AC_TRY_COMPILE([$1],
+[struct foo { int foo; } xx;
+extern int $2 (struct foo*);
+$2(&xx);
+],
+eval "ac_cv_func_$2_noproto=yes",
+eval "ac_cv_func_$2_noproto=no"))
+define([foo], [NEED_]translit($2, [a-z], [A-Z])[_PROTO])
+if test "$ac_cv_func_$2_noproto" = yes; then
+	AC_DEFINE(foo, 1, [define if the system is missing a prototype for $2()])
+fi
+undefine([foo])
+fi
+])
+
+dnl $Id: broken-glob.m4,v 1.2 1999/03/01 09:52:15 joda Exp $
+dnl
+dnl check for glob(3)
+dnl
+AC_DEFUN(AC_BROKEN_GLOB,[
+AC_CACHE_CHECK(for working glob, ac_cv_func_glob_working,
+ac_cv_func_glob_working=yes
+AC_TRY_LINK([
+#include <stdio.h>
+#include <glob.h>],[
+glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE, NULL, NULL);
+],:,ac_cv_func_glob_working=no,:))
+
+if test "$ac_cv_func_glob_working" = yes; then
+	AC_DEFINE(HAVE_GLOB, 1, [define if you have a glob() that groks 
+	GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, and GLOB_TILDE])
+fi
+if test "$ac_cv_func_glob_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>
+#include <glob.h>],glob)
+fi
+])
+
+dnl
+dnl $Id: capabilities.m4,v 1.2 1999/09/01 11:02:26 joda Exp $
+dnl
+
+dnl
+dnl Test SGI capabilities
+dnl
+
+AC_DEFUN(KRB_CAPABILITIES,[
+
+AC_CHECK_HEADERS(capability.h sys/capability.h)
+
+AC_CHECK_FUNCS(sgi_getcapabilitybyname cap_set_proc)
+])
+
+dnl $Id: check-getpwnam_r-posix.m4,v 1.2 1999/03/23 16:47:31 joda Exp $
+dnl
+dnl check for getpwnam_r, and if it's posix or not
+
+AC_DEFUN(AC_CHECK_GETPWNAM_R_POSIX,[
+AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r)
+if test "$ac_cv_func_getpwnam_r" = yes; then
+	AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix,
+	ac_libs="$LIBS"
+	LIBS="$LIBS $LIB_getpwnam_r"
+	AC_TRY_RUN([
+#include <pwd.h>
+int main()
+{
+	struct passwd pw, *pwd;
+	return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
+}
+],ac_cv_func_getpwnam_r_posix=yes,ac_cv_func_getpwnam_r_posix=no,:)
+LIBS="$ac_libs")
+if test "$ac_cv_func_getpwnam_r_posix" = yes; then
+	AC_DEFINE(POSIX_GETPWNAM_R, 1, [Define if getpwnam_r has POSIX flavour.])
+fi
+fi
+])
+dnl
+dnl $Id: krb-func-getlogin.m4,v 1.1 1999/07/13 17:45:30 assar Exp $
+dnl
+dnl test for POSIX (broken) getlogin
+dnl
+
+
+AC_DEFUN(AC_FUNC_GETLOGIN, [
+AC_CHECK_FUNCS(getlogin setlogin)
+if test "$ac_cv_func_getlogin" = yes; then
+AC_CACHE_CHECK(if getlogin is posix, ac_cv_func_getlogin_posix, [
+if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then
+	ac_cv_func_getlogin_posix=no
+else
+	ac_cv_func_getlogin_posix=yes
+fi
+])
+if test "$ac_cv_func_getlogin_posix" = yes; then
+	AC_DEFINE(POSIX_GETLOGIN, 1, [Define if getlogin has POSIX flavour (and not BSD).])
+fi
+fi
+])
+
+dnl $Id: find-if-not-broken.m4,v 1.2 1998/03/16 22:16:27 joda Exp $
+dnl
+dnl
+dnl Mix between AC_FIND_FUNC and AC_BROKEN
+dnl
+
+AC_DEFUN(AC_FIND_IF_NOT_BROKEN,
+[AC_FIND_FUNC([$1], [$2], [$3], [$4])
+if eval "test \"$ac_cv_func_$1\" != yes"; then
+LIBOBJS[]="$LIBOBJS $1.o"
+fi
+AC_SUBST(LIBOBJS)dnl
+])
+
+dnl $Id: broken.m4,v 1.3 1998/03/16 22:16:19 joda Exp $
+dnl
+dnl
+dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal
+dnl libraries 
+
+AC_DEFUN(AC_BROKEN,
+[for ac_func in $1
+do
+AC_CHECK_FUNC($ac_func, [
+ac_tr_func=HAVE_[]upcase($ac_func)
+AC_DEFINE_UNQUOTED($ac_tr_func)],[LIBOBJS[]="$LIBOBJS ${ac_func}.o"])
+dnl autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs $1"@@@
+END
+done
+AC_SUBST(LIBOBJS)dnl
+])
+
+dnl $Id: krb-func-getcwd-broken.m4,v 1.2 1999/03/01 13:03:32 joda Exp $
+dnl
+dnl
+dnl test for broken getcwd in (SunOS braindamage)
+dnl
+
+AC_DEFUN(AC_KRB_FUNC_GETCWD_BROKEN, [
+if test "$ac_cv_func_getcwd" = yes; then
+AC_MSG_CHECKING(if getcwd is broken)
+AC_CACHE_VAL(ac_cv_func_getcwd_broken, [
+ac_cv_func_getcwd_broken=no
+
+AC_TRY_RUN([
+#include <errno.h>
+char *getcwd(char*, int);
+
+void *popen(char *cmd, char *mode)
+{
+	errno = ENOTTY;
+	return 0;
+}
+
+int main()
+{
+	char *ret;
+	ret = getcwd(0, 1024);
+	if(ret == 0 && errno == ENOTTY)
+		return 0;
+	return 1;
+}
+], ac_cv_func_getcwd_broken=yes,:,:)
+])
+if test "$ac_cv_func_getcwd_broken" = yes; then
+	AC_DEFINE(BROKEN_GETCWD, 1, [Define if getcwd is broken (like in SunOS 4).])dnl
+	LIBOBJS="$LIBOBJS getcwd.o"
+	AC_SUBST(LIBOBJS)dnl
+	AC_MSG_RESULT($ac_cv_func_getcwd_broken)
+else
+	AC_MSG_RESULT([seems ok])
+fi
+fi
+])
+
+dnl $Id: proto-compat.m4,v 1.3 1999/03/01 13:03:48 joda Exp $
+dnl
+dnl
+dnl Check if the prototype of a function is compatible with another one
+dnl
+
+dnl AC_PROTO_COMPAT(includes, function, prototype)
+
+AC_DEFUN(AC_PROTO_COMPAT, [
+AC_CACHE_CHECK([if $2 is compatible with system prototype],
+ac_cv_func_$2_proto_compat,
+AC_TRY_COMPILE([$1],
+[$3;],
+eval "ac_cv_func_$2_proto_compat=yes",
+eval "ac_cv_func_$2_proto_compat=no"))
+define([foo], translit($2, [a-z], [A-Z])[_PROTO_COMPATIBLE])
+if test "$ac_cv_func_$2_proto_compat" = yes; then
+	AC_DEFINE(foo, 1, [define if prototype of $2 is compatible with
+	$3])
+fi
+undefine([foo])
+])
+dnl $Id: check-var.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+dnl AC_CHECK_VAR(includes, variable)
+AC_DEFUN(AC_CHECK_VAR, [
+AC_MSG_CHECKING(for $2)
+AC_CACHE_VAL(ac_cv_var_$2, [
+AC_TRY_LINK([extern int $2;
+int foo() { return $2; }],
+	    [foo()],
+	    ac_cv_var_$2=yes, ac_cv_var_$2=no)
+])
+define([foo], [HAVE_]translit($2, [a-z], [A-Z]))
+
+AC_MSG_RESULT(`eval echo \\$ac_cv_var_$2`)
+if test `eval echo \\$ac_cv_var_$2` = yes; then
+	AC_DEFINE_UNQUOTED(foo, 1, [define if you have $2])
+	AC_CHECK_DECLARATION([$1],[$2])
+fi
+undefine([foo])
+])
+
+dnl $Id: check-declaration.m4,v 1.3 1999/03/01 13:03:08 joda Exp $
+dnl
+dnl
+dnl Check if we need the declaration of a variable
+dnl
+
+dnl AC_HAVE_DECLARATION(includes, variable)
+AC_DEFUN(AC_CHECK_DECLARATION, [
+AC_MSG_CHECKING([if $2 is properly declared])
+AC_CACHE_VAL(ac_cv_var_$2_declaration, [
+AC_TRY_COMPILE([$1
+extern struct { int foo; } $2;],
+[$2.foo = 1;],
+eval "ac_cv_var_$2_declaration=no",
+eval "ac_cv_var_$2_declaration=yes")
+])
+
+define(foo, [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION])
+
+AC_MSG_RESULT($ac_cv_var_$2_declaration)
+if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then
+	AC_DEFINE(foo, 1, [define if your system declares $2])
+fi
+undefine([foo])
+])
+
+dnl $Id: have-struct-field.m4,v 1.6 1999/07/29 01:44:32 assar Exp $
+dnl
+dnl check for fields in a structure
+dnl
+dnl AC_HAVE_STRUCT_FIELD(struct, field, headers)
+
+AC_DEFUN(AC_HAVE_STRUCT_FIELD, [
+define(cache_val, translit(ac_cv_type_$1_$2, [A-Z ], [a-z_]))
+AC_CACHE_CHECK([for $2 in $1], cache_val,[
+AC_TRY_COMPILE([$3],[$1 x; x.$2;],
+cache_val=yes,
+cache_val=no)])
+if test "$cache_val" = yes; then
+	define(foo, translit(HAVE_$1_$2, [a-z ], [A-Z_]))
+	AC_DEFINE(foo, 1, [Define if $1 has field $2.])
+	undefine([foo])
+fi
+undefine([cache_val])
+])
+
+dnl $Id: have-type.m4,v 1.4 1999/07/24 19:23:01 assar Exp $
+dnl
+dnl check for existance of a type
+
+dnl AC_HAVE_TYPE(TYPE,INCLUDES)
+AC_DEFUN(AC_HAVE_TYPE, [
+cv=`echo "$1" | sed 'y%./+- %__p__%'`
+AC_MSG_CHECKING(for $1)
+AC_CACHE_VAL([ac_cv_type_$cv],
+AC_TRY_COMPILE(
+[#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+$2],
+[$1 foo;],
+eval "ac_cv_type_$cv=yes",
+eval "ac_cv_type_$cv=no"))dnl
+AC_MSG_RESULT(`eval echo \\$ac_cv_type_$cv`)
+if test `eval echo \\$ac_cv_type_$cv` = yes; then
+  ac_tr_hdr=HAVE_`echo $1 | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+dnl autoheader tricks *sigh*
+define(foo,translit($1, [ ], [_]))
+: << END
+@@@funcs="$funcs foo"@@@
+END
+undefine([foo])
+  AC_DEFINE_UNQUOTED($ac_tr_hdr, 1)
+fi
+])
+
+dnl $Id: krb-struct-spwd.m4,v 1.3 1999/07/13 21:04:11 assar Exp $
+dnl
+dnl Test for `struct spwd'
+
+AC_DEFUN(AC_KRB_STRUCT_SPWD, [
+AC_MSG_CHECKING(for struct spwd)
+AC_CACHE_VAL(ac_cv_struct_spwd, [
+AC_TRY_COMPILE(
+[#include <pwd.h>
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif],
+[struct spwd foo;],
+ac_cv_struct_spwd=yes,
+ac_cv_struct_spwd=no)
+])
+AC_MSG_RESULT($ac_cv_struct_spwd)
+
+if test "$ac_cv_struct_spwd" = "yes"; then
+  AC_DEFINE(HAVE_STRUCT_SPWD, 1, [define if you have struct spwd])
+fi
+])
+
+dnl $Id: krb-struct-winsize.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+dnl
+dnl Search for struct winsize
+dnl
+
+AC_DEFUN(AC_KRB_STRUCT_WINSIZE, [
+AC_MSG_CHECKING(for struct winsize)
+AC_CACHE_VAL(ac_cv_struct_winsize, [
+ac_cv_struct_winsize=no
+for i in sys/termios.h sys/ioctl.h; do
+AC_EGREP_HEADER(
+changequote(, )dnl
+struct[ 	]*winsize,dnl
+changequote([,])dnl
+$i, ac_cv_struct_winsize=yes; break)dnl
+done
+])
+if test "$ac_cv_struct_winsize" = "yes"; then
+  AC_DEFINE(HAVE_STRUCT_WINSIZE, 1, [define if struct winsize is declared in sys/termios.h])
+fi
+AC_MSG_RESULT($ac_cv_struct_winsize)
+AC_EGREP_HEADER(ws_xpixel, termios.h, 
+	AC_DEFINE(HAVE_WS_XPIXEL, 1, [define if struct winsize has ws_xpixel]))
+AC_EGREP_HEADER(ws_ypixel, termios.h, 
+	AC_DEFINE(HAVE_WS_YPIXEL, 1, [define if struct winsize has ws_ypixel]))
+])
+
+dnl $Id: check-type-extra.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+dnl ac_check_type + extra headers
+
+dnl AC_CHECK_TYPE_EXTRA(TYPE, DEFAULT, HEADERS)
+AC_DEFUN(AC_CHECK_TYPE_EXTRA,
+[AC_REQUIRE([AC_HEADER_STDC])dnl
+AC_MSG_CHECKING(for $1)
+AC_CACHE_VAL(ac_cv_type_$1,
+[AC_EGREP_CPP(dnl
+changequote(<<,>>)dnl
+<<$1[^a-zA-Z_0-9]>>dnl
+changequote([,]), [#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+$3], ac_cv_type_$1=yes, ac_cv_type_$1=no)])dnl
+AC_MSG_RESULT($ac_cv_type_$1)
+if test $ac_cv_type_$1 = no; then
+  AC_DEFINE($1, $2, [Define this to what the type $1 should be.])
+fi
+])
+
+dnl $Id: krb-version.m4,v 1.1 1997/12/14 15:59:03 joda Exp $
+dnl
+dnl
+dnl output a C header-file with some version strings
+dnl
+AC_DEFUN(AC_KRB_VERSION,[
+dnl AC_OUTPUT_COMMANDS([
+cat > include/newversion.h.in <<FOOBAR
+char *${PACKAGE}_long_version = "@(#)\$Version: $PACKAGE-$VERSION by @USER@ on @HOST@ ($host) @DATE@ \$";
+char *${PACKAGE}_version = "$PACKAGE-$VERSION";
+FOOBAR
+
+if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
+	echo "include/version.h is unchanged"
+	rm -f include/newversion.h.in
+else
+ 	echo "creating include/version.h"
+ 	User=${USER-${LOGNAME}}
+ 	Host=`(hostname || uname -n) 2>/dev/null | sed 1q`
+ 	Date=`date`
+	mv -f include/newversion.h.in include/version.h.in
+	sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
+fi
+dnl ],host=$host PACKAGE=$PACKAGE VERSION=$VERSION)
+])
+
diff --git a/crypto/kerberosIV/admin/Makefile.in b/crypto/kerberosIV/admin/Makefile.in
new file mode 100644
index 0000000..31de19d
--- /dev/null
+++ b/crypto/kerberosIV/admin/Makefile.in
@@ -0,0 +1,102 @@
+# $Id: Makefile.in,v 1.32 1999/03/10 19:01:10 joda Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+LIBS = @LIBS@
+LIB_DBM = @LIB_DBM@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+sbindir = @sbindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROGS = ext_srvtab$(EXECSUFFIX) \
+	kdb_destroy$(EXECSUFFIX) \
+	kdb_edit$(EXECSUFFIX) \
+	kdb_init$(EXECSUFFIX) \
+	kdb_util$(EXECSUFFIX) \
+	kstash$(EXECSUFFIX)
+
+SOURCES = ext_srvtab.c kdb_destroy.c kdb_edit.c \
+          kdb_init.c kdb_util.c kstash.c
+
+OBJECTS = ext_srvtab.o kdb_destroy.o kdb_edit.o \
+          kdb_init.o kdb_util.o kstash.o
+
+all: $(PROGS)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(sbindir)
+	for x in $(PROGS); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(sbindir)/`echo $$x|sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(PROGS); do \
+	  rm -f $(DESTDIR)$(sbindir)/`echo $$x|sed '$(transform)'`; \
+	done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+KLIB=-L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes
+LIBROKEN= -L../lib/roken -lroken
+
+ext_srvtab$(EXECSUFFIX): ext_srvtab.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ ext_srvtab.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+kdb_destroy$(EXECSUFFIX): kdb_destroy.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_destroy.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+kdb_edit$(EXECSUFFIX): kdb_edit.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_edit.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+kdb_init$(EXECSUFFIX): kdb_init.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_init.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+kdb_util$(EXECSUFFIX): kdb_util.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_util.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+kstash$(EXECSUFFIX): kstash.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kstash.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+$(OBJECTS): ../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/admin/adm_locl.h b/crypto/kerberosIV/admin/adm_locl.h
new file mode 100644
index 0000000..9a41b4b
--- /dev/null
+++ b/crypto/kerberosIV/admin/adm_locl.h
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: adm_locl.h,v 1.17 1999/12/02 16:58:27 joda Exp $ */
+
+#ifndef __adm_locl_h
+#define __adm_locl_h
+
+#include "config.h"
+#include "protos.h"
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif /* !TIME_WITH_SYS_TIME */
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <signal.h>
+#include <errno.h>
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#include <err.h>
+
+#include <roken.h>
+
+#include <des.h>
+#include <krb.h>
+#include <krb_db.h>
+#include <kdc.h>
+#include <kadm.h>
+
+#endif /*  __adm_locl_h */
diff --git a/crypto/kerberosIV/admin/ext_srvtab.c b/crypto/kerberosIV/admin/ext_srvtab.c
new file mode 100644
index 0000000..5cab583
--- /dev/null
+++ b/crypto/kerberosIV/admin/ext_srvtab.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>. 
+ *
+ * Description 
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: ext_srvtab.c,v 1.18 1999/09/16 20:37:20 assar Exp $");
+
+static des_cblock master_key;
+static des_cblock session_key;
+static des_key_schedule master_key_schedule;
+static char realm[REALM_SZ];
+
+static void
+StampOutSecrets(void)
+{
+    memset(master_key, 0, sizeof master_key);
+    memset(session_key, 0, sizeof session_key);
+    memset(master_key_schedule, 0, sizeof master_key_schedule);
+}
+
+static void
+usage(void)
+{
+    fprintf(stderr, 
+	    "Usage: %s [-n] [-r realm] instance [instance ...]\n",
+	    __progname);
+    StampOutSecrets();
+    exit(1);
+}
+
+static void
+FWrite(void *p, int size, int n, FILE *f)
+{
+    if (fwrite(p, size, n, f) != n) {
+        StampOutSecrets();
+	errx(1, "Error writing output file.  Terminating.\n");
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    FILE *fout;
+    char fname[1024];
+    int fopen_errs = 0;
+    int arg;
+    Principal princs[40];
+    int more; 
+    int prompt = KDB_GET_PROMPT;
+    int n, i;
+    
+    set_progname (argv[0]);
+    memset(realm, 0, sizeof(realm));
+    
+#ifdef HAVE_ATEXIT
+    atexit(StampOutSecrets);
+#endif
+
+    /* Parse commandline arguments */
+    if (argc < 2)
+	usage();
+    else {
+	for (i = 1; i < argc; i++) {
+	    if (strcmp(argv[i], "-n") == 0)
+		prompt = FALSE;
+	    else if (strcmp(argv[i], "-r") == 0) {
+		if (++i >= argc)
+		    usage();
+		else {
+		    strlcpy(realm, argv[i], REALM_SZ);
+		    /* 
+		     * This is to humor the broken way commandline
+		     * argument parsing is done.  Later, this
+		     * program ignores everything that starts with -.
+		     */
+		    argv[i][0] = '-';
+		}
+	    }
+	    else if (argv[i][0] == '-')
+		usage();
+	    else
+		if (!k_isinst(argv[i])) {
+		  warnx("bad instance name: %s", argv[i]);
+		  usage();
+	    }
+	}
+    }
+
+    if (kdb_get_master_key (prompt, &master_key, master_key_schedule) != 0)
+      errx (1, "Couldn't read master key.");
+
+    if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) {
+      exit(1);
+    }
+
+    /* For each arg, search for instances of arg, and produce */
+    /* srvtab file */
+    if (!realm[0])
+      if (krb_get_lrealm(realm, 1) != KSUCCESS) {
+	  StampOutSecrets();
+	  errx (1, "couldn't get local realm");
+      }
+    umask(077);
+
+    for (arg = 1; arg < argc; arg++) {
+	if (argv[arg][0] == '-')
+	    continue;
+	snprintf(fname, sizeof(fname), "%s-new-srvtab", argv[arg]);
+	if ((fout = fopen(fname, "w")) == NULL) {
+	    warn("Couldn't create file '%s'.", fname);
+	    fopen_errs++;
+	    continue;
+	}
+	printf("Generating '%s'....\n", fname);
+	n = kerb_get_principal("*", argv[arg], &princs[0], 40, &more);
+	if (more)
+	    fprintf(stderr, "More than 40 found...\n");
+	for (i = 0; i < n; i++) {
+	    FWrite(princs[i].name, strlen(princs[i].name) + 1, 1, fout);
+	    FWrite(princs[i].instance, strlen(princs[i].instance) + 1,
+		   1, fout);
+	    FWrite(realm, strlen(realm) + 1, 1, fout);
+	    FWrite(&princs[i].key_version,
+		sizeof(princs[i].key_version), 1, fout);
+	    copy_to_key(&princs[i].key_low, &princs[i].key_high, session_key);
+	    kdb_encrypt_key (&session_key, &session_key, 
+			     &master_key, master_key_schedule, DES_DECRYPT);
+	    FWrite(session_key, sizeof session_key, 1, fout);
+	}
+	fclose(fout);
+    }
+    StampOutSecrets();
+    return fopen_errs;		/* 0 errors if successful */
+}
diff --git a/crypto/kerberosIV/admin/kdb_destroy.c b/crypto/kerberosIV/admin/kdb_destroy.c
new file mode 100644
index 0000000..ec4a5d00
--- /dev/null
+++ b/crypto/kerberosIV/admin/kdb_destroy.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Description.
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: kdb_destroy.c,v 1.9 1998/06/09 19:24:13 joda Exp $");
+
+int
+main(int argc, char **argv)
+{
+    char    answer[10];		/* user input */
+#ifdef HAVE_NEW_DB
+    char   *file;               /* database file names */
+#else
+    char   *file1, *file2;	/* database file names */
+#endif
+
+    set_progname (argv[0]);
+
+#ifdef HAVE_NEW_DB
+    asprintf(&file, "%s.db", DBM_FILE);
+    if (file == NULL)
+	err (1, "malloc");
+#else
+    asprintf(&file1, "%s.dir", DBM_FILE);
+    asprintf(&file2, "%s.pag", DBM_FILE);
+    if (file1 == NULL || file2 == NULL)
+	err (1, "malloc");
+#endif
+
+    printf("You are about to destroy the Kerberos database ");
+    printf("on this machine.\n");
+    printf("Are you sure you want to do this (y/n)? ");
+    if (fgets(answer, sizeof(answer), stdin) != NULL
+	&& (answer[0] == 'y' || answer[0] == 'Y')) {
+#ifdef HAVE_NEW_DB
+      if (unlink(file) == 0)
+#else
+	if (unlink(file1) == 0 && unlink(file2) == 0)
+#endif
+	  {
+	    warnx ("Database deleted at %s", DBM_FILE);
+	    return 0;
+	  }
+	else
+	    warn ("Database cannot be deleted at %s", DBM_FILE);
+    } else
+        warnx ("Database not deleted at %s", DBM_FILE);
+    return 1;
+}
diff --git a/crypto/kerberosIV/admin/kdb_edit.c b/crypto/kerberosIV/admin/kdb_edit.c
new file mode 100644
index 0000000..1ba6aaf
--- /dev/null
+++ b/crypto/kerberosIV/admin/kdb_edit.c
@@ -0,0 +1,403 @@
+/*
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * This routine changes the Kerberos encryption keys for principals,
+ * i.e., users or services. 
+ */
+
+/*
+ * exit returns 	 0 ==> success -1 ==> error 
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: kdb_edit.c,v 1.28 1999/09/16 20:37:21 assar Exp $");
+
+#ifdef DEBUG
+extern  kerb_debug;
+#endif
+
+static int     nflag = 0;
+static int     debug;
+
+static des_cblock new_key;
+
+static int     i, j;
+static int     more;
+
+static char    input_name[ANAME_SZ];
+static char    input_instance[INST_SZ];
+
+#define	MAX_PRINCIPAL	10
+static Principal principal_data[MAX_PRINCIPAL];
+
+static Principal old_principal;
+static Principal default_princ;
+
+static des_cblock master_key;
+static des_cblock session_key;
+static des_key_schedule master_key_schedule;
+static char pw_str[255];
+static long master_key_version;
+
+static void
+Usage(void)
+{
+    fprintf(stderr, "Usage: %s [-n]\n", __progname);
+    exit(1);
+}
+
+static char *
+n_gets(char *buf, int size)
+{
+    char *p;
+    char *ret;
+    ret = fgets(buf, size, stdin);
+  
+    if (ret && (p = strchr(buf, '\n')))
+	*p = 0;
+    return ret;
+}
+
+
+static int
+change_principal(void)
+{
+    static char temp[255];
+    int     creating = 0;
+    int     editpw = 0;
+    int     changed = 0;
+    long    temp_long;		/* Don't change to int32_t, used by scanf */
+    struct tm 	edate;
+
+    fprintf(stdout, "\nPrincipal name: ");
+    fflush(stdout);
+    if (!n_gets(input_name, sizeof(input_name)) || *input_name == '\0')
+	return 0;
+    fprintf(stdout, "Instance: ");
+    fflush(stdout);
+    /* instance can be null */
+    n_gets(input_instance, sizeof(input_instance));
+    j = kerb_get_principal(input_name, input_instance, principal_data,
+			   MAX_PRINCIPAL, &more);
+    if (!j) {
+	fprintf(stdout, "\n\07\07<Not found>, Create [y] ? ");
+	fflush(stdout);
+	n_gets(temp, sizeof(temp));		/* Default case should work, it didn't */
+	if (temp[0] != 'y' && temp[0] != 'Y' && temp[0] != '\0')
+	    return -1;
+	/* make a new principal, fill in defaults */
+	j = 1;
+	creating = 1;
+	strlcpy(principal_data[0].name,
+			input_name,
+			ANAME_SZ);
+	strlcpy(principal_data[0].instance,
+			input_instance,
+			INST_SZ);
+	principal_data[0].old = NULL;
+	principal_data[0].exp_date = default_princ.exp_date;
+	if (strcmp(input_instance, "admin") == 0)
+	  principal_data[0].max_life = 1 + (CLOCK_SKEW/(5*60)); /*5+5 minutes*/
+	else if (strcmp(input_instance, "root") == 0)
+	  principal_data[0].max_life = 96; /* 8 hours */
+	else
+	  principal_data[0].max_life = default_princ.max_life;
+	principal_data[0].attributes = default_princ.attributes;
+	principal_data[0].kdc_key_ver = (unsigned char) master_key_version;
+	principal_data[0].key_version = 0; /* bumped up later */
+    }
+    *principal_data[0].exp_date_txt = '\0';
+    for (i = 0; i < j; i++) {
+	for (;;) {
+	    fprintf(stdout,
+		    "\nPrincipal: %s, Instance: %s, kdc_key_ver: %d",
+		    principal_data[i].name, principal_data[i].instance,
+		    principal_data[i].kdc_key_ver);
+	    fflush(stdout);
+	    editpw = 1;
+	    changed = 0;
+	    if (!creating) {
+		/*
+		 * copy the existing data so we can use the old values
+		 * for the qualifier clause of the replace 
+		 */
+		principal_data[i].old = (char *) &old_principal;
+		memcpy(&old_principal, &principal_data[i],
+		       sizeof(old_principal));
+		printf("\nChange password [n] ? ");
+		n_gets(temp, sizeof(temp));
+		if (strcmp("y", temp) && strcmp("Y", temp))
+		    editpw = 0;
+	    }
+	    /* password */
+	    if (editpw) {
+#ifdef NOENCRYPTION
+		placebo_read_pw_string(pw_str, sizeof pw_str,
+		    "\nNew Password: ", TRUE);
+#else
+                if(des_read_pw_string(pw_str, sizeof pw_str,
+			"\nNew Password: ", TRUE))
+		    continue;
+#endif
+		if (   strcmp(pw_str, "RANDOM") == 0
+		    || strcmp(pw_str, "") == 0) {
+		    printf("\nRandom password [y] ? ");
+		    n_gets(temp, sizeof(temp));
+		    if (!strcmp("n", temp) || !strcmp("N", temp)) {
+			/* no, use literal */
+#ifdef NOENCRYPTION
+			memset(new_key, 0, sizeof(des_cblock));
+			new_key[0] = 127;
+#else
+			des_string_to_key(pw_str, &new_key);
+#endif
+			memset(pw_str, 0, sizeof pw_str);	/* "RANDOM" */
+		    } else {
+#ifdef NOENCRYPTION
+			memset(new_key, 0, sizeof(des_cblock));
+			new_key[0] = 127;
+#else
+			des_new_random_key(&new_key);
+#endif
+			memset(pw_str, 0, sizeof pw_str);
+		    }
+		} else if (!strcmp(pw_str, "NULL")) {
+		    printf("\nNull Key [y] ? ");
+		    n_gets(temp, sizeof(temp));
+		    if (!strcmp("n", temp) || !strcmp("N", temp)) {
+			/* no, use literal */
+#ifdef NOENCRYPTION
+			memset(new_key, 0, sizeof(des_cblock));
+			new_key[0] = 127;
+#else
+			des_string_to_key(pw_str, &new_key);
+#endif
+			memset(pw_str, 0, sizeof pw_str);	/* "NULL" */
+		    } else {
+
+			principal_data[i].key_low = 0;
+			principal_data[i].key_high = 0;
+			goto null_key;
+		    }
+		} else {
+#ifdef NOENCRYPTION
+		    memset(new_key, 0, sizeof(des_cblock));
+		    new_key[0] = 127;
+#else
+		    des_string_to_key(pw_str, &new_key);
+#endif
+		    memset(pw_str, 0, sizeof pw_str);
+		}
+
+		/* seal it under the kerberos master key */
+		kdb_encrypt_key (&new_key, &new_key, 
+				 &master_key, master_key_schedule,
+				 DES_ENCRYPT);
+		copy_from_key(new_key,
+			      &principal_data[i].key_low,
+			      &principal_data[i].key_high);
+		memset(new_key, 0, sizeof(new_key));
+	null_key:
+		/* set master key version */
+		principal_data[i].kdc_key_ver =
+		    (unsigned char) master_key_version;
+		/* bump key version # */
+		principal_data[i].key_version++;
+		fprintf(stdout,
+			"\nPrincipal's new key version = %d\n",
+			principal_data[i].key_version);
+		fflush(stdout);
+		changed = 1;
+	    }
+	    /* expiration date */
+	    {
+		char d[DATE_SZ];
+		struct tm *tm;
+		tm = k_localtime(&principal_data[i].exp_date);
+		strftime(d, sizeof(d), "%Y-%m-%d", tm);
+		while(1) {
+		    printf("Expiration date (yyyy-mm-dd) [ %s ] ? ", d);
+		    fflush(stdout);
+		    if(n_gets(temp, sizeof(temp)) == NULL) {
+			printf("Invalid date.\n");
+			continue;
+		    }
+		    if (*temp) {
+			memset(&edate, 0, sizeof(edate));
+			if (sscanf(temp, "%d-%d-%d", &edate.tm_year,
+				   &edate.tm_mon, &edate.tm_mday) != 3) {
+			    printf("Invalid date.\n");
+			    continue;
+			}
+			edate.tm_mon--;     /* January is 0, not 1 */
+			edate.tm_hour = 23; /* at the end of the */
+			edate.tm_min = 59;  /* specified day */
+			if (krb_check_tm (edate)) {
+			    printf("Invalid date.\n");
+			    continue;
+			}
+			edate.tm_year -= 1900;
+			principal_data[i].exp_date = tm2time (edate, 1);
+			changed = 1;
+		    }
+		    break;
+		}
+	    }
+
+	    /* maximum lifetime */
+	    fprintf(stdout, "Max ticket lifetime (*5 minutes) [ %d ] ? ",
+		    principal_data[i].max_life);
+	    fflush(stdout);
+	    while (n_gets(temp, sizeof(temp)) && *temp) {
+		if (sscanf(temp, "%ld", &temp_long) != 1)
+		    goto bad_life;
+		if (temp_long > 255 || (temp_long < 0)) {
+		bad_life:
+		    fprintf(stdout, "\07\07Invalid, choose 0-255\n");
+		    fprintf(stdout,
+			    "Max ticket lifetime (*5 minutes) [ %d ] ? ",
+			    principal_data[i].max_life);
+		    fflush(stdout);
+		    continue;
+		}
+		changed = 1;
+		/* dont clobber */
+		principal_data[i].max_life = (unsigned short) temp_long;
+		break;
+	    }
+
+	    /* attributes */
+	    fprintf(stdout, "Attributes [ %d ] ? ",
+		    principal_data[i].attributes);
+	    fflush(stdout);
+	    while (n_gets(temp, sizeof(temp)) && *temp) {
+		if (sscanf(temp, "%ld", &temp_long) != 1)
+		    goto bad_att;
+		if (temp_long > 65535 || (temp_long < 0)) {
+		bad_att:
+		    fprintf(stdout, "Invalid, choose 0-65535\n");
+		    fprintf(stdout, "Attributes [ %d ] ? ",
+			    principal_data[i].attributes);
+		    fflush(stdout);
+		    continue;
+		}
+		changed = 1;
+		/* dont clobber */
+		principal_data[i].attributes =
+		    (unsigned short) temp_long;
+		break;
+	    }
+
+	    /*
+	     * remaining fields -- key versions and mod info, should
+	     * not be directly manipulated 
+	     */
+	    if (changed) {
+		if (kerb_put_principal(&principal_data[i], 1)) {
+		    fprintf(stdout,
+			"\nError updating Kerberos database");
+		} else {
+		    fprintf(stdout, "Edit O.K.");
+		}
+	    } else {
+		fprintf(stdout, "Unchanged");
+	    }
+
+
+	    memset(&principal_data[i].key_low, 0, 4);
+	    memset(&principal_data[i].key_high, 0, 4);
+	    fflush(stdout);
+	    break;
+	}
+    }
+    if (more) {
+	fprintf(stdout, "\nThere were more tuples found ");
+	fprintf(stdout, "than there were space for");
+      }
+    return 1;
+}
+
+static void
+cleanup(void)
+{
+
+    memset(master_key, 0, sizeof(master_key));
+    memset(session_key, 0, sizeof(session_key));
+    memset(master_key_schedule, 0, sizeof(master_key_schedule));
+    memset(principal_data, 0, sizeof(principal_data));
+    memset(new_key, 0, sizeof(new_key));
+    memset(pw_str, 0, sizeof(pw_str));
+}
+
+int
+main(int argc, char **argv)
+{
+    /* Local Declarations */
+
+    long    n;
+
+    set_progname (argv[0]);
+
+    while (--argc > 0 && (*++argv)[0] == '-')
+	for (i = 1; argv[0][i] != '\0'; i++) {
+	    switch (argv[0][i]) {
+
+		/* debug flag */
+	    case 'd':
+		debug = 1;
+		continue;
+
+		/* debug flag */
+#ifdef DEBUG
+	    case 'l':
+		kerb_debug |= 1;
+		continue;
+#endif
+	    case 'n':		/* read MKEYFILE for master key */
+		nflag = 1;
+		continue;
+
+	    default:
+		warnx ("illegal flag \"%c\"", argv[0][i]);
+		Usage();	/* Give message and die */
+	    }
+	}
+
+    fprintf(stdout, "Opening database...\n");
+    fflush(stdout);
+    kerb_init();
+    if (argc > 0)
+	if (kerb_db_set_name(*argv) != 0)
+	    errx (1, "Could not open altername database name");
+
+    if (kdb_get_master_key ((nflag == 0) ? KDB_GET_PROMPT : 0, 
+			    &master_key, master_key_schedule) != 0)
+	errx (1, "Couldn't read master key.");
+
+    if ((master_key_version = kdb_verify_master_key(&master_key,
+						    master_key_schedule,
+						    stdout)) < 0)
+      return 1;
+
+    /* Initialize non shared random sequence */
+    des_init_random_number_generator(&master_key);
+
+    /* lookup the default values */
+    n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
+			   &default_princ, 1, &more);
+    if (n != 1)
+	errx (1, "Kerberos error on default value lookup, %ld found.", n);
+    fprintf(stdout, "Previous or default values are in [brackets] ,\n");
+    fprintf(stdout, "enter return to leave the same, or new value.\n");
+
+    while (change_principal()) {
+    }
+
+    cleanup();
+    return 0;
+}
diff --git a/crypto/kerberosIV/admin/kdb_init.c b/crypto/kerberosIV/admin/kdb_init.c
new file mode 100644
index 0000000..0116ea2
--- /dev/null
+++ b/crypto/kerberosIV/admin/kdb_init.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>. 
+ *
+ * program to initialize the database,  reports error if database file
+ * already exists. 
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: kdb_init.c,v 1.25 1999/09/16 20:37:21 assar Exp $");
+
+enum ap_op {
+    NULL_KEY,			/* setup null keys */
+    MASTER_KEY,                 /* use master key as new key */
+    RANDOM_KEY			/* choose a random key */
+};
+
+static des_cblock master_key;
+static des_key_schedule master_key_schedule;
+
+/* use a return code to indicate success or failure.  check the return */
+/* values of the routines called by this routine. */
+
+static int
+add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife)
+{
+    Principal principal;
+    des_cblock new_key;
+
+    memset(&principal, 0, sizeof(principal));
+    strlcpy(principal.name, name, ANAME_SZ);
+    strlcpy(principal.instance, instance, INST_SZ);
+    switch (aap_op) {
+    case NULL_KEY:
+	principal.key_low = 0;
+	principal.key_high = 0;
+	break;
+    case RANDOM_KEY:
+#ifdef NOENCRYPTION
+        memset(new_key, 0, sizeof(des_cblock));
+	new_key[0] = 127;
+#else
+	des_new_random_key(&new_key);
+#endif
+	kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule,
+			 DES_ENCRYPT);
+	copy_from_key(new_key, &principal.key_low, &principal.key_high);
+	memset(new_key, 0, sizeof(new_key));
+	break;
+    case MASTER_KEY:
+	memcpy(new_key, master_key, sizeof (des_cblock));
+	kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule,
+			 DES_ENCRYPT);
+	copy_from_key(new_key, &principal.key_low, &principal.key_high);
+	break;
+    }
+    principal.mod_date = time(0);
+    *principal.mod_date_txt = '\0';
+    principal.exp_date = principal.mod_date + 5 * 365 * 24 * 60 * 60;
+    *principal.exp_date_txt = '\0';
+
+    principal.attributes = 0;
+    principal.max_life = maxlife;
+
+    principal.kdc_key_ver = 1;
+    principal.key_version = 1;
+
+    strlcpy(principal.mod_name, "db_creation", ANAME_SZ);
+    strlcpy(principal.mod_instance, "", INST_SZ);
+    principal.old = 0;
+
+    if (kerb_db_put_principal(&principal, 1) != 1)
+        return -1;		/* FAIL */
+    
+    /* let's play it safe */
+    memset(new_key, 0, sizeof (des_cblock));
+    memset(&principal.key_low, 0, 4);
+    memset(&principal.key_high, 0, 4);
+    return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+    char    realm[REALM_SZ];
+    char   *cp;
+    int code;
+    char *database;
+    
+    set_progname (argv[0]);
+
+    if (argc > 3) {
+	fprintf(stderr, "Usage: %s [realm-name] [database-name]\n", argv[0]);
+	return 1;
+    }
+    if (argc == 3) {
+	database = argv[2];
+	--argc;
+    } else
+	database = DBM_FILE;
+
+    /* Do this first, it'll fail if the database exists */
+    if ((code = kerb_db_create(database)) != 0)
+	err (1, "Couldn't create database %s", database);
+    kerb_db_set_name(database);
+
+    if (argc == 2)
+	strlcpy(realm, argv[1], REALM_SZ);
+    else {
+        if (krb_get_lrealm(realm, 1) != KSUCCESS)
+	    strlcpy(realm, KRB_REALM, REALM_SZ);
+	fprintf(stderr, "Realm name [default  %s ]: ", realm);
+	if (fgets(realm, sizeof(realm), stdin) == NULL)
+	    errx (1, "\nEOF reading realm");
+	if ((cp = strchr(realm, '\n')))
+	    *cp = '\0';
+	if (!*realm)			/* no realm given */
+		if (krb_get_lrealm(realm, 1) != KSUCCESS)
+		    strlcpy(realm, KRB_REALM, REALM_SZ);
+    }
+    if (!k_isrealm(realm))
+	errx (1, "Bad kerberos realm name \"%s\"", realm);
+#ifndef RANDOM_MKEY
+    printf("You will be prompted for the database Master Password.\n");
+    printf("It is important that you NOT FORGET this password.\n");
+#else
+    printf("To generate a master key, please enter some random data.\n");
+    printf("You do not have to remember this.\n");
+#endif
+    fflush(stdout);
+
+    if (kdb_get_master_key (KDB_GET_TWICE, &master_key,
+			    master_key_schedule) != 0)
+	errx (1, "Couldn't read master key.");
+
+#ifdef RANDOM_MKEY
+    if(kdb_kstash(&master_key, MKEYFILE) < 0)
+	err (1, "Error writing master key");
+    fprintf(stderr, "Wrote master key to %s\n", MKEYFILE);
+#endif
+
+    /* Initialize non shared random sequence */
+    des_init_random_number_generator(&master_key);
+
+    /* Maximum lifetime for changepw.kerberos (kadmin) tickets, 10 minutes */
+#define ADMLIFE (1 + (CLOCK_SKEW/(5*60)))
+
+    /* Maximum lifetime for ticket granting tickets, 4 days or 21.25h */
+#define TGTLIFE ((krb_life_to_time(0, 162) >= 24*60*60) ? 161 : 255)
+
+    /* This means that default lifetimes have not been initialized */
+#define DEFLIFE 255
+
+#define NOLIFE 0
+
+    if (
+	add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY, NOLIFE) ||
+	add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY,DEFLIFE)||
+	add_principal(KRB_TICKET_GRANTING_TICKET, realm, RANDOM_KEY, TGTLIFE)||
+	add_principal(PWSERV_NAME, KRB_MASTER, RANDOM_KEY, ADMLIFE) 
+	) {
+      putc ('\n', stderr);
+      errx (1, "couldn't initialize database.");
+    }
+
+    /* play it safe */
+    memset(master_key, 0, sizeof (des_cblock));
+    memset(master_key_schedule, 0, sizeof (des_key_schedule));
+    return 0;
+}
diff --git a/crypto/kerberosIV/admin/kdb_util.c b/crypto/kerberosIV/admin/kdb_util.c
new file mode 100644
index 0000000..cff031c
--- /dev/null
+++ b/crypto/kerberosIV/admin/kdb_util.c
@@ -0,0 +1,518 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ * 
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Kerberos database manipulation utility. This program allows you to
+ * dump a kerberos database to an ascii readable file and load this
+ * file into the database. Read locking of the database is done during a
+ * dump operation. NO LOCKING is done during a load operation. Loads
+ * should happen with other processes shutdown. 
+ *
+ * Written July 9, 1987 by Jeffrey I. Schiller
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: kdb_util.c,v 1.42 1999/09/16 20:37:21 assar Exp $");
+
+static des_cblock master_key, new_master_key;
+static des_key_schedule master_key_schedule, new_master_key_schedule;
+
+/* cv_key is a procedure which takes a principle and changes its key, 
+   either for a new method of encrypting the keys, or a new master key.
+   if cv_key is null no transformation of key is done (other than net byte
+   order). */
+
+struct callback_args {
+    void (*cv_key)(Principal *);
+    FILE *output_file;
+};
+
+static void
+print_time(FILE *file, time_t timeval)
+{
+    struct tm *tm;
+    tm = gmtime(&timeval);
+    fprintf(file, " %04d%02d%02d%02d%02d",
+	    tm->tm_year + 1900,
+            tm->tm_mon + 1,
+            tm->tm_mday,
+            tm->tm_hour,
+            tm->tm_min);
+}
+
+static long
+time_explode(char *cp)
+{
+    char wbuf[5];
+    struct tm tp;
+    int local;
+
+    memset(&tp, 0, sizeof(tp));	/* clear out the struct */
+    
+    if (strlen(cp) > 10) {		/* new format */
+	strlcpy(wbuf, cp, sizeof(wbuf));
+	tp.tm_year = atoi(wbuf) - 1900;
+	cp += 4;			/* step over the year */
+	local = 0;			/* GMT */
+    } else {				/* old format: local time, 
+					   year is 2 digits, assuming 19xx */
+	wbuf[0] = *cp++;
+	wbuf[1] = *cp++;
+	wbuf[2] = 0;
+	tp.tm_year = atoi(wbuf);
+	local = 1;			/* local */
+    }
+
+    wbuf[0] = *cp++;
+    wbuf[1] = *cp++;
+    wbuf[2] = 0;
+    tp.tm_mon = atoi(wbuf)-1;
+
+    wbuf[0] = *cp++;
+    wbuf[1] = *cp++;
+    tp.tm_mday = atoi(wbuf);
+    
+    wbuf[0] = *cp++;
+    wbuf[1] = *cp++;
+    tp.tm_hour = atoi(wbuf);
+    
+    wbuf[0] = *cp++;
+    wbuf[1] = *cp++;
+    tp.tm_min = atoi(wbuf);
+
+    return(tm2time(tp, local));
+}
+
+static int
+dump_db_1(void *arg,
+	  Principal *principal)	/* replace null strings with "*" */
+{
+    struct callback_args *a = (struct callback_args *)arg;
+    
+    if (principal->instance[0] == '\0') {
+	principal->instance[0] = '*';
+	principal->instance[1] = '\0';
+    }
+    if (principal->mod_name[0] == '\0') {
+	principal->mod_name[0] = '*';
+	principal->mod_name[1] = '\0';
+    }
+    if (principal->mod_instance[0] == '\0') {
+	principal->mod_instance[0] = '*';
+	principal->mod_instance[1] = '\0';
+    }
+    if (a->cv_key != NULL) {
+	(*a->cv_key) (principal);
+    }
+    fprintf(a->output_file, "%s %s %d %d %d %d %x %x",
+	    principal->name,
+	    principal->instance,
+	    principal->max_life,
+	    principal->kdc_key_ver,
+	    principal->key_version,
+	    principal->attributes,
+	    (int)htonl (principal->key_low),
+	    (int)htonl (principal->key_high));
+    print_time(a->output_file, principal->exp_date);
+    print_time(a->output_file, principal->mod_date);
+    fprintf(a->output_file, " %s %s\n",
+	    principal->mod_name,
+	    principal->mod_instance);
+    return 0;
+}
+
+static int
+dump_db (char *db_file, FILE *output_file, void (*cv_key) (Principal *))
+{
+    struct callback_args a;
+
+    a.cv_key = cv_key;
+    a.output_file = output_file;
+    
+    kerb_db_iterate (dump_db_1, &a);
+    return fflush(output_file);
+}
+
+static int
+add_file(void *db, FILE *file)
+{
+    int ret;
+    int lineno = 0;
+    char line[1024];
+    unsigned long key[2]; /* yes, long */
+    Principal pr;
+    
+    char exp_date[64], mod_date[64];
+    
+    int life, kkvno, kvno;
+    
+    while(1){
+	memset(&pr, 0, sizeof(pr));
+	errno = 0;
+	if(fgets(line, sizeof(line), file) == NULL){
+	    if(errno != 0)
+	      err (1, "fgets");
+	    break;
+	}
+	lineno++;
+	ret = sscanf(line, "%s %s %d %d %d %hd %lx %lx %s %s %s %s",
+		     pr.name, pr.instance,
+		     &life, &kkvno, &kvno,
+		     &pr.attributes,
+		     &key[0], &key[1],
+		     exp_date, mod_date,
+		     pr.mod_name, pr.mod_instance);
+	if(ret != 12){
+	    warnx("Line %d malformed (ignored)", lineno);
+	    continue;
+	}
+	pr.key_low = ntohl (key[0]);
+	pr.key_high = ntohl (key[1]);
+	pr.max_life = life;
+	pr.kdc_key_ver = kkvno;
+	pr.key_version = kvno;
+	pr.exp_date = time_explode(exp_date);
+	pr.mod_date = time_explode(mod_date);
+	if (pr.instance[0] == '*')
+	    pr.instance[0] = 0;
+	if (pr.mod_name[0] == '*')
+	    pr.mod_name[0] = 0;
+	if (pr.mod_instance[0] == '*')
+	    pr.mod_instance[0] = 0;
+	if (kerb_db_update(db, &pr, 1) != 1) {
+	    warn ("store %s.%s aborted",
+		  pr.name, pr.instance);
+	    return 1;
+	}
+    }
+    return 0;
+}
+
+static void
+load_db (char *db_file, FILE *input_file)
+{
+    long *db;
+    int code;
+    char *temp_db_file;
+
+    asprintf (&temp_db_file, "%s~", db_file);
+    if(temp_db_file == NULL)
+	errx (1, "out of memory");
+
+    /* Create the database */
+    if ((code = kerb_db_create(temp_db_file)) != 0)
+	err (1, "creating temp database %s", temp_db_file);
+    kerb_db_set_name(temp_db_file);
+    db = kerb_db_begin_update();
+    if (db == NULL)
+	err (1, "opening temp database %s", temp_db_file);
+    
+    if(add_file(db, input_file))
+	errx (1, "Load aborted");
+
+    kerb_db_end_update(db);
+    if ((code = kerb_db_rename(temp_db_file, db_file)) != 0)
+        warn("database rename failed");
+    fclose(input_file);
+    free(temp_db_file);
+}
+
+static void
+merge_db(char *db_file, FILE *input_file)
+{
+    void *db;
+    
+    db = kerb_db_begin_update();
+    if(db == NULL)
+        err (1, "Couldn't open database");
+    if(add_file(db, input_file))
+        errx (1, "Merge aborted");
+    kerb_db_end_update(db);
+}
+
+static void
+update_ok_file (char *file_name)
+{
+    /* handle slave locking/failure stuff */
+    char *file_ok;
+    int fd;
+
+    asprintf (&file_ok, "%s.dump_ok", file_name);
+    if (file_ok == NULL)
+      errx (1, "out of memory");
+    if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0)
+        err (1, "Error creating %s", file_ok);
+    free(file_ok);
+    close(fd);
+    /*
+     * Some versions of BSD don't update the mtime in the above open so
+     * we call utimes just in case.
+     */
+    if (utime(file_name, NULL) < 0)
+	err (1, "utime %s", file_name);
+}
+
+static void
+convert_key_new_master (Principal *p)
+{
+  des_cblock key;
+
+  /* leave null keys alone */
+  if ((p->key_low == 0) && (p->key_high == 0)) return;
+
+  /* move current key to des_cblock for encryption, special case master key
+     since that's changing */
+  if ((strncmp (p->name, KERB_M_NAME, ANAME_SZ) == 0) &&
+      (strncmp (p->instance, KERB_M_INST, INST_SZ) == 0)) {
+    memcpy (key, new_master_key, sizeof(des_cblock));
+    (p->key_version)++;
+  } else {
+    copy_to_key(&p->key_low, &p->key_high, key);
+    kdb_encrypt_key (&key, &key, &master_key,
+		     master_key_schedule, DES_DECRYPT);
+  }
+
+  kdb_encrypt_key (&key, &key, &new_master_key,
+		   new_master_key_schedule, DES_ENCRYPT);
+
+  copy_from_key(key, &(p->key_low), &(p->key_high));
+  memset(key, 0, sizeof (key));  /* a little paranoia ... */
+
+  (p->kdc_key_ver)++;
+}
+
+static void
+clear_secrets (void)
+{
+  memset(master_key, 0, sizeof (des_cblock));
+  memset(master_key_schedule, 0, sizeof (des_key_schedule));
+  memset(new_master_key, 0, sizeof (des_cblock));
+  memset(new_master_key_schedule, 0, sizeof (des_key_schedule));
+}
+
+static void
+convert_new_master_key (char *db_file, FILE *out)
+{
+#ifdef RANDOM_MKEY
+  errx (1, "Sorry, this function is not available with "
+	"the new master key scheme.");
+#else
+  printf ("\n\nEnter the CURRENT master key.");
+  if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
+			  master_key_schedule) != 0) {
+    clear_secrets ();
+    errx (1, "Couldn't get master key.");
+  }
+
+  if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) {
+    clear_secrets ();
+    exit (1);
+  }
+
+  printf ("\n\nNow enter the NEW master key.  Do not forget it!!");
+  if (kdb_get_master_key (KDB_GET_TWICE, &new_master_key,
+			  new_master_key_schedule) != 0) {
+    clear_secrets ();
+    errx (1, "Couldn't get new master key.");
+  }
+
+  dump_db (db_file, out, convert_key_new_master);
+  {
+    char *fname;
+
+    asprintf(&fname, "%s.new", MKEYFILE);
+    if(fname == NULL) {
+      clear_secrets();
+      errx(1, "malloc: failed");
+    }
+    kdb_kstash(&new_master_key, fname);
+    free(fname);
+  }
+#endif /* RANDOM_MKEY */
+}
+
+static void
+convert_key_old_db (Principal *p)
+{
+  des_cblock key;
+
+ /* leave null keys alone */
+  if ((p->key_low == 0) && (p->key_high == 0)) return;
+
+  copy_to_key(&p->key_low, &p->key_high, key);
+
+#ifndef NOENCRYPTION
+  des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key,
+	(long)sizeof(des_cblock),master_key_schedule,
+	(des_cblock *)master_key_schedule, DES_DECRYPT);
+#endif
+
+  /* make new key, new style */
+  kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_ENCRYPT);
+
+  copy_from_key(key, &(p->key_low), &(p->key_high));
+  memset(key, 0, sizeof (key));  /* a little paranoia ... */
+}
+
+static void
+convert_old_format_db (char *db_file, FILE *out)
+{
+  des_cblock key_from_db;
+  Principal principal_data[1];
+  int n, more;
+
+  if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
+			  master_key_schedule) != 0L) {
+    clear_secrets();
+    errx (1, "Couldn't get master key.");
+  }
+
+  /* can't call kdb_verify_master_key because this is an old style db */
+  /* lookup the master key version */
+  n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
+			 1 /* only one please */, &more);
+  if ((n != 1) || more)
+    errx (1, "verify_master_key: Kerberos error on master key lookup, %d found.\n", n);
+
+  /* set up the master key */
+  fprintf(stderr, "Current Kerberos master key version is %d.\n",
+	  principal_data[0].kdc_key_ver);
+
+  /*
+   * now use the master key to decrypt (old style) the key in the db, had better
+   * be the same! 
+   */
+  copy_to_key(&principal_data[0].key_low,
+	      &principal_data[0].key_high,
+	      key_from_db);
+#ifndef NOENCRYPTION
+  des_pcbc_encrypt(&key_from_db,&key_from_db,(long)sizeof(key_from_db),
+	master_key_schedule,(des_cblock *)master_key_schedule, DES_DECRYPT);
+#endif
+  /* the decrypted database key had better equal the master key */
+
+  n = memcmp(master_key, key_from_db, sizeof(master_key));
+  memset(key_from_db, 0, sizeof(key_from_db));
+
+  if (n) {
+    fprintf(stderr, "\n\07\07verify_master_key: Invalid master key, ");
+    fprintf(stderr, "does not match database.\n");
+    exit (1);
+  }
+    
+  fprintf(stderr, "Master key verified.\n");
+
+  dump_db (db_file, out, convert_key_old_db);
+}
+
+int
+main(int argc, char **argv)
+{
+    int ret;
+    FILE   *file;
+    enum {
+	OP_LOAD,
+	OP_MERGE,
+	OP_DUMP,
+	OP_SLAVE_DUMP,
+	OP_NEW_MASTER,
+	OP_CONVERT_OLD_DB
+    }       op;
+    char *file_name;
+    char *db_name;
+
+    set_progname (argv[0]);
+    
+    if (argc != 3 && argc != 4) {
+	fprintf(stderr, "Usage: %s operation file [database name].\n",
+		argv[0]);
+	fprintf(stderr, "Operation is one of: "
+		"load, merge, dump, slave_dump, new_master_key, "
+		"convert_old_db\n");
+	fprintf(stderr, "use file `-' for stdout\n");
+	exit(1);
+    }
+    if (argc == 3)
+	db_name = DBM_FILE;
+    else
+	db_name = argv[3];
+    
+    ret = kerb_db_set_name (db_name);
+    
+    /* this makes starting slave servers ~14.3 times easier */
+    if(ret && strcmp(argv[1], "load") == 0)
+       ret = kerb_db_create (db_name);
+
+    if(ret)
+      err (1, "Can't open database");
+
+    if (!strcmp(argv[1], "load"))
+	op = OP_LOAD;
+    else if (!strcmp(argv[1], "merge"))
+	op = OP_MERGE;
+    else if (!strcmp(argv[1], "dump"))
+	op = OP_DUMP;
+    else if (!strcmp(argv[1], "slave_dump"))
+        op = OP_SLAVE_DUMP;
+    else if (!strcmp(argv[1], "new_master_key"))
+        op = OP_NEW_MASTER;
+    else if (!strcmp(argv[1], "convert_old_db"))
+        op = OP_CONVERT_OLD_DB;
+    else {
+        warnx ("%s is an invalid operation.", argv[1]);
+	warnx ("Valid operations are \"load\", \"merge\", "
+	       "\"dump\", \"slave_dump\", \"new_master_key\", "
+	       "and \"convert_old_db\"");
+	return 1;
+    }
+
+    file_name = argv[2];
+    if (strcmp (file_name, "-") == 0
+	&& op != OP_LOAD
+	&& op != OP_MERGE)
+	file = stdout;
+    else {
+	char *mode;
+
+	if (op == OP_LOAD || op == OP_MERGE)
+	    mode = "r";
+	else
+	    mode = "w";
+
+	file = fopen (file_name, mode);
+    }
+    if (file == NULL)
+        err (1, "open %s", argv[2]);
+
+    switch (op) {
+    case OP_DUMP:
+      if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
+	  (fclose(file) == EOF))
+	  err (1, "%s", file_name);
+      break;
+    case OP_SLAVE_DUMP:
+      if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
+	  (fclose(file) == EOF))
+	err (1, "%s", file_name);
+      update_ok_file (file_name);
+      break;
+    case OP_LOAD:
+      load_db (db_name, file);
+      break;
+    case OP_MERGE:
+      merge_db (db_name, file);
+      break;
+    case OP_NEW_MASTER:
+      convert_new_master_key (db_name, file);
+      printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);
+      break;
+    case OP_CONVERT_OLD_DB:
+      convert_old_format_db (db_name, file);
+      printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);      
+      break;
+    }
+    return 0;
+}
diff --git a/crypto/kerberosIV/admin/kstash.c b/crypto/kerberosIV/admin/kstash.c
new file mode 100644
index 0000000..4595de5
--- /dev/null
+++ b/crypto/kerberosIV/admin/kstash.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology 
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Description.
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: kstash.c,v 1.10 1997/03/30 17:35:37 assar Exp $");
+
+/* change this later, but krblib_dbm needs it for now */
+
+static des_cblock master_key;
+static des_key_schedule master_key_schedule;
+
+static void 
+clear_secrets(void)
+{
+    memset(master_key_schedule, 0, sizeof(master_key_schedule));
+    memset(master_key, 0, sizeof(master_key));
+}
+
+int
+main(int argc, char **argv)
+{
+    long    n;
+    int ret = 0;
+    set_progname (argv[0]);
+
+    if ((n = kerb_init()))
+        errx(1, "Kerberos db and cache init failed = %ld\n", n);
+
+    if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
+			    master_key_schedule) != 0) {
+	clear_secrets();
+	errx(1, "Couldn't read master key.");
+    }
+
+    if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) {
+	clear_secrets();
+	return 1;
+    }
+
+    ret = kdb_kstash(&master_key, MKEYFILE);
+    if(ret < 0)
+        warn("writing master key");
+    else
+	fprintf(stderr, "Wrote master key to %s\n", MKEYFILE);
+    
+    clear_secrets();
+    return ret;
+}
diff --git a/crypto/kerberosIV/appl/Makefile.in b/crypto/kerberosIV/appl/Makefile.in
new file mode 100644
index 0000000..2cc8391
--- /dev/null
+++ b/crypto/kerberosIV/appl/Makefile.in
@@ -0,0 +1,43 @@
+# $Id: Makefile.in,v 1.31 1998/04/26 09:59:31 assar Exp $
+
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+SHELL		= /bin/sh
+
+@SET_MAKE@
+
+SUBDIRS		= sample kauth bsd movemail push afsutil \
+		  popper xnlock kx @OTP_dir@ @APPL_KIP_DIR@ ftp telnet
+
+all:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+install:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+uninstall:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+clean:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+mostlyclean:	clean
+
+distclean:
+	for i in $(SUBDIRS);\
+	do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+	rm -f Makefile *~
+
+realclean:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
+
+.PHONY: all Wall install uninstall clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/appl/afsutil/Makefile.in b/crypto/kerberosIV/appl/afsutil/Makefile.in
new file mode 100644
index 0000000..86adb88
--- /dev/null
+++ b/crypto/kerberosIV/appl/afsutil/Makefile.in
@@ -0,0 +1,89 @@
+# $Id: Makefile.in,v 1.27 1999/03/10 19:01:10 joda Exp $
+
+SHELL	= /bin/sh
+
+srcdir	= @srcdir@
+VPATH	= @srcdir@
+
+top_builddir	= ../..
+
+CC	= @CC@
+LINK	= @LINK@
+AR	= ar
+RANLIB	= @RANLIB@
+DEFS	= @DEFS@
+CFLAGS	= @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS= @LD_FLAGS@
+INSTALL	= @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+LIBROKEN = -L../../lib/roken -lroken
+LIBS	= @KRB_KAFS_LIB@ -L../../lib/krb -lkrb -L../../lib/des -ldes $(LIBROKEN) @LIBS@ $(LIBROKEN)
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+bindir = @bindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROG_BIN	= pagsh$(EXECSUFFIX) \
+		  afslog$(EXECSUFFIX) \
+		  kstring2key$(EXECSUFFIX)
+PROG_LIBEXEC	= 
+PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
+
+SOURCES = pagsh.c aklog.c kstring2key.c
+
+OBJECTS = pagsh.o aklog.o kstring2key.o
+
+all: $(PROGS)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
+	for x in $(PROG_BIN); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(PROG_BIN); do \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+pagsh$(EXECSUFFIX): pagsh.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ pagsh.o $(LIBS)
+
+afslog$(EXECSUFFIX): aklog.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ aklog.o $(LIBS)
+
+kstring2key$(EXECSUFFIX): kstring2key.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kstring2key.o $(LIBS)
+
+
+$(OBJECTS): ../../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/appl/afsutil/aklog.c b/crypto/kerberosIV/appl/afsutil/aklog.c
new file mode 100644
index 0000000..22dbfe7
--- /dev/null
+++ b/crypto/kerberosIV/appl/afsutil/aklog.c
@@ -0,0 +1,234 @@
+/*
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <ctype.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_IOCCOM_H
+#include <sys/ioccom.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <err.h>
+#include <krb.h>
+#include <kafs.h>
+
+#include <roken.h>
+
+RCSID("$Id: aklog.c,v 1.24 1999/12/02 16:58:28 joda Exp $");
+
+static int debug = 0;
+
+static void
+DEBUG(const char *, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+
+static void
+DEBUG(const char *fmt, ...)
+{
+  va_list ap;
+  if (debug) {
+    va_start(ap, fmt);
+    vwarnx(fmt, ap);
+    va_end(ap);
+  }
+}
+
+static char *
+expand_cell_name(char *cell)
+{
+  FILE *f;
+  static char buf[128];
+  char *p;
+
+  f = fopen(_PATH_CELLSERVDB, "r");
+  if(f == NULL)
+    return cell;
+  while(fgets(buf, sizeof(buf), f) != NULL) {
+    if(buf[0] == '>') {
+      for(p=buf; *p && !isspace(*p) && *p != '#'; p++)
+	  ;
+      *p = '\0';
+      if(strstr(buf, cell)){
+	fclose(f);
+	return buf + 1;
+      }
+    }
+    buf[0] = 0;
+  }
+  fclose(f);
+  return cell;
+}
+
+static int
+createuser (char *cell)
+{
+  char cellbuf[64];
+  char name[ANAME_SZ];
+  char instance[INST_SZ];
+  char realm[REALM_SZ];
+  char cmd[1024];
+
+  if (cell == NULL) {
+    FILE *f;
+    int len;
+
+    f = fopen (_PATH_THISCELL, "r");
+    if (f == NULL)
+      err (1, "open(%s)", _PATH_THISCELL);
+    if (fgets (cellbuf, sizeof(cellbuf), f) == NULL)
+      err (1, "read cellname from %s", _PATH_THISCELL);
+    fclose (f);
+    len = strlen(cellbuf);
+    if (cellbuf[len-1] == '\n')
+      cellbuf[len-1] = '\0';
+    cell = cellbuf;
+  }
+
+  if(krb_get_default_principal(name, instance, realm))
+    errx (1, "Could not even figure out who you are");
+
+  snprintf (cmd, sizeof(cmd),
+	    "pts createuser %s%s%s@%s -cell %s",
+	    name, *instance ? "." : "", instance, strlwr(realm),
+	    cell);
+  DEBUG("Executing %s", cmd);
+  return system(cmd);
+}
+
+int
+main(int argc, char **argv)
+{
+  int i;
+  int do_aklog = -1;
+  int do_createuser = -1;
+  char *cell = NULL;
+  char *realm = NULL;
+  char cellbuf[64];
+  
+  set_progname (argv[0]);
+
+  if(!k_hasafs())
+    exit(1);
+
+  for(i = 1; i < argc; i++){
+    if(!strncmp(argv[i], "-createuser", 11)){
+      do_createuser = do_aklog = 1;
+
+    }else if(!strncmp(argv[i], "-c", 2) && i + 1 < argc){
+      cell = expand_cell_name(argv[++i]);
+      do_aklog = 1;
+
+    }else if(!strncmp(argv[i], "-k", 2) && i + 1 < argc){
+      realm = argv[++i];
+
+    }else if(!strncmp(argv[i], "-p", 2) && i + 1 < argc){
+      if(k_afs_cell_of_file(argv[++i], cellbuf, sizeof(cellbuf)))
+	errx (1, "No cell found for file \"%s\".", argv[i]);
+      else
+	cell = cellbuf;
+      do_aklog = 1;
+
+    }else if(!strncmp(argv[i], "-unlog", 6)){
+      exit(k_unlog());
+
+    }else if(!strncmp(argv[i], "-hosts", 6)){
+      warnx ("Argument -hosts is not implemented.");
+
+    }else if(!strncmp(argv[i], "-zsubs", 6)){
+      warnx("Argument -zsubs is not implemented.");
+
+    }else if(!strncmp(argv[i], "-noprdb", 6)){
+      warnx("Argument -noprdb is not implemented.");
+
+    }else if(!strncmp(argv[i], "-d", 6)){
+      debug = 1;
+
+    }else{
+      if(!strcmp(argv[i], ".") ||
+	 !strcmp(argv[i], "..") ||
+	 strchr(argv[i], '/')){
+	DEBUG("I guess that \"%s\" is a filename.", argv[i]);
+	if(k_afs_cell_of_file(argv[i], cellbuf, sizeof(cellbuf)))
+	  errx (1, "No cell found for file \"%s\".", argv[i]);
+	else {
+	  cell = cellbuf;
+	  DEBUG("The file \"%s\" lives in cell \"%s\".", argv[i], cell);
+	}
+      }else{
+	cell = expand_cell_name(argv[i]);
+	DEBUG("I guess that %s is cell %s.", argv[i], cell);
+      }
+      do_aklog = 1;
+    }
+    if(do_aklog == 1){
+      do_aklog = 0;
+      if(krb_afslog(cell, realm))
+	errx (1, "Failed getting tokens for cell %s in realm %s.", 
+	      cell?cell:"(local cell)", realm?realm:"(local realm)");
+    }
+    if(do_createuser == 1) {
+      do_createuser = 0;
+      if(createuser(cell))
+	errx (1, "Failed creating user in cell %s", cell?cell:"(local cell)");
+    }
+  }
+  if(do_aklog == -1 && do_createuser == -1 && krb_afslog(0, realm))
+    errx (1, "Failed getting tokens for cell %s in realm %s.", 
+	  cell?cell:"(local cell)", realm?realm:"(local realm)");
+  return 0;
+}
diff --git a/crypto/kerberosIV/appl/afsutil/kstring2key.c b/crypto/kerberosIV/appl/afsutil/kstring2key.c
new file mode 100644
index 0000000..c0c76ae
--- /dev/null
+++ b/crypto/kerberosIV/appl/afsutil/kstring2key.c
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+RCSID("$Id: kstring2key.c,v 1.16 1999/12/02 16:58:28 joda Exp $");
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <err.h>
+
+#include <roken.h>
+
+#include <des.h>
+#include <krb.h>
+
+#define VERIFY 0
+
+static void
+usage(void)
+{
+    fprintf(stderr,
+	    "Usage: %s [-c AFS cellname] [ -5 krb5salt ] [ password ]\n",
+	    __progname);
+    fprintf(stderr,
+	    "       krb5salt is realmname APPEND principal APPEND instance\n");
+    exit(1);
+}
+
+static
+void
+krb5_string_to_key(char *str,
+		   char *salt,
+		   des_cblock *key)
+{
+    char *foo;
+
+    asprintf(&foo, "%s%s", str, salt);
+    if (foo == NULL)
+	errx (1, "malloc: out of memory");
+    des_string_to_key(foo, key);
+    free (foo);
+}
+
+
+int
+main(int argc, char **argv)
+{
+    des_cblock key;
+    char buf[1024];
+    char *cellname = 0, *salt = 0;
+
+    set_progname (argv[0]);
+
+    if (argc >= 3 && argv[1][0] == '-' && argv[1][1] == 'c')
+	{
+	    cellname = argv[2];
+	    argv += 2;
+	    argc -= 2;
+	}
+    else if (argc >= 3 && argv[1][0] == '-' && argv[1][1] == '5')
+	{
+	    salt = argv[2];
+	    argv += 2;
+	    argc -= 2;
+	}
+    if (argc >= 2 && argv[1][0] == '-')
+	usage();
+
+    switch (argc) {
+    case 1:
+	if (des_read_pw_string(buf, sizeof(buf)-1, "password: ", VERIFY))
+	    errx (1, "Error reading password.");
+	break;
+    case 2:
+	strlcpy(buf, argv[1], sizeof(buf));
+	break;
+    default:
+	usage();
+	break;
+    }
+
+    if (cellname != 0)
+	afs_string_to_key(buf, cellname, &key);
+    else if (salt != 0)
+        krb5_string_to_key(buf, salt, &key);
+    else
+	des_string_to_key(buf, &key);
+
+    {
+	int j;
+	unsigned char *tkey = (unsigned char *) &key;
+	printf("ascii = ");
+	for(j = 0; j < 8; j++)
+	    if(tkey[j] != '\\' && isalpha(tkey[j]) != 0)
+		printf("%c", tkey[j]);
+	    else
+		printf("\\%03o",(unsigned char)tkey[j]);
+	printf("\n");
+	printf("hex   = ");
+	for(j = 0; j < 8; j++)
+	    printf("%02x",(unsigned char)tkey[j]);
+	printf("\n");
+    }
+    exit(0);
+}
diff --git a/crypto/kerberosIV/appl/afsutil/pagsh.c b/crypto/kerberosIV/appl/afsutil/pagsh.c
new file mode 100644
index 0000000..c6704be
--- /dev/null
+++ b/crypto/kerberosIV/appl/afsutil/pagsh.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+RCSID("$Id: pagsh.c,v 1.22 1999/12/02 16:58:28 joda Exp $");
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <time.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#include <err.h>
+#include <roken.h>
+
+#include <krb.h>
+#include <kafs.h>
+
+int
+main(int argc, char **argv)
+{
+  int f;
+  char tf[1024];
+  char *p;
+
+  char *path;
+  char **args;
+  int i;
+
+  do {
+    snprintf(tf, sizeof(tf), "%s%u_%u", TKT_ROOT, (unsigned int)getuid(),
+	    (unsigned int)(getpid()*time(0)));
+    f = open(tf, O_CREAT|O_EXCL|O_RDWR);
+  } while(f < 0);
+  close(f);
+  unlink(tf);
+  setenv("KRBTKFILE", tf, 1);
+
+  i = 0;
+
+  args = (char **) malloc((argc + 10)*sizeof(char *));
+  if (args == NULL)
+      errx (1, "Out of memory allocating %lu bytes",
+	    (unsigned long)((argc + 10)*sizeof(char *)));
+  
+  argv++;
+
+  if(*argv == NULL) {
+    path = getenv("SHELL");
+    if(path == NULL){
+      struct passwd *pw = k_getpwuid(geteuid());
+      path = strdup(pw->pw_shell);
+    }
+  } else {
+    if(strcmp(*argv, "-c") ==  0) argv++;
+    path = strdup(*argv++);
+  }
+  if (path == NULL)
+      errx (1, "Out of memory copying path");
+  
+  p=strrchr(path, '/');
+  if(p)
+    args[i] = strdup(p+1);
+  else
+    args[i] = strdup(path);
+
+  if (args[i++] == NULL)
+      errx (1, "Out of memory copying arguments");
+  
+  while(*argv)
+    args[i++] = *argv++;
+
+  args[i++] = NULL;
+
+  if(k_hasafs())
+    k_setpag();
+
+  execvp(path, args);
+  if (errno == ENOENT) {
+      char **sh_args = malloc ((i + 2) * sizeof(char *));
+      int j;
+
+      if (sh_args == NULL)
+	  errx (1, "Out of memory copying sh arguments");
+      for (j = 1; j < i; ++j)
+	  sh_args[j + 2] = args[j];
+      sh_args[0] = "sh";
+      sh_args[1] = "-c";
+      sh_args[2] = path;
+      execv ("/bin/sh", sh_args);
+  }
+  perror("execvp");
+  exit(1);
+}
diff --git a/crypto/kerberosIV/appl/bsd/Makefile.in b/crypto/kerberosIV/appl/bsd/Makefile.in
new file mode 100644
index 0000000..fdda8c1
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/Makefile.in
@@ -0,0 +1,136 @@
+# $Id: Makefile.in,v 1.68 1999/03/27 17:05:34 joda Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+
+top_builddir = ../..
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@ -DBINDIR='"$(bindir)"'
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+LIBS = @LIBS@
+LIB_DBM = @LIB_DBM@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+bindir = @bindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+# Beware, these are all setuid root programs
+PROG_SUIDBIN	= rsh$(EXECSUFFIX) \
+		  rcp$(EXECSUFFIX) \
+		  rlogin$(EXECSUFFIX) \
+		  su$(EXECSUFFIX)
+PROG_BIN	= login$(EXECSUFFIX)
+PROG_LIBEXEC	= rshd$(EXECSUFFIX) \
+		  rlogind$(EXECSUFFIX)
+PROGS = $(PROG_SUIDBIN) $(PROG_BIN) $(PROG_LIBEXEC)
+
+SOURCES = rsh.c kcmd.c krcmd.c rlogin.c rcp.c rcp_util.c rshd.c \
+	login.c klogin.c login_access.c su.c rlogind.c \
+	login_fbtab.c forkpty.c sysv_default.c sysv_environ.c sysv_shadow.c \
+	utmp_login.c utmpx_login.c stty_default.c encrypt.c rcmd_util.c tty.c \
+	osfc2.c
+
+rsh_OBJS	= rsh.o kcmd.o krcmd.o encrypt.o rcmd_util.o
+rcp_OBJS	= rcp.o rcp_util.o kcmd.o krcmd.o encrypt.o rcmd_util.o osfc2.o
+rlogin_OBJS	= rlogin.o kcmd.o krcmd.o encrypt.o rcmd_util.o
+login_OBJS 	= login.o klogin.o login_fbtab.o login_access.o \
+		  sysv_default.o sysv_environ.o sysv_shadow.o \
+		  utmp_login.o utmpx_login.o stty_default.o tty.o osfc2.o
+su_OBJS		= su.o
+rshd_OBJS	= rshd.o encrypt.o rcmd_util.o osfc2.o
+rlogind_OBJS	= rlogind.o forkpty.o encrypt.o rcmd_util.o tty.o
+
+
+all: $(PROGS) 
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o: 
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
+	for x in $(PROG_LIBEXEC); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x| sed '$(transform)'`; \
+	done
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
+	for x in $(PROG_BIN); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
+	done
+	-for x in $(PROG_SUIDBIN); do \
+	  $(INSTALL_PROGRAM) -o root -m 04555 $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(PROG_LIBEXEC); do \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x| sed '$(transform)'`; \
+	done
+	for x in $(PROG_BIN); do \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
+	done
+	for x in $(PROG_SUIDBIN); do \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
+	done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes
+KLIB_AFS=@KRB_KAFS_LIB@ $(KLIB)
+OTPLIB=@LIB_otp@
+LIBROKEN=-L../../lib/roken -lroken
+
+LIB_security=@LIB_security@
+
+rcp$(EXECSUFFIX): $(rcp_OBJS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rcp_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) $(LIB_security)
+
+rsh$(EXECSUFFIX): $(rsh_OBJS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rsh_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+rshd$(EXECSUFFIX): $(rshd_OBJS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rshd_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) $(LIB_security)
+
+rlogin$(EXECSUFFIX): $(rlogin_OBJS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@  $(rlogin_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+rlogind$(EXECSUFFIX): $(rlogind_OBJS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogind_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+login$(EXECSUFFIX): $(login_OBJS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(login_OBJS) $(OTPLIB) $(KLIB_AFS) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) $(LIB_security)
+
+su$(EXECSUFFIX): $(su_OBJS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(su_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/appl/bsd/README.login b/crypto/kerberosIV/appl/bsd/README.login
new file mode 100644
index 0000000..c072969
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/README.login
@@ -0,0 +1,20 @@
+This login has additional functionalities. They are all based on (part of)
+Wietse Venema's logdaemon package.
+
+
+The following defines can be used:
+1) LOGIN_ACCESS to allow access control on a per tty/user combination
+2) LOGALL to log all logins
+
+-Guido
+
+This login has some of Berkeley's paranoid/broken (depending on your point
+of view) Kerberos code conditionalized out, so that by default it works like
+klogin does at MIT-LCS.  You can define KLOGIN_PARANOID to re-enable this code.
+This define also controls whether a warning message is printed when logging
+into a system with no krb.conf file, which usually means that Kerberos is
+not configured.
+
+-GAWollman
+
+(removed S/Key,	/assar)
diff --git a/crypto/kerberosIV/appl/bsd/bsd_locl.h b/crypto/kerberosIV/appl/bsd/bsd_locl.h
new file mode 100644
index 0000000..787b77b
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/bsd_locl.h
@@ -0,0 +1,398 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: bsd_locl.h,v 1.111 1999/12/02 16:58:28 joda Exp $ */
+/* $FreeBSD$ */
+
+#define LOGALL
+#ifndef KERBEROS
+#define KERBEROS
+#endif
+#define KLOGIN_PARANOID
+#define LOGIN_ACCESS
+#define PASSWD_FALLBACK
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+/* Any better way to test NO_MOTD? */
+#if (SunOS >= 50) || defined(__hpux)
+#define NO_MOTD
+#endif
+
+#ifdef HAVE_SHADOW_H
+#define SYSV_SHADOW
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <setjmp.h>
+#include <limits.h>
+
+#include <stdarg.h>
+
+#include <errno.h>
+#ifdef HAVE_IO_H
+#include <io.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#ifndef S_ISTXT
+#ifdef S_ISVTX
+#define S_ISTXT S_ISVTX
+#else
+#define S_ISTXT 0
+#endif
+#endif
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_DIRENT_H
+#include <dirent.h>
+#endif
+#include <signal.h>
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif /* HAVE_SYS_RESOURCE_H */
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifndef NCARGS
+#define NCARGS  0x100000 /* (absolute) max # characters in exec arglist */
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+#ifdef HAVE_UTIME_H
+#include <utime.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IP_H
+#include <netinet/ip.h>
+#endif
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_IOCCOM_H
+#include <sys/ioccom.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKIO_H
+#include <sys/sockio.h>
+#endif
+
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif
+
+#ifdef HAVE_SYS_STREAM_H
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif /* HAVE_SYS_UIO_H */
+#include <sys/stream.h>
+#endif /* HAVE_SYS_STREAM_H */
+
+#ifdef HAVE_SYS_PTYVAR_H
+#ifdef HAVE_SYS_PROC_H
+#include <sys/proc.h>
+#endif
+#ifdef HAVE_SYS_TTY_H
+#include <sys/tty.h>
+#endif
+#ifdef HAVE_SYS_PTYIO_H
+#include <sys/ptyio.h>
+#endif
+#include <sys/ptyvar.h>
+#endif /* HAVE_SYS_PTYVAR_H */
+
+/* Cray stuff */
+#ifdef HAVE_UDB_H
+#include <udb.h>
+#endif
+#ifdef HAVE_SYS_CATEGORY_H
+#include <sys/category.h>
+#endif
+
+/* Strange ioctls that are not always defined */
+
+#ifndef TIOCPKT_FLUSHWRITE
+#define TIOCPKT_FLUSHWRITE      0x02
+#endif
+ 
+#ifndef TIOCPKT_NOSTOP
+#define TIOCPKT_NOSTOP  0x10
+#endif
+ 
+#ifndef TIOCPKT_DOSTOP
+#define TIOCPKT_DOSTOP  0x20
+#endif
+
+#ifndef TIOCPKT
+#define TIOCPKT		_IOW('t', 112, int)   /* pty: set/clear packet mode */
+#endif
+
+#ifdef HAVE_LASTLOG_H
+#include <lastlog.h>
+#endif
+
+#ifdef HAVE_LOGIN_H
+#include <login.h>
+#endif
+
+#ifdef HAVE_TTYENT_H
+#include <ttyent.h>
+#endif
+
+#ifdef HAVE_STROPTS_H
+#include <stropts.h>
+#endif
+
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#ifndef UT_NAMESIZE
+#define UT_NAMESIZE     sizeof(((struct utmp *)0)->ut_name)
+#endif
+#endif
+
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+
+#ifdef HAVE_USERPW_H
+#include <userpw.h>
+#endif /* HAVE_USERPW_H */
+
+#ifdef HAVE_USERSEC_H
+struct aud_rec;
+#include <usersec.h>
+#endif /* HAVE_USERSEC_H */
+
+#ifdef HAVE_OSFC2
+#include "/usr/include/prot.h"
+#endif
+
+#ifndef PRIO_PROCESS
+#define PRIO_PROCESS 0
+#endif
+
+#include <err.h>
+
+#include <roken.h>
+
+#ifdef SOCKS
+#include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
+#endif
+
+#include <des.h>
+#include <krb.h>
+#include <kafs.h>
+
+int kcmd(int *sock, char **ahost, u_int16_t rport, char *locuser,
+	 char *remuser, char *cmd, int *fd2p, KTEXT ticket,
+	 char *service, char *realm, CREDENTIALS *cred,
+	 Key_schedule schedule, MSG_DAT *msg_data,
+	 struct sockaddr_in *laddr, struct sockaddr_in *faddr,
+	 int32_t authopts);
+
+int krcmd(char **ahost, u_int16_t rport, char *remuser, char *cmd,
+	  int *fd2p, char *realm);
+
+int krcmd_mutual(char **ahost, u_int16_t rport, char *remuser,
+		 char *cmd,int *fd2p, char *realm,
+		 CREDENTIALS *cred, Key_schedule sched);
+
+int klogin(struct passwd *pw, char *instance, char *localhost, char *password);
+
+#if 0
+typedef struct {
+        int cnt;
+        char *buf;
+} BUF;
+#endif
+
+char *colon(char *cp);
+int okname(char *cp0);
+int susystem(char *s, int userid);
+
+int forkpty(int *amaster, char *name,
+	    struct termios *termp, struct winsize *winp);
+
+int forkpty_truncate(int *amaster, char *name, size_t name_sz,
+		     struct termios *termp, struct winsize *winp);
+
+#ifndef MODEMASK
+#define	MODEMASK	(S_ISUID|S_ISGID|S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO)
+#endif
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#ifdef HAVE_MAILLOCK_H
+#include <maillock.h>
+#endif
+#include "pathnames.h"
+
+void stty_default (void);
+
+int utmpx_login(char *line, char *user, char *host);
+
+extern char **environ;
+
+void sysv_newenv(int argc, char **argv, struct passwd *pwd,
+		 char *term, int pflag);
+
+int login_access(struct passwd *user, char *from);
+void fatal(int f, const char *msg, int syserr);
+
+extern int LEFT_JUSTIFIED;
+
+/* used in des_read and des_write */
+#define DES_RW_MAXWRITE	(1024*16)
+#define DES_RW_BSIZE	(DES_RW_MAXWRITE+4)
+
+void sysv_defaults(void);
+void utmp_login(char *tty, char *username, char *hostname);
+void sleepexit (int);
+
+#ifndef HAVE_SETPRIORITY
+#define setpriority(which, who, niceval) 0
+#endif
+
+#ifndef HAVE_GETPRIORITY
+#define getpriority(which, who) 0
+#endif
+
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#endif
+
+#ifndef _POSIX_VDISABLE
+#define _POSIX_VDISABLE 0
+#endif /* _POSIX_VDISABLE */
+#if SunOS == 40
+#include <sys/ttold.h>
+#endif
+
+#if defined(HAVE_SYS_TERMIO_H) && !defined(HAVE_TERMIOS_H)
+#include <sys/termio.h>
+#endif
+
+#ifndef CEOF
+#define CEOF 04
+#endif
+
+/* concession to Sun */
+#ifndef SIGUSR1
+#define	SIGUSR1	30
+#endif
+
+#ifndef TIOCPKT_WINDOW
+#define TIOCPKT_WINDOW 0x80
+#endif
+
+int get_shell_port(int kerberos, int encryption);
+int get_login_port(int kerberos, int encryption);
+int speed_t2int (speed_t);
+speed_t int2speed_t (int);
+void ip_options_and_die (int sock, struct sockaddr_in *);
+void warning(const char *fmt, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+
+char *clean_ttyname (char *tty);
+char *make_id (char *tty);
+#ifdef HAVE_UTMP_H
+void prepare_utmp (struct utmp *utmp, char *tty, char *username,
+		   char *hostname);
+#endif
+
+int do_osfc2_magic(uid_t);
diff --git a/crypto/kerberosIV/appl/bsd/encrypt.c b/crypto/kerberosIV/appl/bsd/encrypt.c
new file mode 100644
index 0000000..9f835c6
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/encrypt.c
@@ -0,0 +1,305 @@
+/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * All rights reserved.
+ * 
+ * This file is part of an SSL implementation written
+ * by Eric Young (eay@mincom.oz.au).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification.  This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.  If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    This product includes software developed by Eric Young (eay@mincom.oz.au)
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: encrypt.c,v 1.4 1999/06/17 18:47:26 assar Exp $");
+
+/* replacements for htonl and ntohl since I have no idea what to do
+ * when faced with machines with 8 byte longs. */
+#define HDRSIZE 4
+
+#define n2l(c,l)	(l =((u_int32_t)(*((c)++)))<<24, \
+			 l|=((u_int32_t)(*((c)++)))<<16, \
+			 l|=((u_int32_t)(*((c)++)))<< 8, \
+			 l|=((u_int32_t)(*((c)++))))
+
+#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+			 *((c)++)=(unsigned char)(((l)    )&0xff))
+
+/* This has some uglies in it but it works - even over sockets. */
+extern int errno;
+int des_rw_mode=DES_PCBC_MODE;
+int LEFT_JUSTIFIED = 0;
+
+int
+des_enc_read(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv)
+{
+  /* data to be unencrypted */
+  int net_num=0;
+  unsigned char net[DES_RW_BSIZE];
+  /* extra unencrypted data 
+   * for when a block of 100 comes in but is des_read one byte at
+   * a time. */
+  static char unnet[DES_RW_BSIZE];
+  static int unnet_start=0;
+  static int unnet_left=0;
+  int i;
+  long num=0,rnum;
+  unsigned char *p;
+
+  /* left over data from last decrypt */
+  if (unnet_left != 0)
+    {
+      if (unnet_left < len)
+	{
+	  /* we still still need more data but will return
+	   * with the number of bytes we have - should always
+	   * check the return value */
+	  memcpy(buf,&(unnet[unnet_start]),unnet_left);
+	  /* eay 26/08/92 I had the next 2 lines
+	   * reversed :-( */
+	  i=unnet_left;
+	  unnet_start=unnet_left=0;
+	}
+      else
+	{
+	  memcpy(buf,&(unnet[unnet_start]),len);
+	  unnet_start+=len;
+	  unnet_left-=len;
+	  i=len;
+	}
+      return(i);
+    }
+
+  /* We need to get more data. */
+  if (len > DES_RW_MAXWRITE) len=DES_RW_MAXWRITE;
+
+  /* first - get the length */
+  net_num=0;
+  while (net_num < HDRSIZE) 
+    {
+      i=read(fd,&(net[net_num]),(unsigned int)HDRSIZE-net_num);
+      if ((i == -1) && (errno == EINTR)) continue;
+      if (i <= 0) return(0);
+      net_num+=i;
+    }
+
+  /* we now have at net_num bytes in net */
+  p=net;
+  num=0;
+  n2l(p,num);
+  /* num should be rounded up to the next group of eight
+   * we make sure that we have read a multiple of 8 bytes from the net.
+   */
+  if ((num > DES_RW_MAXWRITE) || (num < 0)) /* error */
+    return(-1);
+  rnum=(num < 8)?8:((num+7)/8*8);
+
+  net_num=0;
+  while (net_num < rnum)
+    {
+      i=read(fd,&(net[net_num]),(unsigned int)rnum-net_num);
+      if ((i == -1) && (errno == EINTR)) continue;
+      if (i <= 0) return(0);
+      net_num+=i;
+    }
+
+  /* Check if there will be data left over. */
+  if (len < num)
+    {
+      if (des_rw_mode & DES_PCBC_MODE)
+	des_pcbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
+		     num,sched,iv,DES_DECRYPT);
+      else
+	des_cbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
+		    num,sched,iv,DES_DECRYPT);
+      memcpy(buf,unnet,len);
+      unnet_start=len;
+      unnet_left=num-len;
+
+      /* The following line is done because we return num
+       * as the number of bytes read. */
+      num=len;
+    }
+  else
+    {
+      /* >output is a multiple of 8 byes, if len < rnum
+       * >we must be careful.  The user must be aware that this
+       * >routine will write more bytes than he asked for.
+       * >The length of the buffer must be correct.
+       * FIXED - Should be ok now 18-9-90 - eay */
+      if (len < rnum)
+	{
+	  char tmpbuf[DES_RW_BSIZE];
+
+	  if (des_rw_mode & DES_PCBC_MODE)
+	    des_pcbc_encrypt((des_cblock *)net,
+			 (des_cblock *)tmpbuf,
+			 num,sched,iv,DES_DECRYPT);
+	  else
+	    des_cbc_encrypt((des_cblock *)net,
+			(des_cblock *)tmpbuf,
+			num,sched,iv,DES_DECRYPT);
+
+	  /* eay 26/08/92 fix a bug that returned more
+	   * bytes than you asked for (returned len bytes :-( */
+	  if (LEFT_JUSTIFIED || (len >= 8))
+	      memcpy(buf,tmpbuf,num);
+	  else
+	      memcpy(buf,tmpbuf+(8-num),num); /* Right justified */
+	}
+      else if (num >= 8)
+	{
+	  if (des_rw_mode & DES_PCBC_MODE)
+	    des_pcbc_encrypt((des_cblock *)net,
+			 (des_cblock *)buf,num,sched,iv,
+			 DES_DECRYPT);
+	  else
+	    des_cbc_encrypt((des_cblock *)net,
+			(des_cblock *)buf,num,sched,iv,
+			DES_DECRYPT);
+	}
+      else
+	{
+	  if (des_rw_mode & DES_PCBC_MODE)
+	    des_pcbc_encrypt((des_cblock *)net,
+			 (des_cblock *)buf,8,sched,iv,
+			 DES_DECRYPT);
+	  else
+	    des_cbc_encrypt((des_cblock *)net,
+			(des_cblock *)buf,8,sched,iv,
+			DES_DECRYPT);
+	  if (!LEFT_JUSTIFIED)
+	      memcpy(buf, buf+(8-num), num); /* Right justified */
+	}
+    }
+  return(num);
+}
+
+int
+des_enc_write(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv)
+{
+  long rnum;
+  int i,j,k,outnum;
+  char outbuf[DES_RW_BSIZE+HDRSIZE];
+  char shortbuf[8];
+  char *p;
+  static int start=1;
+
+  /* If we are sending less than 8 bytes, the same char will look
+   * the same if we don't pad it out with random bytes */
+  if (start)
+    {
+      start=0;
+      srand(time(NULL));
+    }
+
+  /* lets recurse if we want to send the data in small chunks */
+  if (len > DES_RW_MAXWRITE)
+    {
+      j=0;
+      for (i=0; i<len; i+=k)
+	{
+	  k=des_enc_write(fd,&(buf[i]),
+			  ((len-i) > DES_RW_MAXWRITE)?DES_RW_MAXWRITE:(len-i),sched,iv);
+	  if (k < 0)
+	    return(k);
+	  else
+	    j+=k;
+	}
+      return(j);
+    }
+
+  /* write length first */
+  p=outbuf;
+  l2n(len,p);
+
+  /* pad short strings */
+  if (len < 8)
+    {
+	if (LEFT_JUSTIFIED)
+	    {
+		p=shortbuf;
+		memcpy(shortbuf,buf,(unsigned int)len);
+		for (i=len; i<8; i++)
+		    shortbuf[i]=rand();
+		rnum=8;
+	    }
+	else
+	    {
+		p=shortbuf;
+		for (i=0; i<8-len; i++)
+		    shortbuf[i]=rand();
+		memcpy(shortbuf + 8 - len, buf, len);
+		rnum=8;
+	    }
+    }
+  else
+    {
+      p=buf;
+      rnum=((len+7)/8*8);	/* round up to nearest eight */
+    }
+
+  if (des_rw_mode & DES_PCBC_MODE)
+    des_pcbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]),
+		 (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); 
+  else
+    des_cbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]),
+		(long)((len<8)?8:len),sched,iv,DES_ENCRYPT); 
+
+  /* output */
+  outnum=rnum+HDRSIZE;
+
+  for (j=0; j<outnum; j+=i)
+    {
+      /* eay 26/08/92 I was not doing writing from where we
+       * got upto. */
+      i=write(fd,&(outbuf[j]),(unsigned int)(outnum-j));
+      if (i == -1)
+	{
+	  if (errno == EINTR)
+	    i=0;
+	  else			/* This is really a bad error - very bad
+				 * It will stuff-up both ends. */
+	    return(-1);
+	}
+    }
+
+  return(len);
+}
diff --git a/crypto/kerberosIV/appl/bsd/forkpty.c b/crypto/kerberosIV/appl/bsd/forkpty.c
new file mode 100644
index 0000000..891fb91
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/forkpty.c
@@ -0,0 +1,477 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+#ifndef HAVE_FORKPTY
+
+RCSID("$Id: forkpty.c,v 1.57 1999/12/02 16:58:28 joda Exp $");
+
+/* Only CRAY is known to have problems with forkpty(). */
+#if defined(CRAY)
+static int forkpty_ok = 0;
+#else
+static int forkpty_ok = 1;
+#endif
+
+#ifndef HAVE_PTSNAME
+static char *ptsname(int fd)
+{
+#ifdef HAVE_TTYNAME
+  return ttyname(fd);
+#else
+  return NULL;
+#endif
+}
+#endif
+
+#ifndef HAVE_GRANTPT
+#define grantpt(fdm) (0)
+#endif
+
+#ifndef HAVE_UNLOCKPT
+#define unlockpt(fdm) (0)
+#endif
+
+#ifndef HAVE_VHANGUP
+#define vhangup() (0)
+#endif
+
+#ifndef HAVE_REVOKE
+static
+void
+revoke(char *line)
+{
+    int slave;
+    RETSIGTYPE (*ofun)();
+
+    if ( (slave = open(line, O_RDWR)) < 0)
+	return;
+    
+    ofun = signal(SIGHUP, SIG_IGN);
+    vhangup();
+    signal(SIGHUP, ofun);
+    /*
+     * Some systems (atleast SunOS4) want to have the slave end open
+     * at all times to prevent a race in the child. Login will close
+     * it so it should really not be a problem. However for the
+     * paranoid we use the close on exec flag so it will only be open
+     * in the parent. Additionally since this will be the controlling
+     * tty of rlogind the final vhangup() in rlogind should hangup all
+     * processes. A working revoke would of course have been prefered
+     * though (sigh).
+     */
+    fcntl(slave, F_SETFD, 1);
+    /* close(slave); */
+}
+#endif
+
+
+static int pty_major, pty_minor;
+
+static void
+pty_scan_start(void)
+{
+    pty_major = -1;
+    pty_minor = 0;
+}
+
+static char *bsd_1 = "0123456789abcdefghijklmnopqrstuv";
+/* there are many more */
+static char *bsd_2 = "pqrstuvwxyzabcdefghijklmnoABCDEFGHIJKLMNOPQRSTUVWXYZ";
+
+static int
+pty_scan_next(char *buf, size_t sz)
+{
+#ifdef CRAY
+    if(++pty_major >= sysconf(_SC_CRAY_NPTY))
+	return -1;
+    snprintf(buf, sz, "/dev/pty/%03d", pty_major);
+#else
+    if(++pty_major == strlen(bsd_1)){
+	pty_major = 0;
+	if(++pty_minor == strlen(bsd_2))
+	    return -1;
+    }
+#ifdef __hpux
+    snprintf(buf, sz, "/dev/ptym/pty%c%c", bsd_2[pty_major], bsd_1[pty_minor]);
+#else
+    snprintf(buf, sz, "/dev/pty%c%c", bsd_2[pty_major], bsd_1[pty_minor]);
+#endif /* __hpux */
+#endif /* CRAY */
+    return 0;
+}
+
+static void
+pty_scan_tty(char *buf, size_t sz)
+{
+#ifdef CRAY
+    snprintf(buf, sz, "/dev/ttyp%03d", pty_major);
+#elif defined(__hpux)
+    snprintf(buf, sz, "/dev/pty/tty%c%c", bsd_2[pty_major], bsd_1[pty_minor]);
+#else
+    snprintf(buf, sz, "/dev/tty%c%c", bsd_2[pty_major], bsd_1[pty_minor]);
+#endif
+}
+
+static int
+ptym_open_streams_flavor(char *pts_name,
+			 size_t pts_name_sz,
+			 int *streams_pty)
+{
+    /* Try clone device master ptys */
+    const char *const clone[] = { "/dev/ptc", "/dev/ptmx",
+				  "/dev/ptm", "/dev/ptym/clone", 0 };
+    int	fdm;
+    const char *const *q;
+    
+    for (q = clone; *q; q++) {
+	fdm = open(*q, O_RDWR);
+	if (fdm >= 0)
+	    break;
+    }
+    if (fdm >= 0) {
+	char *ptr1;
+	if ((ptr1 = ptsname(fdm)) != NULL) /* Get slave's name */
+	    /* Return name of slave */  
+	    strlcpy(pts_name, ptr1, pts_name_sz);
+	else {
+	    close(fdm);
+	    return(-4);
+	}
+	if (grantpt(fdm) < 0) {	/* Grant access to slave */
+	    close(fdm);
+	    return(-2);
+	}
+	if (unlockpt(fdm) < 0) {	/* Clear slave's lock flag */
+	    close(fdm);
+	    return(-3);
+	}
+	return(fdm);			/* return fd of master */
+    }
+    return -1;
+}
+
+static int
+ptym_open_bsd_flavor(char *pts_name, size_t pts_name_sz, int *streams_pty)
+{
+    int fdm;
+    char ptm[MaxPathLen];
+
+    pty_scan_start();
+
+    while (pty_scan_next(ptm, sizeof(ptm)) != -1) {
+	fdm = open(ptm, O_RDWR);
+	if (fdm < 0)
+	    continue;
+#if SunOS == 40
+	/* Avoid a bug in SunOS4 ttydriver */
+	if (fdm > 0) {
+	    int pgrp;
+	    if ((ioctl(fdm, TIOCGPGRP, &pgrp) == -1)
+		&& (errno == EIO))
+		/* All fine */;
+	    else {
+		close(fdm);
+		continue;
+	    }
+	}
+#endif
+	pty_scan_tty(pts_name, sizeof(ptm));
+#if CRAY
+	/* this is some magic from the telnet code */
+	{
+	    struct stat sb;
+	    if(stat(pts_name, &sb) < 0) {
+		close(fdm);
+		continue;
+	    }
+	    if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) {
+		chown(pts_name, 0, 0);
+		chmod(pts_name, 0600);
+		close(fdm);
+		fdm = open(ptm, 2);
+		if (fdm < 0)
+		    continue;
+	    }
+	}
+	/*
+	 * Now it should be safe...check for accessability.
+	 */
+	if (access(pts_name, 6) != 0){
+	    /* no tty side to pty so skip it */
+	    close(fdm);
+	    continue;
+	}
+#endif
+	return fdm;	/* All done! */
+    }
+    
+    /* We failed to find BSD style pty */
+    errno = ENOENT;
+    return -1;
+}
+
+/*
+ *
+ * Open a master pty either using the STREAM flavor or the BSD flavor.
+ * Depending on if there are any free ptys in the different classes we
+ * need to try both. Normally try STREAMS first and then BSD.
+ *
+ * Kludge alert: Under HP-UX 10 and perhaps other systems STREAM ptys
+ * doesn't get initialized properly so we try them in different order
+ * until the problem has been resolved.
+ *
+ */
+static int
+ptym_open(char *pts_name, size_t pts_name_sz, int *streams_pty)
+{
+    int	fdm;
+
+#ifdef HAVE__GETPTY
+    {
+	char *p = _getpty(&fdm, O_RDWR, 0600, 1);
+	if (p) {
+	    *streams_pty = 1;
+	    strlcpy (pts_name, p, pts_name_sz);
+	    return fdm;
+	}
+    }
+#endif
+
+#ifdef STREAMSPTY
+    fdm = ptym_open_streams_flavor(pts_name, pts_name_sz, streams_pty);
+    if (fdm >= 0)
+      {
+	*streams_pty = 1;
+	return fdm;
+      }
+#endif
+    
+    fdm = ptym_open_bsd_flavor(pts_name, pts_name_sz, streams_pty);
+    if (fdm >= 0)
+      {
+	*streams_pty = 0;
+	return fdm;
+      }
+
+#ifndef STREAMSPTY
+    fdm = ptym_open_streams_flavor(pts_name, pts_name_sz, streams_pty);
+    if (fdm >= 0)
+      {
+	*streams_pty = 1;
+	return fdm;
+      }
+#endif
+    
+    return -1;
+}
+
+static int
+maybe_push_modules(int fd, char **modules)
+{
+#ifdef I_PUSH
+  char **p;
+  int err;
+
+  for(p=modules; *p; p++){
+    err=ioctl(fd, I_FIND, *p);
+    if(err == 1)
+      break;
+    if(err < 0 && errno != EINVAL)
+      return -17;
+    /* module not pushed or does not exist */
+  }
+  /* p points to null or to an already pushed module, now push all
+     modules before this one */
+
+  for(p--; p >= modules; p--){
+    err = ioctl(fd, I_PUSH, *p);
+    if(err < 0 && errno != EINVAL)
+      return -17;
+  }
+#endif
+  return 0;
+}
+
+static int
+ptys_open(int fdm, char *pts_name, int streams_pty)
+{
+    int fds;
+
+    if (streams_pty) {
+	/* Streams style slave ptys */
+	if ( (fds = open(pts_name, O_RDWR)) < 0) {
+	    close(fdm);
+	    return(-5);
+	}
+
+	{
+	  char *ttymodules[] = { "ttcompat", "ldterm", "ptem", NULL };
+	  char *ptymodules[] = { "pckt", NULL };
+	  
+	  if(maybe_push_modules(fds, ttymodules)<0){
+	    close(fdm);
+	    close(fds);
+	    return -6;
+	  }
+	  if(maybe_push_modules(fdm, ptymodules)<0){
+	    close(fdm);
+	    close(fds);
+	    return -7;
+	  }
+	}
+    } else {
+        /* BSD style slave ptys */
+	struct group *grptr;
+	int gid;
+	if ( (grptr = getgrnam("tty")) != NULL)
+	    gid = grptr->gr_gid;
+	else
+	    gid = -1;	/* group tty is not in the group file */
+
+	/* Grant access to slave */
+	if (chown(pts_name, getuid(), gid) < 0)
+	  fatal(0, "chown slave tty failed", 1);
+	if (chmod(pts_name, S_IRUSR | S_IWUSR | S_IWGRP) < 0)
+	  fatal(0, "chmod slave tty failed", 1);
+
+	if ( (fds = open(pts_name, O_RDWR)) < 0) {
+	    close(fdm);
+	    return(-1);
+	}
+    }
+    return(fds);
+}
+
+int
+forkpty_truncate(int *ptrfdm,
+		 char *slave_name,
+		 size_t slave_name_sz,
+		 struct termios *slave_termios,
+		 struct winsize *slave_winsize)
+{
+    int		fdm, fds, streams_pty;
+    pid_t	pid;
+    char	pts_name[20];
+
+    if (!forkpty_ok)
+        fatal(0, "Protocol not yet supported, use telnet", 0);
+
+    if ( (fdm = ptym_open(pts_name, sizeof(pts_name), &streams_pty)) < 0)
+	return -1;
+
+    if (slave_name != NULL)
+	/* Return name of slave */
+	strlcpy(slave_name, pts_name, slave_name_sz);
+
+    pid = fork();
+    if (pid < 0)
+	return(-1);
+    else if (pid == 0) {		/* Child */
+	if (setsid() < 0)
+	    fatal(0, "setsid() failure", errno);
+
+        revoke(slave_name);
+
+#if defined(NeXT) || defined(ultrix)
+	/* The NeXT is severely broken, this makes things slightly
+	 * better but we still doesn't get a working pty. If there
+	 * where a TIOCSCTTY we could perhaps fix things but... The
+	 * same problem also exists in xterm! */
+	if (setpgrp(0, 0) < 0)
+	    fatal(0, "NeXT kludge failed setpgrp", errno);
+#endif
+
+	/* SVR4 acquires controlling terminal on open() */
+	if ( (fds = ptys_open(fdm, pts_name, streams_pty)) < 0)
+	    return -1;
+	close(fdm);		/* All done with master in child */
+	
+#if	defined(TIOCSCTTY) && !defined(CIBAUD) && !defined(__hpux)
+	/* 44BSD way to acquire controlling terminal */
+	/* !CIBAUD to avoid doing this under SunOS */
+	if (ioctl(fds, TIOCSCTTY, (char *) 0) < 0)
+	    return -1;
+#endif
+#if defined(NeXT)
+	{
+	    int t = open("/dev/tty", O_RDWR);
+	    if (t < 0)
+	        fatal(0, "Failed to open /dev/tty", errno);
+	    close(fds);
+	    fds = t;
+	}
+#endif
+	/* Set slave's termios and window size */
+	if (slave_termios != NULL) {
+	    if (tcsetattr(fds, TCSANOW, slave_termios) < 0)
+		return -1;
+	}
+#ifdef TIOCSWINSZ
+	if (slave_winsize != NULL) {
+	    if (ioctl(fds, TIOCSWINSZ, slave_winsize) < 0)
+		return -1;
+	}
+#endif
+	/* slave becomes stdin/stdout/stderr of child */
+	if (dup2(fds, STDIN_FILENO) != STDIN_FILENO)
+	    return -1;
+	if (dup2(fds, STDOUT_FILENO) != STDOUT_FILENO)
+	    return -1;
+	if (dup2(fds, STDERR_FILENO) != STDERR_FILENO)
+	    return -1;
+	if (fds > STDERR_FILENO)
+	    close(fds);
+	return(0);		/* child returns 0 just like fork() */
+    }
+    else {			/* Parent */
+	*ptrfdm = fdm;	/* Return fd of master */
+	return(pid);	/* Parent returns pid of child */
+    }
+}
+
+int
+forkpty(int *ptrfdm,
+	char *slave_name,
+	struct termios *slave_termios,
+	struct winsize *slave_winsize)
+{
+    return forkpty_truncate (ptrfdm,
+			     slave_name,
+			     MaxPathLen,
+			     slave_termios,
+			     slave_winsize);
+}
+
+#endif /* HAVE_FORKPTY */
diff --git a/crypto/kerberosIV/appl/bsd/kcmd.c b/crypto/kerberosIV/appl/bsd/kcmd.c
new file mode 100644
index 0000000..af20357
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/kcmd.c
@@ -0,0 +1,272 @@
+/*
+ * Copyright (c) 1983, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: kcmd.c,v 1.20 1998/07/13 13:54:07 assar Exp $");
+
+#define	START_PORT	5120	 /* arbitrary */
+
+static int
+getport(int *alport)
+{
+	struct sockaddr_in sin;
+	int s;
+
+	sin.sin_family = AF_INET;
+	sin.sin_addr.s_addr = INADDR_ANY;
+	s = socket(AF_INET, SOCK_STREAM, 0);
+	if (s < 0)
+		return (-1);
+	for (;;) {
+		sin.sin_port = htons((u_short)*alport);
+		if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
+			return (s);
+		if (errno != EADDRINUSE) {
+			close(s);
+			return (-1);
+		}
+		(*alport)--;
+#ifdef ATHENA_COMPAT
+		if (*alport == IPPORT_RESERVED/2) {
+#else
+		if (*alport == IPPORT_RESERVED) {
+#endif
+			close(s);
+			errno = EAGAIN;		/* close */
+			return (-1);
+		}
+	}
+}
+
+int
+kcmd(int *sock,
+     char **ahost,
+     u_int16_t rport, 
+     char *locuser,
+     char *remuser,
+     char *cmd,
+     int *fd2p,
+     KTEXT ticket,
+     char *service,
+     char *realm,
+     CREDENTIALS *cred,
+     Key_schedule schedule,
+     MSG_DAT *msg_data,
+     struct sockaddr_in *laddr,
+     struct sockaddr_in *faddr,
+     int32_t authopts)
+{
+	int s, timo = 1;
+	pid_t pid;
+	struct sockaddr_in sin, from;
+	char c;
+#ifdef ATHENA_COMPAT
+	int lport = IPPORT_RESERVED - 1;
+#else
+	int lport = START_PORT;
+#endif
+	struct hostent *hp;
+	int rc;
+	char *host_save;
+	int status;
+	char **h_addr_list;
+
+	pid = getpid();
+	hp = gethostbyname(*ahost);
+	if (hp == NULL) {
+		/* fprintf(stderr, "%s: unknown host\n", *ahost); */
+		return (-1);
+	}
+
+	host_save = strdup(hp->h_name);
+	if (host_save == NULL)
+		return -1;
+	*ahost = host_save;
+	h_addr_list = hp->h_addr_list;
+
+	/* If realm is null, look up from table */
+	if (realm == NULL || realm[0] == '\0')
+		realm = krb_realmofhost(host_save);
+
+	for (;;) {
+		s = getport(&lport);
+		if (s < 0) {
+			if (errno == EAGAIN)
+				warnx("kcmd(socket): All ports in use\n");
+			else
+				warn("kcmd: socket");
+			return (-1);
+		}
+		sin.sin_family = hp->h_addrtype;
+		memcpy (&sin.sin_addr, h_addr_list[0], sizeof(sin.sin_addr));
+		sin.sin_port = rport;
+		if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
+			break;
+		close(s);
+		if (errno == EADDRINUSE) {
+			lport--;
+			continue;
+		}
+		/*
+		 * don't wait very long for Kerberos rcmd.
+		 */
+		if (errno == ECONNREFUSED && timo <= 4) {
+			/* sleep(timo); don't wait at all here */
+			timo *= 2;
+			continue;
+		}
+		if (h_addr_list[1] != NULL) {
+			warn ("kcmd: connect (%s)",
+			      inet_ntoa(sin.sin_addr));
+			h_addr_list++;
+			memcpy(&sin.sin_addr,
+			       *h_addr_list, 
+			       sizeof(sin.sin_addr));
+			fprintf(stderr, "Trying %s...\n",
+				inet_ntoa(sin.sin_addr));
+			continue;
+		}
+		if (errno != ECONNREFUSED)
+			warn ("connect(%s)", hp->h_name);
+		return (-1);
+	}
+	lport--;
+	if (fd2p == 0) {
+		write(s, "", 1);
+		lport = 0;
+	} else {
+		char num[8];
+		int s2 = getport(&lport), s3;
+		int len = sizeof(from);
+
+		if (s2 < 0) {
+			status = -1;
+			goto bad;
+		}
+		listen(s2, 1);
+		snprintf(num, sizeof(num), "%d", lport);
+		if (write(s, num, strlen(num) + 1) != strlen(num) + 1) {
+			warn("kcmd(write): setting up stderr");
+			close(s2);
+			status = -1;
+			goto bad;
+		}
+		{
+		    fd_set fds;
+		    FD_ZERO(&fds);
+		    FD_SET(s, &fds);
+		    FD_SET(s2, &fds);
+		    status = select(FD_SETSIZE, &fds, NULL, NULL, NULL);
+		    if(FD_ISSET(s, &fds)){
+			warnx("kcmd: connection unexpectedly closed.");
+			close(s2);
+			status = -1;
+			goto bad;
+		    }
+		}
+		s3 = accept(s2, (struct sockaddr *)&from, &len);
+		close(s2);
+		if (s3 < 0) {
+			warn ("kcmd: accept");
+			lport = 0;
+			status = -1;
+			goto bad;
+		}
+		
+		*fd2p = s3;
+		from.sin_port = ntohs((u_short)from.sin_port);
+		if (from.sin_family != AF_INET ||
+		    from.sin_port >= IPPORT_RESERVED) {
+			warnx("kcmd(socket): "
+			      "protocol failure in circuit setup.");
+			status = -1;
+			goto bad2;
+		}
+	}
+	/*
+	 * Kerberos-authenticated service.  Don't have to send locuser,
+	 * since its already in the ticket, and we'll extract it on
+	 * the other side.
+	 */
+	/* write(s, locuser, strlen(locuser)+1); */
+
+	/* set up the needed stuff for mutual auth, but only if necessary */
+	if (authopts & KOPT_DO_MUTUAL) {
+		int sin_len;
+		*faddr = sin;
+
+		sin_len = sizeof(struct sockaddr_in);
+		if (getsockname(s, (struct sockaddr *)laddr, &sin_len) < 0) {
+			warn("kcmd(getsockname)");
+			status = -1;
+			goto bad2;
+		}
+	}
+	if ((status = krb_sendauth(authopts, s, ticket, service, *ahost,
+			       realm, (unsigned long) getpid(), msg_data,
+			       cred, schedule,
+			       laddr,
+			       faddr,
+			       "KCMDV0.1")) != KSUCCESS)
+		goto bad2;
+
+	write(s, remuser, strlen(remuser)+1);
+	write(s, cmd, strlen(cmd)+1);
+
+	if ((rc = read(s, &c, 1)) != 1) {
+		if (rc == -1)
+			warn("read(%s)", *ahost);
+		else
+			warnx("kcmd: bad connection with remote host");
+		status = -1;
+		goto bad2;
+	}
+	if (c != '\0') {
+		while (read(s, &c, 1) == 1) {
+			write(2, &c, 1);
+			if (c == '\n')
+				break;
+		}
+		status = -1;
+		goto bad2;
+	}
+	*sock = s;
+	return (KSUCCESS);
+bad2:
+	if (lport)
+		close(*fd2p);
+bad:
+	close(s);
+	return (status);
+}
diff --git a/crypto/kerberosIV/appl/bsd/klogin.c b/crypto/kerberosIV/appl/bsd/klogin.c
new file mode 100644
index 0000000..df21dbf
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/klogin.c
@@ -0,0 +1,229 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: klogin.c,v 1.27 1999/10/04 16:11:48 bg Exp $");
+
+#ifdef KERBEROS
+
+#define	VERIFY_SERVICE	"rcmd"
+
+extern int notickets;
+extern char *krbtkfile_env;
+
+static char tkt_location[MaxPathLen];
+
+static int
+multiple_get_tkt(char *name,
+		 char *instance,
+		 char *realm,
+		 char *service,
+		 char *sinstance,
+		 int life,
+		 char *password)
+{
+  int ret;
+  int n;
+  char rlm[256];
+
+  /* First try to verify against the supplied realm. */
+  ret = krb_get_pw_in_tkt(name, instance, realm, service, realm, life,
+			  password);
+  if(ret == KSUCCESS)
+    return KSUCCESS;
+
+  /* Verify all local realms, except the supplied realm. */
+  for (n = 1; krb_get_lrealm(rlm, n) == KSUCCESS; n++)
+    if (strcmp(rlm, realm) != 0) {
+      ret = krb_get_pw_in_tkt(name, instance, rlm,service, rlm,life, password);
+      if (ret == KSUCCESS)
+	return KSUCCESS;
+    }
+
+  return ret;
+}
+
+/*
+ * Attempt to log the user in using Kerberos authentication
+ *
+ * return 0 on success (will be logged in)
+ *	  1 if Kerberos failed (try local password in login)
+ */
+int
+klogin(struct passwd *pw, char *instance, char *localhost, char *password)
+{
+    int kerror;
+    AUTH_DAT authdata;
+    KTEXT_ST ticket;
+    struct hostent *hp;
+    u_int32_t faddr;
+    char realm[REALM_SZ], savehost[MaxHostNameLen];
+    extern int noticketsdontcomplain;
+
+#ifdef KLOGIN_PARANOID
+    noticketsdontcomplain = 0; /* enable warning message */
+#endif
+    /*
+     * Root logins don't use Kerberos.
+     * If we have a realm, try getting a ticket-granting ticket
+     * and using it to authenticate.  Otherwise, return
+     * failure so that we can try the normal passwd file
+     * for a password.  If that's ok, log the user in
+     * without issuing any tickets.
+     */
+    if (strcmp(pw->pw_name, "root") == 0 ||
+	krb_get_lrealm(realm, 1) != KSUCCESS)
+	return (1);
+
+    noticketsdontcomplain = 0; /* enable warning message */
+
+    /*
+     * get TGT for local realm
+     * tickets are stored in a file named TKT_ROOT plus uid
+     * except for user.root tickets.
+     */
+
+    if (strcmp(instance, "root") != 0)
+	snprintf(tkt_location, sizeof(tkt_location),
+		 "%s%u_%u",
+		TKT_ROOT, (unsigned)pw->pw_uid, (unsigned)getpid());
+    else {
+	snprintf(tkt_location, sizeof(tkt_location),
+		 "%s_root_%d", TKT_ROOT,
+		(unsigned)pw->pw_uid);
+    }
+    krbtkfile_env = tkt_location;
+    krb_set_tkt_string(tkt_location);
+
+    /*
+     * Set real as well as effective ID to 0 for the moment,
+     * to make the kerberos library do the right thing.
+     */
+    if (setuid(0) < 0) {
+        warnx("setuid");
+	return (1);
+    }
+
+    /*
+     * Get ticket
+     */
+    kerror = multiple_get_tkt(pw->pw_name,
+			      instance,
+			      realm,
+			      KRB_TICKET_GRANTING_TICKET,
+			      realm,
+			      DEFAULT_TKT_LIFE,
+			      password);
+
+    /*
+     * If we got a TGT, get a local "rcmd" ticket and check it so as to
+     * ensure that we are not talking to a bogus Kerberos server.
+     *
+     * There are 2 cases where we still allow a login:
+     *	1: the VERIFY_SERVICE doesn't exist in the KDC
+     *	2: local host has no srvtab, as (hopefully) indicated by a
+     *	   return value of RD_AP_UNDEC from krb_rd_req().
+     */
+    if (kerror != INTK_OK) {
+	if (kerror != INTK_BADPW && kerror != KDC_PR_UNKNOWN) {
+	    syslog(LOG_ERR, "Kerberos intkt error: %s",
+		   krb_get_err_text(kerror));
+	    dest_tkt();
+	}
+	return (1);
+    }
+
+    if (chown(TKT_FILE, pw->pw_uid, pw->pw_gid) < 0)
+	syslog(LOG_ERR, "chown tkfile (%s): %m", TKT_FILE);
+
+    strlcpy(savehost, krb_get_phost(localhost), sizeof(savehost));
+
+#ifdef KLOGIN_PARANOID
+    /*
+     * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host,
+     * don't allow kerberos login, also log the error condition.
+     */
+
+    kerror = krb_mk_req(&ticket, VERIFY_SERVICE, savehost, realm, 33);
+    if (kerror == KDC_PR_UNKNOWN) {
+	syslog(LOG_NOTICE,
+	       "warning: TGT not verified (%s); %s.%s not registered, or srvtab is wrong?",
+	       krb_get_err_text(kerror), VERIFY_SERVICE, savehost);
+	notickets = 0;
+	return (1);
+    }
+
+    if (kerror != KSUCCESS) {
+	warnx("unable to use TGT: (%s)", krb_get_err_text(kerror));
+	syslog(LOG_NOTICE, "unable to use TGT: (%s)",
+	       krb_get_err_text(kerror));
+	dest_tkt();
+	return (1);
+    }
+
+    if (!(hp = gethostbyname(localhost))) {
+	syslog(LOG_ERR, "couldn't get local host address");
+	dest_tkt();
+	return (1);
+    }
+
+    memcpy(&faddr, hp->h_addr, sizeof(faddr));
+
+    kerror = krb_rd_req(&ticket, VERIFY_SERVICE, savehost, faddr,
+			&authdata, "");
+
+    if (kerror == KSUCCESS) {
+	notickets = 0;
+	return (0);
+    }
+
+    /* undecipherable: probably didn't have a srvtab on the local host */
+    if (kerror == RD_AP_UNDEC) {
+	syslog(LOG_NOTICE, "krb_rd_req: (%s)\n", krb_get_err_text(kerror));
+	dest_tkt();
+	return (1);
+    }
+    /* failed for some other reason */
+    warnx("unable to verify %s ticket: (%s)", VERIFY_SERVICE,
+	  krb_get_err_text(kerror));
+    syslog(LOG_NOTICE, "couldn't verify %s ticket: %s", VERIFY_SERVICE,
+	   krb_get_err_text(kerror));
+    dest_tkt();
+    return (1);
+#else
+    notickets = 0;
+    return (0);
+#endif
+}
+#endif
diff --git a/crypto/kerberosIV/appl/bsd/krcmd.c b/crypto/kerberosIV/appl/bsd/krcmd.c
new file mode 100644
index 0000000..8c3c6f3
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/krcmd.c
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: krcmd.c,v 1.10 1997/03/30 18:20:18 joda Exp $");
+
+#define	SERVICE_NAME	"rcmd"
+
+/*
+ * krcmd: simplified version of Athena's "kcmd"
+ *	returns a socket attached to the destination, -1 or krb error on error 
+ *	if fd2p is non-NULL, another socket is filled in for it
+ */
+
+int
+krcmd(char **ahost, u_short rport, char *remuser, char *cmd, int *fd2p, char *realm)
+{
+	int		sock = -1, err = 0;
+	KTEXT_ST	ticket;
+	long		authopts = 0L;
+
+	err = kcmd(
+		&sock,
+		ahost,
+		rport,
+		NULL,	/* locuser not used */
+		remuser,
+		cmd,
+		fd2p,
+		&ticket,
+		SERVICE_NAME,
+		realm,
+		(CREDENTIALS *)  NULL,		/* credentials not used */
+		0,				/* key schedule not used */
+		(MSG_DAT *) NULL,		/* MSG_DAT not used */
+		(struct sockaddr_in *) NULL,	/* local addr not used */
+		(struct sockaddr_in *) NULL,	/* foreign addr not used */
+		authopts
+	);
+
+	if (err > KSUCCESS && err < MAX_KRB_ERRORS) {
+	    warning("krcmd: %s", krb_get_err_text(err));
+	    return(-1);
+	}
+	if (err < 0)
+	    return(-1);
+	return(sock);
+}
+
+int
+krcmd_mutual(char **ahost, u_short rport, char *remuser, char *cmd, int *fd2p, char *realm, CREDENTIALS *cred, Key_schedule sched)
+{
+	int		sock, err;
+	KTEXT_ST	ticket;
+	MSG_DAT		msg_dat;
+	struct sockaddr_in	laddr, faddr;
+	long authopts = KOPT_DO_MUTUAL;
+
+	err = kcmd(
+		&sock,
+		ahost,
+		rport,
+		NULL,	/* locuser not used */
+		remuser,
+		cmd,
+		fd2p,
+		&ticket,
+		SERVICE_NAME,
+		realm,
+		cred,		/* filled in */
+		sched,		/* filled in */
+		&msg_dat,	/* filled in */
+		&laddr,		/* filled in */
+		&faddr,		/* filled in */
+		authopts
+	);
+
+	if (err > KSUCCESS && err < MAX_KRB_ERRORS) {
+	    warnx("krcmd_mutual: %s", krb_get_err_text(err));
+	    return(-1);
+	}
+	
+	if (err < 0)
+	    return (-1);
+	return(sock);
+}
diff --git a/crypto/kerberosIV/appl/bsd/login.c b/crypto/kerberosIV/appl/bsd/login.c
new file mode 100644
index 0000000..0d29ebe
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/login.c
@@ -0,0 +1,1106 @@
+/*-
+ * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * login [ name ]
+ * login -h hostname	(for telnetd, etc.)
+ * login -f name	(for pre-authenticated login: datakit, xterm, etc.)
+ */
+
+#include "bsd_locl.h"
+#ifdef HAVE_CAPABILITY_H
+#include <capability.h>
+#endif
+#ifdef HAVE_SYS_CAPABILITY_H
+#include <sys/capability.h>
+#endif
+
+RCSID("$Id: login.c,v 1.125 1999/11/30 19:24:01 bg Exp $");
+
+#ifdef OTP
+#include <otp.h>
+#endif
+
+#include "sysv_default.h"
+#ifdef SYSV_SHADOW
+#include "sysv_shadow.h"
+#endif
+
+static	void	 badlogin (char *);
+static	void	 checknologin (void);
+static	void	 dolastlog (int);
+static	void	 getloginname (int);
+static	int	 rootterm (char *);
+static	char	*stypeof (char *);
+static	RETSIGTYPE	 timedout (int);
+static	int	 doremotelogin (char *);
+void	login_fbtab (char *, uid_t, gid_t);
+#ifdef KERBEROS
+int	klogin (struct passwd *, char *, char *, char *);
+#endif
+
+#define	TTYGRPNAME	"tty"		/* name of group to own ttys */
+
+/*
+ * This bounds the time given to login.  Change it in
+ * `/etc/default/login'.
+ */
+
+static	u_int	login_timeout;
+
+#ifdef KERBEROS
+int	notickets = 1;
+int	noticketsdontcomplain = 1;
+char	*instance;
+char	*krbtkfile_env;
+int	authok;
+#endif
+
+#ifdef HAVE_SHADOW_H
+static  struct spwd *spwd = NULL;
+#endif
+
+static	char    *ttyprompt;
+
+static	struct	passwd *pwd;
+static	int	failures;
+static	char	term[64], *hostname, *username, *tty;
+
+static  char rusername[100], lusername[100];
+
+static int
+change_passwd(struct passwd  *who)
+{
+    int status;
+    pid_t pid;
+ 
+    switch (pid = fork()) {
+    case -1:
+	warn("fork /bin/passwd");
+	sleepexit(1);
+    case 0:
+	execlp("/bin/passwd", "passwd", who->pw_name, (char *) 0);
+	_exit(1);
+    default:
+	waitpid(pid, &status, 0);
+	return (status);
+    }
+}
+
+#ifndef NO_MOTD /* message of the day stuff */
+
+jmp_buf motdinterrupt;
+
+static RETSIGTYPE
+sigint(int signo)
+{
+	longjmp(motdinterrupt, 1);
+}
+
+static void
+motd(void)
+{
+	int fd, nchars;
+	RETSIGTYPE (*oldint)();
+	char tbuf[8192];
+
+	if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0)
+		return;
+	oldint = signal(SIGINT, sigint);
+	if (setjmp(motdinterrupt) == 0)
+		while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
+			write(fileno(stdout), tbuf, nchars);
+	signal(SIGINT, oldint);
+	close(fd);
+}
+
+#endif /* !NO_MOTD */
+
+#define AUTH_NONE 0
+#define AUTH_OTP  1
+
+/*
+ * getpwnam and try to detect the worst form of NIS attack.
+ */
+
+static struct passwd *
+paranoid_getpwnam (char *user)
+{
+	struct passwd *p;
+
+	p = k_getpwnam (user);
+	if (p == NULL)
+		return p;
+	if (p->pw_uid == 0 && strcmp (username, "root") != 0) {
+		syslog (LOG_ALERT,
+			"NIS attack, user %s has uid 0", username);
+		return NULL;
+	}
+	return p;
+}
+
+int
+main(int argc, char **argv)
+{
+	struct group *gr;
+	int ask, ch, cnt, fflag, hflag, pflag, quietlog, nomailcheck;
+	int rootlogin, rval;
+	int rflag;
+	int changepass = 0;
+	uid_t uid;
+	char *domain, *p, passwd[128], *ttyn;
+	char tbuf[MaxPathLen + 2], tname[sizeof(_PATH_TTY) + 10];
+	char localhost[MaxHostNameLen];
+	char full_hostname[MaxHostNameLen];
+	int auth_level = AUTH_NONE;
+#ifdef OTP
+	OtpContext otp_ctx;
+#endif
+	int mask = 022;		/* Default umask (set below) */
+	int maxtrys = 5;	/* Default number of allowed failed logins */
+
+	set_progname(argv[0]);
+
+	openlog("login", LOG_ODELAY, LOG_AUTH);
+
+        /* Read defaults file and set the login timeout period. */
+        sysv_defaults();
+        login_timeout = atoi(default_timeout);
+        maxtrys = atoi(default_maxtrys);
+        if (sscanf(default_umask, "%o", &mask) != 1 || (mask & ~0777))
+                syslog(LOG_WARNING, "bad umask default: %s", default_umask);
+        else
+                umask(mask);
+
+	signal(SIGALRM, timedout);
+	alarm(login_timeout);
+	signal(SIGQUIT, SIG_IGN);
+	signal(SIGINT, SIG_IGN);
+	setpriority(PRIO_PROCESS, 0, 0);
+
+	/*
+	 * -p is used by getty to tell login not to destroy the environment
+	 * -f is used to skip a second login authentication
+	 * -h is used by other servers to pass the name of the remote
+	 *    host to login so that it may be placed in utmp and wtmp
+	 * -r is used by old-style rlogind to execute the autologin protocol
+	 */
+
+	*full_hostname = '\0';
+	domain = NULL;
+	if (gethostname(localhost, sizeof(localhost)) < 0)
+		syslog(LOG_ERR, "couldn't get local hostname: %m");
+	else
+		domain = strchr(localhost, '.');
+
+	fflag = hflag = pflag = rflag = 0;
+	uid = getuid();
+	while ((ch = getopt(argc, argv, "a:d:fh:pr:")) != -1)
+	        switch (ch) {
+		case 'a':
+			if (strcmp (optarg, "none") == 0)
+				auth_level = AUTH_NONE;
+#ifdef OTP
+			else if (strcmp (optarg, "otp") == 0)
+				auth_level = AUTH_OTP;
+#endif
+			else
+				warnx ("bad value for -a: %s", optarg);
+			break;
+		case 'd':
+			break;
+		case 'f':
+			fflag = 1;
+			break;
+		case 'h':
+			if (rflag || hflag) {
+			    printf("Only one of -r and -h allowed\n");
+			    exit(1);
+                        }
+			if (uid)
+				errx(1, "-h option: %s", strerror(EPERM));
+			hflag = 1;
+			strlcpy(full_hostname,
+					optarg,
+					sizeof(full_hostname));
+			if (domain && (p = strchr(optarg, '.')) &&
+			    strcasecmp(p, domain) == 0)
+				*p = 0;
+			hostname = optarg;
+			break;
+		case 'p':
+			if (getuid()) {
+				warnx("-p for super-user only.");
+				exit(1);
+                        }
+			pflag = 1;
+			break;
+	        case 'r':
+			if (rflag || hflag) {
+				warnx("Only one of -r and -h allowed\n");
+				exit(1);
+                        }
+			if (getuid()) {
+				warnx("-r for super-user only.");
+				exit(1);
+                        }
+			rflag = 1;
+			strlcpy(full_hostname,
+					optarg,
+					sizeof(full_hostname));
+			if (domain && (p = strchr(optarg, '.')) &&
+			    strcasecmp(p, domain) == 0)
+				*p = 0;
+			hostname = optarg;
+			fflag = (doremotelogin(full_hostname) == 0);
+			break;
+		case '?':
+		default:
+			if (!uid)
+				syslog(LOG_ERR, "invalid flag %c", ch);
+			fprintf(stderr,
+				"usage: login [-fp]"
+#ifdef OTP
+				" [-a otp]"
+#endif
+				" [-h hostname | -r hostname] [username]\n");
+			exit(1);
+		}
+	argc -= optind;
+	argv += optind;
+
+	if (geteuid() != 0) {
+		warnx("only root may use login, use su");
+	        /* Or install login setuid root, which is not necessary */
+		sleep(10);
+		exit(1);
+	}
+        /*
+         * Figure out if we should ask for the username or not. The name
+         * may be given on the command line or via the environment, and
+         * it may even be in the terminal input queue.
+         */
+        if (rflag) {
+                username = lusername;
+                ask = 0;
+	      } else
+        if (*argv && strchr(*argv, '=')) {
+                ask = 1;
+	      } else
+        if (*argv && strcmp(*argv, "-") == 0) {
+                argc--;
+                argv++;
+                ask = 1;
+	      } else
+	if (*argv) {
+		username = *argv;
+		ask = 0;
+                argc--;
+                argv++;
+        } else if ((ttyprompt = getenv("TTYPROMPT")) && *ttyprompt) {
+                getloginname(0);
+                ask = 0;
+	} else
+		ask = 1;
+
+	/* Default tty settings. */
+	stty_default();
+
+	for (cnt = getdtablesize(); cnt > 2; cnt--)
+		close(cnt);
+
+        /*
+         * Determine the tty name. BSD takes the basename, SYSV4 takes
+         * whatever remains after stripping the "/dev/" prefix. The code
+         * below should produce sensible results in either environment.
+         */
+        ttyn = ttyname(STDIN_FILENO);
+        if (ttyn == NULL || *ttyn == '\0') {
+	        snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
+	        ttyn = tname;
+	}
+        if ((tty = strchr(ttyn + 1, '/')))
+	        ++tty;
+        else
+	        tty = ttyn;
+
+	for (cnt = 0;; ask = 1) {
+	        char prompt[128], ss[256];
+		if (ask) {
+			fflag = 0;
+			getloginname(1);
+		}
+		rootlogin = 0;
+		rval = 1;
+#ifdef	KERBEROS
+		if ((instance = strchr(username, '.')) != NULL) {
+		    if (strcmp(instance, ".root") == 0)
+			rootlogin = 1;
+		    *instance++ = '\0';
+		} else
+		    instance = "";
+#endif
+		if (strlen(username) > UT_NAMESIZE)
+			username[UT_NAMESIZE] = '\0';
+
+		/*
+		 * Note if trying multiple user names; log failures for
+		 * previous user name, but don't bother logging one failure
+		 * for nonexistent name (mistyped username).
+		 */
+		if (failures && strcmp(tbuf, username)) {
+			if (failures > (pwd ? 0 : 1))
+				badlogin(tbuf);
+			failures = 0;
+		}
+		strlcpy(tbuf, username, sizeof(tbuf));
+
+		pwd = paranoid_getpwnam (username);
+
+		/*
+		 * if we have a valid account name, and it doesn't have a
+		 * password, or the -f option was specified and the caller
+		 * is root or the caller isn't changing their uid, don't
+		 * authenticate.
+		 */
+		if (pwd) {
+			if (pwd->pw_uid == 0)
+				rootlogin = 1;
+
+			if (fflag && (uid == 0 || uid == pwd->pw_uid)) {
+				/* already authenticated */
+				break;
+			} else if (pwd->pw_passwd[0] == '\0') {
+				/* pretend password okay */
+				rval = 0;
+				goto ttycheck;
+			}
+		}
+
+		fflag = 0;
+
+		setpriority(PRIO_PROCESS, 0, -4);
+
+#ifdef OTP
+		if (otp_challenge (&otp_ctx, username,
+				   ss, sizeof(ss)) == 0)
+			snprintf (prompt, sizeof(prompt), "%s's %s Password: ",
+				  username, ss);
+		else
+#endif
+		{
+			if (auth_level == AUTH_NONE)
+				snprintf(prompt, sizeof(prompt), "%s's Password: ",
+					 username);
+			else {
+				char *s;
+
+				rval = 1;
+#ifdef OTP
+				s = otp_error(&otp_ctx);
+				if(s)
+					printf ("OTP: %s\n", s);
+#endif
+				continue;
+			}
+		}
+
+		if (des_read_pw_string (passwd, sizeof(passwd) - 1, prompt, 0))
+			continue;
+		passwd[sizeof(passwd) - 1] = '\0';
+
+		/* Verify it somehow */
+
+#ifdef OTP
+		if (otp_verify_user (&otp_ctx, passwd) == 0)
+			rval = 0;
+		else
+#endif
+		if (pwd == NULL)
+			;
+		else if (auth_level == AUTH_NONE) {
+			uid_t pwd_uid = pwd->pw_uid;
+
+			rval = unix_verify_user (username, passwd);
+
+			if (rval == 0)
+			  {
+			    if (rootlogin && pwd_uid != 0)
+			      rootlogin = 0;
+			  }
+			else
+			  {
+			    rval = klogin(pwd, instance, localhost, passwd);
+			    if (rval != 0 && rootlogin && pwd_uid != 0)
+			      rootlogin = 0;
+			    if (rval == 0)
+			      authok = 1;
+			  }
+		} else {
+			char *s;
+
+			rval = 1;
+#ifdef OTP
+			if ((s = otp_error(&otp_ctx)))
+				printf ("OTP: %s\n", s);
+#endif
+		}
+
+		memset (passwd, 0, sizeof(passwd));
+		setpriority (PRIO_PROCESS, 0, 0);
+
+		/*
+		 * Santa Claus, give me a portable and reentrant getpwnam.
+		 */
+		pwd = paranoid_getpwnam (username);
+
+	ttycheck:
+		/*
+		 * If trying to log in as root without Kerberos,
+		 * but with insecure terminal, refuse the login attempt.
+		 */
+#ifdef KERBEROS
+		if (authok == 0)
+#endif
+		if (pwd && !rval && rootlogin && !rootterm(tty)
+		    && !rootterm(ttyn)) {
+			warnx("%s login refused on this terminal.",
+			      pwd->pw_name);
+			if (hostname)
+				syslog(LOG_NOTICE,
+				       "LOGIN %s REFUSED FROM %s ON TTY %s",
+				       pwd->pw_name, hostname, tty);
+			else
+				syslog(LOG_NOTICE,
+				       "LOGIN %s REFUSED ON TTY %s",
+				       pwd->pw_name, tty);
+			continue;
+		}
+
+		if (rval == 0)
+			break;
+
+		printf("Login incorrect\n");
+		failures++;
+
+                /* max number of attemps and delays taken from defaults file */
+		/* we allow maxtrys tries, but after 2 we start backing off */
+		if (++cnt > 2) {
+			if (cnt >= maxtrys) {
+				badlogin(username);
+				sleepexit(1);
+			}
+			sleep((u_int)((cnt - 2) * atoi(default_sleep)));
+		}
+	}
+
+	/* committed to login -- turn off timeout */
+	alarm(0);
+
+	endpwent();
+
+#if defined(HAVE_GETUDBNAM) && defined(HAVE_SETLIM)
+	{
+	    struct udb *udb;
+	    long t;
+	    const long maxcpu = 46116860184; /* some random constant */
+	    
+	    if(setjob(pwd->pw_uid, 0) < 0) 
+		warn("setjob");
+
+	    udb = getudbnam(pwd->pw_name);
+	    if(udb == UDB_NULL)
+		errx(1, "Failed to get UDB entry.");
+
+	    /* per process cpu limit */
+	    t = udb->ue_pcpulim[UDBRC_INTER];
+	    if(t == 0 || t > maxcpu)
+		t = CPUUNLIM;
+	    else
+		t *= CLK_TCK;
+
+	    if(limit(C_PROC, 0, L_CPU, t) < 0)
+		warn("limit process cpu");
+
+	    /* per process memory limit */
+	    if(limit(C_PROC, 0, L_MEM, udb->ue_pmemlim[UDBRC_INTER]) < 0)
+		warn("limit process memory");
+
+	    /* per job cpu limit */
+	    t = udb->ue_jcpulim[UDBRC_INTER];
+	    if(t == 0 || t > maxcpu)
+		t = CPUUNLIM;
+	    else
+		t *= CLK_TCK;
+
+	    if(limit(C_JOB, 0, L_CPU, t) < 0)
+		warn("limit job cpu");
+	    
+	    /* per job processor limit */
+	    if(limit(C_JOB, 0, L_CPROC, udb->ue_jproclim[UDBRC_INTER]) < 0)
+		warn("limit job processors");
+
+	    /* per job memory limit */
+	    if(limit(C_JOB, 0, L_MEM, udb->ue_jmemlim[UDBRC_INTER]) < 0)
+		warn("limit job memory");
+
+	    nice(udb->ue_nice[UDBRC_INTER]);
+	}
+#endif
+	/* if user not super-user, check for disabled logins */
+	if (!rootlogin)
+		checknologin();
+
+	if (chdir(pwd->pw_dir) < 0) {
+		printf("No home directory %s!\n", pwd->pw_dir);
+		if (chdir("/"))
+			exit(0);
+		pwd->pw_dir = "/";
+		printf("Logging in with home = \"/\".\n");
+	}
+
+	quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0;
+	nomailcheck = access(_PATH_NOMAILCHECK, F_OK) == 0;
+
+#if defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE)
+	if (pwd->pw_change || pwd->pw_expire)
+		gettimeofday(&tp, (struct timezone *)NULL);
+
+	if (pwd->pw_change)
+		if (tp.tv_sec >= pwd->pw_change) {
+			printf("Sorry -- your password has expired.\n");
+			changepass=1;
+		} else if (pwd->pw_change - tp.tv_sec <
+		    2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
+			printf("Warning: your password expires on %s",
+			    ctime(&pwd->pw_change));
+	if (pwd->pw_expire)
+		if (tp.tv_sec >= pwd->pw_expire) {
+			printf("Sorry -- your account has expired.\n");
+			sleepexit(1);
+		} else if (pwd->pw_expire - tp.tv_sec <
+		    2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
+			printf("Warning: your account expires on %s",
+			    ctime(&pwd->pw_expire));
+#endif /* defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) */
+
+	/* Nothing else left to fail -- really log in. */
+
+        /*
+         * Update the utmp files, both BSD and SYSV style.
+         */
+        if (utmpx_login(tty, username, hostname ? hostname : "") != 0
+	    && !fflag) {
+                printf("No utmpx entry.  You must exec \"login\" from the lowest level \"sh\".\n");
+                sleepexit(0);
+        }
+	utmp_login(ttyn, username, hostname ? hostname : "");
+	dolastlog(quietlog);
+
+	/*
+	 * Set device protections, depending on what terminal the
+	 * user is logged in. This feature is used on Suns to give
+	 * console users better privacy.
+	 */
+	login_fbtab(tty, pwd->pw_uid, pwd->pw_gid);
+
+	if (chown(ttyn, pwd->pw_uid,
+	    (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid) < 0)
+	  err(1, "chown tty failed");
+	if (chmod(ttyn, S_IRUSR | S_IWUSR | S_IWGRP) < 0)
+	  err(1, "chmod tty failed");
+	setgid(pwd->pw_gid);
+
+	initgroups(username, pwd->pw_gid);
+
+	if (*pwd->pw_shell == '\0')
+		pwd->pw_shell = _PATH_BSHELL;
+
+        /*
+         * Set up a new environment. With SYSV, some variables are always
+         * preserved; some varables are never preserved, and some variables
+         * are always clobbered. With BSD, nothing is always preserved, and
+         * some variables are always clobbered. We add code to make sure
+         * that LD_* and IFS are never preserved.
+         */
+	if (term[0] == '\0')
+		strlcpy(term, stypeof(tty), sizeof(term));
+        /* set up a somewhat censored environment. */
+        sysv_newenv(argc, argv, pwd, term, pflag);
+#ifdef KERBEROS
+	if (krbtkfile_env)
+	    setenv("KRBTKFILE", krbtkfile_env, 1);
+#endif
+
+	if (tty[sizeof("tty")-1] == 'd')
+		syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
+
+	/* If fflag is on, assume caller/authenticator has logged root login. */
+	if (rootlogin && fflag == 0) {
+		if (hostname)
+			syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s",
+			    username, tty, hostname);
+		else
+			syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty);
+	}
+
+#ifdef KERBEROS
+	if (!quietlog && notickets == 1 && !noticketsdontcomplain)
+		printf("Warning: no Kerberos tickets issued.\n");
+#endif
+
+#ifdef LOGALL
+	/*
+	 * Syslog each successful login, so we don't have to watch hundreds
+	 * of wtmp or lastlogin files.
+	 */
+	if (hostname) {
+		syslog(LOG_INFO, "login from %s as %s", hostname, pwd->pw_name);
+	} else {
+		syslog(LOG_INFO, "login on %s as %s", tty, pwd->pw_name);
+	}
+#endif
+
+#ifndef NO_MOTD
+        /*
+         * Optionally show the message of the day. System V login leaves
+         * motd and mail stuff up to the shell startup file.
+         */
+	if (!quietlog) {
+	        struct stat st;
+#if 0
+		printf("%s\n\t%s  %s\n\n",
+	    "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
+		    "The Regents of the University of California. ",
+		    "All rights reserved.");
+#endif
+		motd();
+		if(!nomailcheck){
+		    snprintf(tbuf, sizeof(tbuf), "%s/%s", _PATH_MAILDIR, pwd->pw_name);
+		    if (stat(tbuf, &st) == 0 && st.st_size != 0)
+			printf("You have %smail.\n",
+			       (st.st_mtime > st.st_atime) ? "new " : "");
+		}
+	}
+#endif /* NO_MOTD */
+
+#ifdef LOGIN_ACCESS
+	if (login_access(pwd, hostname ? full_hostname : tty) == 0) {
+		printf("Permission denied\n");
+		if (hostname)
+			syslog(LOG_NOTICE, "%s LOGIN REFUSED FROM %s",
+				pwd->pw_name, hostname);
+		else
+			syslog(LOG_NOTICE, "%s LOGIN REFUSED ON %s",
+				pwd->pw_name, tty);
+		sleepexit(1);
+	}
+#endif
+
+	signal(SIGALRM, SIG_DFL);
+	signal(SIGQUIT, SIG_DFL);
+	signal(SIGINT, SIG_DFL);
+#ifdef SIGTSTP
+	signal(SIGTSTP, SIG_IGN);
+#endif
+
+	p = strrchr(pwd->pw_shell, '/');
+	snprintf (tbuf, sizeof(tbuf), "-%s", p ? p + 1 : pwd->pw_shell);
+
+#ifdef HAVE_SETLOGIN
+     	if (setlogin(pwd->pw_name) < 0)
+                syslog(LOG_ERR, "setlogin() failure: %m");
+#endif
+
+#ifdef HAVE_SETPCRED
+	if (setpcred (pwd->pw_name, NULL) == -1)
+		syslog(LOG_ERR, "setpcred() failure: %m");
+#endif /* HAVE_SETPCRED */
+
+#if defined(SYSV_SHADOW) && defined(HAVE_GETSPNAM)
+	spwd = getspnam (username);
+	endspent ();
+#endif
+	/* perhaps work some magic */
+	if(do_osfc2_magic(pwd->pw_uid))
+	    sleepexit(1);
+#if defined(HAVE_SGI_GETCAPABILITYBYNAME) && defined(HAVE_CAP_SET_PROC)
+	/* XXX SGI capability hack IRIX 6.x (x >= 0?) has something
+	   called capabilities, that allow you to give away
+	   permissions (such as chown) to specific processes. From 6.5
+	   this is default on, and the default capability set seems to
+	   not always be the empty set. The problem is that the
+	   runtime linker refuses to do just about anything if the
+	   process has *any* capabilities set, so we have to remove
+	   them here (unless otherwise instructed by /etc/capability).
+	   In IRIX < 6.5, these functions was called sgi_cap_setproc,
+	   etc, but we ignore this fact (it works anyway). */
+	{
+	    struct user_cap *ucap = sgi_getcapabilitybyname(pwd->pw_name);
+	    cap_t cap;
+	    if(ucap == NULL)
+		cap = cap_from_text("all=");
+	    else
+		cap = cap_from_text(ucap->ca_default);
+	    if(cap == NULL)
+		err(1, "cap_from_text");
+	    if(cap_set_proc(cap) < 0)
+		err(1, "cap_set_proc");
+	    cap_free(cap);
+	    free(ucap);
+	}
+#endif
+	/* Discard permissions last so can't get killed and drop core. */
+	{
+	    int uid = rootlogin ? 0 : pwd->pw_uid;
+	    if(setuid(uid) != 0){
+		    warn("setuid(%d)", uid);
+		    if(!rootlogin)
+			    exit(1);
+	    }
+	}
+		       
+
+	/*
+         * After dropping privileges and after cleaning up the environment,
+         * optionally run, as the user, /bin/passwd.
+         */
+ 
+        if (pwd->pw_passwd[0] == 0 &&
+	    strcasecmp(default_passreq, "YES") == 0) {
+                printf("You don't have a password.  Choose one.\n");
+                if (change_passwd(pwd))
+                        sleepexit(0);
+		changepass = 0;
+        }
+
+#ifdef SYSV_SHADOW
+        if (spwd && sysv_expire(spwd)) {
+                if (change_passwd(pwd))
+                        sleepexit(0);
+		changepass = 0;
+        }
+#endif /* SYSV_SHADOW */
+	if (changepass) {
+		int res;
+		if ((res=system(_PATH_CHPASS)))
+			sleepexit(1);
+	}
+
+	if (k_hasafs()) {
+	    char cell[64];
+#ifdef _AIX
+	    /* XXX this is a fix for a bug in AFS for AIX 4.3, w/o
+               this hack the kernel crashes on the following
+               pioctl... */
+	    char *pw_dir = strdup(pwd->pw_dir);
+#else
+	    char *pw_dir = pwd->pw_dir;
+#endif
+	    k_setpag();
+	    if(k_afs_cell_of_file(pw_dir, cell, sizeof(cell)) == 0)
+		krb_afslog(cell, 0);
+	    krb_afslog(0, 0);
+	}
+
+	execlp(pwd->pw_shell, tbuf, 0);
+	if (getuid() == 0) {
+		warnx("Can't exec %s, trying %s\n", 
+		      pwd->pw_shell, _PATH_BSHELL);
+		execlp(_PATH_BSHELL, tbuf, 0);
+		err(1, "%s", _PATH_BSHELL);
+	}
+	err(1, "%s", pwd->pw_shell);
+	return 1;
+}
+
+#ifdef	KERBEROS
+#define	NBUFSIZ		(UT_NAMESIZE + 1 + 5)	/* .root suffix */
+#else
+#define	NBUFSIZ		(UT_NAMESIZE + 1)
+#endif
+
+static void
+getloginname(int prompt)
+{
+    int ch;
+    char *p;
+    static char nbuf[NBUFSIZ];
+
+    for (;;) {
+	if (prompt) {
+	    if (ttyprompt && *ttyprompt)
+		printf("%s", ttyprompt);
+	    else
+		printf("login: ");
+	}
+	prompt = 1;
+	for (p = nbuf; (ch = getchar()) != '\n'; ) {
+	    if (ch == EOF) {
+		badlogin(username);
+		exit(0);
+	    }
+	    if (p < nbuf + (NBUFSIZ - 1))
+		*p++ = ch;
+	}
+	if (p > nbuf) {
+	    if (nbuf[0] == '-')
+		warnx("login names may not start with '-'.");
+	    else {
+		*p = '\0';
+		username = nbuf;
+		break;
+	    }
+	}
+    }
+}
+
+static int
+find_in_etc_securetty (char *ttyn)
+{
+    FILE *f;
+    char buf[128];
+    int ret = 0;
+
+    f = fopen (_PATH_ETC_SECURETTY, "r");
+    if (f == NULL)
+	return 0;
+    while (fgets(buf, sizeof(buf), f) != NULL) {
+	if(buf[strlen(buf) - 1] == '\n')
+	    buf[strlen(buf) - 1] = '\0';
+	if (strcmp (buf, ttyn) == 0) {
+	    ret = 1;
+	    break;
+	}
+    }
+    fclose(f);
+    return ret;
+}
+
+static int
+rootterm(char *ttyn)
+{
+#ifdef HAVE_TTYENT_H
+    {
+	struct ttyent *t;
+
+	t = getttynam (ttyn);
+	if (t && t->ty_status & TTY_SECURE)
+	    return 1;
+    }
+#endif
+    if (find_in_etc_securetty(ttyn))
+	return 1;
+    if (default_console == 0 || strcmp(default_console, ttyn) == 0)
+	return 1;
+    return 0;
+}
+
+static RETSIGTYPE
+timedout(int signo)
+{
+	fprintf(stderr, "Login timed out after %d seconds\n",
+		login_timeout);
+	exit(0);
+}
+
+static void
+checknologin(void)
+{
+	int fd, nchars;
+	char tbuf[8192];
+
+	if ((fd = open(_PATH_NOLOGIN, O_RDONLY, 0)) >= 0) {
+		while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
+			write(fileno(stdout), tbuf, nchars);
+		sleepexit(0);
+	}
+}
+
+static void
+dolastlog(int quiet)
+{
+#if defined(HAVE_LASTLOG_H) || defined(HAVE_LOGIN_H)
+	struct lastlog ll;
+	int fd;
+
+	if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
+		lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
+#ifdef SYSV_SHADOW
+                if (read(fd, &ll, sizeof(ll)) == sizeof(ll) &&
+                    ll.ll_time != 0) {
+                        if (pwd->pw_uid && spwd && spwd->sp_inact > 0
+                            && ll.ll_time / (24 * 60 * 60)
+			    + spwd->sp_inact < time(0)) {
+                                printf("Your account has been inactive too long.\n");
+                                sleepexit(1);
+                        }
+                        if (!quiet) {
+                                printf("Last login: %.*s ",
+                                    24-5, ctime(&ll.ll_time));
+                                if (*ll.ll_host != '\0') {
+                                        printf("from %.*s\n",
+                                            (int)sizeof(ll.ll_host),
+					       ll.ll_host);
+                                } else
+                                        printf("on %.*s\n",
+                                            (int)sizeof(ll.ll_line),
+					       ll.ll_line);
+                        }
+                }
+                lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
+#else /* SYSV_SHADOW */
+		if (!quiet) {
+			if (read(fd, &ll, sizeof(ll)) == sizeof(ll) &&
+			    ll.ll_time != 0) {
+				printf("Last login: %.*s ",
+				    24-5, ctime(&ll.ll_time));
+				if (*ll.ll_host != '\0')
+					printf("from %.*s\n",
+					    (int)sizeof(ll.ll_host),
+					    ll.ll_host);
+				else
+					printf("on %.*s\n",
+					    (int)sizeof(ll.ll_line),
+					    ll.ll_line);
+			}
+			lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
+		}
+#endif /* SYSV_SHADOW */
+		memset(&ll, 0, sizeof(ll));
+		time(&ll.ll_time);
+		strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
+		if (hostname)
+			strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
+		write(fd, &ll, sizeof(ll));
+		close(fd);
+	}
+#endif /* DOLASTLOG */
+}
+
+static void
+badlogin(char *name)
+{
+
+	if (failures == 0)
+		return;
+	if (hostname) {
+		syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s",
+		    failures, failures > 1 ? "S" : "", hostname);
+		syslog(LOG_AUTHPRIV|LOG_NOTICE,
+		    "%d LOGIN FAILURE%s FROM %s, %s",
+		    failures, failures > 1 ? "S" : "", hostname, name);
+	} else {
+		syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s",
+		    failures, failures > 1 ? "S" : "", tty);
+		syslog(LOG_AUTHPRIV|LOG_NOTICE,
+		    "%d LOGIN FAILURE%s ON %s, %s",
+		    failures, failures > 1 ? "S" : "", tty, name);
+	}
+}
+
+#undef	UNKNOWN
+#define	UNKNOWN	"su"
+
+static char *
+stypeof(char *ttyid)
+{
+    /* TERM is probably a better guess than anything else. */
+    char *term = getenv("TERM");
+
+    if (term != 0 && term[0] != 0)
+	return term;
+
+    {
+#ifndef HAVE_TTYENT_H
+	return UNKNOWN;
+#else
+	struct ttyent *t;
+	return (ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN);
+#endif
+    }
+}
+
+static void
+xgetstr(char *buf, int cnt, char *err)
+{
+        char ch;
+ 
+        do {
+                if (read(0, &ch, sizeof(ch)) != sizeof(ch))
+                        exit(1);
+                if (--cnt < 0) {
+                        fprintf(stderr, "%s too long\r\n", err);
+                        sleepexit(1);
+                }
+                *buf++ = ch;
+        } while (ch);
+}
+
+/*
+ * Some old rlogind's unknowingly pass remuser, locuser and
+ * terminal_type/speed so we need to take care of that part of the
+ * protocol here. Also, we can't make a getpeername(2) on the socket
+ * so we have to trust that rlogind resolved the name correctly.
+ */
+
+static int
+doremotelogin(char *host)
+{
+        int code;
+        char *cp;
+
+        xgetstr(rusername, sizeof (rusername), "remuser");
+        xgetstr(lusername, sizeof (lusername), "locuser");
+        xgetstr(term, sizeof(term), "Terminal type");
+	cp = strchr(term, '/');
+	if (cp != 0)
+		*cp = 0;	/* For now ignore speed/bg */
+        pwd = k_getpwnam(lusername);
+        if (pwd == NULL)
+                return(-1);
+        code = ruserok(host, (pwd->pw_uid == 0), rusername, lusername);
+	if (code == 0)
+	  syslog(LOG_NOTICE,
+		 "Warning: An old rlogind accepted login probably from host %s",
+		 host);
+	return(code);
+}
+ 
+void
+sleepexit(int eval)
+{
+
+	sleep(5);
+	exit(eval);
+}
diff --git a/crypto/kerberosIV/appl/bsd/login_access.c b/crypto/kerberosIV/appl/bsd/login_access.c
new file mode 100644
index 0000000..7b79dc8
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/login_access.c
@@ -0,0 +1,264 @@
+ /*
+  * This module implements a simple but effective form of login access
+  * control based on login names and on host (or domain) names, internet
+  * addresses (or network numbers), or on terminal line names in case of
+  * non-networked logins. Diagnostics are reported through syslog(3).
+  *
+  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
+  */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: login_access.c,v 1.19 1999/05/14 22:02:14 assar Exp $");
+
+#ifdef LOGIN_ACCESS
+
+ /* Delimiters for fields and for lists of users, ttys or hosts. */
+
+static char fs[] = ":";			/* field separator */
+static char sep[] = ", \t";		/* list-element separator */
+
+ /* Constants to be used in assignments only, not in comparisons... */
+
+#define YES             1
+#define NO              0
+
+ /*
+  * A structure to bundle up all login-related information to keep the
+  * functional interfaces as generic as possible.
+  */
+struct login_info {
+    struct passwd *user;
+    char   *from;
+};
+
+static int list_match(char *list, struct login_info *item,
+		      int (*match_fn)(char *, struct login_info *));
+static int user_match(char *tok, struct login_info *item);
+static int from_match(char *tok, struct login_info *item);
+static int string_match(char *tok, char *string);
+
+/* login_access - match username/group and host/tty with access control file */
+
+int login_access(struct passwd *user, char *from)
+{
+    struct login_info item;
+    FILE   *fp;
+    char    line[BUFSIZ];
+    char   *perm;			/* becomes permission field */
+    char   *users;			/* becomes list of login names */
+    char   *froms;			/* becomes list of terminals or hosts */
+    int     match = NO;
+    int     end;
+    int     lineno = 0;			/* for diagnostics */
+    char   *foo;
+
+    /*
+     * Bundle up the arguments to avoid unnecessary clumsiness lateron.
+     */
+    item.user = user;
+    item.from = from;
+
+    /*
+     * Process the table one line at a time and stop at the first match.
+     * Blank lines and lines that begin with a '#' character are ignored.
+     * Non-comment lines are broken at the ':' character. All fields are
+     * mandatory. The first field should be a "+" or "-" character. A
+     * non-existing table means no access control.
+     */
+
+    if ((fp = fopen(_PATH_LOGACCESS, "r")) != 0) {
+	while (!match && fgets(line, sizeof(line), fp)) {
+	    lineno++;
+	    if (line[end = strlen(line) - 1] != '\n') {
+		syslog(LOG_ERR, "%s: line %d: missing newline or line too long",
+		       _PATH_LOGACCESS, lineno);
+		continue;
+	    }
+	    if (line[0] == '#')
+		continue;			/* comment line */
+	    while (end > 0 && isspace((unsigned char)line[end - 1]))
+		end--;
+	    line[end] = 0;			/* strip trailing whitespace */
+	    if (line[0] == 0)			/* skip blank lines */
+		continue;
+	    foo = NULL;
+	    if (!(perm = strtok_r(line, fs, &foo))
+		|| !(users = strtok_r(NULL, fs, &foo))
+		|| !(froms = strtok_r(NULL, fs, &foo))
+		|| strtok_r(NULL, fs, &foo)) {
+		syslog(LOG_ERR, "%s: line %d: bad field count", 
+		       _PATH_LOGACCESS,
+		       lineno);
+		continue;
+	    }
+	    if (perm[0] != '+' && perm[0] != '-') {
+		syslog(LOG_ERR, "%s: line %d: bad first field", 
+		       _PATH_LOGACCESS,
+		       lineno);
+		continue;
+	    }
+	    match = (list_match(froms, &item, from_match)
+		     && list_match(users, &item, user_match));
+	}
+	fclose(fp);
+    } else if (errno != ENOENT) {
+	syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS);
+    }
+    return (match == 0 || (line[0] == '+'));
+}
+
+/* list_match - match an item against a list of tokens with exceptions */
+
+static int
+list_match(char *list,
+	   struct login_info *item,
+	   int (*match_fn)(char *, struct login_info *))
+{
+    char   *tok;
+    int     match = NO;
+    char   *foo = NULL;
+
+    /*
+     * Process tokens one at a time. We have exhausted all possible matches
+     * when we reach an "EXCEPT" token or the end of the list. If we do find
+     * a match, look for an "EXCEPT" list and recurse to determine whether
+     * the match is affected by any exceptions.
+     */
+
+    for (tok = strtok_r(list, sep, &foo);
+	 tok != NULL;
+	 tok = strtok_r(NULL, sep, &foo)) {
+	if (strcasecmp(tok, "EXCEPT") == 0)	/* EXCEPT: give up */
+	    break;
+	if ((match = (*match_fn) (tok, item)) != 0)	/* YES */
+	    break;
+    }
+    /* Process exceptions to matches. */
+
+    if (match != NO) {
+	while ((tok = strtok_r(NULL, sep, &foo)) && strcasecmp(tok, "EXCEPT"))
+	     /* VOID */ ;
+	if (tok == 0 || list_match(NULL, item, match_fn) == NO)
+	    return (match);
+    }
+    return (NO);
+}
+
+/* myhostname - figure out local machine name */
+
+static char *myhostname(void)
+{
+    static char name[MAXHOSTNAMELEN + 1] = "";
+
+    if (name[0] == 0) {
+	gethostname(name, sizeof(name));
+	name[MAXHOSTNAMELEN] = 0;
+    }
+    return (name);
+}
+
+/* netgroup_match - match group against machine or user */
+
+static int netgroup_match(char *group, char *machine, char *user)
+{
+#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
+    static char *mydomain = 0;
+
+    if (mydomain == 0)
+	yp_get_default_domain(&mydomain);
+    return (innetgr(group, machine, user, mydomain));
+#else
+    syslog(LOG_ERR, "NIS netgroup support not configured");
+    return 0;
+#endif
+}
+
+/* user_match - match a username against one token */
+
+static int user_match(char *tok, struct login_info *item)
+{
+    char   *string = item->user->pw_name;
+    struct login_info fake_item;
+    struct group *group;
+    int     i;
+    char   *at;
+
+    /*
+     * If a token has the magic value "ALL" the match always succeeds.
+     * Otherwise, return YES if the token fully matches the username, if the
+     * token is a group that contains the username, or if the token is the
+     * name of the user's primary group.
+     */
+
+    if ((at = strchr(tok + 1, '@')) != 0) {	/* split user@host pattern */
+	*at = 0;
+	fake_item.from = myhostname();
+	return (user_match(tok, item) && from_match(at + 1, &fake_item));
+    } else if (tok[0] == '@') {			/* netgroup */
+	return (netgroup_match(tok + 1, (char *) 0, string));
+    } else if (string_match(tok, string)) {	/* ALL or exact match */
+	return (YES);
+    } else if ((group = getgrnam(tok)) != 0) { /* try group membership */
+	if (item->user->pw_gid == group->gr_gid)
+	    return (YES);
+	for (i = 0; group->gr_mem[i]; i++)
+	    if (strcasecmp(string, group->gr_mem[i]) == 0)
+		return (YES);
+    }
+    return (NO);
+}
+
+/* from_match - match a host or tty against a list of tokens */
+
+static int from_match(char *tok, struct login_info *item)
+{
+    char   *string = item->from;
+    int     tok_len;
+    int     str_len;
+
+    /*
+     * If a token has the magic value "ALL" the match always succeeds. Return
+     * YES if the token fully matches the string. If the token is a domain
+     * name, return YES if it matches the last fields of the string. If the
+     * token has the magic value "LOCAL", return YES if the string does not
+     * contain a "." character. If the token is a network number, return YES
+     * if it matches the head of the string.
+     */
+
+    if (tok[0] == '@') {			/* netgroup */
+	return (netgroup_match(tok + 1, string, (char *) 0));
+    } else if (string_match(tok, string)) {	/* ALL or exact match */
+	return (YES);
+    } else if (tok[0] == '.') {			/* domain: match last fields */
+	if ((str_len = strlen(string)) > (tok_len = strlen(tok))
+	    && strcasecmp(tok, string + str_len - tok_len) == 0)
+	    return (YES);
+    } else if (strcasecmp(tok, "LOCAL") == 0) {	/* local: no dots */
+	if (strchr(string, '.') == 0)
+	    return (YES);
+    } else if (tok[(tok_len = strlen(tok)) - 1] == '.'	/* network */
+	       && strncmp(tok, string, tok_len) == 0) {
+	return (YES);
+    }
+    return (NO);
+}
+
+/* string_match - match a string against one token */
+
+static int string_match(char *tok, char *string)
+{
+
+    /*
+     * If the token has the magic value "ALL" the match always succeeds.
+     * Otherwise, return YES if the token fully matches the string.
+     */
+
+    if (strcasecmp(tok, "ALL") == 0) {		/* all: always matches */
+	return (YES);
+    } else if (strcasecmp(tok, string) == 0) {	/* try exact match */
+	return (YES);
+    }
+    return (NO);
+}
+#endif /* LOGIN_ACCES */
diff --git a/crypto/kerberosIV/appl/bsd/login_fbtab.c b/crypto/kerberosIV/appl/bsd/login_fbtab.c
new file mode 100644
index 0000000..3aa5e4c
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/login_fbtab.c
@@ -0,0 +1,154 @@
+/************************************************************************
+* Copyright 1995 by Wietse Venema.  All rights reserved.
+*
+* This material was originally written and compiled by Wietse Venema at
+* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
+* 1992, 1993, 1994 and 1995.
+*
+* Redistribution and use in source and binary forms are permitted
+* provided that this entire copyright notice is duplicated in all such
+* copies.
+*
+* This software is provided "as is" and without any expressed or implied
+* warranties, including, without limitation, the implied warranties of
+* merchantibility and fitness for any particular purpose.
+************************************************************************/
+/*
+    SYNOPSIS
+	void login_fbtab(tty, uid, gid)
+	char *tty;
+	uid_t uid;
+	gid_t gid;
+
+    DESCRIPTION
+	This module implements device security as described in the
+	SunOS 4.1.x fbtab(5) and SunOS 5.x logindevperm(4) manual
+	pages. The program first looks for /etc/fbtab. If that file
+	cannot be opened it attempts to process /etc/logindevperm.
+	We expect entries with the folowing format:
+
+	    Comments start with a # and extend to the end of the line.
+
+	    Blank lines or lines with only a comment are ignored.
+
+	    All other lines consist of three fields delimited by
+	    whitespace: a login device (/dev/console), an octal
+	    permission number (0600), and a ":"-delimited list of
+	    devices (/dev/kbd:/dev/mouse). All device names are
+	    absolute paths. A path that ends in "/*" refers to all
+	    directory entries except "." and "..".
+
+	    If the tty argument (relative path) matches a login device
+	    name (absolute path), the permissions of the devices in the
+	    ":"-delimited list are set as specified in the second
+	    field, and their ownership is changed to that of the uid
+	    and gid arguments.
+
+    DIAGNOSTICS
+	Problems are reported via the syslog daemon with severity
+	LOG_ERR.
+
+    BUGS
+
+    AUTHOR
+	Wietse Venema (wietse@wzv.win.tue.nl)
+	Eindhoven University of Technology
+	The Netherlands
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: login_fbtab.c,v 1.14 1999/09/16 20:37:24 assar Exp $");
+
+void	login_protect	(char *, char *, int, uid_t, gid_t);
+void	login_fbtab	(char *tty, uid_t uid, gid_t gid);
+
+#define	WSPACE		" \t\n"
+
+/* login_fbtab - apply protections specified in /etc/fbtab or logindevperm */
+
+void
+login_fbtab(char *tty, uid_t uid, gid_t gid)
+{
+    FILE   *fp;
+    char    buf[BUFSIZ];
+    char   *devname;
+    char   *cp;
+    int     prot;
+    char   *table;
+    char   *foo;
+
+    if ((fp = fopen(table = _PATH_FBTAB, "r")) == 0
+    && (fp = fopen(table = _PATH_LOGINDEVPERM, "r")) == 0)
+	return;
+
+    while (fgets(buf, sizeof(buf), fp)) {
+	if ((cp = strchr(buf, '#')) != 0)
+	    *cp = 0;				/* strip comment */
+	foo = NULL;
+	if ((cp = devname = strtok_r(buf, WSPACE, &foo)) == 0)
+	    continue;				/* empty or comment */
+	if (strncmp(devname, "/dev/", 5) != 0
+	       || (cp = strtok_r(NULL, WSPACE, &foo)) == 0
+	       || *cp != '0'
+	       || sscanf(cp, "%o", &prot) == 0
+	       || prot == 0
+	       || (prot & 0777) != prot
+	       || (cp = strtok_r(NULL, WSPACE, &foo)) == 0) {
+	    syslog(LOG_ERR, "%s: bad entry: %s", table, cp ? cp : "(null)");
+	    continue;
+	}
+	if (strcmp(devname + 5, tty) == 0) {
+	    foo = NULL;
+	    for (cp = strtok_r(cp, ":", &foo);
+		 cp;
+		 cp = strtok_r(NULL, ":", &foo)) {
+		login_protect(table, cp, prot, uid, gid);
+	    }
+	}
+    }
+    fclose(fp);
+}
+
+/* login_protect - protect one device entry */
+
+void
+login_protect(char *table, char *path, int mask, uid_t uid, gid_t gid)
+{
+    char    buf[BUFSIZ];
+    int     pathlen = strlen(path);
+    struct dirent *ent;
+    DIR    *dir;
+
+    if (strcmp("/*", path + pathlen - 2) != 0) {
+	if (chmod(path, mask) && errno != ENOENT)
+	    syslog(LOG_ERR, "%s: chmod(%s): %m", table, path);
+	if (chown(path, uid, gid) && errno != ENOENT)
+	    syslog(LOG_ERR, "%s: chown(%s): %m", table, path);
+    } else {
+	strlcpy (buf, path, sizeof(buf));
+	if (sizeof(buf) > pathlen)
+	    buf[pathlen - 2] = '\0';
+ 	/* Solaris evidently operates on the directory as well */
+ 	login_protect(table, buf, mask | ((mask & 0444) >> 2), uid, gid);
+	if ((dir = opendir(buf)) == 0) {
+	    syslog(LOG_ERR, "%s: opendir(%s): %m", table, path);
+	} else {
+	    if (sizeof(buf) > pathlen) {
+		buf[pathlen - 2] = '/';
+		buf[pathlen - 1] = '\0';
+	    }
+
+	    while ((ent = readdir(dir)) != 0) {
+		if (strcmp(ent->d_name, ".") != 0
+		    && strcmp(ent->d_name, "..") != 0) {
+		    strlcpy (buf + pathlen - 1,
+				     ent->d_name,
+				     sizeof(buf) - (pathlen + 1));
+		    login_protect(table, buf, mask, uid, gid);
+		}
+	    }
+	    closedir(dir);
+	}
+    }
+}
diff --git a/crypto/kerberosIV/appl/bsd/osfc2.c b/crypto/kerberosIV/appl/bsd/osfc2.c
new file mode 100644
index 0000000..fbfd742
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/osfc2.c
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "bsd_locl.h"
+RCSID("$Id: osfc2.c,v 1.2 1999/12/02 16:58:28 joda Exp $");
+
+int
+do_osfc2_magic(uid_t uid)
+{
+#ifdef HAVE_OSFC2
+    struct es_passwd *epw;
+    char *argv[2];
+    
+    /* fake */
+    argv[0] = (char*)__progname;
+    argv[1] = NULL;
+    set_auth_parameters(1, argv);
+    
+    epw = getespwuid(uid);
+    if(epw == NULL) {
+	syslog(LOG_AUTHPRIV|LOG_NOTICE, 
+	       "getespwuid failed for %d", uid);
+	printf("Sorry.\n");
+	return 1;
+    }
+    /* We don't check for auto-retired, foo-retired,
+       bar-retired, or any other kind of retired accounts
+       here; neither do we check for time-locked accounts, or
+       any other kind of serious C2 mumbo-jumbo. We do,
+       however, call setluid, since failing to do so it not
+       very good (take my word for it). */
+    
+    if(!epw->uflg->fg_uid) {
+	syslog(LOG_AUTHPRIV|LOG_NOTICE, 
+	       "attempted login by %s (has no uid)", epw->ufld->fd_name);
+	printf("Sorry.\n");
+	return 1;
+    }
+    setluid(epw->ufld->fd_uid);
+    if(getluid() != epw->ufld->fd_uid) {
+	syslog(LOG_AUTHPRIV|LOG_NOTICE, 
+	       "failed to set LUID for %s (%d)", 
+	       epw->ufld->fd_name, epw->ufld->fd_uid);
+	printf("Sorry.\n");
+	return 1;
+    }
+#endif /* HAVE_OSFC2 */
+    return 0;
+}
diff --git a/crypto/kerberosIV/appl/bsd/pathnames.h_ b/crypto/kerberosIV/appl/bsd/pathnames.h_
new file mode 100644
index 0000000..6db8f68
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/pathnames.h_
@@ -0,0 +1,201 @@
+/*
+ * Copyright (c) 1989 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	from: @(#)pathnames.h	5.2 (Berkeley) 4/9/90
+ *	$Id: pathnames.h,v 1.25 1998/02/03 23:29:30 assar Exp $
+ * $FreeBSD$
+ */
+
+/******* First fix default path, we stick to _PATH_DEFPATH everywhere */
+
+#if !defined(_PATH_DEFPATH) && defined(_PATH_USERPATH)
+#define _PATH_DEFPATH _PATH_USERPATH
+#endif
+
+#if defined(_PATH_DEFPATH) && !defined(_DEF_PATH)
+#define _DEF_PATH _PATH_DEFPATH
+#endif
+
+#if !defined(_PATH_DEFPATH) && defined(_DEF_PATH)
+#define _PATH_DEFPATH _DEF_PATH
+#endif
+
+#ifndef _PATH_DEFPATH
+#define _PATH_DEFPATH "/usr/ucb:/usr/bin:/bin"
+#define _DEF_PATH _PATH_DEFPATH
+#endif /* !_PATH_DEFPATH */
+
+#ifndef _PATH_DEFSUPATH
+#define _PATH_DEFSUPATH "/usr/sbin:"  _DEF_PATH
+#endif /* _PATH_DEFSUPATH */
+
+/******* Default PATH fixed! */
+
+#undef  _PATH_RLOGIN		/* Redifine rlogin */
+#define	_PATH_RLOGIN	BINDIR  "/rlogin"
+
+#undef _PATH_RSH		/* Redifine rsh */
+#define _PATH_RSH	BINDIR  "/rsh"
+
+#undef _PATH_RCP		/* Redifine rcp */
+#define _PATH_RCP	BINDIR  "/rcp"
+
+#undef _PATH_LOGIN
+#define _PATH_LOGIN	BINDIR "/login"
+
+/******* The rest is fallback defaults */
+
+#ifndef _PATH_DEV
+#define _PATH_DEV "/dev/"
+#endif
+
+#ifndef _PATH_CP
+#define _PATH_CP "/bin/cp"
+#endif /* _PATH_CP */
+
+#ifndef _PATH_SHELLS
+#define _PATH_SHELLS "/etc/shells"
+#endif /* _PATH_SHELLS */
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif /* _PATH_BSHELL */
+
+#ifndef _PATH_CSHELL
+#define _PATH_CSHELL "/bin/csh"
+#endif /* _PATH_CSHELL */
+
+#ifndef _PATH_NOLOGIN
+#define _PATH_NOLOGIN "/etc/nologin"
+#endif /* _PATH_NOLOGIN */
+
+#ifndef _PATH_TTY
+#define _PATH_TTY "/dev/tty"
+#endif /* _PATH_TTY */
+
+#ifndef _PATH_HUSHLOGIN
+#define _PATH_HUSHLOGIN ".hushlogin"
+#endif /* _PATH_HUSHLOGIN */
+
+#ifndef _PATH_NOMAILCHECK
+#define _PATH_NOMAILCHECK ".nomailcheck"
+#endif /* _PATH_NOMAILCHECK */
+
+#ifndef _PATH_MOTDFILE
+#define _PATH_MOTDFILE "/etc/motd"
+#endif /* _PATH_MOTDFILE */
+
+#ifndef _PATH_LOGACCESS
+#define _PATH_LOGACCESS "/etc/login.access"
+#endif /* _PATH_LOGACCESS */
+
+#ifndef _PATH_HEQUIV
+#define _PATH_HEQUIV "/etc/hosts.equiv"
+#endif
+
+#ifndef _PATH_FBTAB
+#define _PATH_FBTAB "/etc/fbtab"
+#endif /* _PATH_FBTAB */
+
+#ifndef _PATH_LOGINDEVPERM
+#define _PATH_LOGINDEVPERM "/etc/logindevperm"
+#endif /* _PATH_LOGINDEVPERM */
+
+#ifndef _PATH_CHPASS
+#define _PATH_CHPASS "/usr/bin/passwd"
+#endif /* _PATH_CHPASS */
+
+#if defined(__hpux)
+#define __FALLBACK_MAILDIR__ "/usr/mail"
+#else
+#define __FALLBACK_MAILDIR__ "/usr/spool/mail"
+#endif
+
+#ifndef KRB4_MAILDIR
+#ifndef _PATH_MAILDIR
+#ifdef MAILDIR
+#define _PATH_MAILDIR MAILDIR
+#else
+#define _PATH_MAILDIR __FALLBACK_MAILDIR__
+#endif
+#endif /* _PATH_MAILDIR */
+#define KRB4_MAILDIR _PATH_MAILDIR
+#endif
+
+#ifndef _PATH_LASTLOG
+#define _PATH_LASTLOG		"/var/adm/lastlog"
+#endif
+
+#if defined(UTMP_FILE) && !defined(_PATH_UTMP)
+#define _PATH_UTMP UTMP_FILE
+#endif
+
+#ifndef _PATH_UTMP
+#define _PATH_UTMP   "/etc/utmp"
+#endif
+
+#if defined(WTMP_FILE) && !defined(_PATH_WTMP)
+#define _PATH_WTMP WTMP_FILE
+#endif
+
+#ifndef _PATH_WTMP
+#define _PATH_WTMP   "/usr/adm/wtmp"
+#endif
+
+#ifndef _PATH_ETC_DEFAULT_LOGIN
+#define _PATH_ETC_DEFAULT_LOGIN	"/etc/default/login"
+#endif
+
+#ifndef _PATH_ETC_ENVIRONMENT
+#define _PATH_ETC_ENVIRONMENT "/etc/environment"
+#endif
+
+#ifndef _PATH_ETC_SECURETTY
+#define _PATH_ETC_SECURETTY "/etc/securetty"
+#endif
+
+/*
+ * NeXT KLUDGE ALERT!!!!!!!!!!!!!!!!!!
+ * Some sort of bug in the NEXTSTEP cpp.
+ */
+#ifdef NeXT
+#undef  _PATH_DEFSUPATH
+#define _PATH_DEFSUPATH "/usr/sbin:/usr/ucb:/usr/bin:/bin"
+#undef  _PATH_RLOGIN
+#define	_PATH_RLOGIN	"/usr/athena/bin/rlogin"
+#undef  _PATH_RSH
+#define _PATH_RSH	"/usr/athena/bin/rsh"
+#undef  _PATH_RCP
+#define _PATH_RCP	"/usr/athena/bin/rcp"
+#undef  _PATH_LOGIN
+#define _PATH_LOGIN	"/usr/athena/bin/login"
+#endif
diff --git a/crypto/kerberosIV/appl/bsd/rcmd_util.c b/crypto/kerberosIV/appl/bsd/rcmd_util.c
new file mode 100644
index 0000000..1dfb46d
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rcmd_util.c
@@ -0,0 +1,247 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rcmd_util.c,v 1.19 1999/12/02 16:58:28 joda Exp $");
+
+int
+get_login_port(int kerberos, int encryption)
+{
+  char *service="login";
+  int port=htons(513);
+
+  if(kerberos && encryption){
+    service="eklogin";
+    port=htons(2105);
+  }
+  
+  if(kerberos && !encryption){
+    service="klogin";
+    port=htons(543);
+  }
+  return k_getportbyname (service, "tcp", port);
+}
+
+int
+get_shell_port(int kerberos, int encryption)
+{
+  char *service="shell";
+  int port=htons(514);
+
+  if(kerberos && encryption){
+    service="ekshell";
+    port=htons(545);
+  }
+  
+  if(kerberos && !encryption){
+    service="kshell";
+    port=htons(544);
+  }
+
+  return k_getportbyname (service, "tcp", port);
+}
+
+/* 
+ * On reasonable systems, `cf[gs]et[io]speed' use values of bit/s
+ * directly, and the following functions are just identity functions.
+ * This is however a slower way of doing those
+ * should-be-but-are-not-always idenity functions.  
+ */
+
+static struct { int speed; int bps; } conv[] = {
+#ifdef B0
+    {B0, 0},
+#endif
+#ifdef B50
+    {B50, 50},
+#endif
+#ifdef B75
+    {B75, 75},
+#endif
+#ifdef B110
+    {B110, 110},
+#endif
+#ifdef B134
+    {B134, 134},
+#endif
+#ifdef B150
+    {B150, 150},
+#endif
+#ifdef B200
+    {B200, 200},
+#endif
+#ifdef B300
+    {B300, 300},
+#endif
+#ifdef B600
+    {B600, 600},
+#endif
+#ifdef B1200
+    {B1200, 1200},
+#endif
+#ifdef B1800
+    {B1800, 1800},
+#endif
+#ifdef B2400
+    {B2400, 2400},
+#endif
+#ifdef B4800
+    {B4800, 4800},
+#endif
+#ifdef B9600
+    {B9600, 9600},
+#endif
+#ifdef B19200
+    {B19200, 19200},
+#endif
+#ifdef EXTA
+    {EXTA, 19200},
+#endif
+#ifdef B38400
+    {B38400, 38400},
+#endif
+#ifdef EXTB
+    {EXTB, 38400},
+#endif
+#ifdef B57600
+    {B57600, 57600},
+#endif
+#ifdef B115200
+    {B115200, 115200},
+#endif
+#ifdef B153600
+    {B153600, 153600},
+#endif
+#ifdef B230400
+    {B230400, 230400},
+#endif
+#ifdef B307200
+    {B307200, 307200},
+#endif
+#ifdef B460800
+    {B460800, 460800},
+#endif
+};
+
+#define N (sizeof(conv)/sizeof(*conv))
+
+int
+speed_t2int (speed_t s)
+{
+  int l, r, m;
+
+  l = 0;
+  r = N - 1;
+  while(l <= r) {
+    m = (l + r) / 2;
+    if (conv[m].speed == s)
+      return conv[m].bps;
+    else if(conv[m].speed < s)
+      l = m + 1;
+    else
+      r = m - 1; 
+  }
+  return -1;
+}
+
+/*
+ *
+ */
+
+speed_t
+int2speed_t (int i)
+{
+  int l, r, m;
+
+  l = 0;
+  r = N - 1;
+  while(l <= r) {
+    m = (l + r) / 2;
+    if (conv[m].bps == i)
+      return conv[m].speed;
+    else if(conv[m].bps < i)
+      l = m + 1;
+    else
+      r = m - 1;
+  }
+  return -1;
+}
+
+/*
+ * If there are any IP options on `sock', die.
+ */
+
+void
+ip_options_and_die (int sock, struct sockaddr_in *fromp)
+{
+#if defined(IP_OPTIONS) && defined(HAVE_GETSOCKOPT)
+  u_char optbuf[BUFSIZ/3], *cp;
+  char lbuf[BUFSIZ], *lp;
+  int optsize = sizeof(optbuf), ipproto;
+  struct protoent *ip;
+
+  if ((ip = getprotobyname("ip")) != NULL)
+    ipproto = ip->p_proto;
+  else
+    ipproto = IPPROTO_IP;
+  if (getsockopt(sock, ipproto, IP_OPTIONS,
+		 (void *)optbuf, &optsize) == 0 &&
+      optsize != 0) {
+    lp = lbuf;
+    for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3)
+      snprintf(lp, sizeof(lbuf) - (lp - lbuf), " %2.2x", *cp);
+    syslog(LOG_NOTICE,
+	   "Connection received from %s using IP options (dead):%s",
+	   inet_ntoa(fromp->sin_addr), lbuf);
+    exit(1);
+  }
+#endif
+}
+
+void
+warning(const char *fmt, ...)
+{
+    char *rstar_no_warn = getenv("RSTAR_NO_WARN");
+    va_list args;
+
+    va_start(args, fmt);
+    if (rstar_no_warn == NULL)
+	rstar_no_warn = "";
+    if (strncmp(rstar_no_warn, "yes", 3) != 0) {
+	/* XXX */
+	fprintf(stderr, "%s: warning, using standard ", __progname);
+	vwarnx(fmt, args);
+    }
+    va_end(args);
+}
diff --git a/crypto/kerberosIV/appl/bsd/rcp.c b/crypto/kerberosIV/appl/bsd/rcp.c
new file mode 100644
index 0000000..be87097
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rcp.c
@@ -0,0 +1,1047 @@
+/*
+ * Copyright (c) 1983, 1990, 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rcp.c,v 1.52 1999/11/16 16:54:16 bg Exp $");
+
+/* Globals */
+static char	dst_realm_buf[REALM_SZ];
+static char	*dest_realm = NULL;
+static int	use_kerberos = 1;
+
+static int	doencrypt = 0;
+#define	OPTIONS	"dfKk:prtxl:"
+
+static char *user_name = NULL;	/* Given as -l option. */
+
+static int errs, rem;
+static struct passwd *pwd;
+static u_short	port;
+static uid_t	userid;
+static int pflag, iamremote, iamrecursive, targetshouldbedirectory;
+
+static int argc_copy;
+static char **argv_copy;
+
+#define	CMDNEEDS	64
+static char cmd[CMDNEEDS];		/* must hold "rcp -r -p -d\0" */
+
+void rsource(char *name, struct stat *statp);
+
+#define	SERVICE_NAME	"rcmd"
+
+CREDENTIALS cred;
+MSG_DAT msg_data;
+struct sockaddr_in foreign_addr, local_addr;
+Key_schedule schedule;
+
+KTEXT_ST ticket;
+AUTH_DAT kdata;
+
+static void
+send_auth(char *h, char *r)
+{
+    int lslen, fslen, status;
+    long opts;
+
+    lslen = sizeof(struct sockaddr_in);
+    if (getsockname(rem, (struct sockaddr *)&local_addr, &lslen) < 0)
+	err(1, "getsockname");
+    fslen = sizeof(struct sockaddr_in);
+    if (getpeername(rem, (struct sockaddr *)&foreign_addr, &fslen) < 0)
+	err(1, "getpeername");
+    if ((r == NULL) || (*r == '\0'))
+	r = krb_realmofhost(h);
+    opts = KOPT_DO_MUTUAL;
+    if ((status = krb_sendauth(opts, rem, &ticket, SERVICE_NAME, h, r, 
+			       (unsigned long)getpid(), &msg_data, &cred, 
+			       schedule, &local_addr, 
+			       &foreign_addr, "KCMDV0.1")) != KSUCCESS)
+	errx(1, "krb_sendauth failure: %s", krb_get_err_text(status));
+}
+
+static void
+answer_auth(void)
+{
+    int lslen, fslen, status;
+    long opts;
+    char inst[INST_SZ], v[9];
+
+    lslen = sizeof(struct sockaddr_in);
+    if (getsockname(rem, (struct sockaddr *)&local_addr, &lslen) < 0)
+	err(1, "getsockname");
+    fslen = sizeof(struct sockaddr_in);
+    if(getpeername(rem, (struct sockaddr *)&foreign_addr, &fslen) < 0)
+	    err(1, "getperrname");
+    k_getsockinst(rem, inst, sizeof(inst));
+    opts = KOPT_DO_MUTUAL;
+    if ((status = krb_recvauth(opts, rem, &ticket, SERVICE_NAME, inst,
+			       &foreign_addr, &local_addr, 
+			       &kdata, "", schedule, v)) != KSUCCESS)
+	errx(1, "krb_recvauth failure: %s", krb_get_err_text(status));
+}
+
+static int
+des_read(int fd, char *buf, int len)
+{
+    if (doencrypt)
+	return(des_enc_read(fd, buf, len, schedule, 
+			    (iamremote? &kdata.session : &cred.session)));
+    else
+	return(read(fd, buf, len));
+}
+
+static int
+des_write(int fd, char *buf, int len)
+{
+    if (doencrypt)
+	return(des_enc_write(fd, buf, len, schedule, 
+			     (iamremote? &kdata.session : &cred.session)));
+    else
+	return(write(fd, buf, len));
+}
+
+static void run_err(const char *fmt, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+
+
+static void
+run_err(const char *fmt, ...)
+{
+	char errbuf[1024];
+
+	va_list args;
+	va_start(args, fmt);
+	++errs;
+#define RCPERR "\001rcp: "
+	strlcpy (errbuf, RCPERR, sizeof(errbuf));
+	vsnprintf (errbuf + strlen(errbuf),
+		   sizeof(errbuf) - strlen(errbuf),
+		   fmt, args);
+	strlcat (errbuf, "\n", sizeof(errbuf));
+	des_write (rem, errbuf, strlen(errbuf));
+	if (!iamremote)
+		vwarnx(fmt, args);
+	va_end(args);
+}
+
+static void
+verifydir(char *cp)
+{
+	struct stat stb;
+
+	if (!stat(cp, &stb)) {
+		if (S_ISDIR(stb.st_mode))
+			return;
+		errno = ENOTDIR;
+	}
+	run_err("%s: %s", cp, strerror(errno));
+	exit(1);
+}
+
+#define ROUNDUP(x, y)   ((((x)+((y)-1))/(y))*(y))
+
+static BUF *
+allocbuf(BUF *bp, int fd, int blksize)
+{
+	struct stat stb;
+	size_t size;
+
+	if (fstat(fd, &stb) < 0) {
+		run_err("fstat: %s", strerror(errno));
+		return (0);
+	}
+#ifdef HAVE_ST_BLKSIZE
+	size = ROUNDUP(stb.st_blksize, blksize);
+#else
+	size = blksize;
+#endif
+	if (size == 0)
+		size = blksize;
+	if (bp->cnt >= size)
+		return (bp);
+	if (bp->buf == NULL)
+		bp->buf = malloc(size);
+	else
+		bp->buf = realloc(bp->buf, size);
+	if (bp->buf == NULL) {
+		bp->cnt = 0;
+		run_err("%s", strerror(errno));
+		return (0);
+	}
+	bp->cnt = size;
+	return (bp);
+}
+
+static void
+usage(void)
+{
+	fprintf(stderr, "%s\n\t%s\n",
+	    "usage: rcp [-Kpx] [-k realm] f1 f2",
+	    "or: rcp [-Kprx] [-k realm] f1 ... fn directory");
+	exit(1);
+}
+
+static void
+oldw(const char *s)
+{
+    char *rstar_no_warn = getenv("RSTAR_NO_WARN");
+    if (rstar_no_warn == 0)
+	rstar_no_warn = "";
+    if (strncmp(rstar_no_warn, "yes", 3) != 0)
+	warnx("%s, using standard rcp", s);
+}
+
+static RETSIGTYPE
+lostconn(int signo)
+{
+	if (!iamremote)
+		warnx("lost connection");
+	exit(1);
+}
+
+static int
+response(void)
+{
+	char ch, *cp, resp, rbuf[BUFSIZ];
+
+	if (des_read(rem, &resp, sizeof(resp)) != sizeof(resp))
+		lostconn(0);
+
+	cp = rbuf;
+	switch(resp) {
+	case 0:				/* ok */
+		return (0);
+	default:
+		*cp++ = resp;
+		/* FALLTHROUGH */
+	case 1:				/* error, followed by error msg */
+	case 2:				/* fatal error, "" */
+		do {
+			if (des_read(rem, &ch, sizeof(ch)) != sizeof(ch))
+				lostconn(0);
+			*cp++ = ch;
+		} while (cp < &rbuf[BUFSIZ] && ch != '\n');
+
+		if (!iamremote)
+			write(STDERR_FILENO, rbuf, cp - rbuf);
+		++errs;
+		if (resp == 1)
+			return (-1);
+		exit(1);
+	}
+	/* NOTREACHED */
+}
+
+static void
+source(int argc, char **argv)
+{
+	struct stat stb;
+	static BUF buffer;
+	BUF *bp;
+	off_t i;
+	int amt, fd, haderr, indx, result;
+	char *last, *name, buf[BUFSIZ];
+
+	for (indx = 0; indx < argc; ++indx) {
+                name = argv[indx];
+		if ((fd = open(name, O_RDONLY, 0)) < 0)
+			goto syserr;
+		if (fstat(fd, &stb)) {
+syserr:			run_err("%s: %s", name, strerror(errno));
+			goto next;
+		}
+		switch (stb.st_mode & S_IFMT) {
+		case S_IFREG:
+			break;
+		case S_IFDIR:
+			if (iamrecursive) {
+				rsource(name, &stb);
+				goto next;
+			}
+			/* FALLTHROUGH */
+		default:
+			run_err("%s: not a regular file", name);
+			goto next;
+		}
+		if ((last = strrchr(name, '/')) == NULL)
+			last = name;
+		else
+			++last;
+		if (pflag) {
+			/*
+			 * Make it compatible with possible future
+			 * versions expecting microseconds.
+			 */
+			snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n",
+			    (long)stb.st_mtime, (long)stb.st_atime);
+			des_write(rem, buf, strlen(buf));
+			if (response() < 0)
+				goto next;
+		}
+		snprintf(buf, sizeof(buf), "C%04o %ld %s\n",
+		    (int)stb.st_mode & MODEMASK, (long) stb.st_size, last);
+		des_write(rem, buf, strlen(buf));
+		if (response() < 0)
+			goto next;
+		if ((bp = allocbuf(&buffer, fd, BUFSIZ)) == NULL) {
+next:			close(fd);
+			continue;
+		}
+
+		/* Keep writing after an error so that we stay sync'd up. */
+		for (haderr = i = 0; i < stb.st_size; i += bp->cnt) {
+			amt = bp->cnt;
+			if (i + amt > stb.st_size)
+				amt = stb.st_size - i;
+			if (!haderr) {
+				result = read(fd, bp->buf, amt);
+				if (result != amt)
+					haderr = result >= 0 ? EIO : errno;
+			}
+			if (haderr)
+				des_write(rem, bp->buf, amt);
+			else {
+				result = des_write(rem, bp->buf, amt);
+				if (result != amt)
+					haderr = result >= 0 ? EIO : errno;
+			}
+		}
+		if (close(fd) && !haderr)
+			haderr = errno;
+		if (!haderr)
+			des_write(rem, "", 1);
+		else
+			run_err("%s: %s", name, strerror(haderr));
+		response();
+	}
+}
+
+void
+rsource(char *name, struct stat *statp)
+{
+	DIR *dirp;
+	struct dirent *dp;
+	char *last, *vect[1], path[MaxPathLen];
+	char *p;
+
+	if (!(dirp = opendir(name))) {
+		run_err("%s: %s", name, strerror(errno));
+		return;
+	}
+	for (p = name + strlen(name) - 1; p >= name && *p == '/'; --p)
+	    *p = '\0';
+
+	last = strrchr(name, '/');
+	if (last == 0)
+		last = name;
+	else
+		last++;
+	if (pflag) {
+		snprintf(path, sizeof(path), "T%ld 0 %ld 0\n",
+		    (long)statp->st_mtime, (long)statp->st_atime);
+		des_write(rem, path, strlen(path));
+		if (response() < 0) {
+			closedir(dirp);
+			return;
+		}
+	}
+	snprintf(path, sizeof(path),
+		 "D%04o %d %s\n", (int)statp->st_mode & MODEMASK, 0, last);
+	des_write(rem, path, strlen(path));
+	if (response() < 0) {
+		closedir(dirp);
+		return;
+	}
+	while ((dp = readdir(dirp))) {
+		if (dp->d_ino == 0)
+			continue;
+		if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
+			continue;
+		if (strlen(name) + 1 + strlen(dp->d_name) >= MaxPathLen - 1) {
+			run_err("%s/%s: name too long", name, dp->d_name);
+			continue;
+		}
+		if (snprintf(path, sizeof(path),
+			     "%s/%s", name, dp->d_name) >= sizeof(path)) {
+			run_err("%s/%s: name too long", name, dp->d_name);
+			continue;
+		}
+		vect[0] = path;
+		source(1, vect);
+	}
+	closedir(dirp);
+	des_write(rem, "E\n", 2);
+	response();
+}
+
+static int
+kerberos(char **host, char *bp, char *locuser, char *user)
+{
+        int sock = -1, err;
+
+	if (use_kerberos) {
+	        setuid(getuid());
+		rem = KSUCCESS;
+		errno = 0;
+		if (dest_realm == NULL)
+			dest_realm = krb_realmofhost(*host);
+
+#if 0
+		rem = krcmd(host, port, user, bp, 0, dest_realm);
+#else
+		err = kcmd(
+		    &sock,
+		    host,
+		    port,
+		    NULL,	/* locuser not used */
+		    user,
+		    bp,
+		    0,
+		    &ticket,
+		    SERVICE_NAME,
+		    dest_realm,
+		    (CREDENTIALS *) NULL, /* credentials not used */
+		    0,		/* key schedule not used */
+		    (MSG_DAT *) NULL, /* MSG_DAT not used */
+		    (struct sockaddr_in *) NULL, /* local addr not used */
+		    (struct sockaddr_in *) NULL, /* foreign addr not used */
+		    0L);	/* authopts */
+		if (err > KSUCCESS && err < MAX_KRB_ERRORS) {
+		    warnx("kcmd: %s", krb_get_err_text(err));
+		    rem = -1;
+		} else if (err < 0)
+		    rem = -1;
+		else
+		    rem = sock;
+#endif
+		if (rem < 0) {
+			if (errno == ECONNREFUSED)
+			    oldw("remote host doesn't support Kerberos");
+			else if (errno == ENOENT)
+			    oldw("can't provide Kerberos authentication data");
+			execv(_PATH_RCP, argv_copy);
+		}
+	} else {
+		if (doencrypt)
+			errx(1,
+			   "the -x option requires Kerberos authentication");
+		if (geteuid() != 0) {
+		    errx(1, "not installed setuid root, "
+			 "only root may use non kerberized rcp");
+		}
+		rem = rcmd(host, port, locuser, user, bp, 0);
+	}
+	return (rem);
+}
+
+static void
+toremote(char *targ, int argc, char **argv)
+{
+	int i, len;
+#ifdef IP_TOS
+	int tos;
+#endif
+	char *bp, *host, *src, *suser, *thost, *tuser;
+
+	*targ++ = 0;
+	if (*targ == 0)
+		targ = ".";
+
+	if ((thost = strchr(argv[argc - 1], '@'))) {
+		/* user@host */
+		*thost++ = 0;
+		tuser = argv[argc - 1];
+		if (*tuser == '\0')
+			tuser = NULL;
+		else if (!okname(tuser))
+			exit(1);
+	} else {
+		thost = argv[argc - 1];
+		tuser = user_name;
+	}
+
+	for (i = 0; i < argc - 1; i++) {
+		src = colon(argv[i]);
+		if (src) {			/* remote to remote */
+			*src++ = 0;
+			if (*src == 0)
+				src = ".";
+			host = strchr(argv[i], '@');
+			if (host) {
+			    *host++ = 0;
+			    suser = argv[i];
+			    if (*suser == '\0')
+				suser = pwd->pw_name;
+			    else if (!okname(suser))
+				continue;
+			    asprintf(&bp, "%s %s -l %s -n %s %s '%s%s%s:%s'",
+				     _PATH_RSH, host, suser, cmd, src,
+				     tuser ? tuser : "", tuser ? "@" : "",
+				     thost, targ);
+			} else
+			    asprintf(&bp, "exec %s %s -n %s %s '%s%s%s:%s'",
+				     _PATH_RSH, argv[i], cmd, src,
+				     tuser ? tuser : "", tuser ? "@" : "",
+				     thost, targ);
+			if(bp == NULL)
+			    errx(1, "out of memory");
+			susystem(bp, userid);
+			free(bp);
+		} else {			/* local to remote */
+			if (rem == -1) {
+				len = strlen(targ) + CMDNEEDS + 20;
+				if (!(bp = malloc(len)))
+					err(1, " ");
+				snprintf(bp, len, "%s -t %s", cmd, targ);
+				host = thost;
+				if (use_kerberos)
+					rem = kerberos(&host, bp,
+#ifdef __CYGWIN32__
+						       tuser,
+#else
+					    pwd->pw_name,
+#endif
+					    tuser ? tuser : pwd->pw_name);
+				else
+					rem = rcmd(&host, port,
+#ifdef __CYGWIN32__
+						   tuser,
+#else
+						   pwd->pw_name,
+#endif
+					    tuser ? tuser : pwd->pw_name,
+					    bp, 0);
+				if (rem < 0)
+					exit(1);
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+				tos = IPTOS_THROUGHPUT;
+				if (setsockopt(rem, IPPROTO_IP, IP_TOS,
+				    (void *)&tos, sizeof(int)) < 0)
+					warn("TOS (ignored)");
+#endif /* IP_TOS */
+				if (doencrypt)
+				    send_auth(host, dest_realm);
+				if (response() < 0)
+					exit(1);
+				free(bp);
+				setuid(userid);
+			}
+			source(1, argv+i);
+		}
+	}
+}
+
+static void
+sink(int argc, char **argv)
+{
+	static BUF buffer;
+	struct stat stb;
+	struct timeval tv[2];
+	enum { YES, NO, DISPLAYED } wrerr;
+	BUF *bp;
+	off_t i, j;
+	int amt, count, exists, first, mask, mode, ofd, omode;
+	int setimes, size, targisdir, wrerrno=0;
+	char ch, *cp, *np, *targ, *why, *vect[1], buf[BUFSIZ];
+
+#define	atime	tv[0]
+#define	mtime	tv[1]
+#define	SCREWUP(str)	{ why = str; goto screwup; }
+
+	setimes = targisdir = 0;
+	mask = umask(0);
+	if (!pflag)
+		umask(mask);
+	if (argc != 1) {
+		run_err("ambiguous target");
+		exit(1);
+	}
+	targ = *argv;
+	if (targetshouldbedirectory)
+		verifydir(targ);
+	des_write(rem, "", 1);
+	if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
+		targisdir = 1;
+	for (first = 1;; first = 0) {
+		cp = buf;
+		if (des_read(rem, cp, 1) <= 0)
+			return;
+		if (*cp++ == '\n')
+			SCREWUP("unexpected <newline>");
+		do {
+			if (des_read(rem, &ch, sizeof(ch)) != sizeof(ch))
+				SCREWUP("lost connection");
+			*cp++ = ch;
+		} while (cp < &buf[BUFSIZ - 1] && ch != '\n');
+		*cp = 0;
+
+		if (buf[0] == '\01' || buf[0] == '\02') {
+			if (iamremote == 0)
+				write(STDERR_FILENO,
+				    buf + 1, strlen(buf + 1));
+			if (buf[0] == '\02')
+				exit(1);
+			++errs;
+			continue;
+		}
+		if (buf[0] == 'E') {
+			des_write(rem, "", 1);
+			return;
+		}
+
+		if (ch == '\n')
+			*--cp = 0;
+
+#define getnum(t)					\
+		do {					\
+		    (t) = 0;				\
+		    while (isdigit((unsigned char)*cp))	\
+			(t) = (t) * 10 + (*cp++ - '0');	\
+		} while(0)
+
+		cp = buf;
+		if (*cp == 'T') {
+			setimes++;
+			cp++;
+			getnum(mtime.tv_sec);
+			if (*cp++ != ' ')
+				SCREWUP("mtime.sec not delimited");
+			getnum(mtime.tv_usec);
+			if (*cp++ != ' ')
+				SCREWUP("mtime.usec not delimited");
+			getnum(atime.tv_sec);
+			if (*cp++ != ' ')
+				SCREWUP("atime.sec not delimited");
+			getnum(atime.tv_usec);
+			if (*cp++ != '\0')
+				SCREWUP("atime.usec not delimited");
+			des_write(rem, "", 1);
+			continue;
+		}
+		if (*cp != 'C' && *cp != 'D') {
+			/*
+			 * Check for the case "rcp remote:foo\* local:bar".
+			 * In this case, the line "No match." can be returned
+			 * by the shell before the rcp command on the remote is
+			 * executed so the ^Aerror_message convention isn't
+			 * followed.
+			 */
+			if (first) {
+				run_err("%s", cp);
+				exit(1);
+			}
+			SCREWUP("expected control record");
+		}
+		mode = 0;
+		for (++cp; cp < buf + 5; cp++) {
+			if (*cp < '0' || *cp > '7')
+				SCREWUP("bad mode");
+			mode = (mode << 3) | (*cp - '0');
+		}
+		if (*cp++ != ' ')
+			SCREWUP("mode not delimited");
+
+		for (size = 0; isdigit((unsigned char)*cp);)
+			size = size * 10 + (*cp++ - '0');
+		if (*cp++ != ' ')
+			SCREWUP("size not delimited");
+		if (targisdir) {
+			static char *namebuf;
+			static int cursize;
+			size_t need;
+
+			need = strlen(targ) + strlen(cp) + 250;
+			if (need > cursize) {
+				if (!(namebuf = malloc(need)))
+					run_err("%s", strerror(errno));
+			}
+			snprintf(namebuf, need, "%s%s%s", targ,
+			    *targ ? "/" : "", cp);
+			np = namebuf;
+		} else
+			np = targ;
+		exists = stat(np, &stb) == 0;
+		if (buf[0] == 'D') {
+			int mod_flag = pflag;
+			if (exists) {
+				if (!S_ISDIR(stb.st_mode)) {
+					errno = ENOTDIR;
+					goto bad;
+				}
+				if (pflag)
+					chmod(np, mode);
+			} else {
+				/* Handle copying from a read-only directory */
+				mod_flag = 1;
+				if (mkdir(np, mode | S_IRWXU) < 0)
+					goto bad;
+			}
+			vect[0] = np;
+			sink(1, vect);
+			if (setimes) {
+			        struct utimbuf times;
+				times.actime = atime.tv_sec;
+				times.modtime = mtime.tv_sec;
+				setimes = 0;
+				if (utime(np, &times) < 0)
+				    run_err("%s: set times: %s",
+					    np, strerror(errno));
+			}
+			if (mod_flag)
+				chmod(np, mode);
+			continue;
+		}
+		omode = mode;
+		mode |= S_IWRITE;
+		if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
+bad:			run_err("%s: %s", np, strerror(errno));
+			continue;
+		}
+		des_write(rem, "", 1);
+		if ((bp = allocbuf(&buffer, ofd, BUFSIZ)) == NULL) {
+			close(ofd);
+			continue;
+		}
+		cp = bp->buf;
+		wrerr = NO;
+		for (count = i = 0; i < size; i += BUFSIZ) {
+			amt = BUFSIZ;
+			if (i + amt > size)
+				amt = size - i;
+			count += amt;
+			do {
+				j = des_read(rem, cp, amt);
+				if (j <= 0) {
+					run_err("%s", j ? strerror(errno) :
+						"dropped connection");
+					exit(1);
+				}
+				amt -= j;
+				cp += j;
+			} while (amt > 0);
+			if (count == bp->cnt) {
+				/* Keep reading so we stay sync'd up. */
+				if (wrerr == NO) {
+					j = write(ofd, bp->buf, count);
+					if (j != count) {
+						wrerr = YES;
+						wrerrno = j >= 0 ? EIO : errno; 
+					}
+				}
+				count = 0;
+				cp = bp->buf;
+			}
+		}
+		if (count != 0 && wrerr == NO &&
+		    (j = write(ofd, bp->buf, count)) != count) {
+			wrerr = YES;
+			wrerrno = j >= 0 ? EIO : errno; 
+		}
+		if (ftruncate(ofd, size)) {
+			run_err("%s: truncate: %s", np, strerror(errno));
+			wrerr = DISPLAYED;
+		}
+		if (pflag) {
+			if (exists || omode != mode)
+#ifdef HAVE_FCHMOD
+				if (fchmod(ofd, omode))
+#else
+				if (chmod(np, omode))
+#endif
+					run_err("%s: set mode: %s",
+						np, strerror(errno));
+		} else {
+			if (!exists && omode != mode)
+#ifdef HAVE_FCHMOD
+				if (fchmod(ofd, omode & ~mask))
+#else
+				if (chmod(np, omode & ~mask))
+#endif
+					run_err("%s: set mode: %s",
+						np, strerror(errno));
+		}
+		close(ofd);
+		response();
+		if (setimes && wrerr == NO) {
+		        struct utimbuf times;
+			times.actime = atime.tv_sec;
+			times.modtime = mtime.tv_sec;
+			setimes = 0;
+			if (utime(np, &times) < 0) {
+				run_err("%s: set times: %s",
+					np, strerror(errno));
+				wrerr = DISPLAYED;
+			}
+		}
+		switch(wrerr) {
+		case YES:
+			run_err("%s: %s", np, strerror(wrerrno));
+			break;
+		case NO:
+			des_write(rem, "", 1);
+			break;
+		case DISPLAYED:
+			break;
+		}
+	}
+screwup:
+	run_err("protocol error: %s", why);
+	exit(1);
+}
+
+static void
+tolocal(int argc, char **argv)
+{
+	int i, len;
+#ifdef IP_TOS
+	int tos;
+#endif
+	char *bp, *host, *src, *suser;
+
+	for (i = 0; i < argc - 1; i++) {
+		if (!(src = colon(argv[i]))) {		/* Local to local. */
+			len = strlen(_PATH_CP) + strlen(argv[i]) +
+			    strlen(argv[argc - 1]) + 20;
+			if (!(bp = malloc(len)))
+				err(1, " ");
+			snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP,
+				 iamrecursive ? " -r" : "", pflag ? " -p" : "",
+				 argv[i], argv[argc - 1]);
+			if (susystem(bp, userid))
+				++errs;
+			free(bp);
+			continue;
+		}
+		*src++ = 0;
+		if (*src == 0)
+			src = ".";
+		if ((host = strchr(argv[i], '@')) == NULL) {
+#ifdef __CYGWIN32__
+			errx (1, "Sorry, you need to specify the username");
+#else
+			host = argv[i];
+			suser = pwd->pw_name;
+			if (user_name)
+			    suser = user_name;
+#endif
+		} else {
+			*host++ = 0;
+			suser = argv[i];
+			if (*suser == '\0')
+#ifdef __CYGWIN32__
+			errx (1, "Sorry, you need to specify the username");
+#else
+				suser = pwd->pw_name;
+#endif
+			else if (!okname(suser))
+				continue;
+		}
+		len = strlen(src) + CMDNEEDS + 20;
+		if ((bp = malloc(len)) == NULL)
+			err(1, " ");
+		snprintf(bp, len, "%s -f %s", cmd, src);
+		rem = 
+		    use_kerberos ? 
+			kerberos(&host, bp,
+#ifndef __CYGWIN32__
+				 pwd->pw_name,
+#else
+				 suser,
+#endif
+				 suser) : 
+			rcmd(&host, port,
+#ifndef __CYGWIN32__
+			     pwd->pw_name,
+#else
+			     suser,
+#endif
+			     suser, bp, 0);
+		free(bp);
+		if (rem < 0) {
+			++errs;
+			continue;
+		}
+		seteuid(userid);
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+		tos = IPTOS_THROUGHPUT;
+		if (setsockopt(rem, IPPROTO_IP, IP_TOS, (void *)&tos,
+			       sizeof(int)) < 0)
+			warn("TOS (ignored)");
+#endif /* IP_TOS */
+		if (doencrypt)
+			send_auth(host, dest_realm);
+		sink(1, argv + argc - 1);
+		seteuid(0);
+		close(rem);
+		rem = -1;
+	}
+}
+
+
+int
+main(int argc, char **argv)
+{
+	int ch, fflag, tflag;
+	char *targ;
+	int i;
+
+	set_progname(argv[0]);
+
+	/*
+	 * Prepare for execing ourselves.
+	 */
+
+	argc_copy = argc + 1;
+	argv_copy = malloc((argc_copy + 1) * sizeof(*argv_copy));
+	if (argv_copy == NULL)
+	    err(1, "malloc");
+	argv_copy[0] = argv[0];
+	argv_copy[1] = "-K";
+	for(i = 1; i < argc; ++i) {
+	    argv_copy[i + 1] = strdup(argv[i]);
+	    if (argv_copy[i + 1] == NULL)
+		errx(1, "strdup: out of memory");
+	}
+	argv_copy[argc + 1] = NULL;
+
+
+	fflag = tflag = 0;
+	while ((ch = getopt(argc, argv, OPTIONS)) != -1)
+		switch(ch) {			/* User-visible flags. */
+		case 'K':
+			use_kerberos = 0;
+			break;
+		case 'k':
+			dest_realm = dst_realm_buf;
+			strlcpy(dst_realm_buf, optarg, REALM_SZ);
+			break;
+		case 'x':
+			doencrypt = 1;
+			LEFT_JUSTIFIED = 1;
+			break;
+		case 'p':
+			pflag = 1;
+			break;
+		case 'r':
+			iamrecursive = 1;
+			break;
+						/* Server options. */
+		case 'd':
+			targetshouldbedirectory = 1;
+			break;
+		case 'f':			/* "from" */
+			iamremote = 1;
+			fflag = 1;
+			break;
+		case 't':			/* "to" */
+			iamremote = 1;
+			tflag = 1;
+			break;
+		case 'l':
+		        user_name = optarg;
+			break;
+		case '?':
+		default:
+			usage();
+		}
+	argc -= optind;
+	argv += optind;
+
+	/* Rcp implements encrypted file transfer without using the
+	 * kshell service, pass 0 for no encryption */
+	port = get_shell_port(use_kerberos, 0);
+
+	userid = getuid();
+
+#ifndef __CYGWIN32__
+	if ((pwd = k_getpwuid(userid)) == NULL)
+		errx(1, "unknown user %d", (int)userid);
+#endif
+
+	rem = STDIN_FILENO;		/* XXX */
+
+	if (fflag || tflag) {
+	    if (doencrypt)
+		answer_auth();
+	    if(fflag)
+		response();
+	    if(do_osfc2_magic(pwd->pw_uid))
+		exit(1);
+	    setuid(userid);
+	    if (k_hasafs()) {
+		/* Sometimes we will need cell specific tokens
+		 * to be able to read and write files, thus,
+		 * the token stuff done in rshd might not
+		 * suffice.
+		 */
+		char cell[64];
+		if (k_afs_cell_of_file(pwd->pw_dir,
+				       cell, sizeof(cell)) == 0)
+		    krb_afslog(cell, 0);
+		krb_afslog(0, 0);
+	    }
+	    if(fflag)
+		source(argc, argv);
+	    else
+		sink(argc, argv);
+	    exit(errs);
+	}
+
+	if (argc < 2)
+		usage();
+	if (argc > 2)
+		targetshouldbedirectory = 1;
+
+	rem = -1;
+	/* Command to be executed on remote system using "rsh". */
+	snprintf(cmd, sizeof(cmd),
+		 "rcp%s%s%s%s", iamrecursive ? " -r" : "",
+		 (doencrypt && use_kerberos ? " -x" : ""),
+		 pflag ? " -p" : "", targetshouldbedirectory ? " -d" : "");
+
+	signal(SIGPIPE, lostconn);
+
+	if ((targ = colon(argv[argc - 1])))	/* Dest is remote host. */
+		toremote(targ, argc, argv);
+	else {
+		tolocal(argc, argv);		/* Dest is local host. */
+		if (targetshouldbedirectory)
+			verifydir(argv[argc - 1]);
+	}
+	exit(errs);
+}
diff --git a/crypto/kerberosIV/appl/bsd/rcp_util.c b/crypto/kerberosIV/appl/bsd/rcp_util.c
new file mode 100644
index 0000000..54233af
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rcp_util.c
@@ -0,0 +1,99 @@
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rcp_util.c,v 1.8 1998/09/28 11:45:21 joda Exp $");
+
+char *
+colon(char *cp)
+{
+	if (*cp == ':')		/* Leading colon is part of file name. */
+		return (0);
+
+	for (; *cp; ++cp) {
+		if (*cp == ':')
+			return (cp);
+		if (*cp == '/')
+			return (0);
+	}
+	return (0);
+}
+
+int
+okname(char *cp0)
+{
+	int c;
+	char *cp;
+
+	cp = cp0;
+	do {
+		c = *cp;
+		if (c & 0200)
+			goto bad;
+		if (!isalpha(c) && !isdigit(c) && c != '_' && c != '-')
+			goto bad;
+	} while (*++cp);
+	return (1);
+
+bad:	warnx("%s: invalid user name", cp0);
+	return (0);
+}
+
+int
+susystem(char *s, int userid)
+{
+    RETSIGTYPE (*istat)(), (*qstat)();
+    int status;
+    pid_t pid;
+
+    pid = fork();
+    switch (pid) {
+    case -1:
+	return (127);
+	
+    case 0:
+	if(do_osfc2_magic(userid))
+	    exit(1);
+	setuid(userid);
+	execl(_PATH_BSHELL, "sh", "-c", s, NULL);
+	_exit(127);
+    }
+    istat = signal(SIGINT, SIG_IGN);
+    qstat = signal(SIGQUIT, SIG_IGN);
+    if (waitpid(pid, &status, 0) < 0)
+	status = -1;
+    signal(SIGINT, istat);
+    signal(SIGQUIT, qstat);
+    return (status);
+}
diff --git a/crypto/kerberosIV/appl/bsd/rlogin.c b/crypto/kerberosIV/appl/bsd/rlogin.c
new file mode 100644
index 0000000..d057ede
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rlogin.c
@@ -0,0 +1,709 @@
+/*
+ * Copyright (c) 1983, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * rlogin - remote login
+ */
+#include "bsd_locl.h"
+
+RCSID("$Id: rlogin.c,v 1.67 1999/11/13 06:13:02 assar Exp $");
+
+CREDENTIALS cred;
+Key_schedule schedule;
+int use_kerberos = 1, doencrypt;
+char dst_realm_buf[REALM_SZ], *dest_realm = NULL;
+
+#ifndef CCEQ
+#define c2uc(x) ((unsigned char) x)
+#define CCEQ__(val, c)	(c == val ? val != c2uc(_POSIX_VDISABLE) : 0)
+#define CCEQ(val, c) CCEQ__(c2uc(val), c2uc(c))
+#endif
+
+int eight, rem;
+struct termios deftty;
+
+int noescape;
+char escapechar = '~';
+
+struct	winsize winsize;
+
+int parent, rcvcnt;
+char rcvbuf[8 * 1024];
+
+int child;
+
+static void
+echo(char c)
+{
+	char *p;
+	char buf[8];
+
+	p = buf;
+	c &= 0177;
+	*p++ = escapechar;
+	if (c < ' ') {
+		*p++ = '^';
+		*p++ = c + '@';
+	} else if (c == 0177) {
+		*p++ = '^';
+		*p++ = '?';
+	} else
+		*p++ = c;
+	*p++ = '\r';
+	*p++ = '\n';
+	write(STDOUT_FILENO, buf, p - buf);
+}
+
+static void
+mode(int f)
+{
+	struct termios tty;
+
+	switch (f) {
+	case 0:
+		tcsetattr(0, TCSANOW, &deftty);
+		break;
+	case 1:
+		tcgetattr(0, &deftty);
+		tty = deftty;
+		/* This is loosely derived from sys/compat/tty_compat.c. */
+		tty.c_lflag &= ~(ECHO|ICANON|ISIG|IEXTEN);
+		tty.c_iflag &= ~ICRNL;
+		tty.c_oflag &= ~OPOST;
+		tty.c_cc[VMIN] = 1;
+		tty.c_cc[VTIME] = 0;
+		if (eight) {
+			tty.c_iflag &= IXOFF;
+			tty.c_cflag &= ~(CSIZE|PARENB);
+			tty.c_cflag |= CS8;
+		}
+		tcsetattr(0, TCSANOW, &tty);
+		break;
+	default:
+		return;
+	}
+}
+
+static void
+done(int status)
+{
+	int w, wstatus;
+
+	mode(0);
+	if (child > 0) {
+		/* make sure catch_child does not snap it up */
+		signal(SIGCHLD, SIG_DFL);
+		if (kill(child, SIGKILL) >= 0)
+			while ((w = wait(&wstatus)) > 0 && w != child);
+	}
+	exit(status);
+}
+
+static
+RETSIGTYPE
+catch_child(int foo)
+{
+	int status;
+	int pid;
+
+	for (;;) {
+		pid = waitpid(-1, &status, WNOHANG|WUNTRACED);
+		if (pid == 0)
+			return;
+		/* if the child (reader) dies, just quit */
+		if (pid < 0 || (pid == child && !WIFSTOPPED(status)))
+			done(WTERMSIG(status) | WEXITSTATUS(status));
+	}
+	/* NOTREACHED */
+}
+
+/*
+ * There is a race in the SunOS5 rlogind. If the slave end has not yet
+ * been opened by the child when setting tty size the size is reset to
+ * zero when the child opens it. Therefore we send the window update
+ * twice.
+ */
+
+static int tty_kludge = 1;
+
+/* Return the number of OOB bytes processed. */
+static int
+oob_real(void)
+{
+	struct termios tty;
+	int atmark, n, out, rcvd;
+	char waste[BUFSIZ], mark;
+
+	out = O_RDWR;
+	rcvd = 0;
+	if (recv(rem, &mark, 1, MSG_OOB) < 0) {
+		return -1;
+	}
+	if (mark & TIOCPKT_WINDOW) {
+		/* Let server know about window size changes */
+		kill(parent, SIGUSR1);
+	} else if (tty_kludge) {
+		/* Let server know about window size changes */
+		kill(parent, SIGUSR1);
+		tty_kludge = 0;
+	}
+	if (!eight && (mark & TIOCPKT_NOSTOP)) {
+		tcgetattr(0, &tty);
+		tty.c_iflag &= ~IXON;
+		tcsetattr(0, TCSANOW, &tty);
+	}
+	if (!eight && (mark & TIOCPKT_DOSTOP)) {
+		tcgetattr(0, &tty);
+		tty.c_iflag |= (deftty.c_iflag & IXON);
+		tcsetattr(0, TCSANOW, &tty);
+	}
+	if (mark & TIOCPKT_FLUSHWRITE) {
+#ifdef TCOFLUSH
+		tcflush(1, TCOFLUSH);
+#else
+		ioctl(1, TIOCFLUSH, (char *)&out);
+#endif
+		for (;;) {
+			if (ioctl(rem, SIOCATMARK, &atmark) < 0) {
+			    warn("ioctl");
+			    break;
+			}
+			if (atmark)
+				break;
+			n = read(rem, waste, sizeof (waste));
+			if (n <= 0)
+				break;
+		}
+		/*
+		 * Don't want any pending data to be output, so clear the recv
+		 * buffer.  If we were hanging on a write when interrupted,
+		 * don't want it to restart.  If we were reading, restart
+		 * anyway.
+		 */
+		rcvcnt = 0;
+	}
+
+	/* oob does not do FLUSHREAD (alas!) */
+	return 1;
+}
+
+/* reader: read from remote: line -> 1 */
+static int
+reader(void)
+{
+	int n, remaining;
+	char *bufp;
+	int kludgep = 1;
+
+	bufp = rcvbuf;
+	for (;;) {
+	        fd_set readfds, exceptfds;
+		while ((remaining = rcvcnt - (bufp - rcvbuf)) > 0) {
+			n = write(STDOUT_FILENO, bufp, remaining);
+			if (n < 0) {
+				if (errno != EINTR)
+					return (-1);
+				continue;
+			}
+			bufp += n;
+		}
+		bufp = rcvbuf;
+		rcvcnt = 0;
+
+		FD_ZERO (&readfds);
+		FD_SET (rem, &readfds);
+		FD_ZERO (&exceptfds);
+		if (kludgep)
+		  FD_SET (rem, &exceptfds);
+		if (select(rem+1, &readfds, 0, &exceptfds, 0) == -1) {
+		    if (errno == EINTR)
+			continue; /* Got signal */
+		    else
+			errx(1, "select failed mysteriously");
+		}
+
+		if (!FD_ISSET(rem, &exceptfds) && !FD_ISSET(rem, &readfds)) {
+		    warnx("select: nothing to read?");
+		    continue;
+		  }
+
+		if (FD_ISSET(rem, &exceptfds)) {
+		  int foo = oob_real ();
+		  if (foo >= 1)
+		    continue;	/* First check if there is more OOB data. */
+		  else if (foo < 0)
+		    kludgep = 0;
+		}
+
+		if (!FD_ISSET(rem, &readfds))
+		    continue;	/* Nothing to read. */
+
+		kludgep = 1;
+#ifndef NOENCRYPTION
+		if (doencrypt)
+			rcvcnt = des_enc_read(rem, rcvbuf,
+					      sizeof(rcvbuf),
+					      schedule, &cred.session);
+		else
+#endif
+			rcvcnt = read(rem, rcvbuf, sizeof (rcvbuf));
+		if (rcvcnt == 0)
+			return (0);
+		if (rcvcnt < 0) {
+			if (errno == EINTR)
+				continue;
+			warn("read");
+			return (-1);
+		}
+	}
+}
+
+/*
+ * Send the window size to the server via the magic escape
+ */
+static void
+sendwindow(void)
+{
+	char obuf[4 + 4 * sizeof (u_int16_t)];
+	unsigned short *p;
+
+	p = (u_int16_t *)(obuf + 4);
+	obuf[0] = 0377;
+	obuf[1] = 0377;
+	obuf[2] = 's';
+	obuf[3] = 's';
+	*p++ = htons(winsize.ws_row);
+	*p++ = htons(winsize.ws_col);
+#ifdef HAVE_WS_XPIXEL
+	*p++ = htons(winsize.ws_xpixel);
+#else
+	*p++ = htons(0);
+#endif	
+#ifdef HAVE_WS_YPIXEL
+	*p++ = htons(winsize.ws_ypixel);
+#else
+	*p++ = htons(0);
+#endif	
+
+#ifndef NOENCRYPTION
+	if(doencrypt)
+		des_enc_write(rem, obuf, sizeof(obuf), schedule,
+			      &cred.session);
+	else
+#endif
+		write(rem, obuf, sizeof(obuf));
+}
+
+static
+RETSIGTYPE
+sigwinch(int foo)
+{
+	struct winsize ws;
+
+	if (get_window_size(0, &ws) == 0 &&
+	    memcmp(&ws, &winsize, sizeof(ws))) {
+		winsize = ws;
+		sendwindow();
+	}
+}
+
+static void
+stop(int all)
+{
+	mode(0);
+	signal(SIGCHLD, SIG_IGN);
+	kill(all ? 0 : getpid(), SIGTSTP);
+	signal(SIGCHLD, catch_child);
+	mode(1);
+#ifdef SIGWINCH
+	kill(SIGWINCH, getpid()); /* check for size changes, if caught */
+#endif
+}
+
+/*
+ * writer: write to remote: 0 -> line.
+ * ~.				terminate
+ * ~^Z				suspend rlogin process.
+ * ~<delayed-suspend char>	suspend rlogin process, but leave reader alone.
+ */
+static void
+writer(void)
+{
+	int bol, local, n;
+	char c;
+
+	bol = 1;			/* beginning of line */
+	local = 0;
+	for (;;) {
+		n = read(STDIN_FILENO, &c, 1);
+		if (n <= 0) {
+			if (n < 0 && errno == EINTR)
+				continue;
+			break;
+		}
+		/*
+		 * If we're at the beginning of the line and recognize a
+		 * command character, then we echo locally.  Otherwise,
+		 * characters are echo'd remotely.  If the command character
+		 * is doubled, this acts as a force and local echo is
+		 * suppressed.
+		 */
+		if (bol) {
+			bol = 0;
+			if (!noescape && c == escapechar) {
+				local = 1;
+				continue;
+			}
+		} else if (local) {
+			local = 0;
+			if (c == '.' || CCEQ(deftty.c_cc[VEOF], c)) {
+				echo(c);
+				break;
+			}
+			if (CCEQ(deftty.c_cc[VSUSP], c)) {
+				bol = 1;
+				echo(c);
+				stop(1);
+				continue;
+			}
+#ifdef VDSUSP
+			/* Is VDSUSP called something else on Linux?
+			 * Perhaps VDELAY is a better thing? */		
+			if (CCEQ(deftty.c_cc[VDSUSP], c)) {
+				bol = 1;
+				echo(c);
+				stop(0);
+				continue;
+			}
+#endif /* VDSUSP */
+			if (c != escapechar) {
+#ifndef NOENCRYPTION
+				if (doencrypt)
+					des_enc_write(rem, &escapechar,1, schedule, &cred.session);
+				else
+#endif
+					write(rem, &escapechar, 1);
+			}
+		}
+
+		if (doencrypt) {
+#ifdef NOENCRYPTION
+			if (write(rem, &c, 1) == 0) {
+#else
+			if (des_enc_write(rem, &c, 1, schedule, &cred.session) == 0) {
+#endif
+				warnx("line gone");
+				break;
+			}
+		} else
+			if (write(rem, &c, 1) == 0) {
+				warnx("line gone");
+				break;
+			}
+		bol = CCEQ(deftty.c_cc[VKILL], c) ||
+		    CCEQ(deftty.c_cc[VEOF], c) ||
+		    CCEQ(deftty.c_cc[VINTR], c) ||
+		    CCEQ(deftty.c_cc[VSUSP], c) ||
+		    c == '\r' || c == '\n';
+	}
+}
+
+static
+RETSIGTYPE
+lostpeer(int foo)
+{
+	signal(SIGPIPE, SIG_IGN);
+	warnx("\aconnection closed.\r");
+	done(1);
+}
+
+/*
+ * This is called in the parent when the reader process gets the
+ * out-of-band (urgent) request to turn on the window-changing
+ * protocol. It is signalled from the child(reader).
+ */
+static
+RETSIGTYPE
+sigusr1(int foo)
+{
+        /*
+	 * Now we now daemon supports winsize hack,
+	 */
+	sendwindow();
+#ifdef SIGWINCH
+	signal(SIGWINCH, sigwinch); /* so we start to support it */
+#endif
+	SIGRETURN(0);
+}
+
+static void
+doit(void)
+{
+	signal(SIGINT, SIG_IGN);
+	signal(SIGHUP, SIG_IGN);
+	signal(SIGQUIT, SIG_IGN);
+
+	signal(SIGCHLD, catch_child);
+
+	/*
+	 * Child sends parent this signal for window size hack.
+	 */
+	signal(SIGUSR1, sigusr1);
+
+	signal(SIGPIPE, lostpeer);
+
+	mode(1);
+	parent = getpid();
+	child = fork();
+	if (child == -1) {
+	    warn("fork");
+	    done(1);
+	}
+	if (child == 0) {
+	        signal(SIGCHLD, SIG_IGN);
+	        signal(SIGTTOU, SIG_IGN);
+		if (reader() == 0)
+		    errx(1, "connection closed.\r");
+		sleep(1);
+		errx(1, "\aconnection closed.\r");
+	}
+
+	writer();
+	warnx("closed connection.\r");
+	done(0);
+}
+
+static void
+usage(void)
+{
+    fprintf(stderr,
+	    "usage: rlogin [ -%s]%s[-e char] [ -l username ] host\n",
+	    "8DEKLdx", " [-k realm] ");
+    exit(1);
+}
+
+static u_int
+getescape(char *p)
+{
+	long val;
+	int len;
+
+	if ((len = strlen(p)) == 1)	/* use any single char, including '\' */
+		return ((u_int)*p);
+					/* otherwise, \nnn */
+	if (*p == '\\' && len >= 2 && len <= 4) {
+		val = strtol(++p, NULL, 8);
+		for (;;) {
+			if (!*++p)
+				return ((u_int)val);
+			if (*p < '0' || *p > '8')
+				break;
+		}
+	}
+	warnx("illegal option value -- e");
+	usage();
+	return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+	struct passwd *pw;
+	int sv_port, user_port = 0;
+	int argoff, ch, dflag, Dflag, one, uid;
+	char *host, *user, term[1024];
+
+	argoff = dflag = Dflag = 0;
+	one = 1;
+	host = user = NULL;
+
+	set_progname(argv[0]);
+
+	/* handle "rlogin host flags" */
+	if (argc > 2 && argv[1][0] != '-') {
+	    host = argv[1];
+	    argoff = 1;
+	}
+
+#define	OPTIONS	"8DEKLde:k:l:xp:"
+	while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1)
+		switch(ch) {
+		case '8':
+			eight = 1;
+			break;
+		case 'D':
+		        Dflag = 1;
+			break;
+		case 'E':
+			noescape = 1;
+			break;
+		case 'K':
+			use_kerberos = 0;
+			break;
+		case 'd':
+			dflag = 1;
+			break;
+		case 'e':
+			noescape = 0;
+			escapechar = getescape(optarg);
+			break;
+		case 'k':
+			dest_realm = dst_realm_buf;
+			strlcpy(dest_realm, optarg, REALM_SZ);
+			break;
+		case 'l':
+			user = optarg;
+			break;
+		case 'x':
+			doencrypt = 1;
+			break;
+		case 'p': {
+		    char *endptr;
+
+		    user_port = strtol (optarg, &endptr, 0);
+		    if (user_port == 0 && optarg == endptr)
+			errx (1, "Bad port `%s'", optarg);
+		    user_port = htons(user_port);
+		    break;
+		}
+		case '?':
+		default:
+			usage();
+		}
+	optind += argoff;
+
+	/* if haven't gotten a host yet, do so */
+	if (!host && !(host = argv[optind++]))
+		usage();
+
+	if (argv[optind])
+		usage();
+
+	if (!(pw = k_getpwuid(uid = getuid())))
+	    errx(1, "unknown user id.");
+	if (!user)
+	    user = pw->pw_name;
+
+	if (user_port)
+		sv_port = user_port;
+	else
+		sv_port = get_login_port(use_kerberos, doencrypt);
+
+	{
+	    char *p = getenv("TERM");
+	    struct termios tty;
+	    int i;
+
+	    if (p == NULL)
+		p = "network";
+
+	    if (tcgetattr(0, &tty) == 0
+		&& (i = speed_t2int (cfgetospeed(&tty))) > 0)
+		snprintf (term, sizeof(term),
+			  "%s/%d",
+			  p, i);
+	    else
+		snprintf (term, sizeof(term),
+			  "%s",
+			  p);
+	}
+
+	get_window_size(0, &winsize);
+
+	if (use_kerberos) {
+	        setuid(getuid());
+		rem = KSUCCESS;
+		errno = 0;
+		if (dest_realm == NULL)
+		    dest_realm = krb_realmofhost(host);
+
+		if (doencrypt)
+		    rem = krcmd_mutual(&host, sv_port, user, term, 0,
+				       dest_realm, &cred, schedule);
+		else
+		    rem = krcmd(&host, sv_port, user, term, 0,
+				dest_realm);
+		if (rem < 0) {
+		    int i;
+		    char **newargv;
+
+		    if (errno == ECONNREFUSED)
+			warning("remote host doesn't support Kerberos");
+		    if (errno == ENOENT)
+			warning("can't provide Kerberos auth data");
+		    newargv = malloc((argc + 2) * sizeof(*newargv));
+		    if (newargv == NULL)
+			err(1, "malloc");
+		    newargv[0] = argv[0];
+		    newargv[1] = "-K";
+		    for(i = 1; i < argc; ++i)
+			newargv[i + 1] = argv[i];
+		    newargv[argc + 1] = NULL;
+		    execv(_PATH_RLOGIN, newargv);
+		}
+	} else {
+		if (doencrypt)
+		    errx(1, "the -x flag requires Kerberos authentication.");
+		if (geteuid() != 0)
+		    errx(1, "not installed setuid root, "
+			 "only root may use non kerberized rlogin");
+		rem = rcmd(&host, sv_port, pw->pw_name, user, term, 0);
+	}
+	
+	if (rem < 0)
+		exit(1);
+
+#ifdef HAVE_SETSOCKOPT
+#ifdef SO_DEBUG
+	if (dflag &&
+	    setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one,
+		       sizeof(one)) < 0)
+	    warn("setsockopt");
+#endif
+#ifdef TCP_NODELAY
+	if (Dflag &&
+	    setsockopt(rem, IPPROTO_TCP, TCP_NODELAY, (void *)&one,
+		       sizeof(one)) < 0)
+	    warn("setsockopt(TCP_NODELAY)");
+#endif
+#ifdef IP_TOS
+	one = IPTOS_LOWDELAY;
+	if (setsockopt(rem, IPPROTO_IP, IP_TOS, (void *)&one, sizeof(int)) < 0)
+	    warn("setsockopt(IP_TOS)");
+#endif /* IP_TOS */
+#endif /* HAVE_SETSOCKOPT */
+
+	setuid(uid);
+	doit();
+	return 0;
+}
diff --git a/crypto/kerberosIV/appl/bsd/rlogind.c b/crypto/kerberosIV/appl/bsd/rlogind.c
new file mode 100644
index 0000000..927ffc5
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rlogind.c
@@ -0,0 +1,963 @@
+/*-
+ * Copyright (c) 1983, 1988, 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * remote login server:
+ *	\0
+ *	remuser\0
+ *	locuser\0
+ *	terminal_type/speed\0
+ *	data
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rlogind.c,v 1.109 1999/11/25 05:27:38 assar Exp $");
+
+extern int __check_rhosts_file;
+
+char *INSECURE_MESSAGE =
+"\r\n*** Connection not encrypted! Communication may be eavesdropped. ***"
+"\r\n*** Use telnet or rlogin -x instead! ***\r\n";
+
+#ifndef NOENCRYPTION
+char *SECURE_MESSAGE =
+"This rlogin session is using DES encryption for all transmissions.\r\n";
+#else
+#define	SECURE_MESSAGE INSECURE_MESSAGE
+#endif
+
+AUTH_DAT	*kdata;
+KTEXT		ticket;
+u_char		auth_buf[sizeof(AUTH_DAT)];
+u_char		tick_buf[sizeof(KTEXT_ST)];
+Key_schedule	schedule;
+int		doencrypt, retval, use_kerberos, vacuous;
+
+#define		ARGSTR			"Daip:lnkvxL:"
+
+char	*env[2];
+#define	NMAX 30
+char	lusername[NMAX+1], rusername[NMAX+1];
+static	char term[64] = "TERM=";
+#define	ENVSIZE	(sizeof("TERM=")-1)	/* skip null for concatenation */
+int	keepalive = 1;
+int	check_all = 0;
+int     no_delay = 0;
+
+struct	passwd *pwd;
+
+static const char *new_login = _PATH_LOGIN;
+
+static void	doit (int, struct sockaddr_in *);
+static int	control (int, char *, int);
+static void	protocol (int, int);
+static RETSIGTYPE cleanup (int);
+void	fatal (int, const char *, int);
+static int	do_rlogin (struct sockaddr_in *);
+static void	setup_term (int);
+static int	do_krb_login (struct sockaddr_in *);
+static void	usage (void);
+
+static int
+readstream(int p, char *ibuf, int bufsize)
+{
+#ifndef HAVE_GETMSG
+    return read(p, ibuf, bufsize);
+#else
+    static int flowison = -1;  /* current state of flow: -1 is unknown */
+    static struct strbuf strbufc, strbufd;
+    static unsigned char ctlbuf[BUFSIZ];
+    static int use_read = 1;
+
+    int flags = 0;
+    int ret;
+    struct termios tsp;
+
+    struct iocblk ip;
+    char vstop, vstart;
+    int ixon;
+    int newflow;
+
+    if (use_read)
+	{
+	    ret = read(p, ibuf, bufsize);
+	    if (ret < 0 && errno == EBADMSG)
+		use_read = 0;
+	    else
+		return ret;
+	}
+
+    strbufc.maxlen = BUFSIZ;
+    strbufc.buf = (char *)ctlbuf;
+    strbufd.maxlen = bufsize-1;
+    strbufd.len = 0;
+    strbufd.buf = ibuf+1;
+    ibuf[0] = 0;
+
+    ret = getmsg(p, &strbufc, &strbufd, &flags);
+    if (ret < 0)  /* error of some sort -- probably EAGAIN */
+	return(-1);
+
+    if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) {
+	/* data message */
+	if (strbufd.len > 0) {			/* real data */
+	    return(strbufd.len + 1);	/* count header char */
+	} else {
+	    /* nothing there */
+	    errno = EAGAIN;
+	    return(-1);
+	}
+    }
+
+    /*
+     * It's a control message.  Return 1, to look at the flag we set
+     */
+
+    switch (ctlbuf[0]) {
+    case M_FLUSH:
+	if (ibuf[1] & FLUSHW)
+	    ibuf[0] = TIOCPKT_FLUSHWRITE;
+	return(1);
+
+    case M_IOCTL:
+	memcpy(&ip, (ibuf+1), sizeof(ip));
+
+	switch (ip.ioc_cmd) {
+#ifdef TCSETS
+	case TCSETS:
+	case TCSETSW:
+	case TCSETSF:
+	    memcpy(&tsp,
+		   (ibuf+1 + sizeof(struct iocblk)),
+		   sizeof(tsp));
+	    vstop = tsp.c_cc[VSTOP];
+	    vstart = tsp.c_cc[VSTART];
+	    ixon = tsp.c_iflag & IXON;
+	    break;
+#endif
+	default:
+	    errno = EAGAIN;
+	    return(-1);
+	}
+
+	newflow =  (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0;
+	if (newflow != flowison) {  /* it's a change */
+	    flowison = newflow;
+	    ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP;
+	    return(1);
+	}
+    }
+
+    /* nothing worth doing anything about */
+    errno = EAGAIN;
+    return(-1);
+#endif
+}
+
+#ifdef HAVE_UTMPX_H
+static int
+rlogind_logout(const char *line)
+{
+    struct utmpx utmpx, *utxp;
+    int ret = 1;
+
+    setutxent ();
+    memset(&utmpx, 0, sizeof(utmpx));
+    utmpx.ut_type = USER_PROCESS;
+    strncpy(utmpx.ut_line, line, sizeof(utmpx.ut_line));
+    utxp = getutxline(&utmpx);
+    if (utxp) {
+	utxp->ut_user[0] = '\0';
+	utxp->ut_type = DEAD_PROCESS;
+#ifdef HAVE_STRUCT_UTMPX_UT_EXIT
+#ifdef _STRUCT___EXIT_STATUS
+	utxp->ut_exit.__e_termination = 0;
+	utxp->ut_exit.__e_exit = 0;
+#elif defined(__osf__) /* XXX */
+	utxp->ut_exit.ut_termination = 0;
+	utxp->ut_exit.ut_exit = 0;
+#else	
+	utxp->ut_exit.e_termination = 0;
+	utxp->ut_exit.e_exit = 0;
+#endif
+#endif
+	gettimeofday(&utxp->ut_tv, NULL);
+	pututxline(utxp);
+#ifdef WTMPX_FILE
+	updwtmpx(WTMPX_FILE, utxp);
+#else
+	ret = 0;
+#endif
+    }
+    endutxent();
+    return ret;
+}
+#else
+static int
+rlogind_logout(const char *line)
+{
+    FILE *fp;
+    struct utmp ut;
+    int rval;
+
+    if (!(fp = fopen(_PATH_UTMP, "r+")))
+	return(0);
+    rval = 1;
+    while (fread(&ut, sizeof(struct utmp), 1, fp) == 1) {
+	if (!ut.ut_name[0] ||
+	    strncmp(ut.ut_line, line, sizeof(ut.ut_line)))
+	    continue;
+	memset(ut.ut_name, 0, sizeof(ut.ut_name));
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
+	memset(ut.ut_host, 0, sizeof(ut.ut_host));
+#endif
+#ifdef HAVE_STRUCT_UTMP_UT_TYPE
+	ut.ut_type = DEAD_PROCESS;
+#endif
+#ifdef HAVE_STRUCT_UTMP_UT_EXIT
+#ifdef _STRUCT___EXIT_STATUS
+	ut.ut_exit.__e_termination = 0;
+	ut.ut_exit.__e_exit = 0;
+#elif defined(__osf__) /* XXX */
+	ut.ut_exit.ut_termination = 0;
+	ut.ut_exit.ut_exit = 0;
+#else	
+	ut.ut_exit.e_termination = 0;
+	ut.ut_exit.e_exit = 0;
+#endif
+#endif
+	time(&ut.ut_time);
+	fseek(fp, (long)-sizeof(struct utmp), SEEK_CUR);
+	fwrite(&ut, sizeof(struct utmp), 1, fp);
+	fseek(fp, (long)0, SEEK_CUR);
+	rval = 0;
+    }
+    fclose(fp);
+    return(rval);
+}
+#endif
+
+#ifndef HAVE_LOGWTMP
+static void
+logwtmp(const char *line, const char *name, const char *host)
+{
+    struct utmp ut;
+    struct stat buf;
+    int fd;
+
+    memset (&ut, 0, sizeof(ut));
+    if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) < 0)
+	return;
+    if (!fstat(fd, &buf)) {
+	strncpy(ut.ut_line, line, sizeof(ut.ut_line));
+	strncpy(ut.ut_name, name, sizeof(ut.ut_name));
+#ifdef HAVE_STRUCT_UTMP_UT_ID
+	strncpy(ut.ut_id, make_id((char *)line), sizeof(ut.ut_id));
+#endif
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
+	strncpy(ut.ut_host, host, sizeof(ut.ut_host));
+#endif
+#ifdef HAVE_STRUCT_UTMP_UT_PID
+	ut.ut_pid = getpid();
+#endif
+#ifdef HAVE_STRUCT_UTMP_UT_TYPE
+	if(name[0])
+	    ut.ut_type = USER_PROCESS;
+	else
+	    ut.ut_type = DEAD_PROCESS;
+#endif
+	time(&ut.ut_time);
+	if (write(fd, &ut, sizeof(struct utmp)) !=
+	    sizeof(struct utmp))
+	    ftruncate(fd, buf.st_size);
+    }
+    close(fd);
+}
+#endif
+
+int
+main(int argc, char **argv)
+{
+    struct sockaddr_in from;
+    int ch, fromlen, on;
+    int interactive = 0;
+    int portnum = 0;
+
+    set_progname(argv[0]);
+
+    openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH);
+
+    opterr = 0;
+    while ((ch = getopt(argc, argv, ARGSTR)) != -1)
+	switch (ch) {
+	case 'D':
+	    no_delay = 1;
+	    break;
+	case 'a':
+	    break;
+	case 'i':
+	    interactive = 1;
+	    break;
+	case 'p':
+	    portnum = htons(atoi(optarg));
+	    break;
+	case 'l':
+	    __check_rhosts_file = 0;
+	    break;
+	case 'n':
+	    keepalive = 0;
+	    break;
+	case 'k':
+	    use_kerberos = 1;
+	    break;
+	case 'v':
+	    vacuous = 1;
+	    break;
+	case 'x':
+	    doencrypt = 1;
+	    break;
+	case 'L':
+	    new_login = optarg;
+	    break;
+	case '?':
+	default:
+	    usage();
+	    break;
+	}
+    argc -= optind;
+    argv += optind;
+
+    if (use_kerberos && vacuous) {
+	usage();
+	fatal(STDERR_FILENO, "only one of -k and -v allowed", 0);
+    }
+    if (interactive) {
+	if(portnum == 0)
+	    portnum = get_login_port (use_kerberos, doencrypt);
+	mini_inetd (portnum);
+    }
+
+    fromlen = sizeof (from);
+    if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
+	syslog(LOG_ERR,"Can't get peer name of remote host: %m");
+	fatal(STDERR_FILENO, "Can't get peer name of remote host", 1);
+    }
+    on = 1;
+#ifdef HAVE_SETSOCKOPT
+#ifdef SO_KEEPALIVE
+    if (keepalive &&
+	setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+		   sizeof (on)) < 0)
+	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
+#endif
+#ifdef TCP_NODELAY
+    if (no_delay &&
+	setsockopt(0, IPPROTO_TCP, TCP_NODELAY, (void *)&on,
+		   sizeof(on)) < 0)
+	syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m");
+#endif
+
+#ifdef IP_TOS
+    on = IPTOS_LOWDELAY;
+    if (setsockopt(0, IPPROTO_IP, IP_TOS, (void *)&on, sizeof(int)) < 0)
+	syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
+#endif
+#endif /* HAVE_SETSOCKOPT */
+    doit(0, &from);
+    return 0;
+}
+
+int	child;
+int	netf;
+char	line[MaxPathLen];
+int	confirmed;
+
+struct winsize win = { 0, 0, 0, 0 };
+
+
+static void
+doit(int f, struct sockaddr_in *fromp)
+{
+    int master, pid, on = 1;
+    int authenticated = 0;
+    char hostname[2 * MaxHostNameLen + 1];
+    char c;
+
+    alarm(60);
+    read(f, &c, 1);
+
+    if (c != 0)
+	exit(1);
+    if (vacuous)
+	fatal(f, "Remote host requires Kerberos authentication", 0);
+
+    alarm(0);
+    inaddr2str (fromp->sin_addr, hostname, sizeof(hostname));
+
+    if (use_kerberos) {
+	retval = do_krb_login(fromp);
+	if (retval == 0)
+	    authenticated++;
+	else if (retval > 0)
+	    fatal(f, krb_get_err_text(retval), 0);
+	write(f, &c, 1);
+	confirmed = 1;		/* we sent the null! */
+    } else {
+	fromp->sin_port = ntohs((u_short)fromp->sin_port);
+	if (fromp->sin_family != AF_INET ||
+	    fromp->sin_port >= IPPORT_RESERVED ||
+	    fromp->sin_port < IPPORT_RESERVED/2) {
+	    syslog(LOG_NOTICE, "Connection from %s on illegal port",
+		   inet_ntoa(fromp->sin_addr));
+	    fatal(f, "Permission denied", 0);
+	}
+	ip_options_and_die (0, fromp);
+	if (do_rlogin(fromp) == 0)
+	    authenticated++;
+    }
+    if (confirmed == 0) {
+	write(f, "", 1);
+	confirmed = 1;		/* we sent the null! */
+    }
+#ifndef NOENCRYPTION
+    if (doencrypt)
+	des_enc_write(f, SECURE_MESSAGE,
+		      strlen(SECURE_MESSAGE),
+		      schedule, &kdata->session);
+    else
+#endif
+	write(f, INSECURE_MESSAGE, strlen(INSECURE_MESSAGE));
+    netf = f;
+
+#ifdef HAVE_FORKPTY
+    pid = forkpty(&master, line, NULL, NULL);
+#else
+    pid = forkpty_truncate(&master, line, sizeof(line), NULL, NULL);
+#endif
+    if (pid < 0) {
+	if (errno == ENOENT)
+	    fatal(f, "Out of ptys", 0);
+	else
+	    fatal(f, "Forkpty", 1);
+    }
+    if (pid == 0) {
+	if (f > 2)	/* f should always be 0, but... */
+	    close(f);
+	setup_term(0);
+	if (lusername[0] == '-'){
+	    syslog(LOG_ERR, "tried to pass user \"%s\" to login",
+		   lusername);
+	    fatal(STDERR_FILENO, "invalid user", 0);
+	}
+	if (authenticated) {
+	    if (use_kerberos && (pwd->pw_uid == 0))
+		syslog(LOG_INFO|LOG_AUTH,
+		       "ROOT Kerberos login from %s on %s\n",
+		       krb_unparse_name_long(kdata->pname, 
+					     kdata->pinst, 
+					     kdata->prealm), 
+		       hostname);
+		    
+	    execl(new_login, "login", "-p",
+		  "-h", hostname, "-f", "--", lusername, 0);
+	} else
+	    execl(new_login, "login", "-p",
+		  "-h", hostname, "--", lusername, 0);
+	fatal(STDERR_FILENO, new_login, 1);
+	/*NOTREACHED*/
+    }
+    /*
+     * If encrypted, don't turn on NBIO or the des read/write
+     * routines will croak.
+     */
+
+    if (!doencrypt)
+	ioctl(f, FIONBIO, &on);
+    ioctl(master, FIONBIO, &on);
+    ioctl(master, TIOCPKT, &on);
+#ifdef SIGTSTP
+    signal(SIGTSTP, SIG_IGN);
+#endif
+    signal(SIGCHLD, cleanup);
+    setsid();
+    protocol(f, master);
+    signal(SIGCHLD, SIG_IGN);
+    cleanup(0);
+}
+
+const char	magic[2] = { 0377, 0377 };
+
+/*
+ * Handle a "control" request (signaled by magic being present)
+ * in the data stream.  For now, we are only willing to handle
+ * window size changes.
+ */
+static int
+control(int master, char *cp, int n)
+{
+    struct winsize w;
+    char *p;
+    u_int32_t tmp;
+
+    if (n < 4 + 4 * sizeof (u_int16_t) || cp[2] != 's' || cp[3] != 's')
+	return (0);
+#ifdef TIOCSWINSZ
+    p = cp + 4;
+    p += krb_get_int(p, &tmp, 2, 0);
+    w.ws_row = tmp;
+    p += krb_get_int(p, &tmp, 2, 0);
+    w.ws_col = tmp;
+
+    p += krb_get_int(p, &tmp, 2, 0);
+#ifdef HAVE_WS_XPIXEL
+    w.ws_xpixel = tmp;
+#endif
+    p += krb_get_int(p, &tmp, 2, 0);
+#ifdef HAVE_WS_YPIXEL
+    w.ws_ypixel = tmp;
+#endif
+    ioctl(master, TIOCSWINSZ, &w);
+#endif
+    return p - cp;
+}
+
+static
+void
+send_oob(int fd, char c)
+{
+    static char last_oob = 0xFF;
+
+#if (SunOS >= 50) || defined(__hpux)
+    /*
+     * PSoriasis and HP-UX always send TIOCPKT_DOSTOP at startup so we
+     * can avoid sending OOB data and thus not break on Linux by merging
+     * TIOCPKT_DOSTOP into the first TIOCPKT_WINDOW.
+     */
+    static int oob_kludge = 2;
+    if (oob_kludge == 2)
+	{
+	    oob_kludge--;		/* First time send nothing */
+	    return;
+	}
+    else if (oob_kludge == 1)
+	{
+	    oob_kludge--;		/* Second time merge TIOCPKT_WINDOW */
+	    c |= TIOCPKT_WINDOW;
+	}
+#endif
+
+#define	pkcontrol(c) ((c)&(TIOCPKT_FLUSHWRITE|TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))
+    c = pkcontrol(c);
+    /* Multiple OOB data breaks on Linux, avoid it when possible. */
+    if (c != last_oob)
+	send(fd, &c, 1, MSG_OOB);
+    last_oob = c;
+}
+
+/*
+ * rlogin "protocol" machine.
+ */
+static void
+protocol(int f, int master)
+{
+    char pibuf[1024+1], fibuf[1024], *pbp, *fbp;
+    int pcc = 0, fcc = 0;
+    int cc, nfd, n;
+    char cntl;
+    unsigned char oob_queue = 0;
+
+#ifdef SIGTTOU
+    /*
+     * Must ignore SIGTTOU, otherwise we'll stop
+     * when we try and set slave pty's window shape
+     * (our controlling tty is the master pty).
+     */
+    signal(SIGTTOU, SIG_IGN);
+#endif
+
+    send_oob(f, TIOCPKT_WINDOW); /* indicate new rlogin */
+
+    if (f > master)
+	nfd = f + 1;
+    else
+	nfd = master + 1;
+    if (nfd > FD_SETSIZE) {
+	syslog(LOG_ERR, "select mask too small, increase FD_SETSIZE");
+	fatal(f, "internal error (select mask too small)", 0);
+    }
+    for (;;) {
+	fd_set ibits, obits, ebits, *omask;
+
+	FD_ZERO(&ebits);
+	FD_ZERO(&ibits);
+	FD_ZERO(&obits);
+	omask = (fd_set *)NULL;
+	if (fcc) {
+	    FD_SET(master, &obits);
+	    omask = &obits;
+	} else
+	    FD_SET(f, &ibits);
+	if (pcc >= 0) {
+	    if (pcc) {
+		FD_SET(f, &obits);
+		omask = &obits;
+	    } else
+		FD_SET(master, &ibits);
+	}
+	FD_SET(master, &ebits);
+	if ((n = select(nfd, &ibits, omask, &ebits, 0)) < 0) {
+	    if (errno == EINTR)
+		continue;
+	    fatal(f, "select", 1);
+	}
+	if (n == 0) {
+	    /* shouldn't happen... */
+	    sleep(5);
+	    continue;
+	}
+	if (FD_ISSET(master, &ebits)) {
+	    cc = readstream(master, &cntl, 1);
+	    if (cc == 1 && pkcontrol(cntl)) {
+#if 0				/* Kludge around */
+		send_oob(f, cntl);
+#endif
+		oob_queue = cntl;
+		if (cntl & TIOCPKT_FLUSHWRITE) {
+		    pcc = 0;
+		    FD_CLR(master, &ibits);
+		}
+	    }
+	}
+	if (FD_ISSET(f, &ibits)) {
+#ifndef NOENCRYPTION
+	    if (doencrypt)
+		fcc = des_enc_read(f, fibuf,
+				   sizeof(fibuf),
+				   schedule, &kdata->session);
+	    else
+#endif
+		fcc = read(f, fibuf, sizeof(fibuf));
+	    if (fcc < 0 && errno == EWOULDBLOCK)
+		fcc = 0;
+	    else {
+		char *cp;
+		int left, n;
+
+		if (fcc <= 0)
+		    break;
+		fbp = fibuf;
+
+	    top:
+		for (cp = fibuf; cp < fibuf+fcc-1; cp++)
+		    if (cp[0] == magic[0] &&
+			cp[1] == magic[1]) {
+			left = fcc - (cp-fibuf);
+			n = control(master, cp, left);
+			if (n) {
+			    left -= n;
+			    if (left > 0)
+				memmove(cp, cp+n, left);
+			    fcc -= n;
+			    goto top; /* n^2 */
+			}
+		    }
+		FD_SET(master, &obits);		/* try write */
+	    }
+	}
+
+	if (FD_ISSET(master, &obits) && fcc > 0) {
+	    cc = write(master, fbp, fcc);
+	    if (cc > 0) {
+		fcc -= cc;
+		fbp += cc;
+	    }
+	}
+
+	if (FD_ISSET(master, &ibits)) {
+	    pcc = readstream(master, pibuf, sizeof (pibuf));
+	    pbp = pibuf;
+	    if (pcc < 0 && errno == EWOULDBLOCK)
+		pcc = 0;
+	    else if (pcc <= 0)
+		break;
+	    else if (pibuf[0] == 0) {
+		pbp++, pcc--;
+		if (!doencrypt)
+		    FD_SET(f, &obits);	/* try write */
+	    } else {
+		if (pkcontrol(pibuf[0])) {
+		    oob_queue = pibuf[0];
+#if 0				/* Kludge around */
+		    send_oob(f, pibuf[0]);
+#endif
+		}
+		pcc = 0;
+	    }
+	}
+	if ((FD_ISSET(f, &obits)) && pcc > 0) {
+#ifndef NOENCRYPTION
+	    if (doencrypt)
+		cc = des_enc_write(f, pbp, pcc, schedule, &kdata->session);
+	    else
+#endif
+		cc = write(f, pbp, pcc);
+	    if (cc < 0 && errno == EWOULDBLOCK) {
+		/*
+		 * This happens when we try write after read
+		 * from p, but some old kernels balk at large
+		 * writes even when select returns true.
+		 */
+		if (!FD_ISSET(master, &ibits))
+		    sleep(5);
+		continue;
+	    }
+	    if (cc > 0) {
+		pcc -= cc;
+		pbp += cc;
+		/* Only send urg data when normal data
+		 * has just been sent.
+		 * Linux has deep problems with more
+		 * than one byte of OOB data.
+		 */
+		if (oob_queue) {
+		    send_oob (f, oob_queue);
+		    oob_queue = 0;
+		}
+	    }
+	}
+    }
+}
+
+static RETSIGTYPE
+cleanup(int signo)
+{
+    char *p = clean_ttyname (line);
+
+    if (rlogind_logout(p) == 0)
+	logwtmp(p, "", "");
+    chmod(line, 0666);
+    chown(line, 0, 0);
+    *p = 'p';
+    chmod(line, 0666);
+    chown(line, 0, 0);
+    shutdown(netf, 2);
+    signal(SIGHUP, SIG_IGN);
+#ifdef HAVE_VHANGUP
+    vhangup();
+#endif /* HAVE_VHANGUP */
+    exit(1);
+}
+
+void
+fatal(int f, const char *msg, int syserr)
+{
+    int len;
+    char buf[BUFSIZ], *bp = buf;
+
+    /*
+     * Prepend binary one to message if we haven't sent
+     * the magic null as confirmation.
+     */
+    if (!confirmed)
+	*bp++ = '\01';		/* error indicator */
+    if (syserr)
+	snprintf(bp, sizeof(buf) - (bp - buf),
+		 "rlogind: %s: %s.\r\n",
+		 msg, strerror(errno));
+    else
+	snprintf(bp, sizeof(buf) - (bp - buf),
+		 "rlogind: %s.\r\n", msg);
+    len = strlen(bp);
+#ifndef NOENCRYPTION
+    if (doencrypt)
+	des_enc_write(f, buf, bp + len - buf, schedule, &kdata->session);
+    else
+#endif
+	write(f, buf, bp + len - buf);
+    exit(1);
+}
+
+static void
+xgetstr(char *buf, int cnt, char *errmsg)
+{
+    char c;
+
+    do {
+	if (read(0, &c, 1) != 1)
+	    exit(1);
+	if (--cnt < 0)
+	    fatal(STDOUT_FILENO, errmsg, 0);
+	*buf++ = c;
+    } while (c != 0);
+}
+
+static int
+do_rlogin(struct sockaddr_in *dest)
+{
+    xgetstr(rusername, sizeof(rusername), "remuser too long");
+    xgetstr(lusername, sizeof(lusername), "locuser too long");
+    xgetstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long");
+
+    pwd = k_getpwnam(lusername);
+    if (pwd == NULL)
+	return (-1);
+    if (pwd->pw_uid == 0 && strcmp("root", lusername) != 0)
+	{
+	    syslog(LOG_ALERT, "NIS attack, user %s has uid 0", lusername);
+	    return (-1);
+	}
+    return (iruserok(dest->sin_addr.s_addr,
+		     (pwd->pw_uid == 0),
+		     rusername,
+		     lusername));
+}
+
+static void 
+setup_term(int fd)
+{
+    char *cp = strchr(term+ENVSIZE, '/');
+    char *speed;
+    struct termios tt;
+
+    tcgetattr(fd, &tt);
+    if (cp) {
+	int s;
+
+	*cp++ = '\0';
+	speed = cp;
+	cp = strchr(speed, '/');
+	if (cp)
+	    *cp++ = '\0';
+	s = int2speed_t (atoi (speed));
+	if (s > 0) {
+	    cfsetospeed (&tt, s);
+	    cfsetispeed (&tt, s);
+	}
+    }
+
+    tt.c_iflag &= ~INPCK;
+    tt.c_iflag |= ICRNL|IXON;
+    tt.c_oflag |= OPOST|ONLCR;
+#ifdef TAB3
+    tt.c_oflag |= TAB3;
+#endif /* TAB3 */
+#ifdef ONLRET
+    tt.c_oflag &= ~ONLRET;
+#endif /* ONLRET */
+    tt.c_lflag |= (ECHO|ECHOE|ECHOK|ISIG|ICANON);
+    tt.c_cflag &= ~PARENB;
+    tt.c_cflag |= CS8;
+    tt.c_cc[VMIN] = 1;
+    tt.c_cc[VTIME] = 0;
+    tt.c_cc[VEOF] = CEOF;
+    tcsetattr(fd, TCSAFLUSH, &tt);
+
+    env[0] = term;
+    env[1] = 0;
+    environ = env;
+}
+
+#define	VERSION_SIZE	9
+
+/*
+ * Do the remote kerberos login to the named host with the
+ * given inet address
+ *
+ * Return 0 on valid authorization
+ * Return -1 on valid authentication, no authorization
+ * Return >0 for error conditions
+ */
+static int
+do_krb_login(struct sockaddr_in *dest)
+{
+    int rc;
+    char instance[INST_SZ], version[VERSION_SIZE];
+    long authopts = 0L;	/* !mutual */
+    struct sockaddr_in faddr;
+
+    kdata = (AUTH_DAT *) auth_buf;
+    ticket = (KTEXT) tick_buf;
+
+    k_getsockinst(0, instance, sizeof(instance));
+
+    if (doencrypt) {
+	rc = sizeof(faddr);
+	if (getsockname(0, (struct sockaddr *)&faddr, &rc))
+	    return (-1);
+	authopts = KOPT_DO_MUTUAL;
+	rc = krb_recvauth(
+			  authopts, 0,
+			  ticket, "rcmd",
+			  instance, dest, &faddr,
+			  kdata, "", schedule, version);
+	des_set_key(&kdata->session, schedule);
+
+    } else
+	rc = krb_recvauth(
+			  authopts, 0,
+			  ticket, "rcmd",
+			  instance, dest, (struct sockaddr_in *) 0,
+			  kdata, "", 0, version);
+
+    if (rc != KSUCCESS)
+	return (rc);
+
+    xgetstr(lusername, sizeof(lusername), "locuser");
+    /* get the "cmd" in the rcmd protocol */
+    xgetstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type");
+
+    pwd = k_getpwnam(lusername);
+    if (pwd == NULL)
+	return (-1);
+    if (pwd->pw_uid == 0 && strcmp("root", lusername) != 0)
+	{
+	    syslog(LOG_ALERT, "NIS attack, user %s has uid 0", lusername);
+	    return (-1);
+	}
+
+    /* returns nonzero for no access */
+    if (kuserok(kdata, lusername) != 0)
+	return (-1);
+
+    return (0);
+
+}
+
+static void
+usage(void)
+{
+    syslog(LOG_ERR,
+	   "usage: rlogind [-Dailn] [-p port] [-x] [-L login] [-k | -v]");
+    exit(1);
+}
diff --git a/crypto/kerberosIV/appl/bsd/rsh.c b/crypto/kerberosIV/appl/bsd/rsh.c
new file mode 100644
index 0000000..87fe1fe
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rsh.c
@@ -0,0 +1,378 @@
+/*-
+ * Copyright (c) 1983, 1990 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rsh.c,v 1.43 1999/11/13 06:13:34 assar Exp $");
+
+CREDENTIALS cred;
+Key_schedule schedule;
+int use_kerberos = 1, doencrypt;
+char dst_realm_buf[REALM_SZ], *dest_realm;
+
+/*
+ * rsh - remote shell
+ */
+int rfd2;
+
+static void
+usage(void)
+{
+    fprintf(stderr,
+	    "usage: rsh [-ndKx] [-k realm] [-p port] [-l login] host [command]\n");
+    exit(1);
+}
+
+static char *
+copyargs(char **argv)
+{
+    int cc;
+    char **ap, *p;
+    char *args;
+
+    cc = 0;
+    for (ap = argv; *ap; ++ap)
+	cc += strlen(*ap) + 1;
+    args = malloc(cc);
+    if (args == NULL)
+	errx(1, "Out of memory.");
+    for (p = args, ap = argv; *ap; ++ap) {
+	strcpy(p, *ap);
+	while(*p)
+	    ++p;
+	if (ap[1])
+	    *p++ = ' ';
+    }
+    return(args);
+}
+
+static RETSIGTYPE
+sendsig(int signo_)
+{
+    char signo = signo_;
+#ifndef NOENCRYPTION
+    if (doencrypt)
+	des_enc_write(rfd2, &signo, 1, schedule, &cred.session);
+    else
+#endif
+	write(rfd2, &signo, 1);
+}
+
+static void
+talk(int nflag, sigset_t omask, int pid, int rem)
+{
+    int cc, wc;
+    char *bp;
+    fd_set readfrom, ready, rembits;
+    char buf[DES_RW_MAXWRITE];
+
+    if (pid == 0) {
+	if (nflag)
+	    goto done;
+
+	close(rfd2);
+
+    reread:		errno = 0;
+    if ((cc = read(0, buf, sizeof buf)) <= 0)
+	goto done;
+    bp = buf;
+
+    rewrite:	FD_ZERO(&rembits);
+    FD_SET(rem, &rembits);
+    if (select(rem + 1, 0, &rembits, 0, 0) < 0) {
+	if (errno != EINTR) 
+	    err(1, "select");
+	goto rewrite;
+    }
+    if (!FD_ISSET(rem, &rembits))
+	goto rewrite;
+#ifndef NOENCRYPTION
+    if (doencrypt)
+	wc = des_enc_write(rem, bp, cc, schedule, &cred.session);
+    else
+#endif
+	wc = write(rem, bp, cc);
+    if (wc < 0) {
+	if (errno == EWOULDBLOCK)
+	    goto rewrite;
+	goto done;
+    }
+    bp += wc;
+    cc -= wc;
+    if (cc == 0)
+	goto reread;
+    goto rewrite;
+    done:
+    shutdown(rem, 1);
+    exit(0);
+    }
+
+    if (sigprocmask(SIG_SETMASK, &omask, 0) != 0)
+	warn("sigprocmask");
+    FD_ZERO(&readfrom);
+    FD_SET(rem, &readfrom);
+    FD_SET(rfd2, &readfrom);
+    do {
+	ready = readfrom;
+	if (select(max(rem,rfd2)+1, &ready, 0, 0, 0) < 0) {
+	    if (errno != EINTR)
+		err(1, "select");
+	    continue;
+	}
+	if (FD_ISSET(rfd2, &ready)) {
+	    errno = 0;
+#ifndef NOENCRYPTION
+	    if (doencrypt)
+		cc = des_enc_read(rfd2, buf, sizeof buf,
+				  schedule, &cred.session);
+	    else
+#endif
+		cc = read(rfd2, buf, sizeof buf);
+	    if (cc <= 0) {
+		if (errno != EWOULDBLOCK)
+		    FD_CLR(rfd2, &readfrom);
+	    } else
+		write(2, buf, cc);
+	}
+	if (FD_ISSET(rem, &ready)) {
+	    errno = 0;
+#ifndef NOENCRYPTION
+	    if (doencrypt)
+		cc = des_enc_read(rem, buf, sizeof buf,
+				  schedule, &cred.session);
+	    else
+#endif
+		cc = read(rem, buf, sizeof buf);
+	    if (cc <= 0) {
+		if (errno != EWOULDBLOCK)
+		    FD_CLR(rem, &readfrom);
+	    } else
+		write(1, buf, cc);
+	}
+    } while (FD_ISSET(rfd2, &readfrom) || FD_ISSET(rem, &readfrom));
+}
+
+int
+main(int argc, char **argv)
+{
+    struct passwd *pw;
+    int sv_port, user_port = 0;
+    sigset_t omask;
+    int argoff, ch, dflag, nflag, nfork, one, pid, rem, uid;
+    char *args, *host, *user, *local_user;
+
+    argoff = dflag = nflag = nfork = 0;
+    one = 1;
+    host = user = NULL;
+    pid = 1;
+
+    set_progname(argv[0]);
+
+    /* handle "rsh host flags" */
+    if (argc > 2 && argv[1][0] != '-') {
+	host = argv[1];
+	argoff = 1;
+    }
+
+#define	OPTIONS	"+8KLde:k:l:np:wx"
+    while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1)
+	switch(ch) {
+	case 'K':
+	    use_kerberos = 0;
+	    break;
+	case 'L':	/* -8Lew are ignored to allow rlogin aliases */
+	case 'e':
+	case 'w':
+	case '8':
+	    break;
+	case 'd':
+	    dflag = 1;
+	    break;
+	case 'l':
+	    user = optarg;
+	    break;
+	case 'k':
+	    dest_realm = dst_realm_buf;
+	    strlcpy(dest_realm, optarg, REALM_SZ);
+	    break;
+	case 'n':
+	    nflag = nfork = 1;
+	    break;
+	case 'x':
+	    doencrypt = 1;
+	    break;
+	case 'p': {
+	    char *endptr;
+
+	    user_port = strtol (optarg, &endptr, 0);
+	    if (user_port == 0 && optarg == endptr)
+		errx (1, "Bad port `%s'", optarg);
+	    user_port = htons(user_port);
+	    break;
+	}
+	case '?':
+	default:
+	    usage();
+	}
+    optind += argoff;
+
+    /* if haven't gotten a host yet, do so */
+    if (!host && !(host = argv[optind++]))
+	usage();
+
+    /* if no further arguments, must have been called as rlogin. */
+    if (!argv[optind]) {
+	*argv = "rlogin";
+	setuid(getuid());
+	execv(_PATH_RLOGIN, argv);
+	err(1, "can't exec %s", _PATH_RLOGIN);
+    }
+
+#ifndef __CYGWIN32__
+    if (!(pw = k_getpwuid(uid = getuid())))
+	errx(1, "unknown user id.");
+    local_user = pw->pw_name;
+    if (!user)
+	user = local_user;
+#else
+    if (!user)
+	errx(1, "Sorry, you need to specify the username (with -l)");
+    local_user = user;
+#endif
+
+    /* -n must still fork but does not turn of the -n functionality */
+    if (doencrypt)
+	nfork = 0;
+
+    args = copyargs(argv+optind);
+
+    if (user_port)
+	sv_port = user_port;
+    else
+	sv_port = get_shell_port(use_kerberos, doencrypt);
+
+    if (use_kerberos) {
+	setuid(getuid());
+	rem = KSUCCESS;
+	errno = 0;
+	if (dest_realm == NULL)
+	    dest_realm = krb_realmofhost(host);
+
+	if (doencrypt)
+	    rem = krcmd_mutual(&host, sv_port, user, args,
+			       &rfd2, dest_realm, &cred, schedule);
+	else
+	    rem = krcmd(&host, sv_port, user, args, &rfd2,
+			dest_realm);
+	if (rem < 0) {
+	    int i = 0;
+	    char **newargv;
+
+	    if (errno == ECONNREFUSED)
+		warning("remote host doesn't support Kerberos");
+	    if (errno == ENOENT)
+		warning("can't provide Kerberos auth data");
+	    newargv = malloc((argc + 2) * sizeof(*newargv));
+	    if (newargv == NULL)
+		err(1, "malloc");
+	    newargv[i] = argv[i];
+	    ++i;
+	    if (argv[i][0] != '-') {
+		newargv[i] = argv[i];
+		++i;
+	    }
+	    newargv[i++] = "-K";
+	    for(; i <= argc; ++i)
+		newargv[i] = argv[i - 1];
+	    newargv[argc + 1] = NULL;
+	    execv(_PATH_RSH, newargv);
+	}
+    } else {
+	if (doencrypt)
+	    errx(1, "the -x flag requires Kerberos authentication.");
+	if (geteuid() != 0)
+	    errx(1, "not installed setuid root, "
+		 "only root may use non kerberized rsh");
+	rem = rcmd(&host, sv_port, local_user, user, args, &rfd2);
+    }
+
+    if (rem < 0)
+	exit(1);
+
+    if (rfd2 < 0)
+	errx(1, "can't establish stderr.");
+#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
+    if (dflag) {
+	if (setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one,
+		       sizeof(one)) < 0)
+	    warn("setsockopt");
+	if (setsockopt(rfd2, SOL_SOCKET, SO_DEBUG, (void *)&one,
+		       sizeof(one)) < 0)
+	    warn("setsockopt");
+    }
+#endif
+
+    setuid(uid);
+    {
+	sigset_t sigmsk;
+	sigemptyset(&sigmsk);
+	sigaddset(&sigmsk, SIGINT);
+	sigaddset(&sigmsk, SIGQUIT);
+	sigaddset(&sigmsk, SIGTERM);
+	if (sigprocmask(SIG_BLOCK, &sigmsk, &omask) != 0)
+	    warn("sigprocmask");
+    }
+    if (signal(SIGINT, SIG_IGN) != SIG_IGN)
+	signal(SIGINT, sendsig);
+    if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
+	signal(SIGQUIT, sendsig);
+    if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
+	signal(SIGTERM, sendsig);
+
+    if (!nfork) {
+	pid = fork();
+	if (pid < 0)
+	    err(1, "fork");
+    }
+
+    if (!doencrypt) {
+	ioctl(rfd2, FIONBIO, &one);
+	ioctl(rem, FIONBIO, &one);
+    }
+
+    talk(nflag, omask, pid, rem);
+    
+    if (!nflag)
+	kill(pid, SIGKILL);
+    exit(0);
+}
diff --git a/crypto/kerberosIV/appl/bsd/rshd.c b/crypto/kerberosIV/appl/bsd/rshd.c
new file mode 100644
index 0000000..ed91feb
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rshd.c
@@ -0,0 +1,634 @@
+/*-
+ * Copyright (c) 1988, 1989, 1992, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * remote shell server:
+ *	[port]\0
+ *	remuser\0
+ *	locuser\0
+ *	command\0
+ *	data
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rshd.c,v 1.60 1999/11/13 06:13:53 assar Exp $");
+
+extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */
+extern int __check_rhosts_file;
+
+static int	keepalive = 1;
+static int	log_success;	/* If TRUE, log all successful accesses */
+static int	new_pag = 1;	/* Put process in new PAG by default */
+static int	no_inetd = 0;
+static int	sent_null;
+
+static void		 doit (struct sockaddr_in *);
+static void		 error (const char *, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+static void		 usage (void);
+
+#define	VERSION_SIZE	9
+#define SECURE_MESSAGE  "This rsh session is using DES encryption for all transmissions.\r\n"
+#define	OPTIONS		"alnkvxLp:Pi"
+AUTH_DAT authbuf;
+KTEXT_ST tickbuf;
+int	doencrypt, use_kerberos, vacuous;
+Key_schedule	schedule;
+
+int
+main(int argc, char *argv[])
+{
+    struct linger linger;
+    int ch, on = 1, fromlen;
+    struct sockaddr_in from;
+    int portnum = 0;
+
+    set_progname(argv[0]);
+
+    openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
+
+    opterr = 0;
+    while ((ch = getopt(argc, argv, OPTIONS)) != -1)
+	switch (ch) {
+	case 'a':
+	    break;
+	case 'l':
+	    __check_rhosts_file = 0;
+	    break;
+	case 'n':
+	    keepalive = 0;
+	    break;
+	case 'k':
+	    use_kerberos = 1;
+	    break;
+
+	case 'v':
+	    vacuous = 1;
+	    break;
+
+	case 'x':
+	    doencrypt = 1;
+	    break;
+	case 'L':
+	    log_success = 1;
+	    break;
+	case 'p':
+	    portnum = htons(atoi(optarg));
+	    break;
+	case 'P':
+	    new_pag = 0;
+	    break;
+	case 'i':
+	    no_inetd = 1;
+	    break;
+	case '?':
+	default:
+	    usage();
+	    break;
+	}
+
+    argc -= optind;
+    argv += optind;
+
+    if (use_kerberos && vacuous) {
+	syslog(LOG_ERR, "only one of -k and -v allowed");
+	exit(2);
+    }
+    if (doencrypt && !use_kerberos) {
+	syslog(LOG_ERR, "-k is required for -x");
+	exit(2);
+    }
+
+    if (no_inetd) {
+	if(portnum == 0)
+	    portnum = get_shell_port (use_kerberos, doencrypt);
+	mini_inetd (portnum);
+    }
+
+    fromlen = sizeof (from);
+    if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
+	syslog(LOG_ERR, "getpeername: %m");
+	_exit(1);
+    }
+#ifdef HAVE_SETSOCKOPT
+#ifdef SO_KEEPALIVE
+    if (keepalive &&
+	setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+		   sizeof(on)) < 0)
+	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
+#endif
+#ifdef SO_LINGER
+    linger.l_onoff = 1;
+    linger.l_linger = 60;			/* XXX */
+    if (setsockopt(0, SOL_SOCKET, SO_LINGER, (void *)&linger,
+		   sizeof (linger)) < 0)
+	syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m");
+#endif
+#endif /* HAVE_SETSOCKOPT */
+    doit(&from);
+    /* NOTREACHED */
+    return 0;
+}
+
+char	username[20] = "USER=";
+char	homedir[64] = "HOME=";
+char	shell[64] = "SHELL=";
+char	path[100] = "PATH=";
+char	*envinit[] =
+{homedir, shell, path, username, 0};
+
+static void
+xgetstr(char *buf, int cnt, char *err)
+{
+    char c;
+
+    do {
+	if (read(STDIN_FILENO, &c, 1) != 1)
+	    exit(1);
+	*buf++ = c;
+	if (--cnt == 0) {
+	    error("%s too long\n", err);
+	    exit(1);
+	}
+    } while (c != 0);
+}
+
+static void
+doit(struct sockaddr_in *fromp)
+{
+    struct passwd *pwd;
+    u_short port;
+    fd_set ready, readfrom;
+    int cc, nfd, pv[2], pid, s;
+    int one = 1;
+    const char *errorhost = "";
+    char *errorstr;
+    char *cp, sig, buf[DES_RW_MAXWRITE];
+    char cmdbuf[NCARGS+1], locuser[16], remuser[16];
+    char remotehost[2 * MaxHostNameLen + 1];
+
+    AUTH_DAT	*kdata;
+    KTEXT		ticket;
+    char		instance[INST_SZ], version[VERSION_SIZE];
+    struct		sockaddr_in	fromaddr;
+    int		rc;
+    long		authopts;
+    int		pv1[2], pv2[2];
+    fd_set		wready, writeto;
+
+    fromaddr = *fromp;
+
+    signal(SIGINT, SIG_DFL);
+    signal(SIGQUIT, SIG_DFL);
+    signal(SIGTERM, SIG_DFL);
+#ifdef DEBUG
+    { int t = open(_PATH_TTY, 2);
+    if (t >= 0) {
+	ioctl(t, TIOCNOTTY, (char *)0);
+	close(t);
+    }
+    }
+#endif
+    fromp->sin_port = ntohs((u_short)fromp->sin_port);
+    if (fromp->sin_family != AF_INET) {
+	syslog(LOG_ERR, "malformed \"from\" address (af %d)\n",
+	       fromp->sin_family);
+	exit(1);
+    }
+
+
+    if (!use_kerberos) {
+	ip_options_and_die (0, fromp);
+	if (fromp->sin_port >= IPPORT_RESERVED ||
+	    fromp->sin_port < IPPORT_RESERVED/2) {
+	    syslog(LOG_NOTICE|LOG_AUTH,
+		   "Connection from %s on illegal port %u",
+		   inet_ntoa(fromp->sin_addr),
+		   fromp->sin_port);
+	    exit(1);
+	}
+    }
+
+    alarm(60);
+    port = 0;
+    for (;;) {
+	char c;
+	if ((cc = read(STDIN_FILENO, &c, 1)) != 1) {
+	    if (cc < 0)
+		syslog(LOG_NOTICE, "read: %m");
+	    shutdown(0, 1+1);
+	    exit(1);
+	}
+	if (c== 0)
+	    break;
+	port = port * 10 + c - '0';
+    }
+
+    alarm(0);
+    if (port != 0) {
+	int lport = IPPORT_RESERVED - 1;
+	s = rresvport(&lport);
+	if (s < 0) {
+	    syslog(LOG_ERR, "can't get stderr port: %m");
+	    exit(1);
+	}
+	if (!use_kerberos)
+	    if (port >= IPPORT_RESERVED) {
+		syslog(LOG_ERR, "2nd port not reserved\n");
+		exit(1);
+	    }
+	fromp->sin_port = htons(port);
+	if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) {
+	    syslog(LOG_INFO, "connect second port %d: %m", port);
+	    exit(1);
+	}
+    }
+
+    if (vacuous) {
+	error("rshd: Remote host requires Kerberos authentication.\n");
+	exit(1);
+    }
+
+    errorstr = NULL;
+    inaddr2str (fromp->sin_addr, remotehost, sizeof(remotehost));
+
+    if (use_kerberos) {
+	kdata = &authbuf;
+	ticket = &tickbuf;
+	authopts = 0L;
+	k_getsockinst(0, instance, sizeof(instance));
+	version[VERSION_SIZE - 1] = '\0';
+	if (doencrypt) {
+	    struct sockaddr_in local_addr;
+	    rc = sizeof(local_addr);
+	    if (getsockname(0, (struct sockaddr *)&local_addr,
+			    &rc) < 0) {
+		syslog(LOG_ERR, "getsockname: %m");
+		error("rshd: getsockname: %m");
+		exit(1);
+	    }
+	    authopts = KOPT_DO_MUTUAL;
+	    rc = krb_recvauth(authopts, 0, ticket,
+			      "rcmd", instance, &fromaddr,
+			      &local_addr, kdata, "", schedule,
+			      version);
+#ifndef NOENCRYPTION
+	    des_set_key(&kdata->session, schedule);
+#else
+	    memset(schedule, 0, sizeof(schedule));
+#endif
+	} else
+	    rc = krb_recvauth(authopts, 0, ticket, "rcmd",
+			      instance, &fromaddr,
+			      (struct sockaddr_in *) 0,
+			      kdata, "", 0, version);
+	if (rc != KSUCCESS) {
+	    error("Kerberos authentication failure: %s\n",
+		  krb_get_err_text(rc));
+	    exit(1);
+	}
+    } else
+	xgetstr(remuser, sizeof(remuser), "remuser");
+
+    xgetstr(locuser, sizeof(locuser), "locuser");
+    xgetstr(cmdbuf, sizeof(cmdbuf), "command");
+    setpwent();
+    pwd = k_getpwnam(locuser);
+    if (pwd == NULL) {
+	syslog(LOG_INFO|LOG_AUTH,
+	       "%s@%s as %s: unknown login. cmd='%.80s'",
+	       remuser, remotehost, locuser, cmdbuf);
+	if (errorstr == NULL)
+	    errorstr = "Login incorrect.\n";
+	goto fail;
+    }
+    if (pwd->pw_uid == 0 && strcmp("root", locuser) != 0)
+	{
+	    syslog(LOG_ALERT, "NIS attack, user %s has uid 0", locuser);
+	    if (errorstr == NULL)
+		errorstr = "Login incorrect.\n";
+	    goto fail;
+	}
+    if (chdir(pwd->pw_dir) < 0) {
+	chdir("/");
+#ifdef notdef
+	syslog(LOG_INFO|LOG_AUTH,
+	       "%s@%s as %s: no home directory. cmd='%.80s'",
+	       remuser, remotehost, locuser, cmdbuf);
+	error("No remote directory.\n");
+	exit(1);
+#endif
+    }
+
+    if (use_kerberos) {
+	if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') {
+	    if (kuserok(kdata, locuser) != 0) {
+		syslog(LOG_INFO|LOG_AUTH,
+		       "Kerberos rsh denied to %s",
+		       krb_unparse_name_long(kdata->pname, 
+					     kdata->pinst, 
+					     kdata->prealm));
+		error("Permission denied.\n");
+		exit(1);
+	    }
+	}
+    } else
+
+	if (errorstr ||
+	    (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
+	    iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0,
+		     remuser, locuser) < 0)) {
+	    if (__rcmd_errstr)
+		syslog(LOG_INFO|LOG_AUTH,
+		       "%s@%s as %s: permission denied (%s). cmd='%.80s'",
+		       remuser, remotehost, locuser,
+		       __rcmd_errstr, cmdbuf);
+	    else
+		syslog(LOG_INFO|LOG_AUTH,
+		       "%s@%s as %s: permission denied. cmd='%.80s'",
+		       remuser, remotehost, locuser, cmdbuf);
+		     fail:
+	    if (errorstr == NULL)
+		errorstr = "Permission denied.\n";
+	    error(errorstr, errorhost);
+	    exit(1);
+	}
+
+    if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) {
+	error("Logins currently disabled.\n");
+	exit(1);
+    }
+
+    write(STDERR_FILENO, "\0", 1);
+    sent_null = 1;
+
+    if (port) {
+	if (pipe(pv) < 0) {
+	    error("Can't make pipe.\n");
+	    exit(1);
+	}
+	if (doencrypt) {
+	    if (pipe(pv1) < 0) {
+		error("Can't make 2nd pipe.\n");
+		exit(1);
+	    }
+	    if (pipe(pv2) < 0) {
+		error("Can't make 3rd pipe.\n");
+		exit(1);
+	    }
+	}
+	pid = fork();
+	if (pid == -1)  {
+	    error("Can't fork; try again.\n");
+	    exit(1);
+	}
+	if (pid) {
+	    if (doencrypt) {
+		static char msg[] = SECURE_MESSAGE;
+		close(pv1[1]);
+		close(pv2[0]);
+#ifndef NOENCRYPTION
+		des_enc_write(s, msg, sizeof(msg) - 1, schedule, &kdata->session);
+#else
+		write(s, msg, sizeof(msg) - 1);
+#endif
+	    } else {
+		close(0);
+		close(1);
+	    }
+	    close(2);
+	    close(pv[1]);
+
+	    FD_ZERO(&readfrom);
+	    FD_SET(s, &readfrom);
+	    FD_SET(pv[0], &readfrom);
+	    if (pv[0] > s)
+		nfd = pv[0];
+	    else
+		nfd = s;
+	    if (doencrypt) {
+		FD_ZERO(&writeto);
+		FD_SET(pv2[1], &writeto);
+		FD_SET(pv1[0], &readfrom);
+		FD_SET(STDIN_FILENO, &readfrom);
+
+		nfd = max(nfd, pv2[1]);
+		nfd = max(nfd, pv1[0]);
+	    } else
+		ioctl(pv[0], FIONBIO, (char *)&one);
+
+	    /* should set s nbio! */
+	    nfd++;
+	    do {
+		ready = readfrom;
+		if (doencrypt) {
+		    wready = writeto;
+		    if (select(nfd, &ready,
+			       &wready, 0,
+			       (struct timeval *) 0) < 0)
+			break;
+		} else
+		    if (select(nfd, &ready, 0,
+			       0, (struct timeval *)0) < 0)
+			break;
+		if (FD_ISSET(s, &ready)) {
+		    int	ret;
+		    if (doencrypt)
+#ifndef NOENCRYPTION
+			ret = des_enc_read(s, &sig, 1, schedule, &kdata->session);
+#else
+		    ret = read(s, &sig, 1);
+#endif
+		    else
+			ret = read(s, &sig, 1);
+		    if (ret <= 0)
+			FD_CLR(s, &readfrom);
+		    else
+			kill(-pid, sig);
+		}
+		if (FD_ISSET(pv[0], &ready)) {
+		    errno = 0;
+		    cc = read(pv[0], buf, sizeof(buf));
+		    if (cc <= 0) {
+			shutdown(s, 1+1);
+			FD_CLR(pv[0], &readfrom);
+		    } else {
+			if (doencrypt)
+#ifndef NOENCRYPTION
+			    des_enc_write(s, buf, cc, schedule, &kdata->session);
+#else
+			write(s, buf, cc);
+#endif
+			else
+			    (void)
+				write(s, buf, cc);
+		    }
+		}
+		if (doencrypt && FD_ISSET(pv1[0], &ready)) {
+		    errno = 0;
+		    cc = read(pv1[0], buf, sizeof(buf));
+		    if (cc <= 0) {
+			shutdown(pv1[0], 1+1);
+			FD_CLR(pv1[0], &readfrom);
+		    } else
+#ifndef NOENCRYPTION
+			des_enc_write(STDOUT_FILENO, buf, cc, schedule, &kdata->session);
+#else
+		    write(STDOUT_FILENO, buf, cc);
+#endif
+		}
+
+		if (doencrypt
+		    && FD_ISSET(STDIN_FILENO, &ready)
+		    && FD_ISSET(pv2[1], &wready)) {
+		    errno = 0;
+#ifndef NOENCRYPTION
+		    cc = des_enc_read(STDIN_FILENO, buf, sizeof(buf), schedule, &kdata->session);
+#else
+		    cc = read(STDIN_FILENO, buf, sizeof(buf));
+#endif
+		    if (cc <= 0) {
+			shutdown(STDIN_FILENO, 0);
+			FD_CLR(STDIN_FILENO, &readfrom);
+			close(pv2[1]);
+			FD_CLR(pv2[1], &writeto);
+		    } else
+			write(pv2[1], buf, cc);
+		}
+
+	    } while (FD_ISSET(s, &readfrom) ||
+		     (doencrypt && FD_ISSET(pv1[0], &readfrom)) ||
+		     FD_ISSET(pv[0], &readfrom));
+	    exit(0);
+	}
+	setsid();
+	close(s);
+	close(pv[0]);
+	if (doencrypt) {
+	    close(pv1[0]);
+	    close(pv2[1]);
+	    dup2(pv1[1], 1);
+	    dup2(pv2[0], 0);
+	    close(pv1[1]);
+	    close(pv2[0]);
+	}
+	dup2(pv[1], 2);
+	close(pv[1]);
+    }
+    if (*pwd->pw_shell == '\0')
+	pwd->pw_shell = _PATH_BSHELL;
+#ifdef HAVE_SETLOGIN
+    if (setlogin(pwd->pw_name) < 0)
+	syslog(LOG_ERR, "setlogin() failed: %m");
+#endif
+
+#ifdef HAVE_SETPCRED
+    if (setpcred (pwd->pw_name, NULL) == -1)
+	syslog(LOG_ERR, "setpcred() failure: %m");
+#endif /* HAVE_SETPCRED */
+    if(do_osfc2_magic(pwd->pw_uid))
+	exit(1);
+    setgid((gid_t)pwd->pw_gid);
+    initgroups(pwd->pw_name, pwd->pw_gid);
+    setuid((uid_t)pwd->pw_uid);
+    strlcat(homedir, pwd->pw_dir, sizeof(homedir));
+
+    /* Need to prepend path with BINDIR (/usr/athena/bin) to find rcp */
+    snprintf(path, sizeof(path), "PATH=%s:%s", BINDIR, _PATH_DEFPATH);
+
+    strlcat(shell, pwd->pw_shell, sizeof(shell));
+    strlcat(username, pwd->pw_name, sizeof(username));
+    cp = strrchr(pwd->pw_shell, '/');
+    if (cp)
+	cp++;
+    else
+	cp = pwd->pw_shell;
+    endpwent();
+    if (log_success || pwd->pw_uid == 0) {
+	if (use_kerberos)
+	    syslog(LOG_INFO|LOG_AUTH,
+		   "Kerberos shell from %s on %s as %s, cmd='%.80s'",
+		   krb_unparse_name_long(kdata->pname, 
+					 kdata->pinst, 
+					 kdata->prealm),
+		   remotehost, locuser, cmdbuf);
+	else
+	    syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'",
+		   remuser, remotehost, locuser, cmdbuf);
+    }
+    if (k_hasafs()) {
+	if (new_pag)
+	    k_setpag();	/* Put users process in an new pag */
+	krb_afslog(0, 0);
+    }
+    execle(pwd->pw_shell, cp, "-c", cmdbuf, 0, envinit);
+    err(1, pwd->pw_shell);
+}
+
+/*
+ * Report error to client.  Note: can't be used until second socket has
+ * connected to client, or older clients will hang waiting for that
+ * connection first.
+ */
+
+static void
+error(const char *fmt, ...)
+{
+    va_list ap;
+    int len;
+    char *bp, buf[BUFSIZ];
+
+    va_start(ap, fmt);
+    bp = buf;
+    if (sent_null == 0) {
+	*bp++ = 1;
+	len = 1;
+    } else
+	len = 0;
+    len += vsnprintf(bp, sizeof(buf) - len, fmt, ap);
+    write(STDERR_FILENO, buf, len);
+    va_end(ap);
+}
+
+static void
+usage()
+{
+
+    syslog(LOG_ERR,
+	   "usage: rshd [-alnkvxLPi] [-p port]");
+    exit(2);
+}
diff --git a/crypto/kerberosIV/appl/bsd/stty_default.c b/crypto/kerberosIV/appl/bsd/stty_default.c
new file mode 100644
index 0000000..0135823
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/stty_default.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: stty_default.c,v 1.7 1999/12/02 16:58:28 joda Exp $");
+
+#include <termios.h>
+
+/* HP-UX 9.0 termios doesn't define these */
+#ifndef FLUSHO
+#define	FLUSHO	0
+#endif
+
+#ifndef XTABS
+#define	XTABS	0
+#endif
+
+#ifndef OXTABS
+#define OXTABS	XTABS
+#endif
+
+/* Ultrix... */
+#ifndef ECHOPRT
+#define ECHOPRT	0
+#endif
+
+#ifndef ECHOCTL
+#define ECHOCTL	0
+#endif
+
+#ifndef ECHOKE
+#define ECHOKE	0
+#endif
+
+#ifndef IMAXBEL
+#define IMAXBEL	0
+#endif
+
+#define Ctl(x) ((x) ^ 0100)
+
+void
+stty_default(void)
+{
+    struct	termios termios;
+
+    /*
+     * Finalize the terminal settings. Some systems default to 8 bits,
+     * others to 7, so we should leave that alone.
+     */
+    tcgetattr(0, &termios);
+
+    termios.c_iflag |= (BRKINT|IGNPAR|ICRNL|IXON|IMAXBEL);
+    termios.c_iflag &= ~IXANY;
+
+    termios.c_lflag |= (ISIG|IEXTEN|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE);
+    termios.c_lflag &= ~(ECHOPRT|TOSTOP|FLUSHO);
+
+    termios.c_oflag |= (OPOST|ONLCR);
+    termios.c_oflag &= ~OXTABS;
+
+    termios.c_cc[VINTR] = Ctl('C');
+    termios.c_cc[VERASE] = Ctl('H');
+    termios.c_cc[VKILL] = Ctl('U');
+    termios.c_cc[VEOF] = Ctl('D');
+
+    termios.c_cc[VSUSP] = Ctl('Z');
+    
+    tcsetattr(0, TCSANOW, &termios);
+}
diff --git a/crypto/kerberosIV/appl/bsd/su.c b/crypto/kerberosIV/appl/bsd/su.c
new file mode 100644
index 0000000..cb24591
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/su.c
@@ -0,0 +1,473 @@
+/*
+ * Copyright (c) 1988 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID ("$Id: su.c,v 1.70 1999/11/13 06:14:11 assar Exp $");
+
+#ifdef SYSV_SHADOW
+#include "sysv_shadow.h"
+#endif
+
+static int kerberos (char *username, char *user, int uid);
+static int chshell (char *sh);
+static char *ontty (void);
+static int koktologin (char *name, char *realm, char *toname);
+static int chshell (char *sh);
+
+/* Handle '-' option after all the getopt options */
+#define	ARGSTR	"Kflmti:"
+
+int destroy_tickets = 0;
+static int use_kerberos = 1;
+static char *root_inst = "root";
+
+int
+main (int argc, char **argv)
+{
+    struct passwd *pwd;
+    char *p, **g;
+    struct group *gr;
+    uid_t ruid;
+    int asme, ch, asthem, fastlogin, prio;
+    enum { UNSET, YES, NO } iscsh = UNSET;
+    char *user, *shell, *avshell, *username, **np;
+    char shellbuf[MaxPathLen], avshellbuf[MaxPathLen];
+
+    set_progname (argv[0]);
+
+    asme = asthem = fastlogin = 0;
+    while ((ch = getopt (argc, argv, ARGSTR)) != -1)
+	switch ((char) ch) {
+	case 'K':
+	    use_kerberos = 0;
+	    break;
+	case 'f':
+	    fastlogin = 1;
+	    break;
+	case 'l':
+	    asme = 0;
+	    asthem = 1;
+	    break;
+	case 'm':
+	    asme = 1;
+	    asthem = 0;
+	    break;
+	case 't':
+	    destroy_tickets = 1;
+	    break;
+	case 'i':
+	    root_inst = optarg;
+	    break;
+	case '?':
+	default:
+	    fprintf (stderr,
+		     "usage: su [-Kflmt] [-i root-instance] [-] [login]\n");
+	    exit (1);
+	}
+    /* Don't handle '-' option with getopt */
+    if (optind < argc && strcmp (argv[optind], "-") == 0) {
+	asme = 0;
+	asthem = 1;
+	optind++;
+    }
+    argv += optind;
+
+    if (use_kerberos) {
+	int fd = open (KEYFILE, O_RDONLY);
+
+	if (fd >= 0)
+	    close (fd);
+	else
+	    use_kerberos = 0;
+    }
+    errno = 0;
+    prio = getpriority (PRIO_PROCESS, 0);
+    if (errno)
+	prio = 0;
+    setpriority (PRIO_PROCESS, 0, -2);
+    openlog ("su", LOG_CONS, LOG_AUTH);
+
+    /* get current login name and shell */
+    ruid = getuid ();
+    username = getlogin ();
+    if (username == NULL || (pwd = k_getpwnam (username)) == NULL ||
+	pwd->pw_uid != ruid)
+	pwd = k_getpwuid (ruid);
+    if (pwd == NULL)
+	errx (1, "who are you?");
+    username = strdup (pwd->pw_name);
+    if (username == NULL)
+	errx (1, "strdup: out of memory");
+    if (asme) {
+	if (pwd->pw_shell && *pwd->pw_shell) {
+	    strlcpy (shellbuf, pwd->pw_shell, sizeof(shellbuf));
+	    shell = shellbuf;
+	} else {
+	    shell = _PATH_BSHELL;
+	    iscsh = NO;
+	}
+    }
+
+    /* get target login information, default to root */
+    user = *argv ? *argv : "root";
+    np = *argv ? argv : argv - 1;
+
+    pwd = k_getpwnam (user);
+    if (pwd == NULL)
+	errx (1, "unknown login %s", user);
+    if (pwd->pw_uid == 0 && strcmp ("root", user) != 0) {
+	syslog (LOG_ALERT, "NIS attack, user %s has uid 0", user);
+	errx (1, "unknown login %s", user);
+    }
+    if (!use_kerberos || kerberos (username, user, pwd->pw_uid)) {
+#ifndef PASSWD_FALLBACK
+	errx (1, "won't use /etc/passwd authentication");
+#endif
+	/* getpwnam() is not reentrant and kerberos might use it! */
+	pwd = k_getpwnam (user);
+	if (pwd == NULL)
+	    errx (1, "unknown login %s", user);
+	/* only allow those in group zero to su to root. */
+	if (pwd->pw_uid == 0 && (gr = getgrgid ((gid_t) 0)))
+	    for (g = gr->gr_mem;; ++g) {
+		if (!*g) {
+#if 1
+		    /* if group 0 is empty or only 
+		       contains root su is still ok. */
+		    if (gr->gr_mem[0] == 0)
+			break;	/* group 0 is empty */
+		    if (gr->gr_mem[1] == 0 &&
+			strcmp (gr->gr_mem[0], "root") == 0)
+			break;	/* only root in group 0 */
+#endif
+		    errx (1, "you are not in the correct group to su %s.",
+			  user);
+		}
+		if (!strcmp (username, *g))
+		    break;
+	    }
+	/* if target requires a password, verify it */
+	if (ruid && *pwd->pw_passwd) {
+	    char prompt[128];
+	    char passwd[256];
+
+	    snprintf (prompt, sizeof(prompt), "%s's Password: ", pwd->pw_name);
+	    if (des_read_pw_string (passwd, sizeof (passwd),
+				    prompt, 0)) {
+		memset (passwd, 0, sizeof (passwd));
+		exit (1);
+	    }
+	    if (strcmp (pwd->pw_passwd,
+			crypt (passwd, pwd->pw_passwd))) {
+		memset (passwd, 0, sizeof (passwd));
+		syslog (LOG_AUTH | LOG_WARNING,
+			"BAD SU %s to %s%s", username,
+			user, ontty ());
+		errx (1, "Sorry");
+	    }
+	    memset (passwd, 0, sizeof (passwd));
+	}
+    }
+    if (asme) {
+	/* if asme and non-standard target shell, must be root */
+	if (!chshell (pwd->pw_shell) && ruid)
+	    errx (1, "permission denied (shell '%s' not in /etc/shells).",
+		  pwd->pw_shell);
+    } else if (pwd->pw_shell && *pwd->pw_shell) {
+	shell = pwd->pw_shell;
+	iscsh = UNSET;
+    } else {
+	shell = _PATH_BSHELL;
+	iscsh = NO;
+    }
+
+    if ((p = strrchr (shell, '/')) != 0)
+	avshell = p + 1;
+    else
+	avshell = shell;
+
+    /* if we're forking a csh, we want to slightly muck the args */
+    if (iscsh == UNSET)
+	iscsh = strcmp (avshell, "csh") ? NO : YES;
+
+    /* set permissions */
+
+    if (setgid (pwd->pw_gid) < 0)
+	err (1, "setgid");
+    if (initgroups (user, pwd->pw_gid))
+	errx (1, "initgroups failed.");
+
+    if (setuid (pwd->pw_uid) < 0)
+	err (1, "setuid");
+
+    if (!asme) {
+	if (asthem) {
+	    char *k = getenv ("KRBTKFILE");
+	    char *t = getenv ("TERM");
+
+	    environ = malloc (10 * sizeof (char *));
+	    if (environ == NULL)
+		err (1, "malloc");
+	    environ[0] = NULL;
+	    setenv ("PATH", _PATH_DEFPATH, 1);
+	    if (t)
+		setenv ("TERM", t, 1);
+	    if (k)
+		setenv ("KRBTKFILE", k, 1);
+	    if (chdir (pwd->pw_dir) < 0)
+		errx (1, "no directory");
+	}
+	if (asthem || pwd->pw_uid)
+	    setenv ("USER", pwd->pw_name, 1);
+	setenv ("HOME", pwd->pw_dir, 1);
+	setenv ("SHELL", shell, 1);
+    }
+    if (iscsh == YES) {
+	if (fastlogin)
+	    *np-- = "-f";
+	if (asme)
+	    *np-- = "-m";
+    }
+    if (asthem) {
+	snprintf (avshellbuf, sizeof(avshellbuf),
+		  "-%s", avshell);
+	avshell = avshellbuf;
+    } else if (iscsh == YES) {
+	/* csh strips the first character... */
+	snprintf (avshellbuf, sizeof(avshellbuf),
+		  "_%s", avshell);
+	avshell = avshellbuf;
+    }
+    *np = avshell;
+
+    if (ruid != 0)
+	syslog (LOG_NOTICE | LOG_AUTH, "%s to %s%s",
+		username, user, ontty ());
+
+    setpriority (PRIO_PROCESS, 0, prio);
+
+    if (k_hasafs ()) {
+	int code;
+
+	if (k_setpag () != 0)
+	    warn ("setpag");
+	code = krb_afslog (0, 0);
+	if (code != KSUCCESS && code != KDC_PR_UNKNOWN)
+	    warnx ("afsklog: %s", krb_get_err_text (code));
+    }
+    if (destroy_tickets)
+        dest_tkt ();
+    execv (shell, np);
+    warn ("execv(%s)", shell);
+    if (getuid () == 0) {
+	execv (_PATH_BSHELL, np);
+	warn ("execv(%s)", _PATH_BSHELL);
+    }
+    exit (1);
+}
+
+static int
+chshell (char *sh)
+{
+    char *cp;
+
+    while ((cp = getusershell ()) != NULL)
+	if (!strcmp (cp, sh))
+	    return (1);
+    return (0);
+}
+
+static char *
+ontty (void)
+{
+    char *p;
+    static char buf[MaxPathLen + 4];
+
+    buf[0] = 0;
+    if ((p = ttyname (STDERR_FILENO)) != 0)
+	snprintf (buf, sizeof(buf), " on %s", p);
+    return (buf);
+}
+
+static int
+kerberos (char *username, char *user, int uid)
+{
+    KTEXT_ST ticket;
+    AUTH_DAT authdata;
+    struct hostent *hp;
+    int kerno;
+    u_long faddr;
+    char lrealm[REALM_SZ], krbtkfile[MaxPathLen];
+    char hostname[MaxHostNameLen], savehost[MaxHostNameLen];
+
+    if (krb_get_lrealm (lrealm, 1) != KSUCCESS)
+	return (1);
+    if (koktologin (username, lrealm, user) && !uid) {
+#ifndef PASSWD_FALLBACK
+	warnx ("not in %s's ACL.", user);
+#endif
+	return (1);
+    }
+    snprintf (krbtkfile, sizeof(krbtkfile),
+	      "%s_%s_to_%s_%u", TKT_ROOT, username, user,
+	     (unsigned) getpid ());
+
+    setenv ("KRBTKFILE", krbtkfile, 1);
+    krb_set_tkt_string (krbtkfile);
+    /*
+     * Set real as well as effective ID to 0 for the moment,
+     * to make the kerberos library do the right thing.
+     */
+    if (setuid(0) < 0) {
+        warn("setuid");
+	return (1);
+    }
+
+    /*
+     * Little trick here -- if we are su'ing to root, we need to get a ticket
+     * for "xxx.root", where xxx represents the name of the person su'ing.
+     * Otherwise (non-root case), we need to get a ticket for "yyy.", where
+     * yyy represents the name of the person being su'd to, and the instance
+     * is null 
+     *
+     * We should have a way to set the ticket lifetime, with a system default
+     * for root. 
+     */
+    {
+	char prompt[128];
+	char passw[256];
+
+	snprintf (prompt, sizeof(prompt),
+		  "%s's Password: ",
+		  krb_unparse_name_long ((uid == 0 ? username : user),
+					 (uid == 0 ? root_inst : ""),
+					 lrealm));
+	if (des_read_pw_string (passw, sizeof (passw), prompt, 0)) {
+	    memset (passw, 0, sizeof (passw));
+	    return (1);
+	}
+	if (strlen(passw) == 0)
+	    return (1);		/* Empty passwords is not allowed */
+	kerno = krb_get_pw_in_tkt ((uid == 0 ? username : user),
+				   (uid == 0 ? root_inst : ""), lrealm,
+				   KRB_TICKET_GRANTING_TICKET,
+				   lrealm,
+				   DEFAULT_TKT_LIFE,
+				   passw);
+	memset (passw, 0, strlen (passw));
+    }
+
+    if (kerno != KSUCCESS) {
+	if (kerno == KDC_PR_UNKNOWN) {
+	    warnx ("principal unknown: %s",
+		   krb_unparse_name_long ((uid == 0 ? username : user),
+					  (uid == 0 ? root_inst : ""),
+					  lrealm));
+	    return (1);
+	}
+	warnx ("unable to su: %s", krb_get_err_text (kerno));
+	syslog (LOG_NOTICE | LOG_AUTH,
+		"BAD SU: %s to %s%s: %s",
+		username, user, ontty (), krb_get_err_text (kerno));
+	return (1);
+    }
+    if (chown (krbtkfile, uid, -1) < 0) {
+	warn ("chown");
+	unlink (krbtkfile);
+	return (1);
+    }
+    setpriority (PRIO_PROCESS, 0, -2);
+
+    if (gethostname (hostname, sizeof (hostname)) == -1) {
+	warn ("gethostname");
+	dest_tkt ();
+	return (1);
+    }
+    strlcpy (savehost, krb_get_phost (hostname), sizeof (savehost));
+
+    kerno = krb_mk_req (&ticket, "rcmd", savehost, lrealm, 33);
+
+    if (kerno == KDC_PR_UNKNOWN) {
+	warnx ("Warning: TGT not verified.");
+	syslog (LOG_NOTICE | LOG_AUTH,
+		"%s to %s%s, TGT not verified (%s); "
+		"%s.%s not registered?",
+		username, user, ontty (), krb_get_err_text (kerno),
+		"rcmd", savehost);
+#ifdef KLOGIN_PARANOID
+	/*
+	 * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host, *
+	 * don't allow kerberos login, also log the error condition. 
+	 */
+	warnx ("Trying local password!");
+	return (1);
+#endif
+    } else if (kerno != KSUCCESS) {
+	warnx ("Unable to use TGT: %s", krb_get_err_text (kerno));
+	syslog (LOG_NOTICE | LOG_AUTH, "failed su: %s to %s%s: %s",
+		username, user, ontty (), krb_get_err_text (kerno));
+	dest_tkt ();
+	return (1);
+    } else {
+	if (!(hp = gethostbyname (hostname))) {
+	    warnx ("can't get addr of %s", hostname);
+	    dest_tkt ();
+	    return (1);
+	}
+	memcpy (&faddr, hp->h_addr, sizeof (faddr));
+
+	if ((kerno = krb_rd_req (&ticket, "rcmd", savehost, faddr,
+				 &authdata, "")) != KSUCCESS) {
+	    warnx ("unable to verify rcmd ticket: %s",
+		   krb_get_err_text (kerno));
+	    syslog (LOG_NOTICE | LOG_AUTH,
+		    "failed su: %s to %s%s: %s", username,
+		    user, ontty (), krb_get_err_text (kerno));
+	    dest_tkt ();
+	    return (1);
+	}
+    }
+    if (!destroy_tickets)
+        fprintf (stderr, "Don't forget to kdestroy before exiting the shell.\n");
+    return (0);
+}
+
+static int
+koktologin (char *name, char *realm, char *toname)
+{
+    return krb_kuserok (name,
+			strcmp (toname, "root") == 0 ? root_inst : "",
+			realm,
+			toname);
+}
diff --git a/crypto/kerberosIV/appl/bsd/sysv_default.c b/crypto/kerberosIV/appl/bsd/sysv_default.c
new file mode 100644
index 0000000..e6b28a7
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/sysv_default.c
@@ -0,0 +1,95 @@
+/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: sysv_default.c,v 1.11 1999/03/13 21:15:24 assar Exp $");
+
+#include "sysv_default.h"
+
+ /*
+  * Default values for stuff that can be read from the defaults file. The
+  * SunOS 5.1 documentation is incomplete and often disagrees with reality.
+  */
+
+static char default_umask_value[] = "022";
+
+char   *default_console	= 0;
+char   *default_altsh	= "YES";
+char   *default_passreq	= "NO";
+char   *default_timezone= 0;
+char   *default_hz	= 0;
+char   *default_path	= _PATH_DEFPATH;
+char   *default_supath	= _PATH_DEFSUPATH;
+char   *default_ulimit	= 0;
+char   *default_timeout	= "180";
+char   *default_umask	= default_umask_value;
+char   *default_sleep	= "4";
+char   *default_maxtrys	= "5";
+
+static struct sysv_default {
+    char  **valptr;
+    char   *prefix;
+    int     prefix_len;
+} defaults[] = {
+    {&default_console,	"CONSOLE=",	sizeof("CONSOLE=") -1},
+    {&default_altsh,	"ALTSHELL=",	sizeof("ALTSHELL=") -1},
+    {&default_passreq,	"PASSREQ=",	sizeof("PASSREQ=") -1},
+    {&default_timezone,	"TIMEZONE=",	sizeof("TIMEZONE=") -1},
+    {&default_hz,	"HZ=",		sizeof("HZ=") -1},
+    {&default_path,	"PATH=",	sizeof("PATH=") -1},
+    {&default_supath,	"SUPATH=",	sizeof("SUPATH=") -1},
+    {&default_ulimit,	"ULIMIT=",	sizeof("ULIMIT=") -1},
+    {&default_timeout,	"TIMEOUT=",	sizeof("TIMEOUT=") -1},
+    {&default_umask,	"UMASK=",	sizeof("UMASK=") -1},
+    {&default_sleep,	"SLEEPTIME=",	sizeof("SLEEPTIME=") -1},
+    {&default_maxtrys,	"MAXTRYS=",	sizeof("MAXTRYS=") -1},
+    {0},
+};
+
+#define trim(s) { \
+	char   *cp = s + strlen(s); \
+	while (cp > s && isspace((unsigned char)cp[-1])) \
+	    cp--; \
+	*cp = 0; \
+}
+
+/* sysv_defaults - read login defaults file */
+
+void
+sysv_defaults()
+{
+    struct sysv_default *dp;
+    FILE   *fp;
+    char    buf[BUFSIZ];
+
+    if ((fp = fopen(_PATH_ETC_DEFAULT_LOGIN, "r"))) {
+
+	/* Stupid quadratic algorithm. */
+
+	while (fgets(buf, sizeof(buf), fp)) {
+
+	    /* Skip comments and blank lines. */
+
+	    if (buf[0] == '#')
+		continue;
+	    trim(buf);
+	    if (buf[0] == 0)
+		continue;
+
+	    /* Assign defaults from file. */
+
+#define STREQN(x,y,l) (x[0] == y[0] && strncmp(x,y,l) == 0)
+
+	    for (dp = defaults; dp->valptr; dp++) {
+		if (STREQN(buf, dp->prefix, dp->prefix_len)) {
+		    if ((*(dp->valptr) = strdup(buf + dp->prefix_len)) == 0) {
+			warnx("Insufficient memory resources - try later.");
+			sleepexit(1);
+		    }
+		    break;
+		}
+	    }
+	}
+	fclose(fp);
+    }
+}
diff --git a/crypto/kerberosIV/appl/bsd/sysv_default.h b/crypto/kerberosIV/appl/bsd/sysv_default.h
new file mode 100644
index 0000000..0056059
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/sysv_default.h
@@ -0,0 +1,18 @@
+/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
+
+/* $Id: sysv_default.h,v 1.5 1996/10/27 23:51:14 assar Exp $ */
+
+extern char *default_console;
+extern char *default_altsh;
+extern char *default_passreq;
+extern char *default_timezone;
+extern char *default_hz;
+extern char *default_path;
+extern char *default_supath;
+extern char *default_ulimit;
+extern char *default_timeout;
+extern char *default_umask;
+extern char *default_sleep;
+extern char *default_maxtrys;
+
+void sysv_defaults(void);
diff --git a/crypto/kerberosIV/appl/bsd/sysv_environ.c b/crypto/kerberosIV/appl/bsd/sysv_environ.c
new file mode 100644
index 0000000..3df800e
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/sysv_environ.c
@@ -0,0 +1,193 @@
+/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: sysv_environ.c,v 1.23 1997/12/14 23:50:44 assar Exp $");
+
+#ifdef HAVE_ULIMIT_H
+#include <ulimit.h>
+#endif
+
+#ifndef UL_SETFSIZE
+#define UL_SETFSIZE 2
+#endif
+
+#include "sysv_default.h"
+
+/*
+ * Set 
+ */
+
+static void
+read_etc_environment (void)
+{
+    FILE *f;
+    char buf[BUFSIZ];
+
+    f = fopen(_PATH_ETC_ENVIRONMENT, "r");
+    if (f) {
+	char *val;
+
+	while (fgets (buf, sizeof(buf), f) != NULL) {
+	    if (buf[0] == '\n' || buf[0] == '#')
+		continue;
+	    buf[strlen(buf) - 1] = '\0';
+	    val = strchr (buf, '=');
+	    if (val == NULL)
+		continue;
+	    *val = '\0';
+	    setenv(buf, val + 1, 1);
+	}
+	fclose (f);
+    }
+}
+
+ /*
+  * Environment variables that are preserved (but may still be overruled by
+  * other means). Only TERM and TZ appear to survive (SunOS 5.1). These are
+  * typically inherited from the ttymon process.
+  */
+
+static struct preserved {
+    char   *name;
+    char   *value;
+} preserved[] = {
+    {"TZ", 0},
+    {"TERM", 0},
+    {0},
+};
+
+ /*
+  * Environment variables that are not preserved and that cannot be specified
+  * via commandline or stdin. Except for the LD_xxx (runtime linker) stuff,
+  * the list applies to most SYSV systems. The manpage mentions only that
+  * SHELL and PATH are censored. HOME, LOGNAME and MAIL are always
+  * overwritten; they are in the list to make the censoring explicit.
+  */
+
+static struct censored {
+    char   *prefix;
+    int     length;
+} censored[] = {
+  {"SHELL=",	sizeof("SHELL=") - 1},
+     {"HOME=",	sizeof("HOME=") - 1},
+     {"LOGNAME=",	sizeof("LOGNAME=") - 1},
+     {"MAIL=",	sizeof("MAIL=") - 1},
+     {"CDPATH=",	sizeof("CDPATH=") - 1},
+     {"IFS=",	sizeof("IFS=") - 1},
+     {"PATH=",	sizeof("PATH=") - 1},
+    {"LD_",	sizeof("LD_") - 1},
+    {0},
+};
+
+/* sysv_newenv - set up final environment after logging in */
+
+void sysv_newenv(int argc, char **argv, struct passwd *pwd,
+		 char *term, int pflag)
+{
+    unsigned umask_val;
+    char    buf[BUFSIZ];
+    int     count = 0;
+    struct censored *cp;
+    struct preserved *pp;
+
+    /* Preserve a selection of the environment. */
+
+    for (pp = preserved; pp->name; pp++)
+	pp->value = getenv(pp->name);
+
+    /*
+     * Note: it is a bad idea to assign a static array to the global environ
+     * variable. Reason is that putenv() can run into problems when it tries
+     * to realloc() the environment table. Instead, we just clear environ[0]
+     * and let putenv() work things out.
+     */
+
+    if (!pflag && environ)
+	environ[0] = 0;
+
+    /* Restore preserved environment variables. */
+
+    for (pp = preserved; pp->name; pp++)
+	if (pp->value)
+	    setenv(pp->name, pp->value, 1);
+
+    /* The TERM definition from e.g. rlogind can override an existing one. */
+
+    if (term[0])
+	setenv("TERM", term, 1);
+
+    /*
+     * Environment definitions from the command line overrule existing ones,
+     * but can be overruled by definitions from stdin. Some variables are
+     * censored.
+     * 
+     * Omission: we do not support environment definitions from stdin.
+     */
+
+#define STREQN(x,y,l) (x[0] == y[0] && strncmp(x,y,l) == 0)
+
+    while (argc && *argv) {
+	if (strchr(*argv, '=') == 0) {
+	    snprintf(buf, sizeof(buf), "L%d", count++);
+	    setenv(buf, *argv, 1);
+	} else {
+	    for (cp = censored; cp->prefix; cp++)
+		if (STREQN(*argv, cp->prefix, cp->length))
+		    break;
+	    if (cp->prefix == 0)
+		putenv(*argv);
+	}
+	argc--, argv++;
+    }
+
+    /* PATH is always reset. */
+
+    setenv("PATH", pwd->pw_uid ? default_path : default_supath, 1);
+
+    /* Undocumented: HOME, MAIL and LOGNAME are always reset (SunOS 5.1). */
+
+    setenv("HOME", pwd->pw_dir, 1);
+    {
+	char *sep = "/";
+	if(KRB4_MAILDIR[strlen(KRB4_MAILDIR) - 1] == '/')
+	    sep = "";
+	roken_concat(buf, sizeof(buf), KRB4_MAILDIR, sep, pwd->pw_name, NULL);
+    }
+    setenv("MAIL", buf, 1);
+    setenv("LOGNAME", pwd->pw_name, 1);
+    setenv("USER", pwd->pw_name, 1);
+
+    /*
+     * Variables that may be set according to specifications in the defaults
+     * file. HZ and TZ are set only if they are still uninitialized.
+     * 
+     * Extension: when ALTSHELL=YES, we set the SHELL variable even if it is
+     * /bin/sh.
+     */
+
+    if (strcasecmp(default_altsh, "YES") == 0)
+	setenv("SHELL", pwd->pw_shell, 1);
+    if (default_hz)
+	setenv("HZ", default_hz, 0);
+    if (default_timezone)
+	setenv("TZ", default_timezone, 0);
+
+    /* Non-environment stuff. */
+
+    if (default_umask) {
+	if (sscanf(default_umask, "%o", &umask_val) == 1 && umask_val)
+	    umask(umask_val);
+    }
+#ifdef HAVE_ULIMIT
+    if (default_ulimit) {
+	long    limit_val;
+
+	if (sscanf(default_ulimit, "%ld", &limit_val) == 1 && limit_val)
+	    if (ulimit(UL_SETFSIZE, limit_val) < 0)
+	        warn ("ulimit(UL_SETFSIZE, %ld)", limit_val);
+    }
+#endif
+    read_etc_environment();
+}
+
diff --git a/crypto/kerberosIV/appl/bsd/sysv_shadow.c b/crypto/kerberosIV/appl/bsd/sysv_shadow.c
new file mode 100644
index 0000000..99794bd
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/sysv_shadow.c
@@ -0,0 +1,45 @@
+/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: sysv_shadow.c,v 1.8 1997/12/29 19:56:07 bg Exp $");
+
+#ifdef SYSV_SHADOW
+
+#include <sysv_shadow.h>
+
+/* sysv_expire - check account and password expiration times */
+
+int
+sysv_expire(struct spwd *spwd)
+{
+    long    today;
+
+    tzset();
+    today = time(0)/(60*60*24);	/* In days since Jan. 1, 1970 */
+
+    if (spwd->sp_expire > 0) {
+	if (today > spwd->sp_expire) {
+	    printf("Your account has expired.\n");
+	    sleepexit(1);
+	} else if (spwd->sp_expire - today < 14) {
+	    printf("Your account will expire in %d days.\n",
+		   (int)(spwd->sp_expire - today));
+	    return (0);
+	}
+    }
+    if (spwd->sp_max > 0) {
+	if (today > (spwd->sp_lstchg + spwd->sp_max)) {
+	    printf("Your password has expired. Choose a new one.\n");
+	    return (1);
+	} else if (spwd->sp_warn > 0
+	    && (today > (spwd->sp_lstchg + spwd->sp_max - spwd->sp_warn))) {
+	    printf("Your password will expire in %d days.\n",
+		   (int)(spwd->sp_lstchg + spwd->sp_max - today));
+	    return (0);
+	}
+    }
+    return (0);
+}
+
+#endif /* SYSV_SHADOW */
diff --git a/crypto/kerberosIV/appl/bsd/sysv_shadow.h b/crypto/kerberosIV/appl/bsd/sysv_shadow.h
new file mode 100644
index 0000000..339035b
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/sysv_shadow.h
@@ -0,0 +1,5 @@
+/* $Id: sysv_shadow.h,v 1.7 1999/03/13 21:15:43 assar Exp $ */
+
+#include <shadow.h>
+
+int sysv_expire(struct spwd *);
diff --git a/crypto/kerberosIV/appl/bsd/tty.c b/crypto/kerberosIV/appl/bsd/tty.c
new file mode 100644
index 0000000..2a903db
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/tty.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: tty.c,v 1.3 1999/12/02 16:58:28 joda Exp $");
+
+/*
+ * Clean the tty name.  Return a pointer to the cleaned version.
+ */
+
+char *
+clean_ttyname (char *tty)
+{
+  char *res = tty;
+
+  if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0)
+    res += strlen(_PATH_DEV);
+  if (strncmp (res, "pty/", 4) == 0)
+    res += 4;
+  if (strncmp (res, "ptym/", 5) == 0)
+    res += 5;
+  return res;
+}
+
+/*
+ * Generate a name usable as an `ut_id', typically without `tty'.
+ */
+
+char *
+make_id (char *tty)
+{
+  char *res = tty;
+  
+  if (strncmp (res, "pts/", 4) == 0)
+    res += 4;
+  if (strncmp (res, "tty", 3) == 0)
+    res += 3;
+  return res;
+}
diff --git a/crypto/kerberosIV/appl/bsd/utmp_login.c b/crypto/kerberosIV/appl/bsd/utmp_login.c
new file mode 100644
index 0000000..d2879fe
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/utmp_login.c
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 1995-1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: utmp_login.c,v 1.16 1999/12/02 16:58:29 joda Exp $");
+
+#ifdef HAVE_UTMP_H
+void
+prepare_utmp (struct utmp *utmp, char *tty, char *username, char *hostname)
+{
+    char *ttyx = clean_ttyname (tty);
+
+    memset(utmp, 0, sizeof(*utmp));
+    utmp->ut_time = time(NULL);
+    strncpy(utmp->ut_line, ttyx, sizeof(utmp->ut_line));
+    strncpy(utmp->ut_name, username, sizeof(utmp->ut_name));
+
+# ifdef HAVE_STRUCT_UTMP_UT_USER
+    strncpy(utmp->ut_user, username, sizeof(utmp->ut_user));
+# endif
+
+# ifdef HAVE_STRUCT_UTMP_UT_ADDR
+    if (hostname[0]) {
+        struct hostent *he;
+	if ((he = gethostbyname(hostname)))
+	    memcpy(&utmp->ut_addr, he->h_addr_list[0],
+		   sizeof(utmp->ut_addr));
+    }
+# endif
+
+# ifdef HAVE_STRUCT_UTMP_UT_HOST
+    strncpy(utmp->ut_host, hostname, sizeof(utmp->ut_host));
+# endif
+
+# ifdef HAVE_STRUCT_UTMP_UT_TYPE
+    utmp->ut_type = USER_PROCESS;
+# endif
+
+# ifdef HAVE_STRUCT_UTMP_UT_PID
+    utmp->ut_pid = getpid();
+# endif
+
+# ifdef HAVE_STRUCT_UTMP_UT_ID
+    strncpy(utmp->ut_id, make_id(ttyx), sizeof(utmp->ut_id));
+# endif
+}
+#endif
+
+#ifdef HAVE_UTMPX_H
+void utmp_login(char *tty, char *username, char *hostname) { return; }
+#else
+
+/* update utmp and wtmp - the BSD way */
+
+void utmp_login(char *tty, char *username, char *hostname)
+{
+    struct utmp utmp;
+    int fd;
+
+    prepare_utmp (&utmp, tty, username, hostname);
+
+#ifdef HAVE_SETUTENT
+    utmpname(_PATH_UTMP);
+    setutent();
+    pututline(&utmp);
+    endutent();
+#else
+
+#ifdef HAVE_TTYSLOT
+    {
+      int ttyno;
+      ttyno = ttyslot();
+      if (ttyno > 0 && (fd = open(_PATH_UTMP, O_WRONLY, 0)) >= 0) {
+	lseek(fd, (long)(ttyno * sizeof(struct utmp)), SEEK_SET);
+	write(fd, &utmp, sizeof(struct utmp));
+	close(fd);
+      }
+    }
+#endif /* HAVE_TTYSLOT */
+#endif /* HAVE_SETUTENT */
+
+    if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
+	write(fd, &utmp, sizeof(struct utmp));
+	close(fd);
+    }
+}
+#endif /* !HAVE_UTMPX_H */
diff --git a/crypto/kerberosIV/appl/bsd/utmpx_login.c b/crypto/kerberosIV/appl/bsd/utmpx_login.c
new file mode 100644
index 0000000..acc6a154
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/utmpx_login.c
@@ -0,0 +1,88 @@
+/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: utmpx_login.c,v 1.21 1999/03/29 17:57:31 joda Exp $");
+
+/* utmpx_login - update utmp and wtmp after login */
+
+#ifndef HAVE_UTMPX_H
+int utmpx_login(char *line, char *user, char *host) { return 0; }
+#else
+
+static void
+utmpx_update(struct utmpx *ut, char *line, char *user, char *host)
+{
+    struct timeval tmp;
+    char *clean_tty = clean_ttyname(line);
+
+    strncpy(ut->ut_line, clean_tty, sizeof(ut->ut_line));
+#ifdef HAVE_STRUCT_UTMPX_UT_ID
+    strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id));
+#endif
+    strncpy(ut->ut_user, user, sizeof(ut->ut_user));
+    strncpy(ut->ut_host, host, sizeof(ut->ut_host));
+#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
+    ut->ut_syslen = strlen(host) + 1;
+    if (ut->ut_syslen > sizeof(ut->ut_host))
+        ut->ut_syslen = sizeof(ut->ut_host);
+#endif
+    ut->ut_type = USER_PROCESS;
+    gettimeofday (&tmp, 0);
+    ut->ut_tv.tv_sec = tmp.tv_sec;
+    ut->ut_tv.tv_usec = tmp.tv_usec;
+    pututxline(ut);
+#ifdef WTMPX_FILE
+    updwtmpx(WTMPX_FILE, ut);
+#elif defined(WTMP_FILE)
+    {
+	struct utmp utmp;
+	int fd;
+
+	prepare_utmp (&utmp, line, user, host);
+	if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
+	    write(fd, &utmp, sizeof(struct utmp));
+	    close(fd);
+	}
+    }
+#endif
+}
+
+int
+utmpx_login(char *line, char *user, char *host)
+{
+    struct utmpx *ut;
+    pid_t   mypid = getpid();
+    int     ret = (-1);
+
+    /*
+     * SYSV4 ttymon and login use tty port names with the "/dev/" prefix
+     * stripped off. Rlogind and telnetd, on the other hand, make utmpx
+     * entries with device names like /dev/pts/nnn. We therefore cannot use
+     * getutxline(). Return nonzero if no utmp entry was found with our own
+     * process ID for a login or user process.
+     */
+
+    while ((ut = getutxent())) {
+        /* Try to find a reusable entry */
+	if (ut->ut_pid == mypid
+	    && (   ut->ut_type == INIT_PROCESS
+		|| ut->ut_type == LOGIN_PROCESS
+		|| ut->ut_type == USER_PROCESS)) {
+	    utmpx_update(ut, line, user, host);
+	    ret = 0;
+	    break;
+	}
+    }
+    if (ret == -1) {
+        /* Grow utmpx file by one record. */
+        struct utmpx newut;
+	memset(&newut, 0, sizeof(newut));
+	newut.ut_pid = mypid;
+        utmpx_update(&newut, line, user, host);
+	ret = 0;
+    }
+    endutxent();
+    return (ret);
+}
+#endif /* HAVE_UTMPX_H */
diff --git a/crypto/kerberosIV/appl/ftp/ChangeLog b/crypto/kerberosIV/appl/ftp/ChangeLog
new file mode 100644
index 0000000..e2e1bb5
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ChangeLog
@@ -0,0 +1,376 @@
+1999-11-30  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpd.c (getdatasock): make sure to keep the port-number of
+ 	the outgoing connections.  It has to be `ftp-data' or some people
+ 	might get upset.
+
+	* ftpd/ftpd.c (args): set correct variable when `-l' so that
+ 	logging actually works
+
+1999-11-29  Assar Westerlund  <assar@sics.se>
+
+	* ftp/security.c (sec_login): check return value from realloc
+	(sec_end): set app_data to NULL
+
+1999-11-25  Assar Westerlund  <assar@sics.se>
+
+	* ftp/krb4.c (krb4_auth): obtain the `local' address when doing
+	NAT.  also turn on passive mode.  From <thn@stacken.kth.se>
+
+1999-11-20  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ls.c (make_fileinfo): cast to allow for non-const
+ 	prototypes of readlink
+
+1999-11-12  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpd.c (args): use arg_counter for `l'
+	
+1999-11-04  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ls.c (S_ISSOCK, S_ISLNK): fallback definitions for systems
+ 	that don't have them (such as ultrix)
+
+1999-10-29  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ls.c (make_fileinfo): cast uid's and gid's to unsigned in
+ 	printf, we don't know what types they might be.
+	(lstat_file): conditionalize the kafs part on KRB4
+
+	* ftpd/ftpd_locl.h: <sys/ioccom.h> is needed for kafs.h
+
+1999-10-28  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ls.c (lstat_file): don't set st_mode, it should already be
+ 	correct
+
+	* ftpd/ls.c: don't use warnx to print errors
+
+	* ftpd/ls.c (builtin_ls): fix typo, 'd' shouldn't imply 'f'
+
+	* ftpd/ls.c (lstat_file): new function for avoiding stating AFS
+ 	mount points.  From Love <lha@s3.kth.se>
+	(list_files): use `lstat_file'
+
+	* ftpd/ftpd.c: some const-poisoning
+
+	* ftpd/ftpd.c (args): add `-B' as an alias for `--builtin-ls' to
+ 	allow for stupid inetds that only support two arguments.  From
+ 	Love <lha@s3.kth.se>
+
+1999-10-26  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpcmd.y (help): it's unnecessary to interpret help strings
+ 	as printf commands
+
+	* ftpd/ftpd.c (show_issue): don't interpret contents of
+ 	/etc/issue* as printf commands.  From Brian A May
+ 	<bmay@dgs.monash.edu.au>
+
+1999-10-21  Johan Danielsson  <joda@pdc.kth.se>
+
+	* ftpd/kauth.c (kauth): complain if protection level isn't
+	`private'
+
+	* ftp/krb4.c (krb4_decode): syslog failure reason
+
+	* ftp/kauth.c (kauth): set private level earlier
+
+	* ftp/security.c: get_command_prot; (sec_prot): partially match
+	`command' and `data'
+
+1999-10-18  Johan Danielsson  <joda@pdc.kth.se>
+
+	* ftpd/ftpd.c: change `-l' flag to use arg_collect (this makes
+	`-ll' work again)
+
+	* ftpd/ftpd.c (list_file): pass filename to ls
+
+1999-10-04  Johan Danielsson  <joda@pdc.kth.se>
+
+	* ftpd/ftpcmd.y: FEAT
+
+1999-10-03  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ls.c: fall-back definitions for constans and casts for
+ 	printfs
+
+1999-10-03  Johan Danielsson  <joda@pdc.kth.se>
+
+	* ftpd/ftpd.c (main): make this use getarg; add `list_file'
+
+	* ftpd/ftpcmd.y (LIST): call list_file
+
+	* ftpd/ls.c: add simple built-in ls
+
+	* ftp/security.c: add `sec_vfprintf2' and `sec_fprintf2' that
+	prints to the data stream
+
+	* ftp/kauth.c (kauth): make sure we're using private protection
+	level
+
+	* ftp/security.c (set_command_prot): set command protection level
+
+	* ftp/security.c: make it possible to set the command protection
+	level with `prot'
+
+1999-09-30  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpd_locl.h: add prototype for fclose to make sunos happy
+
+1999-08-19  Johan Danielsson  <joda@pdc.kth.se>
+
+	* ftpd/ftpd.c (do_login): show issue-file
+	(send_data): change handling of zero-byte files
+
+1999-08-18  Assar Westerlund  <assar@sics.se>
+
+	* ftp/cmds.c (getit): be more suspicious when parsing the result
+ 	of MDTM.  Do the comparison of timestamps correctly.
+
+1999-08-13  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpd.c (send_data): avoid calling mmap with `len == 0'.
+  	Some mmap:s rather dislike that (Solaris) and some munmap (Linux)
+ 	get grumpy later.
+
+	* ftp/ftp.c (copy_stream): avoid calling mmap with `len == 0'.
+  	Some mmap:s rather dislike that (Solaris) and some munmap (Linux)
+ 	get grumpy later.
+
+1999-08-03  Assar Westerlund  <assar@sics.se>
+
+	* ftp/ftp.c (active_mode): hide failure of EPRT by setting verbose
+
+	* ftp/gssapi.c (gss_auth): initialize application_data in bindings
+
+1999-08-02  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpcmd.y: save file names when doing commands that might
+ 	get aborted (and longjmp:ed out of) to avoid overwriting them also
+ 	remove extra closing brace
+
+1999-08-01  Johan Danielsson  <joda@pdc.kth.se>
+
+	* ftpd/ftpcmd.y: change `site find' to `site locate' (to match
+	what it does, and other implementations) keep find as an alias
+
+1999-07-28  Assar Westerlund  <assar@sics.se>
+
+	* common/socket.c: moved to roken
+
+	* common/socket.c: new file with generic socket functions
+
+	* ftpd/ftpd.c: make it more AF-neutral and v6-capable
+
+	* ftpd/ftpcmd.y: add EPRT and EPSV
+
+	* ftpd/extern.h: update prototypes and variables
+
+	* ftp/krb4.c: update to new types of addresses
+
+	* ftp/gssapi.c: add support for both AF_INET and AF_INET6
+ 	addresses
+
+	* ftp/ftp.c: make it more AF-neutral and v6-capable
+
+	* ftp/extern.h (hookup): change prototype
+
+	* common/common.h: add prototypes for functions in socket.c
+
+	* common/Makefile.am (libcommon_a_SOURCES): add socket.c
+
+	* ftp/gssapi.c (gss_auth): check return value from
+ 	`gss_import_name' and print error messages if it fails
+
+1999-06-15  Assar Westerlund  <assar@sics.se>
+
+	* ftp/krb4.c (krb4_auth): type correctness
+
+1999-06-02  Johan Danielsson  <joda@pdc.kth.se>
+
+	* ftp/ftp.c (sendrequest): lmode != rmode
+	
+1999-05-21  Assar Westerlund  <assar@sics.se>
+
+	* ftp/extern.h (sendrequest): update prototype
+
+	* ftp/cmds.c: update calls to sendrequest and recvrequest to send
+ 	"b" when appropriate
+
+	* ftp/ftp.c (sendrequest): add argument for mode to open file in.
+
+1999-05-08  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpcmd.y: rename getline -> ftpd_getline
+
+	* ftp/main.c (makeargv): fill in unused slots with NULL
+
+Thu Apr  8 15:06:40 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftpd/ftpd.c: remove definition of KRB_VERIFY_USER (moved to
+ 	config.h)
+
+Wed Apr  7 16:15:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftp/gssapi.c (gss_auth): call gss_display_status to get a sane
+ 	error message; return AUTH_{CONTINUE,ERROR}, where appropriate
+
+	* ftp/krb4.c: return AUTH_{CONTINUE,ERROR}, where appropriate
+
+	* ftp/security.c (sec_login): if mechanism returns AUTH_CONTINUE,
+ 	just continue with the next mechanism, this fixes the case of
+ 	having GSSAPI fail because of non-existant of expired tickets
+
+	* ftp/security.h: add AUTH_{OK,CONTINUE,ERROR}
+
+Thu Apr  1 16:59:04 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftpd/Makefile.am: don't run check-local
+
+	* ftp/Makefile.am: don't run check-local
+
+Mon Mar 22 22:15:18 1999  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpd.c (pass): fall-back for KRB_VERIFY_SECURE
+
+	* ftpd/ftpd.c (pass): 1 -> KRB_VERIFY_SECURE
+
+Thu Mar 18 12:07:09 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftpd/Makefile.am: clean ftpcmd.c
+
+	* ftpd/ftpd_locl.h: remove krb5.h (breaks in ftpcmd.y)
+
+	* ftpd/ftpd.c: move include of krb5.h here
+
+	* ftpd/Makefile.am: include Makefile.am.common
+
+	* Makefile.am: include Makefile.am.common
+
+	* ftp/Makefile.am: include Makefile.am.common
+
+	* common/Makefile.am: include Makefile.am.common
+
+Tue Mar 16 22:28:37 1999  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpd_locl.h: add krb5.h to get heimdal_version
+
+	* ftpd/ftpd.c: krb_verify_user_multiple -> krb_verify_user
+
+Thu Mar 11 14:54:59 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftp/Makefile.in: WFLAGS
+
+	* ftp/ruserpass.c: add some if-braces
+
+Wed Mar 10 20:02:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftpd/ftpd_locl.h: remove ifdef HAVE_FNMATCH
+
+Mon Mar  8 21:29:24 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftpd/ftpd.c: re-add version in greeting message
+
+Mon Mar  1 10:49:38 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftpd/logwtmp.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
+
+Mon Feb 22 19:20:51 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* common/Makefile.in: remove glob
+
+Sat Feb 13 17:19:35 1999  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpd.c (match): remove #ifdef HAVE_FNMATCH.  We have a
+ 	fnmatch implementation in roken and therefore always have it.
+
+	* ftp/ftp.c (copy_stream): initialize `werr'
+
+Wed Jan 13 23:52:57 1999  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpcmd.y: moved all check_login and check_login_no_guest to
+ 	the end of the rules to ensure we don't generate several
+ 	(independent) error messages.  once again, having a yacc-grammar
+ 	for FTP with embedded actions doesn't strike me as the most
+ 	optimal way of doing it.
+
+Tue Dec  1 14:44:29 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftpd/Makefile.am: link with extra libs for aix
+
+Sun Nov 22 10:28:20 1998  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpd.c (retrying): support on-the-fly decompression
+
+	* ftpd/Makefile.in (WFLAGS): set
+
+	* ftp/ruserpass.c (guess_domain): new function
+	(ruserpass): use it
+
+	* common/Makefile.in (WFLAGS): set
+
+	* Makefile.in (WFLAGS): set
+
+Sat Nov 21 23:13:03 1998  Assar Westerlund  <assar@sics.se>
+
+	* ftp/security.c: some more type correctness.
+
+	* ftp/gssapi.c (gss_adat): more braces to shut up warnings
+
+Wed Nov 18 21:47:55 1998  Assar Westerlund  <assar@sics.se>
+
+	* ftp/main.c (main): new option `-p' for enable passive mode.
+
+Mon Nov  2 01:57:49 1998  Assar Westerlund  <assar@sics.se>
+
+	* ftp/ftp.c (getreply): remove extra `break'
+
+	* ftp/gssapi.c (gss_auth): fixo typo(copyo?)
+
+	* ftp/security.c (sec_login): fix loop and return value
+
+Tue Sep  1 16:56:42 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* ftp/cmds.c (quote1): fix % quoting bug
+
+Fri Aug 14 17:10:06 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* ftp/krb4.c: krb_put_int -> KRB_PUT_INT
+
+Tue Jun 30 18:07:15 1998  Assar Westerlund  <assar@sics.se>
+
+	* ftp/security.c (auth): free `app_data'
+	(sec_end): only destroy if it was initialized
+
+Tue Jun  9 21:01:59 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* ftp/krb4.c: pass client address to krb_rd_req
+
+Sat May 16 00:02:07 1998  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/Makefile.am: link with DBLIB
+
+Tue May 12 14:15:32 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* ftp/gssapi.c: Save client name for userok().
+
+	* ftpd/gss_userok.c: Userok for gssapi.
+
+Fri May  1 07:15:01 1998  Assar Westerlund  <assar@sics.se>
+
+	* ftp/ftp.c: unifdef -DHAVE_H_ERRNO
+
+Fri Mar 27 00:46:07 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* Make compile w/o krb4.
+
+Thu Mar 26 03:49:12 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* ftp/*, ftpd/*: Changes for new framework.
+
+	* ftp/gssapi.c: GSS-API backend for the new security framework.
+
+	* ftp/krb4.c: Updated for new framework.
+
+	* ftp/security.{c,h}: New unified security framework.
diff --git a/crypto/kerberosIV/appl/ftp/Makefile.am b/crypto/kerberosIV/appl/ftp/Makefile.am
new file mode 100644
index 0000000..f8831a3
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/Makefile.am
@@ -0,0 +1,5 @@
+# $Id: Makefile.am,v 1.5 1999/03/20 13:58:14 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+SUBDIRS = common ftp ftpd
diff --git a/crypto/kerberosIV/appl/ftp/Makefile.in b/crypto/kerberosIV/appl/ftp/Makefile.in
new file mode 100644
index 0000000..68546ab
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/Makefile.in
@@ -0,0 +1,44 @@
+# $Id: Makefile.in,v 1.12 1999/03/10 19:01:11 joda Exp $
+
+srcdir		= @srcdir@
+top_srcdir	= @top_srcdir@
+VPATH		= @srcdir@
+
+SHELL		= /bin/sh
+
+@SET_MAKE@
+
+CC 	= @CC@
+RANLIB 	= @RANLIB@
+DEFS 	= @DEFS@
+CFLAGS 	= @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+
+INSTALL = @INSTALL@
+
+prefix 	= @prefix@
+
+SUBDIRS=common ftp ftpd
+
+all:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+install: all
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+uninstall:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+clean cleandir:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+distclean: 
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+	rm -f Makefile *~
+
+.PHONY: all install uninstall clean cleandir distclean
diff --git a/crypto/kerberosIV/appl/ftp/common/Makefile.am b/crypto/kerberosIV/appl/ftp/common/Makefile.am
new file mode 100644
index 0000000..4fab07b
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/Makefile.am
@@ -0,0 +1,12 @@
+# $Id: Makefile.am,v 1.9 1999/07/28 21:15:06 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4) 
+
+noinst_LIBRARIES = libcommon.a
+
+libcommon_a_SOURCES = \
+	sockbuf.c \
+	buffer.c \
+	common.h
diff --git a/crypto/kerberosIV/appl/ftp/common/Makefile.in b/crypto/kerberosIV/appl/ftp/common/Makefile.in
new file mode 100644
index 0000000..b00bd0a
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/Makefile.in
@@ -0,0 +1,55 @@
+# $Id: Makefile.in,v 1.23 1999/03/10 19:01:11 joda Exp $
+
+SHELL		= /bin/sh
+
+srcdir		= @srcdir@
+top_srcdir	= @top_srcdir@
+VPATH		= @srcdir@
+
+CC 	= @CC@
+AR	= ar
+RANLIB 	= @RANLIB@
+DEFS 	= @DEFS@
+CFLAGS 	= @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+
+INSTALL = @INSTALL@
+
+prefix 	= @prefix@
+
+SOURCES = sockbuf.c buffer.c
+OBJECTS = $(libcommon_OBJS)
+
+libcommon_OBJS = sockbuf.o buffer.o
+
+LIBNAME = $(LIBPREFIX)common
+LIBEXT = a
+LIBPREFIX = @LIBPREFIX@
+LIB = $(LIBNAME).$(LIBEXT)
+
+all: $(LIB)
+
+.c.o:
+	$(CC) -c -I$(srcdir) -I../../../include $(DEFS) $(CFLAGS) $(CPPFLAGS) $<
+
+$(LIB): $(libcommon_OBJS)
+	rm -f $@
+	ar cr $@ $(libcommon_OBJS)
+	-$(RANLIB) $@
+
+install:
+
+uninstall:
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+clean cleandir:
+	rm -f *~ *.o libcommon.a core \#*
+
+distclean: 
+	rm -f Makefile
+
+$(OBJECTS): ../../../include/config.h
+
+.PHONY: all install uninstall clean cleandir distclean
diff --git a/crypto/kerberosIV/appl/ftp/common/base64.c b/crypto/kerberosIV/appl/ftp/common/base64.c
new file mode 100644
index 0000000..648f32d
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/base64.c
@@ -0,0 +1,149 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      H�gskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: base64.c,v 1.6 1997/05/30 17:24:06 assar Exp $");
+#endif
+#include <stdlib.h>
+#include <string.h>
+#include "base64.h"
+
+static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+static int pos(char c)
+{
+  char *p;
+  for(p = base64; *p; p++)
+    if(*p == c)
+      return p - base64;
+  return -1;
+}
+
+int base64_encode(const void *data, int size, char **str)
+{
+  char *s, *p;
+  int i;
+  int c;
+  unsigned char *q;
+
+  p = s = (char*)malloc(size*4/3+4);
+  q = (unsigned char*)data;
+  i=0;
+  for(i = 0; i < size;){
+    c=q[i++];
+    c*=256;
+    if(i < size)
+      c+=q[i];
+    i++;
+    c*=256;
+    if(i < size)
+      c+=q[i];
+    i++;
+    p[0]=base64[(c&0x00fc0000) >> 18];
+    p[1]=base64[(c&0x0003f000) >> 12];
+    p[2]=base64[(c&0x00000fc0) >> 6];
+    p[3]=base64[(c&0x0000003f) >> 0];
+    if(i > size)
+      p[3]='=';
+    if(i > size+1)
+      p[2]='=';
+    p+=4;
+  }
+  *p=0;
+  *str = s;
+  return strlen(s);
+}
+
+int base64_decode(const char *str, void *data)
+{
+  const char *p;
+  unsigned char *q;
+  int c;
+  int x;
+  int done = 0;
+  q=(unsigned char*)data;
+  for(p=str; *p && !done; p+=4){
+    x = pos(p[0]);
+    if(x >= 0)
+      c = x;
+    else{
+      done = 3;
+      break;
+    }
+    c*=64;
+    
+    x = pos(p[1]);
+    if(x >= 0)
+      c += x;
+    else
+      return -1;
+    c*=64;
+    
+    if(p[2] == '=')
+      done++;
+    else{
+      x = pos(p[2]);
+      if(x >= 0)
+	c += x;
+      else
+	return -1;
+    }
+    c*=64;
+    
+    if(p[3] == '=')
+      done++;
+    else{
+      if(done)
+	return -1;
+      x = pos(p[3]);
+      if(x >= 0)
+	c += x;
+      else
+	return -1;
+    }
+    if(done < 3)
+      *q++=(c&0x00ff0000)>>16;
+      
+    if(done < 2)
+      *q++=(c&0x0000ff00)>>8;
+    if(done < 1)
+      *q++=(c&0x000000ff)>>0;
+  }
+  return q - (unsigned char*)data;
+}
diff --git a/crypto/kerberosIV/appl/ftp/common/base64.h b/crypto/kerberosIV/appl/ftp/common/base64.h
new file mode 100644
index 0000000..fe799a2
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/base64.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      H�gskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: base64.h,v 1.5 1997/04/01 08:17:19 joda Exp $ */
+
+#ifndef _BASE64_H_
+#define _BASE64_H_
+
+int base64_encode(const void *data, int size, char **str);
+int base64_decode(const char *str, void *data);
+
+#endif
diff --git a/crypto/kerberosIV/appl/ftp/common/buffer.c b/crypto/kerberosIV/appl/ftp/common/buffer.c
new file mode 100644
index 0000000..0385d49
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/buffer.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "common.h"
+#include <stdio.h>
+#include <err.h>
+#include "roken.h"
+
+RCSID("$Id: buffer.c,v 1.3 1999/12/02 16:58:29 joda Exp $");
+
+/*
+ * Allocate a buffer enough to handle st->st_blksize, if
+ * there is such a field, otherwise BUFSIZ.
+ */
+
+void *
+alloc_buffer (void *oldbuf, size_t *sz, struct stat *st)
+{
+    size_t new_sz;
+
+    new_sz = BUFSIZ;
+#ifdef HAVE_ST_BLKSIZE
+    if (st)
+	new_sz = max(BUFSIZ, st->st_blksize);
+#endif
+    if(new_sz > *sz) {
+	if (oldbuf)
+	    free (oldbuf);
+	oldbuf = malloc (new_sz);
+	if (oldbuf == NULL) {
+	    warn ("malloc");
+	    *sz = 0;
+	    return NULL;
+	}
+	*sz = new_sz;
+    }
+    return oldbuf;
+}
+
diff --git a/crypto/kerberosIV/appl/ftp/common/common.h b/crypto/kerberosIV/appl/ftp/common/common.h
new file mode 100644
index 0000000..5949b25
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/common.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: common.h,v 1.12 1999/12/02 16:58:29 joda Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifndef __COMMON_H__
+#define __COMMON_H__
+
+#include "base64.h"
+
+void set_buffer_size(int, int);
+
+#include <stdlib.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+void *alloc_buffer (void *oldbuf, size_t *sz, struct stat *st);
+
+#endif /* __COMMON_H__ */
diff --git a/crypto/kerberosIV/appl/ftp/common/glob.c b/crypto/kerberosIV/appl/ftp/common/glob.c
new file mode 100644
index 0000000..8f19d7c
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/glob.c
@@ -0,0 +1,835 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * glob(3) -- a superset of the one defined in POSIX 1003.2.
+ *
+ * The [!...] convention to negate a range is supported (SysV, Posix, ksh).
+ *
+ * Optional extra services, controlled by flags not defined by POSIX:
+ *
+ * GLOB_QUOTE:
+ *	Escaping convention: \ inhibits any special meaning the following
+ *	character might have (except \ at end of string is retained).
+ * GLOB_MAGCHAR:
+ *	Set in gl_flags if pattern contained a globbing character.
+ * GLOB_NOMAGIC:
+ *	Same as GLOB_NOCHECK, but it will only append pattern if it did
+ *	not contain any magic characters.  [Used in csh style globbing]
+ * GLOB_ALTDIRFUNC:
+ *	Use alternately specified directory access functions.
+ * GLOB_TILDE:
+ *	expand ~user/foo to the /home/dir/of/user/foo
+ * GLOB_BRACE:
+ *	expand {1,2}{a,b} to 1a 1b 2a 2b 
+ * gl_matchc:
+ *	Number of matches in the current invocation of glob.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#include <ctype.h>
+#ifdef HAVE_DIRENT_H
+#include <dirent.h>
+#endif
+#include <errno.h>
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "glob.h"
+#include "roken.h"
+
+#define	CHAR_DOLLAR		'$'
+#define	CHAR_DOT		'.'
+#define	CHAR_EOS		'\0'
+#define	CHAR_LBRACKET		'['
+#define	CHAR_NOT		'!'
+#define	CHAR_QUESTION		'?'
+#define	CHAR_QUOTE		'\\'
+#define	CHAR_RANGE		'-'
+#define	CHAR_RBRACKET		']'
+#define	CHAR_SEP		'/'
+#define	CHAR_STAR		'*'
+#define	CHAR_TILDE		'~'
+#define	CHAR_UNDERSCORE		'_'
+#define	CHAR_LBRACE		'{'
+#define	CHAR_RBRACE		'}'
+#define	CHAR_SLASH		'/'
+#define	CHAR_COMMA		','
+
+#ifndef DEBUG
+
+#define	M_QUOTE		0x8000
+#define	M_PROTECT	0x4000
+#define	M_MASK		0xffff
+#define	M_ASCII		0x00ff
+
+typedef u_short Char;
+
+#else
+
+#define	M_QUOTE		0x80
+#define	M_PROTECT	0x40
+#define	M_MASK		0xff
+#define	M_ASCII		0x7f
+
+typedef char Char;
+
+#endif
+
+
+#define	CHAR(c)		((Char)((c)&M_ASCII))
+#define	META(c)		((Char)((c)|M_QUOTE))
+#define	M_ALL		META('*')
+#define	M_END		META(']')
+#define	M_NOT		META('!')
+#define	M_ONE		META('?')
+#define	M_RNG		META('-')
+#define	M_SET		META('[')
+#define	ismeta(c)	(((c)&M_QUOTE) != 0)
+
+
+static int	 compare (const void *, const void *);
+static void	 g_Ctoc (const Char *, char *);
+static int	 g_lstat (Char *, struct stat *, glob_t *);
+static DIR	*g_opendir (Char *, glob_t *);
+static Char	*g_strchr (Char *, int);
+#ifdef notdef
+static Char	*g_strcat (Char *, const Char *);
+#endif
+static int	 g_stat (Char *, struct stat *, glob_t *);
+static int	 glob0 (const Char *, glob_t *);
+static int	 glob1 (Char *, glob_t *);
+static int	 glob2 (Char *, Char *, Char *, glob_t *);
+static int	 glob3 (Char *, Char *, Char *, Char *, glob_t *);
+static int	 globextend (const Char *, glob_t *);
+static const Char *	 globtilde (const Char *, Char *, glob_t *);
+static int	 globexp1 (const Char *, glob_t *);
+static int	 globexp2 (const Char *, const Char *, glob_t *, int *);
+static int	 match (Char *, Char *, Char *);
+#ifdef DEBUG
+static void	 qprintf (const char *, Char *);
+#endif
+
+int
+glob(const char *pattern, 
+     int flags, 
+     int (*errfunc)(const char *, int), 
+     glob_t *pglob)
+{
+	const u_char *patnext;
+	int c;
+	Char *bufnext, *bufend, patbuf[MaxPathLen+1];
+
+	patnext = (u_char *) pattern;
+	if (!(flags & GLOB_APPEND)) {
+		pglob->gl_pathc = 0;
+		pglob->gl_pathv = NULL;
+		if (!(flags & GLOB_DOOFFS))
+			pglob->gl_offs = 0;
+	}
+	pglob->gl_flags = flags & ~GLOB_MAGCHAR;
+	pglob->gl_errfunc = errfunc;
+	pglob->gl_matchc = 0;
+
+	bufnext = patbuf;
+	bufend = bufnext + MaxPathLen;
+	if (flags & GLOB_QUOTE) {
+		/* Protect the quoted characters. */
+		while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) 
+			if (c == CHAR_QUOTE) {
+				if ((c = *patnext++) == CHAR_EOS) {
+					c = CHAR_QUOTE;
+					--patnext;
+				}
+				*bufnext++ = c | M_PROTECT;
+			}
+			else
+				*bufnext++ = c;
+	}
+	else 
+	    while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) 
+		    *bufnext++ = c;
+	*bufnext = CHAR_EOS;
+
+	if (flags & GLOB_BRACE)
+	    return globexp1(patbuf, pglob);
+	else
+	    return glob0(patbuf, pglob);
+}
+
+/*
+ * Expand recursively a glob {} pattern. When there is no more expansion
+ * invoke the standard globbing routine to glob the rest of the magic
+ * characters
+ */
+static int globexp1(const Char *pattern, glob_t *pglob)
+{
+	const Char* ptr = pattern;
+	int rv;
+
+	/* Protect a single {}, for find(1), like csh */
+	if (pattern[0] == CHAR_LBRACE && pattern[1] == CHAR_RBRACE && pattern[2] == CHAR_EOS)
+		return glob0(pattern, pglob);
+
+	while ((ptr = (const Char *) g_strchr((Char *) ptr, CHAR_LBRACE)) != NULL)
+		if (!globexp2(ptr, pattern, pglob, &rv))
+			return rv;
+
+	return glob0(pattern, pglob);
+}
+
+
+/*
+ * Recursive brace globbing helper. Tries to expand a single brace.
+ * If it succeeds then it invokes globexp1 with the new pattern.
+ * If it fails then it tries to glob the rest of the pattern and returns.
+ */
+static int globexp2(const Char *ptr, const Char *pattern, 
+		    glob_t *pglob, int *rv)
+{
+	int     i;
+	Char   *lm, *ls;
+	const Char *pe, *pm, *pl;
+	Char    patbuf[MaxPathLen + 1];
+
+	/* copy part up to the brace */
+	for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
+		continue;
+	ls = lm;
+
+	/* Find the balanced brace */
+	for (i = 0, pe = ++ptr; *pe; pe++)
+		if (*pe == CHAR_LBRACKET) {
+			/* Ignore everything between [] */
+			for (pm = pe++; *pe != CHAR_RBRACKET && *pe != CHAR_EOS; pe++)
+				continue;
+			if (*pe == CHAR_EOS) {
+				/* 
+				 * We could not find a matching CHAR_RBRACKET.
+				 * Ignore and just look for CHAR_RBRACE
+				 */
+				pe = pm;
+			}
+		}
+		else if (*pe == CHAR_LBRACE)
+			i++;
+		else if (*pe == CHAR_RBRACE) {
+			if (i == 0)
+				break;
+			i--;
+		}
+
+	/* Non matching braces; just glob the pattern */
+	if (i != 0 || *pe == CHAR_EOS) {
+		*rv = glob0(patbuf, pglob);
+		return 0;
+	}
+
+	for (i = 0, pl = pm = ptr; pm <= pe; pm++)
+		switch (*pm) {
+		case CHAR_LBRACKET:
+			/* Ignore everything between [] */
+			for (pl = pm++; *pm != CHAR_RBRACKET && *pm != CHAR_EOS; pm++)
+				continue;
+			if (*pm == CHAR_EOS) {
+				/* 
+				 * We could not find a matching CHAR_RBRACKET.
+				 * Ignore and just look for CHAR_RBRACE
+				 */
+				pm = pl;
+			}
+			break;
+
+		case CHAR_LBRACE:
+			i++;
+			break;
+
+		case CHAR_RBRACE:
+			if (i) {
+			    i--;
+			    break;
+			}
+			/* FALLTHROUGH */
+		case CHAR_COMMA:
+			if (i && *pm == CHAR_COMMA)
+				break;
+			else {
+				/* Append the current string */
+				for (lm = ls; (pl < pm); *lm++ = *pl++)
+					continue;
+				/* 
+				 * Append the rest of the pattern after the
+				 * closing brace
+				 */
+				for (pl = pe + 1; (*lm++ = *pl++) != CHAR_EOS;)
+					continue;
+
+				/* Expand the current pattern */
+#ifdef DEBUG
+				qprintf("globexp2:", patbuf);
+#endif
+				*rv = globexp1(patbuf, pglob);
+
+				/* move after the comma, to the next string */
+				pl = pm + 1;
+			}
+			break;
+
+		default:
+			break;
+		}
+	*rv = 0;
+	return 0;
+}
+
+
+
+/*
+ * expand tilde from the passwd file.
+ */
+static const Char *
+globtilde(const Char *pattern, Char *patbuf, glob_t *pglob)
+{
+	struct passwd *pwd;
+	char *h;
+	const Char *p;
+	Char *b;
+
+	if (*pattern != CHAR_TILDE || !(pglob->gl_flags & GLOB_TILDE))
+		return pattern;
+
+	/* Copy up to the end of the string or / */
+	for (p = pattern + 1, h = (char *) patbuf; *p && *p != CHAR_SLASH; 
+	     *h++ = *p++)
+		continue;
+
+	*h = CHAR_EOS;
+
+	if (((char *) patbuf)[0] == CHAR_EOS) {
+		/* 
+		 * handle a plain ~ or ~/ by expanding $HOME 
+		 * first and then trying the password file
+		 */
+		if ((h = getenv("HOME")) == NULL) {
+			if ((pwd = k_getpwuid(getuid())) == NULL)
+				return pattern;
+			else
+				h = pwd->pw_dir;
+		}
+	}
+	else {
+		/*
+		 * Expand a ~user
+		 */
+		if ((pwd = k_getpwnam((char*) patbuf)) == NULL)
+			return pattern;
+		else
+			h = pwd->pw_dir;
+	}
+
+	/* Copy the home directory */
+	for (b = patbuf; *h; *b++ = *h++)
+		continue;
+	
+	/* Append the rest of the pattern */
+	while ((*b++ = *p++) != CHAR_EOS)
+		continue;
+
+	return patbuf;
+}
+	
+
+/*
+ * The main glob() routine: compiles the pattern (optionally processing
+ * quotes), calls glob1() to do the real pattern matching, and finally
+ * sorts the list (unless unsorted operation is requested).  Returns 0
+ * if things went well, nonzero if errors occurred.  It is not an error
+ * to find no matches.
+ */
+static int
+glob0(const Char *pattern, glob_t *pglob)
+{
+	const Char *qpatnext;
+	int c, err, oldpathc;
+	Char *bufnext, patbuf[MaxPathLen+1];
+
+	qpatnext = globtilde(pattern, patbuf, pglob);
+	oldpathc = pglob->gl_pathc;
+	bufnext = patbuf;
+
+	/* We don't need to check for buffer overflow any more. */
+	while ((c = *qpatnext++) != CHAR_EOS) {
+		switch (c) {
+		case CHAR_LBRACKET:
+			c = *qpatnext;
+			if (c == CHAR_NOT)
+				++qpatnext;
+			if (*qpatnext == CHAR_EOS ||
+			    g_strchr((Char *) qpatnext+1, CHAR_RBRACKET) == NULL) {
+				*bufnext++ = CHAR_LBRACKET;
+				if (c == CHAR_NOT)
+					--qpatnext;
+				break;
+			}
+			*bufnext++ = M_SET;
+			if (c == CHAR_NOT)
+				*bufnext++ = M_NOT;
+			c = *qpatnext++;
+			do {
+				*bufnext++ = CHAR(c);
+				if (*qpatnext == CHAR_RANGE &&
+				    (c = qpatnext[1]) != CHAR_RBRACKET) {
+					*bufnext++ = M_RNG;
+					*bufnext++ = CHAR(c);
+					qpatnext += 2;
+				}
+			} while ((c = *qpatnext++) != CHAR_RBRACKET);
+			pglob->gl_flags |= GLOB_MAGCHAR;
+			*bufnext++ = M_END;
+			break;
+		case CHAR_QUESTION:
+			pglob->gl_flags |= GLOB_MAGCHAR;
+			*bufnext++ = M_ONE;
+			break;
+		case CHAR_STAR:
+			pglob->gl_flags |= GLOB_MAGCHAR;
+			/* collapse adjacent stars to one, 
+			 * to avoid exponential behavior
+			 */
+			if (bufnext == patbuf || bufnext[-1] != M_ALL)
+			    *bufnext++ = M_ALL;
+			break;
+		default:
+			*bufnext++ = CHAR(c);
+			break;
+		}
+	}
+	*bufnext = CHAR_EOS;
+#ifdef DEBUG
+	qprintf("glob0:", patbuf);
+#endif
+
+	if ((err = glob1(patbuf, pglob)) != 0)
+		return(err);
+
+	/*
+	 * If there was no match we are going to append the pattern 
+	 * if GLOB_NOCHECK was specified or if GLOB_NOMAGIC was specified
+	 * and the pattern did not contain any magic characters
+	 * GLOB_NOMAGIC is there just for compatibility with csh.
+	 */
+	if (pglob->gl_pathc == oldpathc && 
+	    ((pglob->gl_flags & GLOB_NOCHECK) || 
+	      ((pglob->gl_flags & GLOB_NOMAGIC) &&
+	       !(pglob->gl_flags & GLOB_MAGCHAR))))
+		return(globextend(pattern, pglob));
+	else if (!(pglob->gl_flags & GLOB_NOSORT)) 
+		qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
+		    pglob->gl_pathc - oldpathc, sizeof(char *), compare);
+	return(0);
+}
+
+static int
+compare(const void *p, const void *q)
+{
+	return(strcmp(*(char **)p, *(char **)q));
+}
+
+static int
+glob1(Char *pattern, glob_t *pglob)
+{
+	Char pathbuf[MaxPathLen+1];
+
+	/* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
+	if (*pattern == CHAR_EOS)
+		return(0);
+	return(glob2(pathbuf, pathbuf, pattern, pglob));
+}
+
+/*
+ * The functions glob2 and glob3 are mutually recursive; there is one level
+ * of recursion for each segment in the pattern that contains one or more
+ * meta characters.
+ */
+
+#ifndef S_ISLNK
+#if defined(S_IFLNK) && defined(S_IFMT)
+#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK)
+#else
+#define S_ISLNK(mode) 0
+#endif
+#endif
+
+static int
+glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob)
+{
+	struct stat sb;
+	Char *p, *q;
+	int anymeta;
+
+	/*
+	 * Loop over pattern segments until end of pattern or until
+	 * segment with meta character found.
+	 */
+	for (anymeta = 0;;) {
+		if (*pattern == CHAR_EOS) {		/* End of pattern? */
+			*pathend = CHAR_EOS;
+			if (g_lstat(pathbuf, &sb, pglob))
+				return(0);
+		
+			if (((pglob->gl_flags & GLOB_MARK) &&
+			    pathend[-1] != CHAR_SEP) && (S_ISDIR(sb.st_mode)
+			    || (S_ISLNK(sb.st_mode) &&
+			    (g_stat(pathbuf, &sb, pglob) == 0) &&
+			    S_ISDIR(sb.st_mode)))) {
+				*pathend++ = CHAR_SEP;
+				*pathend = CHAR_EOS;
+			}
+			++pglob->gl_matchc;
+			return(globextend(pathbuf, pglob));
+		}
+
+		/* Find end of next segment, copy tentatively to pathend. */
+		q = pathend;
+		p = pattern;
+		while (*p != CHAR_EOS && *p != CHAR_SEP) {
+			if (ismeta(*p))
+				anymeta = 1;
+			*q++ = *p++;
+		}
+
+		if (!anymeta) {		/* No expansion, do next segment. */
+			pathend = q;
+			pattern = p;
+			while (*pattern == CHAR_SEP)
+				*pathend++ = *pattern++;
+		} else			/* Need expansion, recurse. */
+			return(glob3(pathbuf, pathend, pattern, p, pglob));
+	}
+	/* CHAR_NOTREACHED */
+}
+
+static int
+glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern, 
+      glob_t *pglob)
+{
+	struct dirent *dp;
+	DIR *dirp;
+	int err;
+	char buf[MaxPathLen];
+
+	/*
+	 * The readdirfunc declaration can't be prototyped, because it is
+	 * assigned, below, to two functions which are prototyped in glob.h
+	 * and dirent.h as taking pointers to differently typed opaque
+	 * structures.
+	 */
+	struct dirent *(*readdirfunc)(void *);
+
+	*pathend = CHAR_EOS;
+	errno = 0;
+	    
+	if ((dirp = g_opendir(pathbuf, pglob)) == NULL) {
+		/* TODO: don't call for ENOENT or ENOTDIR? */
+		if (pglob->gl_errfunc) {
+			g_Ctoc(pathbuf, buf);
+			if (pglob->gl_errfunc(buf, errno) ||
+			    pglob->gl_flags & GLOB_ERR)
+				return (GLOB_ABEND);
+		}
+		return(0);
+	}
+
+	err = 0;
+
+	/* Search directory for matching names. */
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		readdirfunc = pglob->gl_readdir;
+	else
+		readdirfunc = (struct dirent *(*)(void *))readdir;
+	while ((dp = (*readdirfunc)(dirp))) {
+		u_char *sc;
+		Char *dc;
+
+		/* Initial CHAR_DOT must be matched literally. */
+		if (dp->d_name[0] == CHAR_DOT && *pattern != CHAR_DOT)
+			continue;
+		for (sc = (u_char *) dp->d_name, dc = pathend; 
+		     (*dc++ = *sc++) != CHAR_EOS;)
+			continue;
+		if (!match(pathend, pattern, restpattern)) {
+			*pathend = CHAR_EOS;
+			continue;
+		}
+		err = glob2(pathbuf, --dc, restpattern, pglob);
+		if (err)
+			break;
+	}
+
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		(*pglob->gl_closedir)(dirp);
+	else
+		closedir(dirp);
+	return(err);
+}
+
+
+/*
+ * Extend the gl_pathv member of a glob_t structure to accomodate a new item,
+ * add the new item, and update gl_pathc.
+ *
+ * This assumes the BSD realloc, which only copies the block when its size
+ * crosses a power-of-two boundary; for v7 realloc, this would cause quadratic
+ * behavior.
+ *
+ * Return 0 if new item added, error code if memory couldn't be allocated.
+ *
+ * Invariant of the glob_t structure:
+ *	Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and
+ *	gl_pathv points to (gl_offs + gl_pathc + 1) items.
+ */
+static int
+globextend(const Char *path, glob_t *pglob)
+{
+	char **pathv;
+	int i;
+	u_int newsize;
+	char *copy;
+	const Char *p;
+
+	newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
+	pathv = pglob->gl_pathv ? 
+		    realloc(pglob->gl_pathv, newsize) :
+		    malloc(newsize);
+	if (pathv == NULL)
+		return(GLOB_NOSPACE);
+
+	if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
+		/* first time around -- clear initial gl_offs items */
+		pathv += pglob->gl_offs;
+		for (i = pglob->gl_offs; --i >= 0; )
+			*--pathv = NULL;
+	}
+	pglob->gl_pathv = pathv;
+
+	for (p = path; *p++;)
+		continue;
+	if ((copy = malloc(p - path)) != NULL) {
+		g_Ctoc(path, copy);
+		pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
+	}
+	pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
+	return(copy == NULL ? GLOB_NOSPACE : 0);
+}
+
+
+/*
+ * pattern matching function for filenames.  Each occurrence of the *
+ * pattern causes a recursion level.
+ */
+static int
+match(Char *name, Char *pat, Char *patend)
+{
+	int ok, negate_range;
+	Char c, k;
+
+	while (pat < patend) {
+		c = *pat++;
+		switch (c & M_MASK) {
+		case M_ALL:
+			if (pat == patend)
+				return(1);
+			do 
+			    if (match(name, pat, patend))
+				    return(1);
+			while (*name++ != CHAR_EOS);
+			return(0);
+		case M_ONE:
+			if (*name++ == CHAR_EOS)
+				return(0);
+			break;
+		case M_SET:
+			ok = 0;
+			if ((k = *name++) == CHAR_EOS)
+				return(0);
+			if ((negate_range = ((*pat & M_MASK) == M_NOT)) != CHAR_EOS)
+				++pat;
+			while (((c = *pat++) & M_MASK) != M_END)
+				if ((*pat & M_MASK) == M_RNG) {
+					if (c <= k && k <= pat[1])
+						ok = 1;
+					pat += 2;
+				} else if (c == k)
+					ok = 1;
+			if (ok == negate_range)
+				return(0);
+			break;
+		default:
+			if (*name++ != c)
+				return(0);
+			break;
+		}
+	}
+	return(*name == CHAR_EOS);
+}
+
+/* Free allocated data belonging to a glob_t structure. */
+void
+globfree(glob_t *pglob)
+{
+	int i;
+	char **pp;
+
+	if (pglob->gl_pathv != NULL) {
+		pp = pglob->gl_pathv + pglob->gl_offs;
+		for (i = pglob->gl_pathc; i--; ++pp)
+			if (*pp)
+				free(*pp);
+		free(pglob->gl_pathv);
+	}
+}
+
+static DIR *
+g_opendir(Char *str, glob_t *pglob)
+{
+	char buf[MaxPathLen];
+
+	if (!*str)
+		strcpy(buf, ".");
+	else
+		g_Ctoc(str, buf);
+
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		return((*pglob->gl_opendir)(buf));
+
+	return(opendir(buf));
+}
+
+static int
+g_lstat(Char *fn, struct stat *sb, glob_t *pglob)
+{
+	char buf[MaxPathLen];
+
+	g_Ctoc(fn, buf);
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		return((*pglob->gl_lstat)(buf, sb));
+	return(lstat(buf, sb));
+}
+
+static int
+g_stat(Char *fn, struct stat *sb, glob_t *pglob)
+{
+	char buf[MaxPathLen];
+
+	g_Ctoc(fn, buf);
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		return((*pglob->gl_stat)(buf, sb));
+	return(stat(buf, sb));
+}
+
+static Char *
+g_strchr(Char *str, int ch)
+{
+	do {
+		if (*str == ch)
+			return (str);
+	} while (*str++);
+	return (NULL);
+}
+
+#ifdef notdef
+static Char *
+g_strcat(Char *dst, const Char *src)
+{
+	Char *sdst = dst;
+
+	while (*dst++)
+		continue;
+	--dst;
+	while((*dst++ = *src++) != CHAR_EOS)
+	    continue;
+
+	return (sdst);
+}
+#endif
+
+static void
+g_Ctoc(const Char *str, char *buf)
+{
+	char *dc;
+
+	for (dc = buf; (*dc++ = *str++) != CHAR_EOS;)
+		continue;
+}
+
+#ifdef DEBUG
+static void 
+qprintf(const Char *str, Char *s)
+{
+	Char *p;
+
+	printf("%s:\n", str);
+	for (p = s; *p; p++)
+		printf("%c", CHAR(*p));
+	printf("\n");
+	for (p = s; *p; p++)
+		printf("%c", *p & M_PROTECT ? '"' : ' ');
+	printf("\n");
+	for (p = s; *p; p++)
+		printf("%c", ismeta(*p) ? '_' : ' ');
+	printf("\n");
+}
+#endif
diff --git a/crypto/kerberosIV/appl/ftp/common/glob.h b/crypto/kerberosIV/appl/ftp/common/glob.h
new file mode 100644
index 0000000..bece48a
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/glob.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)glob.h	8.1 (Berkeley) 6/2/93
+ */
+
+#ifndef _GLOB_H_
+#define	_GLOB_H_
+
+struct stat;
+typedef struct {
+	int gl_pathc;		/* Count of total paths so far. */
+	int gl_matchc;		/* Count of paths matching pattern. */
+	int gl_offs;		/* Reserved at beginning of gl_pathv. */
+	int gl_flags;		/* Copy of flags parameter to glob. */
+	char **gl_pathv;	/* List of paths matching pattern. */
+				/* Copy of errfunc parameter to glob. */
+	int (*gl_errfunc) (const char *, int);
+
+	/*
+	 * Alternate filesystem access methods for glob; replacement
+	 * versions of closedir(3), readdir(3), opendir(3), stat(2)
+	 * and lstat(2).
+	 */
+	void (*gl_closedir) (void *);
+	struct dirent *(*gl_readdir) (void *);	
+	void *(*gl_opendir) (const char *);
+	int (*gl_lstat) (const char *, struct stat *);
+	int (*gl_stat) (const char *, struct stat *);
+} glob_t;
+
+#define	GLOB_APPEND	0x0001	/* Append to output from previous call. */
+#define	GLOB_DOOFFS	0x0002	/* Use gl_offs. */
+#define	GLOB_ERR	0x0004	/* Return on error. */
+#define	GLOB_MARK	0x0008	/* Append / to matching directories. */
+#define	GLOB_NOCHECK	0x0010	/* Return pattern itself if nothing matches. */
+#define	GLOB_NOSORT	0x0020	/* Don't sort. */
+
+#define	GLOB_ALTDIRFUNC	0x0040	/* Use alternately specified directory funcs. */
+#define	GLOB_BRACE	0x0080	/* Expand braces ala csh. */
+#define	GLOB_MAGCHAR	0x0100	/* Pattern had globbing characters. */
+#define	GLOB_NOMAGIC	0x0200	/* GLOB_NOCHECK without magic chars (csh). */
+#define	GLOB_QUOTE	0x0400	/* Quote special chars with \. */
+#define	GLOB_TILDE	0x0800	/* Expand tilde names from the passwd file. */
+
+#define	GLOB_NOSPACE	(-1)	/* Malloc call failed. */
+#define	GLOB_ABEND	(-2)	/* Unignored error. */
+
+int	glob (const char *, int, int (*)(const char *, int), glob_t *);
+void	globfree (glob_t *);
+
+#endif /* !_GLOB_H_ */
diff --git a/crypto/kerberosIV/appl/ftp/common/sockbuf.c b/crypto/kerberosIV/appl/ftp/common/sockbuf.c
new file mode 100644
index 0000000..460cc6f
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/sockbuf.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "common.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+RCSID("$Id: sockbuf.c,v 1.3 1999/12/02 16:58:29 joda Exp $");
+
+void
+set_buffer_size(int fd, int read)
+{
+#if defined(SO_RCVBUF) && defined(SO_SNDBUF) && defined(HAVE_SETSOCKOPT)
+    size_t size = 4194304;
+    while(size >= 131072 && 
+	  setsockopt(fd, SOL_SOCKET, read ? SO_RCVBUF : SO_SNDBUF, 
+		     (void *)&size, sizeof(size)) < 0)
+	size /= 2;
+#endif
+}
+
+
diff --git a/crypto/kerberosIV/appl/ftp/ftp/Makefile.am b/crypto/kerberosIV/appl/ftp/ftp/Makefile.am
new file mode 100644
index 0000000..081465a
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/Makefile.am
@@ -0,0 +1,44 @@
+# $Id: Makefile.am,v 1.12 1999/04/09 18:22:08 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += -I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_krb4)
+
+bin_PROGRAMS = ftp
+
+CHECK_LOCAL = 
+
+if KRB4
+krb4_sources = krb4.c kauth.c
+endif
+if KRB5
+krb5_sources = gssapi.c
+endif
+
+ftp_SOURCES = \
+	cmds.c \
+	cmdtab.c \
+	extern.h \
+	ftp.c \
+	ftp_locl.h \
+	ftp_var.h \
+	main.c \
+	pathnames.h \
+	ruserpass.c \
+	domacro.c \
+	globals.c \
+	security.c \
+	security.h \
+	$(krb4_sources) \
+	$(krb5_sources)
+
+EXTRA_ftp_SOURCES = krb4.c kauth.c gssapi.c
+
+LDADD = \
+	../common/libcommon.a \
+	$(LIB_gssapi) \
+	$(LIB_krb5) \
+	$(LIB_krb4) \
+	$(top_builddir)/lib/des/libdes.la \
+	$(LIB_roken) \
+	$(LIB_readline)
diff --git a/crypto/kerberosIV/appl/ftp/ftp/Makefile.in b/crypto/kerberosIV/appl/ftp/ftp/Makefile.in
new file mode 100644
index 0000000..637d553
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/Makefile.in
@@ -0,0 +1,102 @@
+# 
+# $Id: Makefile.in,v 1.32 1999/03/11 13:58:09 joda Exp $
+#
+
+SHELL		= /bin/sh
+
+srcdir		= @srcdir@
+top_srcdir	= @top_srcdir@
+VPATH		= @srcdir@
+
+top_builddir		= ../../..
+
+CC 	= @CC@
+RANLIB 	= @RANLIB@
+DEFS 	= @DEFS@
+CFLAGS 	= @CFLAGS@ $(WFLAGS)
+WFLAGS	= @WFLAGS@
+CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include -I$(srcdir)/../common  @INCLUDE_readline@
+LD_FLAGS = @LD_FLAGS@
+LIB_tgetent = @LIB_tgetent@
+LIBS	 = @LIBS@ @LIB_readline@
+MKINSTALLDIRS = $(top_srcdir)/mkinstalldirs
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+
+prefix 	= @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+libdir = @libdir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+INCTOP = $(top_builddir)/include
+
+LIBTOP = $(top_builddir)/lib
+
+PROGS = ftp$(EXECSUFFIX)
+
+ftp_SOURCES =		\
+	cmds.c		\
+	cmdtab.c	\
+	domacro.c	\
+	ftp.c		\
+	globals.c	\
+	kauth.c		\
+	krb4.c		\
+	main.c		\
+	ruserpass.c	\
+	security.c
+
+ftp_OBJS =		\
+	cmds.o		\
+	cmdtab.o	\
+	domacro.o	\
+	ftp.o		\
+	globals.o	\
+	kauth.o		\
+	krb4.o		\
+	main.o		\
+	ruserpass.o	\
+	security.o
+
+OBJECTS = $(ftp_OBJS)
+SOURCES = $(ftp_SOURCES)
+
+all: $(PROGS)
+
+.c.o:
+	$(CC) -c -I$(srcdir) -I../../../include $(DEFS) $(CFLAGS) $(CPPFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
+	for x in $(PROGS); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(PROGS); do \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+ftp$(EXECSUFFIX): $(ftp_OBJS)
+	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(ftp_OBJS) -L../common -lcommon -L$(LIBTOP)/krb -lkrb -L$(LIBTOP)/des -ldes -L$(LIBTOP)/roken -lroken $(LIBS) -L$(LIBTOP)/roken -lroken
+
+TAGS:	$(SOURCES)
+	etags $(SOURCES)
+
+clean:
+	rm -f *~ *.o core ftp$(EXECSUFFIX) \#*
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile
+
+realclean: distclean
+	rm -f TAGS
+
+$(OBJECTS): ../../../include/config.h
+
+.PHONY: all install uninstall clean cleandir distclean
diff --git a/crypto/kerberosIV/appl/ftp/ftp/cmds.c b/crypto/kerberosIV/appl/ftp/ftp/cmds.c
new file mode 100644
index 0000000..7698313
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/cmds.c
@@ -0,0 +1,2116 @@
+/*
+ * Copyright (c) 1985, 1989, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * FTP User Program -- Command Routines.
+ */
+
+#include "ftp_locl.h"
+RCSID("$Id: cmds.c,v 1.36 1999/09/16 20:37:28 assar Exp $");
+
+typedef void (*sighand)(int);
+
+jmp_buf	jabort;
+char   *mname;
+char   *home = "/";
+
+/*
+ * `Another' gets another argument, and stores the new argc and argv.
+ * It reverts to the top level (via main.c's intr()) on EOF/error.
+ *
+ * Returns false if no new arguments have been added.
+ */
+int
+another(int *pargc, char ***pargv, char *prompt)
+{
+	int len = strlen(line), ret;
+
+	if (len >= sizeof(line) - 3) {
+		printf("sorry, arguments too long\n");
+		intr(0);
+	}
+	printf("(%s) ", prompt);
+	line[len++] = ' ';
+	if (fgets(&line[len], sizeof(line) - len, stdin) == NULL)
+		intr(0);
+	len += strlen(&line[len]);
+	if (len > 0 && line[len - 1] == '\n')
+		line[len - 1] = '\0';
+	makeargv();
+	ret = margc > *pargc;
+	*pargc = margc;
+	*pargv = margv;
+	return (ret);
+}
+
+/*
+ * Connect to peer server and
+ * auto-login, if possible.
+ */
+void
+setpeer(int argc, char **argv)
+{
+	char *host;
+	short port;
+	struct servent *sp;
+
+	if (connected) {
+		printf("Already connected to %s, use close first.\n",
+			hostname);
+		code = -1;
+		return;
+	}
+	if (argc < 2)
+		another(&argc, &argv, "to");
+	if (argc < 2 || argc > 3) {
+		printf("usage: %s host-name [port]\n", argv[0]);
+		code = -1;
+		return;
+	}
+	sp = getservbyname("ftp", "tcp");
+	if (sp == NULL)
+		errx(1, "You bastard. You removed ftp/tcp from services");
+	port = sp->s_port;
+	if (argc > 2) {
+		port = atoi(argv[2]);
+		if (port <= 0) {
+			printf("%s: bad port number-- %s\n", argv[1], argv[2]);
+			printf ("usage: %s host-name [port]\n", argv[0]);
+			code = -1;
+			return;
+		}
+		port = htons(port);
+	}
+	host = hookup(argv[1], port);
+	if (host) {
+		int overbose;
+
+		connected = 1;
+		/*
+		 * Set up defaults for FTP.
+		 */
+		strlcpy(typename, "ascii", sizeof(typename));
+		type = TYPE_A;
+		curtype = TYPE_A;
+		strlcpy(formname, "non-print", sizeof(formname));
+		form = FORM_N;
+		strlcpy(modename, "stream", sizeof(modename));
+		mode = MODE_S;
+		strlcpy(structname, "file", sizeof(structname));
+		stru = STRU_F;
+		strlcpy(bytename, "8", sizeof(bytename));
+		bytesize = 8;
+		if (autologin)
+			login(argv[1]);
+
+#if (defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY)) && NBBY == 8
+/*
+ * this ifdef is to keep someone form "porting" this to an incompatible
+ * system and not checking this out. This way they have to think about it.
+ */
+		overbose = verbose;
+		if (debug == 0)
+			verbose = -1;
+		if (command("SYST") == COMPLETE && overbose) {
+			char *cp, c;
+			cp = strchr(reply_string+4, ' ');
+			if (cp == NULL)
+				cp = strchr(reply_string+4, '\r');
+			if (cp) {
+				if (cp[-1] == '.')
+					cp--;
+				c = *cp;
+				*cp = '\0';
+			}
+
+			printf("Remote system type is %s.\n",
+				reply_string+4);
+			if (cp)
+				*cp = c;
+		}
+		if (!strncmp(reply_string, "215 UNIX Type: L8", 17)) {
+			if (proxy)
+				unix_proxy = 1;
+			else
+				unix_server = 1;
+			/*
+			 * Set type to 0 (not specified by user),
+			 * meaning binary by default, but don't bother
+			 * telling server.  We can use binary
+			 * for text files unless changed by the user.
+			 */
+			type = 0;
+			strlcpy(typename, "binary", sizeof(typename));
+			if (overbose)
+			    printf("Using %s mode to transfer files.\n",
+				typename);
+		} else {
+			if (proxy)
+				unix_proxy = 0;
+			else
+				unix_server = 0;
+			if (overbose && 
+			    !strncmp(reply_string, "215 TOPS20", 10))
+				printf(
+"Remember to set tenex mode when transfering binary files from this machine.\n");
+		}
+		verbose = overbose;
+#endif /* unix */
+	}
+}
+
+struct	types {
+	char	*t_name;
+	char	*t_mode;
+	int	t_type;
+	char	*t_arg;
+} types[] = {
+	{ "ascii",	"A",	TYPE_A,	0 },
+	{ "binary",	"I",	TYPE_I,	0 },
+	{ "image",	"I",	TYPE_I,	0 },
+	{ "ebcdic",	"E",	TYPE_E,	0 },
+	{ "tenex",	"L",	TYPE_L,	bytename },
+	{ NULL }
+};
+
+/*
+ * Set transfer type.
+ */
+void
+settype(int argc, char **argv)
+{
+	struct types *p;
+	int comret;
+
+	if (argc > 2) {
+		char *sep;
+
+		printf("usage: %s [", argv[0]);
+		sep = " ";
+		for (p = types; p->t_name; p++) {
+			printf("%s%s", sep, p->t_name);
+			sep = " | ";
+		}
+		printf(" ]\n");
+		code = -1;
+		return;
+	}
+	if (argc < 2) {
+		printf("Using %s mode to transfer files.\n", typename);
+		code = 0;
+		return;
+	}
+	for (p = types; p->t_name; p++)
+		if (strcmp(argv[1], p->t_name) == 0)
+			break;
+	if (p->t_name == 0) {
+		printf("%s: unknown mode\n", argv[1]);
+		code = -1;
+		return;
+	}
+	if ((p->t_arg != NULL) && (*(p->t_arg) != '\0'))
+		comret = command ("TYPE %s %s", p->t_mode, p->t_arg);
+	else
+		comret = command("TYPE %s", p->t_mode);
+	if (comret == COMPLETE) {
+		strlcpy(typename, p->t_name, sizeof(typename));
+		curtype = type = p->t_type;
+	}
+}
+
+/*
+ * Internal form of settype; changes current type in use with server
+ * without changing our notion of the type for data transfers.
+ * Used to change to and from ascii for listings.
+ */
+void
+changetype(int newtype, int show)
+{
+	struct types *p;
+	int comret, oldverbose = verbose;
+
+	if (newtype == 0)
+		newtype = TYPE_I;
+	if (newtype == curtype)
+		return;
+	if (debug == 0 && show == 0)
+		verbose = 0;
+	for (p = types; p->t_name; p++)
+		if (newtype == p->t_type)
+			break;
+	if (p->t_name == 0) {
+		printf("ftp: internal error: unknown type %d\n", newtype);
+		return;
+	}
+	if (newtype == TYPE_L && bytename[0] != '\0')
+		comret = command("TYPE %s %s", p->t_mode, bytename);
+	else
+		comret = command("TYPE %s", p->t_mode);
+	if (comret == COMPLETE)
+		curtype = newtype;
+	verbose = oldverbose;
+}
+
+char *stype[] = {
+	"type",
+	"",
+	0
+};
+
+/*
+ * Set binary transfer type.
+ */
+/*VARARGS*/
+void
+setbinary(int argc, char **argv)
+{
+
+	stype[1] = "binary";
+	settype(2, stype);
+}
+
+/*
+ * Set ascii transfer type.
+ */
+/*VARARGS*/
+void
+setascii(int argc, char **argv)
+{
+
+	stype[1] = "ascii";
+	settype(2, stype);
+}
+
+/*
+ * Set tenex transfer type.
+ */
+/*VARARGS*/
+void
+settenex(int argc, char **argv)
+{
+
+	stype[1] = "tenex";
+	settype(2, stype);
+}
+
+/*
+ * Set file transfer mode.
+ */
+/*ARGSUSED*/
+void
+setftmode(int argc, char **argv)
+{
+
+	printf("We only support %s mode, sorry.\n", modename);
+	code = -1;
+}
+
+/*
+ * Set file transfer format.
+ */
+/*ARGSUSED*/
+void
+setform(int argc, char **argv)
+{
+
+	printf("We only support %s format, sorry.\n", formname);
+	code = -1;
+}
+
+/*
+ * Set file transfer structure.
+ */
+/*ARGSUSED*/
+void
+setstruct(int argc, char **argv)
+{
+
+	printf("We only support %s structure, sorry.\n", structname);
+	code = -1;
+}
+
+/*
+ * Send a single file.
+ */
+void
+put(int argc, char **argv)
+{
+	char *cmd;
+	int loc = 0;
+	char *oldargv1, *oldargv2;
+
+	if (argc == 2) {
+		argc++;
+		argv[2] = argv[1];
+		loc++;
+	}
+	if (argc < 2 && !another(&argc, &argv, "local-file"))
+		goto usage;
+	if (argc < 3 && !another(&argc, &argv, "remote-file")) {
+usage:
+		printf("usage: %s local-file remote-file\n", argv[0]);
+		code = -1;
+		return;
+	}
+	oldargv1 = argv[1];
+	oldargv2 = argv[2];
+	if (!globulize(&argv[1])) {
+		code = -1;
+		return;
+	}
+	/*
+	 * If "globulize" modifies argv[1], and argv[2] is a copy of
+	 * the old argv[1], make it a copy of the new argv[1].
+	 */
+	if (argv[1] != oldargv1 && argv[2] == oldargv1) {
+		argv[2] = argv[1];
+	}
+	cmd = (argv[0][0] == 'a') ? "APPE" : ((sunique) ? "STOU" : "STOR");
+	if (loc && ntflag) {
+		argv[2] = dotrans(argv[2]);
+	}
+	if (loc && mapflag) {
+		argv[2] = domap(argv[2]);
+	}
+	sendrequest(cmd, argv[1], argv[2],
+		    curtype == TYPE_I ? "rb" : "r",
+		    argv[1] != oldargv1 || argv[2] != oldargv2);
+}
+
+/* ARGSUSED */
+static RETSIGTYPE
+mabort(int signo)
+{
+	int ointer;
+
+	printf("\n");
+	fflush(stdout);
+	if (mflag && fromatty) {
+		ointer = interactive;
+		interactive = 1;
+		if (confirm("Continue with", mname)) {
+			interactive = ointer;
+			longjmp(jabort,0);
+		}
+		interactive = ointer;
+	}
+	mflag = 0;
+	longjmp(jabort,0);
+}
+
+/*
+ * Send multiple files.
+ */
+void
+mput(int argc, char **argv)
+{
+    int i;
+    RETSIGTYPE (*oldintr)();
+    int ointer;
+    char *tp;
+
+    if (argc < 2 && !another(&argc, &argv, "local-files")) {
+	printf("usage: %s local-files\n", argv[0]);
+	code = -1;
+	return;
+    }
+    mname = argv[0];
+    mflag = 1;
+    oldintr = signal(SIGINT, mabort);
+    setjmp(jabort);
+    if (proxy) {
+	char *cp, *tp2, tmpbuf[MaxPathLen];
+
+	while ((cp = remglob(argv,0)) != NULL) {
+	    if (*cp == 0) {
+		mflag = 0;
+		continue;
+	    }
+	    if (mflag && confirm(argv[0], cp)) {
+		tp = cp;
+		if (mcase) {
+		    while (*tp && !islower(*tp)) {
+			tp++;
+		    }
+		    if (!*tp) {
+			tp = cp;
+			tp2 = tmpbuf;
+			while ((*tp2 = *tp) != '\0') {
+			    if (isupper(*tp2)) {
+				*tp2 = 'a' + *tp2 - 'A';
+			    }
+			    tp++;
+			    tp2++;
+			}
+		    }
+		    tp = tmpbuf;
+		}
+		if (ntflag) {
+		    tp = dotrans(tp);
+		}
+		if (mapflag) {
+		    tp = domap(tp);
+		}
+		sendrequest((sunique) ? "STOU" : "STOR",
+			    cp, tp,
+			    curtype == TYPE_I ? "rb" : "r",
+			    cp != tp || !interactive);
+		if (!mflag && fromatty) {
+		    ointer = interactive;
+		    interactive = 1;
+		    if (confirm("Continue with","mput")) {
+			mflag++;
+		    }
+		    interactive = ointer;
+		}
+	    }
+	}
+	signal(SIGINT, oldintr);
+	mflag = 0;
+	return;
+    }
+    for (i = 1; i < argc; i++) {
+	char **cpp;
+	glob_t gl;
+	int flags;
+
+	if (!doglob) {
+	    if (mflag && confirm(argv[0], argv[i])) {
+		tp = (ntflag) ? dotrans(argv[i]) : argv[i];
+		tp = (mapflag) ? domap(tp) : tp;
+		sendrequest((sunique) ? "STOU" : "STOR",
+			    argv[i],
+			    curtype == TYPE_I ? "rb" : "r",
+			    tp, tp != argv[i] || !interactive);
+		if (!mflag && fromatty) {
+		    ointer = interactive;
+		    interactive = 1;
+		    if (confirm("Continue with","mput")) {
+			mflag++;
+		    }
+		    interactive = ointer;
+		}
+	    }
+	    continue;
+	}
+
+	memset(&gl, 0, sizeof(gl));
+	flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+	if (glob(argv[i], flags, NULL, &gl) || gl.gl_pathc == 0) {
+	    warnx("%s: not found", argv[i]);
+	    globfree(&gl);
+	    continue;
+	}
+	for (cpp = gl.gl_pathv; cpp && *cpp != NULL; cpp++) {
+	    if (mflag && confirm(argv[0], *cpp)) {
+		tp = (ntflag) ? dotrans(*cpp) : *cpp;
+		tp = (mapflag) ? domap(tp) : tp;
+		sendrequest((sunique) ? "STOU" : "STOR",
+			    *cpp, tp,
+			    curtype == TYPE_I ? "rb" : "r",
+			    *cpp != tp || !interactive);
+		if (!mflag && fromatty) {
+		    ointer = interactive;
+		    interactive = 1;
+		    if (confirm("Continue with","mput")) {
+			mflag++;
+		    }
+		    interactive = ointer;
+		}
+	    }
+	}
+	globfree(&gl);
+    }
+    signal(SIGINT, oldintr);
+    mflag = 0;
+}
+
+void
+reget(int argc, char **argv)
+{
+    getit(argc, argv, 1, curtype == TYPE_I ? "r+wb" : "r+w");
+}
+
+void
+get(int argc, char **argv)
+{
+    char *mode;
+
+    if (restart_point)
+	if (curtype == TYPE_I)
+	    mode = "r+wb";
+	else
+	    mode = "r+w";
+    else
+	if (curtype == TYPE_I)
+	    mode = "wb";
+	else
+	    mode = "w";
+
+    getit(argc, argv, 0, mode);
+}
+
+/*
+ * Receive one file.
+ */
+int
+getit(int argc, char **argv, int restartit, char *mode)
+{
+	int loc = 0;
+	int local_given = 1;
+	char *oldargv1, *oldargv2;
+
+	if (argc == 2) {
+		argc++;
+		local_given = 0;
+		argv[2] = argv[1];
+		loc++;
+	}
+	if ((argc < 2 && !another(&argc, &argv, "remote-file")) ||
+	    (argc < 3 && !another(&argc, &argv, "local-file"))) {
+		printf("usage: %s remote-file [ local-file ]\n", argv[0]);
+		code = -1;
+		return (0);
+	}
+	oldargv1 = argv[1];
+	oldargv2 = argv[2];
+	if (!globulize(&argv[2])) {
+		code = -1;
+		return (0);
+	}
+	if (loc && mcase) {
+		char *tp = argv[1], *tp2, tmpbuf[MaxPathLen];
+
+		while (*tp && !islower(*tp)) {
+			tp++;
+		}
+		if (!*tp) {
+			tp = argv[2];
+			tp2 = tmpbuf;
+			while ((*tp2 = *tp) != '\0') {
+				if (isupper(*tp2)) {
+					*tp2 = 'a' + *tp2 - 'A';
+				}
+				tp++;
+				tp2++;
+			}
+			argv[2] = tmpbuf;
+		}
+	}
+	if (loc && ntflag)
+		argv[2] = dotrans(argv[2]);
+	if (loc && mapflag)
+		argv[2] = domap(argv[2]);
+	if (restartit) {
+		struct stat stbuf;
+		int ret;
+
+		ret = stat(argv[2], &stbuf);
+		if (restartit == 1) {
+			if (ret < 0) {
+				warn("local: %s", argv[2]);
+				return (0);
+			}
+			restart_point = stbuf.st_size;
+		} else if (ret == 0) {
+			int overbose;
+			int cmdret;
+			int yy, mo, day, hour, min, sec;
+			struct tm *tm;
+
+			overbose = verbose;
+			if (debug == 0)
+				verbose = -1;
+			cmdret = command("MDTM %s", argv[1]);
+			verbose = overbose;
+			if (cmdret != COMPLETE) {
+				printf("%s\n", reply_string);
+				return (0);
+			}
+			if (sscanf(reply_string,
+				   "%*s %04d%02d%02d%02d%02d%02d",
+				   &yy, &mo, &day, &hour, &min, &sec)
+			    != 6) {
+				printf ("bad MDTM result\n");
+				return (0);
+			}
+
+			tm = gmtime(&stbuf.st_mtime);
+			tm->tm_mon++;
+			tm->tm_year += 1900;
+
+			if ((tm->tm_year > yy) ||
+			    (tm->tm_year == yy && 
+			     tm->tm_mon > mo) ||
+			    (tm->tm_mon == mo && 
+			     tm->tm_mday > day) ||
+			    (tm->tm_mday == day && 
+			     tm->tm_hour > hour) ||
+			    (tm->tm_hour == hour && 
+			     tm->tm_min > min) ||
+			    (tm->tm_min == min && 
+			     tm->tm_sec > sec))
+				return (1);
+		}
+	}
+
+	recvrequest("RETR", argv[2], argv[1], mode,
+		    argv[1] != oldargv1 || argv[2] != oldargv2, local_given);
+	restart_point = 0;
+	return (0);
+}
+
+static int
+suspicious_filename(const char *fn)
+{
+    return strstr(fn, "../") != NULL || *fn == '/';
+}
+
+/*
+ * Get multiple files.
+ */
+void
+mget(int argc, char **argv)
+{
+	sighand oldintr;
+	int ch, ointer;
+	char *cp, *tp, *tp2, tmpbuf[MaxPathLen];
+
+	if (argc < 2 && !another(&argc, &argv, "remote-files")) {
+		printf("usage: %s remote-files\n", argv[0]);
+		code = -1;
+		return;
+	}
+	mname = argv[0];
+	mflag = 1;
+	oldintr = signal(SIGINT, mabort);
+	setjmp(jabort);
+	while ((cp = remglob(argv,proxy)) != NULL) {
+		if (*cp == '\0') {
+			mflag = 0;
+			continue;
+		}
+		if (mflag && suspicious_filename(cp))
+		    printf("*** Suspicious filename: %s\n", cp);
+		if (mflag && confirm(argv[0], cp)) {
+			tp = cp;
+			if (mcase) {
+				for (tp2 = tmpbuf; (ch = *tp++);)
+					*tp2++ = isupper(ch) ? tolower(ch) : ch;
+				*tp2 = '\0';
+				tp = tmpbuf;
+			}
+			if (ntflag) {
+				tp = dotrans(tp);
+			}
+			if (mapflag) {
+				tp = domap(tp);
+			}
+			recvrequest("RETR", tp, cp,
+				    curtype == TYPE_I ? "wb" : "w",
+				    tp != cp || !interactive, 0);
+			if (!mflag && fromatty) {
+				ointer = interactive;
+				interactive = 1;
+				if (confirm("Continue with","mget")) {
+					mflag++;
+				}
+				interactive = ointer;
+			}
+		}
+	}
+	signal(SIGINT,oldintr);
+	mflag = 0;
+}
+
+char *
+remglob(char **argv, int doswitch)
+{
+    char temp[16];
+    static char buf[MaxPathLen];
+    static FILE *ftemp = NULL;
+    static char **args;
+    int oldverbose, oldhash;
+    char *cp, *mode;
+
+    if (!mflag) {
+	if (!doglob) {
+	    args = NULL;
+	}
+	else {
+	    if (ftemp) {
+		fclose(ftemp);
+		ftemp = NULL;
+	    }
+	}
+	return (NULL);
+    }
+    if (!doglob) {
+	if (args == NULL)
+	    args = argv;
+	if ((cp = *++args) == NULL)
+	    args = NULL;
+	return (cp);
+    }
+    if (ftemp == NULL) {
+	int fd;
+	strlcpy(temp, _PATH_TMP_XXX, sizeof(temp));
+	fd = mkstemp(temp);
+	if(fd < 0){
+	    warn("unable to create temporary file %s", temp);
+	    return NULL;
+	}
+	close(fd);
+	oldverbose = verbose, verbose = 0;
+	oldhash = hash, hash = 0;
+	if (doswitch) {
+	    pswitch(!proxy);
+	}
+	for (mode = "w"; *++argv != NULL; mode = "a")
+	    recvrequest ("NLST", temp, *argv, mode, 0, 0);
+	if (doswitch) {
+	    pswitch(!proxy);
+	}
+	verbose = oldverbose; hash = oldhash;
+	ftemp = fopen(temp, "r");
+	unlink(temp);
+	if (ftemp == NULL) {
+	    printf("can't find list of remote files, oops\n");
+	    return (NULL);
+	}
+    }
+    while(fgets(buf, sizeof (buf), ftemp)) {
+	if ((cp = strchr(buf, '\n')) != NULL)
+	    *cp = '\0';
+	if(!interactive && suspicious_filename(buf)){
+	    printf("Ignoring remote globbed file `%s'\n", buf);
+	    continue;
+	}
+	return buf;
+    }
+    fclose(ftemp);
+    ftemp = NULL;
+    return (NULL);
+}
+
+char *
+onoff(int bool)
+{
+
+	return (bool ? "on" : "off");
+}
+
+/*
+ * Show status.
+ */
+/*ARGSUSED*/
+void
+status(int argc, char **argv)
+{
+	int i;
+
+	if (connected)
+		printf("Connected to %s.\n", hostname);
+	else
+		printf("Not connected.\n");
+	if (!proxy) {
+		pswitch(1);
+		if (connected) {
+			printf("Connected for proxy commands to %s.\n", hostname);
+		}
+		else {
+			printf("No proxy connection.\n");
+		}
+		pswitch(0);
+	}
+	sec_status();
+	printf("Mode: %s; Type: %s; Form: %s; Structure: %s\n",
+		modename, typename, formname, structname);
+	printf("Verbose: %s; Bell: %s; Prompting: %s; Globbing: %s\n", 
+		onoff(verbose), onoff(bell), onoff(interactive),
+		onoff(doglob));
+	printf("Store unique: %s; Receive unique: %s\n", onoff(sunique),
+		onoff(runique));
+	printf("Case: %s; CR stripping: %s\n",onoff(mcase),onoff(crflag));
+	if (ntflag) {
+		printf("Ntrans: (in) %s (out) %s\n", ntin,ntout);
+	}
+	else {
+		printf("Ntrans: off\n");
+	}
+	if (mapflag) {
+		printf("Nmap: (in) %s (out) %s\n", mapin, mapout);
+	}
+	else {
+		printf("Nmap: off\n");
+	}
+	printf("Hash mark printing: %s; Use of PORT cmds: %s\n",
+		onoff(hash), onoff(sendport));
+	if (macnum > 0) {
+		printf("Macros:\n");
+		for (i=0; i<macnum; i++) {
+			printf("\t%s\n",macros[i].mac_name);
+		}
+	}
+	code = 0;
+}
+
+/*
+ * Set beep on cmd completed mode.
+ */
+/*VARARGS*/
+void
+setbell(int argc, char **argv)
+{
+
+	bell = !bell;
+	printf("Bell mode %s.\n", onoff(bell));
+	code = bell;
+}
+
+/*
+ * Turn on packet tracing.
+ */
+/*VARARGS*/
+void
+settrace(int argc, char **argv)
+{
+
+	trace = !trace;
+	printf("Packet tracing %s.\n", onoff(trace));
+	code = trace;
+}
+
+/*
+ * Toggle hash mark printing during transfers.
+ */
+/*VARARGS*/
+void
+sethash(int argc, char **argv)
+{
+
+	hash = !hash;
+	printf("Hash mark printing %s", onoff(hash));
+	code = hash;
+	if (hash)
+		printf(" (%d bytes/hash mark)", 1024);
+	printf(".\n");
+}
+
+/*
+ * Turn on printing of server echo's.
+ */
+/*VARARGS*/
+void
+setverbose(int argc, char **argv)
+{
+
+	verbose = !verbose;
+	printf("Verbose mode %s.\n", onoff(verbose));
+	code = verbose;
+}
+
+/*
+ * Toggle PORT cmd use before each data connection.
+ */
+/*VARARGS*/
+void
+setport(int argc, char **argv)
+{
+
+	sendport = !sendport;
+	printf("Use of PORT cmds %s.\n", onoff(sendport));
+	code = sendport;
+}
+
+/*
+ * Turn on interactive prompting
+ * during mget, mput, and mdelete.
+ */
+/*VARARGS*/
+void
+setprompt(int argc, char **argv)
+{
+
+	interactive = !interactive;
+	printf("Interactive mode %s.\n", onoff(interactive));
+	code = interactive;
+}
+
+/*
+ * Toggle metacharacter interpretation
+ * on local file names.
+ */
+/*VARARGS*/
+void
+setglob(int argc, char **argv)
+{
+	
+	doglob = !doglob;
+	printf("Globbing %s.\n", onoff(doglob));
+	code = doglob;
+}
+
+/*
+ * Set debugging mode on/off and/or
+ * set level of debugging.
+ */
+/*VARARGS*/
+void
+setdebug(int argc, char **argv)
+{
+	int val;
+
+	if (argc > 1) {
+		val = atoi(argv[1]);
+		if (val < 0) {
+			printf("%s: bad debugging value.\n", argv[1]);
+			code = -1;
+			return;
+		}
+	} else
+		val = !debug;
+	debug = val;
+	if (debug)
+		options |= SO_DEBUG;
+	else
+		options &= ~SO_DEBUG;
+	printf("Debugging %s (debug=%d).\n", onoff(debug), debug);
+	code = debug > 0;
+}
+
+/*
+ * Set current working directory
+ * on remote machine.
+ */
+void
+cd(int argc, char **argv)
+{
+
+	if (argc < 2 && !another(&argc, &argv, "remote-directory")) {
+		printf("usage: %s remote-directory\n", argv[0]);
+		code = -1;
+		return;
+	}
+	if (command("CWD %s", argv[1]) == ERROR && code == 500) {
+		if (verbose)
+			printf("CWD command not recognized, trying XCWD\n");
+		command("XCWD %s", argv[1]);
+	}
+}
+
+/*
+ * Set current working directory
+ * on local machine.
+ */
+void
+lcd(int argc, char **argv)
+{
+	char buf[MaxPathLen];
+
+	if (argc < 2)
+		argc++, argv[1] = home;
+	if (argc != 2) {
+		printf("usage: %s local-directory\n", argv[0]);
+		code = -1;
+		return;
+	}
+	if (!globulize(&argv[1])) {
+		code = -1;
+		return;
+	}
+	if (chdir(argv[1]) < 0) {
+		warn("local: %s", argv[1]);
+		code = -1;
+		return;
+	}
+	if (getcwd(buf, sizeof(buf)) != NULL)
+		printf("Local directory now %s\n", buf);
+	else
+		warnx("getwd: %s", buf);
+	code = 0;
+}
+
+/*
+ * Delete a single file.
+ */
+void
+delete(int argc, char **argv)
+{
+
+	if (argc < 2 && !another(&argc, &argv, "remote-file")) {
+		printf("usage: %s remote-file\n", argv[0]);
+		code = -1;
+		return;
+	}
+	command("DELE %s", argv[1]);
+}
+
+/*
+ * Delete multiple files.
+ */
+void
+mdelete(int argc, char **argv)
+{
+    sighand oldintr;
+    int ointer;
+    char *cp;
+
+    if (argc < 2 && !another(&argc, &argv, "remote-files")) {
+	printf("usage: %s remote-files\n", argv[0]);
+	code = -1;
+	return;
+    }
+    mname = argv[0];
+    mflag = 1;
+    oldintr = signal(SIGINT, mabort);
+    setjmp(jabort);
+    while ((cp = remglob(argv,0)) != NULL) {
+	if (*cp == '\0') {
+	    mflag = 0;
+	    continue;
+	}
+	if (mflag && confirm(argv[0], cp)) {
+	    command("DELE %s", cp);
+	    if (!mflag && fromatty) {
+		ointer = interactive;
+		interactive = 1;
+		if (confirm("Continue with", "mdelete")) {
+		    mflag++;
+		}
+		interactive = ointer;
+	    }
+	}
+    }
+    signal(SIGINT, oldintr);
+    mflag = 0;
+}
+
+/*
+ * Rename a remote file.
+ */
+void
+renamefile(int argc, char **argv)
+{
+
+	if (argc < 2 && !another(&argc, &argv, "from-name"))
+		goto usage;
+	if (argc < 3 && !another(&argc, &argv, "to-name")) {
+usage:
+		printf("%s from-name to-name\n", argv[0]);
+		code = -1;
+		return;
+	}
+	if (command("RNFR %s", argv[1]) == CONTINUE)
+		command("RNTO %s", argv[2]);
+}
+
+/*
+ * Get a directory listing
+ * of remote files.
+ */
+void
+ls(int argc, char **argv)
+{
+	char *cmd;
+
+	if (argc < 2)
+		argc++, argv[1] = NULL;
+	if (argc < 3)
+		argc++, argv[2] = "-";
+	if (argc > 3) {
+		printf("usage: %s remote-directory local-file\n", argv[0]);
+		code = -1;
+		return;
+	}
+	cmd = argv[0][0] == 'n' ? "NLST" : "LIST";
+	if (strcmp(argv[2], "-") && !globulize(&argv[2])) {
+		code = -1;
+		return;
+	}
+	if (strcmp(argv[2], "-") && *argv[2] != '|')
+	    if (!globulize(&argv[2]) || !confirm("output to local-file:", 
+						 argv[2])) {
+		code = -1;
+		return;
+	    }
+	recvrequest(cmd, argv[2], argv[1], "w", 0, 1);
+}
+
+/*
+ * Get a directory listing
+ * of multiple remote files.
+ */
+void
+mls(int argc, char **argv)
+{
+	sighand oldintr;
+	int ointer, i;
+	char *cmd, mode[1], *dest;
+
+	if (argc < 2 && !another(&argc, &argv, "remote-files"))
+		goto usage;
+	if (argc < 3 && !another(&argc, &argv, "local-file")) {
+usage:
+		printf("usage: %s remote-files local-file\n", argv[0]);
+		code = -1;
+		return;
+	}
+	dest = argv[argc - 1];
+	argv[argc - 1] = NULL;
+	if (strcmp(dest, "-") && *dest != '|')
+		if (!globulize(&dest) ||
+		    !confirm("output to local-file:", dest)) {
+			code = -1;
+			return;
+	}
+	cmd = argv[0][1] == 'l' ? "NLST" : "LIST";
+	mname = argv[0];
+	mflag = 1;
+	oldintr = signal(SIGINT, mabort);
+	setjmp(jabort);
+	for (i = 1; mflag && i < argc-1; ++i) {
+		*mode = (i == 1) ? 'w' : 'a';
+		recvrequest(cmd, dest, argv[i], mode, 0, 1);
+		if (!mflag && fromatty) {
+			ointer = interactive;
+			interactive = 1;
+			if (confirm("Continue with", argv[0])) {
+				mflag ++;
+			}
+			interactive = ointer;
+		}
+	}
+	signal(SIGINT, oldintr);
+	mflag = 0;
+}
+
+/*
+ * Do a shell escape
+ */
+/*ARGSUSED*/
+void
+shell(int argc, char **argv)
+{
+	pid_t pid;
+	RETSIGTYPE (*old1)(), (*old2)();
+	char shellnam[40], *shell, *namep; 
+	int status;
+
+	old1 = signal (SIGINT, SIG_IGN);
+	old2 = signal (SIGQUIT, SIG_IGN);
+	if ((pid = fork()) == 0) {
+		for (pid = 3; pid < 20; pid++)
+			close(pid);
+		signal(SIGINT, SIG_DFL);
+		signal(SIGQUIT, SIG_DFL);
+		shell = getenv("SHELL");
+		if (shell == NULL)
+			shell = _PATH_BSHELL;
+		namep = strrchr(shell,'/');
+		if (namep == NULL)
+			namep = shell;
+		snprintf (shellnam, sizeof(shellnam),
+			  "-%s", ++namep);
+		if (strcmp(namep, "sh") != 0)
+			shellnam[0] = '+';
+		if (debug) {
+			printf ("%s\n", shell);
+			fflush (stdout);
+		}
+		if (argc > 1) {
+			execl(shell,shellnam,"-c",altarg,(char *)0);
+		}
+		else {
+			execl(shell,shellnam,(char *)0);
+		}
+		warn("%s", shell);
+		code = -1;
+		exit(1);
+	}
+	if (pid > 0)
+		while (waitpid(-1, &status, 0) != pid)
+			;
+	signal(SIGINT, old1);
+	signal(SIGQUIT, old2);
+	if (pid == -1) {
+		warn("%s", "Try again later");
+		code = -1;
+	}
+	else {
+		code = 0;
+	}
+}
+
+/*
+ * Send new user information (re-login)
+ */
+void
+user(int argc, char **argv)
+{
+	char acct[80];
+	int n, aflag = 0;
+	char tmp[256];
+
+	if (argc < 2)
+		another(&argc, &argv, "username");
+	if (argc < 2 || argc > 4) {
+		printf("usage: %s username [password] [account]\n", argv[0]);
+		code = -1;
+		return;
+	}
+	n = command("USER %s", argv[1]);
+	if (n == CONTINUE) {
+	    if (argc < 3 ) {
+		des_read_pw_string (tmp,
+				    sizeof(tmp),
+				    "Password: ", 0);
+		argv[2] = tmp;
+		argc++;
+	    }
+	    n = command("PASS %s", argv[2]);
+	}
+	if (n == CONTINUE) {
+		if (argc < 4) {
+			printf("Account: "); fflush(stdout);
+			fgets(acct, sizeof(acct) - 1, stdin);
+			acct[strlen(acct) - 1] = '\0';
+			argv[3] = acct; argc++;
+		}
+		n = command("ACCT %s", argv[3]);
+		aflag++;
+	}
+	if (n != COMPLETE) {
+		fprintf(stdout, "Login failed.\n");
+		return;
+	}
+	if (!aflag && argc == 4) {
+		command("ACCT %s", argv[3]);
+	}
+}
+
+/*
+ * Print working directory.
+ */
+/*VARARGS*/
+void
+pwd(int argc, char **argv)
+{
+	int oldverbose = verbose;
+
+	/*
+	 * If we aren't verbose, this doesn't do anything!
+	 */
+	verbose = 1;
+	if (command("PWD") == ERROR && code == 500) {
+		printf("PWD command not recognized, trying XPWD\n");
+		command("XPWD");
+	}
+	verbose = oldverbose;
+}
+
+/*
+ * Make a directory.
+ */
+void
+makedir(int argc, char **argv)
+{
+
+	if (argc < 2 && !another(&argc, &argv, "directory-name")) {
+		printf("usage: %s directory-name\n", argv[0]);
+		code = -1;
+		return;
+	}
+	if (command("MKD %s", argv[1]) == ERROR && code == 500) {
+		if (verbose)
+			printf("MKD command not recognized, trying XMKD\n");
+		command("XMKD %s", argv[1]);
+	}
+}
+
+/*
+ * Remove a directory.
+ */
+void
+removedir(int argc, char **argv)
+{
+
+	if (argc < 2 && !another(&argc, &argv, "directory-name")) {
+		printf("usage: %s directory-name\n", argv[0]);
+		code = -1;
+		return;
+	}
+	if (command("RMD %s", argv[1]) == ERROR && code == 500) {
+		if (verbose)
+			printf("RMD command not recognized, trying XRMD\n");
+		command("XRMD %s", argv[1]);
+	}
+}
+
+/*
+ * Send a line, verbatim, to the remote machine.
+ */
+void
+quote(int argc, char **argv)
+{
+
+	if (argc < 2 && !another(&argc, &argv, "command line to send")) {
+		printf("usage: %s line-to-send\n", argv[0]);
+		code = -1;
+		return;
+	}
+	quote1("", argc, argv);
+}
+
+/*
+ * Send a SITE command to the remote machine.  The line
+ * is sent verbatim to the remote machine, except that the
+ * word "SITE" is added at the front.
+ */
+void
+site(int argc, char **argv)
+{
+
+	if (argc < 2 && !another(&argc, &argv, "arguments to SITE command")) {
+		printf("usage: %s line-to-send\n", argv[0]);
+		code = -1;
+		return;
+	}
+	quote1("SITE ", argc, argv);
+}
+
+/*
+ * Turn argv[1..argc) into a space-separated string, then prepend initial text.
+ * Send the result as a one-line command and get response.
+ */
+void
+quote1(char *initial, int argc, char **argv)
+{
+    int i;
+    char buf[BUFSIZ];		/* must be >= sizeof(line) */
+
+    strlcpy(buf, initial, sizeof(buf));
+    for(i = 1; i < argc; i++) {
+	if(i > 1)
+	    strlcat(buf, " ", sizeof(buf));
+	strlcat(buf, argv[i], sizeof(buf));
+    }
+    if (command("%s", buf) == PRELIM) {
+	while (getreply(0) == PRELIM)
+	    continue;
+    }
+}
+
+void
+do_chmod(int argc, char **argv)
+{
+
+	if (argc < 2 && !another(&argc, &argv, "mode"))
+		goto usage;
+	if (argc < 3 && !another(&argc, &argv, "file-name")) {
+usage:
+		printf("usage: %s mode file-name\n", argv[0]);
+		code = -1;
+		return;
+	}
+	command("SITE CHMOD %s %s", argv[1], argv[2]);
+}
+
+void
+do_umask(int argc, char **argv)
+{
+	int oldverbose = verbose;
+
+	verbose = 1;
+	command(argc == 1 ? "SITE UMASK" : "SITE UMASK %s", argv[1]);
+	verbose = oldverbose;
+}
+
+void
+ftp_idle(int argc, char **argv)
+{
+	int oldverbose = verbose;
+
+	verbose = 1;
+	command(argc == 1 ? "SITE IDLE" : "SITE IDLE %s", argv[1]);
+	verbose = oldverbose;
+}
+
+/*
+ * Ask the other side for help.
+ */
+void
+rmthelp(int argc, char **argv)
+{
+	int oldverbose = verbose;
+
+	verbose = 1;
+	command(argc == 1 ? "HELP" : "HELP %s", argv[1]);
+	verbose = oldverbose;
+}
+
+/*
+ * Terminate session and exit.
+ */
+/*VARARGS*/
+void
+quit(int argc, char **argv)
+{
+
+	if (connected)
+		disconnect(0, 0);
+	pswitch(1);
+	if (connected) {
+		disconnect(0, 0);
+	}
+	exit(0);
+}
+
+/*
+ * Terminate session, but don't exit.
+ */
+void
+disconnect(int argc, char **argv)
+{
+
+	if (!connected)
+		return;
+	command("QUIT");
+	if (cout) {
+		fclose(cout);
+	}
+	cout = NULL;
+	connected = 0;
+	sec_end();
+	data = -1;
+	if (!proxy) {
+		macnum = 0;
+	}
+}
+
+int
+confirm(char *cmd, char *file)
+{
+	char line[BUFSIZ];
+
+	if (!interactive)
+		return (1);
+	printf("%s %s? ", cmd, file);
+	fflush(stdout);
+	if (fgets(line, sizeof line, stdin) == NULL)
+		return (0);
+	return (*line == 'y' || *line == 'Y');
+}
+
+void
+fatal(char *msg)
+{
+
+	errx(1, "%s", msg);
+}
+
+/*
+ * Glob a local file name specification with
+ * the expectation of a single return value.
+ * Can't control multiple values being expanded
+ * from the expression, we return only the first.
+ */
+int
+globulize(char **cpp)
+{
+	glob_t gl;
+	int flags;
+
+	if (!doglob)
+		return (1);
+
+	flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+	memset(&gl, 0, sizeof(gl));
+	if (glob(*cpp, flags, NULL, &gl) ||
+	    gl.gl_pathc == 0) {
+		warnx("%s: not found", *cpp);
+		globfree(&gl);
+		return (0);
+	}
+	*cpp = strdup(gl.gl_pathv[0]);	/* XXX - wasted memory */
+	globfree(&gl);
+	return (1);
+}
+
+void
+account(int argc, char **argv)
+{
+	char acct[50];
+
+	if (argc > 1) {
+		++argv;
+		--argc;
+		strlcpy (acct, *argv, sizeof(acct));
+		while (argc > 1) {
+			--argc;
+			++argv;
+			strlcat(acct, *argv, sizeof(acct));
+		}
+	}
+	else {
+	    des_read_pw_string(acct, sizeof(acct), "Account:", 0);
+	}
+	command("ACCT %s", acct);
+}
+
+jmp_buf abortprox;
+
+static RETSIGTYPE
+proxabort(int sig)
+{
+
+	if (!proxy) {
+		pswitch(1);
+	}
+	if (connected) {
+		proxflag = 1;
+	}
+	else {
+		proxflag = 0;
+	}
+	pswitch(0);
+	longjmp(abortprox,1);
+}
+
+void
+doproxy(int argc, char **argv)
+{
+	struct cmd *c;
+	RETSIGTYPE (*oldintr)();
+
+	if (argc < 2 && !another(&argc, &argv, "command")) {
+		printf("usage: %s command\n", argv[0]);
+		code = -1;
+		return;
+	}
+	c = getcmd(argv[1]);
+	if (c == (struct cmd *) -1) {
+		printf("?Ambiguous command\n");
+		fflush(stdout);
+		code = -1;
+		return;
+	}
+	if (c == 0) {
+		printf("?Invalid command\n");
+		fflush(stdout);
+		code = -1;
+		return;
+	}
+	if (!c->c_proxy) {
+		printf("?Invalid proxy command\n");
+		fflush(stdout);
+		code = -1;
+		return;
+	}
+	if (setjmp(abortprox)) {
+		code = -1;
+		return;
+	}
+	oldintr = signal(SIGINT, proxabort);
+	pswitch(1);
+	if (c->c_conn && !connected) {
+		printf("Not connected\n");
+		fflush(stdout);
+		pswitch(0);
+		signal(SIGINT, oldintr);
+		code = -1;
+		return;
+	}
+	(*c->c_handler)(argc-1, argv+1);
+	if (connected) {
+		proxflag = 1;
+	}
+	else {
+		proxflag = 0;
+	}
+	pswitch(0);
+	signal(SIGINT, oldintr);
+}
+
+void
+setcase(int argc, char **argv)
+{
+
+	mcase = !mcase;
+	printf("Case mapping %s.\n", onoff(mcase));
+	code = mcase;
+}
+
+void
+setcr(int argc, char **argv)
+{
+
+	crflag = !crflag;
+	printf("Carriage Return stripping %s.\n", onoff(crflag));
+	code = crflag;
+}
+
+void
+setntrans(int argc, char **argv)
+{
+	if (argc == 1) {
+		ntflag = 0;
+		printf("Ntrans off.\n");
+		code = ntflag;
+		return;
+	}
+	ntflag++;
+	code = ntflag;
+	strlcpy (ntin, argv[1], 17);
+	if (argc == 2) {
+		ntout[0] = '\0';
+		return;
+	}
+	strlcpy (ntout, argv[2], 17);
+}
+
+char *
+dotrans(char *name)
+{
+	static char new[MaxPathLen];
+	char *cp1, *cp2 = new;
+	int i, ostop, found;
+
+	for (ostop = 0; *(ntout + ostop) && ostop < 16; ostop++)
+		continue;
+	for (cp1 = name; *cp1; cp1++) {
+		found = 0;
+		for (i = 0; *(ntin + i) && i < 16; i++) {
+			if (*cp1 == *(ntin + i)) {
+				found++;
+				if (i < ostop) {
+					*cp2++ = *(ntout + i);
+				}
+				break;
+			}
+		}
+		if (!found) {
+			*cp2++ = *cp1;
+		}
+	}
+	*cp2 = '\0';
+	return (new);
+}
+
+void
+setnmap(int argc, char **argv)
+{
+	char *cp;
+
+	if (argc == 1) {
+		mapflag = 0;
+		printf("Nmap off.\n");
+		code = mapflag;
+		return;
+	}
+	if (argc < 3 && !another(&argc, &argv, "mapout")) {
+		printf("Usage: %s [mapin mapout]\n",argv[0]);
+		code = -1;
+		return;
+	}
+	mapflag = 1;
+	code = 1;
+	cp = strchr(altarg, ' ');
+	if (proxy) {
+		while(*++cp == ' ')
+			continue;
+		altarg = cp;
+		cp = strchr(altarg, ' ');
+	}
+	*cp = '\0';
+	strlcpy(mapin, altarg, MaxPathLen);
+	while (*++cp == ' ')
+		continue;
+	strlcpy(mapout, cp, MaxPathLen);
+}
+
+char *
+domap(char *name)
+{
+	static char new[MaxPathLen];
+	char *cp1 = name, *cp2 = mapin;
+	char *tp[9], *te[9];
+	int i, toks[9], toknum = 0, match = 1;
+
+	for (i=0; i < 9; ++i) {
+		toks[i] = 0;
+	}
+	while (match && *cp1 && *cp2) {
+		switch (*cp2) {
+			case '\\':
+				if (*++cp2 != *cp1) {
+					match = 0;
+				}
+				break;
+			case '$':
+				if (*(cp2+1) >= '1' && (*cp2+1) <= '9') {
+					if (*cp1 != *(++cp2+1)) {
+						toks[toknum = *cp2 - '1']++;
+						tp[toknum] = cp1;
+						while (*++cp1 && *(cp2+1)
+							!= *cp1);
+						te[toknum] = cp1;
+					}
+					cp2++;
+					break;
+				}
+				/* FALLTHROUGH */
+			default:
+				if (*cp2 != *cp1) {
+					match = 0;
+				}
+				break;
+		}
+		if (match && *cp1) {
+			cp1++;
+		}
+		if (match && *cp2) {
+			cp2++;
+		}
+	}
+	if (!match && *cp1) /* last token mismatch */
+	{
+		toks[toknum] = 0;
+	}
+	cp1 = new;
+	*cp1 = '\0';
+	cp2 = mapout;
+	while (*cp2) {
+		match = 0;
+		switch (*cp2) {
+			case '\\':
+				if (*(cp2 + 1)) {
+					*cp1++ = *++cp2;
+				}
+				break;
+			case '[':
+LOOP:
+				if (*++cp2 == '$' && isdigit(*(cp2+1))) { 
+					if (*++cp2 == '0') {
+						char *cp3 = name;
+
+						while (*cp3) {
+							*cp1++ = *cp3++;
+						}
+						match = 1;
+					}
+					else if (toks[toknum = *cp2 - '1']) {
+						char *cp3 = tp[toknum];
+
+						while (cp3 != te[toknum]) {
+							*cp1++ = *cp3++;
+						}
+						match = 1;
+					}
+				}
+				else {
+					while (*cp2 && *cp2 != ',' && 
+					    *cp2 != ']') {
+						if (*cp2 == '\\') {
+							cp2++;
+						}
+						else if (*cp2 == '$' &&
+   						        isdigit(*(cp2+1))) {
+							if (*++cp2 == '0') {
+							   char *cp3 = name;
+
+							   while (*cp3) {
+								*cp1++ = *cp3++;
+							   }
+							}
+							else if (toks[toknum =
+							    *cp2 - '1']) {
+							   char *cp3=tp[toknum];
+
+							   while (cp3 !=
+								  te[toknum]) {
+								*cp1++ = *cp3++;
+							   }
+							}
+						}
+						else if (*cp2) {
+							*cp1++ = *cp2++;
+						}
+					}
+					if (!*cp2) {
+						printf("nmap: unbalanced brackets\n");
+						return (name);
+					}
+					match = 1;
+					cp2--;
+				}
+				if (match) {
+					while (*++cp2 && *cp2 != ']') {
+					      if (*cp2 == '\\' && *(cp2 + 1)) {
+							cp2++;
+					      }
+					}
+					if (!*cp2) {
+						printf("nmap: unbalanced brackets\n");
+						return (name);
+					}
+					break;
+				}
+				switch (*++cp2) {
+					case ',':
+						goto LOOP;
+					case ']':
+						break;
+					default:
+						cp2--;
+						goto LOOP;
+				}
+				break;
+			case '$':
+				if (isdigit(*(cp2 + 1))) {
+					if (*++cp2 == '0') {
+						char *cp3 = name;
+
+						while (*cp3) {
+							*cp1++ = *cp3++;
+						}
+					}
+					else if (toks[toknum = *cp2 - '1']) {
+						char *cp3 = tp[toknum];
+
+						while (cp3 != te[toknum]) {
+							*cp1++ = *cp3++;
+						}
+					}
+					break;
+				}
+				/* intentional drop through */
+			default:
+				*cp1++ = *cp2;
+				break;
+		}
+		cp2++;
+	}
+	*cp1 = '\0';
+	if (!*new) {
+		return (name);
+	}
+	return (new);
+}
+
+void
+setpassive(int argc, char **argv)
+{
+
+	passivemode = !passivemode;
+	printf("Passive mode %s.\n", onoff(passivemode));
+	code = passivemode;
+}
+
+void
+setsunique(int argc, char **argv)
+{
+
+	sunique = !sunique;
+	printf("Store unique %s.\n", onoff(sunique));
+	code = sunique;
+}
+
+void
+setrunique(int argc, char **argv)
+{
+
+	runique = !runique;
+	printf("Receive unique %s.\n", onoff(runique));
+	code = runique;
+}
+
+/* change directory to perent directory */
+void
+cdup(int argc, char **argv)
+{
+
+	if (command("CDUP") == ERROR && code == 500) {
+		if (verbose)
+			printf("CDUP command not recognized, trying XCUP\n");
+		command("XCUP");
+	}
+}
+
+/* restart transfer at specific point */
+void
+restart(int argc, char **argv)
+{
+
+    if (argc != 2)
+	printf("restart: offset not specified\n");
+    else {
+	restart_point = atol(argv[1]);
+	printf("restarting at %ld. %s\n", (long)restart_point,
+	       "execute get, put or append to initiate transfer");
+    }
+}
+
+/* show remote system type */
+void
+syst(int argc, char **argv)
+{
+
+	command("SYST");
+}
+
+void
+macdef(int argc, char **argv)
+{
+	char *tmp;
+	int c;
+
+	if (macnum == 16) {
+		printf("Limit of 16 macros have already been defined\n");
+		code = -1;
+		return;
+	}
+	if (argc < 2 && !another(&argc, &argv, "macro name")) {
+		printf("Usage: %s macro_name\n",argv[0]);
+		code = -1;
+		return;
+	}
+	if (interactive) {
+		printf("Enter macro line by line, terminating it with a null line\n");
+	}
+	strlcpy(macros[macnum].mac_name,
+			argv[1],
+			sizeof(macros[macnum].mac_name));
+	if (macnum == 0) {
+		macros[macnum].mac_start = macbuf;
+	}
+	else {
+		macros[macnum].mac_start = macros[macnum - 1].mac_end + 1;
+	}
+	tmp = macros[macnum].mac_start;
+	while (tmp != macbuf+4096) {
+		if ((c = getchar()) == EOF) {
+			printf("macdef:end of file encountered\n");
+			code = -1;
+			return;
+		}
+		if ((*tmp = c) == '\n') {
+			if (tmp == macros[macnum].mac_start) {
+				macros[macnum++].mac_end = tmp;
+				code = 0;
+				return;
+			}
+			if (*(tmp-1) == '\0') {
+				macros[macnum++].mac_end = tmp - 1;
+				code = 0;
+				return;
+			}
+			*tmp = '\0';
+		}
+		tmp++;
+	}
+	while (1) {
+		while ((c = getchar()) != '\n' && c != EOF)
+			/* LOOP */;
+		if (c == EOF || getchar() == '\n') {
+			printf("Macro not defined - 4k buffer exceeded\n");
+			code = -1;
+			return;
+		}
+	}
+}
+
+/*
+ * get size of file on remote machine
+ */
+void
+sizecmd(int argc, char **argv)
+{
+
+	if (argc < 2 && !another(&argc, &argv, "filename")) {
+		printf("usage: %s filename\n", argv[0]);
+		code = -1;
+		return;
+	}
+	command("SIZE %s", argv[1]);
+}
+
+/*
+ * get last modification time of file on remote machine
+ */
+void
+modtime(int argc, char **argv)
+{
+	int overbose;
+
+	if (argc < 2 && !another(&argc, &argv, "filename")) {
+		printf("usage: %s filename\n", argv[0]);
+		code = -1;
+		return;
+	}
+	overbose = verbose;
+	if (debug == 0)
+		verbose = -1;
+	if (command("MDTM %s", argv[1]) == COMPLETE) {
+		int yy, mo, day, hour, min, sec;
+		sscanf(reply_string, "%*s %04d%02d%02d%02d%02d%02d", &yy, &mo,
+			&day, &hour, &min, &sec);
+		/* might want to print this in local time */
+		printf("%s\t%02d/%02d/%04d %02d:%02d:%02d GMT\n", argv[1],
+			mo, day, yy, hour, min, sec);
+	} else
+		printf("%s\n", reply_string);
+	verbose = overbose;
+}
+
+/*
+ * show status on reomte machine
+ */
+void
+rmtstatus(int argc, char **argv)
+{
+
+	command(argc > 1 ? "STAT %s" : "STAT" , argv[1]);
+}
+
+/*
+ * get file if modtime is more recent than current file
+ */
+void
+newer(int argc, char **argv)
+{
+
+	if (getit(argc, argv, -1, curtype == TYPE_I ? "wb" : "w"))
+		printf("Local file \"%s\" is newer than remote file \"%s\"\n",
+			argv[2], argv[1]);
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c b/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c
new file mode 100644
index 0000000..5dc96ef
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c
@@ -0,0 +1,202 @@
+/*
+ * Copyright (c) 1985, 1989, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftp_locl.h"
+
+/*
+ * User FTP -- Command Tables.
+ */
+
+char	accounthelp[] =	"send account command to remote server";
+char	appendhelp[] =	"append to a file";
+char	asciihelp[] =	"set ascii transfer type";
+char	beephelp[] =	"beep when command completed";
+char	binaryhelp[] =	"set binary transfer type";
+char	casehelp[] =	"toggle mget upper/lower case id mapping";
+char	cdhelp[] =	"change remote working directory";
+char	cduphelp[] = 	"change remote working directory to parent directory";
+char	chmodhelp[] =	"change file permissions of remote file";
+char	connecthelp[] =	"connect to remote tftp";
+char	crhelp[] =	"toggle carriage return stripping on ascii gets";
+char	deletehelp[] =	"delete remote file";
+char	debughelp[] =	"toggle/set debugging mode";
+char	dirhelp[] =	"list contents of remote directory";
+char	disconhelp[] =	"terminate ftp session";
+char	domachelp[] = 	"execute macro";
+char	formhelp[] =	"set file transfer format";
+char	globhelp[] =	"toggle metacharacter expansion of local file names";
+char	hashhelp[] =	"toggle printing `#' for each buffer transferred";
+char	helphelp[] =	"print local help information";
+char	idlehelp[] =	"get (set) idle timer on remote side";
+char	lcdhelp[] =	"change local working directory";
+char	lshelp[] =	"list contents of remote directory";
+char	macdefhelp[] =  "define a macro";
+char	mdeletehelp[] =	"delete multiple files";
+char	mdirhelp[] =	"list contents of multiple remote directories";
+char	mgethelp[] =	"get multiple files";
+char	mkdirhelp[] =	"make directory on the remote machine";
+char	mlshelp[] =	"list contents of multiple remote directories";
+char	modtimehelp[] = "show last modification time of remote file";
+char	modehelp[] =	"set file transfer mode";
+char	mputhelp[] =	"send multiple files";
+char	newerhelp[] =	"get file if remote file is newer than local file ";
+char	nlisthelp[] =	"nlist contents of remote directory";
+char	nmaphelp[] =	"set templates for default file name mapping";
+char	ntranshelp[] =	"set translation table for default file name mapping";
+char	porthelp[] =	"toggle use of PORT cmd for each data connection";
+char	prompthelp[] =	"force interactive prompting on multiple commands";
+char	proxyhelp[] =	"issue command on alternate connection";
+char	pwdhelp[] =	"print working directory on remote machine";
+char	quithelp[] =	"terminate ftp session and exit";
+char	quotehelp[] =	"send arbitrary ftp command";
+char	receivehelp[] =	"receive file";
+char	regethelp[] =	"get file restarting at end of local file";
+char	remotehelp[] =	"get help from remote server";
+char	renamehelp[] =	"rename file";
+char	restarthelp[]=	"restart file transfer at bytecount";
+char	rmdirhelp[] =	"remove directory on the remote machine";
+char	rmtstatushelp[]="show status of remote machine";
+char	runiquehelp[] = "toggle store unique for local files";
+char	resethelp[] =	"clear queued command replies";
+char	sendhelp[] =	"send one file";
+char	passivehelp[] =	"enter passive transfer mode";
+char	sitehelp[] =	"send site specific command to remote server\n\t\tTry \"rhelp site\" or \"site help\" for more information";
+char	shellhelp[] =	"escape to the shell";
+char	sizecmdhelp[] = "show size of remote file";
+char	statushelp[] =	"show current status";
+char	structhelp[] =	"set file transfer structure";
+char	suniquehelp[] = "toggle store unique on remote machine";
+char	systemhelp[] =  "show remote system type";
+char	tenexhelp[] =	"set tenex file transfer type";
+char	tracehelp[] =	"toggle packet tracing";
+char	typehelp[] =	"set file transfer type";
+char	umaskhelp[] =	"get (set) umask on remote side";
+char	userhelp[] =	"send new user information";
+char	verbosehelp[] =	"toggle verbose mode";
+
+char	prothelp[] = 	"set protection level";
+#ifdef KRB4
+char	kauthhelp[] = 	"get remote tokens";
+char	klisthelp[] =	"show remote tickets";
+char	kdestroyhelp[] = "destroy remote tickets";
+char	krbtkfilehelp[] = "set filename of remote tickets";
+char	afsloghelp[] = 	"obtain remote AFS tokens";
+#endif
+
+struct cmd cmdtab[] = {
+	{ "!",		shellhelp,	0,	0,	0,	shell },
+	{ "$",		domachelp,	1,	0,	0,	domacro },
+	{ "account",	accounthelp,	0,	1,	1,	account},
+	{ "append",	appendhelp,	1,	1,	1,	put },
+	{ "ascii",	asciihelp,	0,	1,	1,	setascii },
+	{ "bell",	beephelp,	0,	0,	0,	setbell },
+	{ "binary",	binaryhelp,	0,	1,	1,	setbinary },
+	{ "bye",	quithelp,	0,	0,	0,	quit },
+	{ "case",	casehelp,	0,	0,	1,	setcase },
+	{ "cd",		cdhelp,		0,	1,	1,	cd },
+	{ "cdup",	cduphelp,	0,	1,	1,	cdup },
+	{ "chmod",	chmodhelp,	0,	1,	1,	do_chmod },
+	{ "close",	disconhelp,	0,	1,	1,	disconnect },
+	{ "cr",		crhelp,		0,	0,	0,	setcr },
+	{ "delete",	deletehelp,	0,	1,	1,	delete },
+	{ "debug",	debughelp,	0,	0,	0,	setdebug },
+	{ "dir",	dirhelp,	1,	1,	1,	ls },
+	{ "disconnect",	disconhelp,	0,	1,	1,	disconnect },
+	{ "form",	formhelp,	0,	1,	1,	setform },
+	{ "get",	receivehelp,	1,	1,	1,	get },
+	{ "glob",	globhelp,	0,	0,	0,	setglob },
+	{ "hash",	hashhelp,	0,	0,	0,	sethash },
+	{ "help",	helphelp,	0,	0,	1,	help },
+	{ "idle",	idlehelp,	0,	1,	1,	ftp_idle },
+	{ "image",	binaryhelp,	0,	1,	1,	setbinary },
+	{ "lcd",	lcdhelp,	0,	0,	0,	lcd },
+	{ "ls",		lshelp,		1,	1,	1,	ls },
+	{ "macdef",	macdefhelp,	0,	0,	0,	macdef },
+	{ "mdelete",	mdeletehelp,	1,	1,	1,	mdelete },
+	{ "mdir",	mdirhelp,	1,	1,	1,	mls },
+	{ "mget",	mgethelp,	1,	1,	1,	mget },
+	{ "mkdir",	mkdirhelp,	0,	1,	1,	makedir },
+	{ "mls",	mlshelp,	1,	1,	1,	mls },
+	{ "mode",	modehelp,	0,	1,	1,	setftmode },
+	{ "modtime",	modtimehelp,	0,	1,	1,	modtime },
+	{ "mput",	mputhelp,	1,	1,	1,	mput },
+	{ "newer",	newerhelp,	1,	1,	1,	newer },
+	{ "nmap",	nmaphelp,	0,	0,	1,	setnmap },
+	{ "nlist",	nlisthelp,	1,	1,	1,	ls },
+	{ "ntrans",	ntranshelp,	0,	0,	1,	setntrans },
+	{ "open",	connecthelp,	0,	0,	1,	setpeer },
+	{ "passive",	passivehelp,	0,	0,	0,	setpassive },
+	{ "prompt",	prompthelp,	0,	0,	0,	setprompt },
+	{ "proxy",	proxyhelp,	0,	0,	1,	doproxy },
+	{ "sendport",	porthelp,	0,	0,	0,	setport },
+	{ "put",	sendhelp,	1,	1,	1,	put },
+	{ "pwd",	pwdhelp,	0,	1,	1,	pwd },
+	{ "quit",	quithelp,	0,	0,	0,	quit },
+	{ "quote",	quotehelp,	1,	1,	1,	quote },
+	{ "recv",	receivehelp,	1,	1,	1,	get },
+	{ "reget",	regethelp,	1,	1,	1,	reget },
+	{ "rstatus",	rmtstatushelp,	0,	1,	1,	rmtstatus },
+	{ "rhelp",	remotehelp,	0,	1,	1,	rmthelp },
+	{ "rename",	renamehelp,	0,	1,	1,	renamefile },
+	{ "reset",	resethelp,	0,	1,	1,	reset },
+	{ "restart",	restarthelp,	1,	1,	1,	restart },
+	{ "rmdir",	rmdirhelp,	0,	1,	1,	removedir },
+	{ "runique",	runiquehelp,	0,	0,	1,	setrunique },
+	{ "send",	sendhelp,	1,	1,	1,	put },
+	{ "site",	sitehelp,	0,	1,	1,	site },
+	{ "size",	sizecmdhelp,	1,	1,	1,	sizecmd },
+	{ "status",	statushelp,	0,	0,	1,	status },
+	{ "struct",	structhelp,	0,	1,	1,	setstruct },
+	{ "system",	systemhelp,	0,	1,	1,	syst },
+	{ "sunique",	suniquehelp,	0,	0,	1,	setsunique },
+	{ "tenex",	tenexhelp,	0,	1,	1,	settenex },
+	{ "trace",	tracehelp,	0,	0,	0,	settrace },
+	{ "type",	typehelp,	0,	1,	1,	settype },
+	{ "user",	userhelp,	0,	1,	1,	user },
+	{ "umask",	umaskhelp,	0,	1,	1,	do_umask },
+	{ "verbose",	verbosehelp,	0,	0,	0,	setverbose },
+	{ "?",		helphelp,	0,	0,	1,	help },
+
+	{ "prot", 	prothelp, 	0, 	1, 	0,	sec_prot },
+#ifdef KRB4
+	{ "kauth", 	kauthhelp, 	0, 	1, 	0,	kauth },
+	{ "klist", 	klisthelp, 	0, 	1, 	0,	klist },
+	{ "kdestroy",	kdestroyhelp,	0,	1,	0,	kdestroy },
+	{ "krbtkfile",	krbtkfilehelp,	0,	1,	0,	krbtkfile },
+	{ "afslog",	afsloghelp,	0,	1,	0,	afslog },
+#endif
+	
+	{ 0 },
+};
+
+int	NCMDS = (sizeof (cmdtab) / sizeof (cmdtab[0])) - 1;
diff --git a/crypto/kerberosIV/appl/ftp/ftp/domacro.c b/crypto/kerberosIV/appl/ftp/ftp/domacro.c
new file mode 100644
index 0000000..d91660d
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/domacro.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) 1985, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftp_locl.h"
+RCSID("$Id: domacro.c,v 1.7 1999/09/16 20:37:29 assar Exp $");
+
+void
+domacro(int argc, char **argv)
+{
+	int i, j, count = 2, loopflg = 0;
+	char *cp1, *cp2, line2[200];
+	struct cmd *c;
+
+	if (argc < 2 && !another(&argc, &argv, "macro name")) {
+		printf("Usage: %s macro_name.\n", argv[0]);
+		code = -1;
+		return;
+	}
+	for (i = 0; i < macnum; ++i) {
+		if (!strncmp(argv[1], macros[i].mac_name, 9)) {
+			break;
+		}
+	}
+	if (i == macnum) {
+		printf("'%s' macro not found.\n", argv[1]);
+		code = -1;
+		return;
+	}
+	strlcpy(line2, line, sizeof(line2));
+TOP:
+	cp1 = macros[i].mac_start;
+	while (cp1 != macros[i].mac_end) {
+		while (isspace(*cp1)) {
+			cp1++;
+		}
+		cp2 = line;
+		while (*cp1 != '\0') {
+		      switch(*cp1) {
+		   	    case '\\':
+				 *cp2++ = *++cp1;
+				 break;
+			    case '$':
+				 if (isdigit(*(cp1+1))) {
+				    j = 0;
+				    while (isdigit(*++cp1)) {
+					  j = 10*j +  *cp1 - '0';
+				    }
+				    cp1--;
+				    if (argc - 2 >= j) {
+					strcpy(cp2, argv[j+1]);
+					cp2 += strlen(argv[j+1]);
+				    }
+				    break;
+				 }
+				 if (*(cp1+1) == 'i') {
+					loopflg = 1;
+					cp1++;
+					if (count < argc) {
+					   strcpy(cp2, argv[count]);
+					   cp2 += strlen(argv[count]);
+					}
+					break;
+				}
+				/* intentional drop through */
+			    default:
+				*cp2++ = *cp1;
+				break;
+		      }
+		      if (*cp1 != '\0') {
+			 cp1++;
+		      }
+		}
+		*cp2 = '\0';
+		makeargv();
+		c = getcmd(margv[0]);
+		if (c == (struct cmd *)-1) {
+			printf("?Ambiguous command\n");
+			code = -1;
+		}
+		else if (c == 0) {
+			printf("?Invalid command\n");
+			code = -1;
+		}
+		else if (c->c_conn && !connected) {
+			printf("Not connected.\n");
+			code = -1;
+		}
+		else {
+			if (verbose) {
+				printf("%s\n",line);
+			}
+			(*c->c_handler)(margc, margv);
+			if (bell && c->c_bell) {
+				putchar('\007');
+			}
+			strcpy(line, line2);
+			makeargv();
+			argc = margc;
+			argv = margv;
+		}
+		if (cp1 != macros[i].mac_end) {
+			cp1++;
+		}
+	}
+	if (loopflg && ++count < argc) {
+		goto TOP;
+	}
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftp/extern.h b/crypto/kerberosIV/appl/ftp/ftp/extern.h
new file mode 100644
index 0000000..d488ecd
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/extern.h
@@ -0,0 +1,173 @@
+/*-
+ * Copyright (c) 1994 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)extern.h	8.3 (Berkeley) 10/9/94
+ */
+
+/* $Id: extern.h,v 1.18 1999/10/28 20:49:10 assar Exp $ */
+
+#include <setjmp.h>
+#include <stdlib.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+void    abort_remote (FILE *);
+void    abortpt (int);
+void    abortrecv (int);
+void	account (int, char **);
+int	another (int *, char ***, char *);
+void	blkfree (char **);
+void	cd (int, char **);
+void	cdup (int, char **);
+void	changetype (int, int);
+void	cmdabort (int);
+void	cmdscanner (int);
+int	command (char *fmt, ...);
+int	confirm (char *, char *);
+FILE   *dataconn (const char *);
+void	delete (int, char **);
+void	disconnect (int, char **);
+void	do_chmod (int, char **);
+void	do_umask (int, char **);
+void	domacro (int, char **);
+char   *domap (char *);
+void	doproxy (int, char **);
+char   *dotrans (char *);
+int     empty (fd_set *, int);
+void	fatal (char *);
+void	get (int, char **);
+struct cmd *getcmd (char *);
+int	getit (int, char **, int, char *);
+int	getreply (int);
+int	globulize (char **);
+char   *gunique (char *);
+void	help (int, char **);
+char   *hookup (const char *, int);
+void	ftp_idle (int, char **);
+int     initconn (void);
+void	intr (int);
+void	lcd (int, char **);
+int	login (char *);
+RETSIGTYPE	lostpeer (int);
+void	ls (int, char **);
+void	macdef (int, char **);
+void	makeargv (void);
+void	makedir (int, char **);
+void	mdelete (int, char **);
+void	mget (int, char **);
+void	mls (int, char **);
+void	modtime (int, char **);
+void	mput (int, char **);
+char   *onoff (int);
+void	newer (int, char **);
+void    proxtrans (char *, char *, char *);
+void    psabort (int);
+void    pswitch (int);
+void    ptransfer (char *, long, struct timeval *, struct timeval *);
+void	put (int, char **);
+void	pwd (int, char **);
+void	quit (int, char **);
+void	quote (int, char **);
+void	quote1 (char *, int, char **);
+void    recvrequest (char *, char *, char *, char *, int, int);
+void	reget (int, char **);
+char   *remglob (char **, int);
+void	removedir (int, char **);
+void	renamefile (int, char **);
+void    reset (int, char **);
+void	restart (int, char **);
+void	rmthelp (int, char **);
+void	rmtstatus (int, char **);
+int	ruserpass (char *, char **, char **, char **);
+void    sendrequest (char *, char *, char *, char *, int);
+void	setascii (int, char **);
+void	setbell (int, char **);
+void	setbinary (int, char **);
+void	setcase (int, char **);
+void	setcr (int, char **);
+void	setdebug (int, char **);
+void	setform (int, char **);
+void	setftmode (int, char **);
+void	setglob (int, char **);
+void	sethash (int, char **);
+void	setnmap (int, char **);
+void	setntrans (int, char **);
+void	setpassive (int, char **);
+void	setpeer (int, char **);
+void	setport (int, char **);
+void	setprompt (int, char **);
+void	setrunique (int, char **);
+void	setstruct (int, char **);
+void	setsunique (int, char **);
+void	settenex (int, char **);
+void	settrace (int, char **);
+void	settype (int, char **);
+void	setverbose (int, char **);
+void	shell (int, char **);
+void	site (int, char **);
+void	sizecmd (int, char **);
+char   *slurpstring (void);
+void	status (int, char **);
+void	syst (int, char **);
+void    tvsub (struct timeval *, struct timeval *, struct timeval *);
+void	user (int, char **);
+
+extern jmp_buf	abortprox;
+extern int	abrtflag;
+extern struct	cmd cmdtab[];
+extern FILE	*cout;
+extern int	data;
+extern char    *home;
+extern jmp_buf	jabort;
+extern int	proxy;
+extern char	reply_string[];
+extern off_t	restart_point;
+extern int	NCMDS;
+
+extern char 	username[32];
+extern char	myhostname[];
+extern char	*mydomain;
+
+void afslog (int, char **);
+void kauth (int, char **);
+void kdestroy (int, char **);
+void klist (int, char **);
+void krbtkfile (int, char **);
diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp.c b/crypto/kerberosIV/appl/ftp/ftp/ftp.c
new file mode 100644
index 0000000..833fb08
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/ftp.c
@@ -0,0 +1,1749 @@
+/*
+ * Copyright (c) 1985, 1989, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftp_locl.h"
+RCSID ("$Id: ftp.c,v 1.60 1999/10/28 19:32:17 assar Exp $");
+
+struct sockaddr_storage hisctladdr_ss;
+struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss;
+struct sockaddr_storage data_addr_ss;
+struct sockaddr *data_addr  = (struct sockaddr *)&data_addr_ss;
+struct sockaddr_storage myctladdr_ss;
+struct sockaddr *myctladdr = (struct sockaddr *)&myctladdr_ss;
+int data = -1;
+int abrtflag = 0;
+jmp_buf ptabort;
+int ptabflg;
+int ptflag = 0;
+off_t restart_point = 0;
+
+
+FILE *cin, *cout;
+
+typedef void (*sighand) (int);
+
+char *
+hookup (const char *host, int port)
+{
+    struct hostent *hp = NULL;
+    int s, len;
+    static char hostnamebuf[MaxHostNameLen];
+    int error;
+    int af;
+    char **h;
+    int ret;
+
+#ifdef HAVE_IPV6
+    if (hp == NULL)
+	hp = getipnodebyname (host, AF_INET6, 0, &error);
+#endif
+    if (hp == NULL)
+	hp = getipnodebyname (host, AF_INET, 0, &error);
+
+    if (hp == NULL) {
+	warnx ("%s: %s", host, hstrerror(error));
+	code = -1;
+	return NULL;
+    }
+    strlcpy (hostnamebuf, hp->h_name, sizeof(hostnamebuf));
+    hostname = hostnamebuf;
+    af = hisctladdr->sa_family = hp->h_addrtype;
+
+    for (h = hp->h_addr_list;
+	 *h != NULL;
+	 ++h) {
+	
+	s = socket (af, SOCK_STREAM, 0);
+	if (s < 0) {
+	    warn ("socket");
+	    code = -1;
+	    freehostent (hp);
+	    return (0);
+	}
+
+	socket_set_address_and_port (hisctladdr, *h, port);
+
+	ret = connect (s, hisctladdr, socket_sockaddr_size(hisctladdr));
+	if (ret < 0) {
+	    char addr[256];
+
+	    if (inet_ntop (af, socket_get_address(hisctladdr),
+			   addr, sizeof(addr)) == NULL)
+		strlcpy (addr, "unknown address",
+				 sizeof(addr));
+	    warn ("connect %s", addr);
+	    close (s);
+	    continue;
+	}
+	break;
+    }
+    freehostent (hp);
+    if (ret < 0) {
+	code = -1;
+	close (s);
+	return NULL;
+    }
+
+    len = sizeof(myctladdr_ss);
+    if (getsockname (s, myctladdr, &len) < 0) {
+	warn ("getsockname");
+	code = -1;
+	close (s);
+	return NULL;
+    }
+#ifdef IPTOS_LOWDELAY
+    socket_set_tos (s, IPTOS_LOWDELAY);
+#endif
+    cin = fdopen (s, "r");
+    cout = fdopen (s, "w");
+    if (cin == NULL || cout == NULL) {
+	warnx ("fdopen failed.");
+	if (cin)
+	    fclose (cin);
+	if (cout)
+	    fclose (cout);
+	code = -1;
+	goto bad;
+    }
+    if (verbose)
+	printf ("Connected to %s.\n", hostname);
+    if (getreply (0) > 2) {	/* read startup message from server */
+	if (cin)
+	    fclose (cin);
+	if (cout)
+	    fclose (cout);
+	code = -1;
+	goto bad;
+    }
+#if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
+    {
+	int on = 1;
+
+	if (setsockopt (s, SOL_SOCKET, SO_OOBINLINE, (char *) &on, sizeof (on))
+	    < 0 && debug) {
+	    warn ("setsockopt");
+	}
+    }
+#endif				/* SO_OOBINLINE */
+
+    return (hostname);
+bad:
+    close (s);
+    return NULL;
+}
+
+int
+login (char *host)
+{
+    char tmp[80];
+    char defaultpass[128];
+    char *user, *pass, *acct;
+    int n, aflag = 0;
+
+    char *myname = NULL;
+    struct passwd *pw = k_getpwuid(getuid());
+
+    if (pw != NULL)
+	myname = pw->pw_name;
+
+    user = pass = acct = 0;
+
+    if(sec_login(host))
+	printf("\n*** Using plaintext user and password ***\n\n");
+    else{
+	printf("Authentication successful.\n\n");
+    }
+
+    if (ruserpass (host, &user, &pass, &acct) < 0) {
+	code = -1;
+	return (0);
+    }
+    while (user == NULL) {
+	if (myname)
+	    printf ("Name (%s:%s): ", host, myname);
+	else
+	    printf ("Name (%s): ", host);
+	fgets (tmp, sizeof (tmp) - 1, stdin);
+	tmp[strlen (tmp) - 1] = '\0';
+	if (*tmp == '\0')
+	    user = myname;
+	else
+	    user = tmp;
+    }
+    strlcpy(username, user, sizeof(username));
+    n = command("USER %s", user);
+    if (n == CONTINUE) {
+	if(sec_complete)
+	    pass = myname;
+	else if (pass == NULL) {
+	    char prompt[128];
+	    if(myname && 
+	       (!strcmp(user, "ftp") || !strcmp(user, "anonymous"))){
+		snprintf(defaultpass, sizeof(defaultpass), 
+			 "%s@%s", myname, mydomain);
+		snprintf(prompt, sizeof(prompt), 
+			 "Password (%s): ", defaultpass);
+	    }else{
+		*defaultpass = '\0';
+		snprintf(prompt, sizeof(prompt), "Password: ");
+	    }
+	    pass = defaultpass;
+	    des_read_pw_string (tmp, sizeof (tmp), prompt, 0);
+	    if (tmp[0])
+		pass = tmp;
+	}
+	n = command ("PASS %s", pass);
+    }
+    if (n == CONTINUE) {
+	aflag++;
+	acct = tmp;
+	des_read_pw_string (acct, 128, "Account:", 0);
+	n = command ("ACCT %s", acct);
+    }
+    if (n != COMPLETE) {
+	warnx ("Login failed.");
+	return (0);
+    }
+    if (!aflag && acct != NULL)
+	command ("ACCT %s", acct);
+    if (proxy)
+	return (1);
+    for (n = 0; n < macnum; ++n) {
+	if (!strcmp("init", macros[n].mac_name)) {
+	    strlcpy (line, "$init", sizeof (line));
+	    makeargv();
+	    domacro(margc, margv);
+	    break;
+	}
+    }
+    sec_set_protection_level ();
+    return (1);
+}
+
+void
+cmdabort (int sig)
+{
+
+    printf ("\n");
+    fflush (stdout);
+    abrtflag++;
+    if (ptflag)
+	longjmp (ptabort, 1);
+}
+
+int
+command (char *fmt,...)
+{
+    va_list ap;
+    int r;
+    sighand oldintr;
+
+    abrtflag = 0;
+    if (cout == NULL) {
+	warn ("No control connection for command");
+	code = -1;
+	return (0);
+    }
+    oldintr = signal(SIGINT, cmdabort);
+    va_start(ap, fmt);
+    if(debug){
+	printf("---> ");
+	if (strncmp("PASS ", fmt, 5) == 0)
+	    printf("PASS XXXX");
+	else 
+	    vfprintf(stdout, fmt, ap);
+	va_start(ap, fmt);
+    }
+    sec_vfprintf(cout, fmt, ap);
+    va_end(ap);
+    if(debug){
+	printf("\n");
+	fflush(stdout);
+    }
+    fprintf (cout, "\r\n");
+    fflush (cout);
+    cpend = 1;
+    r = getreply (!strcmp (fmt, "QUIT"));
+    if (abrtflag && oldintr != SIG_IGN)
+	(*oldintr) (SIGINT);
+    signal (SIGINT, oldintr);
+    return (r);
+}
+
+char reply_string[BUFSIZ];	/* last line of previous reply */
+
+int
+getreply (int expecteof)
+{
+    char *p;
+    char *lead_string;
+    int c;
+    struct sigaction sa, osa;
+    char buf[1024];
+
+    sigemptyset (&sa.sa_mask);
+    sa.sa_flags = 0;
+    sa.sa_handler = cmdabort;
+    sigaction (SIGINT, &sa, &osa);
+
+    p = buf;
+
+    while (1) {
+	c = getc (cin);
+	switch (c) {
+	case EOF:
+	    if (expecteof) {
+		sigaction (SIGINT, &osa, NULL);
+		code = 221;
+		return 0;
+	    }
+	    lostpeer (0);
+	    if (verbose) {
+		printf ("421 Service not available, "
+			"remote server has closed connection\n");
+		fflush (stdout);
+	    }
+	    code = 421;
+	    return (4);
+	case IAC:
+	    c = getc (cin);
+	    if (c == WILL || c == WONT)
+		fprintf (cout, "%c%c%c", IAC, DONT, getc (cin));
+	    if (c == DO || c == DONT)
+		fprintf (cout, "%c%c%c", IAC, WONT, getc (cin));
+	    continue;
+	case '\n':
+	    *p++ = '\0';
+	    if(isdigit(buf[0])){
+		sscanf(buf, "%d", &code);
+		if(code == 631){
+		    sec_read_msg(buf, prot_safe);
+		    sscanf(buf, "%d", &code);
+		    lead_string = "S:";
+		} else if(code == 632){
+		    sec_read_msg(buf, prot_private);
+		    sscanf(buf, "%d", &code);
+		    lead_string = "P:";
+		}else if(code == 633){
+		    sec_read_msg(buf, prot_confidential);
+		    sscanf(buf, "%d", &code);
+		    lead_string = "C:";
+		}else if(sec_complete)
+		    lead_string = "!!";
+		else
+		    lead_string = "";
+		if (verbose > 0 || (verbose > -1 && code > 499))
+		    fprintf (stdout, "%s%s\n", lead_string, buf);
+		if (buf[3] == ' ') {
+		    strcpy (reply_string, buf);
+		    if (code >= 200)
+			cpend = 0;
+		    sigaction (SIGINT, &osa, NULL);
+		    if (code == 421)
+			lostpeer (0);
+#if 1
+		    if (abrtflag &&
+			osa.sa_handler != cmdabort &&
+			osa.sa_handler != SIG_IGN)
+			osa.sa_handler (SIGINT);
+#endif
+		    if (code == 227 || code == 229) {
+			char *p, *q;
+
+			pasv[0] = 0;
+			p = strchr (reply_string, '(');
+			if (p) {
+			    p++;
+			    q = strchr(p, ')');
+			    if(q){
+				memcpy (pasv, p, q - p);
+				pasv[q - p] = 0;
+			    }
+			}
+		    }
+		    return code / 100;
+		}
+	    }else{
+		if(verbose > 0 || (verbose > -1 && code > 499)){
+		    if(sec_complete)
+			fprintf(stdout, "!!");
+		    fprintf(stdout, "%s\n", buf);
+		}
+	    }
+	    p = buf;
+	    continue;
+	default:
+	    *p++ = c;
+	}
+    }
+
+}
+
+
+#if 0
+int
+getreply (int expecteof)
+{
+    int c, n;
+    int dig;
+    int originalcode = 0, continuation = 0;
+    sighand oldintr;
+    int pflag = 0;
+    char *cp, *pt = pasv;
+
+    oldintr = signal (SIGINT, cmdabort);
+    for (;;) {
+	dig = n = code = 0;
+	cp = reply_string;
+	while ((c = getc (cin)) != '\n') {
+	    if (c == IAC) {	/* handle telnet commands */
+		switch (c = getc (cin)) {
+		case WILL:
+		case WONT:
+		    c = getc (cin);
+		    fprintf (cout, "%c%c%c", IAC, DONT, c);
+		    fflush (cout);
+		    break;
+		case DO:
+		case DONT:
+		    c = getc (cin);
+		    fprintf (cout, "%c%c%c", IAC, WONT, c);
+		    fflush (cout);
+		    break;
+		default:
+		    break;
+		}
+		continue;
+	    }
+	    dig++;
+	    if (c == EOF) {
+		if (expecteof) {
+		    signal (SIGINT, oldintr);
+		    code = 221;
+		    return (0);
+		}
+		lostpeer (0);
+		if (verbose) {
+		    printf ("421 Service not available, remote server has closed connection\n");
+		    fflush (stdout);
+		}
+		code = 421;
+		return (4);
+	    }
+	    if (c != '\r' && (verbose > 0 ||
+			      (verbose > -1 && n == '5' && dig > 4))) {
+		if (proxflag &&
+		    (dig == 1 || dig == 5 && verbose == 0))
+		    printf ("%s:", hostname);
+		putchar (c);
+	    }
+	    if (dig < 4 && isdigit (c))
+		code = code * 10 + (c - '0');
+	    if (!pflag && code == 227)
+		pflag = 1;
+	    if (dig > 4 && pflag == 1 && isdigit (c))
+		pflag = 2;
+	    if (pflag == 2) {
+		if (c != '\r' && c != ')')
+		    *pt++ = c;
+		else {
+		    *pt = '\0';
+		    pflag = 3;
+		}
+	    }
+	    if (dig == 4 && c == '-') {
+		if (continuation)
+		    code = 0;
+		continuation++;
+	    }
+	    if (n == 0)
+		n = c;
+	    if (cp < &reply_string[sizeof (reply_string) - 1])
+		*cp++ = c;
+	}
+	if (verbose > 0 || verbose > -1 && n == '5') {
+	    putchar (c);
+	    fflush (stdout);
+	}
+	if (continuation && code != originalcode) {
+	    if (originalcode == 0)
+		originalcode = code;
+	    continue;
+	}
+	*cp = '\0';
+	if(sec_complete){
+	    if(code == 631)
+		sec_read_msg(reply_string, prot_safe);
+	    else if(code == 632)
+		sec_read_msg(reply_string, prot_private);
+	    else if(code == 633)
+		sec_read_msg(reply_string, prot_confidential);
+	    n = code / 100 + '0';
+	}
+	if (n != '1')
+	    cpend = 0;
+	signal (SIGINT, oldintr);
+	if (code == 421 || originalcode == 421)
+	    lostpeer (0);
+	if (abrtflag && oldintr != cmdabort && oldintr != SIG_IGN)
+	    (*oldintr) (SIGINT);
+	return (n - '0');
+    }
+}
+
+#endif
+
+int
+empty (fd_set * mask, int sec)
+{
+    struct timeval t;
+
+    t.tv_sec = (long) sec;
+    t.tv_usec = 0;
+    return (select (32, mask, NULL, NULL, &t));
+}
+
+jmp_buf sendabort;
+
+static RETSIGTYPE
+abortsend (int sig)
+{
+
+    mflag = 0;
+    abrtflag = 0;
+    printf ("\nsend aborted\nwaiting for remote to finish abort\n");
+    fflush (stdout);
+    longjmp (sendabort, 1);
+}
+
+#define HASHBYTES 1024
+
+static int
+copy_stream (FILE * from, FILE * to)
+{
+    static size_t bufsize;
+    static char *buf;
+    int n;
+    int bytes = 0;
+    int werr = 0;
+    int hashbytes = HASHBYTES;
+    struct stat st;
+
+#if defined(HAVE_MMAP) && !defined(NO_MMAP)
+    void *chunk;
+
+#ifndef MAP_FAILED
+#define MAP_FAILED (-1)
+#endif
+
+    if (fstat (fileno (from), &st) == 0 && S_ISREG (st.st_mode)) {
+	/*
+	 * mmap zero bytes has potential of loosing, don't do it.
+	 */
+	if (st.st_size == 0)
+	    return 0;
+	chunk = mmap (0, st.st_size, PROT_READ, MAP_SHARED, fileno (from), 0);
+	if (chunk != (void *) MAP_FAILED) {
+	    int res;
+
+	    res = sec_write (fileno (to), chunk, st.st_size);
+	    if (munmap (chunk, st.st_size) < 0)
+		warn ("munmap");
+	    sec_fflush (to);
+	    return res;
+	}
+    }
+#endif
+
+    buf = alloc_buffer (buf, &bufsize,
+			fstat (fileno (from), &st) >= 0 ? &st : NULL);
+    if (buf == NULL)
+	return -1;
+
+    while ((n = read (fileno (from), buf, bufsize)) > 0) {
+	werr = sec_write (fileno (to), buf, n);
+	if (werr < 0)
+	    break;
+	bytes += werr;
+	while (hash && bytes > hashbytes) {
+	    putchar ('#');
+	    hashbytes += HASHBYTES;
+	}
+    }
+    sec_fflush (to);
+    if (n < 0)
+	warn ("local");
+
+    if (werr < 0) {
+	if (errno != EPIPE)
+	    warn ("netout");
+	bytes = -1;
+    }
+    return bytes;
+}
+
+void
+sendrequest (char *cmd, char *local, char *remote, char *lmode, int printnames)
+{
+    struct stat st;
+    struct timeval start, stop;
+    int c, d;
+    FILE *fin, *dout = 0;
+    int (*closefunc) (FILE *);
+    RETSIGTYPE (*oldintr)(), (*oldintp)();
+    long bytes = 0, hashbytes = HASHBYTES;
+    char *rmode = "w";
+
+    if (verbose && printnames) {
+	if (local && strcmp (local, "-") != 0)
+	    printf ("local: %s ", local);
+	if (remote)
+	    printf ("remote: %s\n", remote);
+    }
+    if (proxy) {
+	proxtrans (cmd, local, remote);
+	return;
+    }
+    if (curtype != type)
+	changetype (type, 0);
+    closefunc = NULL;
+    oldintr = NULL;
+    oldintp = NULL;
+
+    if (setjmp (sendabort)) {
+	while (cpend) {
+	    getreply (0);
+	}
+	if (data >= 0) {
+	    close (data);
+	    data = -1;
+	}
+	if (oldintr)
+	    signal (SIGINT, oldintr);
+	if (oldintp)
+	    signal (SIGPIPE, oldintp);
+	code = -1;
+	return;
+    }
+    oldintr = signal (SIGINT, abortsend);
+    if (strcmp (local, "-") == 0)
+	fin = stdin;
+    else if (*local == '|') {
+	oldintp = signal (SIGPIPE, SIG_IGN);
+	fin = popen (local + 1, lmode);
+	if (fin == NULL) {
+	    warn ("%s", local + 1);
+	    signal (SIGINT, oldintr);
+	    signal (SIGPIPE, oldintp);
+	    code = -1;
+	    return;
+	}
+	closefunc = pclose;
+    } else {
+	fin = fopen (local, lmode);
+	if (fin == NULL) {
+	    warn ("local: %s", local);
+	    signal (SIGINT, oldintr);
+	    code = -1;
+	    return;
+	}
+	closefunc = fclose;
+	if (fstat (fileno (fin), &st) < 0 ||
+	    (st.st_mode & S_IFMT) != S_IFREG) {
+	    fprintf (stdout, "%s: not a plain file.\n", local);
+	    signal (SIGINT, oldintr);
+	    fclose (fin);
+	    code = -1;
+	    return;
+	}
+    }
+    if (initconn ()) {
+	signal (SIGINT, oldintr);
+	if (oldintp)
+	    signal (SIGPIPE, oldintp);
+	code = -1;
+	if (closefunc != NULL)
+	    (*closefunc) (fin);
+	return;
+    }
+    if (setjmp (sendabort))
+	goto abort;
+
+    if (restart_point &&
+	(strcmp (cmd, "STOR") == 0 || strcmp (cmd, "APPE") == 0)) {
+	int rc;
+
+	switch (curtype) {
+	case TYPE_A:
+	    rc = fseek (fin, (long) restart_point, SEEK_SET);
+	    break;
+	case TYPE_I:
+	case TYPE_L:
+	    rc = lseek (fileno (fin), restart_point, SEEK_SET);
+	    break;
+	}
+	if (rc < 0) {
+	    warn ("local: %s", local);
+	    restart_point = 0;
+	    if (closefunc != NULL)
+		(*closefunc) (fin);
+	    return;
+	}
+	if (command ("REST %ld", (long) restart_point)
+	    != CONTINUE) {
+	    restart_point = 0;
+	    if (closefunc != NULL)
+		(*closefunc) (fin);
+	    return;
+	}
+	restart_point = 0;
+	rmode = "r+w";
+    }
+    if (remote) {
+	if (command ("%s %s", cmd, remote) != PRELIM) {
+	    signal (SIGINT, oldintr);
+	    if (oldintp)
+		signal (SIGPIPE, oldintp);
+	    if (closefunc != NULL)
+		(*closefunc) (fin);
+	    return;
+	}
+    } else if (command ("%s", cmd) != PRELIM) {
+	    signal(SIGINT, oldintr);
+	    if (oldintp)
+		signal(SIGPIPE, oldintp);
+	    if (closefunc != NULL)
+		(*closefunc)(fin);
+	    return;
+	}
+    dout = dataconn(rmode);
+    if (dout == NULL)
+	goto abort;
+    set_buffer_size (fileno (dout), 0);
+    gettimeofday (&start, (struct timezone *) 0);
+    oldintp = signal (SIGPIPE, SIG_IGN);
+    switch (curtype) {
+
+    case TYPE_I:
+    case TYPE_L:
+	errno = d = c = 0;
+	bytes = copy_stream (fin, dout);
+	break;
+
+    case TYPE_A:
+	while ((c = getc (fin)) != EOF) {
+	    if (c == '\n') {
+		while (hash && (bytes >= hashbytes)) {
+		    putchar ('#');
+		    fflush (stdout);
+		    hashbytes += HASHBYTES;
+		}
+		if (ferror (dout))
+		    break;
+		sec_putc ('\r', dout);
+		bytes++;
+	    }
+	    sec_putc (c, dout);
+	    bytes++;
+	}
+	sec_fflush (dout);
+	if (hash) {
+	    if (bytes < hashbytes)
+		putchar ('#');
+	    putchar ('\n');
+	    fflush (stdout);
+	}
+	if (ferror (fin))
+	    warn ("local: %s", local);
+	if (ferror (dout)) {
+	    if (errno != EPIPE)
+		warn ("netout");
+	    bytes = -1;
+	}
+	break;
+    }
+    if (closefunc != NULL)
+	(*closefunc) (fin);
+    fclose (dout);
+    gettimeofday (&stop, (struct timezone *) 0);
+    getreply (0);
+    signal (SIGINT, oldintr);
+    if (oldintp)
+	signal (SIGPIPE, oldintp);
+    if (bytes > 0)
+	ptransfer ("sent", bytes, &start, &stop);
+    return;
+abort:
+    signal (SIGINT, oldintr);
+    if (oldintp)
+	signal (SIGPIPE, oldintp);
+    if (!cpend) {
+	code = -1;
+	return;
+    }
+    if (data >= 0) {
+	close (data);
+	data = -1;
+    }
+    if (dout)
+	fclose (dout);
+    getreply (0);
+    code = -1;
+    if (closefunc != NULL && fin != NULL)
+	(*closefunc) (fin);
+    gettimeofday (&stop, (struct timezone *) 0);
+    if (bytes > 0)
+	ptransfer ("sent", bytes, &start, &stop);
+}
+
+jmp_buf recvabort;
+
+void
+abortrecv (int sig)
+{
+
+    mflag = 0;
+    abrtflag = 0;
+    printf ("\nreceive aborted\nwaiting for remote to finish abort\n");
+    fflush (stdout);
+    longjmp (recvabort, 1);
+}
+
+void
+recvrequest (char *cmd, char *local, char *remote,
+	     char *lmode, int printnames, int local_given)
+{
+    FILE *fout, *din = 0;
+    int (*closefunc) (FILE *);
+    sighand oldintr, oldintp;
+    int c, d, is_retr, tcrflag, bare_lfs = 0;
+    static size_t bufsize;
+    static char *buf;
+    long bytes = 0, hashbytes = HASHBYTES;
+    struct timeval start, stop;
+    struct stat st;
+
+    is_retr = strcmp (cmd, "RETR") == 0;
+    if (is_retr && verbose && printnames) {
+	if (local && strcmp (local, "-") != 0)
+	    printf ("local: %s ", local);
+	if (remote)
+	    printf ("remote: %s\n", remote);
+    }
+    if (proxy && is_retr) {
+	proxtrans (cmd, local, remote);
+	return;
+    }
+    closefunc = NULL;
+    oldintr = NULL;
+    oldintp = NULL;
+    tcrflag = !crflag && is_retr;
+    if (setjmp (recvabort)) {
+	while (cpend) {
+	    getreply (0);
+	}
+	if (data >= 0) {
+	    close (data);
+	    data = -1;
+	}
+	if (oldintr)
+	    signal (SIGINT, oldintr);
+	code = -1;
+	return;
+    }
+    oldintr = signal (SIGINT, abortrecv);
+    if (!local_given || (strcmp (local, "-") && *local != '|')) {
+	if (access (local, 2) < 0) {
+	    char *dir = strrchr (local, '/');
+
+	    if (errno != ENOENT && errno != EACCES) {
+		warn ("local: %s", local);
+		signal (SIGINT, oldintr);
+		code = -1;
+		return;
+	    }
+	    if (dir != NULL)
+		*dir = 0;
+	    d = access (dir ? local : ".", 2);
+	    if (dir != NULL)
+		*dir = '/';
+	    if (d < 0) {
+		warn ("local: %s", local);
+		signal (SIGINT, oldintr);
+		code = -1;
+		return;
+	    }
+	    if (!runique && errno == EACCES &&
+		chmod (local, 0600) < 0) {
+		warn ("local: %s", local);
+		signal (SIGINT, oldintr);
+		signal (SIGINT, oldintr);
+		code = -1;
+		return;
+	    }
+	    if (runique && errno == EACCES &&
+		(local = gunique (local)) == NULL) {
+		signal (SIGINT, oldintr);
+		code = -1;
+		return;
+	    }
+	} else if (runique && (local = gunique (local)) == NULL) {
+	    signal(SIGINT, oldintr);
+	    code = -1;
+	    return;
+	}
+    }
+    if (!is_retr) {
+	if (curtype != TYPE_A)
+	    changetype (TYPE_A, 0);
+    } else if (curtype != type)
+	changetype (type, 0);
+    if (initconn ()) {
+	signal (SIGINT, oldintr);
+	code = -1;
+	return;
+    }
+    if (setjmp (recvabort))
+	goto abort;
+    if (is_retr && restart_point &&
+	command ("REST %ld", (long) restart_point) != CONTINUE)
+	return;
+    if (remote) {
+	if (command ("%s %s", cmd, remote) != PRELIM) {
+	    signal (SIGINT, oldintr);
+	    return;
+	}
+    } else {
+	if (command ("%s", cmd) != PRELIM) {
+	    signal (SIGINT, oldintr);
+	    return;
+	}
+    }
+    din = dataconn ("r");
+    if (din == NULL)
+	goto abort;
+    set_buffer_size (fileno (din), 1);
+    if (local_given && strcmp (local, "-") == 0)
+	fout = stdout;
+    else if (local_given && *local == '|') {
+	oldintp = signal (SIGPIPE, SIG_IGN);
+	fout = popen (local + 1, "w");
+	if (fout == NULL) {
+	    warn ("%s", local + 1);
+	    goto abort;
+	}
+	closefunc = pclose;
+    } else {
+	fout = fopen (local, lmode);
+	if (fout == NULL) {
+	    warn ("local: %s", local);
+	    goto abort;
+	}
+	closefunc = fclose;
+    }
+    buf = alloc_buffer (buf, &bufsize,
+			fstat (fileno (fout), &st) >= 0 ? &st : NULL);
+    if (buf == NULL)
+	goto abort;
+
+    gettimeofday (&start, (struct timezone *) 0);
+    switch (curtype) {
+
+    case TYPE_I:
+    case TYPE_L:
+	if (restart_point &&
+	    lseek (fileno (fout), restart_point, SEEK_SET) < 0) {
+	    warn ("local: %s", local);
+	    if (closefunc != NULL)
+		(*closefunc) (fout);
+	    return;
+	}
+	errno = d = 0;
+	while ((c = sec_read (fileno (din), buf, bufsize)) > 0) {
+	    if ((d = write (fileno (fout), buf, c)) != c)
+		break;
+	    bytes += c;
+	    if (hash) {
+		while (bytes >= hashbytes) {
+		    putchar ('#');
+		    hashbytes += HASHBYTES;
+		}
+		fflush (stdout);
+	    }
+	}
+	if (hash && bytes > 0) {
+	    if (bytes < HASHBYTES)
+		putchar ('#');
+	    putchar ('\n');
+	    fflush (stdout);
+	}
+	if (c < 0) {
+	    if (errno != EPIPE)
+		warn ("netin");
+	    bytes = -1;
+	}
+	if (d < c) {
+	    if (d < 0)
+		warn ("local: %s", local);
+	    else
+		warnx ("%s: short write", local);
+	}
+	break;
+
+    case TYPE_A:
+	if (restart_point) {
+	    int i, n, ch;
+
+	    if (fseek (fout, 0L, SEEK_SET) < 0)
+		goto done;
+	    n = restart_point;
+	    for (i = 0; i++ < n;) {
+		if ((ch = sec_getc (fout)) == EOF)
+		    goto done;
+		if (ch == '\n')
+		    i++;
+	    }
+	    if (fseek (fout, 0L, SEEK_CUR) < 0) {
+	done:
+		warn ("local: %s", local);
+		if (closefunc != NULL)
+		    (*closefunc) (fout);
+		return;
+	    }
+	}
+	while ((c = sec_getc(din)) != EOF) {
+	    if (c == '\n')
+		bare_lfs++;
+	    while (c == '\r') {
+		while (hash && (bytes >= hashbytes)) {
+		    putchar ('#');
+		    fflush (stdout);
+		    hashbytes += HASHBYTES;
+		}
+		bytes++;
+		if ((c = sec_getc (din)) != '\n' || tcrflag) {
+		    if (ferror (fout))
+			goto break2;
+		    putc ('\r', fout);
+		    if (c == '\0') {
+			bytes++;
+			goto contin2;
+		    }
+		    if (c == EOF)
+			goto contin2;
+		}
+	    }
+	    putc (c, fout);
+	    bytes++;
+    contin2:;
+	}
+break2:
+	if (bare_lfs) {
+	    printf ("WARNING! %d bare linefeeds received in ASCII mode\n",
+		    bare_lfs);
+	    printf ("File may not have transferred correctly.\n");
+	}
+	if (hash) {
+	    if (bytes < hashbytes)
+		putchar ('#');
+	    putchar ('\n');
+	    fflush (stdout);
+	}
+	if (ferror (din)) {
+	    if (errno != EPIPE)
+		warn ("netin");
+	    bytes = -1;
+	}
+	if (ferror (fout))
+	    warn ("local: %s", local);
+	break;
+    }
+    if (closefunc != NULL)
+	(*closefunc) (fout);
+    signal (SIGINT, oldintr);
+    if (oldintp)
+	signal (SIGPIPE, oldintp);
+    fclose (din);
+    gettimeofday (&stop, (struct timezone *) 0);
+    getreply (0);
+    if (bytes > 0 && is_retr)
+	ptransfer ("received", bytes, &start, &stop);
+    return;
+abort:
+
+    /* abort using RFC959 recommended IP,SYNC sequence  */
+
+    if (oldintp)
+	signal (SIGPIPE, oldintr);
+    signal (SIGINT, SIG_IGN);
+    if (!cpend) {
+	code = -1;
+	signal (SIGINT, oldintr);
+	return;
+    }
+    abort_remote(din);
+    code = -1;
+    if (data >= 0) {
+	close (data);
+	data = -1;
+    }
+    if (closefunc != NULL && fout != NULL)
+	(*closefunc) (fout);
+    if (din)
+	fclose (din);
+    gettimeofday (&stop, (struct timezone *) 0);
+    if (bytes > 0)
+	ptransfer ("received", bytes, &start, &stop);
+    signal (SIGINT, oldintr);
+}
+
+static int
+parse_epsv (const char *str)
+{
+    char sep;
+    char *end;
+    int port;
+
+    if (*str == '\0')
+	return -1;
+    sep = *str++;
+    if (sep != *str++)
+	return -1;
+    if (sep != *str++)
+	return -1;
+    port = strtol (str, &end, 0);
+    if (str == end)
+	return -1;
+    if (end[0] != sep || end[1] != '\0')
+	return -1;
+    return htons(port);
+}
+
+static int
+parse_pasv (struct sockaddr_in *sin, const char *str)
+{
+    int a0, a1, a2, a3, p0, p1;
+
+    /*
+     * What we've got at this point is a string of comma separated
+     * one-byte unsigned integer values. The first four are the an IP
+     * address. The fifth is the MSB of the port number, the sixth is the
+     * LSB. From that we'll prepare a sockaddr_in.
+     */
+
+    if (sscanf (str, "%d,%d,%d,%d,%d,%d",
+		&a0, &a1, &a2, &a3, &p0, &p1) != 6) {
+	printf ("Passive mode address scan failure. "
+		"Shouldn't happen!\n");
+	return -1;
+    }
+    if (a0 < 0 || a0 > 255 ||
+	a1 < 0 || a1 > 255 ||
+	a2 < 0 || a2 > 255 ||
+	a3 < 0 || a3 > 255 ||
+	p0 < 0 || p0 > 255 ||
+	p1 < 0 || p1 > 255) {
+	printf ("Can't parse passive mode string.\n");
+	return -1;
+    }
+    memset (sin, 0, sizeof(*sin));
+    sin->sin_family      = AF_INET;
+    sin->sin_addr.s_addr = htonl ((a0 << 24) | (a1 << 16) |
+				  (a2 << 8) | a3);
+    sin->sin_port = htons ((p0 << 8) | p1);
+    return 0;
+}
+
+static int
+passive_mode (void)
+{
+    int port;
+
+    data = socket (myctladdr->sa_family, SOCK_STREAM, 0);
+    if (data < 0) {
+	warn ("socket");
+	return (1);
+    }
+    if (options & SO_DEBUG)
+	socket_set_debug (data);
+    if (command ("EPSV") != COMPLETE) {
+	if (command ("PASV") != COMPLETE) {
+	    printf ("Passive mode refused.\n");
+	    goto bad;
+	}
+    }
+
+    /*
+     * Parse the reply to EPSV or PASV
+     */
+
+    port = parse_epsv (pasv);
+    if (port > 0) {
+	data_addr->sa_family = myctladdr->sa_family;
+	socket_set_address_and_port (data_addr,
+				     socket_get_address (hisctladdr),
+				     port);
+    } else {
+	if (parse_pasv ((struct sockaddr_in *)data_addr, pasv) < 0)
+	    goto bad;
+    }
+
+    if (connect (data, data_addr, socket_sockaddr_size (data_addr)) < 0) {
+	warn ("connect");
+	goto bad;
+    }
+#ifdef IPTOS_THROUGHPUT
+    socket_set_tos (data, IPTOS_THROUGHPUT);
+#endif
+    return (0);
+bad:
+    close (data);
+    data = -1;
+    sendport = 1;
+    return (1);
+}
+
+
+static int
+active_mode (void)
+{
+    int tmpno = 0;
+    int len;
+    int result;
+
+noport:
+    data_addr->sa_family = myctladdr->sa_family;
+    socket_set_address_and_port (data_addr, socket_get_address (myctladdr),
+				 sendport ? 0 : socket_get_port (myctladdr));
+
+    if (data != -1)
+	close (data);
+    data = socket (data_addr->sa_family, SOCK_STREAM, 0);
+    if (data < 0) {
+	warn ("socket");
+	if (tmpno)
+	    sendport = 1;
+	return (1);
+    }
+    if (!sendport)
+	socket_set_reuseaddr (data, 1);
+    if (bind (data, data_addr, socket_sockaddr_size (data_addr)) < 0) {
+	warn ("bind");
+	goto bad;
+    }
+    if (options & SO_DEBUG)
+	socket_set_debug (data);
+    len = sizeof (data_addr_ss);
+    if (getsockname (data, data_addr, &len) < 0) {
+	warn ("getsockname");
+	goto bad;
+    }
+    if (listen (data, 1) < 0)
+	warn ("listen");
+    if (sendport) {
+	char *cmd;
+	char addr_str[256];
+	int inet_af;
+	int overbose;
+
+	if (inet_ntop (data_addr->sa_family, socket_get_address (data_addr),
+		       addr_str, sizeof(addr_str)) == NULL)
+	    errx (1, "inet_ntop failed");
+	switch (data_addr->sa_family) {
+	case AF_INET :
+	    inet_af = 1;
+	    break;
+#ifdef HAVE_IPV6
+	case AF_INET6 :
+	    inet_af = 2;
+	    break;
+#endif
+	default :
+	    errx (1, "bad address family %d", data_addr->sa_family);
+	}
+
+	asprintf (&cmd, "EPRT |%d|%s|%d|",
+		  inet_af, addr_str, ntohs(socket_get_port (data_addr)));
+
+	overbose = verbose;
+	if (debug == 0)
+	    verbose  = -1;
+
+	result = command (cmd);
+
+	verbose = overbose;
+
+	if (result == ERROR) {
+	    struct sockaddr_in *sin = (struct sockaddr_in *)data_addr;
+
+	    unsigned int a = ntohl(sin->sin_addr.s_addr);
+	    unsigned int p = ntohs(sin->sin_port);
+
+	    if (data_addr->sa_family != AF_INET) {
+		warnx ("remote server doesn't support EPRT");
+		goto bad;
+	    }
+
+	    result = command("PORT %d,%d,%d,%d,%d,%d", 
+			     (a >> 24) & 0xff,
+			     (a >> 16) & 0xff,
+			     (a >> 8) & 0xff,
+			     a & 0xff,
+			     (p >> 8) & 0xff,
+			     p & 0xff);
+	    if (result == ERROR && sendport == -1) {
+		sendport = 0;
+		tmpno = 1;
+		goto noport;
+	    }
+	    return (result != COMPLETE);
+	}
+	return result != COMPLETE;
+    }
+    if (tmpno)
+	sendport = 1;
+
+
+#ifdef IPTOS_THROUGHPUT
+    socket_set_tos (data, IPTOS_THROUGHPUT);
+#endif
+    return (0);
+bad:
+    close (data);
+    data = -1;
+    if (tmpno)
+	sendport = 1;
+    return (1);
+}
+
+/*
+ * Need to start a listen on the data channel before we send the command,
+ * otherwise the server's connect may fail.
+ */
+int
+initconn (void)
+{
+    if (passivemode) 
+	return passive_mode ();
+    else
+	return active_mode ();
+}
+
+FILE *
+dataconn (const char *lmode)
+{
+    struct sockaddr_storage from_ss;
+    struct sockaddr *from = (struct sockaddr *)&from_ss;
+    int s, fromlen = sizeof (from_ss);
+
+    if (passivemode)
+	return (fdopen (data, lmode));
+
+    s = accept (data, from, &fromlen);
+    if (s < 0) {
+	warn ("accept");
+	close (data), data = -1;
+	return (NULL);
+    }
+    close (data);
+    data = s;
+#ifdef IPTOS_THROUGHPUT
+    socket_set_tos (s, IPTOS_THROUGHPUT);
+#endif
+    return (fdopen (data, lmode));
+}
+
+void
+ptransfer (char *direction, long int bytes,
+	   struct timeval * t0, struct timeval * t1)
+{
+    struct timeval td;
+    float s;
+    float bs;
+    int prec;
+    char *unit;
+
+    if (verbose) {
+	td.tv_sec = t1->tv_sec - t0->tv_sec;
+	td.tv_usec = t1->tv_usec - t0->tv_usec;
+	if (td.tv_usec < 0) {
+	    td.tv_sec--;
+	    td.tv_usec += 1000000;
+	}
+	s = td.tv_sec + (td.tv_usec / 1000000.);
+	bs = bytes / (s ? s : 1);
+	if (bs >= 1048576) {
+	    bs /= 1048576;
+	    unit = "M";
+	    prec = 2;
+	} else if (bs >= 1024) {
+	    bs /= 1024;
+	    unit = "k";
+	    prec = 1;
+	} else {
+	    unit = "";
+	    prec = 0;
+	}
+
+	printf ("%ld bytes %s in %.3g seconds (%.*f %sbyte/s)\n",
+		bytes, direction, s, prec, bs, unit);
+    }
+}
+
+void
+psabort (int sig)
+{
+
+    abrtflag++;
+}
+
+void
+pswitch (int flag)
+{
+    sighand oldintr;
+    static struct comvars {
+	int connect;
+	char name[MaxHostNameLen];
+	struct sockaddr_storage mctl;
+	struct sockaddr_storage hctl;
+	FILE *in;
+	FILE *out;
+	int tpe;
+	int curtpe;
+	int cpnd;
+	int sunqe;
+	int runqe;
+	int mcse;
+	int ntflg;
+	char nti[17];
+	char nto[17];
+	int mapflg;
+	char mi[MaxPathLen];
+	char mo[MaxPathLen];
+    } proxstruct, tmpstruct;
+    struct comvars *ip, *op;
+
+    abrtflag = 0;
+    oldintr = signal (SIGINT, psabort);
+    if (flag) {
+	if (proxy)
+	    return;
+	ip = &tmpstruct;
+	op = &proxstruct;
+	proxy++;
+    } else {
+	if (!proxy)
+	    return;
+	ip = &proxstruct;
+	op = &tmpstruct;
+	proxy = 0;
+    }
+    ip->connect = connected;
+    connected = op->connect;
+    if (hostname) {
+	strlcpy (ip->name, hostname, sizeof (ip->name));
+    } else
+	ip->name[0] = 0;
+    hostname = op->name;
+    ip->hctl = hisctladdr_ss;
+    hisctladdr_ss = op->hctl;
+    ip->mctl = myctladdr_ss;
+    myctladdr_ss = op->mctl;
+    ip->in = cin;
+    cin = op->in;
+    ip->out = cout;
+    cout = op->out;
+    ip->tpe = type;
+    type = op->tpe;
+    ip->curtpe = curtype;
+    curtype = op->curtpe;
+    ip->cpnd = cpend;
+    cpend = op->cpnd;
+    ip->sunqe = sunique;
+    sunique = op->sunqe;
+    ip->runqe = runique;
+    runique = op->runqe;
+    ip->mcse = mcase;
+    mcase = op->mcse;
+    ip->ntflg = ntflag;
+    ntflag = op->ntflg;
+    strlcpy (ip->nti, ntin, sizeof (ip->nti));
+    strlcpy (ntin, op->nti, 17);
+    strlcpy (ip->nto, ntout, sizeof (ip->nto));
+    strlcpy (ntout, op->nto, 17);
+    ip->mapflg = mapflag;
+    mapflag = op->mapflg;
+    strlcpy (ip->mi, mapin, MaxPathLen);
+    strlcpy (mapin, op->mi, MaxPathLen);
+    strlcpy (ip->mo, mapout, MaxPathLen);
+    strlcpy (mapout, op->mo, MaxPathLen);
+    signal(SIGINT, oldintr);
+    if (abrtflag) {
+	abrtflag = 0;
+	(*oldintr) (SIGINT);
+    }
+}
+
+void
+abortpt (int sig)
+{
+
+    printf ("\n");
+    fflush (stdout);
+    ptabflg++;
+    mflag = 0;
+    abrtflag = 0;
+    longjmp (ptabort, 1);
+}
+
+void
+proxtrans (char *cmd, char *local, char *remote)
+{
+    sighand oldintr;
+    int secndflag = 0, prox_type, nfnd;
+    char *cmd2;
+    fd_set mask;
+
+    if (strcmp (cmd, "RETR"))
+	cmd2 = "RETR";
+    else
+	cmd2 = runique ? "STOU" : "STOR";
+    if ((prox_type = type) == 0) {
+	if (unix_server && unix_proxy)
+	    prox_type = TYPE_I;
+	else
+	    prox_type = TYPE_A;
+    }
+    if (curtype != prox_type)
+	changetype (prox_type, 1);
+    if (command ("PASV") != COMPLETE) {
+	printf ("proxy server does not support third party transfers.\n");
+	return;
+    }
+    pswitch (0);
+    if (!connected) {
+	printf ("No primary connection\n");
+	pswitch (1);
+	code = -1;
+	return;
+    }
+    if (curtype != prox_type)
+	changetype (prox_type, 1);
+    if (command ("PORT %s", pasv) != COMPLETE) {
+	pswitch (1);
+	return;
+    }
+    if (setjmp (ptabort))
+	goto abort;
+    oldintr = signal (SIGINT, abortpt);
+    if (command ("%s %s", cmd, remote) != PRELIM) {
+	signal (SIGINT, oldintr);
+	pswitch (1);
+	return;
+    }
+    sleep (2);
+    pswitch (1);
+    secndflag++;
+    if (command ("%s %s", cmd2, local) != PRELIM)
+	goto abort;
+    ptflag++;
+    getreply (0);
+    pswitch (0);
+    getreply (0);
+    signal (SIGINT, oldintr);
+    pswitch (1);
+    ptflag = 0;
+    printf ("local: %s remote: %s\n", local, remote);
+    return;
+abort:
+    signal (SIGINT, SIG_IGN);
+    ptflag = 0;
+    if (strcmp (cmd, "RETR") && !proxy)
+	pswitch (1);
+    else if (!strcmp (cmd, "RETR") && proxy)
+	pswitch (0);
+    if (!cpend && !secndflag) {	/* only here if cmd = "STOR" (proxy=1) */
+	if (command ("%s %s", cmd2, local) != PRELIM) {
+	    pswitch (0);
+	    if (cpend)
+		abort_remote ((FILE *) NULL);
+	}
+	pswitch (1);
+	if (ptabflg)
+	    code = -1;
+	signal (SIGINT, oldintr);
+	return;
+    }
+    if (cpend)
+	abort_remote ((FILE *) NULL);
+    pswitch (!proxy);
+    if (!cpend && !secndflag) {	/* only if cmd = "RETR" (proxy=1) */
+	if (command ("%s %s", cmd2, local) != PRELIM) {
+	    pswitch (0);
+	    if (cpend)
+		abort_remote ((FILE *) NULL);
+	    pswitch (1);
+	    if (ptabflg)
+		code = -1;
+	    signal (SIGINT, oldintr);
+	    return;
+	}
+    }
+    if (cpend)
+	abort_remote ((FILE *) NULL);
+    pswitch (!proxy);
+    if (cpend) {
+	FD_ZERO (&mask);
+	FD_SET (fileno (cin), &mask);
+	if ((nfnd = empty (&mask, 10)) <= 0) {
+	    if (nfnd < 0) {
+		warn ("abort");
+	    }
+	    if (ptabflg)
+		code = -1;
+	    lostpeer (0);
+	}
+	getreply (0);
+	getreply (0);
+    }
+    if (proxy)
+	pswitch (0);
+    pswitch (1);
+    if (ptabflg)
+	code = -1;
+    signal (SIGINT, oldintr);
+}
+
+void
+reset (int argc, char **argv)
+{
+    fd_set mask;
+    int nfnd = 1;
+
+    FD_ZERO (&mask);
+    while (nfnd > 0) {
+	FD_SET (fileno (cin), &mask);
+	if ((nfnd = empty (&mask, 0)) < 0) {
+	    warn ("reset");
+	    code = -1;
+	    lostpeer(0);
+	} else if (nfnd) {
+	    getreply(0);
+	}
+    }
+}
+
+char *
+gunique (char *local)
+{
+    static char new[MaxPathLen];
+    char *cp = strrchr (local, '/');
+    int d, count = 0;
+    char ext = '1';
+
+    if (cp)
+	*cp = '\0';
+    d = access (cp ? local : ".", 2);
+    if (cp)
+	*cp = '/';
+    if (d < 0) {
+	warn ("local: %s", local);
+	return NULL;
+    }
+    strlcpy (new, local, sizeof(new));
+    cp = new + strlen(new);
+    *cp++ = '.';
+    while (!d) {
+	if (++count == 100) {
+	    printf ("runique: can't find unique file name.\n");
+	    return NULL;
+	}
+	*cp++ = ext;
+	*cp = '\0';
+	if (ext == '9')
+	    ext = '0';
+	else
+	    ext++;
+	if ((d = access (new, 0)) < 0)
+	    break;
+	if (ext != '0')
+	    cp--;
+	else if (*(cp - 2) == '.')
+	    *(cp - 1) = '1';
+	else {
+	    *(cp - 2) = *(cp - 2) + 1;
+	    cp--;
+	}
+    }
+    return (new);
+}
+
+void
+abort_remote (FILE * din)
+{
+    char buf[BUFSIZ];
+    int nfnd;
+    fd_set mask;
+
+    /*
+     * send IAC in urgent mode instead of DM because 4.3BSD places oob mark
+     * after urgent byte rather than before as is protocol now
+     */
+    snprintf (buf, sizeof (buf), "%c%c%c", IAC, IP, IAC);
+    if (send (fileno (cout), buf, 3, MSG_OOB) != 3)
+	warn ("abort");
+    fprintf (cout, "%cABOR\r\n", DM);
+    fflush (cout);
+    FD_ZERO (&mask);
+    FD_SET (fileno (cin), &mask);
+    if (din) {
+	FD_SET (fileno (din), &mask);
+    }
+    if ((nfnd = empty (&mask, 10)) <= 0) {
+	if (nfnd < 0) {
+	    warn ("abort");
+	}
+	if (ptabflg)
+	    code = -1;
+	lostpeer (0);
+    }
+    if (din && FD_ISSET (fileno (din), &mask)) {
+	while (read (fileno (din), buf, BUFSIZ) > 0)
+	     /* LOOP */ ;
+    }
+    if (getreply (0) == ERROR && code == 552) {
+	/* 552 needed for nic style abort */
+	getreply (0);
+    }
+    getreply (0);
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h b/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h
new file mode 100644
index 0000000..49c2b2f
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h
@@ -0,0 +1,139 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: ftp_locl.h,v 1.34 1999/12/02 16:58:29 joda Exp $ */
+
+#ifndef __FTP_LOCL_H__
+#define __FTP_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IP_H
+#include <netinet/ip.h>
+#endif
+
+#ifdef HAVE_ARPA_FTP_H
+#include <arpa/ftp.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+
+#include <errno.h>
+#include <ctype.h>
+#include <glob.h>
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#ifdef HAVE_SYS_MMAN_H
+#include <sys/mman.h>
+#endif
+
+#include <err.h>
+
+#ifdef SOCKS
+#include <socks.h>
+extern int LIBPREFIX(fclose)      (FILE *);
+
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
+
+#endif
+
+#include "ftp_var.h"
+#include "extern.h"
+#include "common.h"
+#include "pathnames.h"
+
+#include "roken.h"
+#include "security.h"
+#include <des.h> /* for des_read_pw_string */
+
+#if defined(__sun__) && !defined(__svr4)
+int fclose(FILE*);
+int pclose(FILE*);
+#endif
+
+#endif /* __FTP_LOCL_H__ */
diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp_var.h b/crypto/kerberosIV/appl/ftp/ftp/ftp_var.h
new file mode 100644
index 0000000..ffac59a
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/ftp_var.h
@@ -0,0 +1,127 @@
+/*
+ * Copyright (c) 1985, 1989, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)ftp_var.h	8.4 (Berkeley) 10/9/94
+ */
+
+/*
+ * FTP global variables.
+ */
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#include <setjmp.h>
+
+/*
+ * Options and other state info.
+ */
+extern int	trace;			/* trace packets exchanged */
+extern int	hash;			/* print # for each buffer transferred */
+extern int	sendport;		/* use PORT cmd for each data connection */
+extern int	verbose;		/* print messages coming back from server */
+extern int	connected;		/* connected to server */
+extern int	fromatty;		/* input is from a terminal */
+extern int	interactive;		/* interactively prompt on m* cmds */
+extern int	debug;			/* debugging level */
+extern int	bell;			/* ring bell on cmd completion */
+extern int	doglob;			/* glob local file names */
+extern int	autologin;		/* establish user account on connection */
+extern int	proxy;			/* proxy server connection active */
+extern int	proxflag;		/* proxy connection exists */
+extern int	sunique;		/* store files on server with unique name */
+extern int	runique;		/* store local files with unique name */
+extern int	mcase;			/* map upper to lower case for mget names */
+extern int	ntflag;			/* use ntin ntout tables for name translation */
+extern int	mapflag;		/* use mapin mapout templates on file names */
+extern int	code;			/* return/reply code for ftp command */
+extern int	crflag;			/* if 1, strip car. rets. on ascii gets */
+extern char	pasv[64];		/* passive port for proxy data connection */
+extern int	passivemode;		/* passive mode enabled */
+extern char	*altarg;		/* argv[1] with no shell-like preprocessing  */
+extern char	ntin[17];		/* input translation table */
+extern char	ntout[17];		/* output translation table */
+extern char	mapin[MaxPathLen];	/* input map template */
+extern char	mapout[MaxPathLen];	/* output map template */
+extern char	typename[32];		/* name of file transfer type */
+extern int	type;			/* requested file transfer type */
+extern int	curtype;		/* current file transfer type */
+extern char	structname[32];		/* name of file transfer structure */
+extern int	stru;			/* file transfer structure */
+extern char	formname[32];		/* name of file transfer format */
+extern int	form;			/* file transfer format */
+extern char	modename[32];		/* name of file transfer mode */
+extern int	mode;			/* file transfer mode */
+extern char	bytename[32];		/* local byte size in ascii */
+extern int	bytesize;		/* local byte size in binary */
+
+extern char	*hostname;		/* name of host connected to */
+extern int	unix_server;		/* server is unix, can use binary for ascii */
+extern int	unix_proxy;		/* proxy is unix, can use binary for ascii */
+
+extern jmp_buf	toplevel;		/* non-local goto stuff for cmd scanner */
+
+extern char	line[200];		/* input line buffer */
+extern char	*stringbase;		/* current scan point in line buffer */
+extern char	argbuf[200];		/* argument storage buffer */
+extern char	*argbase;		/* current storage point in arg buffer */
+extern int	margc;			/* count of arguments on input line */
+extern char	**margv;		/* args parsed from input line */
+extern int	margvlen;		/* how large margv is currently */
+extern int     cpend;                  /* flag: if != 0, then pending server reply */
+extern int	mflag;			/* flag: if != 0, then active multi command */
+
+extern int	options;		/* used during socket creation */
+
+/*
+ * Format of command table.
+ */
+struct cmd {
+	char	*c_name;	/* name of command */
+	char	*c_help;	/* help string */
+	char	c_bell;		/* give bell when command completes */
+	char	c_conn;		/* must be connected to use command */
+	char	c_proxy;	/* proxy server may execute */
+	void	(*c_handler) (int, char **); /* function to call */
+};
+
+struct macel {
+	char mac_name[9];	/* macro name */
+	char *mac_start;	/* start of macro in macbuf */
+	char *mac_end;		/* end of macro in macbuf */
+};
+
+extern int macnum;			/* number of defined macros */
+extern struct macel macros[16];
+extern char macbuf[4096];
+
+
diff --git a/crypto/kerberosIV/appl/ftp/ftp/globals.c b/crypto/kerberosIV/appl/ftp/ftp/globals.c
new file mode 100644
index 0000000..7199e65
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/globals.c
@@ -0,0 +1,76 @@
+#include "ftp_locl.h"
+RCSID("$Id: globals.c,v 1.6 1996/08/26 22:46:26 assar Exp $");
+
+/*
+ * Options and other state info.
+ */
+int	trace;			/* trace packets exchanged */
+int	hash;			/* print # for each buffer transferred */
+int	sendport;		/* use PORT cmd for each data connection */
+int	verbose;		/* print messages coming back from server */
+int	connected;		/* connected to server */
+int	fromatty;		/* input is from a terminal */
+int	interactive;		/* interactively prompt on m* cmds */
+int	debug;			/* debugging level */
+int	bell;			/* ring bell on cmd completion */
+int	doglob;			/* glob local file names */
+int	autologin;		/* establish user account on connection */
+int	proxy;			/* proxy server connection active */
+int	proxflag;		/* proxy connection exists */
+int	sunique;		/* store files on server with unique name */
+int	runique;		/* store local files with unique name */
+int	mcase;			/* map upper to lower case for mget names */
+int	ntflag;			/* use ntin ntout tables for name translation */
+int	mapflag;		/* use mapin mapout templates on file names */
+int	code;			/* return/reply code for ftp command */
+int	crflag;			/* if 1, strip car. rets. on ascii gets */
+char	pasv[64];		/* passive port for proxy data connection */
+int	passivemode;		/* passive mode enabled */
+char	*altarg;		/* argv[1] with no shell-like preprocessing  */
+char	ntin[17];		/* input translation table */
+char	ntout[17];		/* output translation table */
+char	mapin[MaxPathLen];	/* input map template */
+char	mapout[MaxPathLen];	/* output map template */
+char	typename[32];		/* name of file transfer type */
+int	type;			/* requested file transfer type */
+int	curtype;		/* current file transfer type */
+char	structname[32];		/* name of file transfer structure */
+int	stru;			/* file transfer structure */
+char	formname[32];		/* name of file transfer format */
+int	form;			/* file transfer format */
+char	modename[32];		/* name of file transfer mode */
+int	mode;			/* file transfer mode */
+char	bytename[32];		/* local byte size in ascii */
+int	bytesize;		/* local byte size in binary */
+
+char	*hostname;		/* name of host connected to */
+int	unix_server;		/* server is unix, can use binary for ascii */
+int	unix_proxy;		/* proxy is unix, can use binary for ascii */
+
+jmp_buf	toplevel;		/* non-local goto stuff for cmd scanner */
+
+char	line[200];		/* input line buffer */
+char	*stringbase;		/* current scan point in line buffer */
+char	argbuf[200];		/* argument storage buffer */
+char	*argbase;		/* current storage point in arg buffer */
+int	margc;			/* count of arguments on input line */
+char	**margv;		/* args parsed from input line */
+int	margvlen;		/* how large margv is currently */
+int     cpend;                  /* flag: if != 0, then pending server reply */
+int	mflag;			/* flag: if != 0, then active multi command */
+
+int	options;		/* used during socket creation */
+
+/*
+ * Format of command table.
+ */
+
+int macnum;			/* number of defined macros */
+struct macel macros[16];
+char macbuf[4096];
+
+char username[32];
+
+/* these are set in ruserpass */
+char myhostname[MaxHostNameLen];
+char *mydomain;
diff --git a/crypto/kerberosIV/appl/ftp/ftp/gssapi.c b/crypto/kerberosIV/appl/ftp/ftp/gssapi.c
new file mode 100644
index 0000000..d06b5d6
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/gssapi.c
@@ -0,0 +1,379 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef FTP_SERVER
+#include "ftpd_locl.h"
+#else
+#include "ftp_locl.h"
+#endif
+#include <gssapi.h>
+
+RCSID("$Id: gssapi.c,v 1.13 1999/12/02 16:58:29 joda Exp $");
+
+struct gss_data {
+    gss_ctx_id_t context_hdl;
+    char *client_name;
+};
+
+static int
+gss_init(void *app_data)
+{
+    struct gss_data *d = app_data;
+    d->context_hdl = GSS_C_NO_CONTEXT;
+    return 0;
+}
+
+static int
+gss_check_prot(void *app_data, int level)
+{
+    if(level == prot_confidential)
+	return -1;
+    return 0;
+}
+
+static int
+gss_decode(void *app_data, void *buf, int len, int level)
+{
+    OM_uint32 maj_stat, min_stat;
+    gss_buffer_desc input, output;
+    gss_qop_t qop_state;
+    int conf_state;
+    struct gss_data *d = app_data;
+
+    input.length = len;
+    input.value = buf;
+    maj_stat = gss_unwrap (&min_stat,
+			   d->context_hdl,
+			   &input,
+			   &output,
+			   &conf_state,
+			   &qop_state);
+    if(GSS_ERROR(maj_stat))
+	return -1;
+    memmove(buf, output.value, output.length);
+    return output.length;
+}
+
+static int
+gss_overhead(void *app_data, int level, int len)
+{
+    return 100; /* dunno? */
+}
+
+
+static int
+gss_encode(void *app_data, void *from, int length, int level, void **to)
+{
+    OM_uint32 maj_stat, min_stat;
+    gss_buffer_desc input, output;
+    int conf_state;
+    struct gss_data *d = app_data;
+
+    input.length = length;
+    input.value = from;
+    maj_stat = gss_wrap (&min_stat,
+			 d->context_hdl,
+			 level == prot_private,
+			 GSS_C_QOP_DEFAULT,
+			 &input,
+			 &conf_state,
+			 &output);
+    *to = output.value;
+    return output.length;
+}
+
+static void
+sockaddr_to_gss_address (const struct sockaddr *sa,
+			 OM_uint32 *addr_type,
+			 gss_buffer_desc *gss_addr)
+{
+    switch (sa->sa_family) {
+#ifdef HAVE_IPV6
+    case AF_INET6 : {
+	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
+
+	gss_addr->length = 16;
+	gss_addr->value  = &sin6->sin6_addr;
+	*addr_type       = GSS_C_AF_INET6;
+	break;
+    }
+#endif
+    case AF_INET : {
+	struct sockaddr_in *sin = (struct sockaddr_in *)sa;
+
+	gss_addr->length = 4;
+	gss_addr->value  = &sin->sin_addr;
+	*addr_type       = GSS_C_AF_INET;
+	break;
+    }
+    default :
+	errx (1, "unknown address family %d", sa->sa_family);
+	
+    }
+}
+
+/* end common stuff */
+
+#ifdef FTP_SERVER
+
+static int
+gss_adat(void *app_data, void *buf, size_t len)
+{
+    char *p = NULL;
+    gss_buffer_desc input_token, output_token;
+    OM_uint32 maj_stat, min_stat;
+    gss_name_t client_name;
+    struct gss_data *d = app_data;
+
+    gss_channel_bindings_t bindings = malloc(sizeof(*bindings));
+    sockaddr_to_gss_address (his_addr,
+			     &bindings->initiator_addrtype,
+			     &bindings->initiator_address);
+    sockaddr_to_gss_address (ctrl_addr,
+			     &bindings->acceptor_addrtype,
+			     &bindings->acceptor_address);
+
+    bindings->application_data.length = 0;
+    bindings->application_data.value = NULL;
+
+    input_token.value = buf;
+    input_token.length = len;
+    
+    maj_stat = gss_accept_sec_context (&min_stat,
+				       &d->context_hdl,
+				       GSS_C_NO_CREDENTIAL,
+				       &input_token,
+				       bindings,
+				       &client_name,
+				       NULL,
+				       &output_token,
+				       NULL,
+				       NULL,
+				       NULL);
+
+    if(output_token.length) {
+	if(base64_encode(output_token.value, output_token.length, &p) < 0) {
+	    reply(535, "Out of memory base64-encoding.");
+	    return -1;
+	}
+    }
+    if(maj_stat == GSS_S_COMPLETE){
+	char *name;
+	gss_buffer_desc export_name;
+	maj_stat = gss_export_name(&min_stat, client_name, &export_name);
+	if(maj_stat != 0) {
+	    reply(500, "Error exporting name");
+	    goto out;
+	}
+	name = realloc(export_name.value, export_name.length + 1);
+	if(name == NULL) {
+	    reply(500, "Out of memory");
+	    free(export_name.value);
+	    goto out;
+	}
+	name[export_name.length] = '\0';
+	d->client_name = name;
+	if(p)
+	    reply(235, "ADAT=%s", p);
+	else
+	    reply(235, "ADAT Complete");
+	sec_complete = 1;
+
+    } else if(maj_stat == GSS_S_CONTINUE_NEEDED) {
+	if(p)
+	    reply(335, "ADAT=%s", p);
+	else
+	    reply(335, "OK, need more data");
+    } else
+	reply(535, "foo?");
+out:
+    free(p);
+    return 0;
+}
+
+int gss_userok(void*, char*);
+
+struct sec_server_mech gss_server_mech = {
+    "GSSAPI",
+    sizeof(struct gss_data),
+    gss_init, /* init */
+    NULL, /* end */
+    gss_check_prot,
+    gss_overhead,
+    gss_encode,
+    gss_decode,
+    /* */
+    NULL,
+    gss_adat,
+    NULL, /* pbsz */
+    NULL, /* ccc */
+    gss_userok
+};
+
+#else /* FTP_SERVER */
+
+extern struct sockaddr *hisctladdr, *myctladdr;
+
+static int
+gss_auth(void *app_data, char *host)
+{
+    
+    OM_uint32 maj_stat, min_stat;
+    gss_buffer_desc name;
+    gss_name_t target_name;
+    gss_buffer_desc input, output_token;
+    int context_established = 0;
+    char *p;
+    int n;
+    gss_channel_bindings_t bindings;
+    struct gss_data *d = app_data;
+	    
+    name.length = asprintf((char**)&name.value, "ftp@%s", host);
+    maj_stat = gss_import_name(&min_stat,
+			       &name,
+			       GSS_C_NT_HOSTBASED_SERVICE,
+			       &target_name);
+    if (GSS_ERROR(maj_stat)) {
+	OM_uint32 new_stat;
+	OM_uint32 msg_ctx = 0;
+	gss_buffer_desc status_string;
+	    
+	gss_display_status(&new_stat,
+			   min_stat,
+			   GSS_C_MECH_CODE,
+			   GSS_C_NO_OID,
+			   &msg_ctx,
+			   &status_string);
+	printf("Error importing name %s: %s\n", 
+	       (char *)name.value,
+	       (char *)status_string.value);
+	gss_release_buffer(&new_stat, &status_string);
+	return AUTH_ERROR;
+    }
+    free(name.value);
+    
+
+    input.length = 0;
+    input.value = NULL;
+
+    bindings = malloc(sizeof(*bindings));
+
+    sockaddr_to_gss_address (myctladdr,
+			     &bindings->initiator_addrtype,
+			     &bindings->initiator_address);
+    sockaddr_to_gss_address (hisctladdr,
+			     &bindings->acceptor_addrtype,
+			     &bindings->acceptor_address);
+
+    bindings->application_data.length = 0;
+    bindings->application_data.value = NULL;
+
+    while(!context_established) {
+	maj_stat = gss_init_sec_context(&min_stat,
+					GSS_C_NO_CREDENTIAL,
+					&d->context_hdl,
+					target_name,
+					GSS_C_NO_OID,
+					GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
+					0,
+					bindings,
+					&input,
+					NULL,
+					&output_token,
+					NULL,
+					NULL);
+	if (GSS_ERROR(maj_stat)) {
+	    OM_uint32 new_stat;
+	    OM_uint32 msg_ctx = 0;
+	    gss_buffer_desc status_string;
+	    
+	    gss_display_status(&new_stat,
+			       min_stat,
+			       GSS_C_MECH_CODE,
+			       GSS_C_NO_OID,
+			       &msg_ctx,
+			       &status_string);
+	    printf("Error initializing security context: %s\n", 
+		   (char*)status_string.value);
+	    gss_release_buffer(&new_stat, &status_string);
+	    return AUTH_CONTINUE;
+	}
+
+	gss_release_buffer(&min_stat, &input);
+	if (output_token.length != 0) {
+	    base64_encode(output_token.value, output_token.length, &p);
+	    gss_release_buffer(&min_stat, &output_token);
+	    n = command("ADAT %s", p);
+	    free(p);
+	}
+	if (GSS_ERROR(maj_stat)) {
+	    if (d->context_hdl != GSS_C_NO_CONTEXT)
+		gss_delete_sec_context (&min_stat,
+					&d->context_hdl,
+					GSS_C_NO_BUFFER);
+	    break;
+	}
+	if (maj_stat & GSS_S_CONTINUE_NEEDED) {
+	    p = strstr(reply_string, "ADAT=");
+	    if(p == NULL){
+		printf("Error: expected ADAT in reply.\n");
+		return AUTH_ERROR;
+	    } else {
+		p+=5;
+		input.value = malloc(strlen(p));
+		input.length = base64_decode(p, input.value);
+	    }
+	} else {
+	    if(code != 235) {
+		printf("Unrecognized response code: %d\n", code);
+		return AUTH_ERROR;
+	    }
+	    context_established = 1;
+	}
+    }
+    return AUTH_OK;
+}
+
+struct sec_client_mech gss_client_mech = {
+    "GSSAPI",
+    sizeof(struct gss_data),
+    gss_init,
+    gss_auth,
+    NULL, /* end */
+    gss_check_prot,
+    gss_overhead,
+    gss_encode,
+    gss_decode,
+};
+
+#endif /* FTP_SERVER */
diff --git a/crypto/kerberosIV/appl/ftp/ftp/kauth.c b/crypto/kerberosIV/appl/ftp/ftp/kauth.c
new file mode 100644
index 0000000..613593a
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/kauth.c
@@ -0,0 +1,198 @@
+/*
+ * Copyright (c) 1995-1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftp_locl.h"
+#include <krb.h>
+RCSID("$Id: kauth.c,v 1.20 1999/12/02 16:58:29 joda Exp $");
+
+void
+kauth(int argc, char **argv)
+{
+    int ret;
+    char buf[1024];
+    des_cblock key;
+    des_key_schedule schedule;
+    KTEXT_ST tkt, tktcopy;
+    char *name;
+    char *p;
+    int overbose;
+    char passwd[100];
+    int tmp;
+	
+    int save;
+
+    if(argc > 2){
+	printf("usage: %s [principal]\n", argv[0]);
+	code = -1;
+	return;
+    }
+    if(argc == 2)
+	name = argv[1];
+    else
+	name = username;
+
+    overbose = verbose;
+    verbose = 0;
+
+    save = set_command_prot(prot_private);
+    ret = command("SITE KAUTH %s", name);
+    if(ret != CONTINUE){
+	verbose = overbose;
+	set_command_prot(save);
+	code = -1;
+	return;
+    }
+    verbose = overbose;
+    p = strstr(reply_string, "T=");
+    if(!p){
+	printf("Bad reply from server.\n");
+	set_command_prot(save);
+	code = -1;
+	return;
+    }
+    p += 2;
+    tmp = base64_decode(p, &tkt.dat);
+    if(tmp < 0){
+	printf("Failed to decode base64 in reply.\n");
+	set_command_prot(save);
+	code = -1;
+	return;
+    }
+    tkt.length = tmp;
+    tktcopy.length = tkt.length;
+    
+    p = strstr(reply_string, "P=");
+    if(!p){
+	printf("Bad reply from server.\n");
+	verbose = overbose;
+	set_command_prot(save);
+	code = -1;
+	return;
+    }
+    name = p + 2;
+    for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++);
+    *p = 0;
+    
+    snprintf(buf, sizeof(buf), "Password for %s:", name);
+    if (des_read_pw_string (passwd, sizeof(passwd)-1, buf, 0))
+        *passwd = '\0';
+    des_string_to_key (passwd, &key);
+
+    des_key_sched(&key, schedule);
+    
+    des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat,
+		     tkt.length,
+		     schedule, &key, DES_DECRYPT);
+    if (strcmp ((char*)tktcopy.dat + 8,
+		KRB_TICKET_GRANTING_TICKET) != 0) {
+        afs_string_to_key (passwd, krb_realmofhost(hostname), &key);
+	des_key_sched (&key, schedule);
+	des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat,
+			 tkt.length,
+			 schedule, &key, DES_DECRYPT);
+    }
+    memset(key, 0, sizeof(key));
+    memset(schedule, 0, sizeof(schedule));
+    memset(passwd, 0, sizeof(passwd));
+    if(base64_encode(tktcopy.dat, tktcopy.length, &p) < 0) {
+	printf("Out of memory base64-encoding.\n");
+	set_command_prot(save);
+	code = -1;
+	return;
+    }
+    memset (tktcopy.dat, 0, tktcopy.length);
+    ret = command("SITE KAUTH %s %s", name, p);
+    free(p);
+    set_command_prot(save);
+    if(ret != COMPLETE){
+	code = -1;
+	return;
+    }
+    code = 0;
+}
+
+void
+klist(int argc, char **argv)
+{
+    int ret;
+    if(argc != 1){
+	printf("usage: %s\n", argv[0]);
+	code = -1;
+	return;
+    }
+    
+    ret = command("SITE KLIST");
+    code = (ret == COMPLETE);
+}
+
+void
+kdestroy(int argc, char **argv)
+{
+    int ret;
+    if (argc != 1) {
+	printf("usage: %s\n", argv[0]);
+	code = -1;
+	return;
+    }
+    ret = command("SITE KDESTROY");
+    code = (ret == COMPLETE);
+}
+
+void
+krbtkfile(int argc, char **argv)
+{
+    int ret;
+    if(argc != 2) {
+	printf("usage: %s tktfile\n", argv[0]);
+	code = -1;
+	return;
+    }
+    ret = command("SITE KRBTKFILE %s", argv[1]);
+    code = (ret == COMPLETE);
+}
+
+void
+afslog(int argc, char **argv)
+{
+    int ret;
+    if(argc > 2) {
+	printf("usage: %s [cell]\n", argv[0]);
+	code = -1;
+	return;
+    }
+    if(argc == 2)
+	ret = command("SITE AFSLOG %s", argv[1]);
+    else
+	ret = command("SITE AFSLOG");
+    code = (ret == COMPLETE);
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftp/krb4.c b/crypto/kerberosIV/appl/ftp/ftp/krb4.c
new file mode 100644
index 0000000..aa30c1b
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/krb4.c
@@ -0,0 +1,334 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef FTP_SERVER
+#include "ftpd_locl.h"
+#else
+#include "ftp_locl.h"
+#endif
+#include <krb.h>
+
+RCSID("$Id: krb4.c,v 1.36.2.1 1999/12/06 17:29:45 assar Exp $");
+
+#ifdef FTP_SERVER
+#define LOCAL_ADDR ctrl_addr
+#define REMOTE_ADDR his_addr
+#else
+#define LOCAL_ADDR myctladdr
+#define REMOTE_ADDR hisctladdr
+#endif
+
+extern struct sockaddr *LOCAL_ADDR, *REMOTE_ADDR;
+
+struct krb4_data {
+    des_cblock key;
+    des_key_schedule schedule;
+    char name[ANAME_SZ];
+    char instance[INST_SZ];
+    char realm[REALM_SZ];
+};
+
+static int
+krb4_check_prot(void *app_data, int level)
+{
+    if(level == prot_confidential)
+	return -1;
+    return 0;
+}
+
+static int
+krb4_decode(void *app_data, void *buf, int len, int level)
+{
+    MSG_DAT m;
+    int e;
+    struct krb4_data *d = app_data;
+    
+    if(level == prot_safe)
+	e = krb_rd_safe(buf, len, &d->key,
+			(struct sockaddr_in *)REMOTE_ADDR,
+			(struct sockaddr_in *)LOCAL_ADDR, &m);
+    else
+	e = krb_rd_priv(buf, len, d->schedule, &d->key, 
+			(struct sockaddr_in *)REMOTE_ADDR,
+			(struct sockaddr_in *)LOCAL_ADDR, &m);
+    if(e){
+	syslog(LOG_ERR, "krb4_decode: %s", krb_get_err_text(e));
+	return -1;
+    }
+    memmove(buf, m.app_data, m.app_length);
+    return m.app_length;
+}
+
+static int
+krb4_overhead(void *app_data, int level, int len)
+{
+    return 31;
+}
+
+static int
+krb4_encode(void *app_data, void *from, int length, int level, void **to)
+{
+    struct krb4_data *d = app_data;
+    *to = malloc(length + 31);
+    if(level == prot_safe)
+	return krb_mk_safe(from, *to, length, &d->key, 
+			   (struct sockaddr_in *)LOCAL_ADDR,
+			   (struct sockaddr_in *)REMOTE_ADDR);
+    else if(level == prot_private)
+	return krb_mk_priv(from, *to, length, d->schedule, &d->key, 
+			   (struct sockaddr_in *)LOCAL_ADDR,
+			   (struct sockaddr_in *)REMOTE_ADDR);
+    else
+	return -1;
+}
+
+#ifdef FTP_SERVER
+
+static int
+krb4_adat(void *app_data, void *buf, size_t len)
+{
+    KTEXT_ST tkt;
+    AUTH_DAT auth_dat;
+    char *p;
+    int kerror;
+    u_int32_t cs;
+    char msg[35]; /* size of encrypted block */
+    int tmp_len;
+    struct krb4_data *d = app_data;
+    char inst[INST_SZ];
+    struct sockaddr_in *his_addr_sin = (struct sockaddr_in *)his_addr;
+
+    memcpy(tkt.dat, buf, len);
+    tkt.length = len;
+
+    k_getsockinst(0, inst, sizeof(inst));
+    kerror = krb_rd_req(&tkt, "ftp", inst, 
+			his_addr_sin->sin_addr.s_addr, &auth_dat, "");
+    if(kerror == RD_AP_UNDEC){
+	k_getsockinst(0, inst, sizeof(inst));
+	kerror = krb_rd_req(&tkt, "rcmd", inst, 
+			    his_addr_sin->sin_addr.s_addr, &auth_dat, "");
+    }
+
+    if(kerror){
+	reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
+	return -1;
+    }
+    
+    memcpy(d->key, auth_dat.session, sizeof(d->key));
+    des_set_key(&d->key, d->schedule);
+
+    strlcpy(d->name, auth_dat.pname, sizeof(d->name));
+    strlcpy(d->instance, auth_dat.pinst, sizeof(d->instance));
+    strlcpy(d->realm, auth_dat.prealm, sizeof(d->instance));
+
+    cs = auth_dat.checksum + 1;
+    {
+	unsigned char tmp[4];
+	KRB_PUT_INT(cs, tmp, 4, sizeof(tmp));
+	tmp_len = krb_mk_safe(tmp, msg, 4, &d->key,
+			      (struct sockaddr_in *)LOCAL_ADDR,
+			      (struct sockaddr_in *)REMOTE_ADDR);
+    }
+    if(tmp_len < 0){
+	reply(535, "Error creating reply: %s.", strerror(errno));
+	return -1;
+    }
+    len = tmp_len;
+    if(base64_encode(msg, len, &p) < 0) {
+	reply(535, "Out of memory base64-encoding.");
+	return -1;
+    }
+    reply(235, "ADAT=%s", p);
+    sec_complete = 1;
+    free(p);
+    return 0;
+}
+
+static int
+krb4_userok(void *app_data, char *user)
+{
+    struct krb4_data *d = app_data;
+    return krb_kuserok(d->name, d->instance, d->realm, user);
+}
+
+struct sec_server_mech krb4_server_mech = {
+    "KERBEROS_V4",
+    sizeof(struct krb4_data),
+    NULL, /* init */
+    NULL, /* end */
+    krb4_check_prot,
+    krb4_overhead,
+    krb4_encode,
+    krb4_decode,
+    /* */
+    NULL,
+    krb4_adat,
+    NULL, /* pbsz */
+    NULL, /* ccc */
+    krb4_userok
+};
+
+#else /* FTP_SERVER */
+
+static int
+mk_auth(struct krb4_data *d, KTEXT adat, 
+	char *service, char *host, int checksum)
+{
+    int ret;
+    CREDENTIALS cred;
+    char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ];
+
+    strlcpy(sname, service, sizeof(sname));
+    strlcpy(inst, krb_get_phost(host), sizeof(inst));
+    strlcpy(realm, krb_realmofhost(host), sizeof(realm));
+    ret = krb_mk_req(adat, sname, inst, realm, checksum);
+    if(ret)
+	return ret;
+    strlcpy(sname, service, sizeof(sname));
+    strlcpy(inst, krb_get_phost(host), sizeof(inst));
+    strlcpy(realm, krb_realmofhost(host), sizeof(realm));
+    ret = krb_get_cred(sname, inst, realm, &cred);
+    memmove(&d->key, &cred.session, sizeof(des_cblock));
+    des_key_sched(&d->key, d->schedule);
+    memset(&cred, 0, sizeof(cred));
+    return ret;
+}
+
+static int
+krb4_auth(void *app_data, char *host)
+{
+    int ret;
+    char *p;
+    int len;
+    KTEXT_ST adat;
+    MSG_DAT msg_data;
+    int checksum;
+    u_int32_t cs;
+    struct krb4_data *d = app_data;
+    struct sockaddr_in *localaddr  = (struct sockaddr_in *)LOCAL_ADDR;
+    struct sockaddr_in *remoteaddr = (struct sockaddr_in *)REMOTE_ADDR;
+
+    checksum = getpid();
+    ret = mk_auth(d, &adat, "ftp", host, checksum);
+    if(ret == KDC_PR_UNKNOWN)
+	ret = mk_auth(d, &adat, "rcmd", host, checksum);
+    if(ret){
+	printf("%s\n", krb_get_err_text(ret));
+	return AUTH_CONTINUE;
+    }
+
+#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
+    if (krb_get_config_bool("nat_in_use")) {
+      struct in_addr natAddr;
+
+      if (krb_get_our_ip_for_realm(krb_realmofhost(host),
+				   &natAddr) != KSUCCESS
+	  && krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS)
+	printf("Can't get address for realm %s\n",
+	       krb_realmofhost(host));
+      else {
+	if (natAddr.s_addr != localaddr->sin_addr.s_addr) {
+	  printf("Using NAT IP address (%s) for kerberos 4\n",
+		 inet_ntoa(natAddr));
+	  localaddr->sin_addr = natAddr;
+	  
+	  /*
+	   * This not the best place to do this, but it
+	   * is here we know that (probably) NAT is in
+	   * use!
+	   */
+
+	  passivemode = 1;
+	  printf("Setting: Passive mode on.\n");
+	}
+      }
+    }
+#endif
+
+    printf("Local address is %s\n", inet_ntoa(localaddr->sin_addr));
+    printf("Remote address is %s\n", inet_ntoa(remoteaddr->sin_addr));
+
+   if(base64_encode(adat.dat, adat.length, &p) < 0) {
+	printf("Out of memory base64-encoding.\n");
+	return AUTH_CONTINUE;
+    }
+    ret = command("ADAT %s", p);
+    free(p);
+
+    if(ret != COMPLETE){
+	printf("Server didn't accept auth data.\n");
+	return AUTH_ERROR;
+    }
+
+    p = strstr(reply_string, "ADAT=");
+    if(!p){
+	printf("Remote host didn't send adat reply.\n");
+	return AUTH_ERROR;
+    }
+    p += 5;
+    len = base64_decode(p, adat.dat);
+    if(len < 0){
+	printf("Failed to decode base64 from server.\n");
+	return AUTH_ERROR;
+    }
+    adat.length = len;
+    ret = krb_rd_safe(adat.dat, adat.length, &d->key, 
+		      (struct sockaddr_in *)hisctladdr, 
+		      (struct sockaddr_in *)myctladdr, &msg_data);
+    if(ret){
+	printf("Error reading reply from server: %s.\n", 
+	       krb_get_err_text(ret));
+	return AUTH_ERROR;
+    }
+    krb_get_int(msg_data.app_data, &cs, 4, 0);
+    if(cs - checksum != 1){
+	printf("Bad checksum returned from server.\n");
+	return AUTH_ERROR;
+    }
+    return AUTH_OK;
+}
+
+struct sec_client_mech krb4_client_mech = {
+    "KERBEROS_V4",
+    sizeof(struct krb4_data),
+    NULL, /* init */
+    krb4_auth,
+    NULL, /* end */
+    krb4_check_prot,
+    krb4_overhead,
+    krb4_encode,
+    krb4_decode
+};
+
+#endif /* FTP_SERVER */
diff --git a/crypto/kerberosIV/appl/ftp/ftp/krb4.h b/crypto/kerberosIV/appl/ftp/ftp/krb4.h
new file mode 100644
index 0000000..7cf8cec
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/krb4.h
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      H�gskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: krb4.h,v 1.10 1997/04/01 08:17:22 joda Exp $ */
+
+#ifndef __KRB4_H__
+#define __KRB4_H__
+
+#include <stdio.h>
+#include <stdarg.h>
+
+extern int auth_complete;
+
+void sec_status(void);
+
+enum { prot_clear, prot_safe, prot_confidential, prot_private };
+
+void sec_prot(int, char**);
+
+int sec_getc(FILE *F);
+int sec_putc(int c, FILE *F);
+int sec_fflush(FILE *F);
+int sec_read(int fd, void *data, int length);
+int sec_write(int fd, char *data, int length);
+
+int krb4_getc(FILE *F);
+int krb4_read(int fd, char *data, int length);
+
+
+
+void sec_set_protection_level(void);
+int sec_request_prot(char *level);
+
+void kauth(int, char **);
+void klist(int, char **);
+
+void krb4_quit(void);
+
+int krb4_write_enc(FILE *F, char *fmt, va_list ap);
+int krb4_read_msg(char *s, int priv);
+int krb4_read_mic(char *s);
+int krb4_read_enc(char *s);
+
+int do_klogin(char *host);
+
+#endif /* __KRB4_H__ */
diff --git a/crypto/kerberosIV/appl/ftp/ftp/main.c b/crypto/kerberosIV/appl/ftp/ftp/main.c
new file mode 100644
index 0000000..dfe9e88
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/main.c
@@ -0,0 +1,549 @@
+/*
+ * Copyright (c) 1985, 1989, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * FTP User Program -- Command Interface.
+ */
+
+#include "ftp_locl.h"
+RCSID("$Id: main.c,v 1.27 1999/11/13 06:18:02 assar Exp $");
+
+int
+main(int argc, char **argv)
+{
+	int ch, top;
+	struct passwd *pw = NULL;
+	char homedir[MaxPathLen];
+	struct servent *sp;
+
+	set_progname(argv[0]);
+
+	sp = getservbyname("ftp", "tcp");
+	if (sp == 0)
+		errx(1, "ftp/tcp: unknown service");
+	doglob = 1;
+	interactive = 1;
+	autologin = 1;
+	passivemode = 0; /* passive mode not active */
+
+	while ((ch = getopt(argc, argv, "dginptv")) != -1) {
+		switch (ch) {
+		case 'd':
+			options |= SO_DEBUG;
+			debug++;
+			break;
+			
+		case 'g':
+			doglob = 0;
+			break;
+
+		case 'i':
+			interactive = 0;
+			break;
+
+		case 'n':
+			autologin = 0;
+			break;
+
+		case 'p':
+		        passivemode = 1;
+			break;
+		case 't':
+			trace++;
+			break;
+
+		case 'v':
+			verbose++;
+			break;
+
+		default:
+		    fprintf(stderr,
+			    "usage: ftp [-dginptv] [host [port]]\n");
+		    exit(1);
+		}
+	}
+	argc -= optind;
+	argv += optind;
+
+	fromatty = isatty(fileno(stdin));
+	if (fromatty)
+		verbose++;
+	cpend = 0;	/* no pending replies */
+	proxy = 0;	/* proxy not active */
+	crflag = 1;	/* strip c.r. on ascii gets */
+	sendport = -1;	/* not using ports */
+	/*
+	 * Set up the home directory in case we're globbing.
+	 */
+	pw = k_getpwuid(getuid());
+	if (pw != NULL) {
+		strlcpy(homedir, pw->pw_dir, sizeof(homedir));
+		home = homedir;
+	}
+	if (argc > 0) {
+	    char *xargv[5];
+	    
+	    if (setjmp(toplevel))
+		exit(0);
+	    signal(SIGINT, intr);
+	    signal(SIGPIPE, lostpeer);
+	    xargv[0] = (char*)__progname;
+	    xargv[1] = argv[0];
+	    xargv[2] = argv[1];
+	    xargv[3] = argv[2];
+	    xargv[4] = NULL;
+	    setpeer(argc+1, xargv);
+	}
+	if(setjmp(toplevel) == 0)
+	    top = 1;
+	else
+	    top = 0;
+	if (top) {
+	    signal(SIGINT, intr);
+	    signal(SIGPIPE, lostpeer);
+	}
+	for (;;) {
+	    cmdscanner(top);
+	    top = 1;
+	}
+}
+
+void
+intr(int sig)
+{
+
+	longjmp(toplevel, 1);
+}
+
+#ifndef SHUT_RDWR
+#define SHUT_RDWR 2
+#endif
+
+RETSIGTYPE
+lostpeer(int sig)
+{
+
+    if (connected) {
+	if (cout != NULL) {
+	    shutdown(fileno(cout), SHUT_RDWR);
+	    fclose(cout);
+	    cout = NULL;
+	}
+	if (data >= 0) {
+	    shutdown(data, SHUT_RDWR);
+	    close(data);
+	    data = -1;
+	}
+	connected = 0;
+    }
+    pswitch(1);
+    if (connected) {
+	if (cout != NULL) {
+	    shutdown(fileno(cout), SHUT_RDWR);
+	    fclose(cout);
+	    cout = NULL;
+	}
+	connected = 0;
+    }
+    proxflag = 0;
+    pswitch(0);
+    sec_end();
+    SIGRETURN(0);
+}
+
+/*
+char *
+tail(filename)
+	char *filename;
+{
+	char *s;
+	
+	while (*filename) {
+		s = strrchr(filename, '/');
+		if (s == NULL)
+			break;
+		if (s[1])
+			return (s + 1);
+		*s = '\0';
+	}
+	return (filename);
+}
+*/
+
+#ifndef HAVE_READLINE
+
+static char *
+readline(char *prompt)
+{
+    char buf[BUFSIZ];
+    printf ("%s", prompt);
+    fflush (stdout);
+    if(fgets(buf, sizeof(buf), stdin) == NULL)
+	return NULL;
+    if (buf[strlen(buf) - 1] == '\n')
+	buf[strlen(buf) - 1] = '\0';
+    return strdup(buf);
+}
+
+static void
+add_history(char *p)
+{
+}
+
+#else
+
+/* These should not really be here */
+
+char *readline(char *);
+void add_history(char *);
+
+#endif
+
+/*
+ * Command parser.
+ */
+void
+cmdscanner(int top)
+{
+    struct cmd *c;
+    int l;
+
+    if (!top)
+	putchar('\n');
+    for (;;) {
+	if (fromatty) {
+	    char *p;
+	    p = readline("ftp> ");
+	    if(p == NULL)
+		quit(0, 0);
+	    strlcpy(line, p, sizeof(line));
+	    add_history(p);
+	    free(p);
+	} else{
+	    if (fgets(line, sizeof line, stdin) == NULL)
+		quit(0, 0);
+	}
+	/* XXX will break on long lines */
+	l = strlen(line);
+	if (l == 0)
+	    break;
+	if (line[--l] == '\n') {
+	    if (l == 0)
+		break;
+	    line[l] = '\0';
+	} else if (l == sizeof(line) - 2) {
+	    printf("sorry, input line too long\n");
+	    while ((l = getchar()) != '\n' && l != EOF)
+		/* void */;
+	    break;
+	} /* else it was a line without a newline */
+	makeargv();
+	if (margc == 0) {
+	    continue;
+	}
+	c = getcmd(margv[0]);
+	if (c == (struct cmd *)-1) {
+	    printf("?Ambiguous command\n");
+	    continue;
+	}
+	if (c == 0) {
+	    printf("?Invalid command\n");
+	    continue;
+	}
+	if (c->c_conn && !connected) {
+	    printf("Not connected.\n");
+	    continue;
+	}
+	(*c->c_handler)(margc, margv);
+	if (bell && c->c_bell)
+	    putchar('\007');
+	if (c->c_handler != help)
+	    break;
+    }
+    signal(SIGINT, intr);
+    signal(SIGPIPE, lostpeer);
+}
+
+struct cmd *
+getcmd(char *name)
+{
+	char *p, *q;
+	struct cmd *c, *found;
+	int nmatches, longest;
+
+	longest = 0;
+	nmatches = 0;
+	found = 0;
+	for (c = cmdtab; (p = c->c_name); c++) {
+		for (q = name; *q == *p++; q++)
+			if (*q == 0)		/* exact match? */
+				return (c);
+		if (!*q) {			/* the name was a prefix */
+			if (q - name > longest) {
+				longest = q - name;
+				nmatches = 1;
+				found = c;
+			} else if (q - name == longest)
+				nmatches++;
+		}
+	}
+	if (nmatches > 1)
+		return ((struct cmd *)-1);
+	return (found);
+}
+
+/*
+ * Slice a string up into argc/argv.
+ */
+
+int slrflag;
+
+void
+makeargv(void)
+{
+	char **argp;
+
+	argp = margv;
+	stringbase = line;		/* scan from first of buffer */
+	argbase = argbuf;		/* store from first of buffer */
+	slrflag = 0;
+	for (margc = 0; ; margc++) {
+		/* Expand array if necessary */
+		if (margc == margvlen) {
+			int i;
+
+			margv = (margvlen == 0)
+				? (char **)malloc(20 * sizeof(char *))
+				: (char **)realloc(margv,
+					(margvlen + 20)*sizeof(char *));
+			if (margv == NULL)
+				errx(1, "cannot realloc argv array");
+			for(i = margvlen; i < margvlen + 20; ++i)
+				margv[i] = NULL;
+			margvlen += 20;
+			argp = margv + margc;
+		}
+
+		if ((*argp++ = slurpstring()) == NULL)
+			break;
+	}
+
+}
+
+/*
+ * Parse string into argbuf;
+ * implemented with FSM to
+ * handle quoting and strings
+ */
+char *
+slurpstring(void)
+{
+	int got_one = 0;
+	char *sb = stringbase;
+	char *ap = argbase;
+	char *tmp = argbase;		/* will return this if token found */
+
+	if (*sb == '!' || *sb == '$') {	/* recognize ! as a token for shell */
+		switch (slrflag) {	/* and $ as token for macro invoke */
+			case 0:
+				slrflag++;
+				stringbase++;
+				return ((*sb == '!') ? "!" : "$");
+				/* NOTREACHED */
+			case 1:
+				slrflag++;
+				altarg = stringbase;
+				break;
+			default:
+				break;
+		}
+	}
+
+S0:
+	switch (*sb) {
+
+	case '\0':
+		goto OUT;
+
+	case ' ':
+	case '\t':
+		sb++; goto S0;
+
+	default:
+		switch (slrflag) {
+			case 0:
+				slrflag++;
+				break;
+			case 1:
+				slrflag++;
+				altarg = sb;
+				break;
+			default:
+				break;
+		}
+		goto S1;
+	}
+
+S1:
+	switch (*sb) {
+
+	case ' ':
+	case '\t':
+	case '\0':
+		goto OUT;	/* end of token */
+
+	case '\\':
+		sb++; goto S2;	/* slurp next character */
+
+	case '"':
+		sb++; goto S3;	/* slurp quoted string */
+
+	default:
+		*ap++ = *sb++;	/* add character to token */
+		got_one = 1;
+		goto S1;
+	}
+
+S2:
+	switch (*sb) {
+
+	case '\0':
+		goto OUT;
+
+	default:
+		*ap++ = *sb++;
+		got_one = 1;
+		goto S1;
+	}
+
+S3:
+	switch (*sb) {
+
+	case '\0':
+		goto OUT;
+
+	case '"':
+		sb++; goto S1;
+
+	default:
+		*ap++ = *sb++;
+		got_one = 1;
+		goto S3;
+	}
+
+OUT:
+	if (got_one)
+		*ap++ = '\0';
+	argbase = ap;			/* update storage pointer */
+	stringbase = sb;		/* update scan pointer */
+	if (got_one) {
+		return (tmp);
+	}
+	switch (slrflag) {
+		case 0:
+			slrflag++;
+			break;
+		case 1:
+			slrflag++;
+			altarg = (char *) 0;
+			break;
+		default:
+			break;
+	}
+	return NULL;
+}
+
+#define HELPINDENT ((int) sizeof ("directory"))
+
+/*
+ * Help command.
+ * Call each command handler with argc == 0 and argv[0] == name.
+ */
+void
+help(int argc, char **argv)
+{
+	struct cmd *c;
+
+	if (argc == 1) {
+		int i, j, w, k;
+		int columns, width = 0, lines;
+
+		printf("Commands may be abbreviated.  Commands are:\n\n");
+		for (c = cmdtab; c < &cmdtab[NCMDS]; c++) {
+			int len = strlen(c->c_name);
+
+			if (len > width)
+				width = len;
+		}
+		width = (width + 8) &~ 7;
+		columns = 80 / width;
+		if (columns == 0)
+			columns = 1;
+		lines = (NCMDS + columns - 1) / columns;
+		for (i = 0; i < lines; i++) {
+			for (j = 0; j < columns; j++) {
+				c = cmdtab + j * lines + i;
+				if (c->c_name && (!proxy || c->c_proxy)) {
+					printf("%s", c->c_name);
+				}
+				else if (c->c_name) {
+					for (k=0; k < strlen(c->c_name); k++) {
+						putchar(' ');
+					}
+				}
+				if (c + lines >= &cmdtab[NCMDS]) {
+					printf("\n");
+					break;
+				}
+				w = strlen(c->c_name);
+				while (w < width) {
+					w = (w + 8) &~ 7;
+					putchar('\t');
+				}
+			}
+		}
+		return;
+	}
+	while (--argc > 0) {
+		char *arg;
+		arg = *++argv;
+		c = getcmd(arg);
+		if (c == (struct cmd *)-1)
+			printf("?Ambiguous help command %s\n", arg);
+		else if (c == (struct cmd *)0)
+			printf("?Invalid help command %s\n", arg);
+		else
+			printf("%-*s\t%s\n", HELPINDENT,
+				c->c_name, c->c_help);
+	}
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftp/pathnames.h b/crypto/kerberosIV/appl/ftp/ftp/pathnames.h
new file mode 100644
index 0000000..f7c1fb3
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/pathnames.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)pathnames.h	8.1 (Berkeley) 6/6/93
+ */
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#define	_PATH_TMP_XXX	"/tmp/ftpXXXXXX"
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL	"/bin/sh"
+#endif
diff --git a/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c b/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c
new file mode 100644
index 0000000..c687a59
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c
@@ -0,0 +1,312 @@
+/*
+ * Copyright (c) 1985, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftp_locl.h"
+RCSID("$Id: ruserpass.c,v 1.16 1999/09/16 20:37:31 assar Exp $");
+
+static	int token (void);
+static	FILE *cfile;
+
+#define	DEFAULT	1
+#define	LOGIN	2
+#define	PASSWD	3
+#define	ACCOUNT 4
+#define MACDEF  5
+#define PROT	6
+#define	ID	10
+#define	MACH	11
+
+static char tokval[100];
+
+static struct toktab {
+	char *tokstr;
+	int tval;
+} toktab[]= {
+	{ "default",	DEFAULT },
+	{ "login",	LOGIN },
+	{ "password",	PASSWD },
+	{ "passwd",	PASSWD },
+	{ "account",	ACCOUNT },
+	{ "machine",	MACH },
+	{ "macdef",	MACDEF },
+	{ "prot", 	PROT }, 
+	{ NULL,		0 }
+};
+
+/*
+ * Write a copy of the hostname into `hostname, sz' and return a guess
+ * as to the `domain' of that hostname.
+ */
+
+static char *
+guess_domain (char *hostname, size_t sz)
+{
+    struct hostent *he;
+    char *dot;
+    char *a;
+    char **aliases;
+
+    if (gethostname (hostname, sz) < 0) {
+	strlcpy (hostname, "", sz);
+	return "";
+    }
+    dot = strchr (hostname, '.');
+    if (dot != NULL)
+	return dot + 1;
+
+    he = gethostbyname (hostname);
+    if (he == NULL)
+	return hostname;
+
+    dot = strchr (he->h_name, '.');
+    if (dot != NULL) {
+	strlcpy (hostname, he->h_name, sz);
+	return dot + 1;
+    }
+    for (aliases = he->h_aliases; (a = *aliases) != NULL; ++aliases) {
+	dot = strchr (a, '.');
+	if (dot != NULL) {
+	    strlcpy (hostname, a, sz);
+	    return dot + 1;
+	}
+    }
+    return hostname;
+}
+
+int
+ruserpass(char *host, char **aname, char **apass, char **aacct)
+{
+    char *hdir, buf[BUFSIZ], *tmp;
+    int t, i, c, usedefault = 0;
+    struct stat stb;
+
+    mydomain = guess_domain (myhostname, MaxHostNameLen);
+
+    hdir = getenv("HOME");
+    if (hdir == NULL)
+	hdir = ".";
+    snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
+    cfile = fopen(buf, "r");
+    if (cfile == NULL) {
+	if (errno != ENOENT)
+	    warn("%s", buf);
+	return (0);
+    }
+
+next:
+    while ((t = token())) switch(t) {
+
+    case DEFAULT:
+	usedefault = 1;
+	/* FALL THROUGH */
+
+    case MACH:
+	if (!usedefault) {
+	    if (token() != ID)
+		continue;
+	    /*
+	     * Allow match either for user's input host name
+	     * or official hostname.  Also allow match of 
+	     * incompletely-specified host in local domain.
+	     */
+	    if (strcasecmp(host, tokval) == 0)
+		goto match;
+	    if (strcasecmp(hostname, tokval) == 0)
+		goto match;
+	    if ((tmp = strchr(hostname, '.')) != NULL &&
+		tmp++ &&
+		strcasecmp(tmp, mydomain) == 0 &&
+		strncasecmp(hostname, tokval, tmp-hostname) == 0 &&
+		tokval[tmp - hostname] == '\0')
+		goto match;
+	    if ((tmp = strchr(host, '.')) != NULL &&
+		tmp++ &&
+		strcasecmp(tmp, mydomain) == 0 &&
+		strncasecmp(host, tokval, tmp - host) == 0 &&
+		tokval[tmp - host] == '\0')
+		goto match;
+	    continue;
+	}
+    match:
+	while ((t = token()) && t != MACH && t != DEFAULT) switch(t) {
+
+	case LOGIN:
+	    if (token()) {
+		if (*aname == 0) { 
+		    *aname = strdup(tokval);
+		} else {
+		    if (strcmp(*aname, tokval))
+			goto next;
+		}
+	    }
+	    break;
+	case PASSWD:
+	    if ((*aname == NULL || strcmp(*aname, "anonymous")) &&
+		fstat(fileno(cfile), &stb) >= 0 &&
+		(stb.st_mode & 077) != 0) {
+		warnx("Error: .netrc file is readable by others.");
+		warnx("Remove password or make file unreadable by others.");
+		goto bad;
+	    }
+	    if (token() && *apass == 0) {
+		*apass = strdup(tokval);
+	    }
+	    break;
+	case ACCOUNT:
+	    if (fstat(fileno(cfile), &stb) >= 0
+		&& (stb.st_mode & 077) != 0) {
+		warnx("Error: .netrc file is readable by others.");
+		warnx("Remove account or make file unreadable by others.");
+		goto bad;
+	    }
+	    if (token() && *aacct == 0) {
+		*aacct = strdup(tokval);
+	    }
+	    break;
+	case MACDEF:
+	    if (proxy) {
+		fclose(cfile);
+		return (0);
+	    }
+	    while ((c=getc(cfile)) != EOF && 
+		   (c == ' ' || c == '\t'));
+	    if (c == EOF || c == '\n') {
+		printf("Missing macdef name argument.\n");
+		goto bad;
+	    }
+	    if (macnum == 16) {
+		printf("Limit of 16 macros have already been defined\n");
+		goto bad;
+	    }
+	    tmp = macros[macnum].mac_name;
+	    *tmp++ = c;
+	    for (i=0; i < 8 && (c=getc(cfile)) != EOF &&
+		     !isspace(c); ++i) {
+		*tmp++ = c;
+	    }
+	    if (c == EOF) {
+		printf("Macro definition missing null line terminator.\n");
+		goto bad;
+	    }
+	    *tmp = '\0';
+	    if (c != '\n') {
+		while ((c=getc(cfile)) != EOF && c != '\n');
+	    }
+	    if (c == EOF) {
+		printf("Macro definition missing null line terminator.\n");
+		goto bad;
+	    }
+	    if (macnum == 0) {
+		macros[macnum].mac_start = macbuf;
+	    }
+	    else {
+		macros[macnum].mac_start = macros[macnum-1].mac_end + 1;
+	    }
+	    tmp = macros[macnum].mac_start;
+	    while (tmp != macbuf + 4096) {
+		if ((c=getc(cfile)) == EOF) {
+		    printf("Macro definition missing null line terminator.\n");
+		    goto bad;
+		}
+		*tmp = c;
+		if (*tmp == '\n') {
+		    if (*(tmp-1) == '\0') {
+			macros[macnum++].mac_end = tmp - 1;
+			break;
+		    }
+		    *tmp = '\0';
+		}
+		tmp++;
+	    }
+	    if (tmp == macbuf + 4096) {
+		printf("4K macro buffer exceeded\n");
+		goto bad;
+	    }
+	    break;
+	case PROT:
+	    token();
+	    if(sec_request_prot(tokval) < 0)
+		warnx("Unknown protection level \"%s\"", tokval);
+	    break;
+	default:
+	    warnx("Unknown .netrc keyword %s", tokval);
+	    break;
+	}
+	goto done;
+    }
+done:
+    fclose(cfile);
+    return (0);
+bad:
+    fclose(cfile);
+    return (-1);
+}
+
+static int
+token(void)
+{
+	char *cp;
+	int c;
+	struct toktab *t;
+
+	if (feof(cfile) || ferror(cfile))
+		return (0);
+	while ((c = getc(cfile)) != EOF &&
+	    (c == '\n' || c == '\t' || c == ' ' || c == ','))
+		continue;
+	if (c == EOF)
+		return (0);
+	cp = tokval;
+	if (c == '"') {
+		while ((c = getc(cfile)) != EOF && c != '"') {
+			if (c == '\\')
+				c = getc(cfile);
+			*cp++ = c;
+		}
+	} else {
+		*cp++ = c;
+		while ((c = getc(cfile)) != EOF
+		    && c != '\n' && c != '\t' && c != ' ' && c != ',') {
+			if (c == '\\')
+				c = getc(cfile);
+			*cp++ = c;
+		}
+	}
+	*cp = 0;
+	if (tokval[0] == 0)
+		return (0);
+	for (t = toktab; t->tokstr; t++)
+		if (!strcmp(t->tokstr, tokval))
+			return (t->tval);
+	return (ID);
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftp/security.c b/crypto/kerberosIV/appl/ftp/ftp/security.c
new file mode 100644
index 0000000..ca7eb00
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/security.c
@@ -0,0 +1,785 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef FTP_SERVER
+#include "ftpd_locl.h"
+#else
+#include "ftp_locl.h"
+#endif
+
+RCSID("$Id: security.c,v 1.15 1999/12/02 16:58:30 joda Exp $");
+
+static enum protection_level command_prot;
+static enum protection_level data_prot;
+static size_t buffer_size;
+
+struct buffer {
+    void *data;
+    size_t size;
+    size_t index;
+    int eof_flag;
+};
+
+static struct buffer in_buffer, out_buffer;
+int sec_complete;
+
+static struct {
+    enum protection_level level;
+    const char *name;
+} level_names[] = {
+    { prot_clear, "clear" },
+    { prot_safe, "safe" },
+    { prot_confidential, "confidential" },
+    { prot_private, "private" }
+};
+
+static const char *
+level_to_name(enum protection_level level)
+{
+    int i;
+    for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
+	if(level_names[i].level == level)
+	    return level_names[i].name;
+    return "unknown";
+}
+
+#ifndef FTP_SERVER /* not used in server */
+static enum protection_level 
+name_to_level(const char *name)
+{
+    int i;
+    for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
+	if(!strncasecmp(level_names[i].name, name, strlen(name)))
+	    return level_names[i].level;
+    return (enum protection_level)-1;
+}
+#endif
+
+#ifdef FTP_SERVER
+
+static struct sec_server_mech *mechs[] = {
+#ifdef KRB5
+    &gss_server_mech,
+#endif
+#ifdef KRB4
+    &krb4_server_mech,
+#endif
+    NULL
+};
+
+static struct sec_server_mech *mech;
+
+#else
+
+static struct sec_client_mech *mechs[] = {
+#ifdef KRB5
+    &gss_client_mech,
+#endif
+#ifdef KRB4
+    &krb4_client_mech,
+#endif
+    NULL
+};
+
+static struct sec_client_mech *mech;
+
+#endif
+
+static void *app_data;
+
+int
+sec_getc(FILE *F)
+{
+    if(sec_complete && data_prot) {
+	char c;
+	if(sec_read(fileno(F), &c, 1) <= 0)
+	    return EOF;
+	return c;
+    } else
+	return getc(F);
+}
+
+static int
+block_read(int fd, void *buf, size_t len)
+{
+    unsigned char *p = buf;
+    int b;
+    while(len) {
+	b = read(fd, p, len);
+	if (b == 0)
+	    return 0;
+	else if (b < 0)
+	    return -1;
+	len -= b;
+	p += b;
+    }
+    return p - (unsigned char*)buf;
+}
+
+static int
+block_write(int fd, void *buf, size_t len)
+{
+    unsigned char *p = buf;
+    int b;
+    while(len) {
+	b = write(fd, p, len);
+	if(b < 0)
+	    return -1;
+	len -= b;
+	p += b;
+    }
+    return p - (unsigned char*)buf;
+}
+
+static int
+sec_get_data(int fd, struct buffer *buf, int level)
+{
+    int len;
+    int b;
+
+    b = block_read(fd, &len, sizeof(len));
+    if (b == 0)
+	return 0;
+    else if (b < 0)
+	return -1;
+    len = ntohl(len);
+    buf->data = realloc(buf->data, len);
+    b = block_read(fd, buf->data, len);
+    if (b == 0)
+	return 0;
+    else if (b < 0)
+	return -1;
+    buf->size = (*mech->decode)(app_data, buf->data, len, data_prot);
+    buf->index = 0;
+    return 0;
+}
+
+static size_t
+buffer_read(struct buffer *buf, void *data, size_t len)
+{
+    len = min(len, buf->size - buf->index);
+    memcpy(data, (char*)buf->data + buf->index, len);
+    buf->index += len;
+    return len;
+}
+
+static size_t
+buffer_write(struct buffer *buf, void *data, size_t len)
+{
+    if(buf->index + len > buf->size) {
+	void *tmp;
+	if(buf->data == NULL)
+	    tmp = malloc(1024);
+	else
+	    tmp = realloc(buf->data, buf->index + len);
+	if(tmp == NULL)
+	    return -1;
+	buf->data = tmp;
+	buf->size = buf->index + len;
+    }
+    memcpy((char*)buf->data + buf->index, data, len);
+    buf->index += len;
+    return len;
+}
+
+int
+sec_read(int fd, void *data, int length)
+{
+    size_t len;
+    int rx = 0;
+
+    if(sec_complete == 0 || data_prot == 0)
+	return read(fd, data, length);
+
+    if(in_buffer.eof_flag){
+	in_buffer.eof_flag = 0;
+	return 0;
+    }
+    
+    len = buffer_read(&in_buffer, data, length);
+    length -= len;
+    rx += len;
+    data = (char*)data + len;
+    
+    while(length){
+	if(sec_get_data(fd, &in_buffer, data_prot) < 0)
+	    return -1;
+	if(in_buffer.size == 0) {
+	    if(rx)
+		in_buffer.eof_flag = 1;
+	    return rx;
+	}
+	len = buffer_read(&in_buffer, data, length);
+	length -= len;
+	rx += len;
+	data = (char*)data + len;
+    }
+    return rx;
+}
+
+static int
+sec_send(int fd, char *from, int length)
+{
+    int bytes;
+    void *buf;
+    bytes = (*mech->encode)(app_data, from, length, data_prot, &buf);
+    bytes = htonl(bytes);
+    block_write(fd, &bytes, sizeof(bytes));
+    block_write(fd, buf, ntohl(bytes));
+    free(buf);
+    return length;
+}
+
+int
+sec_fflush(FILE *F)
+{
+    if(data_prot != prot_clear) {
+	if(out_buffer.index > 0){
+	    sec_write(fileno(F), out_buffer.data, out_buffer.index);
+	    out_buffer.index = 0;
+	}
+	sec_send(fileno(F), NULL, 0);
+    }
+    fflush(F);
+    return 0;
+}
+
+int
+sec_write(int fd, char *data, int length)
+{
+    int len = buffer_size;
+    int tx = 0;
+      
+    if(data_prot == prot_clear)
+	return write(fd, data, length);
+
+    len -= (*mech->overhead)(app_data, data_prot, len);
+    while(length){
+	if(length < len)
+	    len = length;
+	sec_send(fd, data, len);
+	length -= len;
+	data += len;
+	tx += len;
+    }
+    return tx;
+}
+
+int
+sec_vfprintf2(FILE *f, const char *fmt, va_list ap)
+{
+    char *buf;
+    int ret;
+    if(data_prot == prot_clear)
+	return vfprintf(f, fmt, ap);
+    else {
+	vasprintf(&buf, fmt, ap);
+	ret = buffer_write(&out_buffer, buf, strlen(buf));
+	free(buf);
+	return ret;
+    }
+}
+
+int
+sec_fprintf2(FILE *f, const char *fmt, ...)
+{
+    int ret;
+    va_list ap;
+    va_start(ap, fmt);
+    ret = sec_vfprintf2(f, fmt, ap);
+    va_end(ap);
+    return ret;
+}
+
+int
+sec_putc(int c, FILE *F)
+{
+    char ch = c;
+    if(data_prot == prot_clear)
+	return putc(c, F);
+    
+    buffer_write(&out_buffer, &ch, 1);
+    if(c == '\n' || out_buffer.index >= 1024 /* XXX */) {
+	sec_write(fileno(F), out_buffer.data, out_buffer.index);
+	out_buffer.index = 0;
+    }
+    return c;
+}
+
+int
+sec_read_msg(char *s, int level)
+{
+    int len;
+    char *buf;
+    int code;
+    
+    buf = malloc(strlen(s));
+    len = base64_decode(s + 4, buf); /* XXX */
+    
+    len = (*mech->decode)(app_data, buf, len, level);
+    if(len < 0)
+	return -1;
+    
+    buf[len] = '\0';
+
+    if(buf[3] == '-')
+	code = 0;
+    else
+	sscanf(buf, "%d", &code);
+    if(buf[len-1] == '\n')
+	buf[len-1] = '\0';
+    strcpy(s, buf);
+    free(buf);
+    return code;
+}
+
+int
+sec_vfprintf(FILE *f, const char *fmt, va_list ap)
+{
+    char *buf;
+    void *enc;
+    int len;
+    if(!sec_complete)
+	return vfprintf(f, fmt, ap);
+    
+    vasprintf(&buf, fmt, ap);
+    len = (*mech->encode)(app_data, buf, strlen(buf), command_prot, &enc);
+    free(buf);
+    if(len < 0) {
+	printf("Failed to encode command.\n");
+	return -1;
+    }
+    if(base64_encode(enc, len, &buf) < 0){
+	printf("Out of memory base64-encoding.\n");
+	return -1;
+    }
+#ifdef FTP_SERVER
+    if(command_prot == prot_safe)
+	fprintf(f, "631 %s\r\n", buf);
+    else if(command_prot == prot_private)
+	fprintf(f, "632 %s\r\n", buf);
+    else if(command_prot == prot_confidential)
+	fprintf(f, "633 %s\r\n", buf);
+#else
+    if(command_prot == prot_safe)
+	fprintf(f, "MIC %s", buf);
+    else if(command_prot == prot_private)
+	fprintf(f, "ENC %s", buf);
+    else if(command_prot == prot_confidential)
+	fprintf(f, "CONF %s", buf);
+#endif
+    free(buf);
+    return 0;
+}
+
+int
+sec_fprintf(FILE *f, const char *fmt, ...)
+{
+    va_list ap;
+    int ret;
+    va_start(ap, fmt);
+    ret = sec_vfprintf(f, fmt, ap);
+    va_end(ap);
+    return ret;
+}
+
+/* end common stuff */
+
+#ifdef FTP_SERVER
+
+void
+auth(char *auth_name)
+{
+    int i;
+    for(i = 0; (mech = mechs[i]) != NULL; i++){
+	if(!strcasecmp(auth_name, mech->name)){
+	    app_data = realloc(app_data, mech->size);
+	    if(mech->init && (*mech->init)(app_data) != 0) {
+		reply(431, "Unable to accept %s at this time", mech->name);
+		return;
+	    }
+	    if(mech->auth) {
+		(*mech->auth)(app_data);
+		return;
+	    }
+	    if(mech->adat)
+		reply(334, "Send authorization data.");
+	    else
+		reply(234, "Authorization complete.");
+	    return;
+	}
+    }
+    free (app_data);
+    reply(504, "%s is unknown to me", auth_name);
+}
+
+void
+adat(char *auth_data)
+{
+    if(mech && !sec_complete) {
+	void *buf = malloc(strlen(auth_data));
+	size_t len;
+	len = base64_decode(auth_data, buf);
+	(*mech->adat)(app_data, buf, len);
+	free(buf);
+    } else
+	reply(503, "You must %sissue an AUTH first.", mech ? "re-" : "");
+}
+
+void pbsz(int size)
+{
+    size_t new = size;
+    if(!sec_complete)
+	reply(503, "Incomplete security data exchange.");
+    if(mech->pbsz)
+	new = (*mech->pbsz)(app_data, size);
+    if(buffer_size != new){
+	buffer_size = size;
+    }
+    if(new != size)
+	reply(200, "PBSZ=%lu", (unsigned long)new);
+    else
+	reply(200, "OK");
+}
+
+void
+prot(char *pl)
+{
+    int p = -1;
+
+    if(buffer_size == 0){
+	reply(503, "No protection buffer size negotiated.");
+	return;
+    }
+
+    if(!strcasecmp(pl, "C"))
+	p = prot_clear;
+    else if(!strcasecmp(pl, "S"))
+	p = prot_safe;
+    else if(!strcasecmp(pl, "E"))
+	p = prot_confidential;
+    else if(!strcasecmp(pl, "P"))
+	p = prot_private;
+    else {
+	reply(504, "Unrecognized protection level.");
+	return;
+    }
+    
+    if(sec_complete){
+	if((*mech->check_prot)(app_data, p)){
+	    reply(536, "%s does not support %s protection.", 
+		  mech->name, level_to_name(p));
+	}else{
+	    data_prot = (enum protection_level)p;
+	    reply(200, "Data protection is %s.", level_to_name(p));
+	}
+    }else{
+	reply(503, "Incomplete security data exchange.");
+    }
+}
+
+void ccc(void)
+{
+    if(sec_complete){
+	if(mech->ccc && (*mech->ccc)(app_data) == 0)
+	    command_prot = data_prot = prot_clear;
+	else
+	    reply(534, "You must be joking.");
+    }else
+	reply(503, "Incomplete security data exchange.");
+}
+
+void mec(char *msg, enum protection_level level)
+{
+    void *buf;
+    size_t len;
+    if(!sec_complete) {
+	reply(503, "Incomplete security data exchange.");
+	return;
+    }
+    buf = malloc(strlen(msg) + 2); /* XXX go figure out where that 2
+				      comes from :-) */
+    len = base64_decode(msg, buf);
+    command_prot = level;
+    if(len == (size_t)-1) {
+	reply(501, "Failed to base64-decode command");
+	return;
+    }
+    len = (*mech->decode)(app_data, buf, len, level);
+    if(len == (size_t)-1) {
+	reply(535, "Failed to decode command");
+	return;
+    }
+    ((char*)buf)[len] = '\0';
+    if(strstr((char*)buf, "\r\n") == NULL)
+	strcat((char*)buf, "\r\n");
+    new_ftp_command(buf);
+}
+
+/* ------------------------------------------------------------ */
+
+int
+sec_userok(char *user)
+{
+    if(sec_complete)
+	return (*mech->userok)(app_data, user);
+    return 0;
+}
+
+char *ftp_command;
+
+void
+new_ftp_command(char *command)
+{
+    ftp_command = command;
+}
+
+void
+delete_ftp_command(void)
+{
+    free(ftp_command);
+    ftp_command = NULL;
+}
+
+int
+secure_command(void)
+{
+    return ftp_command != NULL;
+}
+
+enum protection_level
+get_command_prot(void)
+{
+    return command_prot;
+}
+
+#else /* FTP_SERVER */
+
+void
+sec_status(void)
+{
+    if(sec_complete){
+	printf("Using %s for authentication.\n", mech->name);
+	printf("Using %s command channel.\n", level_to_name(command_prot));
+	printf("Using %s data channel.\n", level_to_name(data_prot));
+	if(buffer_size > 0)
+	    printf("Protection buffer size: %lu.\n", 
+		   (unsigned long)buffer_size);
+    }else{
+	printf("Not using any security mechanism.\n");
+    }
+}
+
+static int
+sec_prot_internal(int level)
+{
+    int ret;
+    char *p;
+    unsigned int s = 1048576;
+
+    int old_verbose = verbose;
+    verbose = 0;
+
+    if(!sec_complete){
+	printf("No security data exchange has taken place.\n");
+	return -1;
+    }
+
+    if(level){
+	ret = command("PBSZ %u", s);
+	if(ret != COMPLETE){
+	    printf("Failed to set protection buffer size.\n");
+	    return -1;
+	}
+	buffer_size = s;
+	p = strstr(reply_string, "PBSZ=");
+	if(p)
+	    sscanf(p, "PBSZ=%u", &s);
+	if(s < buffer_size)
+	    buffer_size = s;
+    }
+    verbose = old_verbose;
+    ret = command("PROT %c", level["CSEP"]); /* XXX :-) */
+    if(ret != COMPLETE){
+	printf("Failed to set protection level.\n");
+	return -1;
+    }
+    
+    data_prot = (enum protection_level)level;
+    return 0;
+}
+
+enum protection_level
+set_command_prot(enum protection_level level)
+{
+    enum protection_level old = command_prot;
+    command_prot = level;
+    return old;
+}
+
+void
+sec_prot(int argc, char **argv)
+{
+    int level = -1;
+
+    if(argc < 2 || argc > 3)
+	goto usage;
+    if(!sec_complete) {
+	printf("No security data exchange has taken place.\n");
+	code = -1;
+	return;
+    }
+    level = name_to_level(argv[argc - 1]);
+    
+    if(level == -1)
+	goto usage;
+    
+    if((*mech->check_prot)(app_data, level)) {
+	printf("%s does not implement %s protection.\n", 
+	       mech->name, level_to_name(level));
+	code = -1;
+	return;
+    }
+    
+    if(argc == 2 || strncasecmp(argv[1], "data", strlen(argv[1])) == 0) {
+	if(sec_prot_internal(level) < 0){
+	    code = -1;
+	    return;
+	}
+    } else if(strncasecmp(argv[1], "command", strlen(argv[1])) == 0)
+	set_command_prot(level);
+    else
+	goto usage;
+    code = 0;
+    return;
+ usage:
+    printf("usage: %s [command|data] [clear|safe|confidential|private]\n",
+	   argv[0]);
+    code = -1;
+}
+
+static enum protection_level request_data_prot;
+
+void
+sec_set_protection_level(void)
+{
+    if(sec_complete && data_prot != request_data_prot)
+	sec_prot_internal(request_data_prot);
+}
+
+
+int
+sec_request_prot(char *level)
+{
+    int l = name_to_level(level);
+    if(l == -1)
+	return -1;
+    request_data_prot = (enum protection_level)l;
+    return 0;
+}
+
+int
+sec_login(char *host)
+{
+    int ret;
+    struct sec_client_mech **m;
+    int old_verbose = verbose;
+
+    verbose = -1; /* shut up all messages this will produce (they
+		     are usually not very user friendly) */
+    
+    for(m = mechs; *m && (*m)->name; m++) {
+	void *tmp;
+
+	tmp = realloc(app_data, (*m)->size);
+	if (tmp == NULL) {
+	    warnx ("realloc %u failed", (*m)->size);
+	    return -1;
+	}
+	app_data = tmp;
+	    
+	if((*m)->init && (*(*m)->init)(app_data) != 0) {
+	    printf("Skipping %s...\n", (*m)->name);
+	    continue;
+	}
+	printf("Trying %s...\n", (*m)->name);
+	ret = command("AUTH %s", (*m)->name);
+	if(ret != CONTINUE){
+	    if(code == 504){
+		printf("%s is not supported by the server.\n", (*m)->name);
+	    }else if(code == 534){
+		printf("%s rejected as security mechanism.\n", (*m)->name);
+	    }else if(ret == ERROR) {
+		printf("The server doesn't support the FTP "
+		       "security extensions.\n");
+		verbose = old_verbose;
+		return -1;
+	    }
+	    continue;
+	}
+
+	ret = (*(*m)->auth)(app_data, host);
+	
+	if(ret == AUTH_CONTINUE)
+	    continue;
+	else if(ret != AUTH_OK){
+	    /* mechanism is supposed to output error string */
+	    verbose = old_verbose;
+	    return -1;
+	}
+	mech = *m;
+	sec_complete = 1;
+	command_prot = prot_safe;
+	break;
+    }
+    
+    verbose = old_verbose;
+    return *m == NULL;
+}
+
+void
+sec_end(void)
+{
+    if (mech != NULL) {
+	if(mech->end)
+	    (*mech->end)(app_data);
+	memset(app_data, 0, mech->size);
+	free(app_data);
+	app_data = NULL;
+    }
+    sec_complete = 0;
+    data_prot = (enum protection_level)0;
+}
+
+#endif /* FTP_SERVER */
+
diff --git a/crypto/kerberosIV/appl/ftp/ftp/security.h b/crypto/kerberosIV/appl/ftp/ftp/security.h
new file mode 100644
index 0000000..6fe0694
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/security.h
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: security.h,v 1.7 1999/12/02 16:58:30 joda Exp $ */
+
+#ifndef __security_h__
+#define __security_h__
+
+enum protection_level { 
+    prot_clear, 
+    prot_safe, 
+    prot_confidential, 
+    prot_private 
+};
+
+struct sec_client_mech {
+    char *name;
+    size_t size;
+    int (*init)(void *);
+    int (*auth)(void *, char*);
+    void (*end)(void *);
+    int (*check_prot)(void *, int);
+    int (*overhead)(void *, int, int);
+    int (*encode)(void *, void*, int, int, void**);
+    int (*decode)(void *, void*, int, int);
+};
+
+struct sec_server_mech {
+    char *name;
+    size_t size;
+    int (*init)(void *);
+    void (*end)(void *);
+    int (*check_prot)(void *, int);
+    int (*overhead)(void *, int, int);
+    int (*encode)(void *, void*, int, int, void**);
+    int (*decode)(void *, void*, int, int);
+
+    int (*auth)(void *);
+    int (*adat)(void *, void*, size_t);
+    size_t (*pbsz)(void *, size_t);
+    int (*ccc)(void*);
+    int (*userok)(void*, char*);
+};
+
+#define AUTH_OK		0
+#define AUTH_CONTINUE	1
+#define AUTH_ERROR	2
+
+#ifdef FTP_SERVER
+extern struct sec_server_mech krb4_server_mech, gss_server_mech;
+#else
+extern struct sec_client_mech krb4_client_mech, gss_client_mech;
+#endif
+
+extern int sec_complete;
+
+#ifdef FTP_SERVER
+extern char *ftp_command;
+void new_ftp_command(char*);
+void delete_ftp_command(void);
+#endif
+
+/* ---- */
+
+
+int sec_fflush (FILE *);
+int sec_fprintf (FILE *, const char *, ...);
+int sec_getc (FILE *);
+int sec_putc (int, FILE *);
+int sec_read (int, void *, int);
+int sec_read_msg (char *, int);
+int sec_vfprintf (FILE *, const char *, va_list);
+int sec_fprintf2(FILE *f, const char *fmt, ...);
+int sec_vfprintf2(FILE *, const char *, va_list);
+int sec_write (int, char *, int);
+
+#ifdef FTP_SERVER
+void adat (char *);
+void auth (char *);
+void ccc (void);
+void mec (char *, enum protection_level);
+void pbsz (int);
+void prot (char *);
+void delete_ftp_command (void);
+void new_ftp_command (char *);
+int sec_userok (char *);
+int secure_command (void);
+enum protection_level get_command_prot(void);
+#else
+void sec_end (void);
+int sec_login (char *);
+void sec_prot (int, char **);
+int sec_request_prot (char *);
+void sec_set_protection_level (void);
+void sec_status (void);
+
+enum protection_level set_command_prot(enum protection_level);
+
+#endif
+
+#endif /* __security_h__ */  
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/Makefile.am b/crypto/kerberosIV/appl/ftp/ftpd/Makefile.am
new file mode 100644
index 0000000..282cb3a
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/Makefile.am
@@ -0,0 +1,54 @@
+# $Id: Makefile.am,v 1.20 1999/10/03 16:38:53 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += -I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER
+
+libexec_PROGRAMS = ftpd
+
+CHECK_LOCAL = 
+
+if KRB4
+krb4_sources = krb4.c kauth.c
+endif
+if KRB5
+krb5_sources = gssapi.c gss_userok.c
+endif
+
+ftpd_SOURCES =		\
+	extern.h	\
+	ftpcmd.y	\
+	ftpd.c		\
+	ftpd_locl.h	\
+	logwtmp.c	\
+	ls.c		\
+	pathnames.h	\
+	popen.c		\
+	security.c	\
+	$(krb4_sources) \
+	$(krb5_sources)
+
+EXTRA_ftpd_SOURCES = krb4.c kauth.c gssapi.c gss_userok.c
+
+$(ftpd_OBJECTS): security.h
+
+security.c:
+	@test -f security.c || $(LN_S) $(srcdir)/../ftp/security.c .
+security.h:
+	@test -f security.h || $(LN_S) $(srcdir)/../ftp/security.h .
+krb4.c:
+	@test -f krb4.c || $(LN_S) $(srcdir)/../ftp/krb4.c .
+gssapi.c:
+	@test -f gssapi.c || $(LN_S) $(srcdir)/../ftp/gssapi.c .
+
+CLEANFILES = security.c security.h krb4.c gssapi.c ftpcmd.c
+
+LDADD = ../common/libcommon.a \
+	$(LIB_kafs) \
+	$(LIB_gssapi) \
+	$(LIB_krb5) \
+	$(LIB_krb4) \
+	$(LIB_otp) \
+	$(top_builddir)/lib/des/libdes.la \
+	$(LIB_roken) \
+	$(DBLIB)
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in b/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in
new file mode 100644
index 0000000..bc5c12e
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in
@@ -0,0 +1,102 @@
+# 
+# $Id: Makefile.in,v 1.41 1999/10/03 16:39:27 joda Exp $
+#
+
+srcdir		= @srcdir@
+top_srcdir	= @top_srcdir@
+VPATH		= @srcdir@
+
+top_builddir	= ../../..
+
+SHELL		= /bin/sh
+
+CC 	= @CC@
+YACC	= @YACC@
+RANLIB 	= @RANLIB@
+DEFS 	= @DEFS@
+WFLAGS = @WFLAGS@
+CFLAGS 	= @CFLAGS@ $(WFLAGS)
+LD_FLAGS = @LD_FLAGS@
+LIBS	= @LIBS@
+LIB_DBM = @LIB_DBM@
+MKINSTALLDIRS = $(top_srcdir)/mkinstalldirs
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+
+LN_S = @LN_S@
+
+prefix 	= @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+ATHENA = ../../..
+
+INCTOP = $(ATHENA)/include
+
+LIBTOP = $(ATHENA)/lib
+
+LIBKAFS = @KRB_KAFS_LIB@
+LIBKRB	= -L$(LIBTOP)/krb -lkrb
+LIBDES	= -L$(LIBTOP)/des -ldes
+LIBOTP  = @LIB_otp@
+LIBROKEN= -L$(LIBTOP)/roken -lroken
+
+PROGS = ftpd$(EXECSUFFIX)
+
+ftpd_SOURCES = ftpd.c ftpcmd.c logwtmp.c ls.c popen.c security.c krb4.c kauth.c
+ftpd_OBJS = ftpd.o ftpcmd.o logwtmp.o ls.o popen.o security.o krb4.o kauth.o
+
+SOURCES = $(ftpd_SOURCES)
+OBJECTS = $(ftpd_OBJS)
+
+all: $(PROGS)
+
+$(ftpd_OBJS): security.h
+
+security.c:
+	$(LN_S) $(srcdir)/../ftp/security.c .
+security.h:
+	$(LN_S) $(srcdir)/../ftp/security.h .
+krb4.c:
+	$(LN_S) $(srcdir)/../ftp/krb4.c .
+gssapi.c:
+	$(LN_S) $(srcdir)/../ftp/gssapi.c .
+
+.c.o:
+	$(CC) -c -DFTP_SERVER -I. -I$(srcdir) -I$(srcdir)/../common -I$(INCTOP) $(DEFS) $(CFLAGS) $(CPPFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
+	for x in $(PROGS); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(PROGS); do \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+ftpd$(EXECSUFFIX): $(ftpd_OBJS)
+	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(ftpd_OBJS) -L../common -lcommon $(LIBKAFS) $(LIBKRB) $(LIBOTP) $(LIBDES) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+ftpcmd.c: ftpcmd.y
+	$(YACC) $(YFLAGS) $<
+	chmod a-w y.tab.c
+	mv -f y.tab.c ftpcmd.c
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+CLEANFILES = ftpd$(EXECSUFFIX) ftpcmd.c security.c security.h krb4.c gssapi.c
+
+clean cleandir:
+	rm -f *~ *.o core \#* $(CLEANFILES)
+
+distclean: 
+	rm -f Makefile
+
+.PHONY: all install uninstall clean cleandir distclean
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/auth.c b/crypto/kerberosIV/appl/ftp/ftpd/auth.c
new file mode 100644
index 0000000..862eb6d
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/auth.c
@@ -0,0 +1,249 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      H�gskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: auth.c,v 1.11 1997/05/04 23:09:00 assar Exp $");
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "extern.h"
+#include "krb4.h"
+#include "auth.h"
+
+static struct at auth_types [] = {
+    { "KERBEROS_V4", krb4_auth, krb4_adat, krb4_pbsz, krb4_prot, krb4_ccc, 
+      krb4_mic, krb4_conf, krb4_enc, krb4_read, krb4_write, krb4_userok, 
+      krb4_vprintf },
+    { 0, 0, 0, 0, 0, 0, 0, 0, 0 }
+};
+
+struct at *ct;
+
+int data_protection;
+int buffer_size;
+unsigned char *data_buffer;
+int auth_complete;
+
+
+char *protection_names[] = {
+    "clear", "safe", 
+    "confidential", "private"
+};
+
+
+void auth_init(void)
+{
+}
+
+char *ftp_command;
+int prot_level;
+
+void new_ftp_command(char *command)
+{
+    ftp_command = command;
+}
+
+void delete_ftp_command(void)
+{
+    if(ftp_command){
+	free(ftp_command);
+	ftp_command = NULL;
+    }
+}
+
+int auth_ok(void)
+{
+    return ct && auth_complete;
+}
+
+void auth(char *auth)
+{
+    for(ct=auth_types; ct->name; ct++){
+	if(!strcasecmp(auth, ct->name)){
+	    ct->auth(auth);
+	    return;
+	}
+    }
+    reply(504, "%s is not a known security mechanism", auth);
+}
+
+void adat(char *auth)
+{
+    if(ct && !auth_complete)
+	ct->adat(auth);
+    else
+	reply(503, "You must (re)issue an AUTH first.");
+}
+
+void pbsz(int size)
+{
+    int old = buffer_size;
+    if(auth_ok())
+	ct->pbsz(size);
+    else
+	reply(503, "Incomplete security data exchange.");
+    if(buffer_size != old){
+	if(data_buffer)
+	    free(data_buffer);
+	data_buffer = malloc(buffer_size + 4);
+    }
+}
+
+void prot(char *pl)
+{
+    int p = -1;
+
+    if(buffer_size == 0){
+	reply(503, "No protection buffer size negotiated.");
+	return;
+    }
+
+    if(!strcasecmp(pl, "C"))
+	p = prot_clear;
+    
+    if(!strcasecmp(pl, "S"))
+	p = prot_safe;
+    
+    if(!strcasecmp(pl, "E"))
+	p = prot_confidential;
+    
+    if(!strcasecmp(pl, "P"))
+	p = prot_private;
+    
+    if(p == -1){
+	reply(504, "Unrecognized protection level.");
+	return;
+    }
+    
+    if(auth_ok()){
+	if(ct->prot(p)){
+	    reply(536, "%s does not support %s protection.", 
+		  ct->name, protection_names[p]);
+	}else{
+	    data_protection = p;
+	    reply(200, "Data protection is %s.", 
+		  protection_names[data_protection]);
+	}
+    }else{
+	reply(503, "Incomplete security data exchange.");
+    }
+}
+
+void ccc(void)
+{
+    if(auth_ok()){
+	if(!ct->ccc())
+	    prot_level = prot_clear;
+    }else
+	reply(503, "Incomplete security data exchange.");
+}
+
+void mic(char *msg)
+{
+    if(auth_ok()){
+	if(!ct->mic(msg))
+	    prot_level = prot_safe;
+    }else
+	reply(503, "Incomplete security data exchange.");
+}
+
+void conf(char *msg)
+{
+    if(auth_ok()){
+	if(!ct->conf(msg))
+	    prot_level = prot_confidential;
+    }else
+	reply(503, "Incomplete security data exchange.");
+}
+
+void enc(char *msg)
+{
+    if(auth_ok()){
+	if(!ct->enc(msg))
+	    prot_level = prot_private;
+    }else
+	reply(503, "Incomplete security data exchange.");
+}
+
+int auth_read(int fd, void *data, int length)
+{
+    if(auth_ok() && data_protection)
+	return ct->read(fd, data, length);
+    else
+	return read(fd, data, length);
+}
+
+int auth_write(int fd, void *data, int length)
+{
+    if(auth_ok() && data_protection)
+	return ct->write(fd, data, length);
+    else
+	return write(fd, data, length);
+}
+
+void auth_vprintf(const char *fmt, va_list ap)
+{
+    if(auth_ok() && prot_level){
+	ct->vprintf(fmt, ap);
+    }else
+	vprintf(fmt, ap);
+}
+
+void auth_printf(const char *fmt, ...)
+{
+    va_list ap;
+    va_start(ap, fmt);
+    auth_vprintf(fmt, ap);
+    va_end(ap);
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/auth.h b/crypto/kerberosIV/appl/ftp/ftpd/auth.h
new file mode 100644
index 0000000..17d9a13
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/auth.h
@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      H�gskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: auth.h,v 1.9 1997/05/11 11:04:28 assar Exp $ */
+
+#ifndef __AUTH_H__
+#define __AUTH_H__
+
+#include <stdarg.h>
+
+struct at {
+  char *name;
+  int (*auth)(char*);
+  int (*adat)(char*);
+  int (*pbsz)(int);
+  int (*prot)(int);
+  int (*ccc)(void);
+  int (*mic)(char*);
+  int (*conf)(char*);
+  int (*enc)(char*);
+  int (*read)(int, void*, int);
+  int (*write)(int, void*, int);
+  int (*userok)(char*);
+  int (*vprintf)(const char*, va_list);
+};
+
+extern struct at *ct;
+
+enum protection_levels {
+  prot_clear, prot_safe, prot_confidential, prot_private
+};
+
+extern char *protection_names[];
+
+extern char *ftp_command;
+extern int prot_level;
+
+void delete_ftp_command(void);
+
+extern int data_protection;
+extern int buffer_size;
+extern unsigned char *data_buffer;
+extern int auth_complete;
+
+void auth_init(void);
+
+int auth_ok(void);
+
+void auth(char*);
+void adat(char*);
+void pbsz(int);
+void prot(char*);
+void ccc(void);
+void mic(char*);
+void conf(char*);
+void enc(char*);
+
+int auth_read(int, void*, int);
+int auth_write(int, void*, int);
+
+void auth_vprintf(const char *fmt, va_list ap)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 0)))
+#endif
+;
+void auth_printf(const char *fmt, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+
+void new_ftp_command(char *command);
+
+#endif /* __AUTH_H__ */
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/extern.h b/crypto/kerberosIV/appl/ftp/ftpd/extern.h
new file mode 100644
index 0000000..2e1e0d0
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/extern.h
@@ -0,0 +1,160 @@
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)extern.h	8.2 (Berkeley) 4/4/94
+ */
+
+#ifndef _EXTERN_H_
+#define _EXTERN_H_
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <setjmp.h>
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#ifndef NBBY
+#define NBBY CHAR_BIT
+#endif
+
+void	abor(void);
+void	blkfree(char **);
+char  **copyblk(char **);
+void	cwd(char *);
+void	do_delete(char *);
+void	dologout(int);
+void	eprt(char *);
+void	epsv(char *);
+void	fatal(char *);
+int	filename_check(char *);
+int	ftpd_pclose(FILE *);
+FILE   *ftpd_popen(char *, char *, int, int);
+char   *ftpd_getline(char *, int);
+void	ftpd_logwtmp(char *, char *, char *);
+void	lreply(int, const char *, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 2, 3)))
+#endif
+;
+void	makedir(char *);
+void	nack(char *);
+void	nreply(const char *, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+void	pass(char *);
+void	pasv(void);
+void	perror_reply(int, const char *);
+void	pwd(void);
+void	removedir(char *);
+void	renamecmd(char *, char *);
+char   *renamefrom(char *);
+void	reply(int, const char *, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 2, 3)))
+#endif
+;
+void	retrieve(const char *, char *);
+void	send_file_list(char *);
+void	setproctitle(const char *, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+void	statcmd(void);
+void	statfilecmd(char *);
+void	do_store(char *, char *, int);
+void	upper(char *);
+void	user(char *);
+void	yyerror(char *);
+
+void	list_file(char*);
+
+void	kauth(char *, char*);
+void	klist(void);
+void	cond_kdestroy(void);
+void	kdestroy(void);
+void	krbtkfile(const char *tkfile);
+void	afslog(const char *cell);
+void	afsunlog(void);
+
+int	find(char *);
+
+void	builtin_ls(FILE*, const char*);
+
+int	do_login(int code, char *passwd);
+int	klogin(char *name, char *password);
+
+const char *ftp_rooted(const char *path);
+
+extern struct sockaddr *ctrl_addr, *his_addr;
+extern char hostname[];
+
+extern	struct sockaddr *data_dest;
+extern	int logged_in;
+extern	struct passwd *pw;
+extern	int guest;
+extern	int logging;
+extern	int type;
+extern	int oobflag;
+extern off_t file_size;
+extern off_t byte_count;
+extern jmp_buf urgcatch;
+
+extern	int form;
+extern	int debug;
+extern	int ftpd_timeout;
+extern	int maxtimeout;
+extern  int pdata;
+extern	char hostname[], remotehost[];
+extern	char proctitle[];
+extern	int usedefault;
+extern  int transflag;
+extern  char tmpline[];
+
+#endif /* _EXTERN_H_ */
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y b/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y
new file mode 100644
index 0000000..07ff9a5
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y
@@ -0,0 +1,1455 @@
+/*	$NetBSD: ftpcmd.y,v 1.6 1995/06/03 22:46:45 mycroft Exp $	*/
+
+/*
+ * Copyright (c) 1985, 1988, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)ftpcmd.y	8.3 (Berkeley) 4/6/94
+ */
+
+/*
+ * Grammar for FTP commands.
+ * See RFC 959.
+ */
+
+%{
+
+#include "ftpd_locl.h"
+RCSID("$Id: ftpcmd.y,v 1.56 1999/10/26 11:56:23 assar Exp $");
+
+off_t	restart_point;
+
+static	int cmd_type;
+static	int cmd_form;
+static	int cmd_bytesz;
+char	cbuf[2048];
+char	*fromname;
+
+struct tab {
+	char	*name;
+	short	token;
+	short	state;
+	short	implemented;	/* 1 if command is implemented */
+	char	*help;
+};
+
+extern struct tab cmdtab[];
+extern struct tab sitetab[];
+
+static char		*copy (char *);
+static void		 help (struct tab *, char *);
+static struct tab *
+			 lookup (struct tab *, char *);
+static void		 sizecmd (char *);
+static RETSIGTYPE	 toolong (int);
+static int		 yylex (void);
+
+/* This is for bison */
+
+#if !defined(alloca) && !defined(HAVE_ALLOCA)
+#define alloca(x) malloc(x)
+#endif
+
+%}
+
+%union {
+	int	i;
+	char   *s;
+}
+
+%token
+	A	B	C	E	F	I
+	L	N	P	R	S	T
+
+	SP	CRLF	COMMA
+
+	USER	PASS	ACCT	REIN	QUIT	PORT
+	PASV	TYPE	STRU	MODE	RETR	STOR
+	APPE	MLFL	MAIL	MSND	MSOM	MSAM
+	MRSQ	MRCP	ALLO	REST	RNFR	RNTO
+	ABOR	DELE	CWD	LIST	NLST	SITE
+	sTAT	HELP	NOOP	MKD	RMD	PWD
+	CDUP	STOU	SMNT	SYST	SIZE	MDTM
+	EPRT	EPSV
+
+	UMASK	IDLE	CHMOD
+
+	AUTH	ADAT	PROT	PBSZ	CCC	MIC
+	CONF	ENC
+
+	KAUTH	KLIST	KDESTROY KRBTKFILE AFSLOG
+	LOCATE	URL
+
+	FEAT	OPTS
+
+	LEXERR
+
+%token	<s> STRING
+%token	<i> NUMBER
+
+%type	<i> check_login check_login_no_guest check_secure octal_number byte_size
+%type	<i> struct_code mode_code type_code form_code
+%type	<s> pathstring pathname password username
+
+%start	cmd_list
+
+%%
+
+cmd_list
+	: /* empty */
+	| cmd_list cmd
+		{
+			fromname = (char *) 0;
+			restart_point = (off_t) 0;
+		}
+	| cmd_list rcmd
+	;
+
+cmd
+	: USER SP username CRLF
+		{
+			user($3);
+			free($3);
+		}
+	| PASS SP password CRLF
+		{
+			pass($3);
+			memset ($3, 0, strlen($3));
+			free($3);
+		}
+	| PORT SP host_port CRLF
+		{
+			usedefault = 0;
+			if (pdata >= 0) {
+				close(pdata);
+				pdata = -1;
+			}
+			reply(200, "PORT command successful.");
+		}
+	| EPRT SP STRING CRLF
+		{
+			eprt ($3);
+			free ($3);
+		}
+	| PASV CRLF
+		{
+			pasv ();
+		}
+	| EPSV CRLF
+		{
+			epsv (NULL);
+		}
+	| EPSV SP STRING CRLF
+		{
+			epsv ($3);
+			free ($3);
+		}
+	| TYPE SP type_code CRLF
+		{
+			switch (cmd_type) {
+
+			case TYPE_A:
+				if (cmd_form == FORM_N) {
+					reply(200, "Type set to A.");
+					type = cmd_type;
+					form = cmd_form;
+				} else
+					reply(504, "Form must be N.");
+				break;
+
+			case TYPE_E:
+				reply(504, "Type E not implemented.");
+				break;
+
+			case TYPE_I:
+				reply(200, "Type set to I.");
+				type = cmd_type;
+				break;
+
+			case TYPE_L:
+#if NBBY == 8
+				if (cmd_bytesz == 8) {
+					reply(200,
+					    "Type set to L (byte size 8).");
+					type = cmd_type;
+				} else
+					reply(504, "Byte size must be 8.");
+#else /* NBBY == 8 */
+				UNIMPLEMENTED for NBBY != 8
+#endif /* NBBY == 8 */
+			}
+		}
+	| STRU SP struct_code CRLF
+		{
+			switch ($3) {
+
+			case STRU_F:
+				reply(200, "STRU F ok.");
+				break;
+
+			default:
+				reply(504, "Unimplemented STRU type.");
+			}
+		}
+	| MODE SP mode_code CRLF
+		{
+			switch ($3) {
+
+			case MODE_S:
+				reply(200, "MODE S ok.");
+				break;
+
+			default:
+				reply(502, "Unimplemented MODE type.");
+			}
+		}
+	| ALLO SP NUMBER CRLF
+		{
+			reply(202, "ALLO command ignored.");
+		}
+	| ALLO SP NUMBER SP R SP NUMBER CRLF
+		{
+			reply(202, "ALLO command ignored.");
+		}
+	| RETR SP pathname CRLF check_login
+		{
+			char *name = $3;
+
+			if ($5 && name != NULL)
+				retrieve(0, name);
+			if (name != NULL)
+				free(name);
+		}
+	| STOR SP pathname CRLF check_login
+		{
+			char *name = $3;
+
+			if ($5 && name != NULL)
+				do_store(name, "w", 0);
+			if (name != NULL)
+				free(name);
+		}
+	| APPE SP pathname CRLF check_login
+		{
+			char *name = $3;
+
+			if ($5 && name != NULL)
+				do_store(name, "a", 0);
+			if (name != NULL)
+				free(name);
+		}
+	| NLST CRLF check_login
+		{
+			if ($3)
+				send_file_list(".");
+		}
+	| NLST SP STRING CRLF check_login
+		{
+			char *name = $3;
+
+			if ($5 && name != NULL)
+				send_file_list(name);
+			if (name != NULL)
+				free(name);
+		}
+	| LIST CRLF check_login
+		{
+		    if($3)
+			list_file(".");
+		}
+	| LIST SP pathname CRLF check_login
+		{
+		    if($5)
+			list_file($3);
+		    free($3);
+		}
+	| sTAT SP pathname CRLF check_login
+		{
+			if ($5 && $3 != NULL)
+				statfilecmd($3);
+			if ($3 != NULL)
+				free($3);
+		}
+	| sTAT CRLF
+		{
+		    if(oobflag){
+			if (file_size != (off_t) -1)
+			    reply(213, "Status: %lu of %lu bytes transferred",
+				  (unsigned long)byte_count, 
+				  (unsigned long)file_size);
+			else
+			    reply(213, "Status: %lu bytes transferred", 
+				  (unsigned long)byte_count);
+		    }else
+			statcmd();
+	}
+	| DELE SP pathname CRLF check_login_no_guest
+		{
+			if ($5 && $3 != NULL)
+				do_delete($3);
+			if ($3 != NULL)
+				free($3);
+		}
+	| RNTO SP pathname CRLF check_login_no_guest
+		{
+			if($5){
+				if (fromname) {
+					renamecmd(fromname, $3);
+					free(fromname);
+					fromname = (char *) 0;
+				} else {
+					reply(503, "Bad sequence of commands.");
+				}
+			}
+			if ($3 != NULL)
+				free($3);
+		}
+	| ABOR CRLF
+		{
+			if(oobflag){
+				reply(426, "Transfer aborted. Data connection closed.");
+				reply(226, "Abort successful");
+				oobflag = 0;
+				longjmp(urgcatch, 1);
+			}else
+				reply(225, "ABOR command successful.");
+		}
+	| CWD CRLF check_login
+		{
+			if ($3)
+				cwd(pw->pw_dir);
+		}
+	| CWD SP pathname CRLF check_login
+		{
+			if ($5 && $3 != NULL)
+				cwd($3);
+			if ($3 != NULL)
+				free($3);
+		}
+	| HELP CRLF
+		{
+			help(cmdtab, (char *) 0);
+		}
+	| HELP SP STRING CRLF
+		{
+			char *cp = $3;
+
+			if (strncasecmp(cp, "SITE", 4) == 0) {
+				cp = $3 + 4;
+				if (*cp == ' ')
+					cp++;
+				if (*cp)
+					help(sitetab, cp);
+				else
+					help(sitetab, (char *) 0);
+			} else
+				help(cmdtab, $3);
+		}
+	| NOOP CRLF
+		{
+			reply(200, "NOOP command successful.");
+		}
+	| MKD SP pathname CRLF check_login
+		{
+			if ($5 && $3 != NULL)
+				makedir($3);
+			if ($3 != NULL)
+				free($3);
+		}
+	| RMD SP pathname CRLF check_login_no_guest
+		{
+			if ($5 && $3 != NULL)
+				removedir($3);
+			if ($3 != NULL)
+				free($3);
+		}
+	| PWD CRLF check_login
+		{
+			if ($3)
+				pwd();
+		}
+	| CDUP CRLF check_login
+		{
+			if ($3)
+				cwd("..");
+		}
+	| FEAT CRLF
+		{
+			lreply(211, "Supported features:");
+			lreply(0, " MDTM");
+			lreply(0, " REST STREAM");
+			lreply(0, " SIZE");
+			reply(211, "End");
+		}
+	| OPTS SP STRING CRLF
+		{
+			free ($3);
+			reply(501, "Bad options");
+		}
+
+	| SITE SP HELP CRLF
+		{
+			help(sitetab, (char *) 0);
+		}
+	| SITE SP HELP SP STRING CRLF
+		{
+			help(sitetab, $5);
+		}
+	| SITE SP UMASK CRLF check_login
+		{
+			if ($5) {
+				int oldmask = umask(0);
+				umask(oldmask);
+				reply(200, "Current UMASK is %03o", oldmask);
+			}
+		}
+	| SITE SP UMASK SP octal_number CRLF check_login_no_guest
+		{
+			if ($7) {
+				if (($5 == -1) || ($5 > 0777)) {
+					reply(501, "Bad UMASK value");
+				} else {
+					int oldmask = umask($5);
+					reply(200,
+					      "UMASK set to %03o (was %03o)",
+					      $5, oldmask);
+				}
+			}
+		}
+	| SITE SP CHMOD SP octal_number SP pathname CRLF check_login_no_guest
+		{
+			if ($9 && $7 != NULL) {
+				if ($5 > 0777)
+					reply(501,
+				"CHMOD: Mode value must be between 0 and 0777");
+				else if (chmod($7, $5) < 0)
+					perror_reply(550, $7);
+				else
+					reply(200, "CHMOD command successful.");
+			}
+			if ($7 != NULL)
+				free($7);
+		}
+	| SITE SP IDLE CRLF
+		{
+			reply(200,
+			    "Current IDLE time limit is %d seconds; max %d",
+				ftpd_timeout, maxtimeout);
+		}
+	| SITE SP IDLE SP NUMBER CRLF
+		{
+			if ($5 < 30 || $5 > maxtimeout) {
+				reply(501,
+			"Maximum IDLE time must be between 30 and %d seconds",
+				    maxtimeout);
+			} else {
+				ftpd_timeout = $5;
+				alarm((unsigned) ftpd_timeout);
+				reply(200,
+				    "Maximum IDLE time set to %d seconds",
+				    ftpd_timeout);
+			}
+		}
+
+	| SITE SP KAUTH SP STRING CRLF check_login
+		{
+#ifdef KRB4
+			char *p;
+			
+			if(guest)
+				reply(500, "Can't be done as guest.");
+			else{
+				if($7 && $5 != NULL){
+				    p = strpbrk($5, " \t");
+				    if(p){
+					*p++ = 0;
+					kauth($5, p + strspn(p, " \t"));
+				    }else
+					kauth($5, NULL);
+				}
+			}
+			if($5 != NULL)
+			    free($5);
+#else
+			reply(500, "Command not implemented.");
+#endif
+		}
+	| SITE SP KLIST CRLF check_login
+		{
+#ifdef KRB4
+		    if($5)
+			klist();
+#else
+		    reply(500, "Command not implemented.");
+#endif
+		}
+	| SITE SP KDESTROY CRLF check_login
+		{
+#ifdef KRB4
+		    if($5)
+			kdestroy();
+#else
+		    reply(500, "Command not implemented.");
+#endif
+		}
+	| SITE SP KRBTKFILE SP STRING CRLF check_login
+		{
+#ifdef KRB4
+		    if(guest)
+			reply(500, "Can't be done as guest.");
+		    else if($7 && $5)
+			krbtkfile($5);
+		    if($5)
+			free($5);
+#else
+		    reply(500, "Command not implemented.");
+#endif
+		}
+	| SITE SP AFSLOG CRLF check_login
+		{
+#ifdef KRB4
+		    if(guest)
+			reply(500, "Can't be done as guest.");
+		    else if($5)
+			afslog(NULL);
+#else
+		    reply(500, "Command not implemented.");
+#endif
+		}
+	| SITE SP AFSLOG SP STRING CRLF check_login
+		{
+#ifdef KRB4
+		    if(guest)
+			reply(500, "Can't be done as guest.");
+		    else if($7)
+			afslog($5);
+		    if($5)
+			free($5);
+#else
+		    reply(500, "Command not implemented.");
+#endif
+		}
+	| SITE SP LOCATE SP STRING CRLF check_login
+		{
+		    if($7 && $5 != NULL)
+			find($5);
+		    if($5 != NULL)
+			free($5);
+		}
+	| SITE SP URL CRLF
+		{
+			reply(200, "http://www.pdc.kth.se/kth-krb/");
+		}
+	| STOU SP pathname CRLF check_login
+		{
+			if ($5 && $3 != NULL)
+				do_store($3, "w", 1);
+			if ($3 != NULL)
+				free($3);
+		}
+	| SYST CRLF
+		{
+#if defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY)
+		    reply(215, "UNIX Type: L%d", NBBY);
+#else
+		    reply(215, "UNKNOWN Type: L%d", NBBY);
+#endif
+		}
+
+		/*
+		 * SIZE is not in RFC959, but Postel has blessed it and
+		 * it will be in the updated RFC.
+		 *
+		 * Return size of file in a format suitable for
+		 * using with RESTART (we just count bytes).
+		 */
+	| SIZE SP pathname CRLF check_login
+		{
+			if ($5 && $3 != NULL)
+				sizecmd($3);
+			if ($3 != NULL)
+				free($3);
+		}
+
+		/*
+		 * MDTM is not in RFC959, but Postel has blessed it and
+		 * it will be in the updated RFC.
+		 *
+		 * Return modification time of file as an ISO 3307
+		 * style time. E.g. YYYYMMDDHHMMSS or YYYYMMDDHHMMSS.xxx
+		 * where xxx is the fractional second (of any precision,
+		 * not necessarily 3 digits)
+		 */
+	| MDTM SP pathname CRLF check_login
+		{
+			if ($5 && $3 != NULL) {
+				struct stat stbuf;
+				if (stat($3, &stbuf) < 0)
+					reply(550, "%s: %s",
+					    $3, strerror(errno));
+				else if (!S_ISREG(stbuf.st_mode)) {
+					reply(550,
+					      "%s: not a plain file.", $3);
+				} else {
+					struct tm *t;
+					t = gmtime(&stbuf.st_mtime);
+					reply(213,
+					      "%04d%02d%02d%02d%02d%02d",
+					      t->tm_year + 1900,
+					      t->tm_mon + 1,
+					      t->tm_mday,
+					      t->tm_hour,
+					      t->tm_min,
+					      t->tm_sec);
+				}
+			}
+			if ($3 != NULL)
+				free($3);
+		}
+	| QUIT CRLF
+		{
+			reply(221, "Goodbye.");
+			dologout(0);
+		}
+	| error CRLF
+		{
+			yyerrok;
+		}
+	;
+rcmd
+	: RNFR SP pathname CRLF check_login_no_guest
+		{
+			restart_point = (off_t) 0;
+			if ($5 && $3) {
+				fromname = renamefrom($3);
+				if (fromname == (char *) 0 && $3) {
+					free($3);
+				}
+			}
+		}
+	| REST SP byte_size CRLF
+		{
+			fromname = (char *) 0;
+			restart_point = $3;	/* XXX $3 is only "int" */
+			reply(350, "Restarting at %ld. %s",
+			      (long)restart_point,
+			      "Send STORE or RETRIEVE to initiate transfer.");
+		}
+	| AUTH SP STRING CRLF
+		{
+			auth($3);
+			free($3);
+		}
+	| ADAT SP STRING CRLF
+		{
+			adat($3);
+			free($3);
+		}
+	| PBSZ SP NUMBER CRLF
+		{
+			pbsz($3);
+		}
+	| PROT SP STRING CRLF
+		{
+			prot($3);
+		}
+	| CCC CRLF
+		{
+			ccc();
+		}
+	| MIC SP STRING CRLF
+		{
+			mec($3, prot_safe);
+			free($3);
+		}
+	| CONF SP STRING CRLF
+		{
+			mec($3, prot_confidential);
+			free($3);
+		}
+	| ENC SP STRING CRLF
+		{
+			mec($3, prot_private);
+			free($3);
+		}
+	;
+
+username
+	: STRING
+	;
+
+password
+	: /* empty */
+		{
+			$$ = (char *)calloc(1, sizeof(char));
+		}
+	| STRING
+	;
+
+byte_size
+	: NUMBER
+	;
+
+host_port
+	: NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA
+		NUMBER COMMA NUMBER
+		{
+			struct sockaddr_in *sin = (struct sockaddr_in *)data_dest;
+
+			sin->sin_family = AF_INET;
+			sin->sin_port = htons($9 * 256 + $11);
+			sin->sin_addr.s_addr = 
+			    htonl(($1 << 24) | ($3 << 16) | ($5 << 8) | $7);
+		}
+	;
+
+form_code
+	: N
+		{
+			$$ = FORM_N;
+		}
+	| T
+		{
+			$$ = FORM_T;
+		}
+	| C
+		{
+			$$ = FORM_C;
+		}
+	;
+
+type_code
+	: A
+		{
+			cmd_type = TYPE_A;
+			cmd_form = FORM_N;
+		}
+	| A SP form_code
+		{
+			cmd_type = TYPE_A;
+			cmd_form = $3;
+		}
+	| E
+		{
+			cmd_type = TYPE_E;
+			cmd_form = FORM_N;
+		}
+	| E SP form_code
+		{
+			cmd_type = TYPE_E;
+			cmd_form = $3;
+		}
+	| I
+		{
+			cmd_type = TYPE_I;
+		}
+	| L
+		{
+			cmd_type = TYPE_L;
+			cmd_bytesz = NBBY;
+		}
+	| L SP byte_size
+		{
+			cmd_type = TYPE_L;
+			cmd_bytesz = $3;
+		}
+		/* this is for a bug in the BBN ftp */
+	| L byte_size
+		{
+			cmd_type = TYPE_L;
+			cmd_bytesz = $2;
+		}
+	;
+
+struct_code
+	: F
+		{
+			$$ = STRU_F;
+		}
+	| R
+		{
+			$$ = STRU_R;
+		}
+	| P
+		{
+			$$ = STRU_P;
+		}
+	;
+
+mode_code
+	: S
+		{
+			$$ = MODE_S;
+		}
+	| B
+		{
+			$$ = MODE_B;
+		}
+	| C
+		{
+			$$ = MODE_C;
+		}
+	;
+
+pathname
+	: pathstring
+		{
+			/*
+			 * Problem: this production is used for all pathname
+			 * processing, but only gives a 550 error reply.
+			 * This is a valid reply in some cases but not in others.
+			 */
+			if (logged_in && $1 && *$1 == '~') {
+				glob_t gl;
+				int flags =
+				 GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+
+				memset(&gl, 0, sizeof(gl));
+				if (glob($1, flags, NULL, &gl) ||
+				    gl.gl_pathc == 0) {
+					reply(550, "not found");
+					$$ = NULL;
+				} else {
+					$$ = strdup(gl.gl_pathv[0]);
+				}
+				globfree(&gl);
+				free($1);
+			} else
+				$$ = $1;
+		}
+	;
+
+pathstring
+	: STRING
+	;
+
+octal_number
+	: NUMBER
+		{
+			int ret, dec, multby, digit;
+
+			/*
+			 * Convert a number that was read as decimal number
+			 * to what it would be if it had been read as octal.
+			 */
+			dec = $1;
+			multby = 1;
+			ret = 0;
+			while (dec) {
+				digit = dec%10;
+				if (digit > 7) {
+					ret = -1;
+					break;
+				}
+				ret += digit * multby;
+				multby *= 8;
+				dec /= 10;
+			}
+			$$ = ret;
+		}
+	;
+
+
+check_login_no_guest : check_login
+		{
+			$$ = $1 && !guest;
+			if($1 && !$$)
+				reply(550, "Permission denied");
+		}
+	;
+
+check_login : check_secure
+		{
+		    if($1) {
+			if(($$ = logged_in) == 0)
+			    reply(530, "Please login with USER and PASS.");
+		    } else
+			$$ = 0;
+		}
+	;
+
+check_secure : /* empty */
+		{
+		    $$ = 1;
+		    if(sec_complete && !secure_command()) {
+			$$ = 0;
+			reply(533, "Command protection level denied "
+			      "for paranoid reasons.");
+		    }
+		}
+	;
+
+%%
+
+extern jmp_buf errcatch;
+
+#define	CMD	0	/* beginning of command */
+#define	ARGS	1	/* expect miscellaneous arguments */
+#define	STR1	2	/* expect SP followed by STRING */
+#define	STR2	3	/* expect STRING */
+#define	OSTR	4	/* optional SP then STRING */
+#define	ZSTR1	5	/* SP then optional STRING */
+#define	ZSTR2	6	/* optional STRING after SP */
+#define	SITECMD	7	/* SITE command */
+#define	NSTR	8	/* Number followed by a string */
+
+struct tab cmdtab[] = {		/* In order defined in RFC 765 */
+	{ "USER", USER, STR1, 1,	"<sp> username" },
+	{ "PASS", PASS, ZSTR1, 1,	"<sp> password" },
+	{ "ACCT", ACCT, STR1, 0,	"(specify account)" },
+	{ "SMNT", SMNT, ARGS, 0,	"(structure mount)" },
+	{ "REIN", REIN, ARGS, 0,	"(reinitialize server state)" },
+	{ "QUIT", QUIT, ARGS, 1,	"(terminate service)", },
+	{ "PORT", PORT, ARGS, 1,	"<sp> b0, b1, b2, b3, b4" },
+	{ "EPRT", EPRT, STR1, 1,	"<sp> string" },
+	{ "PASV", PASV, ARGS, 1,	"(set server in passive mode)" },
+	{ "EPSV", EPSV, OSTR, 1,	"[<sp> foo]" },
+	{ "TYPE", TYPE, ARGS, 1,	"<sp> [ A | E | I | L ]" },
+	{ "STRU", STRU, ARGS, 1,	"(specify file structure)" },
+	{ "MODE", MODE, ARGS, 1,	"(specify transfer mode)" },
+	{ "RETR", RETR, STR1, 1,	"<sp> file-name" },
+	{ "STOR", STOR, STR1, 1,	"<sp> file-name" },
+	{ "APPE", APPE, STR1, 1,	"<sp> file-name" },
+	{ "MLFL", MLFL, OSTR, 0,	"(mail file)" },
+	{ "MAIL", MAIL, OSTR, 0,	"(mail to user)" },
+	{ "MSND", MSND, OSTR, 0,	"(mail send to terminal)" },
+	{ "MSOM", MSOM, OSTR, 0,	"(mail send to terminal or mailbox)" },
+	{ "MSAM", MSAM, OSTR, 0,	"(mail send to terminal and mailbox)" },
+	{ "MRSQ", MRSQ, OSTR, 0,	"(mail recipient scheme question)" },
+	{ "MRCP", MRCP, STR1, 0,	"(mail recipient)" },
+	{ "ALLO", ALLO, ARGS, 1,	"allocate storage (vacuously)" },
+	{ "REST", REST, ARGS, 1,	"<sp> offset (restart command)" },
+	{ "RNFR", RNFR, STR1, 1,	"<sp> file-name" },
+	{ "RNTO", RNTO, STR1, 1,	"<sp> file-name" },
+	{ "ABOR", ABOR, ARGS, 1,	"(abort operation)" },
+	{ "DELE", DELE, STR1, 1,	"<sp> file-name" },
+	{ "CWD",  CWD,  OSTR, 1,	"[ <sp> directory-name ]" },
+	{ "XCWD", CWD,	OSTR, 1,	"[ <sp> directory-name ]" },
+	{ "LIST", LIST, OSTR, 1,	"[ <sp> path-name ]" },
+	{ "NLST", NLST, OSTR, 1,	"[ <sp> path-name ]" },
+	{ "SITE", SITE, SITECMD, 1,	"site-cmd [ <sp> arguments ]" },
+	{ "SYST", SYST, ARGS, 1,	"(get type of operating system)" },
+	{ "STAT", sTAT, OSTR, 1,	"[ <sp> path-name ]" },
+	{ "HELP", HELP, OSTR, 1,	"[ <sp> <string> ]" },
+	{ "NOOP", NOOP, ARGS, 1,	"" },
+	{ "MKD",  MKD,  STR1, 1,	"<sp> path-name" },
+	{ "XMKD", MKD,  STR1, 1,	"<sp> path-name" },
+	{ "RMD",  RMD,  STR1, 1,	"<sp> path-name" },
+	{ "XRMD", RMD,  STR1, 1,	"<sp> path-name" },
+	{ "PWD",  PWD,  ARGS, 1,	"(return current directory)" },
+	{ "XPWD", PWD,  ARGS, 1,	"(return current directory)" },
+	{ "CDUP", CDUP, ARGS, 1,	"(change to parent directory)" },
+	{ "XCUP", CDUP, ARGS, 1,	"(change to parent directory)" },
+	{ "STOU", STOU, STR1, 1,	"<sp> file-name" },
+	{ "SIZE", SIZE, OSTR, 1,	"<sp> path-name" },
+	{ "MDTM", MDTM, OSTR, 1,	"<sp> path-name" },
+
+	/* extensions from RFC2228 */
+	{ "AUTH", AUTH,	STR1, 1,	"<sp> auth-type" },
+	{ "ADAT", ADAT,	STR1, 1,	"<sp> auth-data" },
+	{ "PBSZ", PBSZ,	ARGS, 1,	"<sp> buffer-size" },
+	{ "PROT", PROT,	STR1, 1,	"<sp> prot-level" },
+	{ "CCC",  CCC,	ARGS, 1,	"" },
+	{ "MIC",  MIC,	STR1, 1,	"<sp> integrity command" },
+	{ "CONF", CONF,	STR1, 1,	"<sp> confidentiality command" },
+	{ "ENC",  ENC,	STR1, 1,	"<sp> privacy command" },
+
+	/* RFC2389 */
+	{ "FEAT", FEAT, ARGS, 1,	"" },
+	{ "OPTS", OPTS, ARGS, 1,	"<sp> command [<sp> options]" },
+
+	{ NULL,   0,    0,    0,	0 }
+};
+
+struct tab sitetab[] = {
+	{ "UMASK", UMASK, ARGS, 1,	"[ <sp> umask ]" },
+	{ "IDLE", IDLE, ARGS, 1,	"[ <sp> maximum-idle-time ]" },
+	{ "CHMOD", CHMOD, NSTR, 1,	"<sp> mode <sp> file-name" },
+	{ "HELP", HELP, OSTR, 1,	"[ <sp> <string> ]" },
+
+	{ "KAUTH", KAUTH, STR1, 1,	"<sp> principal [ <sp> ticket ]" },
+	{ "KLIST", KLIST, ARGS, 1,	"(show ticket file)" },
+	{ "KDESTROY", KDESTROY, ARGS, 1, "(destroy tickets)" },
+	{ "KRBTKFILE", KRBTKFILE, STR1, 1, "<sp> ticket-file" },
+	{ "AFSLOG", AFSLOG, OSTR, 1,	"[<sp> cell]" },
+
+	{ "LOCATE", LOCATE, STR1, 1,	"<sp> globexpr" },
+	{ "FIND", LOCATE, STR1, 1,	"<sp> globexpr" },
+
+	{ "URL",  URL,  ARGS, 1,	"?" },
+	
+	{ NULL,   0,    0,    0,	0 }
+};
+
+static struct tab *
+lookup(struct tab *p, char *cmd)
+{
+
+	for (; p->name != NULL; p++)
+		if (strcmp(cmd, p->name) == 0)
+			return (p);
+	return (0);
+}
+
+/*
+ * ftpd_getline - a hacked up version of fgets to ignore TELNET escape codes.
+ */
+char *
+ftpd_getline(char *s, int n)
+{
+	int c;
+	char *cs;
+
+	cs = s;
+/* tmpline may contain saved command from urgent mode interruption */
+	if(ftp_command){
+	  strlcpy(s, ftp_command, n);
+	  if (debug)
+	    syslog(LOG_DEBUG, "command: %s", s);
+#ifdef XXX
+	  fprintf(stderr, "%s\n", s);
+#endif
+	  return s;
+	}
+	while ((c = getc(stdin)) != EOF) {
+		c &= 0377;
+		if (c == IAC) {
+		    if ((c = getc(stdin)) != EOF) {
+			c &= 0377;
+			switch (c) {
+			case WILL:
+			case WONT:
+				c = getc(stdin);
+				printf("%c%c%c", IAC, DONT, 0377&c);
+				fflush(stdout);
+				continue;
+			case DO:
+			case DONT:
+				c = getc(stdin);
+				printf("%c%c%c", IAC, WONT, 0377&c);
+				fflush(stdout);
+				continue;
+			case IAC:
+				break;
+			default:
+				continue;	/* ignore command */
+			}
+		    }
+		}
+		*cs++ = c;
+		if (--n <= 0 || c == '\n')
+			break;
+	}
+	if (c == EOF && cs == s)
+		return (NULL);
+	*cs++ = '\0';
+	if (debug) {
+		if (!guest && strncasecmp("pass ", s, 5) == 0) {
+			/* Don't syslog passwords */
+			syslog(LOG_DEBUG, "command: %.5s ???", s);
+		} else {
+			char *cp;
+			int len;
+
+			/* Don't syslog trailing CR-LF */
+			len = strlen(s);
+			cp = s + len - 1;
+			while (cp >= s && (*cp == '\n' || *cp == '\r')) {
+				--cp;
+				--len;
+			}
+			syslog(LOG_DEBUG, "command: %.*s", len, s);
+		}
+	}
+#ifdef XXX
+	fprintf(stderr, "%s\n", s);
+#endif
+	return (s);
+}
+
+static RETSIGTYPE
+toolong(int signo)
+{
+
+	reply(421,
+	    "Timeout (%d seconds): closing control connection.",
+	      ftpd_timeout);
+	if (logging)
+		syslog(LOG_INFO, "User %s timed out after %d seconds",
+		    (pw ? pw -> pw_name : "unknown"), ftpd_timeout);
+	dologout(1);
+	SIGRETURN(0);
+}
+
+static int
+yylex(void)
+{
+	static int cpos, state;
+	char *cp, *cp2;
+	struct tab *p;
+	int n;
+	char c;
+
+	for (;;) {
+		switch (state) {
+
+		case CMD:
+			signal(SIGALRM, toolong);
+			alarm((unsigned) ftpd_timeout);
+			if (ftpd_getline(cbuf, sizeof(cbuf)-1) == NULL) {
+				reply(221, "You could at least say goodbye.");
+				dologout(0);
+			}
+			alarm(0);
+#ifdef HAVE_SETPROCTITLE
+			if (strncasecmp(cbuf, "PASS", 4) != NULL)
+				setproctitle("%s: %s", proctitle, cbuf);
+#endif /* HAVE_SETPROCTITLE */
+			if ((cp = strchr(cbuf, '\r'))) {
+				*cp++ = '\n';
+				*cp = '\0';
+			}
+			if ((cp = strpbrk(cbuf, " \n")))
+				cpos = cp - cbuf;
+			if (cpos == 0)
+				cpos = 4;
+			c = cbuf[cpos];
+			cbuf[cpos] = '\0';
+			strupr(cbuf);
+			p = lookup(cmdtab, cbuf);
+			cbuf[cpos] = c;
+			if (p != 0) {
+				if (p->implemented == 0) {
+					nack(p->name);
+					longjmp(errcatch,0);
+					/* NOTREACHED */
+				}
+				state = p->state;
+				yylval.s = p->name;
+				return (p->token);
+			}
+			break;
+
+		case SITECMD:
+			if (cbuf[cpos] == ' ') {
+				cpos++;
+				return (SP);
+			}
+			cp = &cbuf[cpos];
+			if ((cp2 = strpbrk(cp, " \n")))
+				cpos = cp2 - cbuf;
+			c = cbuf[cpos];
+			cbuf[cpos] = '\0';
+			strupr(cp);
+			p = lookup(sitetab, cp);
+			cbuf[cpos] = c;
+			if (p != 0) {
+				if (p->implemented == 0) {
+					state = CMD;
+					nack(p->name);
+					longjmp(errcatch,0);
+					/* NOTREACHED */
+				}
+				state = p->state;
+				yylval.s = p->name;
+				return (p->token);
+			}
+			state = CMD;
+			break;
+
+		case OSTR:
+			if (cbuf[cpos] == '\n') {
+				state = CMD;
+				return (CRLF);
+			}
+			/* FALLTHROUGH */
+
+		case STR1:
+		case ZSTR1:
+		dostr1:
+			if (cbuf[cpos] == ' ') {
+				cpos++;
+				if(state == OSTR)
+				    state = STR2;
+				else
+				    state++;
+				return (SP);
+			}
+			break;
+
+		case ZSTR2:
+			if (cbuf[cpos] == '\n') {
+				state = CMD;
+				return (CRLF);
+			}
+			/* FALLTHROUGH */
+
+		case STR2:
+			cp = &cbuf[cpos];
+			n = strlen(cp);
+			cpos += n - 1;
+			/*
+			 * Make sure the string is nonempty and \n terminated.
+			 */
+			if (n > 1 && cbuf[cpos] == '\n') {
+				cbuf[cpos] = '\0';
+				yylval.s = copy(cp);
+				cbuf[cpos] = '\n';
+				state = ARGS;
+				return (STRING);
+			}
+			break;
+
+		case NSTR:
+			if (cbuf[cpos] == ' ') {
+				cpos++;
+				return (SP);
+			}
+			if (isdigit(cbuf[cpos])) {
+				cp = &cbuf[cpos];
+				while (isdigit(cbuf[++cpos]))
+					;
+				c = cbuf[cpos];
+				cbuf[cpos] = '\0';
+				yylval.i = atoi(cp);
+				cbuf[cpos] = c;
+				state = STR1;
+				return (NUMBER);
+			}
+			state = STR1;
+			goto dostr1;
+
+		case ARGS:
+			if (isdigit(cbuf[cpos])) {
+				cp = &cbuf[cpos];
+				while (isdigit(cbuf[++cpos]))
+					;
+				c = cbuf[cpos];
+				cbuf[cpos] = '\0';
+				yylval.i = atoi(cp);
+				cbuf[cpos] = c;
+				return (NUMBER);
+			}
+			switch (cbuf[cpos++]) {
+
+			case '\n':
+				state = CMD;
+				return (CRLF);
+
+			case ' ':
+				return (SP);
+
+			case ',':
+				return (COMMA);
+
+			case 'A':
+			case 'a':
+				return (A);
+
+			case 'B':
+			case 'b':
+				return (B);
+
+			case 'C':
+			case 'c':
+				return (C);
+
+			case 'E':
+			case 'e':
+				return (E);
+
+			case 'F':
+			case 'f':
+				return (F);
+
+			case 'I':
+			case 'i':
+				return (I);
+
+			case 'L':
+			case 'l':
+				return (L);
+
+			case 'N':
+			case 'n':
+				return (N);
+
+			case 'P':
+			case 'p':
+				return (P);
+
+			case 'R':
+			case 'r':
+				return (R);
+
+			case 'S':
+			case 's':
+				return (S);
+
+			case 'T':
+			case 't':
+				return (T);
+
+			}
+			break;
+
+		default:
+			fatal("Unknown state in scanner.");
+		}
+		yyerror((char *) 0);
+		state = CMD;
+		longjmp(errcatch,0);
+	}
+}
+
+static char *
+copy(char *s)
+{
+	char *p;
+
+	p = strdup(s);
+	if (p == NULL)
+		fatal("Ran out of memory.");
+	return p;
+}
+
+static void
+help(struct tab *ctab, char *s)
+{
+	struct tab *c;
+	int width, NCMDS;
+	char *type;
+	char buf[1024];
+
+	if (ctab == sitetab)
+		type = "SITE ";
+	else
+		type = "";
+	width = 0, NCMDS = 0;
+	for (c = ctab; c->name != NULL; c++) {
+		int len = strlen(c->name);
+
+		if (len > width)
+			width = len;
+		NCMDS++;
+	}
+	width = (width + 8) &~ 7;
+	if (s == 0) {
+		int i, j, w;
+		int columns, lines;
+
+		lreply(214, "The following %scommands are recognized %s.",
+		    type, "(* =>'s unimplemented)");
+		columns = 76 / width;
+		if (columns == 0)
+			columns = 1;
+		lines = (NCMDS + columns - 1) / columns;
+		for (i = 0; i < lines; i++) {
+		    strlcpy (buf, "   ", sizeof(buf));
+		    for (j = 0; j < columns; j++) {
+			c = ctab + j * lines + i;
+			snprintf (buf + strlen(buf),
+				  sizeof(buf) - strlen(buf),
+				  "%s%c",
+				  c->name,
+				  c->implemented ? ' ' : '*');
+			if (c + lines >= &ctab[NCMDS])
+			    break;
+			w = strlen(c->name) + 1;
+			while (w < width) {
+			    strlcat (buf,
+					     " ",
+					     sizeof(buf));
+			    w++;
+			}
+		    }
+		    lreply(214, "%s", buf);
+		}
+		reply(214, "Direct comments to kth-krb-bugs@pdc.kth.se");
+		return;
+	}
+	strupr(s);
+	c = lookup(ctab, s);
+	if (c == (struct tab *)0) {
+		reply(502, "Unknown command %s.", s);
+		return;
+	}
+	if (c->implemented)
+		reply(214, "Syntax: %s%s %s", type, c->name, c->help);
+	else
+		reply(214, "%s%-*s\t%s; unimplemented.", type, width,
+		    c->name, c->help);
+}
+
+static void
+sizecmd(char *filename)
+{
+	switch (type) {
+	case TYPE_L:
+	case TYPE_I: {
+		struct stat stbuf;
+		if (stat(filename, &stbuf) < 0 || !S_ISREG(stbuf.st_mode))
+			reply(550, "%s: not a plain file.", filename);
+		else
+			reply(213, "%lu", (unsigned long)stbuf.st_size);
+		break;
+	}
+	case TYPE_A: {
+		FILE *fin;
+		int c;
+		size_t count;
+		struct stat stbuf;
+		fin = fopen(filename, "r");
+		if (fin == NULL) {
+			perror_reply(550, filename);
+			return;
+		}
+		if (fstat(fileno(fin), &stbuf) < 0 || !S_ISREG(stbuf.st_mode)) {
+			reply(550, "%s: not a plain file.", filename);
+			fclose(fin);
+			return;
+		}
+
+		count = 0;
+		while((c=getc(fin)) != EOF) {
+			if (c == '\n')	/* will get expanded to \r\n */
+				count++;
+			count++;
+		}
+		fclose(fin);
+
+		reply(213, "%lu", (unsigned long)count);
+		break;
+	}
+	default:
+		reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]);
+	}
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c b/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c
new file mode 100644
index 0000000..e71af0c
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c
@@ -0,0 +1,2264 @@
+/*
+ * Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#define	FTP_NAMES
+#include "ftpd_locl.h"
+#ifdef KRB5
+#include <krb5.h>
+#endif
+#include "getarg.h"
+
+RCSID("$Id: ftpd.c,v 1.131 1999/11/30 19:18:38 assar Exp $");
+
+static char version[] = "Version 6.00";
+
+extern	off_t restart_point;
+extern	char cbuf[];
+
+struct  sockaddr_storage ctrl_addr_ss;
+struct  sockaddr *ctrl_addr = (struct sockaddr *)&ctrl_addr_ss;
+
+struct  sockaddr_storage data_source_ss;
+struct  sockaddr *data_source = (struct sockaddr *)&data_source_ss;
+
+struct  sockaddr_storage data_dest_ss;
+struct  sockaddr *data_dest = (struct sockaddr *)&data_dest_ss;
+
+struct  sockaddr_storage his_addr_ss;
+struct  sockaddr *his_addr = (struct sockaddr *)&his_addr_ss;
+
+struct  sockaddr_storage pasv_addr_ss;
+struct  sockaddr *pasv_addr = (struct sockaddr *)&pasv_addr_ss;
+
+int	data;
+jmp_buf	errcatch, urgcatch;
+int	oobflag;
+int	logged_in;
+struct	passwd *pw;
+int	debug = 0;
+int	ftpd_timeout = 900;    /* timeout after 15 minutes of inactivity */
+int	maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */
+int	logging;
+int	guest;
+int	dochroot;
+int	type;
+int	form;
+int	stru;			/* avoid C keyword */
+int	mode;
+int	usedefault = 1;		/* for data transfers */
+int	pdata = -1;		/* for passive mode */
+int	transflag;
+off_t	file_size;
+off_t	byte_count;
+#if !defined(CMASK) || CMASK == 0
+#undef CMASK
+#define CMASK 027
+#endif
+int	defumask = CMASK;		/* default umask value */
+int	guest_umask = 0777;	/* Paranoia for anonymous users */
+char	tmpline[10240];
+char	hostname[MaxHostNameLen];
+char	remotehost[MaxHostNameLen];
+static char ttyline[20];
+
+#define AUTH_PLAIN	(1 << 0) /* allow sending passwords */
+#define AUTH_OTP	(1 << 1) /* passwords are one-time */
+#define AUTH_FTP	(1 << 2) /* allow anonymous login */
+
+static int auth_level = 0; /* Only allow kerberos login by default */
+
+/*
+ * Timeout intervals for retrying connections
+ * to hosts that don't accept PORT cmds.  This
+ * is a kludge, but given the problems with TCP...
+ */
+#define	SWAITMAX	90	/* wait at most 90 seconds */
+#define	SWAITINT	5	/* interval between retries */
+
+int	swaitmax = SWAITMAX;
+int	swaitint = SWAITINT;
+
+#ifdef HAVE_SETPROCTITLE
+char	proctitle[BUFSIZ];	/* initial part of title */
+#endif /* HAVE_SETPROCTITLE */
+
+#define LOGCMD(cmd, file) \
+	if (logging > 1) \
+	    syslog(LOG_INFO,"%s %s%s", cmd, \
+		*(file) == '/' ? "" : curdir(), file);
+#define LOGCMD2(cmd, file1, file2) \
+	 if (logging > 1) \
+	    syslog(LOG_INFO,"%s %s%s %s%s", cmd, \
+		*(file1) == '/' ? "" : curdir(), file1, \
+		*(file2) == '/' ? "" : curdir(), file2);
+#define LOGBYTES(cmd, file, cnt) \
+	if (logging > 1) { \
+		if (cnt == (off_t)-1) \
+		    syslog(LOG_INFO,"%s %s%s", cmd, \
+			*(file) == '/' ? "" : curdir(), file); \
+		else \
+		    syslog(LOG_INFO, "%s %s%s = %ld bytes", \
+			cmd, (*(file) == '/') ? "" : curdir(), file, (long)cnt); \
+	}
+
+static void	 ack (char *);
+static void	 myoob (int);
+static int	 checkuser (char *, char *);
+static int	 checkaccess (char *);
+static FILE	*dataconn (const char *, off_t, const char *);
+static void	 dolog (struct sockaddr *);
+static void	 end_login (void);
+static FILE	*getdatasock (const char *);
+static char	*gunique (char *);
+static RETSIGTYPE	 lostconn (int);
+static int	 receive_data (FILE *, FILE *);
+static void	 send_data (FILE *, FILE *);
+static struct passwd * sgetpwnam (char *);
+
+static char *
+curdir(void)
+{
+	static char path[MaxPathLen+1];	/* path + '/' + '\0' */
+
+	if (getcwd(path, sizeof(path)-1) == NULL)
+		return ("");
+	if (path[1] != '\0')		/* special case for root dir. */
+		strlcat(path, "/", sizeof(path));
+	/* For guest account, skip / since it's chrooted */
+	return (guest ? path+1 : path);
+}
+
+#ifndef LINE_MAX
+#define LINE_MAX 1024
+#endif
+
+static int
+parse_auth_level(char *str)
+{
+    char *p;
+    int ret = 0;
+    char *foo = NULL;
+
+    for(p = strtok_r(str, ",", &foo);
+	p;
+	p = strtok_r(NULL, ",", &foo)) {
+	if(strcmp(p, "user") == 0)
+	    ;
+#ifdef OTP
+	else if(strcmp(p, "otp") == 0)
+	    ret |= AUTH_PLAIN|AUTH_OTP;
+#endif
+	else if(strcmp(p, "ftp") == 0 ||
+		strcmp(p, "safe") == 0)
+	    ret |= AUTH_FTP;
+	else if(strcmp(p, "plain") == 0)
+	    ret |= AUTH_PLAIN;
+	else if(strcmp(p, "none") == 0)
+	    ret |= AUTH_PLAIN|AUTH_FTP;
+	else
+	    warnx("bad value for -a: `%s'", p);
+    }
+    return ret;	    
+}
+
+/*
+ * Print usage and die.
+ */
+
+static int debug_flag;
+static int interactive_flag;
+static char *guest_umask_string;
+static char *port_string;
+static char *umask_string;
+static char *auth_string;
+
+int use_builtin_ls;
+
+static int help_flag;
+static int version_flag;
+
+struct getargs args[] = {
+    { NULL, 'a', arg_string, &auth_string, "required authentication" },
+    { NULL, 'i', arg_flag, &interactive_flag, "don't assume stdin is a socket" },
+    { NULL, 'p', arg_string, &port_string, "what port to listen to" },
+    { NULL, 'g', arg_string, &guest_umask_string, "umask for guest logins" },
+    { NULL, 'l', arg_counter, &logging, "log more stuff", "" },
+    { NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" },
+    { NULL, 'T', arg_integer, &maxtimeout, "max timeout" },
+    { NULL, 'u', arg_string, &umask_string, "umask for user logins" },
+    { NULL, 'd', arg_flag, &debug_flag, "enable debugging" },
+    { NULL, 'v', arg_flag, &debug_flag, "enable debugging" },
+    { "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" },
+    { "version", 0, arg_flag, &version_flag },
+    { "help", 'h', arg_flag, &help_flag }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage (int code)
+{
+    arg_printusage(args, num_args, NULL, "");
+    exit (code);
+}
+
+int
+main(int argc, char **argv)
+{
+    int addrlen, on = 1, tos;
+    char *cp, line[LINE_MAX];
+    FILE *fd;
+    int port;
+    struct servent *sp;
+
+    int optind = 0;
+
+    set_progname (argv[0]);
+
+#ifdef KRB4
+    /* detach from any tickets and tokens */
+    {
+	char tkfile[1024];
+	snprintf(tkfile, sizeof(tkfile),
+		 "/tmp/ftp_%u", (unsigned)getpid());
+	krb_set_tkt_string(tkfile);
+	if(k_hasafs())
+	    k_setpag();
+    }
+#endif
+    if(getarg(args, num_args, argc, argv, &optind))
+	usage(1);
+
+    if(help_flag)
+	usage(0);
+	
+    if(version_flag) {
+	print_version(NULL);
+	exit(0);
+    }
+
+    if(auth_string)
+	auth_level = parse_auth_level(auth_string);
+    {
+	char *p;
+	long val = 0;
+	    
+	if(guest_umask_string) {
+	    val = strtol(guest_umask_string, &p, 8);
+	    if (*p != '\0' || val < 0)
+		warnx("bad value for -g");
+	    else
+		guest_umask = val;
+	}
+	if(umask_string) {
+	    val = strtol(umask_string, &p, 8);
+	    if (*p != '\0' || val < 0)
+		warnx("bad value for -u");
+	    else
+		defumask = val;
+	}
+    }
+    if(port_string) {
+	sp = getservbyname(port_string, "tcp");
+	if(sp)
+	    port = sp->s_port;
+	else
+	    if(isdigit(port_string[0]))
+		port = htons(atoi(port_string));
+	    else
+		warnx("bad value for -p");
+    } else {
+	sp = getservbyname("ftp", "tcp");
+	if(sp)
+	    port = sp->s_port;
+	else
+	    port = htons(21);
+    }
+		    
+    if (maxtimeout < ftpd_timeout)
+	maxtimeout = ftpd_timeout;
+
+#if 0
+    if (ftpd_timeout > maxtimeout)
+	ftpd_timeout = maxtimeout;
+#endif
+
+
+    if(interactive_flag)
+	mini_inetd (port);
+
+    /*
+     * LOG_NDELAY sets up the logging connection immediately,
+     * necessary for anonymous ftp's that chroot and can't do it later.
+     */
+    openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
+    addrlen = sizeof(his_addr_ss);
+    if (getpeername(STDIN_FILENO, his_addr, &addrlen) < 0) {
+	syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
+	exit(1);
+    }
+    addrlen = sizeof(ctrl_addr_ss);
+    if (getsockname(STDIN_FILENO, ctrl_addr, &addrlen) < 0) {
+	syslog(LOG_ERR, "getsockname (%s): %m",argv[0]);
+	exit(1);
+    }
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+    tos = IPTOS_LOWDELAY;
+    if (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS,
+		   (void *)&tos, sizeof(int)) < 0)
+	syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
+#endif
+    data_source->sa_family = ctrl_addr->sa_family;
+    socket_set_port (data_source,
+		     htons(ntohs(socket_get_port(ctrl_addr)) - 1));
+
+    /* set this here so it can be put in wtmp */
+    snprintf(ttyline, sizeof(ttyline), "ftp%u", (unsigned)getpid());
+
+
+    /*	freopen(_PATH_DEVNULL, "w", stderr); */
+    signal(SIGPIPE, lostconn);
+    signal(SIGCHLD, SIG_IGN);
+#ifdef SIGURG
+    if (signal(SIGURG, myoob) == SIG_ERR)
+	syslog(LOG_ERR, "signal: %m");
+#endif
+
+    /* Try to handle urgent data inline */
+#if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
+    if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (void *)&on,
+		   sizeof(on)) < 0)
+	syslog(LOG_ERR, "setsockopt: %m");
+#endif
+
+#ifdef	F_SETOWN
+    if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1)
+	syslog(LOG_ERR, "fcntl F_SETOWN: %m");
+#endif
+    dolog(his_addr);
+    /*
+     * Set up default state
+     */
+    data = -1;
+    type = TYPE_A;
+    form = FORM_N;
+    stru = STRU_F;
+    mode = MODE_S;
+    tmpline[0] = '\0';
+
+    /* If logins are disabled, print out the message. */
+    if ((fd = fopen(_PATH_NOLOGIN,"r")) != NULL) {
+	while (fgets(line, sizeof(line), fd) != NULL) {
+	    if ((cp = strchr(line, '\n')) != NULL)
+		*cp = '\0';
+	    lreply(530, "%s", line);
+	}
+	fflush(stdout);
+	fclose(fd);
+	reply(530, "System not available.");
+	exit(0);
+    }
+    if ((fd = fopen(_PATH_FTPWELCOME, "r")) != NULL) {
+	while (fgets(line, sizeof(line), fd) != NULL) {
+	    if ((cp = strchr(line, '\n')) != NULL)
+		*cp = '\0';
+	    lreply(220, "%s", line);
+	}
+	fflush(stdout);
+	fclose(fd);
+	/* reply(220,) must follow */
+    }
+    gethostname(hostname, sizeof(hostname));
+	
+    reply(220, "%s FTP server (%s"
+#ifdef KRB5
+	  "+%s"
+#endif
+#ifdef KRB4
+	  "+%s"
+#endif
+	  ") ready.", hostname, version
+#ifdef KRB5
+	  ,heimdal_version
+#endif
+#ifdef KRB4
+	  ,krb4_version
+#endif
+	  );
+
+    setjmp(errcatch);
+    for (;;)
+	yyparse();
+    /* NOTREACHED */
+}
+
+static RETSIGTYPE
+lostconn(int signo)
+{
+
+	if (debug)
+		syslog(LOG_DEBUG, "lost connection");
+	dologout(-1);
+}
+
+/*
+ * Helper function for sgetpwnam().
+ */
+static char *
+sgetsave(char *s)
+{
+	char *new = strdup(s);
+
+	if (new == NULL) {
+		perror_reply(421, "Local resource failure: malloc");
+		dologout(1);
+		/* NOTREACHED */
+	}
+	return new;
+}
+
+/*
+ * Save the result of a getpwnam.  Used for USER command, since
+ * the data returned must not be clobbered by any other command
+ * (e.g., globbing).
+ */
+static struct passwd *
+sgetpwnam(char *name)
+{
+	static struct passwd save;
+	struct passwd *p;
+
+	if ((p = k_getpwnam(name)) == NULL)
+		return (p);
+	if (save.pw_name) {
+		free(save.pw_name);
+		free(save.pw_passwd);
+		free(save.pw_gecos);
+		free(save.pw_dir);
+		free(save.pw_shell);
+	}
+	save = *p;
+	save.pw_name = sgetsave(p->pw_name);
+	save.pw_passwd = sgetsave(p->pw_passwd);
+	save.pw_gecos = sgetsave(p->pw_gecos);
+	save.pw_dir = sgetsave(p->pw_dir);
+	save.pw_shell = sgetsave(p->pw_shell);
+	return (&save);
+}
+
+static int login_attempts;	/* number of failed login attempts */
+static int askpasswd;		/* had user command, ask for passwd */
+static char curname[10];	/* current USER name */
+#ifdef OTP
+OtpContext otp_ctx;
+#endif
+
+/*
+ * USER command.
+ * Sets global passwd pointer pw if named account exists and is acceptable;
+ * sets askpasswd if a PASS command is expected.  If logged in previously,
+ * need to reset state.  If name is "ftp" or "anonymous", the name is not in
+ * _PATH_FTPUSERS, and ftp account exists, set guest and pw, then just return.
+ * If account doesn't exist, ask for passwd anyway.  Otherwise, check user
+ * requesting login privileges.  Disallow anyone who does not have a standard
+ * shell as returned by getusershell().  Disallow anyone mentioned in the file
+ * _PATH_FTPUSERS to allow people such as root and uucp to be avoided.
+ */
+void
+user(char *name)
+{
+	char *cp, *shell;
+
+	if(auth_level == 0 && !sec_complete){
+	    reply(530, "No login allowed without authorization.");
+	    return;
+	}
+
+	if (logged_in) {
+		if (guest) {
+			reply(530, "Can't change user from guest login.");
+			return;
+		} else if (dochroot) {
+			reply(530, "Can't change user from chroot user.");
+			return;
+		}
+		end_login();
+	}
+
+	guest = 0;
+	if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
+	    if ((auth_level & AUTH_FTP) == 0 ||
+		checkaccess("ftp") || 
+		checkaccess("anonymous"))
+		reply(530, "User %s access denied.", name);
+	    else if ((pw = sgetpwnam("ftp")) != NULL) {
+		guest = 1;
+		defumask = guest_umask;	/* paranoia for incoming */
+		askpasswd = 1;
+		reply(331, "Guest login ok, type your name as password.");
+	    } else
+		reply(530, "User %s unknown.", name);
+	    if (!askpasswd && logging) {
+		char data_addr[256];
+
+		if (inet_ntop (his_addr->sa_family,
+			       socket_get_address(his_addr),
+			       data_addr, sizeof(data_addr)) == NULL)
+			strlcpy (data_addr, "unknown address",
+					 sizeof(data_addr));
+
+		syslog(LOG_NOTICE,
+		       "ANONYMOUS FTP LOGIN REFUSED FROM %s(%s)",
+		       remotehost, data_addr);
+	    }
+	    return;
+	}
+	if((auth_level & AUTH_PLAIN) == 0 && !sec_complete){
+	    reply(530, "Only authorized and anonymous login allowed.");
+	    return;
+	}
+	if ((pw = sgetpwnam(name))) {
+		if ((shell = pw->pw_shell) == NULL || *shell == 0)
+			shell = _PATH_BSHELL;
+		while ((cp = getusershell()) != NULL)
+			if (strcmp(cp, shell) == 0)
+				break;
+		endusershell();
+
+		if (cp == NULL || checkaccess(name)) {
+			reply(530, "User %s access denied.", name);
+			if (logging) {
+				char data_addr[256];
+
+				if (inet_ntop (his_addr->sa_family,
+					       socket_get_address(his_addr),
+					       data_addr,
+					       sizeof(data_addr)) == NULL)
+					strlcpy (data_addr,
+							 "unknown address",
+							 sizeof(data_addr));
+
+				syslog(LOG_NOTICE,
+				       "FTP LOGIN REFUSED FROM %s(%s), %s",
+				       remotehost,
+				       data_addr,
+				       name);
+			}
+			pw = (struct passwd *) NULL;
+			return;
+		}
+	}
+	if (logging)
+	    strlcpy(curname, name, sizeof(curname));
+	if(sec_complete) {
+	    if(sec_userok(name) == 0)
+		do_login(232, name);
+	    else
+		reply(530, "User %s access denied.", name);
+	} else {
+		char ss[256];
+
+#ifdef OTP
+		if (otp_challenge(&otp_ctx, name, ss, sizeof(ss)) == 0) {
+			reply(331, "Password %s for %s required.",
+			      ss, name);
+			askpasswd = 1;
+		} else
+#endif
+		if ((auth_level & AUTH_OTP) == 0) {
+		    reply(331, "Password required for %s.", name);
+		    askpasswd = 1;
+		} else {
+		    char *s;
+		    
+#ifdef OTP
+		    if ((s = otp_error (&otp_ctx)) != NULL)
+			lreply(530, "OTP: %s", s);
+#endif
+		    reply(530,
+			  "Only authorized, anonymous"
+#ifdef OTP
+			  " and OTP "
+#endif
+			  "login allowed.");
+		}
+
+	}
+	/*
+	 * Delay before reading passwd after first failed
+	 * attempt to slow down passwd-guessing programs.
+	 */
+	if (login_attempts)
+		sleep(login_attempts);
+}
+
+/*
+ * Check if a user is in the file "fname"
+ */
+static int
+checkuser(char *fname, char *name)
+{
+	FILE *fd;
+	int found = 0;
+	char *p, line[BUFSIZ];
+
+	if ((fd = fopen(fname, "r")) != NULL) {
+		while (fgets(line, sizeof(line), fd) != NULL)
+			if ((p = strchr(line, '\n')) != NULL) {
+				*p = '\0';
+				if (line[0] == '#')
+					continue;
+				if (strcmp(line, name) == 0) {
+					found = 1;
+					break;
+				}
+			}
+		fclose(fd);
+	}
+	return (found);
+}
+
+
+/*
+ * Determine whether a user has access, based on information in 
+ * _PATH_FTPUSERS. The users are listed one per line, with `allow'
+ * or `deny' after the username. If anything other than `allow', or
+ * just nothing, is given after the username, `deny' is assumed.
+ *
+ * If the user is not found in the file, but the pseudo-user `*' is,
+ * the permission is taken from that line.
+ *
+ * This preserves the old semantics where if a user was listed in the
+ * file he was denied, otherwise he was allowed.
+ *
+ * Return 1 if the user is denied, or 0 if he is allowed.  */
+
+static int
+match(const char *pattern, const char *string)
+{
+    return fnmatch(pattern, string, FNM_NOESCAPE);
+}
+
+static int
+checkaccess(char *name)
+{
+#define ALLOWED		0
+#define	NOT_ALLOWED	1
+    FILE *fd;
+    int allowed = ALLOWED;
+    char *user, *perm, line[BUFSIZ];
+    char *foo;
+    
+    fd = fopen(_PATH_FTPUSERS, "r");
+    
+    if(fd == NULL)
+	return allowed;
+
+    while (fgets(line, sizeof(line), fd) != NULL)  {
+	foo = NULL;
+	user = strtok_r(line, " \t\n", &foo);
+	if (user == NULL || user[0] == '#')
+	    continue;
+	perm = strtok_r(NULL, " \t\n", &foo);
+	if (match(user, name) == 0){
+	    if(perm && strcmp(perm, "allow") == 0)
+		allowed = ALLOWED;
+	    else
+		allowed = NOT_ALLOWED;
+	    break;
+	}
+    }
+    fclose(fd);
+    return allowed;
+}
+#undef	ALLOWED
+#undef	NOT_ALLOWED
+
+/* output contents of /etc/issue.net, or /etc/issue */
+static void
+show_issue(int code)
+{
+    FILE *f;
+    char buf[128];
+
+    f = fopen("/etc/issue.net", "r");
+    if(f == NULL)
+	f = fopen("/etc/issue", "r");
+    if(f){
+	while(fgets(buf, sizeof(buf), f)){
+	    buf[strcspn(buf, "\r\n")] = '\0';
+	    lreply(code, "%s", buf);
+	}
+	fclose(f);
+    }
+}
+
+int do_login(int code, char *passwd)
+{
+    FILE *fd;
+    login_attempts = 0;		/* this time successful */
+    if (setegid((gid_t)pw->pw_gid) < 0) {
+	reply(550, "Can't set gid.");
+	return -1;
+    }
+    initgroups(pw->pw_name, pw->pw_gid);
+
+    /* open wtmp before chroot */
+    ftpd_logwtmp(ttyline, pw->pw_name, remotehost);
+    logged_in = 1;
+
+    dochroot = checkuser(_PATH_FTPCHROOT, pw->pw_name);
+    if (guest) {
+	/*
+	 * We MUST do a chdir() after the chroot. Otherwise
+	 * the old current directory will be accessible as "."
+	 * outside the new root!
+	 */
+	if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
+	    reply(550, "Can't set guest privileges.");
+	    return -1;
+	}
+    } else if (dochroot) {
+	if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
+	    reply(550, "Can't change root.");
+	    return -1;
+	}
+    } else if (chdir(pw->pw_dir) < 0) {
+	if (chdir("/") < 0) {
+	    reply(530, "User %s: can't change directory to %s.",
+		  pw->pw_name, pw->pw_dir);
+	    return -1;
+	} else
+	    lreply(code, "No directory! Logging in with home=/");
+    }
+    if (seteuid((uid_t)pw->pw_uid) < 0) {
+	reply(550, "Can't set uid.");
+	return -1;
+    }
+    /*
+     * Display a login message, if it exists.
+     * N.B. reply(code,) must follow the message.
+     */
+    if ((fd = fopen(_PATH_FTPLOGINMESG, "r")) != NULL) {
+	char *cp, line[LINE_MAX];
+
+	while (fgets(line, sizeof(line), fd) != NULL) {
+	    if ((cp = strchr(line, '\n')) != NULL)
+		*cp = '\0';
+	    lreply(code, "%s", line);
+	}
+    }
+    if (guest) {
+	show_issue(code);
+	reply(code, "Guest login ok, access restrictions apply.");
+#ifdef HAVE_SETPROCTITLE
+	snprintf (proctitle, sizeof(proctitle),
+		  "%s: anonymous/%s",
+		  remotehost,
+		  passwd);
+	setproctitle(proctitle);
+#endif /* HAVE_SETPROCTITLE */
+	if (logging) {
+	    char data_addr[256];
+
+	    if (inet_ntop (his_addr->sa_family,
+			   socket_get_address(his_addr),
+			   data_addr, sizeof(data_addr)) == NULL)
+		strlcpy (data_addr, "unknown address",
+				 sizeof(data_addr));
+
+	    syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s(%s), %s",
+		   remotehost, 
+		   data_addr,
+		   passwd);
+	}
+    } else {
+	show_issue(code);
+	reply(code, "User %s logged in.", pw->pw_name);
+#ifdef HAVE_SETPROCTITLE
+	snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
+	setproctitle(proctitle);
+#endif /* HAVE_SETPROCTITLE */
+	if (logging) {
+	    char data_addr[256];
+
+	    if (inet_ntop (his_addr->sa_family,
+			   socket_get_address(his_addr),
+			   data_addr, sizeof(data_addr)) == NULL)
+		strlcpy (data_addr, "unknown address",
+				 sizeof(data_addr));
+
+	    syslog(LOG_INFO, "FTP LOGIN FROM %s(%s) as %s",
+		   remotehost,
+		   data_addr,
+		   pw->pw_name);
+	}
+    }
+    umask(defumask);
+    return 0;
+}
+
+/*
+ * Terminate login as previous user, if any, resetting state;
+ * used when USER command is given or login fails.
+ */
+static void
+end_login(void)
+{
+
+	seteuid((uid_t)0);
+	if (logged_in)
+		ftpd_logwtmp(ttyline, "", "");
+	pw = NULL;
+	logged_in = 0;
+	guest = 0;
+	dochroot = 0;
+}
+
+void
+pass(char *passwd)
+{
+	int rval;
+
+	/* some clients insists on sending a password */
+	if (logged_in && askpasswd == 0){
+	     reply(230, "Dumpucko!");
+	     return;
+	}
+
+	if (logged_in || askpasswd == 0) {
+		reply(503, "Login with USER first.");
+		return;
+	}
+	askpasswd = 0;
+	rval = 1;
+	if (!guest) {		/* "ftp" is only account allowed no password */
+		if (pw == NULL)
+			rval = 1;	/* failure below */
+#ifdef OTP
+		else if (otp_verify_user (&otp_ctx, passwd) == 0) {
+		    rval = 0;
+		}
+#endif
+		else if((auth_level & AUTH_OTP) == 0) {
+#ifdef KRB4
+		    char realm[REALM_SZ];
+		    if((rval = krb_get_lrealm(realm, 1)) == KSUCCESS)
+			rval = krb_verify_user(pw->pw_name,
+					       "", realm, 
+					       passwd, 
+					       KRB_VERIFY_SECURE, NULL);
+		    if (rval == KSUCCESS ) {
+			chown (tkt_string(), pw->pw_uid, pw->pw_gid);
+			if(k_hasafs())
+			    krb_afslog(0, 0);
+		    } else 
+#endif
+			rval = unix_verify_user(pw->pw_name, passwd);
+		} else {
+		    char *s;
+		    
+#ifdef OTP
+		    if ((s = otp_error(&otp_ctx)) != NULL)
+			lreply(530, "OTP: %s", s);
+#endif
+		}
+		memset (passwd, 0, strlen(passwd));
+
+		/*
+		 * If rval == 1, the user failed the authentication
+		 * check above.  If rval == 0, either Kerberos or
+		 * local authentication succeeded.
+		 */
+		if (rval) {
+			char data_addr[256];
+
+			if (inet_ntop (his_addr->sa_family,
+				       socket_get_address(his_addr),
+				       data_addr, sizeof(data_addr)) == NULL)
+				strlcpy (data_addr, "unknown address",
+						 sizeof(data_addr));
+
+			reply(530, "Login incorrect.");
+			if (logging)
+				syslog(LOG_NOTICE,
+				    "FTP LOGIN FAILED FROM %s(%s), %s",
+				       remotehost,
+				       data_addr,
+				       curname);
+			pw = NULL;
+			if (login_attempts++ >= 5) {
+				syslog(LOG_NOTICE,
+				       "repeated login failures from %s(%s)",
+				       remotehost,
+				       data_addr);
+				exit(0);
+			}
+			return;
+		}
+	}
+	if(!do_login(230, passwd))
+	  return;
+	
+	/* Forget all about it... */
+	end_login();
+}
+
+void
+retrieve(const char *cmd, char *name)
+{
+	FILE *fin = NULL, *dout;
+	struct stat st;
+	int (*closefunc) (FILE *);
+	char line[BUFSIZ];
+
+
+	if (cmd == 0) {
+		fin = fopen(name, "r");
+		closefunc = fclose;
+		st.st_size = 0;
+		if(fin == NULL){
+		    int save_errno = errno;
+		    struct cmds {
+			const char *ext;
+			const char *cmd;
+		        const char *rev_cmd;
+		    } cmds[] = {
+			{".tar", "/bin/gtar cPf - %s", NULL},
+			{".tar.gz", "/bin/gtar zcPf - %s", NULL},
+			{".tar.Z", "/bin/gtar ZcPf - %s", NULL},
+			{".gz", "/bin/gzip -c %s", "/bin/gzip -c -d %s"},
+			{".Z", "/bin/compress -c %s", "/bin/uncompress -c -d %s"},
+			{NULL, NULL}
+		    };
+		    struct cmds *p;
+		    for(p = cmds; p->ext; p++){
+			char *tail = name + strlen(name) - strlen(p->ext);
+			char c = *tail;
+			
+			if(strcmp(tail, p->ext) == 0 &&
+			   (*tail  = 0) == 0 &&
+			   access(name, R_OK) == 0){
+			    snprintf (line, sizeof(line), p->cmd, name);
+			    *tail  = c;
+			    break;
+			}
+			*tail = c;
+			if (p->rev_cmd != NULL) {
+			    char *ext;
+
+			    asprintf(&ext, "%s%s", name, p->ext);
+			    if (ext != NULL) { 
+  			        if (access(ext, R_OK) == 0) {
+				    snprintf (line, sizeof(line),
+					      p->rev_cmd, ext);
+				    free(ext);
+				    break;
+				}
+			        free(ext);
+			    }
+			}
+			
+		    }
+		    if(p->ext){
+			fin = ftpd_popen(line, "r", 0, 0);
+			closefunc = ftpd_pclose;
+			st.st_size = -1;
+			cmd = line;
+		    } else
+			errno = save_errno;
+		}
+	} else {
+		snprintf(line, sizeof(line), cmd, name);
+		name = line;
+		fin = ftpd_popen(line, "r", 1, 0);
+		closefunc = ftpd_pclose;
+		st.st_size = -1;
+	}
+	if (fin == NULL) {
+		if (errno != 0) {
+			perror_reply(550, name);
+			if (cmd == 0) {
+				LOGCMD("get", name);
+			}
+		}
+		return;
+	}
+	byte_count = -1;
+	if (cmd == 0){
+	    if(fstat(fileno(fin), &st) < 0 || !S_ISREG(st.st_mode)) {
+		reply(550, "%s: not a plain file.", name);
+		goto done;
+	    }
+	}
+	if (restart_point) {
+		if (type == TYPE_A) {
+			off_t i, n;
+			int c;
+
+			n = restart_point;
+			i = 0;
+			while (i++ < n) {
+				if ((c=getc(fin)) == EOF) {
+					perror_reply(550, name);
+					goto done;
+				}
+				if (c == '\n')
+					i++;
+			}
+		} else if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) {
+			perror_reply(550, name);
+			goto done;
+		}
+	}
+	dout = dataconn(name, st.st_size, "w");
+	if (dout == NULL)
+		goto done;
+	set_buffer_size(fileno(dout), 0);
+	send_data(fin, dout);
+	fclose(dout);
+	data = -1;
+	pdata = -1;
+done:
+	if (cmd == 0)
+		LOGBYTES("get", name, byte_count);
+	(*closefunc)(fin);
+}
+
+/* filename sanity check */
+
+int 
+filename_check(char *filename)
+{
+  static const char good_chars[] = "+-=_,.";
+    char *p;
+
+    p = strrchr(filename, '/');
+    if(p)
+	filename = p + 1;
+
+    p = filename;
+
+    if(isalnum(*p)){
+	p++;
+	while(*p && (isalnum(*p) || strchr(good_chars, *p)))
+	    p++;
+	if(*p == '\0')
+	    return 0;
+    }
+    lreply(553, "\"%s\" is an illegal filename.", filename);
+    lreply(553, "The filename must start with an alphanumeric "
+	   "character and must only");
+    reply(553, "consist of alphanumeric characters or any of the following: %s", 
+	  good_chars);
+    return 1;
+}
+
+void
+do_store(char *name, char *mode, int unique)
+{
+	FILE *fout, *din;
+	struct stat st;
+	int (*closefunc) (FILE *);
+
+	if(guest && filename_check(name))
+	    return;
+	if (unique && stat(name, &st) == 0 &&
+	    (name = gunique(name)) == NULL) {
+		LOGCMD(*mode == 'w' ? "put" : "append", name);
+		return;
+	}
+
+	if (restart_point)
+		mode = "r+";
+	fout = fopen(name, mode);
+	closefunc = fclose;
+	if (fout == NULL) {
+		perror_reply(553, name);
+		LOGCMD(*mode == 'w' ? "put" : "append", name);
+		return;
+	}
+	byte_count = -1;
+	if (restart_point) {
+		if (type == TYPE_A) {
+			off_t i, n;
+			int c;
+
+			n = restart_point;
+			i = 0;
+			while (i++ < n) {
+				if ((c=getc(fout)) == EOF) {
+					perror_reply(550, name);
+					goto done;
+				}
+				if (c == '\n')
+					i++;
+			}
+			/*
+			 * We must do this seek to "current" position
+			 * because we are changing from reading to
+			 * writing.
+			 */
+			if (fseek(fout, 0L, SEEK_CUR) < 0) {
+				perror_reply(550, name);
+				goto done;
+			}
+		} else if (lseek(fileno(fout), restart_point, SEEK_SET) < 0) {
+			perror_reply(550, name);
+			goto done;
+		}
+	}
+	din = dataconn(name, (off_t)-1, "r");
+	if (din == NULL)
+		goto done;
+	set_buffer_size(fileno(din), 1);
+	if (receive_data(din, fout) == 0) {
+		if (unique)
+			reply(226, "Transfer complete (unique file name:%s).",
+			    name);
+		else
+			reply(226, "Transfer complete.");
+	}
+	fclose(din);
+	data = -1;
+	pdata = -1;
+done:
+	LOGBYTES(*mode == 'w' ? "put" : "append", name, byte_count);
+	(*closefunc)(fout);
+}
+
+static FILE *
+getdatasock(const char *mode)
+{
+	int s, t, tries;
+
+	if (data >= 0)
+		return (fdopen(data, mode));
+	seteuid(0);
+	s = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
+	if (s < 0)
+		goto bad;
+	socket_set_reuseaddr (s, 1);
+	/* anchor socket to avoid multi-homing problems */
+	socket_set_address_and_port (data_source,
+				     socket_get_address (ctrl_addr),
+				     socket_get_port (data_source));
+
+	for (tries = 1; ; tries++) {
+		if (bind(s, data_source,
+			 socket_sockaddr_size (data_source)) >= 0)
+			break;
+		if (errno != EADDRINUSE || tries > 10)
+			goto bad;
+		sleep(tries);
+	}
+	seteuid(pw->pw_uid);
+#ifdef IPTOS_THROUGHPUT
+	socket_set_tos (s, IPTOS_THROUGHPUT);
+#endif
+	return (fdopen(s, mode));
+bad:
+	/* Return the real value of errno (close may change it) */
+	t = errno;
+	seteuid((uid_t)pw->pw_uid);
+	close(s);
+	errno = t;
+	return (NULL);
+}
+
+static FILE *
+dataconn(const char *name, off_t size, const char *mode)
+{
+	char sizebuf[32];
+	FILE *file;
+	int retry = 0;
+
+	file_size = size;
+	byte_count = 0;
+	if (size >= 0)
+	    snprintf(sizebuf, sizeof(sizebuf), " (%ld bytes)", (long)size);
+	else
+	    *sizebuf = '\0';
+	if (pdata >= 0) {
+		struct sockaddr_storage from_ss;
+		struct sockaddr *from = (struct sockaddr *)&from;
+		int s;
+		int fromlen = sizeof(from_ss);
+
+		s = accept(pdata, from, &fromlen);
+		if (s < 0) {
+			reply(425, "Can't open data connection.");
+			close(pdata);
+			pdata = -1;
+			return (NULL);
+		}
+		close(pdata);
+		pdata = s;
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+		{
+		    int tos = IPTOS_THROUGHPUT;
+		    
+		    setsockopt(s, IPPROTO_IP, IP_TOS, (void *)&tos,
+			       sizeof(tos));
+		}
+#endif
+		reply(150, "Opening %s mode data connection for '%s'%s.",
+		     type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
+		return (fdopen(pdata, mode));
+	}
+	if (data >= 0) {
+		reply(125, "Using existing data connection for '%s'%s.",
+		    name, sizebuf);
+		usedefault = 1;
+		return (fdopen(data, mode));
+	}
+	if (usedefault)
+		data_dest = his_addr;
+	usedefault = 1;
+	file = getdatasock(mode);
+	if (file == NULL) {
+		char data_addr[256];
+
+		if (inet_ntop (data_source->sa_family,
+			       socket_get_address(data_source),
+			       data_addr, sizeof(data_addr)) == NULL)
+			strlcpy (data_addr, "unknown address",
+					 sizeof(data_addr));
+
+		reply(425, "Can't create data socket (%s,%d): %s.",
+		      data_addr,
+		      socket_get_port (data_source),
+		      strerror(errno));
+		return (NULL);
+	}
+	data = fileno(file);
+	while (connect(data, data_dest,
+		       socket_sockaddr_size(data_dest)) < 0) {
+		if (errno == EADDRINUSE && retry < swaitmax) {
+			sleep(swaitint);
+			retry += swaitint;
+			continue;
+		}
+		perror_reply(425, "Can't build data connection");
+		fclose(file);
+		data = -1;
+		return (NULL);
+	}
+	reply(150, "Opening %s mode data connection for '%s'%s.",
+	     type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
+	return (file);
+}
+
+/*
+ * Tranfer the contents of "instr" to "outstr" peer using the appropriate
+ * encapsulation of the data subject * to Mode, Structure, and Type.
+ *
+ * NB: Form isn't handled.
+ */
+static void
+send_data(FILE *instr, FILE *outstr)
+{
+	int c, cnt, filefd, netfd;
+	static char *buf;
+	static size_t bufsize;
+
+	transflag++;
+	if (setjmp(urgcatch)) {
+		transflag = 0;
+		return;
+	}
+	switch (type) {
+
+	case TYPE_A:
+	    while ((c = getc(instr)) != EOF) {
+		byte_count++;
+		if(c == '\n')
+		    sec_putc('\r', outstr);
+		sec_putc(c, outstr);
+	    }
+	    sec_fflush(outstr);
+	    transflag = 0;
+	    if (ferror(instr))
+		goto file_err;
+	    if (ferror(outstr))
+		goto data_err;
+	    reply(226, "Transfer complete.");
+	    return;
+		
+	case TYPE_I:
+	case TYPE_L:
+#if defined(HAVE_MMAP) && !defined(NO_MMAP)
+#ifndef MAP_FAILED
+#define MAP_FAILED (-1)
+#endif
+	    {
+		struct stat st;
+		char *chunk;
+		int in = fileno(instr);
+		if(fstat(in, &st) == 0 && S_ISREG(st.st_mode) 
+		   && st.st_size > 0) {
+		    /*
+		     * mmap zero bytes has potential of loosing, don't do it.
+		     */
+		    chunk = mmap(0, st.st_size, PROT_READ,
+				 MAP_SHARED, in, 0);
+		    if((void *)chunk != (void *)MAP_FAILED) {
+			cnt = st.st_size - restart_point;
+			sec_write(fileno(outstr), chunk + restart_point, cnt);
+			if (munmap(chunk, st.st_size) < 0)
+			    warn ("munmap");
+			sec_fflush(outstr);
+			byte_count = cnt;
+			transflag = 0;
+		    }
+		}
+	    }
+#endif
+	if(transflag) {
+	    struct stat st;
+
+	    netfd = fileno(outstr);
+	    filefd = fileno(instr);
+	    buf = alloc_buffer (buf, &bufsize,
+				fstat(filefd, &st) >= 0 ? &st : NULL);
+	    if (buf == NULL) {
+		transflag = 0;
+		perror_reply(451, "Local resource failure: malloc");
+		return;
+	    }
+	    while ((cnt = read(filefd, buf, bufsize)) > 0 &&
+		   sec_write(netfd, buf, cnt) == cnt)
+		byte_count += cnt;
+	    sec_fflush(outstr); /* to end an encrypted stream */
+	    transflag = 0;
+	    if (cnt != 0) {
+		if (cnt < 0)
+		    goto file_err;
+		goto data_err;
+	    }
+	}
+	reply(226, "Transfer complete.");
+	return;
+	default:
+	    transflag = 0;
+	    reply(550, "Unimplemented TYPE %d in send_data", type);
+	    return;
+	}
+
+data_err:
+	transflag = 0;
+	perror_reply(426, "Data connection");
+	return;
+
+file_err:
+	transflag = 0;
+	perror_reply(551, "Error on input file");
+}
+
+/*
+ * Transfer data from peer to "outstr" using the appropriate encapulation of
+ * the data subject to Mode, Structure, and Type.
+ *
+ * N.B.: Form isn't handled.
+ */
+static int
+receive_data(FILE *instr, FILE *outstr)
+{
+    int cnt, bare_lfs = 0;
+    static char *buf;
+    static size_t bufsize;
+    struct stat st;
+
+    transflag++;
+    if (setjmp(urgcatch)) {
+	transflag = 0;
+	return (-1);
+    }
+
+    buf = alloc_buffer (buf, &bufsize,
+			fstat(fileno(outstr), &st) >= 0 ? &st : NULL);
+    if (buf == NULL) {
+	transflag = 0;
+	perror_reply(451, "Local resource failure: malloc");
+	return -1;
+    }
+    
+    switch (type) {
+
+    case TYPE_I:
+    case TYPE_L:
+	while ((cnt = sec_read(fileno(instr), buf, bufsize)) > 0) {
+	    if (write(fileno(outstr), buf, cnt) != cnt)
+		goto file_err;
+	    byte_count += cnt;
+	}
+	if (cnt < 0)
+	    goto data_err;
+	transflag = 0;
+	return (0);
+
+    case TYPE_E:
+	reply(553, "TYPE E not implemented.");
+	transflag = 0;
+	return (-1);
+
+    case TYPE_A:
+    {
+	char *p, *q;
+	int cr_flag = 0;
+	while ((cnt = sec_read(fileno(instr),
+				buf + cr_flag, 
+				bufsize - cr_flag)) > 0){
+	    byte_count += cnt;
+	    cnt += cr_flag;
+	    cr_flag = 0;
+	    for(p = buf, q = buf; p < buf + cnt;) {
+		if(*p == '\n')
+		    bare_lfs++;
+		if(*p == '\r') {
+		    if(p == buf + cnt - 1){
+			cr_flag = 1;
+			p++;
+			continue;
+		    }else if(p[1] == '\n'){
+			*q++ = '\n';
+			p += 2;
+			continue;
+		    }
+		}
+		*q++ = *p++;
+	    }
+	    fwrite(buf, q - buf, 1, outstr);
+	    if(cr_flag)
+		buf[0] = '\r';
+	}
+	if(cr_flag)
+	    putc('\r', outstr);
+	fflush(outstr);
+	if (ferror(instr))
+	    goto data_err;
+	if (ferror(outstr))
+	    goto file_err;
+	transflag = 0;
+	if (bare_lfs) {
+	    lreply(226, "WARNING! %d bare linefeeds received in ASCII mode\r\n"
+		   "    File may not have transferred correctly.\r\n",
+		   bare_lfs);
+	}
+	return (0);
+    }
+    default:
+	reply(550, "Unimplemented TYPE %d in receive_data", type);
+	transflag = 0;
+	return (-1);
+    }
+	
+data_err:
+    transflag = 0;
+    perror_reply(426, "Data Connection");
+    return (-1);
+	
+file_err:
+    transflag = 0;
+    perror_reply(452, "Error writing file");
+    return (-1);
+}
+
+void
+statfilecmd(char *filename)
+{
+	FILE *fin;
+	int c;
+	char line[LINE_MAX];
+
+	snprintf(line, sizeof(line), "/bin/ls -la %s", filename);
+	fin = ftpd_popen(line, "r", 1, 0);
+	lreply(211, "status of %s:", filename);
+	while ((c = getc(fin)) != EOF) {
+		if (c == '\n') {
+			if (ferror(stdout)){
+				perror_reply(421, "control connection");
+				ftpd_pclose(fin);
+				dologout(1);
+				/* NOTREACHED */
+			}
+			if (ferror(fin)) {
+				perror_reply(551, filename);
+				ftpd_pclose(fin);
+				return;
+			}
+			putc('\r', stdout);
+		}
+		putc(c, stdout);
+	}
+	ftpd_pclose(fin);
+	reply(211, "End of Status");
+}
+
+void
+statcmd(void)
+{
+#if 0
+	struct sockaddr_in *sin;
+	u_char *a, *p;
+
+	lreply(211, "%s FTP server (%s) status:", hostname, version);
+	printf("     %s\r\n", version);
+	printf("     Connected to %s", remotehost);
+	if (!isdigit(remotehost[0]))
+		printf(" (%s)", inet_ntoa(his_addr.sin_addr));
+	printf("\r\n");
+	if (logged_in) {
+		if (guest)
+			printf("     Logged in anonymously\r\n");
+		else
+			printf("     Logged in as %s\r\n", pw->pw_name);
+	} else if (askpasswd)
+		printf("     Waiting for password\r\n");
+	else
+		printf("     Waiting for user name\r\n");
+	printf("     TYPE: %s", typenames[type]);
+	if (type == TYPE_A || type == TYPE_E)
+		printf(", FORM: %s", formnames[form]);
+	if (type == TYPE_L)
+#if NBBY == 8
+		printf(" %d", NBBY);
+#else
+		printf(" %d", bytesize);	/* need definition! */
+#endif
+	printf("; STRUcture: %s; transfer MODE: %s\r\n",
+	    strunames[stru], modenames[mode]);
+	if (data != -1)
+		printf("     Data connection open\r\n");
+	else if (pdata != -1) {
+		printf("     in Passive mode");
+		sin = &pasv_addr;
+		goto printaddr;
+	} else if (usedefault == 0) {
+		printf("     PORT");
+		sin = &data_dest;
+printaddr:
+		a = (u_char *) &sin->sin_addr;
+		p = (u_char *) &sin->sin_port;
+#define UC(b) (((int) b) & 0xff)
+		printf(" (%d,%d,%d,%d,%d,%d)\r\n", UC(a[0]),
+			UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
+#undef UC
+	} else
+		printf("     No data connection\r\n");
+#endif
+	reply(211, "End of status");
+}
+
+void
+fatal(char *s)
+{
+
+	reply(451, "Error in server: %s\n", s);
+	reply(221, "Closing connection due to server error.");
+	dologout(0);
+	/* NOTREACHED */
+}
+
+static void
+int_reply(int, char *, const char *, va_list)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 3, 0)))
+#endif
+;
+
+static void
+int_reply(int n, char *c, const char *fmt, va_list ap)
+{
+    char buf[10240];
+    char *p;
+    p=buf;
+    if(n){
+	snprintf(p, sizeof(buf), "%d%s", n, c);
+	p+=strlen(p);
+    }
+    vsnprintf(p, sizeof(buf) - strlen(p), fmt, ap);
+    p+=strlen(p);
+    snprintf(p, sizeof(buf) - strlen(p), "\r\n");
+    p+=strlen(p);
+    sec_fprintf(stdout, "%s", buf);
+    fflush(stdout);
+    if (debug)
+	syslog(LOG_DEBUG, "<--- %s- ", buf);
+}
+
+void
+reply(int n, const char *fmt, ...)
+{
+  va_list ap;
+  va_start(ap, fmt);
+  int_reply(n, " ", fmt, ap);
+  delete_ftp_command();
+  va_end(ap);
+}
+
+void
+lreply(int n, const char *fmt, ...)
+{
+  va_list ap;
+  va_start(ap, fmt);
+  int_reply(n, "-", fmt, ap);
+  va_end(ap);
+}
+
+void
+nreply(const char *fmt, ...)
+{
+  va_list ap;
+  va_start(ap, fmt);
+  int_reply(0, NULL, fmt, ap);
+  va_end(ap);
+}
+
+static void
+ack(char *s)
+{
+
+	reply(250, "%s command successful.", s);
+}
+
+void
+nack(char *s)
+{
+
+	reply(502, "%s command not implemented.", s);
+}
+
+/* ARGSUSED */
+void
+yyerror(char *s)
+{
+	char *cp;
+
+	if ((cp = strchr(cbuf,'\n')))
+		*cp = '\0';
+	reply(500, "'%s': command not understood.", cbuf);
+}
+
+void
+do_delete(char *name)
+{
+	struct stat st;
+
+	LOGCMD("delete", name);
+	if (stat(name, &st) < 0) {
+		perror_reply(550, name);
+		return;
+	}
+	if ((st.st_mode&S_IFMT) == S_IFDIR) {
+		if (rmdir(name) < 0) {
+			perror_reply(550, name);
+			return;
+		}
+		goto done;
+	}
+	if (unlink(name) < 0) {
+		perror_reply(550, name);
+		return;
+	}
+done:
+	ack("DELE");
+}
+
+void
+cwd(char *path)
+{
+
+	if (chdir(path) < 0)
+		perror_reply(550, path);
+	else
+		ack("CWD");
+}
+
+void
+makedir(char *name)
+{
+
+	LOGCMD("mkdir", name);
+	if(guest && filename_check(name))
+	    return;
+	if (mkdir(name, 0777) < 0)
+		perror_reply(550, name);
+	else{
+	    if(guest)
+		chmod(name, 0700); /* guest has umask 777 */
+	    reply(257, "MKD command successful.");
+	}
+}
+
+void
+removedir(char *name)
+{
+
+	LOGCMD("rmdir", name);
+	if (rmdir(name) < 0)
+		perror_reply(550, name);
+	else
+		ack("RMD");
+}
+
+void
+pwd(void)
+{
+    char path[MaxPathLen];
+    char *ret;
+
+    /* SunOS has a broken getcwd that does popen(pwd) (!!!), this
+     * failes miserably when running chroot 
+     */
+    ret = getcwd(path, sizeof(path));
+    if (ret == NULL)
+	reply(550, "%s.", strerror(errno));
+    else
+	reply(257, "\"%s\" is current directory.", path);
+}
+
+char *
+renamefrom(char *name)
+{
+	struct stat st;
+
+	if (stat(name, &st) < 0) {
+		perror_reply(550, name);
+		return NULL;
+	}
+	reply(350, "File exists, ready for destination name");
+	return (name);
+}
+
+void
+renamecmd(char *from, char *to)
+{
+
+	LOGCMD2("rename", from, to);
+	if(guest && filename_check(to))
+	    return;
+	if (rename(from, to) < 0)
+		perror_reply(550, "rename");
+	else
+		ack("RNTO");
+}
+
+static void
+dolog(struct sockaddr *sa)
+{
+	struct sockaddr_in *sin = (struct sockaddr_in *)sa;
+
+	inaddr2str (sin->sin_addr, remotehost, sizeof(remotehost));
+#ifdef HAVE_SETPROCTITLE
+	snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
+	setproctitle(proctitle);
+#endif /* HAVE_SETPROCTITLE */
+
+	if (logging) {
+		char data_addr[256];
+
+		if (inet_ntop (his_addr->sa_family,
+			       socket_get_address(his_addr),
+			       data_addr, sizeof(data_addr)) == NULL)
+			strlcpy (data_addr, "unknown address",
+					 sizeof(data_addr));
+
+
+		syslog(LOG_INFO, "connection from %s(%s)",
+		       remotehost,
+		       data_addr);
+	}
+}
+
+/*
+ * Record logout in wtmp file
+ * and exit with supplied status.
+ */
+void
+dologout(int status)
+{
+    transflag = 0;
+    if (logged_in) {
+	seteuid((uid_t)0);
+	ftpd_logwtmp(ttyline, "", "");
+#ifdef KRB4
+	cond_kdestroy();
+#endif
+    }
+    /* beware of flushing buffers after a SIGPIPE */
+#ifdef XXX
+    exit(status);
+#else
+    _exit(status);
+#endif	
+}
+
+void abor(void)
+{
+}
+
+static void
+myoob(int signo)
+{
+#if 0
+	char *cp;
+#endif
+
+	/* only process if transfer occurring */
+	if (!transflag)
+		return;
+
+	/* This is all XXX */
+	oobflag = 1;
+	/* if the command resulted in a new command, 
+	   parse that as well */
+	do{
+	    yyparse();
+	} while(ftp_command);
+	oobflag = 0;
+
+#if 0 
+	cp = tmpline;
+	if (ftpd_getline(cp, 7) == NULL) {
+		reply(221, "You could at least say goodbye.");
+		dologout(0);
+	}
+	upper(cp);
+	if (strcmp(cp, "ABOR\r\n") == 0) {
+		tmpline[0] = '\0';
+		reply(426, "Transfer aborted. Data connection closed.");
+		reply(226, "Abort successful");
+		longjmp(urgcatch, 1);
+	}
+	if (strcmp(cp, "STAT\r\n") == 0) {
+		if (file_size != (off_t) -1)
+			reply(213, "Status: %ld of %ld bytes transferred",
+			      (long)byte_count,
+			      (long)file_size);
+		else
+			reply(213, "Status: %ld bytes transferred"
+			      (long)byte_count);
+	}
+#endif
+}
+
+/*
+ * Note: a response of 425 is not mentioned as a possible response to
+ *	the PASV command in RFC959. However, it has been blessed as
+ *	a legitimate response by Jon Postel in a telephone conversation
+ *	with Rick Adams on 25 Jan 89.
+ */
+void
+pasv(void)
+{
+	int len;
+	char *p, *a;
+	struct sockaddr_in *sin;
+
+	if (ctrl_addr->sa_family != AF_INET) {
+		reply(425,
+		      "You cannot do PASV with something that's not IPv4");
+		return;
+	}
+
+	pdata = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
+	if (pdata < 0) {
+		perror_reply(425, "Can't open passive connection");
+		return;
+	}
+	pasv_addr->sa_family = ctrl_addr->sa_family;
+	socket_set_address_and_port (pasv_addr,
+				     socket_get_address (ctrl_addr),
+				     0);
+	seteuid(0);
+	if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
+		seteuid(pw->pw_uid);
+		goto pasv_error;
+	}
+	seteuid(pw->pw_uid);
+	len = sizeof(pasv_addr_ss);
+	if (getsockname(pdata, pasv_addr, &len) < 0)
+		goto pasv_error;
+	if (listen(pdata, 1) < 0)
+		goto pasv_error;
+	sin = (struct sockaddr_in *)pasv_addr;
+	a = (char *) &sin->sin_addr;
+	p = (char *) &sin->sin_port;
+
+#define UC(b) (((int) b) & 0xff)
+
+	reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]),
+		UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
+	return;
+
+pasv_error:
+	close(pdata);
+	pdata = -1;
+	perror_reply(425, "Can't open passive connection");
+	return;
+}
+
+void
+epsv(char *proto)
+{
+	int len;
+
+	pdata = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
+	if (pdata < 0) {
+		perror_reply(425, "Can't open passive connection");
+		return;
+	}
+	pasv_addr->sa_family = ctrl_addr->sa_family;
+	socket_set_address_and_port (pasv_addr,
+				     socket_get_address (ctrl_addr),
+				     0);
+	seteuid(0);
+	if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
+		seteuid(pw->pw_uid);
+		goto pasv_error;
+	}
+	seteuid(pw->pw_uid);
+	len = sizeof(pasv_addr_ss);
+	if (getsockname(pdata, pasv_addr, &len) < 0)
+		goto pasv_error;
+	if (listen(pdata, 1) < 0)
+		goto pasv_error;
+
+	reply(229, "Entering Extended Passive Mode (|||%d|)",
+	      ntohs(socket_get_port (pasv_addr)));
+	return;
+
+pasv_error:
+	close(pdata);
+	pdata = -1;
+	perror_reply(425, "Can't open passive connection");
+	return;
+}
+
+void
+eprt(char *str)
+{
+	char *end;
+	char sep;
+	int af;
+	int ret;
+	int port;
+
+	usedefault = 0;
+	if (pdata >= 0) {
+	    close(pdata);
+	    pdata = -1;
+	}
+
+	sep = *str++;
+	if (sep == '\0') {
+		reply(500, "Bad syntax in EPRT");
+		return;
+	}
+	af = strtol (str, &end, 0);
+	if (af == 0 || *end != sep) {
+		reply(500, "Bad syntax in EPRT");
+		return;
+	}
+	str = end + 1;
+	switch (af) {
+#ifdef HAVE_IPV6
+	case 2 :
+	    data_dest->sa_family = AF_INET6;
+	    break;
+#endif		
+	case 1 :
+	    data_dest->sa_family = AF_INET;
+		break;
+	default :
+		reply(522, "Network protocol %d not supported, use (1"
+#ifdef HAVE_IPV6
+		      ",2"
+#endif
+		      ")", af);
+		return;
+	}
+	end = strchr (str, sep);
+	if (end == NULL) {
+		reply(500, "Bad syntax in EPRT");
+		return;
+	}
+	*end = '\0';
+	ret = inet_pton (data_dest->sa_family, str,
+			 socket_get_address (data_dest));
+
+	if (ret != 1) {
+		reply(500, "Bad address syntax in EPRT");
+		return;
+	}
+	str = end + 1;
+	port = strtol (str, &end, 0);
+	if (port == 0 || *end != sep) {
+		reply(500, "Bad port syntax in EPRT");
+		return;
+	}
+	socket_set_port (data_dest, htons(port));
+	reply(200, "EPRT command successful.");
+}
+
+/*
+ * Generate unique name for file with basename "local".
+ * The file named "local" is already known to exist.
+ * Generates failure reply on error.
+ */
+static char *
+gunique(char *local)
+{
+	static char new[MaxPathLen];
+	struct stat st;
+	int count;
+	char *cp;
+
+	cp = strrchr(local, '/');
+	if (cp)
+		*cp = '\0';
+	if (stat(cp ? local : ".", &st) < 0) {
+		perror_reply(553, cp ? local : ".");
+		return NULL;
+	}
+	if (cp)
+		*cp = '/';
+	for (count = 1; count < 100; count++) {
+		snprintf (new, sizeof(new), "%s.%d", local, count);
+		if (stat(new, &st) < 0)
+			return (new);
+	}
+	reply(452, "Unique file name cannot be created.");
+	return (NULL);
+}
+
+/*
+ * Format and send reply containing system error number.
+ */
+void
+perror_reply(int code, const char *string)
+{
+	reply(code, "%s: %s.", string, strerror(errno));
+}
+
+static char *onefile[] = {
+	"",
+	0
+};
+
+void
+list_file(char *file)
+{
+    if(use_builtin_ls) {
+	FILE *dout;
+	dout = dataconn(file, -1, "w");
+	if (dout == NULL)
+	    return;
+	set_buffer_size(fileno(dout), 0);
+	builtin_ls(dout, file);
+	reply(226, "Transfer complete.");
+	fclose(dout);
+	data = -1;
+	pdata = -1;
+    } else {
+#ifdef HAVE_LS_A
+	const char *cmd = "/bin/ls -lA %s";
+#else
+	const char *cmd = "/bin/ls -la %s";
+#endif
+	retrieve(cmd, file);
+    }
+}
+
+void
+send_file_list(char *whichf)
+{
+  struct stat st;
+  DIR *dirp = NULL;
+  struct dirent *dir;
+  FILE *dout = NULL;
+  char **dirlist, *dirname;
+  int simple = 0;
+  int freeglob = 0;
+  glob_t gl;
+  char buf[MaxPathLen];
+
+  if (strpbrk(whichf, "~{[*?") != NULL) {
+    int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+
+    memset(&gl, 0, sizeof(gl));
+    freeglob = 1;
+    if (glob(whichf, flags, 0, &gl)) {
+      reply(550, "not found");
+      goto out;
+    } else if (gl.gl_pathc == 0) {
+      errno = ENOENT;
+      perror_reply(550, whichf);
+      goto out;
+    }
+    dirlist = gl.gl_pathv;
+  } else {
+    onefile[0] = whichf;
+    dirlist = onefile;
+    simple = 1;
+  }
+
+  if (setjmp(urgcatch)) {
+    transflag = 0;
+    goto out;
+  }
+  while ((dirname = *dirlist++)) {
+    if (stat(dirname, &st) < 0) {
+      /*
+       * If user typed "ls -l", etc, and the client
+       * used NLST, do what the user meant.
+       */
+      if (dirname[0] == '-' && *dirlist == NULL &&
+	  transflag == 0) {
+	retrieve("/bin/ls %s", dirname);
+	goto out;
+      }
+      perror_reply(550, whichf);
+      if (dout != NULL) {
+	fclose(dout);
+	transflag = 0;
+	data = -1;
+	pdata = -1;
+      }
+      goto out;
+    }
+
+    if (S_ISREG(st.st_mode)) {
+      if (dout == NULL) {
+	dout = dataconn("file list", (off_t)-1, "w");
+	if (dout == NULL)
+	  goto out;
+	transflag++;
+      }
+      snprintf(buf, sizeof(buf), "%s%s\n", dirname,
+	      type == TYPE_A ? "\r" : "");
+      sec_write(fileno(dout), buf, strlen(buf));
+      byte_count += strlen(dirname) + 1;
+      continue;
+    } else if (!S_ISDIR(st.st_mode))
+      continue;
+
+    if ((dirp = opendir(dirname)) == NULL)
+      continue;
+
+    while ((dir = readdir(dirp)) != NULL) {
+      char nbuf[MaxPathLen];
+
+      if (!strcmp(dir->d_name, "."))
+	continue;
+      if (!strcmp(dir->d_name, ".."))
+	continue;
+
+      snprintf(nbuf, sizeof(nbuf), "%s/%s", dirname, dir->d_name);
+
+      /*
+       * We have to do a stat to insure it's
+       * not a directory or special file.
+       */
+      if (simple || (stat(nbuf, &st) == 0 &&
+		     S_ISREG(st.st_mode))) {
+	if (dout == NULL) {
+	  dout = dataconn("file list", (off_t)-1, "w");
+	  if (dout == NULL)
+	    goto out;
+	  transflag++;
+	}
+	if(strncmp(nbuf, "./", 2) == 0)
+	  snprintf(buf, sizeof(buf), "%s%s\n", nbuf +2,
+		   type == TYPE_A ? "\r" : "");
+	else
+	  snprintf(buf, sizeof(buf), "%s%s\n", nbuf,
+		   type == TYPE_A ? "\r" : "");
+	sec_write(fileno(dout), buf, strlen(buf));
+	byte_count += strlen(nbuf) + 1;
+      }
+    }
+    closedir(dirp);
+  }
+  if (dout == NULL)
+    reply(550, "No files found.");
+  else if (ferror(dout) != 0)
+    perror_reply(550, "Data connection");
+  else
+    reply(226, "Transfer complete.");
+
+  transflag = 0;
+  if (dout != NULL){
+    sec_write(fileno(dout), buf, 0); /* XXX flush */
+	    
+    fclose(dout);
+  }
+  data = -1;
+  pdata = -1;
+out:
+  if (freeglob) {
+    freeglob = 0;
+    globfree(&gl);
+  }
+}
+
+
+int
+find(char *pattern)
+{
+    char line[1024];
+    FILE *f;
+
+    snprintf(line, sizeof(line),
+	     "/bin/locate -d %s %s",
+	     ftp_rooted("/etc/locatedb"),
+	     pattern);
+    f = ftpd_popen(line, "r", 1, 1);
+    if(f == NULL){
+	perror_reply(550, "/bin/locate");
+	return 1;
+    }
+    lreply(200, "Output from find.");
+    while(fgets(line, sizeof(line), f)){
+	if(line[strlen(line)-1] == '\n')
+	    line[strlen(line)-1] = 0;
+	nreply("%s", line);
+    }
+    reply(200, "Done");
+    ftpd_pclose(f);
+    return 0;
+}
+
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpd_locl.h b/crypto/kerberosIV/appl/ftp/ftpd/ftpd_locl.h
new file mode 100644
index 0000000..5cb4904
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpd_locl.h
@@ -0,0 +1,170 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: ftpd_locl.h,v 1.9 1999/12/02 16:58:30 joda Exp $ */
+
+#ifndef __ftpd_locl_h__
+#define __ftpd_locl_h__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+/*
+ * FTP server.
+ */
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_IOCCOM_H
+#include <sys/ioccom.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IP_H
+#include <netinet/ip.h>
+#endif
+
+#ifdef HAVE_SYS_MMAN_H
+#include <sys/mman.h>
+#endif
+
+#include <arpa/ftp.h>
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+
+#include <ctype.h>
+#ifdef HAVE_DIRENT_H
+#include <dirent.h>
+#endif
+#include <errno.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <glob.h>
+#include <limits.h>
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <setjmp.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#include <time.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+#include <fnmatch.h>
+
+#ifdef HAVE_BSD_BSD_H
+#include <bsd/bsd.h>
+#endif
+
+#include <err.h>
+
+#include "pathnames.h"
+#include "extern.h"
+#include "common.h"
+
+#include "security.h"
+
+#include "roken.h"
+
+#ifdef KRB4
+#include <krb.h>
+#include <kafs.h>
+#endif
+
+#ifdef OTP
+#include <otp.h>
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+extern int LIBPREFIX(fclose)      (FILE *);
+#endif
+
+/* SunOS doesn't have any declaration of fclose */
+
+int fclose(FILE *stream);
+
+int yyparse();
+
+#ifndef LOG_FTP
+#define LOG_FTP LOG_DAEMON
+#endif
+
+#endif /* __ftpd_locl_h__ */
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/gss_userok.c b/crypto/kerberosIV/appl/ftp/ftpd/gss_userok.c
new file mode 100644
index 0000000..28e3596
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/gss_userok.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "ftpd_locl.h"
+#include <gssapi.h>
+#include <krb5.h>
+
+RCSID("$Id: gss_userok.c,v 1.2 1999/12/02 16:58:31 joda Exp $");
+
+/* XXX a bit too much of krb5 dependency here... 
+   What is the correct way to do this? 
+   */
+
+extern krb5_context gssapi_krb5_context;
+
+/* XXX sync with gssapi.c */
+struct gss_data {
+    gss_ctx_id_t context_hdl;
+    char *client_name;
+};
+
+int gss_userok(void*, char*); /* to keep gcc happy */
+
+int
+gss_userok(void *app_data, char *username)
+{
+    struct gss_data *data = app_data;
+    if(gssapi_krb5_context) {
+	krb5_principal client;
+	krb5_error_code ret;
+	ret = krb5_parse_name(gssapi_krb5_context, data->client_name, &client);
+	if(ret)
+	    return 1;
+	ret = krb5_kuserok(gssapi_krb5_context, client, username);
+	krb5_free_principal(gssapi_krb5_context, client);
+	return !ret;
+    }
+    return 1;
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/kauth.c b/crypto/kerberosIV/appl/ftp/ftpd/kauth.c
new file mode 100644
index 0000000..dad4de5
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/kauth.c
@@ -0,0 +1,365 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftpd_locl.h"
+
+RCSID("$Id: kauth.c,v 1.25 1999/12/02 16:58:31 joda Exp $");
+
+static KTEXT_ST cip;
+static unsigned int lifetime;
+static time_t local_time;
+
+static krb_principal pr;
+
+static int do_destroy_tickets = 1;
+
+static int
+save_tkt(const char *user,
+	 const char *instance,
+	 const char *realm,
+	 const void *arg, 
+	 key_proc_t key_proc,
+	 KTEXT *cipp)
+{
+    local_time = time(0);
+    memmove(&cip, *cipp, sizeof(cip));
+    return -1;
+}
+
+static int
+store_ticket(KTEXT cip)
+{
+    char *ptr;
+    des_cblock session;
+    krb_principal sp;
+    unsigned char kvno;
+    KTEXT_ST tkt;
+    int left = cip->length;
+    int len;
+    int kerror;
+    
+    ptr = (char *) cip->dat;
+
+    /* extract session key */
+    memmove(session, ptr, 8);
+    ptr += 8;
+    left -= 8;
+
+    len = strnlen(ptr, left);
+    if (len == left)
+	return(INTK_BADPW);
+    
+    /* extract server's name */
+    strlcpy(sp.name, ptr, sizeof(sp.name));
+    ptr += len + 1;
+    left -= len + 1;
+
+    len = strnlen(ptr, left);
+    if (len == left)
+	return(INTK_BADPW);
+    
+    /* extract server's instance */
+    strlcpy(sp.instance, ptr, sizeof(sp.instance));
+    ptr += len + 1;
+    left -= len + 1;
+
+    len = strnlen(ptr, left);
+    if (len == left)
+	return(INTK_BADPW);
+    
+    /* extract server's realm */
+    strlcpy(sp.realm, ptr, sizeof(sp.realm));
+    ptr += len + 1;
+    left -= len + 1;
+
+    if(left < 3)
+	return INTK_BADPW;
+    /* extract ticket lifetime, server key version, ticket length */
+    /* be sure to avoid sign extension on lifetime! */
+    lifetime = (unsigned char) ptr[0];
+    kvno = (unsigned char) ptr[1];
+    tkt.length = (unsigned char) ptr[2];
+    ptr += 3;
+    left -= 3;
+    
+    if (tkt.length > left)
+	return(INTK_BADPW);
+
+    /* extract ticket itself */
+    memmove(tkt.dat, ptr, tkt.length);
+    ptr += tkt.length;
+    left -= tkt.length;
+
+    /* Here is where the time should be verified against the KDC.
+     * Unfortunately everything is sent in host byte order (receiver
+     * makes wrong) , and at this stage there is no way for us to know
+     * which byteorder the KDC has. So we simply ignore the time,
+     * there are no security risks with this, the only thing that can
+     * happen is that we might receive a replayed ticket, which could
+     * at most be useless.
+     */
+    
+#if 0
+    /* check KDC time stamp */
+    {
+	time_t kdc_time;
+
+	memmove(&kdc_time, ptr, sizeof(kdc_time));
+	if (swap_bytes) swap_u_long(kdc_time);
+
+	ptr += 4;
+    
+	if (abs((int)(local_time - kdc_time)) > CLOCK_SKEW) {
+	    return(RD_AP_TIME);		/* XXX should probably be better
+					   code */
+	}
+    }
+#endif
+
+    /* initialize ticket cache */
+
+    if (tf_create(TKT_FILE) != KSUCCESS)
+	return(INTK_ERR);
+
+    if (tf_put_pname(pr.name) != KSUCCESS ||
+	tf_put_pinst(pr.instance) != KSUCCESS) {
+	tf_close();
+	return(INTK_ERR);
+    }
+
+    
+    kerror = tf_save_cred(sp.name, sp.instance, sp.realm, session, 
+			  lifetime, kvno, &tkt, local_time);
+    tf_close();
+
+    return(kerror);
+}
+
+void
+kauth(char *principal, char *ticket)
+{
+    char *p;
+    int ret;
+  
+    if(get_command_prot() != prot_private) {
+	reply(500, "Request denied (bad protection level)");
+	return;
+    }
+    ret = krb_parse_name(principal, &pr);
+    if(ret){
+	reply(500, "Bad principal: %s.", krb_get_err_text(ret));
+	return;
+    }
+    if(pr.realm[0] == 0)
+	krb_get_lrealm(pr.realm, 1);
+
+    if(ticket){
+	cip.length = base64_decode(ticket, &cip.dat);
+	if(cip.length == -1){
+	    reply(500, "Failed to decode data.");
+	    return;
+	}
+	ret = store_ticket(&cip);
+	if(ret){
+	    reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
+	    memset(&cip, 0, sizeof(cip));
+	    return;
+	}
+	do_destroy_tickets = 1;
+
+	if(k_hasafs())
+	    krb_afslog(0, 0);
+	reply(200, "Tickets will be destroyed on exit.");
+	return;
+    }
+    
+    ret = krb_get_in_tkt (pr.name,
+			  pr.instance,
+			  pr.realm,
+			  KRB_TICKET_GRANTING_TICKET,
+			  pr.realm,
+			  DEFAULT_TKT_LIFE,
+			  NULL, save_tkt, NULL);
+    if(ret != INTK_BADPW){
+	reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
+	return;
+    }
+    if(base64_encode(cip.dat, cip.length, &p) < 0) {
+	reply(500, "Out of memory while base64-encoding.");
+	return;
+    }
+    reply(300, "P=%s T=%s", krb_unparse_name(&pr), p);
+    free(p);
+    memset(&cip, 0, sizeof(cip));
+}
+
+
+static char *
+short_date(int32_t dp)
+{
+    char *cp;
+    time_t t = (time_t)dp;
+
+    if (t == (time_t)(-1L)) return "***  Never  *** ";
+    cp = ctime(&t) + 4;
+    cp[15] = '\0';
+    return (cp);
+}
+
+void
+klist(void)
+{
+    int err;
+
+    char *file = tkt_string();
+
+    krb_principal pr;
+    
+    char buf1[128], buf2[128];
+    int header = 1;
+    CREDENTIALS c;
+
+    
+
+    err = tf_init(file, R_TKT_FIL);
+    if(err != KSUCCESS){
+	reply(500, "%s", krb_get_err_text(err));
+	return;
+    }
+    tf_close();
+
+    /* 
+     * We must find the realm of the ticket file here before calling
+     * tf_init because since the realm of the ticket file is not
+     * really stored in the principal section of the file, the
+     * routine we use must itself call tf_init and tf_close.
+     */
+    err = krb_get_tf_realm(file, pr.realm);
+    if(err != KSUCCESS){
+	reply(500, "%s", krb_get_err_text(err));
+	return;
+    }
+
+    err = tf_init(file, R_TKT_FIL);
+    if(err != KSUCCESS){
+	reply(500, "%s", krb_get_err_text(err));
+	return;
+    }
+
+    err = tf_get_pname(pr.name);
+    if(err != KSUCCESS){
+	reply(500, "%s", krb_get_err_text(err));
+	return;
+    }
+    err = tf_get_pinst(pr.instance);
+    if(err != KSUCCESS){
+	reply(500, "%s", krb_get_err_text(err));
+	return;
+    }
+
+    /* 
+     * You may think that this is the obvious place to get the
+     * realm of the ticket file, but it can't be done here as the
+     * routine to do this must open the ticket file.  This is why 
+     * it was done before tf_init.
+     */
+       
+    lreply(200, "Ticket file: %s", tkt_string());
+
+    lreply(200, "Principal: %s", krb_unparse_name(&pr));
+    while ((err = tf_get_cred(&c)) == KSUCCESS) {
+	if (header) {
+	    lreply(200, "%-15s  %-15s  %s",
+		   "  Issued", "  Expires", "  Principal (kvno)");
+	    header = 0;
+	}
+	strlcpy(buf1, short_date(c.issue_date), sizeof(buf1));
+	c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
+	if (time(0) < (unsigned long) c.issue_date)
+	    strlcpy(buf2, short_date(c.issue_date), sizeof(buf2));
+	else
+	    strlcpy(buf2, ">>> Expired <<< ", sizeof(buf2));
+	lreply(200, "%s  %s  %s (%d)", buf1, buf2,
+	       krb_unparse_name_long(c.service, c.instance, c.realm), c.kvno); 
+    }
+    if (header && err == EOF) {
+	lreply(200, "No tickets in file.");
+    }
+    reply(200, " ");
+}
+
+/*
+ * Only destroy if we created the tickets
+ */
+
+void
+cond_kdestroy(void)
+{
+    if (do_destroy_tickets)
+	dest_tkt();
+    afsunlog();
+}
+
+void
+kdestroy(void)
+{
+    dest_tkt();
+    afsunlog();
+    reply(200, "Tickets destroyed");
+}
+
+void
+krbtkfile(const char *tkfile)
+{
+    do_destroy_tickets = 0;
+    krb_set_tkt_string(tkfile);
+    reply(200, "Using ticket file %s", tkfile);
+}
+
+void
+afslog(const char *cell)
+{
+    if(k_hasafs()) {
+	krb_afslog(cell, 0);
+	reply(200, "afslog done");
+    } else {
+	reply(200, "no AFS present");
+    }
+}
+
+void
+afsunlog(void)
+{
+    if(k_hasafs())
+	k_unlog();
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/krb4.c b/crypto/kerberosIV/appl/ftp/ftpd/krb4.c
new file mode 100644
index 0000000..2457c61
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/krb4.c
@@ -0,0 +1,372 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      H�gskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: krb4.c,v 1.19 1997/05/11 09:00:07 assar Exp $");
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_NETINET_IN_h
+#include <netinet/in.h>
+#endif
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <krb.h>
+
+#include "base64.h"
+#include "extern.h"
+#include "auth.h"
+#include "krb4.h"
+
+#include <roken.h>
+
+static AUTH_DAT auth_dat;
+static des_key_schedule schedule;
+
+int krb4_auth(char *auth)
+{
+    auth_complete = 0;
+    reply(334, "Using authentication type %s; ADAT must follow", auth);
+    return 0;
+}
+
+int krb4_adat(char *auth)
+{
+    KTEXT_ST tkt;
+    char *p;
+    int kerror;
+    u_int32_t cs;
+    char msg[35]; /* size of encrypted block */
+    int len;
+
+    char inst[INST_SZ];
+
+    memset(&tkt, 0, sizeof(tkt));
+    len = base64_decode(auth, tkt.dat);
+
+    if(len < 0){
+	reply(501, "Failed to decode base64 data.");
+	return -1;
+    }
+    tkt.length = len;
+
+    k_getsockinst(0, inst, sizeof(inst));
+    kerror = krb_rd_req(&tkt, "ftp", inst, 0, &auth_dat, "");
+    if(kerror == RD_AP_UNDEC){
+	k_getsockinst(0, inst, sizeof(inst));
+	kerror = krb_rd_req(&tkt, "rcmd", inst, 0, &auth_dat, "");
+    }
+
+    if(kerror){
+	reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
+	return -1;
+    }
+  
+    des_set_key(&auth_dat.session, schedule);
+
+    cs = auth_dat.checksum + 1;
+    {
+	unsigned char tmp[4];
+	tmp[0] = (cs >> 24) & 0xff;
+	tmp[1] = (cs >> 16) & 0xff;
+	tmp[2] = (cs >> 8) & 0xff;
+	tmp[3] = cs & 0xff;
+	len = krb_mk_safe(tmp, msg, 4, &auth_dat.session, 
+			  &ctrl_addr, &his_addr);
+    }
+    if(len < 0){
+	reply(535, "Error creating reply: %s.", strerror(errno));
+	return -1;
+    }
+    base64_encode(msg, len, &p);
+    reply(235, "ADAT=%s", p);
+    auth_complete = 1;
+    free(p);
+    return 0;
+}
+
+int krb4_pbsz(int size)
+{
+    if(size > 1048576) /* XXX arbitrary number */
+	size = 1048576;
+    buffer_size = size;
+    reply(200, "OK PBSZ=%d", buffer_size);
+    return 0;
+}
+
+int krb4_prot(int level)
+{
+    if(level == prot_confidential)
+	return -1;
+    return 0;
+}
+
+int krb4_ccc(void)
+{
+    reply(534, "Don't event think about it.");
+    return -1;
+}
+
+int krb4_mic(char *msg)
+{
+    int len;
+    int kerror;
+    MSG_DAT m_data;
+    char *tmp, *cmd;
+  
+    cmd = strdup(msg);
+    
+    len = base64_decode(msg, cmd);
+    if(len < 0){
+	reply(501, "Failed to decode base 64 data.");
+	free(cmd);
+	return -1;
+    }
+    kerror = krb_rd_safe(cmd, len, &auth_dat.session, 
+			 &his_addr, &ctrl_addr, &m_data);
+
+    if(kerror){
+	reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
+	free(cmd);
+	return -1;
+    }
+    
+    tmp = malloc(strlen(msg) + 1);
+    snprintf(tmp, strlen(msg) + 1, "%.*s", (int)m_data.app_length, m_data.app_data);
+    if(!strstr(tmp, "\r\n"))
+	strcat(tmp, "\r\n");
+    new_ftp_command(tmp);
+    free(cmd);
+    return 0;
+}
+
+int krb4_conf(char *msg)
+{
+    prot_level = prot_safe;
+
+    reply(537, "Protection level not supported.");
+    return -1;
+}
+
+int krb4_enc(char *msg)
+{
+    int len;
+    int kerror;
+    MSG_DAT m_data;
+    char *tmp, *cmd;
+  
+    cmd = strdup(msg);
+    
+    len = base64_decode(msg, cmd);
+    if(len < 0){
+	reply(501, "Failed to decode base 64 data.");
+	free(cmd);
+	return -1;
+    }
+    kerror = krb_rd_priv(cmd, len, schedule, &auth_dat.session, 
+			 &his_addr, &ctrl_addr, &m_data);
+
+    if(kerror){
+	reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
+	free(cmd);
+	return -1;
+    }
+    
+    tmp = strdup(msg);
+    snprintf(tmp, strlen(msg) + 1, "%.*s", (int)m_data.app_length, m_data.app_data);
+    if(!strstr(tmp, "\r\n"))
+	strcat(tmp, "\r\n");
+    new_ftp_command(tmp);
+    free(cmd);
+    return 0;
+}
+
+int krb4_read(int fd, void *data, int length)
+{
+    static int left;
+    static char *extra;
+    static int eof;
+    int len, bytes, tx = 0;
+    
+    MSG_DAT m_data;
+    int kerror;
+
+    if(eof){ /* if we haven't reported an end-of-file, do so */
+	eof = 0;
+	return 0;
+    }
+    
+    if(left){
+	if(length > left)
+	    bytes = left;
+	else
+	    bytes = length;
+	memmove(data, extra, bytes);
+	left -= bytes;
+	if(left)
+	    memmove(extra, extra + bytes, left);
+	else
+	    free(extra);
+	length -= bytes;
+	tx += bytes;
+    }
+
+    while(length){
+	unsigned char tmp[4];
+	if(krb_net_read(fd, tmp, 4) < 4){
+	    reply(400, "Unexpected end of file.\n");
+	    return -1;
+	}
+	len = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
+	krb_net_read(fd, data_buffer, len);
+	if(data_protection == prot_safe)
+	    kerror = krb_rd_safe(data_buffer, len, &auth_dat.session, 
+				 &his_addr, &ctrl_addr, &m_data);
+	else
+	    kerror = krb_rd_priv(data_buffer, len, schedule, &auth_dat.session,
+				 &his_addr, &ctrl_addr, &m_data);
+	
+	if(kerror){
+	    reply(400, "Failed to read data: %s.", krb_get_err_text(kerror));
+	    return -1;
+	}
+	
+	bytes = m_data.app_length;
+	if(bytes == 0){
+	    if(tx) eof = 1;
+	    return  tx;
+	}
+	if(bytes > length){
+	    left = bytes - length;
+	    bytes = length;
+	    extra = malloc(left);
+	    memmove(extra, m_data.app_data + bytes, left);
+	}
+	memmove((unsigned char*)data + tx, m_data.app_data, bytes);
+	tx += bytes;
+	length -= bytes;
+    }
+    return tx;
+}
+
+int krb4_write(int fd, void *data, int length)
+{
+    int len, bytes, tx = 0;
+
+    len = buffer_size;
+    if(data_protection == prot_safe)
+	len -= 31; /* always 31 bytes overhead */
+    else
+	len -= 26; /* at most 26 bytes */
+    
+    do{
+	if(length < len)
+	    len = length;
+	if(data_protection == prot_safe)
+	    bytes = krb_mk_safe(data, data_buffer+4, len, &auth_dat.session,
+				&ctrl_addr, &his_addr);
+	else
+	    bytes = krb_mk_priv(data, data_buffer+4, len, schedule, 
+				&auth_dat.session,
+				&ctrl_addr, &his_addr);
+	if(bytes == -1){
+	    reply(535, "Failed to make packet: %s.", strerror(errno));
+	    return -1;
+	}
+	data_buffer[0] = (bytes >> 24) & 0xff;
+	data_buffer[1] = (bytes >> 16) & 0xff;
+	data_buffer[2] = (bytes >> 8) & 0xff;
+	data_buffer[3] = bytes & 0xff;
+	if(krb_net_write(fd, data_buffer, bytes+4) < 0)
+	    return -1;
+	length -= len;
+	data = (unsigned char*)data + len;
+	tx += len;
+    }while(length);
+    return tx;
+}
+
+int krb4_userok(char *name)
+{
+    if(!kuserok(&auth_dat, name)){
+	do_login(232, name);
+    }else{
+	reply(530, "User %s access denied.", name);
+    }
+    return 0;
+}
+
+
+int
+krb4_vprintf(const char *fmt, va_list ap)
+{
+    char buf[10240];
+    char *p;
+    char *enc;
+    int code;
+    int len;
+  
+    vsnprintf (buf, sizeof(buf), fmt, ap);
+    enc = malloc(strlen(buf) + 31);
+    if(prot_level == prot_safe){
+	len = krb_mk_safe((u_char*)buf, (u_char*)enc, strlen(buf), &auth_dat.session, 
+			  &ctrl_addr, &his_addr); 
+	code = 631;
+    }else if(prot_level == prot_private){
+	len = krb_mk_priv((u_char*)buf, (u_char*)enc, strlen(buf), schedule, 
+			  &auth_dat.session, &ctrl_addr, &his_addr); 
+	code = 632;
+    }else{
+	len = 0; /* XXX */
+	code = 631;
+    }
+    base64_encode(enc, len, &p);
+    fprintf(stdout, "%d %s\r\n", code, p);
+    free(enc);
+    free(p);
+    return 0;
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/krb4.h b/crypto/kerberosIV/appl/ftp/ftpd/krb4.h
new file mode 100644
index 0000000..f777dbd
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/krb4.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      H�gskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: krb4.h,v 1.6 1997/04/01 08:17:29 joda Exp $ */
+
+#ifndef __KRB4_H__
+#define __KRB4_H__
+
+#include <stdarg.h>
+
+int krb4_auth(char *auth);
+int krb4_adat(char *auth);
+int krb4_pbsz(int size);
+int krb4_prot(int level);
+int krb4_ccc(void);
+int krb4_mic(char *msg);
+int krb4_conf(char *msg);
+int krb4_enc(char *msg);
+
+int krb4_read(int fd, void *data, int length);
+int krb4_write(int fd, void *data, int length);
+
+int krb4_userok(char *name);
+int krb4_vprintf(const char *fmt, va_list ap);
+
+#endif /* __KRB4_H__ */
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c b/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c
new file mode 100644
index 0000000..019cc2d
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: logwtmp.c,v 1.14 1999/12/02 16:58:31 joda Exp $");
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#include "extern.h"
+
+#ifndef WTMP_FILE
+#ifdef _PATH_WTMP
+#define WTMP_FILE _PATH_WTMP
+#else
+#define WTMP_FILE "/var/adm/wtmp"
+#endif
+#endif
+
+void
+ftpd_logwtmp(char *line, char *name, char *host)
+{
+    static int init = 0;
+    static int fd;
+#ifdef WTMPX_FILE
+    static int fdx;
+#endif
+    struct utmp ut;
+#ifdef WTMPX_FILE
+    struct utmpx utx;
+#endif
+
+    memset(&ut, 0, sizeof(struct utmp));
+#ifdef HAVE_STRUCT_UTMP_UT_TYPE
+    if(name[0])
+	ut.ut_type = USER_PROCESS;
+    else
+	ut.ut_type = DEAD_PROCESS;
+#endif
+    strncpy(ut.ut_line, line, sizeof(ut.ut_line));
+    strncpy(ut.ut_name, name, sizeof(ut.ut_name));
+#ifdef HAVE_STRUCT_UTMP_UT_PID
+    ut.ut_pid = getpid();
+#endif
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
+    strncpy(ut.ut_host, host, sizeof(ut.ut_host));
+#endif
+    ut.ut_time = time(NULL);
+
+#ifdef WTMPX_FILE
+    strncpy(utx.ut_line, line, sizeof(utx.ut_line));
+    strncpy(utx.ut_user, name, sizeof(utx.ut_user));
+    strncpy(utx.ut_host, host, sizeof(utx.ut_host));
+#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
+    utx.ut_syslen = strlen(host) + 1;
+    if (utx.ut_syslen > sizeof(utx.ut_host))
+        utx.ut_syslen = sizeof(utx.ut_host);
+#endif
+    {
+	struct timeval tv;
+
+	gettimeofday (&tv, 0);
+	utx.ut_tv.tv_sec = tv.tv_sec;
+	utx.ut_tv.tv_usec = tv.tv_usec;
+    }
+
+    if(name[0])
+	utx.ut_type = USER_PROCESS;
+    else
+	utx.ut_type = DEAD_PROCESS;
+#endif
+
+    if(!init){
+	fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0);
+#ifdef WTMPX_FILE
+	fdx = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0);
+#endif
+	init = 1;
+    }
+    if(fd >= 0) {
+	write(fd, &ut, sizeof(struct utmp)); /* XXX */
+#ifdef WTMPX_FILE
+	write(fdx, &utx, sizeof(struct utmpx));
+#endif	
+    }
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ls.c b/crypto/kerberosIV/appl/ftp/ftpd/ls.c
new file mode 100644
index 0000000..97eb77e
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/ls.c
@@ -0,0 +1,572 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "ftpd_locl.h"
+
+RCSID("$Id: ls.c,v 1.13 1999/11/20 20:49:41 assar Exp $");
+
+struct fileinfo {
+    struct stat st;
+    int inode;
+    int bsize;
+    char mode[11];
+    int n_link;
+    char *user;
+    char *group;
+    char *size;
+    char *major;
+    char *minor;
+    char *date;
+    char *filename;
+    char *link;
+};
+
+#define LS_DIRS		 1
+#define LS_IGNORE_DOT	 2
+#define LS_SORT_MODE	 12
+#define SORT_MODE(f) ((f) & LS_SORT_MODE)
+#define LS_SORT_NAME	 4
+#define LS_SORT_MTIME	 8
+#define LS_SORT_SIZE	12
+#define LS_SORT_REVERSE	16
+
+#define LS_SIZE		32
+#define LS_INODE	64
+
+#ifndef S_ISTXT
+#define S_ISTXT S_ISVTX
+#endif
+
+#ifndef S_ISSOCK
+#define S_ISSOCK(mode)  (((mode) & _S_IFMT) == S_IFSOCK)
+#endif
+
+#ifndef S_ISLNK
+#define S_ISLNK(mode)   (((mode) & _S_IFMT) == S_IFLNK)
+#endif
+
+static void
+make_fileinfo(const char *filename, struct fileinfo *file, int flags)
+{
+    char buf[128];
+    struct stat *st = &file->st;
+
+    file->inode = st->st_ino;
+#ifdef S_BLKSIZE
+    file->bsize = st->st_blocks * S_BLKSIZE / 1024;
+#else
+    file->bsize = st->st_blocks * 512 / 1024;
+#endif
+
+    if(S_ISDIR(st->st_mode))
+	file->mode[0] = 'd';
+    else if(S_ISCHR(st->st_mode))
+	file->mode[0] = 'c';
+    else if(S_ISBLK(st->st_mode))
+	file->mode[0] = 'b';
+    else if(S_ISREG(st->st_mode))
+	file->mode[0] = '-';
+    else if(S_ISFIFO(st->st_mode))
+	file->mode[0] = 'p';
+    else if(S_ISLNK(st->st_mode))
+	file->mode[0] = 'l';
+    else if(S_ISSOCK(st->st_mode))
+	file->mode[0] = 's';
+#ifdef S_ISWHT
+    else if(S_ISWHT(st->st_mode))
+	file->mode[0] = 'w';
+#endif
+    else 
+	file->mode[0] = '?';
+    {
+	char *x[] = { "---", "--x", "-w-", "-wx", 
+		      "r--", "r-x", "rw-", "rwx" };
+	strcpy(file->mode + 1, x[(st->st_mode & S_IRWXU) >> 6]);
+	strcpy(file->mode + 4, x[(st->st_mode & S_IRWXG) >> 3]);
+	strcpy(file->mode + 7, x[(st->st_mode & S_IRWXO) >> 0]);
+	if((st->st_mode & S_ISUID)) {
+	    if((st->st_mode & S_IXUSR))
+		file->mode[3] = 's';
+	    else
+		file->mode[3] = 'S';
+	}
+	if((st->st_mode & S_ISGID)) {
+	    if((st->st_mode & S_IXGRP))
+		file->mode[6] = 's';
+	    else
+		file->mode[6] = 'S';
+	}
+	if((st->st_mode & S_ISTXT)) {
+	    if((st->st_mode & S_IXOTH))
+		file->mode[9] = 't';
+	    else
+		file->mode[9] = 'T';
+	}
+    }
+    file->n_link = st->st_nlink;
+    {
+	struct passwd *pwd;
+	pwd = getpwuid(st->st_uid);
+	if(pwd == NULL)
+	    asprintf(&file->user, "%u", (unsigned)st->st_uid);
+	else
+	    file->user = strdup(pwd->pw_name);
+    }
+    {
+	struct group *grp;
+	grp = getgrgid(st->st_gid);
+	if(grp == NULL)
+	    asprintf(&file->group, "%u", (unsigned)st->st_gid);
+	else
+	    file->group = strdup(grp->gr_name);
+    }
+    
+    if(S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode)) {
+#if defined(major) && defined(minor)
+	asprintf(&file->major, "%u", (unsigned)major(st->st_rdev));
+	asprintf(&file->minor, "%u", (unsigned)minor(st->st_rdev));
+#else
+	/* Don't want to use the DDI/DKI crap. */
+	asprintf(&file->major, "%u", (unsigned)st->st_rdev);
+	asprintf(&file->minor, "%u", 0);
+#endif
+    } else
+	asprintf(&file->size, "%lu", (unsigned long)st->st_size);
+
+    {
+	time_t t = time(NULL);
+	struct tm *tm = localtime(&st->st_mtime);
+	if((t - st->st_mtime > 6*30*24*60*60) ||
+	   (st->st_mtime - t > 6*30*24*60*60))
+	    strftime(buf, sizeof(buf), "%b %e  %Y", tm);
+	else
+	    strftime(buf, sizeof(buf), "%b %e %H:%M", tm);
+	file->date = strdup(buf);
+    }
+    {
+	const char *p = strrchr(filename, '/');
+	if(p)
+	    p++;
+	else
+	    p = filename;
+	file->filename = strdup(p);
+    }
+    if(S_ISLNK(st->st_mode)) {
+	int n;
+	n = readlink((char *)filename, buf, sizeof(buf));
+	if(n >= 0) {
+	    buf[n] = '\0';
+	    file->link = strdup(buf);
+	} else
+	    warn("%s: readlink", filename);
+    }
+}
+
+static void
+print_file(FILE *out,
+	   int flags,
+	   struct fileinfo *f,
+	   int max_inode,
+	   int max_bsize,
+	   int max_n_link,
+	   int max_user,
+	   int max_group,
+	   int max_size,
+	   int max_major,
+	   int max_minor,
+	   int max_date)
+{
+    if(f->filename == NULL)
+	return;
+
+    if(flags & LS_INODE) {
+	sec_fprintf2(out, "%*d", max_inode, f->inode);
+	sec_fprintf2(out, "  ");
+    }
+    if(flags & LS_SIZE) {
+	sec_fprintf2(out, "%*d", max_bsize, f->bsize);
+	sec_fprintf2(out, "  ");
+    }
+    sec_fprintf2(out, "%s", f->mode);
+    sec_fprintf2(out, "  ");
+    sec_fprintf2(out, "%*d", max_n_link, f->n_link);
+    sec_fprintf2(out, " ");
+    sec_fprintf2(out, "%-*s", max_user, f->user);
+    sec_fprintf2(out, "  ");
+    sec_fprintf2(out, "%-*s", max_group, f->group);
+    sec_fprintf2(out, "  ");
+    if(f->major != NULL && f->minor != NULL)
+	sec_fprintf2(out, "%*s, %*s", max_major, f->major, max_minor, f->minor);
+    else
+	sec_fprintf2(out, "%*s", max_size, f->size);
+    sec_fprintf2(out, " ");
+    sec_fprintf2(out, "%*s", max_date, f->date);
+    sec_fprintf2(out, " ");
+    sec_fprintf2(out, "%s", f->filename);
+    if(f->link)
+	sec_fprintf2(out, " -> %s", f->link);
+    sec_fprintf2(out, "\r\n");
+}
+
+static int
+compare_filename(struct fileinfo *a, struct fileinfo *b)
+{
+    if(a->filename == NULL)
+	return 1;
+    if(b->filename == NULL)
+	return -1;
+    return strcmp(a->filename, b->filename);
+}
+
+static int
+compare_mtime(struct fileinfo *a, struct fileinfo *b)
+{
+    if(a->filename == NULL)
+	return 1;
+    if(b->filename == NULL)
+	return -1;
+    return a->st.st_mtime - b->st.st_mtime;
+}
+
+static int
+compare_size(struct fileinfo *a, struct fileinfo *b)
+{
+    if(a->filename == NULL)
+	return 1;
+    if(b->filename == NULL)
+	return -1;
+    return a->st.st_size - b->st.st_size;
+}
+
+static void
+list_dir(FILE *out, const char *directory, int flags);
+
+static int
+log10(int num)
+{
+    int i = 1;
+    while(num > 10) {
+	i++;
+	num /= 10;
+    }
+    return i;
+}
+
+/*
+ * Operate as lstat but fake up entries for AFS mount points so we don't
+ * have to fetch them.
+ */
+
+static int
+lstat_file (const char *file, struct stat *sb)
+{
+#ifdef KRB4
+    if (k_hasafs() 
+	&& strcmp(file, ".")
+	&& strcmp(file, "..")) 
+    {
+	struct ViceIoctl    a_params;
+	char               *last;
+	char               *path_bkp;
+	static ino_t	   ino_counter = 0, ino_last = 0;
+	int		   ret;
+	const int	   maxsize = 2048;
+	
+	path_bkp = strdup (file);
+	if (path_bkp == NULL)
+	    return -1;
+	
+	a_params.out = malloc (maxsize);
+	if (a_params.out == NULL) { 
+	    free (path_bkp);
+	    return -1;
+	}
+	
+	/* If path contains more than the filename alone - split it */
+	
+	last = strrchr (path_bkp, '/');
+	if (last != NULL) {
+	    *last = '\0';
+	    a_params.in = last + 1;
+	} else
+	    a_params.in = (char *)file;
+	
+	a_params.in_size  = strlen (a_params.in) + 1;
+	a_params.out_size = maxsize;
+	
+	ret = k_pioctl (last ? path_bkp : "." ,
+			VIOC_AFS_STAT_MT_PT, &a_params, 0);
+	free (a_params.out);
+	if (ret < 0) {
+	    free (path_bkp);
+
+	    if (errno != EINVAL)
+		return ret;
+	    else
+		/* if we get EINVAL this is probably not a mountpoint */
+		return lstat (file, sb);
+	}
+
+	/* 
+	 * wow this was a mountpoint, lets cook the struct stat
+	 * use . as a prototype
+	 */
+
+	ret = lstat (path_bkp, sb);
+	free (path_bkp);
+	if (ret < 0)
+	    return ret;
+
+	if (ino_last == sb->st_ino)
+	    ino_counter++;
+	else {
+	    ino_last    = sb->st_ino;
+	    ino_counter = 0;
+	}
+	sb->st_ino += ino_counter;
+	sb->st_nlink = 3;
+
+	return 0;
+    }
+#endif /* KRB4 */
+    return lstat (file, sb);
+}
+
+static void
+list_files(FILE *out, char **files, int n_files, int flags)
+{
+    struct fileinfo *fi;
+    int i;
+
+    fi = calloc(n_files, sizeof(*fi));
+    if (fi == NULL) {
+	sec_fprintf2(out, "ouf of memory\r\n");
+	return;
+    }
+    for(i = 0; i < n_files; i++) {
+	if(lstat_file(files[i], &fi[i].st) < 0) {
+	    sec_fprintf2(out, "%s: %s\r\n", files[i], strerror(errno));
+	    fi[i].filename = NULL;
+	} else {
+	    if((flags & LS_DIRS) == 0 && S_ISDIR(fi[i].st.st_mode)) {
+		if(n_files > 1)
+		    sec_fprintf2(out, "%s:\r\n", files[i]);
+		list_dir(out, files[i], flags);
+	    } else {
+		make_fileinfo(files[i], &fi[i], flags);
+	    }
+	}
+    }
+    switch(SORT_MODE(flags)) {
+    case LS_SORT_NAME:
+	qsort(fi, n_files, sizeof(*fi), 
+	      (int (*)(const void*, const void*))compare_filename);
+	break;
+    case LS_SORT_MTIME:
+	qsort(fi, n_files, sizeof(*fi), 
+	      (int (*)(const void*, const void*))compare_mtime);
+	break;
+    case LS_SORT_SIZE:
+	qsort(fi, n_files, sizeof(*fi), 
+	      (int (*)(const void*, const void*))compare_size);
+	break;
+    }
+    {
+	int max_inode = 0;
+	int max_bsize = 0;
+	int max_n_link = 0;
+	int max_user = 0;
+	int max_group = 0;
+	int max_size = 0;
+	int max_major = 0;
+	int max_minor = 0;
+	int max_date = 0;
+	for(i = 0; i < n_files; i++) {
+	    if(fi[i].filename == NULL)
+		continue;
+	    if(fi[i].inode > max_inode)
+		max_inode = fi[i].inode;
+	    if(fi[i].bsize > max_bsize)
+		max_bsize = fi[i].bsize;
+	    if(fi[i].n_link > max_n_link)
+		max_n_link = fi[i].n_link;
+	    if(strlen(fi[i].user) > max_user)
+		max_user = strlen(fi[i].user);
+	    if(strlen(fi[i].group) > max_group)
+		max_group = strlen(fi[i].group);
+	    if(fi[i].major != NULL && strlen(fi[i].major) > max_major)
+		max_major = strlen(fi[i].major);
+	    if(fi[i].minor != NULL && strlen(fi[i].minor) > max_minor)
+		max_minor = strlen(fi[i].minor);
+	    if(fi[i].size != NULL && strlen(fi[i].size) > max_size)
+		max_size = strlen(fi[i].size);
+	    if(strlen(fi[i].date) > max_date)
+		max_date = strlen(fi[i].date);
+	}
+	if(max_size < max_major + max_minor + 2)
+	    max_size = max_major + max_minor + 2;
+	else if(max_size - max_minor - 2 > max_major)
+	    max_major = max_size - max_minor - 2;
+	max_inode = log10(max_inode);
+	max_bsize = log10(max_bsize);
+	max_n_link = log10(max_n_link);
+
+	if(flags & LS_SORT_REVERSE)
+	    for(i = n_files - 1; i >= 0; i--)
+		print_file(out,
+			   flags,
+			   &fi[i],
+			   max_inode,
+			   max_bsize,
+			   max_n_link,
+			   max_user,
+			   max_group,
+			   max_size,
+			   max_major,
+			   max_minor,
+			   max_date);
+	else
+	    for(i = 0; i < n_files; i++)
+		print_file(out,
+			   flags,
+			   &fi[i],
+			   max_inode,
+			   max_bsize,
+			   max_n_link,
+			   max_user,
+			   max_group,
+			   max_size,
+			   max_major,
+			   max_minor,
+			   max_date);
+    }
+}
+
+static void
+free_files (char **files, int n)
+{
+    int i;
+
+    for (i = 0; i < n; ++i)
+	free (files[i]);
+    free (files);
+}
+
+static void
+list_dir(FILE *out, const char *directory, int flags)
+{
+    DIR *d = opendir(directory);
+    struct dirent *ent;
+    char **files = NULL;
+    int n_files = 0;
+
+    if(d == NULL) {
+	sec_fprintf2(out, "%s: %s\r\n", directory, strerror(errno));
+	return;
+    }
+    while((ent = readdir(d)) != NULL) {
+	void *tmp;
+
+	if(ent->d_name[0] == '.') {
+	    if (flags & LS_IGNORE_DOT)
+	        continue;
+	    if (ent->d_name[1] == 0) /* Ignore . */
+	        continue;
+	    if (ent->d_name[1] == '.' && ent->d_name[2] == 0) /* Ignore .. */
+	        continue;
+	}
+	tmp = realloc(files, (n_files + 1) * sizeof(*files));
+	if (tmp == NULL) {
+	    sec_fprintf2(out, "%s: out of memory\r\n", directory);
+	    free_files (files, n_files);
+	    closedir (d);
+	    return;
+	}
+	files = tmp;
+	asprintf(&files[n_files], "%s/%s", directory, ent->d_name);
+	if (files[n_files] == NULL) {
+	    sec_fprintf2(out, "%s: out of memory\r\n", directory);
+	    free_files (files, n_files);
+	    closedir (d);
+	    return;
+	}
+	++n_files;
+    }
+    closedir(d);
+    list_files(out, files, n_files, flags | LS_DIRS);
+}
+
+void
+builtin_ls(FILE *out, const char *file)
+{
+    int flags = LS_SORT_NAME;
+
+    if(*file == '-') {
+	const char *p;
+	for(p = file + 1; *p; p++) {
+	    switch(*p) {
+	    case 'a':
+	    case 'A':
+		flags &= ~LS_IGNORE_DOT;
+		break;
+	    case 'C':
+		break;
+	    case 'd':
+		flags |= LS_DIRS;
+		break;
+	    case 'f':
+		flags = (flags & ~LS_SORT_MODE);
+		break;
+	    case 'i':
+		flags |= flags | LS_INODE;
+		break;
+	    case 'l':
+		break;
+	    case 't':
+		flags = (flags & ~LS_SORT_MODE) | LS_SORT_MTIME;
+		break;
+	    case 's':
+		flags |= LS_SIZE;
+		break;
+	    case 'S':
+		flags = (flags & ~LS_SORT_MODE) | LS_SORT_SIZE;
+		break;
+	    case 'r':
+		flags |= LS_SORT_REVERSE;
+		break;
+	    }
+	}
+	file = ".";
+    }
+    list_files(out, &file, 1, flags);
+    sec_fflush(out);
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h b/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h
new file mode 100644
index 0000000..1bd2be1
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)pathnames.h	8.1 (Berkeley) 6/4/93
+ */
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#ifndef _PATH_DEVNULL
+#define _PATH_DEVNULL "/dev/null"
+#endif
+
+#ifndef _PATH_NOLOGIN
+#define _PATH_NOLOGIN "/etc/nologin"
+#endif
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif
+
+#define	_PATH_FTPUSERS		"/etc/ftpusers"
+#define	_PATH_FTPCHROOT		"/etc/ftpchroot"
+#define	_PATH_FTPWELCOME	"/etc/ftpwelcome"
+#define	_PATH_FTPLOGINMESG	"/etc/motd"
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/popen.c b/crypto/kerberosIV/appl/ftp/ftpd/popen.c
new file mode 100644
index 0000000..5f36813
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/popen.c
@@ -0,0 +1,224 @@
+/*
+ * Copyright (c) 1988, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software written by Ken Arnold and
+ * published in UNIX Review, Vol. 6, No. 8.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: popen.c,v 1.19 1999/09/16 20:38:45 assar Exp $");
+#endif
+
+#include <sys/types.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+#include <sys/wait.h>
+
+#include <errno.h>
+#include <glob.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "extern.h"
+
+#include <roken.h>
+
+/* 
+ * Special version of popen which avoids call to shell.  This ensures
+ * no one may create a pipe to a hidden program as a side effect of a
+ * list or dir command.
+ */
+static int *pids;
+static int fds;
+
+extern int dochroot;
+
+/* return path prepended with ~ftp if that file exists, otherwise
+ * return path unchanged
+ */
+
+const char *
+ftp_rooted(const char *path)
+{
+    static char home[MaxPathLen] = "";
+    static char newpath[MaxPathLen];
+    struct passwd *pwd;
+
+    if(!home[0])
+	if((pwd = k_getpwnam("ftp")))
+	    strlcpy(home, pwd->pw_dir, sizeof(home));
+    snprintf(newpath, sizeof(newpath), "%s/%s", home, path);
+    if(access(newpath, X_OK))
+	strlcpy(newpath, path, sizeof(newpath));
+    return newpath;
+}
+
+
+FILE *
+ftpd_popen(char *program, char *type, int do_stderr, int no_glob)
+{
+	char *cp;
+	FILE *iop;
+	int argc, gargc, pdes[2], pid;
+	char **pop, *argv[100], *gargv[1000];
+	char *foo;
+
+	if (strcmp(type, "r") && strcmp(type, "w"))
+		return (NULL);
+
+	if (!pids) {
+
+	    /* This function is ugly and should be rewritten, in
+	     * modern unices there is no such thing as a maximum
+	     * filedescriptor.
+	     */
+
+	    fds = getdtablesize();
+	    pids = (int*)calloc(fds, sizeof(int));
+	    if(!pids)
+		return NULL;
+	}
+	if (pipe(pdes) < 0)
+		return (NULL);
+
+	/* break up string into pieces */
+	foo = NULL;
+	for (argc = 0, cp = program;; cp = NULL) {
+		if (!(argv[argc++] = strtok_r(cp, " \t\n", &foo)))
+			break;
+	}
+
+	gargv[0] = (char*)ftp_rooted(argv[0]);
+	/* glob each piece */
+	for (gargc = argc = 1; argv[argc]; argc++) {
+		glob_t gl;
+		int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+
+		memset(&gl, 0, sizeof(gl));
+		if (no_glob || glob(argv[argc], flags, NULL, &gl))
+			gargv[gargc++] = strdup(argv[argc]);
+		else
+			for (pop = gl.gl_pathv; *pop; pop++)
+				gargv[gargc++] = strdup(*pop);
+		globfree(&gl);
+	}
+	gargv[gargc] = NULL;
+
+	iop = NULL;
+	switch(pid = fork()) {
+	case -1:			/* error */
+		close(pdes[0]);
+		close(pdes[1]);
+		goto pfree;
+		/* NOTREACHED */
+	case 0:				/* child */
+		if (*type == 'r') {
+			if (pdes[1] != STDOUT_FILENO) {
+				dup2(pdes[1], STDOUT_FILENO);
+				close(pdes[1]);
+			}
+			if(do_stderr)
+			    dup2(STDOUT_FILENO, STDERR_FILENO);
+			close(pdes[0]);
+		} else {
+			if (pdes[0] != STDIN_FILENO) {
+				dup2(pdes[0], STDIN_FILENO);
+				close(pdes[0]);
+			}
+			close(pdes[1]);
+		}
+		execv(gargv[0], gargv);
+		gargv[0] = argv[0];
+		execv(gargv[0], gargv);
+		_exit(1);
+	}
+	/* parent; assume fdopen can't fail...  */
+	if (*type == 'r') {
+		iop = fdopen(pdes[0], type);
+		close(pdes[1]);
+	} else {
+		iop = fdopen(pdes[1], type);
+		close(pdes[0]);
+	}
+	pids[fileno(iop)] = pid;
+	
+pfree:	
+	for (argc = 1; gargv[argc] != NULL; argc++)
+	    free(gargv[argc]);
+
+
+	return (iop);
+}
+
+int
+ftpd_pclose(FILE *iop)
+{
+	int fdes, status;
+	pid_t pid;
+	sigset_t sigset, osigset;
+
+	/*
+	 * pclose returns -1 if stream is not associated with a
+	 * `popened' command, or, if already `pclosed'.
+	 */
+	if (pids == 0 || pids[fdes = fileno(iop)] == 0)
+		return (-1);
+	fclose(iop);
+	sigemptyset(&sigset);
+	sigaddset(&sigset, SIGINT);
+	sigaddset(&sigset, SIGQUIT);
+	sigaddset(&sigset, SIGHUP);
+	sigprocmask(SIG_BLOCK, &sigset, &osigset);
+	while ((pid = waitpid(pids[fdes], &status, 0)) < 0 && errno == EINTR)
+		continue;
+	sigprocmask(SIG_SETMASK, &osigset, NULL);
+	pids[fdes] = 0;
+	if (pid < 0)
+		return (pid);
+	if (WIFEXITED(status))
+		return (WEXITSTATUS(status));
+	return (1);
+}
diff --git a/crypto/kerberosIV/appl/kauth/ChangeLog b/crypto/kerberosIV/appl/kauth/ChangeLog
new file mode 100644
index 0000000..a770682
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/ChangeLog
@@ -0,0 +1,30 @@
+1999-08-31  Johan Danielsson  <joda@pdc.kth.se>
+
+	* kauth.c: cleanup usage string; handle `kauth -h' gracefully
+	(print usage); add `-a' flag to get the ticket address (useful for
+	firewall configurations)
+
+Thu Apr 15 15:05:33 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* kauth.c: add `-v'
+
+Thu Mar 18 11:17:14 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: include Makefile.am.common
+
+Sun Nov 22 10:30:47 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (WFLAGS): set
+
+Tue May 26 17:41:47 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* kauth.c: use krb_enable_debug
+
+Fri May  1 07:15:18 1998  Assar Westerlund  <assar@sics.se>
+
+	* rkinit.c: unifdef -DHAVE_H_ERRNO
+
+Thu Mar 19 16:07:18 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* kauth.c: Check for negative return value from krb_afslog().
+
diff --git a/crypto/kerberosIV/appl/kauth/Makefile.am b/crypto/kerberosIV/appl/kauth/Makefile.am
new file mode 100644
index 0000000..a5bf0fdaca
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/Makefile.am
@@ -0,0 +1,42 @@
+# $Id: Makefile.am,v 1.7 1999/04/09 18:22:45 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4)
+
+bin_PROGRAMS = kauth
+bin_SCRIPTS = ksrvtgt
+libexec_PROGRAMS = kauthd
+
+EXTRA_DIST = zrefresh ksrvtgt.in
+
+kauth_SOURCES = \
+	kauth.c \
+	kauth.h \
+	rkinit.c \
+	marshall.c \
+	encdata.c
+
+kauthd_SOURCES = \
+	kauthd.c \
+	kauth.h \
+	marshall.c \
+	encdata.c
+
+ksrvtgt: ksrvtgt.in
+	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/ksrvtgt.in > $@
+	chmod +x $@
+
+install-exec-local:
+	if test -f $(bindir)/zrefresh -o -r  $(bindir)/zrefresh; then \
+	  true; \
+	else \
+	  $(INSTALL_PROGRAM) $(srcdir)/zrefresh $(bindir)/`echo zrefresh | sed '$(transform)'`; \
+	fi
+
+LDADD = \
+	$(LIB_kafs)				\
+	$(LIB_krb5)				\
+	$(LIB_krb4)				\
+	$(top_builddir)/lib/des/libdes.la	\
+	$(LIB_roken)
diff --git a/crypto/kerberosIV/appl/kauth/Makefile.in b/crypto/kerberosIV/appl/kauth/Makefile.in
new file mode 100644
index 0000000..278facc
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/Makefile.in
@@ -0,0 +1,110 @@
+# $Id: Makefile.in,v 1.40 1999/03/10 19:01:11 joda Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+top_builddir = ../..
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@ -DBINDIR='"$(bindir)"'
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+LIBS = @LIBS@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+bindir = @bindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROG_BIN	= kauth$(EXECSUFFIX) ksrvtgt
+PROG_LIBEXEC	= kauthd$(EXECSUFFIX)
+PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
+
+SOURCES_KAUTH  = kauth.c rkinit.c
+SOURCES_KAUTHD = kauthd.c
+SOURCES_COMMON = encdata.c marshall.c
+
+OBJECTS_KAUTH  = kauth.o rkinit.o
+OBJECTS_KAUTHD = kauthd.o
+OBJECTS_COMMON = marshall.o encdata.o
+
+OBJECTS = $(OBJECTS_KAUTH) $(OBJECTS_KAUTHD)
+SOURCES = $(SOURCES_KAUTH) $(SOURCES_KAUTHD) $(SOURCES_COMMON)
+
+KRB_KAFS_LIB = @KRB_KAFS_LIB@
+
+all: $(PROGS)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir)
+	for x in $(PROG_BIN); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
+	done
+	if test -f $(DESTDIR)$(bindir)/zrefresh -o -r  $(DESTDIR)$(bindir)/zrefresh; then \
+	  true; \
+	else \
+	  $(INSTALL_PROGRAM) $(srcdir)/zrefresh $(DESTDIR)$(bindir)/`echo zrefresh | sed '$(transform)'`; \
+	fi
+	for x in $(PROG_LIBEXEC); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x| sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(PROG_BIN); do \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
+	done
+	for x in $(PROG_LIBEXEC); do \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x| sed '$(transform)'`; \
+	done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes
+LIBROKEN=-L../../lib/roken -lroken
+
+kauth$(EXECSUFFIX): $(OBJECTS_KAUTH) $(OBJECTS_COMMON)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KAUTH) $(OBJECTS_COMMON) $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+kauthd$(EXECSUFFIX): $(OBJECTS_KAUTHD) $(OBJECTS_COMMON)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KAUTHD) $(OBJECTS_COMMON) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+ksrvtgt: ksrvtgt.in
+	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/ksrvtgt.in > $@
+	chmod +x $@
+
+
+$(OBJECTS): ../../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/appl/kauth/encdata.c b/crypto/kerberosIV/appl/kauth/encdata.c
new file mode 100644
index 0000000..886f549
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/encdata.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kauth.h"
+
+RCSID("$Id: encdata.c,v 1.10 1999/12/02 16:58:31 joda Exp $");
+
+int
+write_encrypted (int fd, void *buf, size_t len, des_key_schedule schedule,
+		 des_cblock *session, struct sockaddr_in *me,
+		 struct sockaddr_in *him)
+{
+     void *outbuf;
+     int32_t outlen, l;
+     int i;
+     unsigned char tmp[4];
+
+     outbuf = malloc(len + 30);
+     if (outbuf == NULL)
+	  return -1;
+     outlen = krb_mk_priv (buf, outbuf, len, schedule, session, me, him);
+     if (outlen < 0) {
+	  free(outbuf);
+	  return -1;
+     }
+     l = outlen;
+     for(i = 3; i >= 0; i--, l = l >> 8)
+	 tmp[i] = l & 0xff;
+     if (krb_net_write (fd, tmp, 4) != 4 ||
+	 krb_net_write (fd, outbuf, outlen) != outlen) {
+	  free(outbuf);
+	  return -1;
+     }
+     
+     free(outbuf);
+     return 0;
+}
+
+
+int
+read_encrypted (int fd, void *buf, size_t len, void **ret,
+		des_key_schedule schedule, des_cblock *session,
+		struct sockaddr_in *him, struct sockaddr_in *me)
+{
+     int status;
+     int32_t l;
+     MSG_DAT msg;
+     unsigned char tmp[4];
+
+     l = krb_net_read (fd, tmp, 4);
+     if (l != 4)
+	 return l;
+     l = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
+     if (l > len)
+	  return -1;
+     if (krb_net_read (fd, buf, l) != l)
+	  return -1;
+     status = krb_rd_priv (buf, l, schedule, session, him, me, &msg);
+     if (status != RD_AP_OK) {
+	  fprintf (stderr, "read_encrypted: %s\n",
+		   krb_get_err_text(status));
+	  return -1;
+     }
+     *ret  = msg.app_data;
+     return  msg.app_length;
+}
diff --git a/crypto/kerberosIV/appl/kauth/kauth.c b/crypto/kerberosIV/appl/kauth/kauth.c
new file mode 100644
index 0000000..13448a0
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/kauth.c
@@ -0,0 +1,385 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Little program that reads an srvtab or password and
+ * creates a suitable ticketfile and associated AFS tokens.
+ *
+ * If an optional command is given the command is executed in a
+ * new PAG and when the command exits the tickets are destroyed.
+ */
+
+#include "kauth.h"
+
+RCSID("$Id: kauth.c,v 1.97 1999/12/02 16:58:31 joda Exp $");
+
+krb_principal princ;
+static char srvtab[MaxPathLen];
+static int lifetime = DEFAULT_TKT_LIFE;
+static char remote_tktfile[MaxPathLen];
+static char remoteuser[100];
+static char *cell = 0;
+
+static void
+usage(void)
+{
+    fprintf(stderr,
+	    "Usage:\n"
+	    "  %s [name]\n"
+	    "or\n"
+	    "  %s [-ad] [-n name] [-r remoteuser] [-t remote ticketfile]\n"
+	    "        [-l lifetime (in minutes) ] [-f srvtab ] [-c AFS cell name ]\n"
+	    "        [-h hosts... [--]] [command ... ]\n\n",
+	    __progname, __progname);
+    fprintf(stderr, 
+	    "A fully qualified name can be given: user[.instance][@realm]\n"
+	    "Realm is converted to uppercase!\n");
+    exit(1);
+}
+
+#define EX_NOEXEC	126
+#define EX_NOTFOUND	127
+
+static int
+doexec(int argc, char **argv)
+{
+    int ret = simple_execvp(argv[0], argv);
+    if(ret == -2)
+	warn ("fork");
+    if(ret == -3)
+	warn("waitpid");
+    if(ret < 0)
+	return EX_NOEXEC;
+    if(ret == EX_NOEXEC || ret == EX_NOTFOUND)
+	warnx("Can't exec program ``%s''", argv[0]);
+	
+    return ret;
+}
+
+static RETSIGTYPE
+renew(int sig)
+{
+    int code;
+
+    signal(SIGALRM, renew);
+
+    code = krb_get_svc_in_tkt(princ.name, princ.instance, princ.realm,
+			      KRB_TICKET_GRANTING_TICKET,
+			      princ.realm, lifetime, srvtab);
+    if (code)
+	warnx ("%s", krb_get_err_text(code));
+    else if (k_hasafs())
+	{
+	    if ((code = krb_afslog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) {
+		warnx ("%s", krb_get_err_text(code));
+	    }
+	}
+
+    alarm(krb_life_to_time(0, lifetime)/2 - 60);
+    SIGRETURN(0);
+}
+
+static int
+zrefresh(void)
+{
+    switch (fork()) {
+    case -1:
+	err (1, "Warning: Failed to fork zrefresh");
+	return -1;
+    case 0:
+	/* Child */
+	execlp("zrefresh", "zrefresh", 0);
+	execl(BINDIR "/zrefresh", "zrefresh", 0);
+	exit(1);
+    default:
+	/* Parent */
+	break;
+    }
+    return 0;
+}
+
+static int
+key_to_key(const char *user,
+	   char *instance,
+	   const char *realm,
+	   const void *arg,
+	   des_cblock *key)
+{
+    memcpy(key, arg, sizeof(des_cblock));
+    return 0;
+}
+
+static int
+get_ticket_address(krb_principal *princ, des_cblock *key)
+{
+    int code;
+    unsigned char flags;
+    krb_principal service;
+    u_int32_t addr;
+    struct in_addr addr2;
+    des_cblock session;
+    int life;
+    u_int32_t time_sec;
+    des_key_schedule schedule;
+    CREDENTIALS c;
+	
+    code = get_ad_tkt(princ->name, princ->instance, princ->realm, 0);
+    if(code) {
+	warnx("get_ad_tkt: %s\n", krb_get_err_text(code));
+	return code;
+    }
+    code = krb_get_cred(princ->name, princ->instance, princ->realm, &c);
+    if(code) {
+	warnx("krb_get_cred: %s\n", krb_get_err_text(code));
+	return code;
+    }
+
+    des_set_key(key, schedule);
+    code = decomp_ticket(&c.ticket_st, 
+			 &flags,
+			 princ->name,
+			 princ->instance,
+			 princ->realm,
+			 &addr,
+			 session,
+			 &life,
+			 &time_sec,
+			 service.name,
+			 service.instance,
+			 key,
+			 schedule);
+    if(code) {
+	warnx("decomp_ticket: %s\n", krb_get_err_text(code));
+	return code;
+    }
+    memset(&session, 0, sizeof(session));
+    memset(schedule, 0, sizeof(schedule));
+    addr2.s_addr = addr;
+    fprintf(stdout, "ticket address = %s\n", inet_ntoa(addr2));
+} 
+
+
+int
+main(int argc, char **argv)
+{
+    int code, more_args;
+    int ret;
+    int c;
+    char *file;
+    int pflag = 0;
+    int aflag = 0;
+    int version_flag = 0;
+    char passwd[100];
+    des_cblock key;
+    char **host;
+    int nhost;
+    char tf[MaxPathLen];
+
+    set_progname (argv[0]);
+
+    if ((file =  getenv("KRBTKFILE")) == 0)
+	file = TKT_FILE;  
+
+    memset(&princ, 0, sizeof(princ));
+    memset(srvtab, 0, sizeof(srvtab));
+    *remoteuser = '\0';
+    nhost = 0;
+    host = NULL;
+  
+    /* Look for kerberos name */
+    if (argc > 1 &&
+	argv[1][0] != '-' &&
+	krb_parse_name(argv[1], &princ) == 0)
+      {
+	argc--; argv++;
+	strupr(princ.realm);
+      }
+
+    while ((c = getopt(argc, argv, "ar:t:f:hdl:n:c:v")) != -1)
+	switch (c) {
+	case 'a':
+	    aflag++;
+	    break;
+	case 'd':
+	    krb_enable_debug();
+	    _kafs_debug = 1;
+	    aflag++;
+	    break;
+	case 'f':
+	    strlcpy(srvtab, optarg, sizeof(srvtab));
+	    break;
+	case 't':
+	    strlcpy(remote_tktfile, optarg, sizeof(remote_tktfile));
+	    break;
+	case 'r':
+	    strlcpy(remoteuser, optarg, sizeof(remoteuser));
+	    break;
+	case 'l':
+	    lifetime = atoi(optarg);
+	    if (lifetime == -1)
+		lifetime = 255;
+	    else if (lifetime < 5)
+		lifetime = 1;
+	    else
+		lifetime = krb_time_to_life(0, lifetime*60);
+	    if (lifetime > 255)
+		lifetime = 255;
+	    break;
+	case 'n':
+	    if ((code = krb_parse_name(optarg, &princ)) != 0) {
+		warnx ("%s", krb_get_err_text(code));
+		usage();
+	    }
+	    strupr(princ.realm);
+	    pflag = 1;
+	    break;
+	case 'c':
+	    cell = optarg;
+	    break;
+	case 'h':
+	    host = argv + optind;
+	    for(nhost = 0; optind < argc && *argv[optind] != '-'; ++optind)
+		++nhost;
+	    if(nhost == 0)
+		usage();
+	    break;
+	case 'v':
+	    version_flag++;
+	    print_version(NULL);
+	    break;
+	case '?':
+	default:
+	    usage();
+	    break;
+	}
+  
+    if(version_flag) {
+	print_version(NULL);
+	exit(0);
+    }
+    if (princ.name[0] == '\0' && krb_get_default_principal (princ.name, 
+							    princ.instance, 
+							    princ.realm) < 0)
+	errx (1, "Could not get default principal");
+  
+    /* With root tickets assume remote user is root */
+    if (*remoteuser == '\0') {
+      if (strcmp(princ.instance, "root") == 0)
+	strlcpy(remoteuser, princ.instance, sizeof(remoteuser));
+      else
+	strlcpy(remoteuser, princ.name, sizeof(remoteuser));
+    }
+
+    more_args = argc - optind;
+  
+    if (princ.realm[0] == '\0')
+	if (krb_get_lrealm(princ.realm, 1) != KSUCCESS)
+	    strlcpy(princ.realm, KRB_REALM, REALM_SZ);
+  
+    if (more_args) {
+	int f;
+      
+	do{
+	    snprintf(tf, sizeof(tf), "%s%u_%u", TKT_ROOT, (unsigned)getuid(),
+		     (unsigned)(getpid()*time(0)));
+	    f = open(tf, O_CREAT|O_EXCL|O_RDWR);
+	}while(f < 0);
+	close(f);
+	unlink(tf);
+	setenv("KRBTKFILE", tf, 1);
+	krb_set_tkt_string (tf);
+    }
+    
+    if (srvtab[0])
+	{
+	    signal(SIGALRM, renew);
+
+	    code = read_service_key (princ.name, princ.instance, princ.realm, 0, 
+				     srvtab, (char *)&key);
+	    if (code == KSUCCESS)
+		code = krb_get_in_tkt(princ.name, princ.instance, princ.realm,
+				      KRB_TICKET_GRANTING_TICKET,
+				      princ.realm, lifetime,
+				      key_to_key, NULL, key);
+	    alarm(krb_life_to_time(0, lifetime)/2 - 60);
+	}
+    else {
+	char prompt[128];
+	  
+	snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&princ));
+	if (des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
+	    memset(passwd, 0, sizeof(passwd));
+	    exit(1);
+	}
+	code = krb_get_pw_in_tkt2(princ.name, princ.instance, princ.realm, 
+				  KRB_TICKET_GRANTING_TICKET, princ.realm, 
+				  lifetime, passwd, &key);
+	
+	memset(passwd, 0, sizeof(passwd));
+    }
+    if (code) {
+	memset (key, 0, sizeof(key));
+	errx (1, "%s", krb_get_err_text(code));
+    }
+
+    if(aflag)
+	get_ticket_address(&princ, &key);
+
+    if (k_hasafs()) {
+	if (more_args)
+	    k_setpag();
+	if ((code = krb_afslog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) {
+	    if(code > 0)
+		warnx ("%s", krb_get_err_text(code));
+	    else
+		warnx ("failed to store AFS token");
+	}
+    }
+
+    for(ret = 0; nhost-- > 0; host++)
+	ret += rkinit(&princ, lifetime, remoteuser, remote_tktfile, &key, *host);
+  
+    if (ret)
+	return ret;
+
+    if (more_args) {
+	ret = doexec(more_args, &argv[optind]);
+	dest_tkt();
+	if (k_hasafs())
+	    k_unlog();	 
+    }
+    else
+	zrefresh();
+  
+    return ret;
+}
diff --git a/crypto/kerberosIV/appl/kauth/kauth.h b/crypto/kerberosIV/appl/kauth/kauth.h
new file mode 100644
index 0000000..32243c7
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/kauth.h
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kauth.h,v 1.21 1999/12/02 16:58:31 joda Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include <signal.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <errno.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif /* HAVE_SYS_RESOURCE_H */
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef SOCKS
+#include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
+#endif
+
+#include <err.h>
+
+#include <krb.h>
+#include <kafs.h>
+
+#include <roken.h>
+
+#define KAUTH_PORT 2120
+
+#define KAUTH_VERSION "RKINIT.0"
+
+int rkinit (krb_principal*, int, char*, char*, des_cblock*, char*);
+
+int write_encrypted (int, void*, size_t, des_key_schedule,
+		     des_cblock*, struct sockaddr_in*, struct sockaddr_in*);
+
+int read_encrypted (int, void*, size_t, void **, des_key_schedule,
+		    des_cblock*, struct sockaddr_in*, struct sockaddr_in*);
+
+int pack_args (char *, size_t, krb_principal*, int, const char*, const char*);
+
+int unpack_args (const char*, krb_principal*, int*, char*, char*);
diff --git a/crypto/kerberosIV/appl/kauth/kauthd.c b/crypto/kerberosIV/appl/kauth/kauthd.c
new file mode 100644
index 0000000..8dae4d0
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/kauthd.c
@@ -0,0 +1,200 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kauth.h"
+
+RCSID("$Id: kauthd.c,v 1.25 1999/12/02 16:58:31 joda Exp $");
+
+krb_principal princ;
+static char locuser[SNAME_SZ];
+static int  lifetime;
+static char tktfile[MaxPathLen];
+
+struct remote_args {
+     int sock;
+     des_key_schedule *schedule;
+     des_cblock *session;
+     struct sockaddr_in *me, *her;
+};
+
+static int
+decrypt_remote_tkt (const char *user,
+		    const char *inst,
+		    const char *realm,
+		    const void *varg,
+		    key_proc_t key_proc,
+		    KTEXT *cipp)
+{
+     char buf[BUFSIZ];
+     void *ptr;
+     int len;
+     KTEXT cip  = *cipp;
+     struct remote_args *args = (struct remote_args *)varg;
+
+     write_encrypted (args->sock, cip->dat, cip->length,
+		      *args->schedule, args->session, args->me,
+		      args->her);
+     len = read_encrypted (args->sock, buf, sizeof(buf), &ptr, *args->schedule,
+			   args->session, args->her, args->me);
+     memcpy(cip->dat, ptr, cip->length);
+	  
+     return 0;
+}
+
+static int
+doit(int sock)
+{
+     int status;
+     KTEXT_ST ticket;
+     AUTH_DAT auth;
+     char instance[INST_SZ];
+     des_key_schedule schedule;
+     struct sockaddr_in thisaddr, thataddr;
+     int addrlen;
+     int len;
+     char buf[BUFSIZ];
+     void *data;
+     struct passwd *passwd;
+     char version[KRB_SENDAUTH_VLEN + 1];
+     char remotehost[MaxHostNameLen];
+
+     addrlen = sizeof(thisaddr);
+     if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
+	 addrlen != sizeof(thisaddr)) {
+	  return 1;
+     }
+     addrlen = sizeof(thataddr);
+     if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 ||
+	 addrlen != sizeof(thataddr)) {
+	  return 1;
+     }
+
+     inaddr2str (thataddr.sin_addr, remotehost, sizeof(remotehost));
+
+     k_getsockinst (sock, instance, sizeof(instance));
+     status = krb_recvauth (KOPT_DO_MUTUAL, sock, &ticket, "rcmd", instance,
+			    &thataddr, &thisaddr, &auth, "", schedule,
+			    version);
+     if (status != KSUCCESS ||
+	 strncmp(version, KAUTH_VERSION, KRB_SENDAUTH_VLEN) != 0) {
+	  return 1;
+     }
+     len = read_encrypted (sock, buf, sizeof(buf), &data, schedule,
+			   &auth.session, &thataddr, &thisaddr);
+     if (len < 0) {
+	  write_encrypted (sock, "read_enc failed",
+			   sizeof("read_enc failed") - 1, schedule,
+			   &auth.session, &thisaddr, &thataddr);
+	  return 1;
+     }
+     if (unpack_args(data, &princ, &lifetime, locuser,
+		     tktfile)) {
+	  write_encrypted (sock, "unpack_args failed",
+			   sizeof("unpack_args failed") - 1, schedule,
+			   &auth.session, &thisaddr, &thataddr);
+	  return 1;
+     }
+
+     if( kuserok(&auth, locuser) != 0) {
+	 snprintf(buf, sizeof(buf), "%s cannot get tickets for %s",
+		  locuser, krb_unparse_name(&princ));
+	 syslog (LOG_ERR, buf);
+	 write_encrypted (sock, buf, strlen(buf), schedule,
+			  &auth.session, &thisaddr, &thataddr);
+	 return 1;
+     }
+     passwd = k_getpwnam (locuser);
+     if (passwd == NULL) {
+	  snprintf (buf, sizeof(buf), "No user '%s'", locuser);
+	  syslog (LOG_ERR, buf);
+	  write_encrypted (sock, buf, strlen(buf), schedule,
+			   &auth.session, &thisaddr, &thataddr);
+	  return 1;
+     }
+     if (setgid (passwd->pw_gid) ||
+	 initgroups(passwd->pw_name, passwd->pw_gid) ||
+	 setuid(passwd->pw_uid)) {
+	  snprintf (buf, sizeof(buf), "Could not change user");
+	  syslog (LOG_ERR, buf);
+	  write_encrypted (sock, buf, strlen(buf), schedule,
+			   &auth.session, &thisaddr, &thataddr);
+	  return 1;
+     }
+     write_encrypted (sock, "ok", sizeof("ok") - 1, schedule,
+		      &auth.session, &thisaddr, &thataddr);
+
+     if (*tktfile == 0)
+	 snprintf(tktfile, sizeof(tktfile), "%s%u", TKT_ROOT, (unsigned)getuid());
+     krb_set_tkt_string (tktfile);
+
+     {
+	  struct remote_args arg;
+
+	  arg.sock     = sock;
+	  arg.schedule = &schedule;
+	  arg.session  = &auth.session;
+	  arg.me       = &thisaddr;
+	  arg.her      = &thataddr;
+
+	  status = krb_get_in_tkt (princ.name, princ.instance, princ.realm,
+				   KRB_TICKET_GRANTING_TICKET,
+				   princ.realm,
+				   lifetime, NULL, decrypt_remote_tkt, &arg);
+     }
+     if (status == KSUCCESS) {
+	 syslog (LOG_INFO, "from %s(%s): %s -> %s",
+		 remotehost,
+		 inet_ntoa(thataddr.sin_addr),
+		 locuser,
+		 krb_unparse_name (&princ));
+	  write_encrypted (sock, "ok", sizeof("ok") - 1, schedule,
+			   &auth.session, &thisaddr, &thataddr);
+	  return 0;
+     } else {
+	  snprintf (buf, sizeof(buf), "TGT failed: %s", krb_get_err_text(status));
+	  syslog (LOG_NOTICE, buf);
+	  write_encrypted (sock, buf, strlen(buf), schedule,
+			   &auth.session, &thisaddr, &thataddr);
+	  return 1;
+     }
+}
+
+int
+main (int argc, char **argv)
+{
+    openlog ("kauthd", LOG_ODELAY, LOG_AUTH);
+
+    if(argc > 1 && strcmp(argv[1], "-i") == 0)
+	mini_inetd (k_getportbyname("kauth", "tcp", htons(KAUTH_PORT)));
+    return doit(STDIN_FILENO);
+}
diff --git a/crypto/kerberosIV/appl/kauth/ksrvtgt.in b/crypto/kerberosIV/appl/kauth/ksrvtgt.in
new file mode 100644
index 0000000..7a520fd
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/ksrvtgt.in
@@ -0,0 +1,15 @@
+#! /bin/sh
+# $Id: ksrvtgt.in,v 1.3 1997/09/13 03:39:03 joda Exp $
+# $FreeBSD$
+
+usage="Usage: `basename $0` name instance [[realm] srvtab]"
+
+if [ $# -lt 2 -o $# -gt 4 ]; then
+	echo "$usage"
+	exit 1
+fi
+
+srvtab="${4-${3-/etc/kerberosIV/srvtab}}"
+realm="${4+@$3}"
+
+%bindir%/kauth -n "$1.$2$realm" -l 5 -f "$srvtab"
diff --git a/crypto/kerberosIV/appl/kauth/marshall.c b/crypto/kerberosIV/appl/kauth/marshall.c
new file mode 100644
index 0000000..e37b8c9
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/marshall.c
@@ -0,0 +1,126 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kauth.h"
+
+RCSID("$Id: marshall.c,v 1.10 1999/12/02 16:58:31 joda Exp $");
+
+int
+pack_args (char *buf,
+	   size_t sz,
+	   krb_principal *pr,
+	   int lifetime,
+	   const char *locuser,
+	   const char *tktfile)
+{
+    char *p = buf;
+    int len;
+
+    p = buf;
+
+    len = strlen(pr->name);
+    if (len >= sz)
+	return -1;
+    memcpy (p, pr->name, len + 1);
+    p += len + 1;
+    sz -= len + 1;
+
+    len = strlen(pr->instance);
+    if (len >= sz)
+	return -1;
+    memcpy (p, pr->instance, len + 1);
+    p += len + 1;
+    sz -= len + 1;
+
+    len = strlen(pr->realm);
+    if (len >= sz)
+	return -1;
+    memcpy(p, pr->realm, len + 1);
+    p += len + 1;
+    sz -= len + 1;
+
+    if (sz < 1)
+	return -1;
+    *p++ = (unsigned char)lifetime;
+
+    len = strlen(locuser);
+    if (len >= sz)
+	return -1;
+    memcpy (p, locuser, len + 1);
+    p += len + 1;
+    sz -= len + 1;
+
+    len = strlen(tktfile);
+    if (len >= sz)
+	return -1;
+    memcpy (p, tktfile, len + 1);
+    p += len + 1;
+    sz -= len + 1;
+
+    return p - buf;
+}
+
+int
+unpack_args (const char *buf, krb_principal *pr, int *lifetime,
+	     char *locuser, char *tktfile)
+{
+    int len;
+
+    len = strlen(buf);
+    if (len >= SNAME_SZ)
+	return -1;
+    strlcpy (pr->name, buf, ANAME_SZ);
+    buf += len + 1;
+    len = strlen (buf);
+    if (len >= INST_SZ)
+	return -1;
+    strlcpy (pr->instance, buf, INST_SZ);
+    buf += len + 1;
+    len = strlen (buf);
+    if (len >= REALM_SZ)
+	return -1;
+    strlcpy (pr->realm, buf, REALM_SZ);
+    buf += len + 1;
+    *lifetime = (unsigned char)*buf++;
+    len = strlen(buf);
+    if (len >= SNAME_SZ)
+	return -1;
+    strlcpy (locuser, buf, SNAME_SZ);
+    buf += len + 1;
+    len = strlen(buf);
+    if (len >= MaxPathLen)
+	return -1;
+    strlcpy (tktfile, buf, MaxPathLen);
+    buf += len + 1;
+    return 0;
+}
diff --git a/crypto/kerberosIV/appl/kauth/rkinit.c b/crypto/kerberosIV/appl/kauth/rkinit.c
new file mode 100644
index 0000000..cac62c9
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/rkinit.c
@@ -0,0 +1,226 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kauth.h"
+
+RCSID("$Id: rkinit.c,v 1.22.2.1 1999/12/06 17:27:56 assar Exp $");
+
+static struct in_addr *
+getalladdrs (char *hostname, unsigned *count)
+{
+    struct hostent *hostent;
+    struct in_addr **h;
+    struct in_addr *addr;
+    unsigned naddr;
+    unsigned maxaddr;
+
+    hostent = gethostbyname (hostname);
+    if (hostent == NULL) {
+	warnx ("gethostbyname '%s' failed: %s\n",
+	       hostname,
+	       hstrerror(h_errno));
+	return NULL;
+    }
+    maxaddr = 1;
+    naddr = 0;
+    addr = malloc(sizeof(*addr) * maxaddr);
+    if (addr == NULL) {
+	warnx ("out of memory");
+	return NULL;
+    }
+    for (h = (struct in_addr **)(hostent->h_addr_list);
+	 *h != NULL;
+	 h++) {
+	if (naddr >= maxaddr) {
+	    maxaddr *= 2;
+	    addr = realloc (addr, sizeof(*addr) * maxaddr);
+	    if (addr == NULL) {
+		warnx ("out of memory");
+		return NULL;
+	    }
+	}
+	addr[naddr++] = **h;
+    }
+    addr = realloc (addr, sizeof(*addr) * naddr);
+    if (addr == NULL) {
+	warnx ("out of memory");
+	return NULL;
+    }
+    *count = naddr;
+    return addr;
+}
+
+static int
+doit_host (krb_principal *princ, int lifetime, char *locuser, 
+	   char *tktfile, des_cblock *key, int s, char *hostname)
+{
+    char buf[BUFSIZ];
+    int inlen;
+    KTEXT_ST text;
+    CREDENTIALS cred;
+    MSG_DAT msg;
+    int status;
+    des_key_schedule schedule;
+    struct sockaddr_in thisaddr, thataddr;
+    int addrlen;
+    void *ret;
+
+    addrlen = sizeof(thisaddr);
+    if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
+	addrlen != sizeof(thisaddr)) {
+	warn ("getsockname(%s)", hostname);
+	return 1;
+    }
+    addrlen = sizeof(thataddr);
+    if (getpeername (s, (struct sockaddr *)&thataddr, &addrlen) < 0 ||
+	addrlen != sizeof(thataddr)) {
+	warn ("getpeername(%s)", hostname);
+	return 1;
+    }
+
+    if (krb_get_config_bool("nat_in_use")) {
+	struct in_addr natAddr;
+
+	if (krb_get_our_ip_for_realm(krb_realmofhost(hostname),
+				     &natAddr) == KSUCCESS
+	    || krb_get_our_ip_for_realm (NULL, &natAddr) == KSUCCESS)
+	    thisaddr.sin_addr = natAddr;
+    }
+
+    status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd",
+			   hostname, krb_realmofhost (hostname),
+			   getpid(), &msg, &cred, schedule,
+			   &thisaddr, &thataddr, KAUTH_VERSION);
+    if (status != KSUCCESS) {
+	warnx ("%s: %s\n", hostname, krb_get_err_text(status));
+	return 1;
+    }
+    inlen = pack_args (buf, sizeof(buf),
+		       princ, lifetime, locuser, tktfile);
+    if (inlen < 0) {
+	warn ("cannot marshall arguments to %s", hostname);
+	return 1;
+    }
+
+    if (write_encrypted(s, buf, inlen, schedule, &cred.session,
+			&thisaddr, &thataddr) < 0) {
+	warn ("write to %s", hostname);
+	return 1;
+    }
+
+    inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule,
+			    &cred.session, &thataddr, &thisaddr);
+    if (inlen < 0) {
+	warn ("read from %s failed", hostname);
+	return 1;
+    }
+
+    if (strncmp(ret, "ok", inlen) != 0) {
+	warnx ("error from %s: %.*s\n",
+	       hostname, inlen, (char *)ret);
+	return 1;
+    }
+
+    inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule,
+			    &cred.session, &thataddr, &thisaddr);
+    if (inlen < 0) {
+	warn ("read from %s", hostname);
+	return 1;
+    }
+     
+    {
+	des_key_schedule key_s;
+
+	des_key_sched(key, key_s);
+	des_pcbc_encrypt(ret, ret, inlen, key_s, key, DES_DECRYPT);
+	memset(key_s, 0, sizeof(key_s));
+    }
+    write_encrypted (s, ret, inlen, schedule, &cred.session,
+		     &thisaddr, &thataddr);
+
+    inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule,
+			    &cred.session, &thataddr, &thisaddr);
+    if (inlen < 0) {
+	warn ("read from %s", hostname);
+	return 1;
+    }
+
+    if (strncmp(ret, "ok", inlen) != 0) {
+	warnx ("error from %s: %.*s\n",
+	       hostname, inlen, (char *)ret);
+	return 1;
+    }
+    return 0;
+}
+
+int
+rkinit (krb_principal *princ, int lifetime, char *locuser, 
+	char *tktfile, des_cblock *key, char *hostname)
+{
+    struct in_addr *addr;
+    unsigned naddr;
+    unsigned i;
+    int port;
+    int success;
+
+    addr = getalladdrs (hostname, &naddr);
+    if (addr == NULL)
+	return 1;
+    port = k_getportbyname ("kauth", "tcp", htons(KAUTH_PORT));
+    success = 0;
+    for (i = 0; !success && i < naddr; ++i) {
+	struct sockaddr_in a;
+	int s;
+
+	memset(&a, 0, sizeof(a));
+	a.sin_family = AF_INET;
+	a.sin_port   = port;
+	a.sin_addr   = addr[i];
+
+	s = socket (AF_INET, SOCK_STREAM, 0);
+	if (s < 0) {
+	    warn("socket");
+	    return 1;
+	}
+	if (connect(s, (struct sockaddr *)&a, sizeof(a)) < 0) {
+	    warn("connect(%s)", hostname);
+	    continue;
+	}
+
+	success = success || !doit_host (princ, lifetime,
+					 locuser, tktfile, key,
+					 s, hostname);
+	close (s);
+    }
+    return !success;
+}
diff --git a/crypto/kerberosIV/appl/kauth/zrefresh b/crypto/kerberosIV/appl/kauth/zrefresh
new file mode 100644
index 0000000..8347a1b
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/zrefresh
@@ -0,0 +1,12 @@
+#!/bin/sh
+# 
+# @(#) $Id: zrefresh,v 1.3 1996/06/09 19:21:59 joda Exp $
+#
+# Substitute this script with a real zrefresh if running Zephyr. For
+# instance:
+#
+# if [ -f "$WGFILE" ] ; then
+#     zctl load
+# fi
+
+exit 0
diff --git a/crypto/kerberosIV/appl/kip/Makefile.in b/crypto/kerberosIV/appl/kip/Makefile.in
new file mode 100644
index 0000000..801c3f9
--- /dev/null
+++ b/crypto/kerberosIV/appl/kip/Makefile.in
@@ -0,0 +1,94 @@
+# $Id: Makefile.in,v 1.18 1999/03/10 19:01:11 joda Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+LIBS = @LIBS@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libexecdir = @libexecdir@
+libdir = @libdir@
+bindir = @bindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROG_BIN	= kip$(EXECSUFFIX)
+PROG_LIBEXEC	= kipd$(EXECSUFFIX)
+PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
+
+SOURCES_KIP     = kip.c
+SOURCES_KIPD    = kipd.c
+SOURCES_COMMON  = common.c
+
+OBJECTS_KIP     = kip.o common.o
+OBJECTS_KIPD    = kipd.o common.o
+
+OBJECTS = $(OBJECTS_KIP) $(OBJECTS_KIPD)
+SOURCES = $(SOURCES_KIP) $(SOURCES_KIPD) $(SOURCES_COMMON)
+
+all: $(PROGS)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir)
+	for x in $(PROG_BIN); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+	for x in $(PROG_LIBEXEC); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(PROG_BIN); do \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+	for x in $(PROG_LIBEXEC); do \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes
+LIBROKEN=-L../../lib/roken -lroken
+
+kip$(EXECSUFFIX): $(OBJECTS_KIP)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIP) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+kipd$(EXECSUFFIX): $(OBJECTS_KIPD)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIPD) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+$(OBJECTS): ../../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/appl/kip/common.c b/crypto/kerberosIV/appl/kip/common.c
new file mode 100644
index 0000000..c97fe9f
--- /dev/null
+++ b/crypto/kerberosIV/appl/kip/common.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kip.h"
+
+RCSID("$Id: common.c,v 1.13 1999/12/02 16:58:31 joda Exp $");
+
+/*
+ * Copy packets from `tundev' to `netdev' or vice versa.
+ * Mode is used when reading from `tundev'
+ */
+
+int
+copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
+	      des_key_schedule schedule)
+{
+     des_cblock iv1, iv2;
+     int num1 = 0, num2 = 0;
+     u_char *buf;
+
+     buf = malloc (mtu + 2);
+     if (buf == NULL) {
+	 warnx("malloc(%d) failed", mtu);
+	 return 1;
+     }
+
+     memcpy (&iv1, iv, sizeof(iv1));
+     memcpy (&iv2, iv, sizeof(iv2));
+     for (;;) {
+	  fd_set fdset;
+	  int ret, len;
+
+	  FD_ZERO(&fdset);
+	  FD_SET(tundev, &fdset);
+	  FD_SET(netdev, &fdset);
+
+	  ret = select (max(tundev, netdev)+1, &fdset, NULL, NULL, NULL);
+	  if (ret < 0 && errno != EINTR) {
+	      warn ("select");
+	      return 1;
+	  }
+	  if (FD_ISSET(tundev, &fdset)) {
+	       ret = read (tundev, buf + 2, mtu);
+	       if (ret == 0)
+		    return 0;
+	       if (ret < 0) {
+		    if (errno == EINTR)
+			 continue;
+		    else { 
+			warn("read");
+			return ret;
+		    }
+	       }
+	       buf[0] = ret >> 8;
+	       buf[1] = ret & 0xFF;
+	       ret += 2;
+	       des_cfb64_encrypt (buf, buf, ret, schedule,
+				  &iv1, &num1, DES_ENCRYPT);
+	       ret = krb_net_write (netdev, buf, ret);
+	       if (ret < 0) {
+		   warn("write");
+		   return ret;
+	       }
+	  }
+	  if (FD_ISSET(netdev, &fdset)) {
+	       ret = read (netdev, buf, 2);
+	       if (ret == 0)
+		    return 0;
+	       if (ret < 0) {
+		    if (errno == EINTR)
+			 continue;
+		    else { 
+			warn("read");
+			return ret;
+		    }
+	       }
+	       des_cfb64_encrypt (buf, buf, 2, schedule,
+				  &iv2, &num2, DES_DECRYPT);
+	       len = (buf[0] << 8 ) | buf[1];
+	       ret = krb_net_read (netdev, buf + 2, len);
+	       if (ret == 0)
+		    return 0;
+	       if (ret < 0) {
+		    if (errno == EINTR)
+			 continue;
+		    else { 
+			warn("read");
+			return ret;
+		    }
+	       }
+	       des_cfb64_encrypt (buf + 2, buf + 2, len, schedule,
+				  &iv2, &num2, DES_DECRYPT);
+	       ret = krb_net_write (tundev, buf + 2, len);
+	       if (ret < 0) {
+		   warn("write");
+		   return ret;
+	       }
+	  }
+     }
+}
+
+/*
+ * Signal handler that justs waits for the children when they die.
+ */
+
+RETSIGTYPE
+childhandler (int sig)
+{
+     pid_t pid;
+     int status;
+
+     do { 
+	  pid = waitpid (-1, &status, WNOHANG|WUNTRACED);
+     } while(pid > 0);
+     signal (SIGCHLD, childhandler);
+     SIGRETURN(0);
+}
+
+/*
+ * Find a free tunnel device and open it.
+ */
+
+int
+tunnel_open (void)
+{
+     int fd;
+     int i;
+     char name[64];
+
+     for (i = 0; i < 256; ++i) {
+	  snprintf (name, sizeof(name), "%s%s%d", _PATH_DEV, TUNDEV, i);
+	  fd = open (name, O_RDWR, 0);
+	  if (fd >= 0)
+	       break;
+	  if (errno == ENOENT || errno == ENODEV) {
+	      warn("open %s", name);
+	      return fd;
+	  }
+     }
+     if (fd < 0)
+	 warn("open %s" ,name);
+     return fd;
+}
diff --git a/crypto/kerberosIV/appl/kip/kip.c b/crypto/kerberosIV/appl/kip/kip.c
new file mode 100644
index 0000000..667a8d8
--- /dev/null
+++ b/crypto/kerberosIV/appl/kip/kip.c
@@ -0,0 +1,170 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kip.h"
+
+RCSID("$Id: kip.c,v 1.18 1999/12/02 16:58:31 joda Exp $");
+
+static void
+usage(void)
+{
+     fprintf (stderr, "Usage: %s host\n",
+	      __progname);
+     exit (1);
+}
+
+/*
+ * Establish authenticated connection
+ */
+
+static int
+connect_host (char *host, des_cblock *key, des_key_schedule schedule)
+{
+     CREDENTIALS cred;
+     KTEXT_ST text;
+     MSG_DAT msg;
+     int status;
+     struct sockaddr_in thisaddr, thataddr;
+     int addrlen;
+     struct hostent *hostent;
+     int s;
+     u_char b;
+     char **p;
+
+     hostent = gethostbyname (host);
+     if (hostent == NULL) {
+	 warnx ("gethostbyname '%s': %s", host,
+		hstrerror(h_errno));
+	  return -1;
+     }
+
+     memset (&thataddr, 0, sizeof(thataddr));
+     thataddr.sin_family = AF_INET;
+     thataddr.sin_port   = k_getportbyname ("kip", "tcp", htons(KIPPORT));
+
+     for(p = hostent->h_addr_list; *p; ++p) {
+	 memcpy (&thataddr.sin_addr, *p, sizeof(thataddr.sin_addr));
+
+	 s = socket (AF_INET, SOCK_STREAM, 0);
+	 if (s < 0) {
+	     warn ("socket");
+	     return -1;
+	 }
+
+#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
+	 {
+	     int one = 1;
+
+	     setsockopt (s, IPPROTO_TCP, TCP_NODELAY,
+			 (void *)&one, sizeof(one));
+	 }
+#endif
+
+	 if (connect (s, (struct sockaddr *)&thataddr, sizeof(thataddr)) < 0) {
+	     warn ("connect(%s)", host);
+	     close (s);
+	     continue;
+	 } else {
+	     break;
+	 }
+     }
+     if (*p == NULL)
+	 return -1;
+
+     addrlen = sizeof(thisaddr);
+     if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
+	 addrlen != sizeof(thisaddr)) {
+	 warn ("getsockname(%s)", host);
+	 return -1;
+     }
+     status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd",
+			    host, krb_realmofhost (host),
+			    getpid(), &msg, &cred, schedule,
+			    &thisaddr, &thataddr, KIP_VERSION);
+     if (status != KSUCCESS) {
+	 warnx("%s: %s", host,
+	       krb_get_err_text(status));
+	 return -1;
+     }
+     if (read (s, &b, sizeof(b)) != sizeof(b)) {
+	 warn ("read");
+	 return -1;
+     }
+     if (b) {
+	  char buf[BUFSIZ];
+
+	  read (s, buf, sizeof(buf));
+	  buf[BUFSIZ - 1] = '\0';
+
+	  warnx ("%s: %s", host, buf);
+	  return -1;
+     }
+
+     memcpy(key, &cred.session, sizeof(des_cblock));
+     return s;
+}
+
+/*
+ * Connect to the given host.
+ */
+
+static int
+doit (char *host)
+{
+     des_key_schedule schedule;
+     des_cblock iv;
+     int other, this;
+
+     other = connect_host (host, &iv, schedule);
+     if (other < 0)
+	  return 1;
+     this = tunnel_open ();
+     if (this < 0)
+	  return 1;
+     return copy_packets (this, other, TUNMTU, &iv, schedule);
+}
+
+/*
+ * kip - forward IP packets over a kerberos-encrypted channel.
+ *
+ */
+
+int
+main(int argc, char **argv)
+{
+    set_progname (argv[0]);
+
+    if (argc != 2)
+	usage ();
+    return doit (argv[1]);
+}
diff --git a/crypto/kerberosIV/appl/kip/kip.h b/crypto/kerberosIV/appl/kip/kip.h
new file mode 100644
index 0000000..dc748df
--- /dev/null
+++ b/crypto/kerberosIV/appl/kip/kip.h
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kip.h,v 1.18 1999/12/02 16:58:31 joda Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <pwd.h>
+#include <signal.h>
+#include <paths.h>
+#include <fcntl.h>
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#include <sys/types.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#include <sys/wait.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+#include <netdb.h>
+#include <sys/sockio.h>
+#include <net/if.h>
+#ifdef HAVE_NET_IF_VAR_H
+#include <net/if_var.h>
+#endif
+#include <net/if_tun.h>
+#include <err.h>
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <krb.h>
+
+#include <roken.h>
+
+#define TUNDEV "tun"
+
+#define KIPPORT 2112
+
+#define KIP_VERSION "KIPSRV.0"
+
+int
+copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
+	      des_key_schedule schedule);
+
+RETSIGTYPE childhandler (int);
+
+int
+tunnel_open (void);
diff --git a/crypto/kerberosIV/appl/kip/kipd.c b/crypto/kerberosIV/appl/kip/kipd.c
new file mode 100644
index 0000000..429f815
--- /dev/null
+++ b/crypto/kerberosIV/appl/kip/kipd.c
@@ -0,0 +1,123 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kip.h"
+
+RCSID("$Id: kipd.c,v 1.16 1999/12/02 16:58:31 joda Exp $");
+
+static int
+fatal (int fd, char *s)
+{
+     u_char err = 1;
+
+     write (fd, &err, sizeof(err));
+     write (fd, s, strlen(s)+1);
+     syslog(LOG_ERR, s);
+     return err;
+}
+
+static int
+recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
+	   struct sockaddr_in *retaddr)
+{
+     int status;
+     KTEXT_ST ticket;
+     AUTH_DAT auth;
+     char instance[INST_SZ];
+     struct sockaddr_in thisaddr, thataddr;
+     int addrlen;
+     char version[KRB_SENDAUTH_VLEN + 1];
+     u_char ok = 0;
+     struct passwd *passwd;
+
+     addrlen = sizeof(thisaddr);
+     if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
+	 addrlen != sizeof(thisaddr)) {
+	  return 1;
+     }
+     addrlen = sizeof(thataddr);
+     if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 ||
+	 addrlen != sizeof(thataddr)) {
+	  return 1;
+     }
+
+     k_getsockinst (sock, instance, sizeof(instance));
+     status = krb_recvauth (KOPT_DO_MUTUAL, sock, &ticket, "rcmd", instance,
+			    &thataddr, &thisaddr, &auth, "", schedule,
+			    version);
+     if (status != KSUCCESS ||
+	 strncmp(version, KIP_VERSION, KRB_SENDAUTH_VLEN) != 0) {
+	  return 1;
+     }
+     passwd = k_getpwnam ("root");
+     if (passwd == NULL)
+	  return fatal (sock, "Cannot find root");
+     if (kuserok(&auth, "root") != 0)
+	  return fatal (sock, "Permission denied");
+     if (write (sock, &ok, sizeof(ok)) != sizeof(ok))
+	  return 1;
+
+     memcpy(key, &auth.session, sizeof(des_cblock));
+     *retaddr = thataddr;
+     return 0;
+}
+
+static int
+doit(int sock)
+{
+     struct sockaddr_in thataddr;
+     des_key_schedule schedule;
+     des_cblock key;
+     int this;
+
+     if (recv_conn (sock, &key, schedule, &thataddr))
+	  return 1;
+     this = tunnel_open ();
+     if (this < 0)
+	  fatal (sock, "Cannot open " _PATH_DEV TUNDEV);
+     return copy_packets (this, sock, TUNMTU, &key, schedule);
+}
+
+/*
+ * kipd - receive forwarded IP
+ */
+
+int
+main (int argc, char **argv)
+{
+    set_progname (argv[0]);
+
+    roken_openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON);
+    signal (SIGCHLD, childhandler);
+    return doit(0);
+}
diff --git a/crypto/kerberosIV/appl/push/ChangeLog b/crypto/kerberosIV/appl/push/ChangeLog
new file mode 100644
index 0000000..a55954d
--- /dev/null
+++ b/crypto/kerberosIV/appl/push/ChangeLog
@@ -0,0 +1,135 @@
+1999-11-13  Assar Westerlund  <assar@sics.se>
+
+	* push.c: make `-v' a arg_counter
+	
+1999-11-02  Assar Westerlund  <assar@sics.se>
+
+	* push.c (main): redo the v4/v5 selection for consistency.  -4 ->
+ 	try only v4 -5 -> try only v5 none, -45 -> try v5, v4
+
+1999-08-19  Assar Westerlund  <assar@sics.se>
+
+	* push.c (doit): remember to step over the error message when we
+ 	discover that XDELE is not supported
+
+1999-08-12  Johan Danielsson  <joda@pdc.kth.se>
+
+	* push.c: use XDELE
+
+1999-08-05  Assar Westerlund  <assar@sics.se>
+
+	* push.c (do_connect): v6-ify
+
+1999-06-15  Assar Westerlund  <assar@sics.se>
+
+	* push.c: get_default_username and the resulting const propagation
+
+1999-05-21  Assar Westerlund  <assar@sics.se>
+
+	* push.c (parse_pobox): try $USERNAME
+
+1999-05-11  Assar Westerlund  <assar@sics.se>
+
+	* push.c (do_v5): remove unused and non-working code
+
+1999-05-10  Assar Westerlund  <assar@sics.se>
+
+	* push.c (do_v5): call krb5_sendauth with ccache == NULL
+	
+Wed Apr  7 23:40:00 1999  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: fix names of hesiod variables
+
+Wed Mar 24 04:37:04 1999  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am (pfrom): fix typo
+
+	* push.c (get_pobox): try to handle old and new hesiod APIs
+
+Mon Mar 22 22:19:40 1999  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: hesoid -> hesiod
+
+Sun Mar 21 18:02:10 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: bindir -> libexecdir
+
+Sat Mar 20 00:12:26 1999  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: LDADD: add missing backslash
+
+Thu Mar 18 15:28:35 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: clean pfrom
+
+	* Makefile.am: include Makefile.am.common
+
+Mon Mar 15 18:26:16 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
+
+	* push.c: strncasecmp headers
+
+Mon Feb 15 22:22:09 1999  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (pfrom): use libexecdir
+
+	* Makefile.am: build and install pfrom
+
+	* push.c (do_connect): init `s'
+	(pop_state): spell-check enums
+
+Tue Nov 24 23:20:54 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: build and install pfrom
+
+	* pfrom.in: bindir -> libexecdir
+
+Sun Nov 22 15:33:52 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* push.c: eliminate some warnings
+
+Sun Nov 22 10:34:54 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (WFLAGS): set
+
+Thu Nov 19 01:17:33 1998  Assar Westerlund  <assar@sics.se>
+
+	* push_locl.h: add <hesiod.h>
+
+	* Makefile.am, Makefile.in: link and include hesiod
+
+	* push.c (get_pobox): new function. add hesiod support.
+
+1998-11-07  Assar Westerlund  <assar@sics.se>
+
+	* push.8: updated
+
+	* push.c: --from implementation from <lha@stacken.kth.se>
+
+Fri Jul 10 01:14:45 1998  Assar Westerlund  <assar@sics.se>
+
+	* push.c (net_{read,write}): remove
+
+Wed Jun 24 14:41:41 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
+
+	* push.c: allow `po:user@host' mailbox syntax
+
+Tue Jun  2 17:35:06 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* push.c: quote '^From ' properly
+
+Mon May 25 05:22:47 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (clean): PROGS -> PROGRAMS
+
+Sun Apr 26 11:42:13 1998  Assar Westerlund  <assar@sics.se>
+
+	* push.c (main): better default for v4 and v5
+
+	* push.c (main): init context correctly
+
+	* push.c: should work with krb4
+
+	* push_locl.h: krb4 compat
+
+	* Makefile.in: new file
+
diff --git a/crypto/kerberosIV/appl/push/Makefile.am b/crypto/kerberosIV/appl/push/Makefile.am
new file mode 100644
index 0000000..07ecd0a
--- /dev/null
+++ b/crypto/kerberosIV/appl/push/Makefile.am
@@ -0,0 +1,27 @@
+# $Id: Makefile.am,v 1.15 1999/04/09 18:29:48 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4) $(INCLUDE_hesiod)
+
+bin_SCRIPTS		= pfrom
+
+libexec_PROGRAMS	= push
+
+push_SOURCES = push.c push_locl.h
+
+pfrom: pfrom.in
+	sed -e "s!%libexecdir%!$(libexecdir)!" $(srcdir)/pfrom.in > $@
+	chmod +x $@
+
+man_MANS = push.8
+
+CLEANFILES = pfrom
+
+EXTRA_DIST = pfrom.in $(man_MANS)
+
+LDADD = $(LIB_krb5) \
+	$(LIB_krb4) \
+	$(top_builddir)/lib/des/libdes.la \
+	$(LIB_roken) \
+	$(LIB_hesiod)
diff --git a/crypto/kerberosIV/appl/push/Makefile.in b/crypto/kerberosIV/appl/push/Makefile.in
new file mode 100644
index 0000000..87da6cf
--- /dev/null
+++ b/crypto/kerberosIV/appl/push/Makefile.in
@@ -0,0 +1,95 @@
+# $Id: Makefile.in,v 1.10 1999/04/07 18:39:56 assar Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+RANLIB = @RANLIB@
+DEFS = @DEFS@ @INCLUDE_hesiod@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+LIBS = @LIB_hesiod@ @LIBS@
+LIB_DBM = @LIB_DBM@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+bindir = @bindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+bin_PROGRAMS		= pfrom
+
+libexec_PROGRAMS	= push$(EXECSUFFIX)
+
+PROGRAMS		= $(libexec_PROGRAMS) $(bin_PROGRAMS)
+
+push_SOURCES		= push.c
+
+push_OBJECTS		= push.o
+
+SOURCES			= $(push_SOURCES)
+
+OBJECTS			= $(push_OBJECTS)
+
+all: $(PROGRAMS)
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
+	for x in $(bin_PROGRAMS); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+	$(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
+	for x in $(libexec_PROGRAMS); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(bin_PROGRAMS); do \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+	for x in $(libexec_PROGRAMS); do \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f *.a *.o $(PROGRAMS)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *~
+
+realclean: distclean
+	rm -f TAGS
+
+KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes
+LIBROKEN=-L../../lib/roken -lroken
+
+push$(EXECSUFFIX): $(push_OBJECTS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(push_OBJECTS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+pfrom: pfrom.in
+	sed -e "s!%libexecdir%!$(libexecdir)!" $(srcdir)/pfrom.in > $@
+	chmod +x $@
+
+$(OBJECTS): ../../include/config.h
+
+.PHONY: all install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/appl/push/pfrom.in b/crypto/kerberosIV/appl/push/pfrom.in
new file mode 100644
index 0000000..6adf4f0
--- /dev/null
+++ b/crypto/kerberosIV/appl/push/pfrom.in
@@ -0,0 +1,6 @@
+#!/bin/sh
+# $Id: pfrom.in,v 1.2 1998/11/24 13:25:47 assar Exp $
+libexecdir=%libexecdir%
+PATH=$libexecdir:$PATH
+export PATH
+push --from $*
diff --git a/crypto/kerberosIV/appl/push/push.8 b/crypto/kerberosIV/appl/push/push.8
new file mode 100644
index 0000000..5066b37
--- /dev/null
+++ b/crypto/kerberosIV/appl/push/push.8
@@ -0,0 +1,138 @@
+.\" $Id: push.8,v 1.3.16.1 1999/12/06 17:25:27 assar Exp $
+.\"
+.Dd May 31, 1998
+.Dt PUSH 8
+.Os HEIMDAL
+.Sh NAME
+.Nm push
+.Nd
+fetch mail via POP
+.Sh SYNOPSIS
+.Nm
+.Op Fl 4 | Fl -krb4
+.Op Fl 5 | Fl -krb5
+.Op Fl v | Fl -verbose
+.Op Fl f | Fl -fork
+.Op Fl l | -leave
+.Op Fl -from
+.Op Fl c | -count
+.Op Fl -header
+.Oo Fl p Ar port-spec  \*(Ba Xo
+.Fl -port= Ns Ar port-spec Oc
+.Xc
+.Ar po-box
+.Pa filename
+.Sh DESCRIPTION
+.Nm
+retrieves mail from the post office box
+.Ar po-box ,
+and stores the mail in mbox format in
+.Pa filename .
+The
+.Ar po-box
+can have any of the following formats:
+.Bl -hang -compact -offset indent
+.It Ql hostname:username
+.It Ql po:hostname:username
+.It Ql username@hostname
+.It Ql po:username@hostname
+.It Ql hostname
+.It Ql po:username
+.El
+
+If no username is specified,
+.Nm
+assumes that it's the same as on the local machine; 
+.Ar hostname
+defaults to the value of the
+.Ev MAILHOST
+environment variable.
+
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl 4 Ns ,
+.Fl -krb4
+.Xc
+use Kerberos 4 (if compiled with support for Kerberos 4)
+.It Xo
+.Fl 5 Ns ,
+.Fl -krb5
+.Xc
+use Kerberos 5 (if compiled with support for Kerberos 5)
+.It Xo
+.Fl f Ns ,
+.Fl -fork
+.Xc
+fork before starting to delete messages
+.It Xo
+.Fl l Ns ,
+.Fl -leave
+.Xc
+don't delete fetched mail
+.It Xo
+.Fl -from
+.Xc
+behave like from.
+.It Xo
+.Fl c Ns ,
+.Fl -count
+.Xc
+first print how many messages and bytes there are.
+.It Xo
+.Fl -header
+.Xc
+which header from should print.
+.It Xo
+.Fl p Ar port-spec Ns ,
+.Fl -port= Ns Ar port-spec
+.Xc
+use this port instead of the default
+.Ql kpop 
+or
+.Ql 1109 .
+.El
+
+The default is to first try Kerberos 5 authentication and then, if
+that fails, Kerberos 4.
+.Sh ENVIRONMENT
+
+.Bl -tag -width Ds
+.It Ev MAILHOST
+points to the post office, if no other hostname is specified.
+.El
+.\".Sh FILES
+.Sh EXAMPLES
+.Bd -literal -offset indent
+$ push cornfield:roosta ~/.gnus-crash-box
+.Ed
+
+tries to fetch mail for the user
+.Ar roosta
+from the post office at
+.Dq cornfield ,
+and stores the mail in
+.Pa ~/.gnus-crash-box  
+(you are using Gnus, aren't you?)
+.Bd -literal -offset indent
+$ push --from -5 havregryn
+.Ed
+
+tries to fetch 
+.Nm From: 
+lines for current user at post office
+.Dq havregryn
+using Kerberos 5.
+.\".Sh DIAGNOSTICS
+.Sh SEE ALSO
+.Xr movemail 8 ,
+.Xr popper 8 ,
+.Xr from 1
+.\".Sh STANDARDS
+.Sh HISTORY
+.Nm
+was written while waiting for
+.Nm movemail
+to finish getting the mail.
+.\".Sh AUTHORS
+.\".Sh BUGS
diff --git a/crypto/kerberosIV/appl/push/push.c b/crypto/kerberosIV/appl/push/push.c
new file mode 100644
index 0000000..bc7574f
--- /dev/null
+++ b/crypto/kerberosIV/appl/push/push.c
@@ -0,0 +1,795 @@
+/*
+ * Copyright (c) 1997-1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "push_locl.h"
+RCSID("$Id: push.c,v 1.34.2.1 1999/12/06 17:25:28 assar Exp $");
+
+#ifdef KRB4
+static int use_v4 = -1;
+#endif
+
+#ifdef KRB5
+static int use_v5 = -1;
+static krb5_context context;
+#endif
+
+static char *port_str;
+static int verbose_level;
+static int do_fork;
+static int do_leave;
+static int do_version;
+static int do_help;
+static int do_from;
+static int do_count;
+static char *header_str;
+
+struct getargs args[] = {
+#ifdef KRB4
+    { "krb4",	'4', arg_flag,		&use_v4,	"Use Kerberos V4",
+      NULL },
+#endif    
+#ifdef KRB5
+    { "krb5",	'5', arg_flag,		&use_v5,	"Use Kerberos V5",
+      NULL },
+#endif
+    { "verbose",'v', arg_counter,	&verbose_level,	"Verbose",
+      NULL },
+    { "fork",	'f', arg_flag,		&do_fork,	"Fork deleting proc",
+      NULL },
+    { "leave",	'l', arg_flag,		&do_leave,	"Leave mail on server",
+      NULL },
+    { "port",	'p', arg_string,	&port_str,	"Use this port",
+      "number-or-service" },
+    { "from",	 0,  arg_flag,		&do_from,	"Behave like from",
+      NULL },
+    { "header",	 0,  arg_string,	&header_str,	"Header string to print", NULL },
+    { "count", 'c',  arg_flag,		&do_count,	"Print number of messages", NULL},
+    { "version", 0,  arg_flag,		&do_version,	"Print version",
+      NULL },
+    { "help",	 0,  arg_flag,		&do_help,	NULL,
+      NULL }
+
+};
+
+static void
+usage (int ret)
+{
+    arg_printusage (args,
+		    sizeof(args) / sizeof(args[0]),
+		    NULL,
+		    "[[{po:username[@hostname] | hostname[:username]}] ...]"
+		    "filename");
+    exit (ret);
+}
+
+static int
+do_connect (const char *hostname, int port, int nodelay)
+{
+    struct hostent *hostent = NULL;
+    char **h;
+    int error;
+    int af;
+    int s;
+
+#ifdef HAVE_IPV6    
+    if (hostent == NULL)
+	hostent = getipnodebyname (hostname, AF_INET6, 0, &error);
+#endif
+    if (hostent == NULL)
+	hostent = getipnodebyname (hostname, AF_INET, 0, &error);
+
+    if (hostent == NULL)
+	errx(1, "gethostbyname '%s' failed: %s", hostname, hstrerror(error));
+
+    af = hostent->h_addrtype;
+
+    for (h = hostent->h_addr_list; *h != NULL; ++h) {
+	struct sockaddr_storage sa_ss;
+	struct sockaddr *sa = (struct sockaddr *)&sa_ss;
+
+	sa->sa_family = af;
+	socket_set_address_and_port (sa, *h, port);
+
+	s = socket (af, SOCK_STREAM, 0);
+	if (s < 0)
+	    err (1, "socket");
+	if (connect(s, sa, socket_sockaddr_size(sa)) < 0) {
+	    warn ("connect(%s)", hostname);
+	    close (s);
+	    continue;
+	} else {
+	    break;
+	}
+    }
+    freehostent (hostent);
+    if (*h == NULL)
+	return -1;
+    if(setsockopt(s, IPPROTO_TCP, TCP_NODELAY,
+		  (void *)&nodelay, sizeof(nodelay)) < 0)
+	err (1, "setsockopt TCP_NODELAY");
+    return s;
+}
+
+typedef enum { INIT = 0, GREET, USER, PASS, STAT, RETR, TOP, 
+	       DELE, XDELE, QUIT} pop_state;
+
+#define PUSH_BUFSIZ 65536
+
+#define STEP 16
+
+struct write_state {
+    struct iovec *iovecs;
+    size_t niovecs, maxiovecs, allociovecs;
+    int fd;
+};
+
+static void
+write_state_init (struct write_state *w, int fd)
+{
+#ifdef UIO_MAXIOV
+    w->maxiovecs = UIO_MAXIOV;
+#else
+    w->maxiovecs = 16;
+#endif
+    w->allociovecs = min(STEP, w->maxiovecs);
+    w->niovecs = 0;
+    w->iovecs = malloc(w->allociovecs * sizeof(*w->iovecs));
+    if (w->iovecs == NULL)
+	err (1, "malloc");
+    w->fd = fd;
+}
+
+static void
+write_state_add (struct write_state *w, void *v, size_t len)
+{
+    if(w->niovecs == w->allociovecs) {				
+	if(w->niovecs == w->maxiovecs) {				
+	    if(writev (w->fd, w->iovecs, w->niovecs) < 0)		
+		err(1, "writev");				
+	    w->niovecs = 0;					
+	} else {						
+	    w->allociovecs = min(w->allociovecs + STEP, w->maxiovecs);	
+	    w->iovecs = realloc (w->iovecs,				
+				 w->allociovecs * sizeof(*w->iovecs));	
+	    if (w->iovecs == NULL)					
+		errx (1, "realloc");				
+	}							
+    }								
+    w->iovecs[w->niovecs].iov_base = v;				
+    w->iovecs[w->niovecs].iov_len  = len;				
+    ++w->niovecs;							
+}
+
+static void
+write_state_flush (struct write_state *w)
+{
+    if (w->niovecs) {
+	if (writev (w->fd, w->iovecs, w->niovecs) < 0)
+	    err (1, "writev");
+	w->niovecs = 0;
+    }
+}
+
+static void
+write_state_destroy (struct write_state *w)
+{
+    free (w->iovecs);
+}
+
+static int
+doit(int s,
+     const char *host,
+     const char *user,
+     const char *outfilename,
+     const char *header_str,
+     int leavep,
+     int verbose,
+     int forkp)
+{
+    int ret;
+    char out_buf[PUSH_BUFSIZ];
+    size_t out_len = 0;
+    char in_buf[PUSH_BUFSIZ + 1];	/* sentinel */
+    size_t in_len = 0;
+    char *in_ptr = in_buf;
+    pop_state state = INIT;
+    unsigned count, bytes;
+    unsigned asked_for = 0, retrieved = 0, asked_deleted = 0, deleted = 0;
+    unsigned sent_xdele = 0;
+    int out_fd;
+    char from_line[128];
+    size_t from_line_length;
+    time_t now;
+    struct write_state write_state;
+
+    if (do_from) {
+	out_fd = -1;
+	if (verbose)
+	    fprintf (stderr, "%s@%s\n", user, host);
+    } else {
+	out_fd = open(outfilename, O_WRONLY | O_APPEND | O_CREAT, 0666);
+	if (out_fd < 0)
+	    err (1, "open %s", outfilename);
+	if (verbose)
+	    fprintf (stderr, "%s@%s -> %s\n", user, host, outfilename);
+    }
+
+    now = time(NULL);
+    from_line_length = snprintf (from_line, sizeof(from_line),
+				 "From %s %s", "push", ctime(&now));
+
+    out_len = snprintf (out_buf, sizeof(out_buf),
+			"USER %s\r\nPASS hej\r\nSTAT\r\n",
+			user);
+    if (net_write (s, out_buf, out_len) != out_len)
+	err (1, "write");
+    if (verbose > 1)
+	write (STDERR_FILENO, out_buf, out_len);
+
+    if (!do_from)
+	write_state_init (&write_state, out_fd);
+
+    while(state != QUIT) {
+	fd_set readset, writeset;
+
+	FD_ZERO(&readset);
+	FD_ZERO(&writeset);
+	FD_SET(s,&readset);
+	if (((state == STAT || state == RETR || state == TOP)
+	     && asked_for < count)
+	    || (state == XDELE && !sent_xdele)
+	    || (state == DELE && asked_deleted < count))
+	    FD_SET(s,&writeset);
+	ret = select (s + 1, &readset, &writeset, NULL, NULL);
+	if (ret < 0) {
+	    if (errno == EAGAIN)
+		continue;
+	    else
+		err (1, "select");
+	}
+	
+	if (FD_ISSET(s, &readset)) {
+	    char *beg, *p;
+	    size_t rem;
+	    int blank_line = 0;
+	    
+	    ret = read (s, in_ptr, sizeof(in_buf) - in_len - 1);
+	    if (ret < 0)
+		err (1, "read");
+	    else if (ret == 0)
+		errx (1, "EOF during read");
+	    
+	    in_len += ret;
+	    in_ptr += ret;
+	    *in_ptr = '\0';
+	    
+	    beg = in_buf;
+	    rem = in_len;
+	    while(rem > 1
+		  && (p = strstr(beg, "\r\n")) != NULL) {
+		if (state == TOP) {
+		    char *copy = beg;
+
+		    if (strncasecmp(copy,
+				    header_str,
+				    min(p - copy + 1, strlen(header_str))) == 0) {
+			fprintf (stdout, "%.*s\n", (int)(p - copy), copy);
+		    }
+		    if (beg[0] == '.' && beg[1] == '\r' && beg[2] == '\n') {
+			state = STAT;
+			if (++retrieved == count) {
+			    state = QUIT;
+			    net_write (s, "QUIT\r\n", 6);
+			    if (verbose > 1)
+				net_write (STDERR_FILENO, "QUIT\r\n", 6);
+			}
+		    }
+		    rem -= p - beg + 2;
+		    beg = p + 2;
+		} else if (state == RETR) {
+		    char *copy = beg;
+		    if (beg[0] == '.') {
+			if (beg[1] == '\r' && beg[2] == '\n') {
+			    if(!blank_line)
+				write_state_add(&write_state, "\n", 1);
+			    state = STAT;
+			    rem -= p - beg + 2;
+			    beg = p + 2;
+			    if (++retrieved == count) {
+				write_state_flush (&write_state);
+				if (fsync (out_fd) < 0)
+				    err (1, "fsync");
+				close(out_fd);
+				if (leavep) {
+				    state = QUIT;
+				    net_write (s, "QUIT\r\n", 6);
+				    if (verbose > 1)
+					net_write (STDERR_FILENO, "QUIT\r\n", 6);
+				} else {
+				    if (forkp) {
+					pid_t pid;
+
+					pid = fork();
+					if (pid < 0)
+					    warn ("fork");
+					else if(pid != 0) {
+					    if(verbose)
+						fprintf (stderr,
+							 "(exiting)");
+					    return 0;
+					}
+				    }
+
+				    state = XDELE;
+				    if (verbose)
+					fprintf (stderr, "deleting... ");
+				}
+			    }
+			    continue;
+			} else
+			    ++copy;
+		    }
+		    *p = '\n';
+		    if(blank_line && 
+		       strncmp(copy, "From ", min(p - copy + 1, 5)) == 0)
+			write_state_add(&write_state, ">", 1);
+		    write_state_add(&write_state, copy, p - copy + 1);
+		    blank_line = (*copy == '\n');
+		    rem -= p - beg + 2;
+		    beg = p + 2;
+		} else if (rem >= 3 && strncmp (beg, "+OK", 3) == 0) {
+		    if (state == STAT) {
+			if (!do_from)
+			    write_state_add(&write_state,
+					    from_line, from_line_length);
+			blank_line = 0;
+			if (do_from) 
+			    state = TOP;
+			else
+			    state = RETR;
+		    } else if (state == XDELE) {
+			state = QUIT;
+			net_write (s, "QUIT\r\n", 6);
+			if (verbose > 1)
+			    net_write (STDERR_FILENO, "QUIT\r\n", 6);
+			break;
+		    } else if (state == DELE) {
+			if (++deleted == count) {
+			    state = QUIT;
+			    net_write (s, "QUIT\r\n", 6);
+			    if (verbose > 1)
+				net_write (STDERR_FILENO, "QUIT\r\n", 6);
+			    break;
+			}
+		    } else if (++state == STAT) {
+			if(sscanf (beg + 4, "%u %u", &count, &bytes) != 2)
+			    errx(1, "Bad STAT-line: %.*s", (int)(p - beg), beg);
+			if (verbose) {
+			    fprintf (stderr, "%u message(s) (%u bytes). "
+				     "fetching... ",
+				     count, bytes);
+			    if (do_from)
+				fprintf (stderr, "\n");
+			} else if (do_count) {
+			    fprintf (stderr, "%u message(s) (%u bytes).\n",
+				     count, bytes);
+			}
+			if (count == 0) {
+			    state = QUIT;
+			    net_write (s, "QUIT\r\n", 6);
+			    if (verbose > 1)
+				net_write (STDERR_FILENO, "QUIT\r\n", 6);
+			    break;
+			}
+		    }
+
+		    rem -= p - beg + 2;
+		    beg = p + 2;
+		} else {
+		    if(state == XDELE) {
+			state = DELE;
+			rem -= p - beg + 2;
+			beg = p + 2;
+		    } else
+			errx (1, "Bad response: %.*s", (int)(p - beg), beg);
+		}
+	    }
+	    if (!do_from)
+		write_state_flush (&write_state);
+
+	    memmove (in_buf, beg, rem);
+	    in_len = rem;
+	    in_ptr = in_buf + rem;
+	}
+	if (FD_ISSET(s, &writeset)) {
+	    if ((state == STAT && !do_from) || state == RETR)
+		out_len = snprintf (out_buf, sizeof(out_buf),
+				    "RETR %u\r\n", ++asked_for);
+	    else if ((state == STAT && do_from) || state == TOP)
+		out_len = snprintf (out_buf, sizeof(out_buf),
+				    "TOP %u 0\r\n", ++asked_for);
+	    else if(state == XDELE) {
+		out_len = snprintf(out_buf, sizeof(out_buf),
+				   "XDELE %u %u\r\n", 1, count);
+		sent_xdele++;
+	    }
+	    else if(state == DELE)
+		out_len = snprintf (out_buf, sizeof(out_buf),
+				    "DELE %u\r\n", ++asked_deleted);
+	    if (net_write (s, out_buf, out_len) != out_len)
+		err (1, "write");
+	    if (verbose > 1)
+		write (STDERR_FILENO, out_buf, out_len);
+	}
+    }
+    if (verbose)
+	fprintf (stderr, "Done\n");
+    if (!do_from)
+	write_state_destroy (&write_state);
+    return 0;
+}
+
+#ifdef KRB5
+static int
+do_v5 (const char *host,
+       int port,
+       const char *user,
+       const char *filename,
+       const char *header_str,
+       int leavep,
+       int verbose,
+       int forkp)
+{
+    krb5_error_code ret;
+    krb5_auth_context auth_context = NULL;
+    krb5_principal server;
+    int s;
+
+    s = do_connect (host, port, 1);
+    if (s < 0)
+	return 1;
+
+    ret = krb5_sname_to_principal (context,
+				   host,
+				   "pop",
+				   KRB5_NT_SRV_HST,
+				   &server);
+    if (ret) {
+	warnx ("krb5_sname_to_principal: %s",
+	       krb5_get_err_text (context, ret));
+	return 1;
+    }
+
+    ret = krb5_sendauth (context,
+			 &auth_context,
+			 &s,
+			 "KPOPV1.0",
+			 NULL,
+			 server,
+			 0,
+			 NULL,
+			 NULL,
+			 NULL,
+			 NULL,
+			 NULL,
+			 NULL);
+    krb5_free_principal (context, server);
+    if (ret) {
+	warnx ("krb5_sendauth: %s",
+	       krb5_get_err_text (context, ret));
+	return 1;
+    }
+    return doit (s, host, user, filename, header_str, leavep, verbose, forkp);
+}
+#endif
+
+#ifdef KRB4
+static int
+do_v4 (const char *host,
+       int port,
+       const char *user,
+       const char *filename,
+       const char *header_str,
+       int leavep,
+       int verbose,
+       int forkp)
+{
+    KTEXT_ST ticket;
+    MSG_DAT msg_data;
+    CREDENTIALS cred;
+    des_key_schedule sched;
+    int s;
+    int ret;
+
+    s = do_connect (host, port, 1);
+    if (s < 0)
+	return 1;
+    ret = krb_sendauth(0,
+		       s,
+		       &ticket, 
+		       "pop",
+		       (char *)host,
+		       krb_realmofhost(host),
+		       getpid(),
+		       &msg_data,
+		       &cred,
+		       sched,
+		       NULL,
+		       NULL,
+		       "KPOPV0.1");
+    if(ret) {
+	warnx("krb_sendauth: %s", krb_get_err_text(ret));
+	return 1;
+    }
+    return doit (s, host, user, filename, header_str, leavep, verbose, forkp);
+}
+#endif /* KRB4 */
+
+#ifdef HESIOD
+
+#ifdef HESIOD_INTERFACES
+
+static char *
+hesiod_get_pobox (const char **user)
+{
+    void *context;
+    struct hesiod_postoffice *hpo;
+    char *ret = NULL;
+
+    if(hesiod_init (&context) != 0)
+	err (1, "hesiod_init");
+
+    hpo = hesiod_getmailhost (context, *user);
+    if (hpo == NULL) {
+	warn ("hesiod_getmailhost %s", *user);
+    } else {
+	if (strcasecmp(hpo->hesiod_po_type, "pop") != 0)
+	    errx (1, "Unsupported po type %s", hpo->hesiod_po_type);
+
+	ret = strdup(hpo->hesiod_po_host);
+	if(ret == NULL)
+	    errx (1, "strdup: out of memory");
+	*user = strdup(hpo->hesiod_po_name);
+	if (*user == NULL)
+	    errx (1, "strdup: out of memory");
+	hesiod_free_postoffice (context, hpo);
+    }
+    hesiod_end (context);
+    return ret;
+}
+
+#else /* !HESIOD_INTERFACES */
+
+static char *
+hesiod_get_pobox (const char **user)
+{
+    char *ret = NULL;
+    struct hes_postoffice *hpo;
+
+    hpo = hes_getmailhost (*user);
+    if (hpo == NULL) {
+	warn ("hes_getmailhost %s", *user);
+    } else {
+	if (strcasecmp(hpo->po_type, "pop") != 0)
+	    errx (1, "Unsupported po type %s", hpo->po_type);
+
+	ret = strdup(hpo->po_host);
+	if(ret == NULL)
+	    errx (1, "strdup: out of memory");
+	*user = strdup(hpo->po_name);
+	if (*user == NULL)
+	    errx (1, "strdup: out of memory");
+    }
+    return ret;
+}
+
+#endif /* HESIOD_INTERFACES */
+
+#endif /* HESIOD */
+
+static char *
+get_pobox (const char **user)
+{
+    char *ret = NULL;
+
+#ifdef HESIOD
+    ret = hesiod_get_pobox (user);
+#endif
+
+    if (ret == NULL)
+	ret = getenv("MAILHOST");
+    if (ret == NULL)
+	errx (1, "MAILHOST not set");
+    return ret;
+}
+
+static void
+parse_pobox (char *a0, const char **host, const char **user)
+{
+    const char *h, *u;
+    char *p;
+    int po = 0;
+
+    if (a0 == NULL) {
+
+	*user = getenv ("USERNAME");
+	if (*user == NULL) {
+	    struct passwd *pwd = getpwuid (getuid ());
+
+	    if (pwd == NULL)
+		errx (1, "Who are you?");
+	    *user = strdup (pwd->pw_name);
+	    if (*user == NULL)
+		errx (1, "strdup: out of memory");
+	}
+	*host = get_pobox (user);
+	return;
+    }
+
+    /* if the specification starts with po:, remember this information */
+    if(strncmp(a0, "po:", 3) == 0) {
+	a0 += 3;
+	po++;
+    }
+    /* if there is an `@', the hostname is after it, otherwise at the
+       beginning of the string */
+    p = strchr(a0, '@');
+    if(p != NULL) {
+	*p++ = '\0';
+	h = p;
+    } else {
+	h = a0;
+    }
+    /* if there is a `:', the username comes before it, otherwise at
+       the beginning of the string */
+    p = strchr(a0, ':');
+    if(p != NULL) {
+	*p++ = '\0';
+	u = p;
+    } else {
+	u = a0;
+    }
+    if(h == u) {
+	/* some inconsistent compatibility with various mailers */
+	if(po) {
+	    h = get_pobox (&u);
+	} else {
+	    u = get_default_username ();
+	    if (u == NULL)
+		errx (1, "Who are you?");
+	}
+    }
+    *host = h;
+    *user = u;
+}
+
+int
+main(int argc, char **argv)
+{
+    int port = 0;
+    int optind = 0;
+    int ret = 1;
+    const char *host, *user, *filename = NULL;
+    char *pobox = NULL;
+
+    set_progname (argv[0]);
+
+#ifdef KRB5
+    krb5_init_context (&context);
+#endif
+
+    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+		&optind))
+	usage (1);
+
+    argc -= optind;
+    argv += optind;
+
+#if defined(KRB4) && defined(KRB5)
+    if(use_v4 == -1 && use_v5 == 1)
+	use_v4 = 0;
+    if(use_v5 == -1 && use_v4 == 1)
+	use_v5 = 0;
+#endif    
+
+    if (do_help)
+	usage (0);
+
+    if (do_version) {
+	print_version(NULL);
+	return 0;
+    }
+	
+    if (do_from && header_str == NULL)
+	header_str = "From:";
+    else if (header_str != NULL)
+	do_from = 1;
+
+    if (do_from) {
+	if (argc == 0)
+	    pobox = NULL;
+	else if (argc == 1)
+	    pobox = argv[0];
+	else
+	    usage (1);
+    } else {
+	if (argc == 1) {
+	    filename = argv[0];
+	    pobox    = NULL;
+	} else if (argc == 2) {
+	    filename = argv[1];
+	    pobox    = argv[0];
+	} else
+	    usage (1);
+    }
+
+    if (port_str) {
+	struct servent *s = roken_getservbyname (port_str, "tcp");
+
+	if (s)
+	    port = s->s_port;
+	else {
+	    char *ptr;
+
+	    port = strtol (port_str, &ptr, 10);
+	    if (port == 0 && ptr == port_str)
+		errx (1, "Bad port `%s'", port_str);
+	    port = htons(port);
+	}
+    }
+    if (port == 0)
+#ifdef KRB5
+	port = krb5_getportbyname (context, "kpop", "tcp", 1109);
+#elif defined(KRB4)
+    port = k_getportbyname ("kpop", "tcp", 1109);
+#else
+#error must define KRB4 or KRB5
+#endif
+
+    parse_pobox (pobox, &host, &user);
+
+#ifdef KRB5
+    if (ret && use_v5) {
+	ret = do_v5 (host, port, user, filename, header_str,
+		     do_leave, verbose_level, do_fork);
+    }
+#endif
+
+#ifdef KRB4
+    if (ret && use_v4) {
+	ret = do_v4 (host, port, user, filename, header_str,
+		     do_leave, verbose_level, do_fork);
+    }
+#endif /* KRB4 */
+    return ret;
+}
diff --git a/crypto/kerberosIV/appl/push/push.cat8 b/crypto/kerberosIV/appl/push/push.cat8
new file mode 100644
index 0000000..bdd3804
--- /dev/null
+++ b/crypto/kerberosIV/appl/push/push.cat8
@@ -0,0 +1,77 @@
+
+PUSH(8)                  UNIX System Manager's Manual                  PUSH(8)
+
+NNAAMMEE
+     ppuusshh - fetch mail via POP
+
+SSYYNNOOPPSSIISS
+     ppuusshh [--44 | ----kkrrbb44] [--55 | ----kkrrbb55] [--vv | ----vveerrbboossee] [--ff | ----ffoorrkk] [--ll |
+     ----lleeaavvee] [----ffrroomm] [--cc | ----ccoouunntt] [----hheeaaddeerr] [--pp _p_o_r_t_-_s_p_e_c | ----ppoorrtt==_p_o_r_t_-
+     _s_p_e_c] _p_o_-_b_o_x _f_i_l_e_n_a_m_e
+
+DDEESSCCRRIIPPTTIIOONN
+     ppuusshh retrieves mail from the post office box _p_o_-_b_o_x, and stores the mail
+     in mbox format in _f_i_l_e_n_a_m_e. The _p_o_-_b_o_x can have any of the following for-
+     mats:
+           `hostname:username'
+           `po:hostname:username'
+           `username@hostname'
+           `po:username@hostname'
+           `hostname'
+           `po:username'
+
+     If no username is specified, ppuusshh assumes that it's the same as on the
+     local machine; _h_o_s_t_n_a_m_e defaults to the value of the MAILHOST environment
+     variable.
+
+     Supported options:
+
+     --44, ----kkrrbb44
+             use Kerberos 4 (if compiled with support for Kerberos 4)
+
+     --55, ----kkrrbb55
+             use Kerberos 5 (if compiled with support for Kerberos 5)
+
+     --ff, ----ffoorrkk
+             fork before starting to delete messages
+
+     --ll, ----lleeaavvee
+             don't delete fetched mail
+
+     ----ffrroomm  behave like from.
+
+     --cc, ----ccoouunntt
+             first print how many messages and bytes there are.
+
+     ----hheeaaddeerr
+             which header from should print.
+
+     --pp _p_o_r_t_-_s_p_e_c, ----ppoorrtt==_p_o_r_t_-_s_p_e_c
+             use this port instead of the default `kpop' or `1109'.
+
+     The default is to first try Kerberos 5 authentication and then, if that
+     fails, Kerberos 4.
+
+EENNVVIIRROONNMMEENNTT
+     MAILHOST
+             points to the post office, if no other hostname is specified.
+
+EEXXAAMMPPLLEESS
+           $ push cornfield:roosta ~/.gnus-crash-box
+
+     tries to fetch mail for the user _r_o_o_s_t_a from the post office at
+     ``cornfield'', and stores the mail in _~_/_._g_n_u_s_-_c_r_a_s_h_-_b_o_x (you are using
+     Gnus, aren't you?)
+
+           $ push --from -5 havregryn
+
+     tries to fetch FFrroomm:: lines for current user at post office ``havregryn''
+     using Kerberos 5.
+
+SSEEEE AALLSSOO
+     movemail(8),  popper(8),  from(1)
+
+HHIISSTTOORRYY
+     ppuusshh was written while waiting for mmoovveemmaaiill to finish getting the mail.
+
+ HEIMDAL                         May 31, 1998                                2
diff --git a/crypto/kerberosIV/appl/push/push_locl.h b/crypto/kerberosIV/appl/push/push_locl.h
new file mode 100644
index 0000000..1e5ca78
--- /dev/null
+++ b/crypto/kerberosIV/appl/push/push_locl.h
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: push_locl.h,v 1.6 1999/12/02 16:58:33 joda Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_ERRNO_H
+#include <errno.h>
+#endif
+#include <ctype.h>
+#include <limits.h>
+#include <time.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HESIOD
+#include <hesiod.h>
+#endif
+
+#include <roken.h>
+#include <err.h>
+#include <getarg.h>
+#ifdef KRB5
+#include <krb5.h>
+#endif
+
+#ifdef KRB4
+#include <krb.h>
+#endif
diff --git a/crypto/kerberosIV/appl/sample/Makefile.in b/crypto/kerberosIV/appl/sample/Makefile.in
new file mode 100644
index 0000000..d88023a
--- /dev/null
+++ b/crypto/kerberosIV/appl/sample/Makefile.in
@@ -0,0 +1,83 @@
+# $Id: Makefile.in,v 1.18 1999/03/10 19:01:13 joda Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+top_builddir = ../..
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+INSTALL = @INSTALL@
+LIBS = @LIBS@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+bindir = @bindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROG_BIN	= sample_client$(EXECSUFFIX) \
+		  simple_client$(EXECSUFFIX)
+PROG_LIBEXEC	= sample_server$(EXECSUFFIX) \
+		  simple_server$(EXECSUFFIX)
+PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
+
+OBJECTS = sample_client.o sample_server.o simple_client.o simple_server.o
+SOURCES = sample_client.c sample_server.c simple_client.c simple_server.c
+
+all: $(PROGS)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
+
+install: all
+
+uninstall:
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes
+LIBROKEN=-L../../lib/roken -lroken
+
+sample_client$(EXECSUFFIX): sample_client.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ sample_client.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+simple_client$(EXECSUFFIX): simple_client.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ simple_client.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+sample_server$(EXECSUFFIX): sample_server.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ sample_server.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+simple_server$(EXECSUFFIX): simple_server.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ simple_server.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+$(OBJECTS): ../../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/appl/sample/sample.h b/crypto/kerberosIV/appl/sample/sample.h
new file mode 100644
index 0000000..d79d574
--- /dev/null
+++ b/crypto/kerberosIV/appl/sample/sample.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: sample.h,v 1.11 1999/12/02 16:58:33 joda Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#include <errno.h>
+#ifdef SOCKS
+#include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
+#endif
+
+#include <err.h>
+#include <krb.h>
+
+#include <roken.h>
+
+#define SAMPLE_PORT 6354
+
+#define SAMPLE_SERVICE "sample"
+#define SAMPLE_VERSION "VERSION9"
diff --git a/crypto/kerberosIV/appl/sample/sample_client.c b/crypto/kerberosIV/appl/sample/sample_client.c
new file mode 100644
index 0000000..d0ec1c5
--- /dev/null
+++ b/crypto/kerberosIV/appl/sample/sample_client.c
@@ -0,0 +1,168 @@
+/*
+ *
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information,
+ * please see the file <mit-copyright.h>.
+ *
+ * sample_client:
+ * A sample Kerberos client, which connects to a server on a remote host,
+ * at port "sample" (be sure to define it in /etc/services)
+ * and authenticates itself to the server. The server then writes back
+ * (in ASCII) the authenticated name.
+ *
+ * Usage:
+ * sample_client <hostname> <checksum>
+ *
+ * <hostname> is the name of the foreign host to contact.
+ *
+ * <checksum> is an integer checksum to be used for the call to krb_mk_req()
+ *	and mutual authentication
+ *
+ */
+
+#include "sample.h"
+
+RCSID("$Id: sample_client.c,v 1.21 1999/11/13 06:27:01 assar Exp $");
+
+static void
+usage (void)
+{
+  fprintf (stderr, "Usage: %s [-s service] [-p port] hostname checksum\n",
+	   __progname);
+  exit (1);
+}
+
+int
+main(int argc, char **argv)
+{
+    struct hostent *hp;
+    struct sockaddr_in sin, lsin;
+    char *remote_host;
+    int status;
+    int namelen;
+    int sock = -1;
+    KTEXT_ST ticket;
+    char buf[512];
+    long authopts;
+    MSG_DAT msg_data;
+    CREDENTIALS cred;
+    des_key_schedule sched;
+    u_int32_t cksum;
+    int c;
+    char service[SNAME_SZ];
+    u_int16_t port;
+    struct servent *serv;
+    char **h_addr_list;
+
+    set_progname (argv[0]);
+    strlcpy (service, SAMPLE_SERVICE, sizeof(service));
+    port = 0;
+
+    while ((c = getopt(argc, argv, "s:p:")) != -1)
+	switch(c) {
+	case 's' :
+	    strlcpy (service, optarg, sizeof(service));
+	    break;
+	case 'p' :
+	    serv = getservbyname (optarg, "tcp");
+	    if (serv)
+		port = serv->s_port;
+	    else
+		port = htons(atoi(optarg));
+	    break;
+	case '?' :
+	default :
+	    usage();
+	}
+
+    argc -= optind;
+    argv += optind;
+
+    if (argc != 2)
+	usage ();
+    
+    /* convert cksum to internal rep */
+    cksum = atoi(argv[1]);
+
+    printf("Setting checksum to %ld\n", (long)cksum);
+
+    /* clear out the structure first */
+    memset(&sin, 0, sizeof(sin));
+    sin.sin_family = AF_INET;
+    if (port)
+	sin.sin_port = port;
+    else
+	sin.sin_port = k_getportbyname (service, "tcp", htons(SAMPLE_PORT));
+
+    /* look up the server host */
+    hp = gethostbyname(argv[0]);
+    if (hp == NULL)
+	errx (1, "gethostbyname(%s): %s", argv[0],
+	      hstrerror(h_errno));
+
+    /* copy the hostname into non-volatile storage */
+    remote_host = strdup(hp->h_name);
+    if (remote_host == NULL)
+	errx (1, "strdup: out of memory");
+
+    /* set up the address of the foreign socket for connect() */
+    sin.sin_family = hp->h_addrtype;
+
+    for (h_addr_list = hp->h_addr_list;
+	 *h_addr_list;
+	 ++h_addr_list) {
+	memcpy(&sin.sin_addr, *h_addr_list, sizeof(sin.sin_addr));
+	fprintf (stderr, "Trying %s...\n", inet_ntoa(sin.sin_addr));
+
+	/* open a TCP socket */
+	sock = socket(PF_INET, SOCK_STREAM, 0);
+	if (sock < 0)
+	    err (1, "socket");
+
+	/* connect to the server */
+	if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
+	    break;
+	close (sock);
+    }
+
+    if (*h_addr_list == NULL)
+	err (1, "connect");
+
+    /* find out who I am, now that we are connected and therefore bound */
+    namelen = sizeof(lsin);
+    if (getsockname(sock, (struct sockaddr *) &lsin, &namelen) < 0) {
+	close (sock);
+	err (1, "getsockname");
+    }
+
+    /* call Kerberos library routine to obtain an authenticator,
+       pass it over the socket to the server, and obtain mutual
+       authentication. */
+
+    authopts = KOPT_DO_MUTUAL;
+    status = krb_sendauth(authopts, sock, &ticket,
+			  service, remote_host,
+			  NULL, cksum, &msg_data, &cred,
+			  sched, &lsin, &sin, SAMPLE_VERSION);
+    if (status != KSUCCESS)
+	errx (1, "cannot authenticate to server: %s",
+	      krb_get_err_text(status));
+
+    /* After we send the authenticator to the server, it will write
+       back the name we authenticated to. Read what it has to say. */
+    status = read(sock, buf, sizeof(buf));
+    if (status < 0)
+	errx(1, "read");
+
+    /* make sure it's null terminated before printing */
+    if (status < sizeof(buf))
+	buf[status] = '\0';
+    else
+	buf[sizeof(buf) - 1] = '\0';
+
+    printf("The server says:\n%s\n", buf);
+
+    close(sock);
+    return 0;
+}
diff --git a/crypto/kerberosIV/appl/sample/sample_server.c b/crypto/kerberosIV/appl/sample/sample_server.c
new file mode 100644
index 0000000..5442562
--- /dev/null
+++ b/crypto/kerberosIV/appl/sample/sample_server.c
@@ -0,0 +1,153 @@
+/*
+ *
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information,
+ * please see the file <mit-copyright.h>.
+ *
+ * sample_server:
+ * A sample Kerberos server, which reads a ticket from a TCP socket,
+ * decodes it, and writes back the results (in ASCII) to the client.
+ *
+ * Usage:
+ * sample_server
+ *
+ * file descriptor 0 (zero) should be a socket connected to the requesting
+ * client (this will be correct if this server is started by inetd).
+ */
+
+#include "sample.h"
+
+RCSID("$Id: sample_server.c,v 1.14 1999/11/13 06:28:49 assar Exp $");
+
+static void
+usage (void)
+{
+    fprintf (stderr, "Usage: %s [-i] [-s service] [-t srvtab]\n",
+	     __progname);
+    exit (1);
+}
+
+int
+main(int argc, char **argv)
+{
+    struct sockaddr_in peername, myname;
+    int namelen = sizeof(peername);
+    int status, count, len;
+    long authopts;
+    AUTH_DAT auth_data;
+    KTEXT_ST clt_ticket;
+    des_key_schedule sched;
+    char instance[INST_SZ];
+    char service[ANAME_SZ];
+    char version[KRB_SENDAUTH_VLEN+1];
+    char retbuf[512];
+    char lname[ANAME_SZ];
+    char srvtab[MaxPathLen];
+    int c;
+    int no_inetd = 0;
+
+    /* open a log connection */
+
+    set_progname (argv[0]);
+
+    roken_openlog(__progname, LOG_ODELAY, LOG_DAEMON);
+
+    strlcpy (service, SAMPLE_SERVICE, sizeof(service));
+    *srvtab = '\0';
+
+    while ((c = getopt (argc, argv, "s:t:i")) != -1)
+	switch (c) {
+	case 's' :
+	    strlcpy (service, optarg, sizeof(service));
+	    break;
+	case 't' :
+	    strlcpy (srvtab, optarg, sizeof(srvtab));
+	    break;
+	case 'i':
+	    no_inetd = 1;
+	    break;
+	case '?' :
+	default :
+	    usage ();
+	}
+
+    if (no_inetd)
+	mini_inetd (htons(SAMPLE_PORT));
+
+    /*
+     * To verify authenticity, we need to know the address of the
+     * client.
+     */
+    if (getpeername(STDIN_FILENO,
+		    (struct sockaddr *)&peername,
+		    &namelen) < 0) {
+	syslog(LOG_ERR, "getpeername: %m");
+	return 1;
+    }
+
+    /* for mutual authentication, we need to know our address */
+    namelen = sizeof(myname);
+    if (getsockname(STDIN_FILENO, (struct sockaddr *)&myname, &namelen) < 0) {
+	syslog(LOG_ERR, "getsocknamename: %m");
+	return 1;
+    }
+
+    /* read the authenticator and decode it.  Using `k_getsockinst' we
+     * always get the right instance on a multi-homed host.
+     */
+    k_getsockinst (STDIN_FILENO, instance, sizeof(instance));
+
+    /* we want mutual authentication */
+    authopts = KOPT_DO_MUTUAL;
+    status = krb_recvauth(authopts, STDIN_FILENO, &clt_ticket,
+			  service, instance, &peername, &myname,
+			  &auth_data, srvtab,
+			  sched, version);
+    if (status != KSUCCESS) {
+	snprintf(retbuf, sizeof(retbuf),
+		 "Kerberos error: %s\n",
+		 krb_get_err_text(status));
+	syslog(LOG_ERR, retbuf);
+    } else {
+	/* Check the version string (KRB_SENDAUTH_VLEN chars) */
+	if (strncmp(version, SAMPLE_VERSION, KRB_SENDAUTH_VLEN)) {
+	    /* didn't match the expected version */
+	    /* could do something different, but we just log an error
+	       and continue */
+	    version[8] = '\0';		/* make sure null term */
+	    syslog(LOG_ERR, "Version mismatch: '%s' isn't '%s'",
+		   version, SAMPLE_VERSION);
+	}
+	/* now that we have decoded the authenticator, translate
+	   the kerberos principal.instance@realm into a local name */
+	if (krb_kntoln(&auth_data, lname) != KSUCCESS)
+	    strlcpy(lname,
+			    "*No local name returned by krb_kntoln*",
+			    sizeof(lname));
+	/* compose the reply */
+	snprintf(retbuf, sizeof(retbuf),
+		"You are %s.%s@%s (local name %s),\n at address %s, version %s, cksum %ld\n",
+		auth_data.pname,
+		auth_data.pinst,
+		auth_data.prealm,
+		lname,
+		inet_ntoa(peername.sin_addr),
+		version,
+		(long)auth_data.checksum);
+    }
+
+    /* write back the response */
+    if ((count = write(0, retbuf, (len = strlen(retbuf) + 1))) < 0) {
+	syslog(LOG_ERR,"write: %m");
+	return 1;
+    } else if (count != len) {
+	syslog(LOG_ERR, "write count incorrect: %d != %d\n",
+		count, len);
+	return 1;
+    }
+
+    /* close up and exit */
+    close(0);
+    return 0;
+}
diff --git a/crypto/kerberosIV/appl/sample/simple.h b/crypto/kerberosIV/appl/sample/simple.h
new file mode 100644
index 0000000..17315b3
--- /dev/null
+++ b/crypto/kerberosIV/appl/sample/simple.h
@@ -0,0 +1,14 @@
+/*
+ * $Id: simple.h,v 1.3 1996/09/27 15:54:23 assar Exp $
+ *
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Common definitions for the simple UDP-based Kerberos-mediated
+ * server & client applications.
+ */
+
+#define SERVICE	"sample"
+#define	HOST	"bach"
diff --git a/crypto/kerberosIV/appl/sample/simple_client.c b/crypto/kerberosIV/appl/sample/simple_client.c
new file mode 100644
index 0000000..434150d
--- /dev/null
+++ b/crypto/kerberosIV/appl/sample/simple_client.c
@@ -0,0 +1,202 @@
+/*
+ *
+ * Copyright 1989 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Simple UDP-based sample client program.  For demonstration.
+ * This program performs no useful function.
+ */
+
+#include "sample.h"
+RCSID("$Id: simple_client.c,v 1.15 1999/11/13 06:29:01 assar Exp $");
+
+#define MSG "hi, Jennifer!"		/* message text */
+
+static int
+talkto(char *hostname, char *service, int port)
+{
+  int flags = 0;			/* flags for sendto() */
+  long len;
+  u_long cksum = 0L;		/* cksum not used */
+  char c_realm[REALM_SZ];		/* local Kerberos realm */
+  char *s_realm;			/* server's Kerberos realm */
+
+  KTEXT_ST k;			/* Kerberos data */
+  KTEXT ktxt = &k;
+
+  int sock, i;
+  struct hostent *host;
+  struct sockaddr_in s_sock;	/* server address */
+  char myhostname[MaxHostNameLen]; /* local hostname */
+
+  /* for krb_mk_safe/priv */
+  struct sockaddr_in c_sock;	/* client address */
+  CREDENTIALS c;			/* ticket & session key */
+  CREDENTIALS *cred = &c;
+
+  /* for krb_mk_priv */
+  des_key_schedule sched;		/* session key schedule */
+
+  /* Look up server host */
+  if ((host = gethostbyname(hostname)) == NULL) {
+    fprintf(stderr, "%s: unknown host \n", hostname);
+    return 1;
+  }
+
+  /* Set server's address */
+  memset(&s_sock, 0, sizeof(s_sock));
+  memcpy(&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr));
+  s_sock.sin_family = AF_INET;
+  if (port)
+    s_sock.sin_port = port;
+  else
+    s_sock.sin_port = k_getportbyname (service, "tcp", htons(SAMPLE_PORT));
+
+  if (gethostname(myhostname, sizeof(myhostname)) < 0) {
+    warn("gethostname");
+    return 1;
+  }
+
+  if ((host = gethostbyname(myhostname)) == NULL) {
+    fprintf(stderr, "%s: unknown host\n", myhostname);
+    return 1;
+  }
+
+  /* Open a socket */
+  if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+    warn("socket SOCK_DGRAM");
+    return 1;
+  }
+
+  memset(&c_sock, 0, sizeof(c_sock));
+  memcpy(&c_sock.sin_addr, host->h_addr, sizeof(c_sock.sin_addr));
+  c_sock.sin_family = AF_INET;
+
+  /* Bind it to set the address; kernel will fill in port # */
+  if (bind(sock, (struct sockaddr *)&c_sock, sizeof(c_sock)) < 0) {
+    warn("bind");
+    return 1;
+  }
+	
+  /* Get local realm, not needed, just an example */
+  if ((i = krb_get_lrealm(c_realm, 1)) != KSUCCESS) {
+    fprintf(stderr, "can't find local Kerberos realm\n");
+    return 1;
+  }
+  printf("Local Kerberos realm is %s\n", c_realm);
+
+  /* Get Kerberos realm of host */
+  s_realm = krb_realmofhost(hostname);
+
+  /* PREPARE KRB_MK_REQ MESSAGE */
+
+  /* Get credentials for server, create krb_mk_req message */
+  if ((i = krb_mk_req(ktxt, service, hostname, s_realm, cksum))
+      != KSUCCESS) {
+    fprintf(stderr, "%s\n", krb_get_err_text(i));
+    return 1;
+  }
+  printf("Got credentials for %s.\n", service);
+
+  /* Send authentication info to server */
+  i = sendto(sock, (char *)ktxt->dat, ktxt->length, flags,
+	     (struct sockaddr *)&s_sock, sizeof(s_sock));
+  if (i < 0)
+    warn("sending datagram message");
+  printf("Sent authentication data: %d bytes\n", i);
+
+  /* PREPARE KRB_MK_SAFE MESSAGE */
+
+  /* Get my address */
+  memset(&c_sock, 0, sizeof(c_sock));
+  i = sizeof(c_sock);
+  if (getsockname(sock, (struct sockaddr *)&c_sock, &i) < 0) {
+    warn("getsockname");
+    return 1;
+  }
+
+  /* Get session key */
+  i = krb_get_cred(service, hostname, s_realm, cred);
+  if (i != KSUCCESS)
+    return 1;
+
+  /* Make the safe message */
+  len = krb_mk_safe(MSG, ktxt->dat, strlen(MSG)+1,
+		    &cred->session, &c_sock, &s_sock);
+
+  /* Send it */
+  i = sendto(sock, (char *)ktxt->dat, (int) len, flags,
+	     (struct sockaddr *)&s_sock, sizeof(s_sock));
+  if (i < 0)
+    warn("sending safe message");
+  printf("Sent checksummed message: %d bytes\n", i);
+
+  /* PREPARE KRB_MK_PRIV MESSAGE */
+
+#ifdef NOENCRYPTION
+  memset(sched, 0, sizeof(sched));
+#else
+  /* Get key schedule for session key */
+  des_key_sched(&cred->session, sched);
+#endif
+
+  /* Make the encrypted message */
+  len = krb_mk_priv(MSG, ktxt->dat, strlen(MSG)+1,
+		    sched, &cred->session, &c_sock, &s_sock);
+
+  /* Send it */
+  i = sendto(sock, (char *)ktxt->dat, (int) len, flags,
+	     (struct sockaddr *)&s_sock, sizeof(s_sock));
+  if (i < 0)
+    warn("sending encrypted message");
+  printf("Sent encrypted message: %d bytes\n", i);
+  return 0;
+}
+
+static void
+usage (void)
+{
+  fprintf (stderr, "Usage: %s [-s service] [-p port] hostname\n",
+	   __progname);
+  exit (1);
+}
+
+int
+main(int argc, char **argv)
+{
+  int ret = 0;
+  int port = 0;
+  char service[SNAME_SZ];
+  struct servent *serv;
+  int c;
+
+  set_progname (argv[0]);
+
+  strlcpy (service, SAMPLE_SERVICE, sizeof(service));
+
+  while ((c = getopt(argc, argv, "s:p:")) != -1)
+    switch(c) {
+    case 's' :
+      strlcpy (service, optarg, sizeof(service));
+      break;
+    case 'p' :
+      serv = getservbyname (optarg, "tcp");
+      if (serv)
+	port = serv->s_port;
+      else
+	port = htons(atoi(optarg));
+      break;
+    case '?' :
+    default :
+      usage();
+    }
+
+  argc -= optind;
+  argv += optind;
+
+  while (argc-- > 0)
+    ret &= talkto (*argv++, service, port);
+  return ret;
+}
diff --git a/crypto/kerberosIV/appl/sample/simple_server.c b/crypto/kerberosIV/appl/sample/simple_server.c
new file mode 100644
index 0000000..05baa4e
--- /dev/null
+++ b/crypto/kerberosIV/appl/sample/simple_server.c
@@ -0,0 +1,140 @@
+/*
+ *
+ * Copyright 1989 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Simple UDP-based server application.  For demonstration.
+ * This program performs no useful function.
+ */
+
+#include "sample.h"
+
+RCSID("$Id: simple_server.c,v 1.11 1999/11/13 06:29:24 assar Exp $");
+
+static void
+usage (void)
+{
+    fprintf (stderr, "Usage: %s [-p port] [-s service] [-t srvtab]\n",
+	     __progname);
+    exit (1);
+}
+
+int
+main(int argc, char **argv)
+{
+    char service[SNAME_SZ];
+    char instance[INST_SZ];
+    int port;
+    char srvtab[MaxPathLen];
+    struct sockaddr_in addr, otheraddr;
+    int c;
+    int sock;
+    int i;
+    int len;
+    KTEXT_ST k;
+    KTEXT ktxt = &k;
+    AUTH_DAT ad;
+    MSG_DAT msg_data;
+    des_key_schedule sched;
+
+    set_progname (argv[0]);
+    strlcpy (service, SAMPLE_SERVICE, sizeof(service));
+    strlcpy (instance, "*", sizeof(instance));
+    *srvtab = '\0';
+    port = 0;
+
+    while ((c = getopt (argc, argv, "p:s:t:")) != -1)
+	switch (c) {
+	case 'p' : {
+	    struct servent *sp;
+
+	    sp = getservbyname (optarg, "udp");
+	    if (sp)
+		port = sp->s_port;
+	    else
+		port = htons(atoi(optarg));
+	    break;
+	}
+	case 's' :
+	    strlcpy (service, optarg, sizeof(service));
+	    break;
+	case 't' :
+	    strlcpy (srvtab, optarg, sizeof(srvtab));
+	    break;
+	case '?' :
+	default :
+	    usage ();
+	}
+
+    if(port == 0)
+	port = k_getportbyname (SAMPLE_SERVICE, "udp", htons(SAMPLE_PORT));
+
+    memset (&addr, 0, sizeof(addr));
+    addr.sin_family = AF_INET;
+    addr.sin_port = port;
+
+    sock = socket (AF_INET, SOCK_DGRAM, 0);
+    if (sock < 0)
+	err (1, "socket");
+
+    if (bind (sock, (struct sockaddr *)&addr, sizeof(addr)) < 0)
+	err (1, "bind");
+
+    /* GET KRB_MK_REQ MESSAGE */
+
+    i = read(sock, ktxt->dat, MAX_KTXT_LEN);
+    if (i < 0)
+	err (1, "read");
+
+    printf("Received %d bytes\n", i);
+    ktxt->length = i;
+
+    /* Check authentication info */
+    i = krb_rd_req(ktxt, service, instance, 0, &ad, "");
+    if (i != KSUCCESS)
+	errx (1, "krb_rd_req: %s", krb_get_err_text(i));
+    printf("Got authentication info from %s%s%s@%s\n", ad.pname,
+	   *ad.pinst ? "." : "", ad.pinst, ad.prealm);
+	
+    /* GET KRB_MK_SAFE MESSAGE */
+
+    /* use "recvfrom" so we know client's address */
+    len = sizeof(otheraddr);
+    i = recvfrom(sock, ktxt->dat, MAX_KTXT_LEN, 0,
+		 (struct sockaddr *)&otheraddr, &len);
+    if (i < 0)
+	err (1, "recvfrom");
+    printf("Received %d bytes\n", i);
+
+    /* Verify the checksummed message */
+    i = krb_rd_safe(ktxt->dat, i, &ad.session, &otheraddr,
+		    &addr, &msg_data);
+    if (i != KSUCCESS)
+	errx (1, "krb_rd_safe: %s", krb_get_err_text(i));
+    printf("Safe message is: %s\n", msg_data.app_data);
+	
+    /* NOW GET ENCRYPTED MESSAGE */
+
+#ifdef NOENCRYPTION
+    memset(sched, 0, sizeof(sched));
+#else
+    /* need key schedule for session key */
+    des_key_sched(&ad.session, sched);
+#endif
+
+    /* use "recvfrom" so we know client's address */
+    len = sizeof(otheraddr);
+    i = recvfrom(sock, ktxt->dat, MAX_KTXT_LEN, 0,
+		 (struct sockaddr *)&otheraddr, &len);
+    if (i < 0)
+	err (1, "recvfrom");
+    printf("Received %d bytes\n", i);
+    i = krb_rd_priv(ktxt->dat, i, sched, &ad.session, &otheraddr,
+		    &addr, &msg_data);
+    if (i != KSUCCESS)
+	errx (1, "krb_rd_priv: %s", krb_get_err_text(i));
+    printf("Decrypted message is: %s\n", msg_data.app_data);
+    return(0);
+}
diff --git a/crypto/kerberosIV/appl/telnet/ChangeLog b/crypto/kerberosIV/appl/telnet/ChangeLog
new file mode 100644
index 0000000..5681679
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/ChangeLog
@@ -0,0 +1,232 @@
+1999-07-07  Assar Westerlund  <assar@sics.se>
+
+	* telnet/commands.c (tn): extra bogus const-cast
+
+1999-07-06  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/sys_term.c (start_login): print a different warning with
+ 	`-a otp'
+
+1999-06-24  Assar Westerlund  <assar@sics.se>
+
+	* libtelnet/kerberos5.c (kerberos5_send): set the addresses in the
+ 	auth_context
+
+1999-06-23  Assar Westerlund  <assar@sics.se>
+
+	* telnet/Makefile.am (INCLUDES): add $(INCLUDE_krb4)
+
+	* telnet/commands.c (togkrbdebug): conditionalize on
+ 	krb_disable_debug
+
+1999-06-16  Johan Danielsson  <joda@pdc.kth.se>
+
+	* telnet/commands.c: add kerberos debugging option
+
+1999-06-15  Assar Westerlund  <assar@sics.se>
+
+	* telnet/commands.c (tn): use get_default_username
+
+1999-05-14  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/state.c (telrcv): magic patch to make it work against
+ 	DOS Clarkson Telnet.  From Miroslav Ruda <ruda@ics.muni.cz>
+
+1999-04-25  Assar Westerlund  <assar@sics.se>
+
+	* libtelnet/kerberos5.c (kerberos5_send): use
+	`krb5_auth_setkeytype' instead of `krb5_auth_setenctype' to make
+	sure we get a DES session key.
+
+Thu Apr  1 16:59:27 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* telnetd/Makefile.am: don't run check-local
+
+	* telnet/Makefile.am: don't run check-local
+
+Mon Mar 29 16:11:33 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* telnetd/sys_term.c: _CRAY -> HAVE_STRUCT_UTMP_UT_ID
+
+Sat Mar 20 00:12:54 1999  Assar Westerlund  <assar@sics.se>
+
+	* telnet/authenc.c (telnet_gets): remove old extern declarations
+
+Thu Mar 18 11:20:16 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* telnetd/Makefile.am: include Makefile.am.common
+
+	* telnet/Makefile.am: include Makefile.am.common
+
+	* libtelnet/Makefile.am: include Makefile.am.common
+
+	* Makefile.am: include Makefile.am.common
+
+Mon Mar 15 17:40:53 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* telnetd/telnetd.c: replace perror/exit with fatalperror
+
+Sat Mar 13 22:18:57 1999  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/telnetd.c (main): 0 -> STDIN_FILENO.  remove abs
+
+	* libtelnet/kerberos.c (kerberos4_is): syslog root logins
+
+Thu Mar 11 14:48:54 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* telnetd/Makefile.in: add WFLAGS
+
+	* telnet/Makefile.in: add WFLAGS
+
+	* libtelnet/Makefile.in: add WFLAGS
+
+	* telnetd/sys_term.c: remove unused variables
+
+	* telnet/telnet.c: fix some warnings
+
+	* telnet/main.c: fix some warnings
+
+	* telnet/commands.c: fix types in format string
+
+	* libtelnet/auth.c: fix types in format string
+
+Mon Mar  1 10:50:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* telnetd/sys_term.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
+
+Mon Feb  1 04:08:36 1999  Assar Westerlund  <assar@sics.se>
+
+	* telnet/commands.c (tn): only call gethostbyname2 with AF_INET6
+ 	if we actually have IPv6.  From "Brandon S. Allbery KF8NH"
+ 	<allbery@kf8nh.apk.net>
+
+Sat Nov 21 16:51:00 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* telnetd/sys_term.c (cleanup): don't call vhangup() on sgi:s
+
+Fri Aug 14 16:29:18 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* libtelnet/kerberos.c: krb_put_int -> KRB_PUT_INT
+
+Thu Jul 23 20:29:05 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* libtelnet/kerberos5.c: use krb5_verify_authenticator_checksum
+
+Mon Jul 13 22:00:09 1998  Assar Westerlund  <assar@sics.se>
+
+	* telnet/commands.c (tn): don't advance hostent->h_addr_list, use
+ 	a copy instead
+
+Wed May 27 04:19:17 1998  Assar Westerlund  <assar@sics.se>
+
+	* telnet/sys_bsd.c (process_rings): correct call to `stilloob'
+
+Fri May 15 19:38:19 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
+
+	* libtelnet/kerberos5.c: Always print errors from mk_req.
+
+Fri May  1 07:16:59 1998  Assar Westerlund  <assar@sics.se>
+
+	* telnet/commands.c: unifdef -DHAVE_H_ERRNO
+
+Sat Apr  4 15:00:29 1998  Assar Westerlund  <assar@sics.se>
+
+	* telnet/commands.c (tn): moved the printing of `trying...' to the
+ 	loop
+
+Thu Mar 12 02:33:48 1998  Assar Westerlund  <assar@sics.se>
+
+	* telnet/telnet_locl.h: include <term.h>. From Gregory S. Stark
+ 	<gsstark@mit.edu>
+
+Sat Feb 21 15:12:38 1998  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/ext.h: add prototype for login_tty
+
+	* telnet/utilities.c (printsub): `direction' is now an int.
+
+	* libtelnet/misc-proto.h: add prototype for `printsub'
+
+Tue Feb 17 02:45:01 1998  Assar Westerlund  <assar@sics.se>
+
+	* libtelnet/kerberos.c (kerberos4_is): cred.pname should be
+ 	cred.pinst.  From <art@stacken.kth.se>
+
+Sun Feb 15 02:46:39 1998  Assar Westerlund  <assar@sics.se>
+
+	* telnet/*/*.c: renamed `telnet' to `my_telnet' to avoid
+ 	conflicts with system header files on mklinux.
+
+Tue Feb 10 02:09:03 1998  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/telnetd.c: new signature for `getterminaltype' and
+ 	`auth_wait'
+
+	* libtelnet: changed the signature of the authentication method
+ 	`status'
+
+Sat Feb  7 07:21:29 1998  Assar Westerlund  <assar@sics.se>
+
+	* */*.c: replace HAS_GETTOS by HAVE_PARSETOS and HAVE_GETTOSBYNAME
+
+Fri Dec 26 16:17:10 1997  Assar Westerlund  <assar@sics.se>
+
+	* telnet/commands.c (tn): repair support for numeric addresses
+
+Sun Dec 21 09:40:31 1997  Assar Westerlund  <assar@sics.se>
+
+	* libtelnet/kerberos.c: fix up lots of stuff related to the
+ 	forwarding of v4 tickets.
+
+	* libtelnet/kerberos5.c (kerberos5_forward): zero out `creds'.
+
+Mon Dec 15 20:53:13 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* telnet/sys_bsd.c: Don't turn off OPOST in 8bit-mode.
+
+Tue Dec  9 19:26:50 1997  Assar Westerlund  <assar@sics.se>
+
+	* telnet/main.c (main): add 'b' to getopt
+
+Sat Nov 29 03:28:54 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* telnet/telnet.c: Change binary mode to do just that, and add a
+ 	eight-bit mode for just passing all characters.
+
+Sun Nov 16 04:37:02 1997  Assar Westerlund  <assar@sics.se>
+
+	* libtelnet/kerberos5.c (kerberos5_send): always ask for a session
+ 	key of type DES
+
+	* libtelnet/kerberos5.c: remove old garbage and fix call to
+ 	krb5_auth_con_setaddrs_from_fd
+
+Fri Nov 14 20:35:18 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* telnetd/telnetd.c: Output contents of /etc/issue.
+
+Mon Nov  3 07:09:16 1997  Assar Westerlund  <assar@sics.se>
+
+	* telnet/telnet_locl.h: only include <sys/termio.h> iff
+ 	!defined(HAVE_TERMIOS_H)
+
+	* libtelnet/kerberos.c (kerberos4_is): send the peer address to
+ 	krb_rd_req
+
+	* telnetd/telnetd.c (terminaltypeok): always return OK.  It used
+ 	to call `tgetent' to figure if it was a defined terminal type.
+  	It's possible to overflow tgetent so that's a bad idea.  The worst
+ 	that could happen by saying yes to all terminals is that the user
+ 	ends up with a terminal that has no definition on the local
+ 	system.  And besides, most telnet client has no support for
+ 	falling back to a different terminal type.
+
+Mon Oct 20 05:47:19 1997  Assar Westerlund  <assar@sics.se>
+
+	* libtelnet/kerberos5.c: remove lots of old junk.  clean-up.
+  	better error checking and reporting.  tell the user permission
+ 	denied much earlier.
+
+	* libtelnet/kerberos.c (kerberos4_is): only print
+ 	UserNameRequested if != NULL
+
diff --git a/crypto/kerberosIV/appl/telnet/Makefile.am b/crypto/kerberosIV/appl/telnet/Makefile.am
new file mode 100644
index 0000000..eec013b
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/Makefile.am
@@ -0,0 +1,11 @@
+# $Id: Makefile.am,v 1.6 1999/03/20 13:58:15 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+SUBDIRS = libtelnet telnet telnetd
+
+dist-hook:
+	$(mkinstalldirs) $(distdir)/arpa
+	$(INSTALL_DATA) $(srcdir)/arpa/telnet.h $(distdir)/arpa
+
+EXTRA_DIST = README.ORIG telnet.state
diff --git a/crypto/kerberosIV/appl/telnet/Makefile.in b/crypto/kerberosIV/appl/telnet/Makefile.in
new file mode 100644
index 0000000..840e757
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/Makefile.in
@@ -0,0 +1,42 @@
+# $Id: Makefile.in,v 1.20 1998/05/31 18:04:50 joda Exp $
+
+srcdir		= @srcdir@
+top_srcdir	= @top_srcdir@
+VPATH		= @srcdir@
+
+SHELL		= /bin/sh
+
+@SET_MAKE@
+
+CC = @CC@
+LINK = @LINK@
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+
+INSTALL = @INSTALL@
+
+SUBDIRS=libtelnet telnet telnetd
+
+all:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+install:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+uninstall:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+clean cleandir:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+distclean: 
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+	rm -f Makefile *~
+
+.PHONY: all install uninstall clean cleandir distclean
diff --git a/crypto/kerberosIV/appl/telnet/README.ORIG b/crypto/kerberosIV/appl/telnet/README.ORIG
new file mode 100644
index 0000000..37b588f
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/README.ORIG
@@ -0,0 +1,743 @@
+
+This is a distribution of both client and server telnet.  These programs
+have been compiled on:
+			telnet	telnetd
+	4.4 BSD-Lite	  x	  x
+	4.3 BSD Reno	  X	  X
+	UNICOS 9.1	  X	  X
+	UNICOS 9.0	  X	  X
+	UNICOS 8.0	  X	  X
+	BSDI 2.0	  X	  X
+	Solaris 2.4       x       x (no linemode in server)
+	SunOs 4.1.4	  X	  X (no linemode in server)
+	Ultrix 4.3	  X	  X (no linemode in server)
+	Ultrix 4.1	  X	  X (no linemode in server)
+
+In addition, previous versions have been compiled on the following
+machines, but were not available for testing this version.
+			telnet	telnetd
+	Next1.0		  X	  X
+	UNICOS 8.3	  X	  X
+	UNICOS 7.C	  X	  X
+	UNICOS 7.0	  X	  X
+	SunOs 4.0.3c	  X	  X (no linemode in server)
+	4.3 BSD		  X  	  X (no linemode in server)
+	DYNIX V3.0.12	  X	  X (no linemode in server)
+	Ultrix 3.1	  X	  X (no linemode in server)
+	Ultrix 4.0	  X	  X (no linemode in server)
+	SunOs 3.5	  X	  X (no linemode in server)
+	SunOs 4.1.3	  X	  X (no linemode in server)
+	Solaris 2.2       x       x (no linemode in server)
+	Solaris 2.3       x       x (no linemode in server)
+	BSDI 1.0	  X	  X
+	BSDI 1.1	  X	  X
+	DYNIX V3.0.17.9	  X	  X (no linemode in server)
+	HP-UX 8.0	  x       x (no linemode in server)
+
+This code should work, but there are no guarantees.
+
+May 30, 1995
+
+This release represents what is on the 4.4BSD-Lite2 release, which
+should be the final BSD release.  I will continue to support of
+telnet, The code (without encryption) is available via anonymous ftp
+from ftp.cray.com, in src/telnet/telnet.YY.MM.DD.NE.tar.Z, where
+YY.MM.DD is replaced with the year, month and day of the release.
+If you can't find it at one of these places, at some point in the
+near future information about the latest releases should be available
+from ftp.borman.com.
+
+In addition, the version with the encryption code is available via
+ftp from net-dist.mit.edu, in the directory /pub/telnet.  There
+is a README file there that gives further information on how
+to get the distribution.
+
+Questions, comments, bug reports and bug fixes can be sent to
+one of these addresses:
+		dab@borman.com
+		dab@cray.com
+		dab@bsdi.com
+
+This release is mainly bug fixes and code cleanup.
+
+	Replace all calls to bcopy()/bzero() with calls to
+	memmove()/memset() and all calls to index()/rindex()
+	with calls to strchr()/strrchr().
+
+	Add some missing diagnostics for option tracing
+	to telnetd.
+
+	Add support for BSDI 2.0 and Solaris 2.4.
+
+	Add support for UNICOS 8.0
+
+	Get rid of expanded tabs and trailing white spaces.
+
+	From Paul Vixie:
+		Fix for telnet going into an endless spin
+		when the session dies abnormally.
+
+	From Jef Poskanzer:
+		Changes to allow telnet to compile
+		under SunOS 3.5.
+
+	From Philip Guenther:
+		makeutx() doesn't expand utmpx,
+		use pututxline() instead.
+
+	From Chris Torek:
+		Add a sleep(1) before execing login
+		to avoid race condition that can eat
+		up the login prompt.
+		Use terminal speed directly if it is
+		not an encoded value.
+
+	From Steve Parker:
+		Fix to realloc() call.  Fix for execing
+		login on solaris with no user name.
+
+January 19, 1994
+
+This is a list of some of the changes since the last tar release
+of telnet/telnetd.  There are probably other changes that aren't
+listed here, but this should hit a lot of the main ones.
+
+   General:
+	Changed #define for AUTHENTICATE to AUTHENTICATION
+	Changed #define for ENCRYPT to ENCRYPTION
+	Changed #define for DES_ENCRYPT to DES_ENCRYPTION
+
+	Added support for SPX authentication: -DSPX
+
+	Added support for Kerberos Version 5 authentication: -DKRB5
+
+	Added support for ANSI C function prototypes
+
+	Added support for the NEW-ENVIRON option (RFC-1572)
+	including support for USERVAR.
+
+	Made support for the old Environment Option (RFC-1408)
+	conditional on -DOLD_ENVIRON
+
+	Added #define ENV_HACK - support for RFC 1571
+
+	The encryption code is removed from the public distributions.
+	Domestic 4.4 BSD distributions contain the encryption code.
+
+	ENV_HACK: Code to deal with systems that only implement
+		the old ENVIRON option, and have reversed definitions
+		of ENV_VAR and ENV_VAL.  Also fixes ENV processing in
+		client to handle things besides just the default set...
+
+	NO_BSD_SETJMP: UNICOS configuration for
+		UNICOS 6.1/6.0/5.1/5.0 systems.
+
+	STREAMSPTY: Use /dev/ptmx to get a clean pty.  This
+		is for SVr4 derivatives (Like Solaris)
+
+	UTMPX: For systems that have /etc/utmpx. This is for
+		SVr4 derivatives (Like Solaris)
+
+	Definitions for BSDI 1.0
+
+	Definitions for 4.3 Reno and 4.4 BSD.
+
+	Definitions for UNICOS 8.0 and UNICOS 7.C
+
+	Definitions for Solaris 2.0
+
+	Definitions for HP-UX 8.0
+
+	Latest Copyright notices from Berkeley.
+
+	FLOW-CONTROL: support for RFC-XXXx
+
+
+   Client Specific:
+
+	Fix the "send" command to not send garbage...
+
+	Fix status message for "skiprc"
+
+	Make sure to send NAWS after telnet has been suspended
+	or an external command has been run, if the window size
+	has changed.
+
+	sysV88 support.
+
+   Server Specific:
+
+	Support flowcontrol option in non-linemode servers.
+
+	-k Server supports Kludge Linemode, but will default to
+	   either single character mode or real Linemode support.
+	   The user will have to explicitly ask to switch into
+	   kludge linemode. ("stty extproc", or escape back to
+	   to telnet and say "mode line".)
+
+	-u Specify the length of the hostname field in the utmp
+	   file.  Hostname longer than this length will be put
+	   into the utmp file in dotted decimal notation, rather
+	   than putting in a truncated hostname.
+	
+	-U Registered hosts only.  If a reverse hostname lookup
+	   fails, the connection will be refused.
+
+	-f/-F
+	   Allows forwarding of credentials for KRB5.
+
+Februrary 22, 1991:
+
+    Features:
+
+	This version of telnet/telnetd has support for both
+	the AUTHENTICATION and ENCRYPTION options.  The
+	AUTHENTICATION option is fairly well defined, and
+	an option number has been assigned to it.  The
+	ENCRYPTION option is still in a state of flux; an
+	option number has been assigned to, but it is still
+	subject to change.  The code is provided in this release
+	for experimental and testing purposes.
+
+	The telnet "send" command can now be used to send
+	do/dont/will/wont commands, with any telnet option
+	name.  The rules for when do/dont/will/wont are sent
+	are still followed, so just because the user requests
+	that one of these be sent doesn't mean that it will
+	be sent...
+
+	The telnet "getstatus" command no longer requires
+	that option printing be enabled to see the response
+	to the "DO STATUS" command.
+
+	A -n flag has been added to telnetd to disable
+	keepalives.
+
+	A new telnet command, "auth" has been added (if
+	AUTHENTICATE is defined).  It has four sub-commands,
+	"status", "disable", "enable" and "help".
+
+	A new telnet command, "encrypt" has been added (if
+	ENCRYPT is defined).  It has many sub-commands:
+	"enable", "type", "start", "stop", "input",
+	"-input", "output", "-output", "status", and "help".
+
+	The LOGOUT option is now supported by both telnet
+	and telnetd, a new command, "logout", was added
+	to support this.
+
+	Several new toggle options were added:
+	    "autoencrypt", "autodecrypt", "autologin", "authdebug",
+	    "encdebug", "skiprc", "verbose_encrypt"
+
+	An "rlogin" interface has been added.  If the program
+	is named "rlogin", or the "-r" flag is given, then
+	an rlogin type of interface will be used.
+		~.	Terminates the session
+		~<susp> Suspend the session
+		~^]	Escape to telnet command mode
+		~~	Pass through the ~.
+	    BUG: If you type the rlogin escape character
+		 in the middle of a line while in rlogin
+		 mode, you cannot erase it or any characters
+		 before it.  Hopefully this can be fixed
+		 in a future release...
+
+    General changes:
+
+	A "libtelnet.a" has now been created.  This libraray
+	contains code that is common to both telnet and
+	telnetd.  This is also where library routines that
+	are needed, but are not in the standard C library,
+	are placed.
+
+	The makefiles have been re-done.  All of the site
+	specific configuration information has now been put
+	into a single "Config.generic" file, in the top level
+	directory.  Changing this one file will take care of
+	all three subdirectories.  Also, to add a new/local
+	definition, a "Config.local" file may be created
+	at the top level; if that file exists, the subdirectories
+	will use that file instead of "Config.generic".
+
+	Many 1-2 line functions in commands.c have been
+	removed, and just inserted in-line, or replaced
+	with a macro.
+
+    Bug Fixes:
+
+	The non-termio code in both telnet and telnetd was
+	setting/clearing CTLECH in the sg_flags word.  This
+	was incorrect, and has been changed to set/clear the
+	LCTLECH bit in the local mode word.
+
+	The SRCRT #define has been removed.  If IP_OPTIONS
+	and IPPROTO_IP are defined on the system, then the
+	source route code is automatically enabled.
+
+	The NO_GETTYTAB #define has been removed; there
+	is a compatability routine that can be built into
+	libtelnet to achive the same results.
+
+	The server, telnetd, has been switched to use getopt()
+	for parsing the argument list.
+
+	The code for getting the input/output speeds via
+	cfgetispeed()/cfgetospeed() was still not quite
+	right in telnet.  Posix says if the ispeed is 0,
+	then it is really equal to the ospeed.
+
+	The suboption processing code in telnet now has
+	explicit checks to make sure that we received
+	the entire suboption (telnetd was already doing this).
+
+	The telnet code for processing the terminal type
+	could cause a core dump if an existing connection
+	was closed, and a new connection opened without
+	exiting telnet.
+
+	Telnetd was doing a TCSADRAIN when setting the new
+	terminal settings;  This is not good, because it means
+	that the tcsetattr() will hang waiting for output to
+	drain, and telnetd is the only one that will drain
+	the output...  The fix is to use TCSANOW which does
+	not wait.
+
+	Telnetd was improperly setting/clearing the ISTRIP
+	flag in the c_lflag field, it should be using the
+	c_iflag field. 
+
+	When the child process of telnetd was opening the
+	slave side of the pty, it was re-setting the EXTPROC
+	bit too early, and some of the other initialization
+	code was wiping it out.  This would cause telnetd
+	to go out of linemode and into single character mode.
+
+	One instance of leaving linemode in telnetd forgot
+	to send a WILL ECHO to the client, the net result
+	would be that the user would see double character
+	echo.
+
+	If the MODE was being changed several times very
+	quickly, telnetd could get out of sync with the
+	state changes and the returning acks; and wind up
+	being left in the wrong state.
+
+September 14, 1990:
+
+	Switch the client to use getopt() for parsing the
+	argument list.  The 4.3Reno getopt.c is included for
+	systems that don't have getopt().
+
+	Use the posix _POSIX_VDISABLE value for what value
+	to use when disabling special characters.  If this
+	is undefined, it defaults to 0x3ff.
+
+	For non-termio systems, TIOCSETP was being used to
+	change the state of the terminal.  This causes the
+	input queue to be flushed, which we don't want.  This
+	is now changed to TIOCSETN.
+
+	Take out the "#ifdef notdef" around the code in the
+	server that generates a "sync" when the pty oputput
+	is flushed.  The potential problem is that some older
+	telnet clients may go into an infinate loop when they
+	receive a "sync", if so, the server can be compiled
+	with "NO_URGENT" defined.
+
+	Fix the client where it was setting/clearing the OPOST
+	bit in the c_lflag field, not the c_oflag field.
+
+	Fix the client where it was setting/clearing the ISTRIP
+	bit in the c_lflag field, not the c_iflag field.  (On
+	4.3Reno, this is the ECHOPRT bit in the c_lflag field.)
+	The client also had its interpretation of WILL BINARY
+	and DO BINARY reversed.
+
+	Fix a bug in client that would cause a core dump when
+	attempting to remove the last environment variable.
+
+	In the client, there were a few places were switch()
+	was being passed a character, and if it was a negative
+	value, it could get sign extended, and not match
+	the 8 bit case statements.  The fix is to and the
+	switch value with 0xff.
+
+	Add a couple more printoption() calls in the client, I
+	don't think there are any more places were a telnet
+	command can be received and not printed out when
+	"options" is on.
+
+	A new flag has been added to the client, "-a".  Currently,
+	this just causes the USER name to be sent across, in
+	the future this may be used to signify that automatic
+	authentication is requested.
+
+	The USER variable is now only sent by the client if
+	the "-a" or "-l user" options are explicity used, or
+	if the user explicitly asks for the "USER" environment
+	variable to be exported.  In the server, if it receives
+	the "USER" environment variable, it won't print out the
+	banner message, so that only "Password:" will be printed.
+	This makes the symantics more like rlogin, and should be
+	more familiar to the user.  (People are not used to
+	getting a banner message, and then getting just a
+	"Password:" prompt.)
+
+	Re-vamp the code for starting up the child login
+	process.  The code was getting ugly, and it was
+	hard to tell what was really going on.  What we
+	do now is after the fork(), in the child:
+		1) make sure we have no controlling tty
+		2) open and initialize the tty
+		3) do a setsid()/setpgrp()
+		4) makes the tty our controlling tty.
+	On some systems, #2 makes the tty our controlling
+	tty, and #4 is a no-op.  The parent process does
+	a gets rid of any controlling tty after the child
+	is fork()ed.
+
+	Use the strdup() library routine in telnet, instead
+	of the local savestr() routine.  If you don't have
+	strdup(), you need to define NO_STRDUP.
+
+	Add support for ^T (SIGINFO/VSTATUS), found in the
+	4.3Reno distribution.  This maps to the AYT character.
+	You need a 4-line bugfix in the kernel to get this
+	to work properly:
+
+	> *** tty_pty.c.ORG	Tue Sep 11 09:41:53 1990
+	> --- tty_pty.c	Tue Sep 11 17:48:03 1990
+	> ***************
+	> *** 609,613 ****
+	> 			if ((tp->t_lflag&NOFLSH) == 0)
+	> 				ttyflush(tp, FREAD|FWRITE);
+	> ! 			pgsignal(tp->t_pgrp, *(unsigned int *)data);
+	> 			return(0);
+	> 		}
+	> --- 609,616 ----
+	> 			if ((tp->t_lflag&NOFLSH) == 0)
+	> 				ttyflush(tp, FREAD|FWRITE);
+	> ! 			pgsignal(tp->t_pgrp, *(unsigned int *)data, 1);
+	> ! 			if ((*(unsigned int *)data == SIGINFO) &&
+	> ! 			    ((tp->t_lflag&NOKERNINFO) == 0))
+	> ! 				ttyinfo(tp);
+	> 			return(0);
+	> 		}
+
+	The client is now smarter when setting the telnet escape
+	character; it only sets it to one of VEOL and VEOL2 if
+	one of them is undefined, and the other one is not already
+	defined to the telnet escape character.
+
+	Handle TERMIOS systems that have seperate input and output
+	line speed settings imbedded in the flags.
+
+	Many other minor bug fixes.
+
+June 20, 1990:
+	Re-organize makefiles and source tree.  The telnet/Source
+	directory is now gone, and all the source that was in
+	telnet/Source is now just in the telnet directory.
+
+	Seperate makefile for each system are now gone.  There
+	are two makefiles, Makefile and Makefile.generic.
+	The "Makefile" has the definitions for the various
+	system, and "Makefile.generic" does all the work.
+	There is a variable called "WHAT" that is used to
+	specify what to make.  For example, in the telnet
+	directory, you might say:
+		make 4.4bsd WHAT=clean
+	to clean out the directory.
+
+	Add support for the ENVIRON and XDISPLOC options.
+	In order for the server to work, login has to have
+	the "-p" option to preserve environment variables.
+
+	Add the SOFT_TAB and LIT_ECHO modes in the LINEMODE support.
+
+	Add the "-l user" option to command line and open command
+	(This is passed through the ENVIRON option).
+
+	Add the "-e" command line option, for setting the escape
+	character.
+
+	Add the "-D", diagnostic, option to the server.  This allows
+	the server to print out debug information, which is very
+	useful when trying to debug a telnet that doesn't have any
+	debugging ability.
+
+	Turn off the literal next character when not in LINEMODE.
+
+	Don't recognize ^Y locally, just pass it through.
+
+	Make minor modifications for Sun4.0 and Sun4.1
+
+	Add support for both FORW1 and FORW2 characters.  The
+	telnet escpape character is set to whichever of the
+	two is not being used.  If both are in use, the escape
+	character is not set, so when in linemode the user will
+	have to follow the escape character with a <CR> or <EOF)
+	to get it passed through.
+
+	Commands can now be put in single and double quotes, and
+	a backslash is now an escape character.  This is needed
+	for allowing arbitrary strings to be assigned to environment
+	variables.
+
+	Switch telnetd to use macros like telnet for keeping
+	track of the state of all the options.
+
+	Fix telnetd's processing of options so that we always do
+	the right processing of the LINEMODE option, regardless
+	of who initiates the request to turn it on.  Also, make
+	sure that if the other side went "WILL ECHO" in response
+	to our "DO ECHO", that we send a "DONT ECHO" to get the
+	option turned back off!
+
+	Fix the TERMIOS setting of the terminal speed to handle both
+	BSD's seperate fields, and the SYSV method of CBAUD bits.
+
+	Change how we deal with the other side refusing to enable
+	an option.  The sequence used to be: send DO option; receive
+	WONT option; send DONT option.  Now, the sequence is: send
+	DO option; receive WONT option.  Both should be valid
+	according to the spec, but there has been at least one
+	client implementation of telnet identified that can get
+	really confused by this.  (The exact sequence, from a trace
+	on the server side, is (numbers are number of responses that
+	we expect to get after that line...):
+
+		send WILL ECHO	1 (initial request)
+		send WONT ECHO	2 (server is changing state)
+		recv DO ECHO	1 (first reply, ok.  expect DONT ECHO next)
+		send WILL ECHO	2 (server changes state again)
+		recv DONT ECHO	1 (second reply, ok.  expect DO ECHO next)
+		recv DONT ECHO	0 (third reply, wrong answer. got DONT!!!)
+	***	send WONT ECHO	  (send WONT to acknowledge the DONT)
+		send WILL ECHO	1 (ask again to enable option)
+		recv DO ECHO	0
+
+		recv DONT ECHO	0
+		send WONT ECHO	1
+		recv DONT ECHO	0
+		recv DO ECHO	1
+		send WILL ECHO	0
+		(and the last 5 lines loop forever)
+
+	The line with the "***" is last of the WILL/DONT/WONT sequence.
+	The change to the server to not generate that makes this same
+	example become:
+
+		send will ECHO	1
+		send wont ECHO	2
+		recv do ECHO	1
+		send will ECHO	2
+		recv dont ECHO	1
+		recv dont ECHO	0
+		recv do ECHO	1
+		send will ECHO	0
+
+	There is other option negotiation going on, and not sending
+	the third part changes some of the timings, but this specific
+	example no longer gets stuck in a loop.  The "telnet.state"
+	file has been modified to reflect this change to the algorithm.
+
+	A bunch of miscellaneous bug fixes and changes to make
+	lint happier.
+
+	This version of telnet also has some KERBEROS stuff in
+	it. This has not been tested, it uses an un-authorized
+	telnet option number, and uses an out-of-date version
+	of the (still being defined) AUTHENTICATION option.
+	There is no support for this code, do not enable it.
+
+
+March 1, 1990:
+CHANGES/BUGFIXES SINCE LAST RELEASE:
+	Some support for IP TOS has been added.  Requires that the
+	kernel support the IP_TOS socket option (currently this
+	is only in UNICOS 6.0).
+
+	Both telnet and telnetd now use the cc_t typedef.  typedefs are
+	included for systems that don't have it (in termios.h).
+
+	SLC_SUSP was not supported properly before.  It is now.
+
+	IAC EOF was not translated  properly in telnetd for SYSV_TERMIO
+	when not in linemode.  It now saves a copy of the VEOF character,
+	so that when ICANON is turned off and we can't trust it anymore
+	(because it is now the VMIN character) we use the saved value.
+
+	There were two missing "break" commands in the linemode
+	processing code in telnetd.
+
+	Telnetd wasn't setting the kernel window size information
+	properly.  It was using the rows for both rows and columns...
+
+Questions/comments go to
+		David Borman
+		Cray Research, Inc.
+		655F Lone Oak Drive
+		Eagan, MN 55123
+		dab@cray.com.
+
+README:	You are reading it.
+
+Config.generic:
+	This file contains all the OS specific definitions.  It
+	has pre-definitions for many common system types, and is
+	in standard makefile fromat.  See the comments at the top
+	of the file for more information.
+
+Config.local:
+	This is not part of the distribution, but if this file exists,
+	it is used instead of "Config.generic".  This allows site
+	specific configuration without having to modify the distributed
+	"Config.generic" file.
+
+kern.diff:
+	This file contains the diffs for the changes needed for the
+	kernel to support LINEMODE is the server.  These changes are
+	for a 4.3BSD system.  You may need to make some changes for
+	your particular system.
+
+	There is a new bit in the terminal state word, TS_EXTPROC.
+	When this bit is set, several aspects of the terminal driver
+	are disabled.  Input line editing, character echo, and
+	mapping of signals are all disabled.  This allows the telnetd
+	to turn of these functions when in linemode, but still keep
+	track of what state the user wants the terminal to be in.
+
+	New ioctl()s:
+
+		TIOCEXT		Turn on/off the TS_EXTPROC bit
+		TIOCGSTATE	Get t_state of tty to look at TS_EXTPROC bit
+		TIOCSIG		Generate a signal to processes in the
+				current process group of the pty.
+
+	There is a new mode for packet driver, the TIOCPKT_IOCTL bit.
+	When packet mode is turned on in the pty, and the TS_EXTPROC
+	bit is set, then whenever the state of the pty is changed, the
+	next read on the master side of the pty will have the TIOCPKT_IOCTL
+	bit set, and the data will contain the following:
+		struct xx {
+			struct sgttyb a;
+			struct tchars b;
+			struct ltchars c;
+			int t_state;
+			int t_flags;
+		}
+	This allows the process on the server side of the pty to know
+	when the state of the terminal has changed, and what the new
+	state is.
+
+	However, if you define USE_TERMIO or SYSV_TERMIO, the code will
+	expect that the structure returned in the TIOCPKT_IOCTL is
+	the termio/termios structure.
+
+stty.diff:
+	This file contains the changes needed for the stty(1) program
+	to report on the current status of the TS_EXTPROC bit.  It also
+	allows the user to turn on/off the TS_EXTPROC bit.  This is useful
+	because it allows the user to say "stty -extproc", and the
+	LINEMODE option will be automatically disabled, and saying "stty
+	extproc" will re-enable the LINEMODE option.
+
+telnet.state:
+	Both the client and server have code in them to deal
+	with option negotiation loops.  The algorithm that is
+	used is described in this file.
+
+telnet:
+	This directory contains the client code.  No kernel changes are
+	needed to use this code.
+
+telnetd:
+	This directory contains the server code.  If LINEMODE or KLUDGELINEMODE
+	are defined, then the kernel modifications listed above are needed.
+
+libtelnet:
+	This directory contains code that is common to both the client
+	and the server.
+
+arpa:
+	This directory has a new <arpa/telnet.h>
+
+libtelnet/Makefile.4.4:
+telnet/Makefile.4.4:
+telnetd/Makefile.4.4:
+	These are the makefiles that can be used on a 4.3Reno
+	system when this software is installed in /usr/src/lib/libtelnet,
+	/usr/src/libexec/telnetd, and /usr/src/usr.bin/telnet.
+
+
+The following TELNET options are supported:
+	
+	LINEMODE:
+		The LINEMODE option is supported as per RFC1116.  The
+		FORWARDMASK option is not currently supported.
+
+	BINARY: The client has the ability to turn on/off the BINARY
+		option in each direction.  Turning on BINARY from
+		server to client causes the LITOUT bit to get set in
+		the terminal driver on both ends,  turning on BINARY
+		from the client to the server causes the PASS8 bit
+		to get set in the terminal driver on both ends.
+
+	TERMINAL-TYPE:
+		This is supported as per RFC1091.  On the server side,
+		when a terminal type is received, termcap/terminfo
+		is consulted to determine if it is a known terminal
+		type.  It keeps requesting terminal types until it
+		gets one that it recongnizes, or hits the end of the
+		list.  The server side looks up the entry in the
+		termcap/terminfo data base, and generates a list of
+		names which it then passes one at a time to each
+		request for a terminal type, duplicating the last
+		entry in the list before cycling back to the beginning.
+
+	NAWS:	The Negotiate about Window Size, as per RFC 1073.
+
+	TERMINAL-SPEED:
+		Implemented as per RFC 1079
+
+	TOGGLE-FLOW-CONTROL:
+		Implemented as per RFC 1080
+
+	TIMING-MARK:
+		As per RFC 860
+
+	SGA:	As per RFC 858
+
+	ECHO:	As per RFC 857
+
+	LOGOUT: As per RFC 727
+
+	STATUS:
+		The server will send its current status upon
+		request.  It does not ask for the clients status.
+		The client will request the servers current status
+		from the "send getstatus" command.
+
+	ENVIRON:
+		This option is currently being defined by the IETF
+		Telnet Working Group, and an RFC has not yet been
+		issued, but should be in the near future...
+
+	X-DISPLAY-LOCATION:
+		This functionality can be done through the ENVIRON
+		option, it is added here for completeness.
+
+	AUTHENTICATION:
+		This option is currently being defined by the IETF
+		Telnet Working Group, and an RFC has not yet been
+		issued.  The basic framework is pretty much decided,
+		but the definitions for the specific authentication
+		schemes is still in a state of flux.
+
+	ENCRYPTION:
+		This option is currently being defined by the IETF
+		Telnet Working Group, and an RFC has not yet been
+		issued.  The draft RFC is still in a state of flux,
+		so this code may change in the future.
diff --git a/crypto/kerberosIV/appl/telnet/arpa/telnet.h b/crypto/kerberosIV/appl/telnet/arpa/telnet.h
new file mode 100644
index 0000000..5d9ef60
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/arpa/telnet.h
@@ -0,0 +1,323 @@
+/*
+ * Copyright (c) 1983, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)telnet.h	8.2 (Berkeley) 12/15/93
+ */
+
+#ifndef _TELNET_H_
+#define	_TELNET_H_
+
+/*
+ * Definitions for the TELNET protocol.
+ */
+#define	IAC	255		/* interpret as command: */
+#define	DONT	254		/* you are not to use option */
+#define	DO	253		/* please, you use option */
+#define	WONT	252		/* I won't use option */
+#define	WILL	251		/* I will use option */
+#define	SB	250		/* interpret as subnegotiation */
+#define	GA	249		/* you may reverse the line */
+#define	EL	248		/* erase the current line */
+#define	EC	247		/* erase the current character */
+#define	AYT	246		/* are you there */
+#define	AO	245		/* abort output--but let prog finish */
+#define	IP	244		/* interrupt process--permanently */
+#define	BREAK	243		/* break */
+#define	DM	242		/* data mark--for connect. cleaning */
+#define	NOP	241		/* nop */
+#define	SE	240		/* end sub negotiation */
+#define EOR     239             /* end of record (transparent mode) */
+#define	ABORT	238		/* Abort process */
+#define	SUSP	237		/* Suspend process */
+#define	xEOF	236		/* End of file: EOF is already used... */
+
+#define SYNCH	242		/* for telfunc calls */
+
+#ifdef TELCMDS
+char *telcmds[] = {
+	"EOF", "SUSP", "ABORT", "EOR",
+	"SE", "NOP", "DMARK", "BRK", "IP", "AO", "AYT", "EC",
+	"EL", "GA", "SB", "WILL", "WONT", "DO", "DONT", "IAC", 0,
+};
+#else
+extern char *telcmds[];
+#endif
+
+#define	TELCMD_FIRST	xEOF
+#define	TELCMD_LAST	IAC
+#define	TELCMD_OK(x)	((unsigned int)(x) <= TELCMD_LAST && \
+			 (unsigned int)(x) >= TELCMD_FIRST)
+#define	TELCMD(x)	telcmds[(x)-TELCMD_FIRST]
+
+/* telnet options */
+#define TELOPT_BINARY	0	/* 8-bit data path */
+#define TELOPT_ECHO	1	/* echo */
+#define	TELOPT_RCP	2	/* prepare to reconnect */
+#define	TELOPT_SGA	3	/* suppress go ahead */
+#define	TELOPT_NAMS	4	/* approximate message size */
+#define	TELOPT_STATUS	5	/* give status */
+#define	TELOPT_TM	6	/* timing mark */
+#define	TELOPT_RCTE	7	/* remote controlled transmission and echo */
+#define TELOPT_NAOL 	8	/* negotiate about output line width */
+#define TELOPT_NAOP 	9	/* negotiate about output page size */
+#define TELOPT_NAOCRD	10	/* negotiate about CR disposition */
+#define TELOPT_NAOHTS	11	/* negotiate about horizontal tabstops */
+#define TELOPT_NAOHTD	12	/* negotiate about horizontal tab disposition */
+#define TELOPT_NAOFFD	13	/* negotiate about formfeed disposition */
+#define TELOPT_NAOVTS	14	/* negotiate about vertical tab stops */
+#define TELOPT_NAOVTD	15	/* negotiate about vertical tab disposition */
+#define TELOPT_NAOLFD	16	/* negotiate about output LF disposition */
+#define TELOPT_XASCII	17	/* extended ascic character set */
+#define	TELOPT_LOGOUT	18	/* force logout */
+#define	TELOPT_BM	19	/* byte macro */
+#define	TELOPT_DET	20	/* data entry terminal */
+#define	TELOPT_SUPDUP	21	/* supdup protocol */
+#define	TELOPT_SUPDUPOUTPUT 22	/* supdup output */
+#define	TELOPT_SNDLOC	23	/* send location */
+#define	TELOPT_TTYPE	24	/* terminal type */
+#define	TELOPT_EOR	25	/* end or record */
+#define	TELOPT_TUID	26	/* TACACS user identification */
+#define	TELOPT_OUTMRK	27	/* output marking */
+#define	TELOPT_TTYLOC	28	/* terminal location number */
+#define	TELOPT_3270REGIME 29	/* 3270 regime */
+#define	TELOPT_X3PAD	30	/* X.3 PAD */
+#define	TELOPT_NAWS	31	/* window size */
+#define	TELOPT_TSPEED	32	/* terminal speed */
+#define	TELOPT_LFLOW	33	/* remote flow control */
+#define TELOPT_LINEMODE	34	/* Linemode option */
+#define TELOPT_XDISPLOC	35	/* X Display Location */
+#define TELOPT_OLD_ENVIRON 36	/* Old - Environment variables */
+#define	TELOPT_AUTHENTICATION 37/* Authenticate */
+#define	TELOPT_ENCRYPT	38	/* Encryption option */
+#define TELOPT_NEW_ENVIRON 39	/* New - Environment variables */
+#define	TELOPT_EXOPL	255	/* extended-options-list */
+
+
+#define	NTELOPTS	(1+TELOPT_NEW_ENVIRON)
+#ifdef TELOPTS
+char *telopts[NTELOPTS+1] = {
+	"BINARY", "ECHO", "RCP", "SUPPRESS GO AHEAD", "NAME",
+	"STATUS", "TIMING MARK", "RCTE", "NAOL", "NAOP",
+	"NAOCRD", "NAOHTS", "NAOHTD", "NAOFFD", "NAOVTS",
+	"NAOVTD", "NAOLFD", "EXTEND ASCII", "LOGOUT", "BYTE MACRO",
+	"DATA ENTRY TERMINAL", "SUPDUP", "SUPDUP OUTPUT",
+	"SEND LOCATION", "TERMINAL TYPE", "END OF RECORD",
+	"TACACS UID", "OUTPUT MARKING", "TTYLOC",
+	"3270 REGIME", "X.3 PAD", "NAWS", "TSPEED", "LFLOW",
+	"LINEMODE", "XDISPLOC", "OLD-ENVIRON", "AUTHENTICATION",
+	"ENCRYPT", "NEW-ENVIRON",
+	0,
+};
+#define	TELOPT_FIRST	TELOPT_BINARY
+#define	TELOPT_LAST	TELOPT_NEW_ENVIRON
+#define	TELOPT_OK(x)	((unsigned int)(x) <= TELOPT_LAST)
+#define	TELOPT(x)	telopts[(x)-TELOPT_FIRST]
+#endif
+
+/* sub-option qualifiers */
+#define	TELQUAL_IS	0	/* option is... */
+#define	TELQUAL_SEND	1	/* send option */
+#define	TELQUAL_INFO	2	/* ENVIRON: informational version of IS */
+#define	TELQUAL_REPLY	2	/* AUTHENTICATION: client version of IS */
+#define	TELQUAL_NAME	3	/* AUTHENTICATION: client version of IS */
+
+#define	LFLOW_OFF		0	/* Disable remote flow control */
+#define	LFLOW_ON		1	/* Enable remote flow control */
+#define	LFLOW_RESTART_ANY	2	/* Restart output on any char */
+#define	LFLOW_RESTART_XON	3	/* Restart output only on XON */
+
+/*
+ * LINEMODE suboptions
+ */
+
+#define	LM_MODE		1
+#define	LM_FORWARDMASK	2
+#define	LM_SLC		3
+
+#define	MODE_EDIT	0x01
+#define	MODE_TRAPSIG	0x02
+#define	MODE_ACK	0x04
+#define MODE_SOFT_TAB	0x08
+#define MODE_LIT_ECHO	0x10
+
+#define	MODE_MASK	0x1f
+
+/* Not part of protocol, but needed to simplify things... */
+#define MODE_FLOW		0x0100
+#define MODE_ECHO		0x0200
+#define MODE_INBIN		0x0400
+#define MODE_OUTBIN		0x0800
+#define MODE_FORCE		0x1000
+
+#define	SLC_SYNCH	1
+#define	SLC_BRK		2
+#define	SLC_IP		3
+#define	SLC_AO		4
+#define	SLC_AYT		5
+#define	SLC_EOR		6
+#define	SLC_ABORT	7
+#define	SLC_EOF		8
+#define	SLC_SUSP	9
+#define	SLC_EC		10
+#define	SLC_EL		11
+#define	SLC_EW		12
+#define	SLC_RP		13
+#define	SLC_LNEXT	14
+#define	SLC_XON		15
+#define	SLC_XOFF	16
+#define	SLC_FORW1	17
+#define	SLC_FORW2	18
+
+#define	NSLC		18
+
+/*
+ * For backwards compatability, we define SLC_NAMES to be the
+ * list of names if SLC_NAMES is not defined.
+ */
+#define	SLC_NAMELIST	"0", "SYNCH", "BRK", "IP", "AO", "AYT", "EOR", \
+			"ABORT", "EOF", "SUSP", "EC", "EL", "EW", "RP", \
+			"LNEXT", "XON", "XOFF", "FORW1", "FORW2", 0,
+#ifdef	SLC_NAMES
+char *slc_names[] = {
+	SLC_NAMELIST
+};
+#else
+extern char *slc_names[];
+#define	SLC_NAMES SLC_NAMELIST
+#endif
+
+#define	SLC_NAME_OK(x)	((unsigned int)(x) <= NSLC)
+#define SLC_NAME(x)	slc_names[x]
+
+#define	SLC_NOSUPPORT	0
+#define	SLC_CANTCHANGE	1
+#define	SLC_VARIABLE	2
+#define	SLC_DEFAULT	3
+#define	SLC_LEVELBITS	0x03
+
+#define	SLC_FUNC	0
+#define	SLC_FLAGS	1
+#define	SLC_VALUE	2
+
+#define	SLC_ACK		0x80
+#define	SLC_FLUSHIN	0x40
+#define	SLC_FLUSHOUT	0x20
+
+#define	OLD_ENV_VAR	1
+#define	OLD_ENV_VALUE	0
+#define	NEW_ENV_VAR	0
+#define	NEW_ENV_VALUE	1
+#define	ENV_ESC		2
+#define ENV_USERVAR	3
+
+/*
+ * AUTHENTICATION suboptions
+ */
+
+/*
+ * Who is authenticating who ...
+ */
+#define	AUTH_WHO_CLIENT		0	/* Client authenticating server */
+#define	AUTH_WHO_SERVER		1	/* Server authenticating client */
+#define	AUTH_WHO_MASK		1
+
+/*
+ * amount of authentication done
+ */
+#define	AUTH_HOW_ONE_WAY	0
+#define	AUTH_HOW_MUTUAL		2
+#define	AUTH_HOW_MASK		2
+
+#define	AUTHTYPE_NULL		0
+#define	AUTHTYPE_KERBEROS_V4	1
+#define	AUTHTYPE_KERBEROS_V5	2
+#define	AUTHTYPE_SPX		3
+#define	AUTHTYPE_MINK		4
+#define	AUTHTYPE_SRA		5
+#define	AUTHTYPE_CNT		6
+/* #define	AUTHTYPE_UNSECURE 6 */
+
+#define	AUTHTYPE_TEST		99
+
+#ifdef	AUTH_NAMES
+char *authtype_names[] = {
+	"NULL", "KERBEROS_V4", "KERBEROS_V5", "SPX", "MINK",
+	"SRA", 0,
+};
+#else
+extern char *authtype_names[];
+#endif
+
+#define	AUTHTYPE_NAME_OK(x)	((unsigned int)(x) < AUTHTYPE_CNT)
+#define	AUTHTYPE_NAME(x)	authtype_names[x]
+
+/*
+ * ENCRYPTion suboptions
+ */
+#define	ENCRYPT_IS		0	/* I pick encryption type ... */
+#define	ENCRYPT_SUPPORT		1	/* I support encryption types ... */
+#define	ENCRYPT_REPLY		2	/* Initial setup response */
+#define	ENCRYPT_START		3	/* Am starting to send encrypted */
+#define	ENCRYPT_END		4	/* Am ending encrypted */
+#define	ENCRYPT_REQSTART	5	/* Request you start encrypting */
+#define	ENCRYPT_REQEND		6	/* Request you send encrypting */
+#define	ENCRYPT_ENC_KEYID	7
+#define	ENCRYPT_DEC_KEYID	8
+#define	ENCRYPT_CNT		9
+
+#define	ENCTYPE_ANY		0
+#define	ENCTYPE_DES_CFB64	1
+#define	ENCTYPE_DES_OFB64	2
+#define	ENCTYPE_CNT		3
+
+#ifdef	ENCRYPT_NAMES
+char *encrypt_names[] = {
+	"IS", "SUPPORT", "REPLY", "START", "END",
+	"REQUEST-START", "REQUEST-END", "ENC-KEYID", "DEC-KEYID",
+	0,
+};
+char *enctype_names[] = {
+	"ANY", "DES_CFB64",  "DES_OFB64",  0,
+};
+#else
+extern char *encrypt_names[];
+extern char *enctype_names[];
+#endif
+
+
+#define	ENCRYPT_NAME_OK(x)	((unsigned int)(x) < ENCRYPT_CNT)
+#define	ENCRYPT_NAME(x)		encrypt_names[x]
+
+#define	ENCTYPE_NAME_OK(x)	((unsigned int)(x) < ENCTYPE_CNT)
+#define	ENCTYPE_NAME(x)		enctype_names[x]
+
+#endif /* !_TELNET_H_ */
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/Makefile.am b/crypto/kerberosIV/appl/telnet/libtelnet/Makefile.am
new file mode 100644
index 0000000..8806f88
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/Makefile.am
@@ -0,0 +1,24 @@
+# $Id: Makefile.am,v 1.8 1999/03/20 13:58:15 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += -I$(srcdir)/.. $(INCLUDE_krb4)
+
+noinst_LIBRARIES = libtelnet.a
+
+libtelnet_a_SOURCES = \
+	auth-proto.h	\
+	auth.c		\
+	auth.h		\
+	enc-proto.h	\
+	enc_des.c	\
+	encrypt.c	\
+	encrypt.h	\
+	genget.c	\
+	kerberos.c	\
+	kerberos5.c	\
+	misc-proto.h	\
+	misc.c		\
+	misc.h
+
+EXTRA_DIST = krb4encpwd.c rsaencpwd.c spx.c
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/Makefile.in b/crypto/kerberosIV/appl/telnet/libtelnet/Makefile.in
new file mode 100644
index 0000000..b8ca629
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/Makefile.in
@@ -0,0 +1,54 @@
+# $Id: Makefile.in,v 1.28 1999/03/11 13:50:00 joda Exp $
+
+srcdir		= @srcdir@
+top_srcdir	= @top_srcdir@
+VPATH		= @srcdir@
+
+SHELL		= /bin/sh
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LIBNAME = $(LIBPREFIX)telnet
+LIBEXT = a
+LIBPREFIX = @LIBPREFIX@
+LIB = $(LIBNAME).$(LIBEXT)
+
+prefix = @prefix@
+
+SOURCES=auth.c encrypt.c genget.c enc_des.c misc.c kerberos.c kerberos5.c
+
+OBJECTS=auth.o encrypt.o genget.o enc_des.o misc.o kerberos.o kerberos5.o
+
+all: $(LIB)
+
+libtop = @libtop@
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../../include -I$(srcdir)/.. $(CFLAGS) $(CPPFLAGS) $<
+
+$(LIB): $(OBJECTS)
+	rm -f $@
+	$(AR) cr $@ $(OBJECTS)
+	-$(RANLIB) $@
+
+install:
+	@true
+
+uninstall:
+	@true
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+clean cleandir:
+	rm -f *.o *.a \#* *~ core
+
+distclean: clean
+	rm -f Makefile *~
+
+.PHONY: all install uninstall clean cleandir distclean
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/auth-proto.h b/crypto/kerberosIV/appl/telnet/libtelnet/auth-proto.h
new file mode 100644
index 0000000..bcc4c64
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/auth-proto.h
@@ -0,0 +1,122 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)auth-proto.h	8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* $Id: auth-proto.h,v 1.9 1998/06/09 19:24:40 joda Exp $ */
+
+#ifdef AUTHENTICATION
+Authenticator *findauthenticator (int, int);
+
+int auth_wait (char *, size_t);
+void auth_disable_name (char *);
+void auth_finished (Authenticator *, int);
+void auth_gen_printsub (unsigned char *, int, unsigned char *, int);
+void auth_init (char *, int);
+void auth_is (unsigned char *, int);
+void auth_name(unsigned char*, int);
+void auth_reply (unsigned char *, int);
+void auth_request (void);
+void auth_send (unsigned char *, int);
+void auth_send_retry (void);
+void auth_printsub(unsigned char*, int, unsigned char*, int);
+int getauthmask(char *type, int *maskp);
+int auth_enable(char *type);
+int auth_disable(char *type);
+int auth_onoff(char *type, int on);
+int auth_togdebug(int on);
+int auth_status(void);
+int auth_sendname(unsigned char *cp, int len);
+void auth_debug(int mode);
+void auth_gen_printsub(unsigned char *data, int cnt,
+		       unsigned char *buf, int buflen);
+
+#ifdef UNSAFE
+int unsafe_init (Authenticator *, int);
+int unsafe_send (Authenticator *);
+void unsafe_is (Authenticator *, unsigned char *, int);
+void unsafe_reply (Authenticator *, unsigned char *, int);
+int unsafe_status (Authenticator *, char *, int);
+void unsafe_printsub (unsigned char *, int, unsigned char *, int);
+#endif
+
+#ifdef SRA
+int sra_init (Authenticator *, int);
+int sra_send (Authenticator *);
+void sra_is (Authenticator *, unsigned char *, int);
+void sra_reply (Authenticator *, unsigned char *, int);
+int sra_status (Authenticator *, char *, int);
+void sra_printsub (unsigned char *, int, unsigned char *, int);
+#endif
+
+#ifdef	KRB4
+int kerberos4_init (Authenticator *, int);
+int kerberos4_send_mutual (Authenticator *);
+int kerberos4_send_oneway (Authenticator *);
+void kerberos4_is (Authenticator *, unsigned char *, int);
+void kerberos4_reply (Authenticator *, unsigned char *, int);
+int kerberos4_status (Authenticator *, char *, size_t, int);
+void kerberos4_printsub (unsigned char *, int, unsigned char *, int);
+int kerberos4_forward(Authenticator *ap, void *);
+#endif
+
+#ifdef	KRB5
+int kerberos5_init (Authenticator *, int);
+int kerberos5_send_mutual (Authenticator *);
+int kerberos5_send_oneway (Authenticator *);
+void kerberos5_is (Authenticator *, unsigned char *, int);
+void kerberos5_reply (Authenticator *, unsigned char *, int);
+int kerberos5_status (Authenticator *, char *, size_t, int);
+void kerberos5_printsub (unsigned char *, int, unsigned char *, int);
+#endif
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/auth.c b/crypto/kerberosIV/appl/telnet/libtelnet/auth.c
new file mode 100644
index 0000000..31d3ede
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/auth.c
@@ -0,0 +1,657 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <config.h>
+
+RCSID("$Id: auth.c,v 1.22 1999/03/11 13:48:52 joda Exp $");
+
+#if	defined(AUTHENTICATION)
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <signal.h>
+#define	AUTH_NAMES
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+#include <stdlib.h>
+#include <string.h>
+
+#include <roken.h>
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc-proto.h"
+#include "auth-proto.h"
+
+#define	typemask(x)		(1<<((x)-1))
+
+#ifdef	KRB4_ENCPWD
+extern krb4encpwd_init();
+extern krb4encpwd_send();
+extern krb4encpwd_is();
+extern krb4encpwd_reply();
+extern krb4encpwd_status();
+extern krb4encpwd_printsub();
+#endif
+
+#ifdef	RSA_ENCPWD
+extern rsaencpwd_init();
+extern rsaencpwd_send();
+extern rsaencpwd_is();
+extern rsaencpwd_reply();
+extern rsaencpwd_status();
+extern rsaencpwd_printsub();
+#endif
+
+int auth_debug_mode = 0;
+static 	char	*Name = "Noname";
+static	int	Server = 0;
+static	Authenticator	*authenticated = 0;
+static	int	authenticating = 0;
+static	int	validuser = 0;
+static	unsigned char	_auth_send_data[256];
+static	unsigned char	*auth_send_data;
+static	int	auth_send_cnt = 0;
+
+/*
+ * Authentication types supported.  Plese note that these are stored
+ * in priority order, i.e. try the first one first.
+ */
+Authenticator authenticators[] = {
+#ifdef UNSAFE
+    { AUTHTYPE_UNSAFE, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+      unsafe_init,
+      unsafe_send,
+      unsafe_is,
+      unsafe_reply,
+      unsafe_status,
+      unsafe_printsub },
+#endif
+#ifdef SRA
+    { AUTHTYPE_SRA, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+      sra_init,
+      sra_send,
+      sra_is,
+      sra_reply,
+      sra_status,
+      sra_printsub },
+#endif
+#ifdef	SPX
+    { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+      spx_init,
+      spx_send,
+      spx_is,
+      spx_reply,
+      spx_status,
+      spx_printsub },
+    { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+      spx_init,
+      spx_send,
+      spx_is,
+      spx_reply,
+      spx_status,
+      spx_printsub },
+#endif
+#ifdef	KRB5
+    { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+      kerberos5_init,
+      kerberos5_send_mutual,
+      kerberos5_is,
+      kerberos5_reply,
+      kerberos5_status,
+      kerberos5_printsub },
+    { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+      kerberos5_init,
+      kerberos5_send_oneway,
+      kerberos5_is,
+      kerberos5_reply,
+      kerberos5_status,
+      kerberos5_printsub },
+#endif
+#ifdef	KRB4
+    { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+      kerberos4_init,
+      kerberos4_send_mutual,
+      kerberos4_is,
+      kerberos4_reply,
+      kerberos4_status,
+      kerberos4_printsub },
+    { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+      kerberos4_init,
+      kerberos4_send_oneway,
+      kerberos4_is,
+      kerberos4_reply,
+      kerberos4_status,
+      kerberos4_printsub },
+#endif
+#ifdef	KRB4_ENCPWD
+    { AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+      krb4encpwd_init,
+      krb4encpwd_send,
+      krb4encpwd_is,
+      krb4encpwd_reply,
+      krb4encpwd_status,
+      krb4encpwd_printsub },
+#endif
+#ifdef	RSA_ENCPWD
+    { AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+      rsaencpwd_init,
+      rsaencpwd_send,
+      rsaencpwd_is,
+      rsaencpwd_reply,
+      rsaencpwd_status,
+      rsaencpwd_printsub },
+#endif
+    { 0, },
+};
+
+static Authenticator NoAuth = { 0 };
+
+static int	i_support = 0;
+static int	i_wont_support = 0;
+
+Authenticator *
+findauthenticator(int type, int way)
+{
+    Authenticator *ap = authenticators;
+
+    while (ap->type && (ap->type != type || ap->way != way))
+	++ap;
+    return(ap->type ? ap : 0);
+}
+
+void
+auth_init(char *name, int server)
+{
+    Authenticator *ap = authenticators;
+
+    Server = server;
+    Name = name;
+
+    i_support = 0;
+    authenticated = 0;
+    authenticating = 0;
+    while (ap->type) {
+	if (!ap->init || (*ap->init)(ap, server)) {
+	    i_support |= typemask(ap->type);
+	    if (auth_debug_mode)
+		printf(">>>%s: I support auth type %d %d\r\n",
+		       Name,
+		       ap->type, ap->way);
+	}
+	else if (auth_debug_mode)
+	    printf(">>>%s: Init failed: auth type %d %d\r\n",
+		   Name, ap->type, ap->way);
+	++ap;
+    }
+}
+
+void
+auth_disable_name(char *name)
+{
+    int x;
+    for (x = 0; x < AUTHTYPE_CNT; ++x) {
+	if (!strcasecmp(name, AUTHTYPE_NAME(x))) {
+	    i_wont_support |= typemask(x);
+	    break;
+	}
+    }
+}
+
+int
+getauthmask(char *type, int *maskp)
+{
+    int x;
+
+    if (!strcasecmp(type, AUTHTYPE_NAME(0))) {
+	*maskp = -1;
+	return(1);
+    }
+
+    for (x = 1; x < AUTHTYPE_CNT; ++x) {
+	if (!strcasecmp(type, AUTHTYPE_NAME(x))) {
+	    *maskp = typemask(x);
+	    return(1);
+	}
+    }
+    return(0);
+}
+
+int
+auth_enable(char *type)
+{
+    return(auth_onoff(type, 1));
+}
+
+int
+auth_disable(char *type)
+{
+    return(auth_onoff(type, 0));
+}
+
+int
+auth_onoff(char *type, int on)
+{
+    int i, mask = -1;
+    Authenticator *ap;
+
+    if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
+	printf("auth %s 'type'\n", on ? "enable" : "disable");
+	printf("Where 'type' is one of:\n");
+	printf("\t%s\n", AUTHTYPE_NAME(0));
+	mask = 0;
+	for (ap = authenticators; ap->type; ap++) {
+	    if ((mask & (i = typemask(ap->type))) != 0)
+		continue;
+	    mask |= i;
+	    printf("\t%s\n", AUTHTYPE_NAME(ap->type));
+	}
+	return(0);
+    }
+
+    if (!getauthmask(type, &mask)) {
+	printf("%s: invalid authentication type\n", type);
+	return(0);
+    }
+    if (on)
+	i_wont_support &= ~mask;
+    else
+	i_wont_support |= mask;
+    return(1);
+}
+
+int
+auth_togdebug(int on)
+{
+    if (on < 0)
+	auth_debug_mode ^= 1;
+    else
+	auth_debug_mode = on;
+    printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
+    return(1);
+}
+
+int
+auth_status(void)
+{
+    Authenticator *ap;
+    int i, mask;
+
+    if (i_wont_support == -1)
+	printf("Authentication disabled\n");
+    else
+	printf("Authentication enabled\n");
+
+    mask = 0;
+    for (ap = authenticators; ap->type; ap++) {
+	if ((mask & (i = typemask(ap->type))) != 0)
+	    continue;
+	mask |= i;
+	printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
+	       (i_wont_support & typemask(ap->type)) ?
+	       "disabled" : "enabled");
+    }
+    return(1);
+}
+
+/*
+ * This routine is called by the server to start authentication
+ * negotiation.
+ */
+void
+auth_request(void)
+{
+    static unsigned char str_request[64] = { IAC, SB,
+					     TELOPT_AUTHENTICATION,
+					     TELQUAL_SEND, };
+    Authenticator *ap = authenticators;
+    unsigned char *e = str_request + 4;
+
+    if (!authenticating) {
+	authenticating = 1;
+	while (ap->type) {
+	    if (i_support & ~i_wont_support & typemask(ap->type)) {
+		if (auth_debug_mode) {
+		    printf(">>>%s: Sending type %d %d\r\n",
+			   Name, ap->type, ap->way);
+		}
+		*e++ = ap->type;
+		*e++ = ap->way;
+	    }
+	    ++ap;
+	}
+	*e++ = IAC;
+	*e++ = SE;
+	telnet_net_write(str_request, e - str_request);
+	printsub('>', &str_request[2], e - str_request - 2);
+    }
+}
+
+/*
+ * This is called when an AUTH SEND is received.
+ * It should never arrive on the server side (as only the server can
+ * send an AUTH SEND).
+ * You should probably respond to it if you can...
+ *
+ * If you want to respond to the types out of order (i.e. even
+ * if he sends  LOGIN KERBEROS and you support both, you respond
+ * with KERBEROS instead of LOGIN (which is against what the
+ * protocol says)) you will have to hack this code...
+ */
+void
+auth_send(unsigned char *data, int cnt)
+{
+    Authenticator *ap;
+    static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION,
+					TELQUAL_IS, AUTHTYPE_NULL, 0,
+					IAC, SE };
+    if (Server) {
+	if (auth_debug_mode) {
+	    printf(">>>%s: auth_send called!\r\n", Name);
+	}
+	return;
+    }
+
+    if (auth_debug_mode) {
+	printf(">>>%s: auth_send got:", Name);
+	printd(data, cnt); printf("\r\n");
+    }
+
+    /*
+     * Save the data, if it is new, so that we can continue looking
+     * at it if the authorization we try doesn't work
+     */
+    if (data < _auth_send_data ||
+	data > _auth_send_data + sizeof(_auth_send_data)) {
+	auth_send_cnt = cnt > sizeof(_auth_send_data)
+	    ? sizeof(_auth_send_data)
+	    : cnt;
+	memmove(_auth_send_data, data, auth_send_cnt);
+	auth_send_data = _auth_send_data;
+    } else {
+	/*
+	 * This is probably a no-op, but we just make sure
+	 */
+	auth_send_data = data;
+	auth_send_cnt = cnt;
+    }
+    while ((auth_send_cnt -= 2) >= 0) {
+	if (auth_debug_mode)
+	    printf(">>>%s: He supports %d\r\n",
+		   Name, *auth_send_data);
+	if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) {
+	    ap = findauthenticator(auth_send_data[0],
+				   auth_send_data[1]);
+	    if (ap && ap->send) {
+		if (auth_debug_mode)
+		    printf(">>>%s: Trying %d %d\r\n",
+			   Name, auth_send_data[0],
+			   auth_send_data[1]);
+		if ((*ap->send)(ap)) {
+		    /*
+		     * Okay, we found one we like
+		     * and did it.
+		     * we can go home now.
+		     */
+		    if (auth_debug_mode)
+			printf(">>>%s: Using type %d\r\n",
+			       Name, *auth_send_data);
+		    auth_send_data += 2;
+		    return;
+		}
+	    }
+	    /* else
+	     *	just continue on and look for the
+	     *	next one if we didn't do anything.
+	     */
+	}
+	auth_send_data += 2;
+    }
+    telnet_net_write(str_none, sizeof(str_none));
+    printsub('>', &str_none[2], sizeof(str_none) - 2);
+    if (auth_debug_mode)
+	printf(">>>%s: Sent failure message\r\n", Name);
+    auth_finished(0, AUTH_REJECT);
+#ifdef KANNAN
+    /*
+     *  We requested strong authentication, however no mechanisms worked.
+     *  Therefore, exit on client end.
+     */
+    printf("Unable to securely authenticate user ... exit\n");
+    exit(0);
+#endif /* KANNAN */
+}
+
+void
+auth_send_retry(void)
+{
+    /*
+     * if auth_send_cnt <= 0 then auth_send will end up rejecting
+     * the authentication and informing the other side of this.
+	 */
+    auth_send(auth_send_data, auth_send_cnt);
+}
+
+void
+auth_is(unsigned char *data, int cnt)
+{
+    Authenticator *ap;
+
+    if (cnt < 2)
+	return;
+
+    if (data[0] == AUTHTYPE_NULL) {
+	auth_finished(0, AUTH_REJECT);
+	return;
+    }
+
+    if ((ap = findauthenticator(data[0], data[1]))) {
+	if (ap->is)
+	    (*ap->is)(ap, data+2, cnt-2);
+    } else if (auth_debug_mode)
+	printf(">>>%s: Invalid authentication in IS: %d\r\n",
+	       Name, *data);
+}
+
+void
+auth_reply(unsigned char *data, int cnt)
+{
+    Authenticator *ap;
+
+    if (cnt < 2)
+	return;
+
+    if ((ap = findauthenticator(data[0], data[1]))) {
+	if (ap->reply)
+	    (*ap->reply)(ap, data+2, cnt-2);
+    } else if (auth_debug_mode)
+	printf(">>>%s: Invalid authentication in SEND: %d\r\n",
+	       Name, *data);
+}
+
+void
+auth_name(unsigned char *data, int cnt)
+{
+    char savename[256];
+
+    if (cnt < 1) {
+	if (auth_debug_mode)
+	    printf(">>>%s: Empty name in NAME\r\n", Name);
+	return;
+    }
+    if (cnt > sizeof(savename) - 1) {
+	if (auth_debug_mode)
+	    printf(">>>%s: Name in NAME (%d) exceeds %lu length\r\n",
+		   Name, cnt, (unsigned long)(sizeof(savename)-1));
+	return;
+    }
+    memmove(savename, data, cnt);
+    savename[cnt] = '\0';	/* Null terminate */
+    if (auth_debug_mode)
+	printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
+    auth_encrypt_user(savename);
+}
+
+int
+auth_sendname(unsigned char *cp, int len)
+{
+    static unsigned char str_request[256+6]
+	= { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, };
+    unsigned char *e = str_request + 4;
+    unsigned char *ee = &str_request[sizeof(str_request)-2];
+
+    while (--len >= 0) {
+	if ((*e++ = *cp++) == IAC)
+	    *e++ = IAC;
+	if (e >= ee)
+	    return(0);
+    }
+    *e++ = IAC;
+    *e++ = SE;
+    telnet_net_write(str_request, e - str_request);
+    printsub('>', &str_request[2], e - &str_request[2]);
+    return(1);
+}
+
+void
+auth_finished(Authenticator *ap, int result)
+{
+    if (!(authenticated = ap))
+	authenticated = &NoAuth;
+    validuser = result;
+}
+
+/* ARGSUSED */
+static void
+auth_intr(int sig)
+{
+    auth_finished(0, AUTH_REJECT);
+}
+
+int
+auth_wait(char *name, size_t name_sz)
+{
+    if (auth_debug_mode)
+	printf(">>>%s: in auth_wait.\r\n", Name);
+
+    if (Server && !authenticating)
+	return(0);
+
+    signal(SIGALRM, auth_intr);
+    alarm(30);
+    while (!authenticated)
+	if (telnet_spin())
+	    break;
+    alarm(0);
+    signal(SIGALRM, SIG_DFL);
+
+    /*
+     * Now check to see if the user is valid or not
+     */
+    if (!authenticated || authenticated == &NoAuth)
+	return(AUTH_REJECT);
+
+    if (validuser == AUTH_VALID)
+	validuser = AUTH_USER;
+
+    if (authenticated->status)
+	validuser = (*authenticated->status)(authenticated,
+					     name, name_sz,
+					     validuser);
+    return(validuser);
+}
+
+void
+auth_debug(int mode)
+{
+    auth_debug_mode = mode;
+}
+
+void
+auth_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
+{
+    Authenticator *ap;
+
+    if ((ap = findauthenticator(data[1], data[2])) && ap->printsub)
+	(*ap->printsub)(data, cnt, buf, buflen);
+    else
+	auth_gen_printsub(data, cnt, buf, buflen);
+}
+
+void
+auth_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
+{
+    unsigned char *cp;
+    unsigned char tbuf[16];
+
+    cnt -= 3;
+    data += 3;
+    buf[buflen-1] = '\0';
+    buf[buflen-2] = '*';
+    buflen -= 2;
+    for (; cnt > 0; cnt--, data++) {
+	snprintf(tbuf, sizeof(tbuf), " %d", *data);
+	for (cp = tbuf; *cp && buflen > 0; --buflen)
+	    *buf++ = *cp++;
+	if (buflen <= 0)
+	    return;
+    }
+    *buf = '\0';
+}
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/auth.h b/crypto/kerberosIV/appl/telnet/libtelnet/auth.h
new file mode 100644
index 0000000..83dd701
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/auth.h
@@ -0,0 +1,81 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)auth.h	8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* $Id: auth.h,v 1.4 1998/06/09 19:24:41 joda Exp $ */
+
+#ifndef	__AUTH__
+#define	__AUTH__
+
+#define	AUTH_REJECT	0	/* Rejected */
+#define	AUTH_UNKNOWN	1	/* We don't know who he is, but he's okay */
+#define	AUTH_OTHER	2	/* We know him, but not his name */
+#define	AUTH_USER	3	/* We know he name */
+#define	AUTH_VALID	4	/* We know him, and he needs no password */
+
+typedef struct XauthP {
+	int	type;
+	int	way;
+	int	(*init) (struct XauthP *, int);
+	int	(*send) (struct XauthP *);
+	void	(*is) (struct XauthP *, unsigned char *, int);
+	void	(*reply) (struct XauthP *, unsigned char *, int);
+	int	(*status) (struct XauthP *, char *, size_t, int);
+	void	(*printsub) (unsigned char *, int, unsigned char *, int);
+} Authenticator;
+
+#include "auth-proto.h"
+
+extern int auth_debug_mode;
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/enc-proto.h b/crypto/kerberosIV/appl/telnet/libtelnet/enc-proto.h
new file mode 100644
index 0000000..cb0077d
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/enc-proto.h
@@ -0,0 +1,132 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)enc-proto.h	8.1 (Berkeley) 6/4/93
+ *
+ *	@(#)enc-proto.h	5.2 (Berkeley) 3/22/91
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* $Id: enc-proto.h,v 1.9 1998/07/09 23:16:22 assar Exp $ */
+
+#if	defined(ENCRYPTION)
+Encryptions *findencryption (int);
+Encryptions *finddecryption(int);
+int EncryptAutoDec(int);
+int EncryptAutoEnc(int);
+int EncryptDebug(int);
+int EncryptDisable(char*, char*);
+int EncryptEnable(char*, char*);
+int EncryptStart(char*);
+int EncryptStartInput(void);
+int EncryptStartOutput(void);
+int EncryptStatus(void);
+int EncryptStop(char*);
+int EncryptStopInput(void);
+int EncryptStopOutput(void);
+int EncryptType(char*, char*);
+int EncryptVerbose(int);
+void decrypt_auto(int);
+void encrypt_auto(int);
+void encrypt_debug(int);
+void encrypt_dec_keyid(unsigned char*, int);
+void encrypt_display(void);
+void encrypt_enc_keyid(unsigned char*, int);
+void encrypt_end(void);
+void encrypt_gen_printsub(unsigned char*, int, unsigned char*, int);
+void encrypt_init(char*, int);
+void encrypt_is(unsigned char*, int);
+void encrypt_list_types(void);
+void encrypt_not(void);
+void encrypt_printsub(unsigned char*, int, unsigned char*, int);
+void encrypt_reply(unsigned char*, int);
+void encrypt_request_end(void);
+void encrypt_request_start(unsigned char*, int);
+void encrypt_send_end(void);
+void encrypt_send_keyid(int, unsigned char*, int, int);
+void encrypt_send_request_end(void);
+void encrypt_send_request_start(void);
+void encrypt_send_support(void);
+void encrypt_session_key(Session_Key*, int);
+void encrypt_start(unsigned char*, int);
+void encrypt_start_output(int);
+void encrypt_support(unsigned char*, int);
+void encrypt_verbose_quiet(int);
+void encrypt_wait(void);
+int encrypt_delay(void);
+
+#ifdef	TELENTD
+void encrypt_wait (void);
+#else
+void encrypt_display (void);
+#endif
+
+void cfb64_encrypt (unsigned char *, int);
+int cfb64_decrypt (int);
+void cfb64_init (int);
+int cfb64_start (int, int);
+int cfb64_is (unsigned char *, int);
+int cfb64_reply (unsigned char *, int);
+void cfb64_session (Session_Key *, int);
+int cfb64_keyid (int, unsigned char *, int *);
+void cfb64_printsub (unsigned char *, int, unsigned char *, int);
+
+void ofb64_encrypt (unsigned char *, int);
+int ofb64_decrypt (int);
+void ofb64_init (int);
+int ofb64_start (int, int);
+int ofb64_is (unsigned char *, int);
+int ofb64_reply (unsigned char *, int);
+void ofb64_session (Session_Key *, int);
+int ofb64_keyid (int, unsigned char *, int *);
+void ofb64_printsub (unsigned char *, int, unsigned char *, int);
+
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/enc_des.c b/crypto/kerberosIV/appl/telnet/libtelnet/enc_des.c
new file mode 100644
index 0000000..a24bfa7
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/enc_des.c
@@ -0,0 +1,671 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+RCSID("$Id: enc_des.c,v 1.16 1998/07/09 23:16:23 assar Exp $");
+
+#if	defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION)
+#include <arpa/telnet.h>
+#include <stdio.h>
+#ifdef	__STDC__
+#include <stdlib.h>
+#include <string.h>
+#endif
+#include <roken.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include "encrypt.h"
+#include "misc-proto.h"
+
+#include <des.h>
+
+extern int encrypt_debug_mode;
+
+#define	CFB	0
+#define	OFB	1
+
+#define	NO_SEND_IV	1
+#define	NO_RECV_IV	2
+#define	NO_KEYID	4
+#define	IN_PROGRESS	(NO_SEND_IV|NO_RECV_IV|NO_KEYID)
+#define	SUCCESS		0
+#define	FAILED		-1
+
+
+struct stinfo {
+  des_cblock	str_output;
+  des_cblock	str_feed;
+  des_cblock	str_iv;
+  des_cblock	str_ikey;
+  des_key_schedule str_sched;
+  int		str_index;
+  int		str_flagshift;
+};
+
+struct fb {
+	des_cblock krbdes_key;
+	des_key_schedule krbdes_sched;
+	des_cblock temp_feed;
+	unsigned char fb_feed[64];
+	int need_start;
+	int state[2];
+	int keyid[2];
+	int once;
+	struct stinfo streams[2];
+};
+
+static struct fb fb[2];
+
+struct keyidlist {
+	char	*keyid;
+	int	keyidlen;
+	char	*key;
+	int	keylen;
+	int	flags;
+} keyidlist [] = {
+	{ "\0", 1, 0, 0, 0 },		/* default key of zero */
+	{ 0, 0, 0, 0, 0 }
+};
+
+#define	KEYFLAG_MASK	03
+
+#define	KEYFLAG_NOINIT	00
+#define	KEYFLAG_INIT	01
+#define	KEYFLAG_OK	02
+#define	KEYFLAG_BAD	03
+
+#define	KEYFLAG_SHIFT	2
+
+#define	SHIFT_VAL(a,b)	(KEYFLAG_SHIFT*((a)+((b)*2)))
+
+#define	FB64_IV		1
+#define	FB64_IV_OK	2
+#define	FB64_IV_BAD	3
+
+
+void fb64_stream_iv (des_cblock, struct stinfo *);
+void fb64_init (struct fb *);
+static int fb64_start (struct fb *, int, int);
+int fb64_is (unsigned char *, int, struct fb *);
+int fb64_reply (unsigned char *, int, struct fb *);
+static void fb64_session (Session_Key *, int, struct fb *);
+void fb64_stream_key (des_cblock, struct stinfo *);
+int fb64_keyid (int, unsigned char *, int *, struct fb *);
+
+void cfb64_init(int server)
+{
+	fb64_init(&fb[CFB]);
+	fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64;
+	fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB);
+	fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB);
+}
+
+
+void ofb64_init(int server)
+{
+	fb64_init(&fb[OFB]);
+	fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64;
+	fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB);
+	fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB);
+}
+
+void fb64_init(struct fb *fbp)
+{
+	memset(fbp,0, sizeof(*fbp));
+	fbp->state[0] = fbp->state[1] = FAILED;
+	fbp->fb_feed[0] = IAC;
+	fbp->fb_feed[1] = SB;
+	fbp->fb_feed[2] = TELOPT_ENCRYPT;
+	fbp->fb_feed[3] = ENCRYPT_IS;
+}
+
+/*
+ * Returns:
+ *	-1: some error.  Negotiation is done, encryption not ready.
+ *	 0: Successful, initial negotiation all done.
+ *	 1: successful, negotiation not done yet.
+ *	 2: Not yet.  Other things (like getting the key from
+ *	    Kerberos) have to happen before we can continue.
+ */
+int cfb64_start(int dir, int server)
+{
+	return(fb64_start(&fb[CFB], dir, server));
+}
+
+int ofb64_start(int dir, int server)
+{
+	return(fb64_start(&fb[OFB], dir, server));
+}
+
+static int fb64_start(struct fb *fbp, int dir, int server)
+{
+	int x;
+	unsigned char *p;
+	int state;
+
+	switch (dir) {
+	case DIR_DECRYPT:
+		/*
+		 * This is simply a request to have the other side
+		 * start output (our input).  He will negotiate an
+		 * IV so we need not look for it.
+		 */
+		state = fbp->state[dir-1];
+		if (state == FAILED)
+			state = IN_PROGRESS;
+		break;
+
+	case DIR_ENCRYPT:
+		state = fbp->state[dir-1];
+		if (state == FAILED)
+			state = IN_PROGRESS;
+		else if ((state & NO_SEND_IV) == 0) {
+			break;
+		}
+
+		if (!VALIDKEY(fbp->krbdes_key)) {
+		        fbp->need_start = 1;
+			break;
+		}
+
+		state &= ~NO_SEND_IV;
+		state |= NO_RECV_IV;
+		if (encrypt_debug_mode)
+			printf("Creating new feed\r\n");
+		/*
+		 * Create a random feed and send it over.
+		 */
+#ifndef OLD_DES_RANDOM_KEY
+		des_new_random_key(&fbp->temp_feed);
+#else
+		/*
+		 * From des_cryp.man "If the des_check_key flag is non-zero,
+		 *  des_set_key will check that the key passed is
+		 *  of odd parity and is not a week or semi-weak key."
+		 */
+		do {
+			des_random_key(fbp->temp_feed);
+			des_set_odd_parity(fbp->temp_feed);
+		} while (des_is_weak_key(fbp->temp_feed));
+#endif
+		des_ecb_encrypt(&fbp->temp_feed,
+				&fbp->temp_feed,
+				fbp->krbdes_sched, 1);
+		p = fbp->fb_feed + 3;
+		*p++ = ENCRYPT_IS;
+		p++;
+		*p++ = FB64_IV;
+		for (x = 0; x < sizeof(des_cblock); ++x) {
+			if ((*p++ = fbp->temp_feed[x]) == IAC)
+				*p++ = IAC;
+		}
+		*p++ = IAC;
+		*p++ = SE;
+		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
+		telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
+		break;
+	default:
+		return(FAILED);
+	}
+	return(fbp->state[dir-1] = state);
+}
+
+/*
+ * Returns:
+ *	-1: some error.  Negotiation is done, encryption not ready.
+ *	 0: Successful, initial negotiation all done.
+ *	 1: successful, negotiation not done yet.
+ */
+
+int cfb64_is(unsigned char *data, int cnt)
+{
+	return(fb64_is(data, cnt, &fb[CFB]));
+}
+
+int ofb64_is(unsigned char *data, int cnt)
+{
+	return(fb64_is(data, cnt, &fb[OFB]));
+}
+
+
+int fb64_is(unsigned char *data, int cnt, struct fb *fbp)
+{
+	unsigned char *p;
+	int state = fbp->state[DIR_DECRYPT-1];
+
+	if (cnt-- < 1)
+		goto failure;
+
+	switch (*data++) {
+	case FB64_IV:
+		if (cnt != sizeof(des_cblock)) {
+			if (encrypt_debug_mode)
+				printf("CFB64: initial vector failed on size\r\n");
+			state = FAILED;
+			goto failure;
+		}
+
+		if (encrypt_debug_mode)
+			printf("CFB64: initial vector received\r\n");
+
+		if (encrypt_debug_mode)
+			printf("Initializing Decrypt stream\r\n");
+
+		fb64_stream_iv(data, &fbp->streams[DIR_DECRYPT-1]);
+
+		p = fbp->fb_feed + 3;
+		*p++ = ENCRYPT_REPLY;
+		p++;
+		*p++ = FB64_IV_OK;
+		*p++ = IAC;
+		*p++ = SE;
+		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
+		telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
+
+		state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS;
+		break;
+
+	default:
+		if (encrypt_debug_mode) {
+			printf("Unknown option type: %d\r\n", *(data-1));
+			printd(data, cnt);
+			printf("\r\n");
+		}
+		/* FALL THROUGH */
+	failure:
+		/*
+		 * We failed.  Send an FB64_IV_BAD option
+		 * to the other side so it will know that
+		 * things failed.
+		 */
+		p = fbp->fb_feed + 3;
+		*p++ = ENCRYPT_REPLY;
+		p++;
+		*p++ = FB64_IV_BAD;
+		*p++ = IAC;
+		*p++ = SE;
+		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
+		telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
+
+		break;
+	}
+	return(fbp->state[DIR_DECRYPT-1] = state);
+}
+
+/*
+ * Returns:
+ *	-1: some error.  Negotiation is done, encryption not ready.
+ *	 0: Successful, initial negotiation all done.
+ *	 1: successful, negotiation not done yet.
+ */
+
+int cfb64_reply(unsigned char *data, int cnt)
+{
+	return(fb64_reply(data, cnt, &fb[CFB]));
+}
+
+int ofb64_reply(unsigned char *data, int cnt)
+{
+	return(fb64_reply(data, cnt, &fb[OFB]));
+}
+
+
+int fb64_reply(unsigned char *data, int cnt, struct fb *fbp)
+{
+	int state = fbp->state[DIR_ENCRYPT-1];
+
+	if (cnt-- < 1)
+		goto failure;
+
+	switch (*data++) {
+	case FB64_IV_OK:
+		fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
+		if (state == FAILED)
+			state = IN_PROGRESS;
+		state &= ~NO_RECV_IV;
+		encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1);
+		break;
+
+	case FB64_IV_BAD:
+		memset(fbp->temp_feed, 0, sizeof(des_cblock));
+		fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
+		state = FAILED;
+		break;
+
+	default:
+		if (encrypt_debug_mode) {
+			printf("Unknown option type: %d\r\n", data[-1]);
+			printd(data, cnt);
+			printf("\r\n");
+		}
+		/* FALL THROUGH */
+	failure:
+		state = FAILED;
+		break;
+	}
+	return(fbp->state[DIR_ENCRYPT-1] = state);
+}
+
+void cfb64_session(Session_Key *key, int server)
+{
+	fb64_session(key, server, &fb[CFB]);
+}
+
+void ofb64_session(Session_Key *key, int server)
+{
+	fb64_session(key, server, &fb[OFB]);
+}
+
+static void fb64_session(Session_Key *key, int server, struct fb *fbp)
+{
+
+	if (!key || key->type != SK_DES) {
+		if (encrypt_debug_mode)
+			printf("Can't set krbdes's session key (%d != %d)\r\n",
+				key ? key->type : -1, SK_DES);
+		return;
+	}
+	memcpy(fbp->krbdes_key, key->data, sizeof(des_cblock));
+
+	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
+	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
+
+	if (fbp->once == 0) {
+#ifndef OLD_DES_RANDOM_KEY
+		des_init_random_number_generator(&fbp->krbdes_key);
+#endif
+		fbp->once = 1;
+	}
+	des_key_sched(&fbp->krbdes_key, fbp->krbdes_sched);
+	/*
+	 * Now look to see if krbdes_start() was was waiting for
+	 * the key to show up.  If so, go ahead an call it now
+	 * that we have the key.
+	 */
+	if (fbp->need_start) {
+		fbp->need_start = 0;
+		fb64_start(fbp, DIR_ENCRYPT, server);
+	}
+}
+
+/*
+ * We only accept a keyid of 0.  If we get a keyid of
+ * 0, then mark the state as SUCCESS.
+ */
+
+int cfb64_keyid(int dir, unsigned char *kp, int *lenp)
+{
+	return(fb64_keyid(dir, kp, lenp, &fb[CFB]));
+}
+
+int ofb64_keyid(int dir, unsigned char *kp, int *lenp)
+{
+	return(fb64_keyid(dir, kp, lenp, &fb[OFB]));
+}
+
+int fb64_keyid(int dir, unsigned char *kp, int *lenp, struct fb *fbp)
+{
+	int state = fbp->state[dir-1];
+
+	if (*lenp != 1 || (*kp != '\0')) {
+		*lenp = 0;
+		return(state);
+	}
+
+	if (state == FAILED)
+		state = IN_PROGRESS;
+
+	state &= ~NO_KEYID;
+
+	return(fbp->state[dir-1] = state);
+}
+
+void fb64_printsub(unsigned char *data, int cnt, 
+		   unsigned char *buf, int buflen, char *type)
+{
+	char lbuf[32];
+	int i;
+	char *cp;
+
+	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
+	buflen -= 1;
+
+	switch(data[2]) {
+	case FB64_IV:
+		snprintf(lbuf, sizeof(lbuf), "%s_IV", type);
+		cp = lbuf;
+		goto common;
+
+	case FB64_IV_OK:
+		snprintf(lbuf, sizeof(lbuf), "%s_IV_OK", type);
+		cp = lbuf;
+		goto common;
+
+	case FB64_IV_BAD:
+		snprintf(lbuf, sizeof(lbuf), "%s_IV_BAD", type);
+		cp = lbuf;
+		goto common;
+
+	default:
+		snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[2]);
+		cp = lbuf;
+	common:
+		for (; (buflen > 0) && (*buf = *cp++); buf++)
+			buflen--;
+		for (i = 3; i < cnt; i++) {
+			snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
+			for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++)
+				buflen--;
+		}
+		break;
+	}
+}
+
+void cfb64_printsub(unsigned char *data, int cnt, 
+		    unsigned char *buf, int buflen)
+{
+	fb64_printsub(data, cnt, buf, buflen, "CFB64");
+}
+
+void ofb64_printsub(unsigned char *data, int cnt,
+		    unsigned char *buf, int buflen)
+{
+	fb64_printsub(data, cnt, buf, buflen, "OFB64");
+}
+
+void fb64_stream_iv(des_cblock seed, struct stinfo *stp)
+{
+
+	memcpy(stp->str_iv, seed,sizeof(des_cblock));
+	memcpy(stp->str_output, seed, sizeof(des_cblock));
+
+	des_key_sched(&stp->str_ikey, stp->str_sched);
+
+	stp->str_index = sizeof(des_cblock);
+}
+
+void fb64_stream_key(des_cblock key, struct stinfo *stp)
+{
+	memcpy(stp->str_ikey, key, sizeof(des_cblock));
+	des_key_sched((des_cblock*)key, stp->str_sched);
+
+	memcpy(stp->str_output, stp->str_iv, sizeof(des_cblock));
+
+	stp->str_index = sizeof(des_cblock);
+}
+
+/*
+ * DES 64 bit Cipher Feedback
+ *
+ *     key --->+-----+
+ *          +->| DES |--+
+ *          |  +-----+  |
+ *	    |           v
+ *  INPUT --(--------->(+)+---> DATA
+ *          |             |
+ *	    +-------------+
+ *         
+ *
+ * Given:
+ *	iV: Initial vector, 64 bits (8 bytes) long.
+ *	Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
+ *	On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
+ *
+ *	V0 = DES(iV, key)
+ *	On = Dn ^ Vn
+ *	V(n+1) = DES(On, key)
+ */
+
+void cfb64_encrypt(unsigned char *s, int c)
+{
+	struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1];
+	int index;
+
+	index = stp->str_index;
+	while (c-- > 0) {
+		if (index == sizeof(des_cblock)) {
+			des_cblock b;
+			des_ecb_encrypt(&stp->str_output, &b,stp->str_sched, 1);
+			memcpy(stp->str_feed, b, sizeof(des_cblock));
+			index = 0;
+		}
+
+		/* On encryption, we store (feed ^ data) which is cypher */
+		*s = stp->str_output[index] = (stp->str_feed[index] ^ *s);
+		s++;
+		index++;
+	}
+	stp->str_index = index;
+}
+
+int cfb64_decrypt(int data)
+{
+	struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1];
+	int index;
+
+	if (data == -1) {
+		/*
+		 * Back up one byte.  It is assumed that we will
+		 * never back up more than one byte.  If we do, this
+		 * may or may not work.
+		 */
+		if (stp->str_index)
+			--stp->str_index;
+		return(0);
+	}
+
+	index = stp->str_index++;
+	if (index == sizeof(des_cblock)) {
+		des_cblock b;
+		des_ecb_encrypt(&stp->str_output,&b, stp->str_sched, 1);
+		memcpy(stp->str_feed, b, sizeof(des_cblock));
+		stp->str_index = 1;	/* Next time will be 1 */
+		index = 0;		/* But now use 0 */ 
+	}
+
+	/* On decryption we store (data) which is cypher. */
+	stp->str_output[index] = data;
+	return(data ^ stp->str_feed[index]);
+}
+
+/*
+ * DES 64 bit Output Feedback
+ *
+ * key --->+-----+
+ *	+->| DES |--+
+ *	|  +-----+  |
+ *	+-----------+
+ *	            v
+ *  INPUT -------->(+) ----> DATA
+ *
+ * Given:
+ *	iV: Initial vector, 64 bits (8 bytes) long.
+ *	Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
+ *	On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
+ *
+ *	V0 = DES(iV, key)
+ *	V(n+1) = DES(Vn, key)
+ *	On = Dn ^ Vn
+ */
+
+void ofb64_encrypt(unsigned char *s, int c)
+{
+	struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1];
+	int index;
+
+	index = stp->str_index;
+	while (c-- > 0) {
+		if (index == sizeof(des_cblock)) {
+			des_cblock b;
+			des_ecb_encrypt(&stp->str_feed,&b, stp->str_sched, 1);
+			memcpy(stp->str_feed, b, sizeof(des_cblock));
+			index = 0;
+		}
+		*s++ ^= stp->str_feed[index];
+		index++;
+	}
+	stp->str_index = index;
+}
+
+int ofb64_decrypt(int data)
+{
+	struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1];
+	int index;
+
+	if (data == -1) {
+		/*
+		 * Back up one byte.  It is assumed that we will
+		 * never back up more than one byte.  If we do, this
+		 * may or may not work.
+		 */
+		if (stp->str_index)
+			--stp->str_index;
+		return(0);
+	}
+
+	index = stp->str_index++;
+	if (index == sizeof(des_cblock)) {
+		des_cblock b;
+		des_ecb_encrypt(&stp->str_feed,&b,stp->str_sched, 1);
+		memcpy(stp->str_feed, b, sizeof(des_cblock));
+		stp->str_index = 1;	/* Next time will be 1 */
+		index = 0;		/* But now use 0 */ 
+	}
+
+	return(data ^ stp->str_feed[index]);
+}
+#endif
+
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/encrypt.c b/crypto/kerberosIV/appl/telnet/libtelnet/encrypt.c
new file mode 100644
index 0000000..21f7a85
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/encrypt.c
@@ -0,0 +1,995 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+
+#include <config.h>
+
+RCSID("$Id: encrypt.c,v 1.21 1998/07/09 23:16:25 assar Exp $");
+
+#if	defined(ENCRYPTION)
+
+#define	ENCRYPT_NAMES
+#include <arpa/telnet.h>
+
+#include "encrypt.h"
+#include "misc.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <roken.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+
+/*
+ * These functions pointers point to the current routines
+ * for encrypting and decrypting data.
+ */
+void	(*encrypt_output) (unsigned char *, int);
+int	(*decrypt_input) (int);
+char	*nclearto;
+
+int encrypt_debug_mode = 0;
+static int decrypt_mode = 0;
+static int encrypt_mode = 0;
+static int encrypt_verbose = 0;
+static int autoencrypt = 0;
+static int autodecrypt = 0;
+static int havesessionkey = 0;
+static int Server = 0;
+static char *Name = "Noname";
+
+#define	typemask(x)	((x) > 0 ? 1 << ((x)-1) : 0)
+
+static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64)
+     | typemask(ENCTYPE_DES_OFB64);
+     static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64)
+     | typemask(ENCTYPE_DES_OFB64);
+     static long i_wont_support_encrypt = 0;
+     static long i_wont_support_decrypt = 0;
+#define	I_SUPPORT_ENCRYPT	(i_support_encrypt & ~i_wont_support_encrypt)
+#define	I_SUPPORT_DECRYPT	(i_support_decrypt & ~i_wont_support_decrypt)
+
+     static long remote_supports_encrypt = 0;
+     static long remote_supports_decrypt = 0;
+
+     static Encryptions encryptions[] = {
+#if	defined(DES_ENCRYPTION)
+	 { "DES_CFB64",	ENCTYPE_DES_CFB64,
+	   cfb64_encrypt,	
+	   cfb64_decrypt,
+	   cfb64_init,
+	   cfb64_start,
+	   cfb64_is,
+	   cfb64_reply,
+	   cfb64_session,
+	   cfb64_keyid,
+	   cfb64_printsub },
+	 { "DES_OFB64",	ENCTYPE_DES_OFB64,
+	   ofb64_encrypt,	
+	   ofb64_decrypt,
+	   ofb64_init,
+	   ofb64_start,
+	   ofb64_is,
+	   ofb64_reply,
+	   ofb64_session,
+	   ofb64_keyid,
+	   ofb64_printsub },
+#endif
+	 { 0, },
+     };
+
+static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT,
+				      ENCRYPT_SUPPORT };
+static unsigned char str_suplen = 0;
+static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT };
+static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
+
+Encryptions *
+findencryption(int type)
+{
+    Encryptions *ep = encryptions;
+
+    if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type)))
+	return(0);
+    while (ep->type && ep->type != type)
+	++ep;
+    return(ep->type ? ep : 0);
+}
+
+Encryptions *
+finddecryption(int type)
+{
+    Encryptions *ep = encryptions;
+
+    if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type)))
+	return(0);
+    while (ep->type && ep->type != type)
+	++ep;
+    return(ep->type ? ep : 0);
+}
+
+#define	MAXKEYLEN 64
+
+static struct key_info {
+    unsigned char keyid[MAXKEYLEN];
+    int keylen;
+    int dir;
+    int *modep;
+    Encryptions *(*getcrypt)();
+} ki[2] = {
+    { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption },
+    { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption },
+};
+
+void
+encrypt_init(char *name, int server)
+{
+    Encryptions *ep = encryptions;
+
+    Name = name;
+    Server = server;
+    i_support_encrypt = i_support_decrypt = 0;
+    remote_supports_encrypt = remote_supports_decrypt = 0;
+    encrypt_mode = 0;
+    decrypt_mode = 0;
+    encrypt_output = 0;
+    decrypt_input = 0;
+#ifdef notdef
+    encrypt_verbose = !server;
+#endif
+
+    str_suplen = 4;
+
+    while (ep->type) {
+	if (encrypt_debug_mode)
+	    printf(">>>%s: I will support %s\r\n",
+		   Name, ENCTYPE_NAME(ep->type));
+	i_support_encrypt |= typemask(ep->type);
+	i_support_decrypt |= typemask(ep->type);
+	if ((i_wont_support_decrypt & typemask(ep->type)) == 0)
+	    if ((str_send[str_suplen++] = ep->type) == IAC)
+		str_send[str_suplen++] = IAC;
+	if (ep->init)
+	    (*ep->init)(Server);
+	++ep;
+    }
+    str_send[str_suplen++] = IAC;
+    str_send[str_suplen++] = SE;
+}
+
+void
+encrypt_list_types(void)
+{
+    Encryptions *ep = encryptions;
+
+    printf("Valid encryption types:\n");
+    while (ep->type) {
+	printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type);
+	++ep;
+    }
+}
+
+int
+EncryptEnable(char *type, char *mode)
+{
+    if (isprefix(type, "help") || isprefix(type, "?")) {
+	printf("Usage: encrypt enable <type> [input|output]\n");
+	encrypt_list_types();
+	return(0);
+    }
+    if (EncryptType(type, mode))
+	return(EncryptStart(mode));
+    return(0);
+}
+
+int
+EncryptDisable(char *type, char *mode)
+{
+    Encryptions *ep;
+    int ret = 0;
+
+    if (isprefix(type, "help") || isprefix(type, "?")) {
+	printf("Usage: encrypt disable <type> [input|output]\n");
+	encrypt_list_types();
+    } else if ((ep = (Encryptions *)genget(type, (char**)encryptions,
+					   sizeof(Encryptions))) == 0) {
+	printf("%s: invalid encryption type\n", type);
+    } else if (Ambiguous(ep)) {
+	printf("Ambiguous type '%s'\n", type);
+    } else {
+	if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) {
+	    if (decrypt_mode == ep->type)
+		EncryptStopInput();
+	    i_wont_support_decrypt |= typemask(ep->type);
+	    ret = 1;
+	}
+	if ((mode == 0) || (isprefix(mode, "output"))) {
+	    if (encrypt_mode == ep->type)
+		EncryptStopOutput();
+	    i_wont_support_encrypt |= typemask(ep->type);
+	    ret = 1;
+	}
+	if (ret == 0)
+	    printf("%s: invalid encryption mode\n", mode);
+    }
+    return(ret);
+}
+
+int
+EncryptType(char *type, char *mode)
+{
+    Encryptions *ep;
+    int ret = 0;
+
+    if (isprefix(type, "help") || isprefix(type, "?")) {
+	printf("Usage: encrypt type <type> [input|output]\n");
+	encrypt_list_types();
+    } else if ((ep = (Encryptions *)genget(type, (char**)encryptions,
+					   sizeof(Encryptions))) == 0) {
+	printf("%s: invalid encryption type\n", type);
+    } else if (Ambiguous(ep)) {
+	printf("Ambiguous type '%s'\n", type);
+    } else {
+	if ((mode == 0) || isprefix(mode, "input")) {
+	    decrypt_mode = ep->type;
+	    i_wont_support_decrypt &= ~typemask(ep->type);
+	    ret = 1;
+	}
+	if ((mode == 0) || isprefix(mode, "output")) {
+	    encrypt_mode = ep->type;
+	    i_wont_support_encrypt &= ~typemask(ep->type);
+	    ret = 1;
+	}
+	if (ret == 0)
+	    printf("%s: invalid encryption mode\n", mode);
+    }
+    return(ret);
+}
+
+int
+EncryptStart(char *mode)
+{
+    int ret = 0;
+    if (mode) {
+	if (isprefix(mode, "input"))
+	    return(EncryptStartInput());
+	if (isprefix(mode, "output"))
+	    return(EncryptStartOutput());
+	if (isprefix(mode, "help") || isprefix(mode, "?")) {
+	    printf("Usage: encrypt start [input|output]\n");
+	    return(0);
+	}
+	printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode);
+	return(0);
+    }
+    ret += EncryptStartInput();
+    ret += EncryptStartOutput();
+    return(ret);
+}
+
+int
+EncryptStartInput(void)
+{
+    if (decrypt_mode) {
+	encrypt_send_request_start();
+	return(1);
+    }
+    printf("No previous decryption mode, decryption not enabled\r\n");
+    return(0);
+}
+
+int
+EncryptStartOutput(void)
+{
+    if (encrypt_mode) {
+	encrypt_start_output(encrypt_mode);
+	return(1);
+    }
+    printf("No previous encryption mode, encryption not enabled\r\n");
+    return(0);
+}
+
+int
+EncryptStop(char *mode)
+{
+    int ret = 0;
+    if (mode) {
+	if (isprefix(mode, "input"))
+	    return(EncryptStopInput());
+	if (isprefix(mode, "output"))
+	    return(EncryptStopOutput());
+	if (isprefix(mode, "help") || isprefix(mode, "?")) {
+	    printf("Usage: encrypt stop [input|output]\n");
+	    return(0);
+	}
+	printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode);
+	return(0);
+    }
+    ret += EncryptStopInput();
+    ret += EncryptStopOutput();
+    return(ret);
+}
+
+int
+EncryptStopInput(void)
+{
+    encrypt_send_request_end();
+    return(1);
+}
+
+int
+EncryptStopOutput(void)
+{
+    encrypt_send_end();
+    return(1);
+}
+
+void
+encrypt_display(void)
+{
+    printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n",
+	   autoencrypt?"on":"off", autodecrypt?"on":"off");
+
+    if (encrypt_output)
+	printf("Currently encrypting output with %s\r\n",
+	       ENCTYPE_NAME(encrypt_mode));
+    else
+	printf("Currently not encrypting output\r\n");
+	
+    if (decrypt_input)
+	printf("Currently decrypting input with %s\r\n",
+	       ENCTYPE_NAME(decrypt_mode));
+    else
+	printf("Currently not decrypting input\r\n");
+}
+
+int
+EncryptStatus(void)
+{
+    printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n",
+	   autoencrypt?"on":"off", autodecrypt?"on":"off");
+
+    if (encrypt_output)
+	printf("Currently encrypting output with %s\r\n",
+	       ENCTYPE_NAME(encrypt_mode));
+    else if (encrypt_mode) {
+	printf("Currently output is clear text.\r\n");
+	printf("Last encryption mode was %s\r\n",
+	       ENCTYPE_NAME(encrypt_mode));
+    } else
+	printf("Currently not encrypting output\r\n");
+	
+    if (decrypt_input) {
+	printf("Currently decrypting input with %s\r\n",
+	       ENCTYPE_NAME(decrypt_mode));
+    } else if (decrypt_mode) {
+	printf("Currently input is clear text.\r\n");
+	printf("Last decryption mode was %s\r\n",
+	       ENCTYPE_NAME(decrypt_mode));
+    } else
+	printf("Currently not decrypting input\r\n");
+
+    return 1;
+}
+
+void
+encrypt_send_support(void)
+{
+    if (str_suplen) {
+	/*
+	 * If the user has requested that decryption start
+	 * immediatly, then send a "REQUEST START" before
+	 * we negotiate the type.
+	 */
+	if (!Server && autodecrypt)
+	    encrypt_send_request_start();
+	telnet_net_write(str_send, str_suplen);
+	printsub('>', &str_send[2], str_suplen - 2);
+	str_suplen = 0;
+    }
+}
+
+int
+EncryptDebug(int on)
+{
+    if (on < 0)
+	encrypt_debug_mode ^= 1;
+    else
+	encrypt_debug_mode = on;
+    printf("Encryption debugging %s\r\n",
+	   encrypt_debug_mode ? "enabled" : "disabled");
+    return(1);
+}
+
+/* turn on verbose encryption, but dont keep telling the whole world
+ */
+void encrypt_verbose_quiet(int on)
+{
+    if(on < 0)
+	encrypt_verbose ^= 1;
+    else
+	encrypt_verbose = on ? 1 : 0;
+}
+
+int
+EncryptVerbose(int on)
+{
+    encrypt_verbose_quiet(on);
+    printf("Encryption %s verbose\r\n",
+	   encrypt_verbose ? "is" : "is not");
+    return(1);
+}
+
+int
+EncryptAutoEnc(int on)
+{
+    encrypt_auto(on);
+    printf("Automatic encryption of output is %s\r\n",
+	   autoencrypt ? "enabled" : "disabled");
+    return(1);
+}
+
+int
+EncryptAutoDec(int on)
+{
+    decrypt_auto(on);
+    printf("Automatic decryption of input is %s\r\n",
+	   autodecrypt ? "enabled" : "disabled");
+    return(1);
+}
+
+/* Called when we receive a WONT or a DONT ENCRYPT after we sent a DO
+   encrypt */
+void
+encrypt_not(void)
+{
+    if (encrypt_verbose)
+  	printf("[ Connection is NOT encrypted ]\r\n");
+    else
+  	printf("\r\n*** Connection not encrypted! "
+	       "Communication may be eavesdropped. ***\r\n");
+}
+
+/*
+ * Called when ENCRYPT SUPPORT is received.
+ */
+void
+encrypt_support(unsigned char *typelist, int cnt)
+{
+    int type, use_type = 0;
+    Encryptions *ep;
+
+    /*
+     * Forget anything the other side has previously told us.
+     */
+    remote_supports_decrypt = 0;
+
+    while (cnt-- > 0) {
+	type = *typelist++;
+	if (encrypt_debug_mode)
+	    printf(">>>%s: He is supporting %s (%d)\r\n",
+		   Name,
+		   ENCTYPE_NAME(type), type);
+	if ((type < ENCTYPE_CNT) &&
+	    (I_SUPPORT_ENCRYPT & typemask(type))) {
+	    remote_supports_decrypt |= typemask(type);
+	    if (use_type == 0)
+		use_type = type;
+	}
+    }
+    if (use_type) {
+	ep = findencryption(use_type);
+	if (!ep)
+	    return;
+	type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0;
+	if (encrypt_debug_mode)
+	    printf(">>>%s: (*ep->start)() returned %d\r\n",
+		   Name, type);
+	if (type < 0)
+	    return;
+	encrypt_mode = use_type;
+	if (type == 0)
+	    encrypt_start_output(use_type);
+    }
+}
+
+void
+encrypt_is(unsigned char *data, int cnt)
+{
+    Encryptions *ep;
+    int type, ret;
+
+    if (--cnt < 0)
+	return;
+    type = *data++;
+    if (type < ENCTYPE_CNT)
+	remote_supports_encrypt |= typemask(type);
+    if (!(ep = finddecryption(type))) {
+	if (encrypt_debug_mode)
+	    printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
+		   Name,
+		   ENCTYPE_NAME_OK(type)
+		   ? ENCTYPE_NAME(type) : "(unknown)",
+		   type);
+	return;
+    }
+    if (!ep->is) {
+	if (encrypt_debug_mode)
+	    printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
+		   Name,
+		   ENCTYPE_NAME_OK(type)
+		   ? ENCTYPE_NAME(type) : "(unknown)",
+		   type);
+	ret = 0;
+    } else {
+	ret = (*ep->is)(data, cnt);
+	if (encrypt_debug_mode)
+	    printf("(*ep->is)(%p, %d) returned %s(%d)\n", data, cnt,
+		   (ret < 0) ? "FAIL " :
+		   (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
+    }
+    if (ret < 0) {
+	autodecrypt = 0;
+    } else {
+	decrypt_mode = type;
+	if (ret == 0 && autodecrypt)
+	    encrypt_send_request_start();
+    }
+}
+
+void
+encrypt_reply(unsigned char *data, int cnt)
+{
+    Encryptions *ep;
+    int ret, type;
+
+    if (--cnt < 0)
+	return;
+    type = *data++;
+    if (!(ep = findencryption(type))) {
+	if (encrypt_debug_mode)
+	    printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
+		   Name,
+		   ENCTYPE_NAME_OK(type)
+		   ? ENCTYPE_NAME(type) : "(unknown)",
+		   type);
+	return;
+    }
+    if (!ep->reply) {
+	if (encrypt_debug_mode)
+	    printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
+		   Name,
+		   ENCTYPE_NAME_OK(type)
+		   ? ENCTYPE_NAME(type) : "(unknown)",
+		   type);
+	ret = 0;
+    } else {
+	ret = (*ep->reply)(data, cnt);
+	if (encrypt_debug_mode)
+	    printf("(*ep->reply)(%p, %d) returned %s(%d)\n",
+		   data, cnt,
+		   (ret < 0) ? "FAIL " :
+		   (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
+    }
+    if (encrypt_debug_mode)
+	printf(">>>%s: encrypt_reply returned %d\n", Name, ret);
+    if (ret < 0) {
+	autoencrypt = 0;
+    } else {
+	encrypt_mode = type;
+	if (ret == 0 && autoencrypt)
+	    encrypt_start_output(type);
+    }
+}
+
+/*
+ * Called when a ENCRYPT START command is received.
+ */
+void
+encrypt_start(unsigned char *data, int cnt)
+{
+    Encryptions *ep;
+
+    if (!decrypt_mode) {
+	/*
+	 * Something is wrong.  We should not get a START
+	 * command without having already picked our
+	 * decryption scheme.  Send a REQUEST-END to
+	 * attempt to clear the channel...
+	 */
+	printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name);
+	encrypt_send_request_end();
+	return;
+    }
+
+    if ((ep = finddecryption(decrypt_mode))) {
+	decrypt_input = ep->input;
+	if (encrypt_verbose)
+	    printf("[ Input is now decrypted with type %s ]\r\n",
+		   ENCTYPE_NAME(decrypt_mode));
+	if (encrypt_debug_mode)
+	    printf(">>>%s: Start to decrypt input with type %s\r\n",
+		   Name, ENCTYPE_NAME(decrypt_mode));
+    } else {
+	printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n",
+	       Name,
+	       ENCTYPE_NAME_OK(decrypt_mode)
+	       ? ENCTYPE_NAME(decrypt_mode)
+	       : "(unknown)",
+	       decrypt_mode);
+	encrypt_send_request_end();
+    }
+}
+
+void
+encrypt_session_key(Session_Key *key, int server)
+{
+    Encryptions *ep = encryptions;
+
+    havesessionkey = 1;
+
+    while (ep->type) {
+	if (ep->session)
+	    (*ep->session)(key, server);
+	++ep;
+    }
+}
+
+/*
+ * Called when ENCRYPT END is received.
+ */
+void
+encrypt_end(void)
+{
+    decrypt_input = 0;
+    if (encrypt_debug_mode)
+	printf(">>>%s: Input is back to clear text\r\n", Name);
+    if (encrypt_verbose)
+	printf("[ Input is now clear text ]\r\n");
+}
+
+/*
+ * Called when ENCRYPT REQUEST-END is received.
+ */
+void
+encrypt_request_end(void)
+{
+    encrypt_send_end();
+}
+
+/*
+ * Called when ENCRYPT REQUEST-START is received.  If we receive
+ * this before a type is picked, then that indicates that the
+ * other side wants us to start encrypting data as soon as we
+ * can. 
+ */
+void
+encrypt_request_start(unsigned char *data, int cnt)
+{
+    if (encrypt_mode == 0)  {
+	if (Server)
+	    autoencrypt = 1;
+	return;
+    }
+    encrypt_start_output(encrypt_mode);
+}
+
+static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
+
+static void
+encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len)
+{
+    Encryptions *ep;
+    int dir = kp->dir;
+    int ret = 0;
+
+    if (!(ep = (*kp->getcrypt)(*kp->modep))) {
+	if (len == 0)
+	    return;
+	kp->keylen = 0;
+    } else if (len == 0) {
+	/*
+	 * Empty option, indicates a failure.
+	 */
+	if (kp->keylen == 0)
+	    return;
+	kp->keylen = 0;
+	if (ep->keyid)
+	    (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
+
+    } else if ((len != kp->keylen) || (memcmp(keyid,kp->keyid,len) != 0)) {
+	/*
+	 * Length or contents are different
+	 */
+	kp->keylen = len;
+	memcpy(kp->keyid,keyid, len);
+	if (ep->keyid)
+	    (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
+    } else {
+	if (ep->keyid)
+	    ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen);
+	if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt)
+	    encrypt_start_output(*kp->modep);
+	return;
+    }
+
+    encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0);
+}
+
+void encrypt_enc_keyid(unsigned char *keyid, int len)
+{
+    encrypt_keyid(&ki[1], keyid, len);
+}
+
+void encrypt_dec_keyid(unsigned char *keyid, int len)
+{
+    encrypt_keyid(&ki[0], keyid, len);
+}
+
+
+void encrypt_send_keyid(int dir, unsigned char *keyid, int keylen, int saveit)
+{
+    unsigned char *strp;
+
+    str_keyid[3] = (dir == DIR_ENCRYPT)
+	? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID;
+    if (saveit) {
+	struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1];
+	memcpy(kp->keyid,keyid, keylen);
+	kp->keylen = keylen;
+    }
+
+    for (strp = &str_keyid[4]; keylen > 0; --keylen) {
+	if ((*strp++ = *keyid++) == IAC)
+	    *strp++ = IAC;
+    }
+    *strp++ = IAC;
+    *strp++ = SE;
+    telnet_net_write(str_keyid, strp - str_keyid);
+    printsub('>', &str_keyid[2], strp - str_keyid - 2);
+}
+
+void
+encrypt_auto(int on)
+{
+    if (on < 0)
+	autoencrypt ^= 1;
+    else
+	autoencrypt = on ? 1 : 0;
+}
+
+void
+decrypt_auto(int on)
+{
+    if (on < 0)
+	autodecrypt ^= 1;
+    else
+	autodecrypt = on ? 1 : 0;
+}
+
+void
+encrypt_start_output(int type)
+{
+    Encryptions *ep;
+    unsigned char *p;
+    int i;
+
+    if (!(ep = findencryption(type))) {
+	if (encrypt_debug_mode) {
+	    printf(">>>%s: Can't encrypt with type %s (%d)\r\n",
+		   Name,
+		   ENCTYPE_NAME_OK(type)
+		   ? ENCTYPE_NAME(type) : "(unknown)",
+		   type);
+	}
+	return;
+    }
+    if (ep->start) {
+	i = (*ep->start)(DIR_ENCRYPT, Server);
+	if (encrypt_debug_mode) {
+	    printf(">>>%s: Encrypt start: %s (%d) %s\r\n",
+		   Name, 
+		   (i < 0) ? "failed" :
+		   "initial negotiation in progress",
+		   i, ENCTYPE_NAME(type));
+	}
+	if (i)
+	    return;
+    }
+    p = str_start + 3;
+    *p++ = ENCRYPT_START;
+    for (i = 0; i < ki[0].keylen; ++i) {
+	if ((*p++ = ki[0].keyid[i]) == IAC)
+	    *p++ = IAC;
+    }
+    *p++ = IAC;
+    *p++ = SE;
+    telnet_net_write(str_start, p - str_start);
+    net_encrypt();
+    printsub('>', &str_start[2], p - &str_start[2]);
+    /*
+     * If we are already encrypting in some mode, then
+     * encrypt the ring (which includes our request) in
+     * the old mode, mark it all as "clear text" and then
+     * switch to the new mode.
+     */
+    encrypt_output = ep->output;
+    encrypt_mode = type;
+    if (encrypt_debug_mode)
+	printf(">>>%s: Started to encrypt output with type %s\r\n",
+	       Name, ENCTYPE_NAME(type));
+    if (encrypt_verbose)
+	printf("[ Output is now encrypted with type %s ]\r\n",
+	       ENCTYPE_NAME(type));
+}
+
+void
+encrypt_send_end(void)
+{
+    if (!encrypt_output)
+	return;
+
+    str_end[3] = ENCRYPT_END;
+    telnet_net_write(str_end, sizeof(str_end));
+    net_encrypt();
+    printsub('>', &str_end[2], sizeof(str_end) - 2);
+    /*
+     * Encrypt the output buffer now because it will not be done by
+     * netflush...
+     */
+    encrypt_output = 0;
+    if (encrypt_debug_mode)
+	printf(">>>%s: Output is back to clear text\r\n", Name);
+    if (encrypt_verbose)
+	printf("[ Output is now clear text ]\r\n");
+}
+
+void
+encrypt_send_request_start(void)
+{
+    unsigned char *p;
+    int i;
+
+    p = &str_start[3];
+    *p++ = ENCRYPT_REQSTART;
+    for (i = 0; i < ki[1].keylen; ++i) {
+	if ((*p++ = ki[1].keyid[i]) == IAC)
+	    *p++ = IAC;
+    }
+    *p++ = IAC;
+    *p++ = SE;
+    telnet_net_write(str_start, p - str_start);
+    printsub('>', &str_start[2], p - &str_start[2]);
+    if (encrypt_debug_mode)
+	printf(">>>%s: Request input to be encrypted\r\n", Name);
+}
+
+void
+encrypt_send_request_end(void)
+{
+    str_end[3] = ENCRYPT_REQEND;
+    telnet_net_write(str_end, sizeof(str_end));
+    printsub('>', &str_end[2], sizeof(str_end) - 2);
+
+    if (encrypt_debug_mode)
+	printf(">>>%s: Request input to be clear text\r\n", Name);
+}
+
+
+void encrypt_wait(void)
+{
+    if (encrypt_debug_mode)
+	printf(">>>%s: in encrypt_wait\r\n", Name);
+    if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt))
+	return;
+    while (autoencrypt && !encrypt_output)
+	if (telnet_spin())
+	    return;
+}
+
+int
+encrypt_delay(void)
+{
+    if(!havesessionkey ||
+       (I_SUPPORT_ENCRYPT & remote_supports_decrypt) == 0 ||
+       (I_SUPPORT_DECRYPT & remote_supports_encrypt) == 0)
+	return 0;
+    if(!(encrypt_output && decrypt_input))
+	return 1;
+    return 0;
+}
+
+void
+encrypt_debug(int mode)
+{
+    encrypt_debug_mode = mode;
+}
+
+void encrypt_gen_printsub(unsigned char *data, int cnt, 
+			  unsigned char *buf, int buflen)
+{
+    char tbuf[16], *cp;
+
+    cnt -= 2;
+    data += 2;
+    buf[buflen-1] = '\0';
+    buf[buflen-2] = '*';
+    buflen -= 2;;
+    for (; cnt > 0; cnt--, data++) {
+	snprintf(tbuf, sizeof(tbuf), " %d", *data);
+	for (cp = tbuf; *cp && buflen > 0; --buflen)
+	    *buf++ = *cp++;
+	if (buflen <= 0)
+	    return;
+    }
+    *buf = '\0';
+}
+
+void
+encrypt_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
+{
+    Encryptions *ep;
+    int type = data[1];
+
+    for (ep = encryptions; ep->type && ep->type != type; ep++)
+	;
+
+    if (ep->printsub)
+	(*ep->printsub)(data, cnt, buf, buflen);
+    else
+	encrypt_gen_printsub(data, cnt, buf, buflen);
+}
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/encrypt.h b/crypto/kerberosIV/appl/telnet/libtelnet/encrypt.h
new file mode 100644
index 0000000..5919db5
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/encrypt.h
@@ -0,0 +1,98 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)encrypt.h	8.1 (Berkeley) 6/4/93
+ *
+ *	@(#)encrypt.h	5.2 (Berkeley) 3/22/91
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* $Id: encrypt.h,v 1.4 1997/01/24 23:10:56 assar Exp $ */
+
+#ifndef	__ENCRYPT__
+#define	__ENCRYPT__
+
+#define	DIR_DECRYPT		1
+#define	DIR_ENCRYPT		2
+
+#define	VALIDKEY(key)	( key[0] | key[1] | key[2] | key[3] | \
+			  key[4] | key[5] | key[6] | key[7])
+
+#define	SAMEKEY(k1, k2)	(!memcmp(k1, k2, sizeof(des_cblock)))
+
+typedef	struct {
+	short		type;
+	int		length;
+	unsigned char	*data;
+} Session_Key;
+
+typedef struct {
+	char	*name;
+	int	type;
+	void	(*output) (unsigned char *, int);
+	int	(*input) (int);
+	void	(*init) (int);
+	int	(*start) (int, int);
+	int	(*is) (unsigned char *, int);
+	int	(*reply) (unsigned char *, int);
+	void	(*session) (Session_Key *, int);
+	int	(*keyid) (int, unsigned char *, int *);
+	void	(*printsub) (unsigned char *, int, unsigned char *, int);
+} Encryptions;
+
+#define	SK_DES		1	/* Matched Kerberos v5 KEYTYPE_DES */
+
+#include "enc-proto.h"
+
+extern int encrypt_debug_mode;
+extern int (*decrypt_input) (int);
+extern void (*encrypt_output) (unsigned char *, int);
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/genget.c b/crypto/kerberosIV/appl/telnet/libtelnet/genget.c
new file mode 100644
index 0000000..c17a7bd
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/genget.c
@@ -0,0 +1,103 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+#include "misc-proto.h"
+
+RCSID("$Id: genget.c,v 1.6 1997/05/04 09:01:34 assar Exp $");
+
+#include <ctype.h>
+
+#define	LOWER(x) (isupper(x) ? tolower(x) : (x))
+/*
+ * The prefix function returns 0 if *s1 is not a prefix
+ * of *s2.  If *s1 exactly matches *s2, the negative of
+ * the length is returned.  If *s1 is a prefix of *s2,
+ * the length of *s1 is returned.
+ */
+
+int
+isprefix(char *s1, char *s2)
+{
+    char *os1;
+    char c1, c2;
+
+    if (*s1 == '\0')
+	return(-1);
+    os1 = s1;
+    c1 = *s1;
+    c2 = *s2;
+    while (LOWER(c1) == LOWER(c2)) {
+	if (c1 == '\0')
+	    break;
+	c1 = *++s1;
+	c2 = *++s2;
+    }
+    return(*s1 ? 0 : (*s2 ? (s1 - os1) : (os1 - s1)));
+}
+
+static char *ambiguous;		/* special return value for command routines */
+
+char **
+genget(char *name, char **table, int stlen)
+     /* name to match */
+     /* name entry in table */
+	   	      
+{
+    char **c, **found;
+    int n;
+
+    if (name == 0)
+	return 0;
+
+    found = 0;
+    for (c = table; *c != 0; c = (char **)((char *)c + stlen)) {
+	if ((n = isprefix(name, *c)) == 0)
+	    continue;
+	if (n < 0)		/* exact match */
+	    return(c);
+	if (found)
+	    return(&ambiguous);
+	found = c;
+    }
+    return(found);
+}
+
+/*
+ * Function call version of Ambiguous()
+ */
+int
+Ambiguous(void *s)
+{
+    return((char **)s == &ambiguous);
+}
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c
new file mode 100644
index 0000000..b5c0953
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c
@@ -0,0 +1,717 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+RCSID("$Id: kerberos.c,v 1.45 1999/03/13 21:18:55 assar Exp $");
+
+#ifdef	KRB4
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+#include <stdio.h>
+#include <des.h>	/* BSD wont include this in krb.h, so we do it here */
+#include <krb.h>
+#include <pwd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <roken.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+
+int kerberos4_cksum (unsigned char *, int);
+extern int auth_debug_mode;
+
+static unsigned char str_data[2048] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+			  		AUTHTYPE_KERBEROS_V4, };
+
+#define	KRB_AUTH	0		/* Authentication data follows */
+#define	KRB_REJECT	1		/* Rejected (reason might follow) */
+#define	KRB_ACCEPT	2		/* Accepted */
+#define	KRB_CHALLENGE	3		/* Challenge for mutual auth. */
+#define	KRB_RESPONSE	4		/* Response for mutual auth. */
+
+#define KRB_FORWARD		5	/* */
+#define KRB_FORWARD_ACCEPT	6	/* */
+#define KRB_FORWARD_REJECT	7	/* */
+
+#define KRB_SERVICE_NAME   "rcmd"
+
+static	KTEXT_ST auth;
+static	char name[ANAME_SZ];
+static	AUTH_DAT adat;
+static des_cblock session_key;
+static des_cblock cred_session;
+static des_key_schedule sched;
+static des_cblock challenge;
+static int auth_done; /* XXX */
+
+static int pack_cred(CREDENTIALS *cred, unsigned char *buf);
+static int unpack_cred(unsigned char *buf, int len, CREDENTIALS *cred);
+
+
+static int
+Data(Authenticator *ap, int type, const void *d, int c)
+{
+    unsigned char *p = str_data + 4;
+    const unsigned char *cd = (const unsigned char *)d;
+
+    if (c == -1)
+	c = strlen((const char *)cd);
+
+    if (auth_debug_mode) {
+	printf("%s:%d: [%d] (%d)",
+	       str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+	       str_data[3],
+	       type, c);
+	printd(d, c);
+	printf("\r\n");
+    }
+    *p++ = ap->type;
+    *p++ = ap->way;
+    *p++ = type;
+    while (c-- > 0) {
+	if ((*p++ = *cd++) == IAC)
+	    *p++ = IAC;
+    }
+    *p++ = IAC;
+    *p++ = SE;
+    if (str_data[3] == TELQUAL_IS)
+	printsub('>', &str_data[2], p - (&str_data[2]));
+    return(telnet_net_write(str_data, p - str_data));
+}
+
+int
+kerberos4_init(Authenticator *ap, int server)
+{
+    FILE *fp;
+
+    if (server) {
+	str_data[3] = TELQUAL_REPLY;
+	if ((fp = fopen(KEYFILE, "r")) == NULL)
+	    return(0);
+	fclose(fp);
+    } else {
+	str_data[3] = TELQUAL_IS;
+    }
+    return(1);
+}
+
+char dst_realm_buf[REALM_SZ], *dest_realm = NULL;
+int dst_realm_sz = REALM_SZ;
+
+static int
+kerberos4_send(char *name, Authenticator *ap)
+{
+    KTEXT_ST auth;
+    char instance[INST_SZ];
+    char *realm;
+    CREDENTIALS cred;
+    int r;
+
+    printf("[ Trying %s ... ]\r\n", name);
+    if (!UserNameRequested) {
+	if (auth_debug_mode) {
+	    printf("Kerberos V4: no user name supplied\r\n");
+	}
+	return(0);
+    }
+
+    memset(instance, 0, sizeof(instance));
+
+    strcpy_truncate (instance,
+		     krb_get_phost(RemoteHostName),
+		     INST_SZ);
+
+    realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName);
+
+    if (!realm) {
+	printf("Kerberos V4: no realm for %s\r\n", RemoteHostName);
+	return(0);
+    }
+    r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0L);
+    if (r) {
+	printf("mk_req failed: %s\r\n", krb_get_err_text(r));
+	return(0);
+    }
+    r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred);
+    if (r) {
+	printf("get_cred failed: %s\r\n", krb_get_err_text(r));
+	return(0);
+    }
+    if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
+	if (auth_debug_mode)
+	    printf("Not enough room for user name\r\n");
+	return(0);
+    }
+    if (auth_debug_mode)
+	printf("Sent %d bytes of authentication data\r\n", auth.length);
+    if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) {
+	if (auth_debug_mode)
+	    printf("Not enough room for authentication data\r\n");
+	return(0);
+    }
+#ifdef ENCRYPTION
+    /* create challenge */
+    if ((ap->way & AUTH_HOW_MASK)==AUTH_HOW_MUTUAL) {
+	int i;
+
+	des_key_sched(&cred.session, sched);
+	memcpy (&cred_session, &cred.session, sizeof(cred_session));
+	des_init_random_number_generator(&cred.session);
+	des_new_random_key(&session_key);
+	des_ecb_encrypt(&session_key, &session_key, sched, 0);
+	des_ecb_encrypt(&session_key, &challenge, sched, 0);
+
+	/*
+	  old code
+	  Some CERT Advisory thinks this is a bad thing...
+	    
+	  des_init_random_number_generator(&cred.session);
+	  des_new_random_key(&challenge);
+	  des_ecb_encrypt(&challenge, &session_key, sched, 1);
+	  */
+	  
+	/*
+	 * Increment the challenge by 1, and encrypt it for
+	 * later comparison.
+	 */
+	for (i = 7; i >= 0; --i) 
+	    if(++challenge[i] != 0) /* No carry! */
+		break;
+	des_ecb_encrypt(&challenge, &challenge, sched, 1);
+    }
+
+#endif
+
+    if (auth_debug_mode) {
+	printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
+	printd(auth.dat, auth.length);
+	printf("\r\n");
+	printf("Sent Kerberos V4 credentials to server\r\n");
+    }
+    return(1);
+}
+int
+kerberos4_send_mutual(Authenticator *ap)
+{
+    return kerberos4_send("mutual KERBEROS4", ap);
+}
+
+int
+kerberos4_send_oneway(Authenticator *ap)
+{
+    return kerberos4_send("KERBEROS4", ap);
+}
+
+void
+kerberos4_is(Authenticator *ap, unsigned char *data, int cnt)
+{
+    struct sockaddr_in addr;
+    char realm[REALM_SZ];
+    char instance[INST_SZ];
+    int r;
+    int addr_len;
+
+    if (cnt-- < 1)
+	return;
+    switch (*data++) {
+    case KRB_AUTH:
+	if (krb_get_lrealm(realm, 1) != KSUCCESS) {
+	    Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    if (auth_debug_mode)
+		printf("No local realm\r\n");
+	    return;
+	}
+	memmove(auth.dat, data, auth.length = cnt);
+	if (auth_debug_mode) {
+	    printf("Got %d bytes of authentication data\r\n", cnt);
+	    printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
+	    printd(auth.dat, auth.length);
+	    printf("\r\n");
+	}
+	k_getsockinst(0, instance, sizeof(instance));
+	addr_len = sizeof(addr);
+	if(getpeername(0, (struct sockaddr *)&addr, &addr_len) < 0) {
+	    if(auth_debug_mode)
+		printf("getpeername failed\r\n");
+	    Data(ap, KRB_REJECT, "getpeername failed", -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    return;
+	}
+	if (addr.sin_family != AF_INET) {
+	    if (auth_debug_mode)
+		printf("unknown address family: %d\r\n", addr.sin_family);
+	    Data(ap, KRB_REJECT, "bad address family", -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    return;
+	}
+
+	r = krb_rd_req(&auth, KRB_SERVICE_NAME,
+		       instance, addr.sin_addr.s_addr, &adat, "");
+	if (r) {
+	    if (auth_debug_mode)
+		printf("Kerberos failed him as %s\r\n", name);
+	    Data(ap, KRB_REJECT, (void *)krb_get_err_text(r), -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    return;
+	}
+	/* save the session key */
+	memmove(session_key, adat.session, sizeof(adat.session));
+	krb_kntoln(&adat, name);
+
+	if (UserNameRequested && !kuserok(&adat, UserNameRequested)){
+	    char ts[MaxPathLen];
+	    struct passwd *pw = getpwnam(UserNameRequested);
+
+	    if(pw){
+		snprintf(ts, sizeof(ts),
+			 "%s%u",
+			 TKT_ROOT,
+			 (unsigned)pw->pw_uid);
+		setenv("KRBTKFILE", ts, 1);
+
+		if (pw->pw_uid == 0)
+		    syslog(LOG_INFO|LOG_AUTH,
+			   "ROOT Kerberos login from %s on %s\n",
+			   krb_unparse_name_long(adat.pname,
+						 adat.pinst,
+						 adat.prealm),
+			   RemoteHostName);
+	    }
+	    Data(ap, KRB_ACCEPT, NULL, 0);
+	} else {
+	    char *msg;
+
+	    asprintf (&msg, "user `%s' is not authorized to "
+		      "login as `%s'", 
+		      krb_unparse_name_long(adat.pname, 
+					    adat.pinst, 
+					    adat.prealm), 
+		      UserNameRequested ? UserNameRequested : "<nobody>");
+	    if (msg == NULL)
+		Data(ap, KRB_REJECT, NULL, 0);
+	    else {
+		Data(ap, KRB_REJECT, (void *)msg, -1);
+		free(msg);
+	    }
+	}
+	auth_finished(ap, AUTH_USER);
+	break;
+	
+    case KRB_CHALLENGE:
+#ifndef ENCRYPTION
+	Data(ap, KRB_RESPONSE, NULL, 0);
+#else
+	if(!VALIDKEY(session_key)){
+	    Data(ap, KRB_RESPONSE, NULL, 0);
+	    break;
+	}
+	des_key_sched(&session_key, sched);
+	{
+	    des_cblock d_block;
+	    int i;
+	    Session_Key skey;
+
+	    memmove(d_block, data, sizeof(d_block));
+
+	    /* make a session key for encryption */
+	    des_ecb_encrypt(&d_block, &session_key, sched, 1);
+	    skey.type=SK_DES;
+	    skey.length=8;
+	    skey.data=session_key;
+	    encrypt_session_key(&skey, 1);
+
+	    /* decrypt challenge, add one and encrypt it */
+	    des_ecb_encrypt(&d_block, &challenge, sched, 0);
+	    for (i = 7; i >= 0; i--)
+		if(++challenge[i] != 0)
+		    break;
+	    des_ecb_encrypt(&challenge, &challenge, sched, 1);
+	    Data(ap, KRB_RESPONSE, (void *)challenge, sizeof(challenge));
+	}
+#endif
+	break;
+
+    case KRB_FORWARD:
+	{
+	    des_key_schedule ks;
+	    unsigned char netcred[sizeof(CREDENTIALS)];
+	    CREDENTIALS cred;
+	    int ret;
+	    if(cnt > sizeof(cred))
+		abort();
+
+	    memcpy (session_key, adat.session, sizeof(session_key));
+	    des_set_key(&session_key, ks);
+	    des_pcbc_encrypt((void*)data, (void*)netcred, cnt, 
+			     ks, &session_key, DES_DECRYPT);
+	    unpack_cred(netcred, cnt, &cred);
+	    {
+		if(strcmp(cred.service, KRB_TICKET_GRANTING_TICKET) ||
+		   strncmp(cred.instance, cred.realm, sizeof(cred.instance)) ||
+		   cred.lifetime < 0 || cred.lifetime > 255 ||
+		   cred.kvno < 0 || cred.kvno > 255 ||
+		   cred.issue_date < 0 || 
+		   cred.issue_date > time(0) + CLOCK_SKEW ||
+		   strncmp(cred.pname, adat.pname, sizeof(cred.pname)) ||
+		   strncmp(cred.pinst, adat.pinst, sizeof(cred.pinst))){
+		    Data(ap, KRB_FORWARD_REJECT, "Bad credentials", -1);
+		}else{
+		    if((ret = tf_setup(&cred,
+				       cred.pname,
+				       cred.pinst)) == KSUCCESS){
+		        struct passwd *pw = getpwnam(UserNameRequested);
+
+			if (pw)
+			  chown(tkt_string(), pw->pw_uid, pw->pw_gid);
+			Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
+		    } else{
+			Data(ap, KRB_FORWARD_REJECT, 
+			     krb_get_err_text(ret), -1);
+		    }
+		}
+	    }
+	    memset(data, 0, cnt);
+	    memset(ks, 0, sizeof(ks));
+	    memset(&cred, 0, sizeof(cred));
+	}
+	
+	break;
+
+    default:
+	if (auth_debug_mode)
+	    printf("Unknown Kerberos option %d\r\n", data[-1]);
+	Data(ap, KRB_REJECT, 0, 0);
+	break;
+    }
+}
+
+void
+kerberos4_reply(Authenticator *ap, unsigned char *data, int cnt)
+{
+    Session_Key skey;
+
+    if (cnt-- < 1)
+	return;
+    switch (*data++) {
+    case KRB_REJECT:
+	if(auth_done){ /* XXX Ick! */
+	    printf("[ Kerberos V4 received unknown opcode ]\r\n");
+	}else{
+	    printf("[ Kerberos V4 refuses authentication ");
+	    if (cnt > 0) 
+		printf("because %.*s ", cnt, data);
+	    printf("]\r\n");
+	    auth_send_retry();
+	}
+	return;
+    case KRB_ACCEPT:
+	printf("[ Kerberos V4 accepts you ]\r\n");
+	auth_done = 1;
+	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+	    /*
+	     * Send over the encrypted challenge.
+	     */
+	    Data(ap, KRB_CHALLENGE, session_key, 
+		 sizeof(session_key));
+	    des_ecb_encrypt(&session_key, &session_key, sched, 1);
+	    skey.type = SK_DES;
+	    skey.length = 8;
+	    skey.data = session_key;
+	    encrypt_session_key(&skey, 0);
+#if 0
+	    kerberos4_forward(ap, &cred_session);
+#endif
+	    return;
+	}
+	auth_finished(ap, AUTH_USER);
+	return;
+    case KRB_RESPONSE:
+	/* make sure the response is correct */
+	if ((cnt != sizeof(des_cblock)) ||
+	    (memcmp(data, challenge, sizeof(challenge)))){
+	    printf("[ Kerberos V4 challenge failed!!! ]\r\n");
+	    auth_send_retry();
+	    return;
+	}
+	printf("[ Kerberos V4 challenge successful ]\r\n");
+	auth_finished(ap, AUTH_USER);
+	break;
+    case KRB_FORWARD_ACCEPT:
+	printf("[ Kerberos V4 accepted forwarded credentials ]\r\n");
+	break;
+    case KRB_FORWARD_REJECT:
+	printf("[ Kerberos V4 rejected forwarded credentials: `%.*s']\r\n",
+	       cnt, data);
+	break;
+    default:
+	if (auth_debug_mode)
+	    printf("Unknown Kerberos option %d\r\n", data[-1]);
+	return;
+    }
+}
+
+int
+kerberos4_status(Authenticator *ap, char *name, size_t name_sz, int level)
+{
+    if (level < AUTH_USER)
+	return(level);
+
+    if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
+	strcpy_truncate(name, UserNameRequested, name_sz);
+	return(AUTH_VALID);
+    } else
+	return(AUTH_USER);
+}
+
+#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
+#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+void
+kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
+{
+    int i;
+
+    buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+    buflen -= 1;
+
+    switch(data[3]) {
+    case KRB_REJECT:		/* Rejected (reason might follow) */
+	strcpy_truncate((char *)buf, " REJECT ", buflen);
+	goto common;
+
+    case KRB_ACCEPT:		/* Accepted (name might follow) */
+	strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+    common:
+	BUMP(buf, buflen);
+	if (cnt <= 4)
+	    break;
+	ADDC(buf, buflen, '"');
+	for (i = 4; i < cnt; i++)
+	    ADDC(buf, buflen, data[i]);
+	ADDC(buf, buflen, '"');
+	ADDC(buf, buflen, '\0');
+	break;
+
+    case KRB_AUTH:			/* Authentication data follows */
+	strcpy_truncate((char *)buf, " AUTH", buflen);
+	goto common2;
+
+    case KRB_CHALLENGE:
+	strcpy_truncate((char *)buf, " CHALLENGE", buflen);
+	goto common2;
+
+    case KRB_RESPONSE:
+	strcpy_truncate((char *)buf, " RESPONSE", buflen);
+	goto common2;
+
+    default:
+	snprintf(buf, buflen, " %d (unknown)", data[3]);
+    common2:
+	BUMP(buf, buflen);
+	for (i = 4; i < cnt; i++) {
+	    snprintf(buf, buflen, " %d", data[i]);
+	    BUMP(buf, buflen);
+	}
+	break;
+    }
+}
+
+int
+kerberos4_cksum(unsigned char *d, int n)
+{
+    int ck = 0;
+
+    /*
+     * A comment is probably needed here for those not
+     * well versed in the "C" language.  Yes, this is
+     * supposed to be a "switch" with the body of the
+     * "switch" being a "while" statement.  The whole
+     * purpose of the switch is to allow us to jump into
+     * the middle of the while() loop, and then not have
+     * to do any more switch()s.
+     *
+     * Some compilers will spit out a warning message
+     * about the loop not being entered at the top.
+     */
+    switch (n&03)
+	while (n > 0) {
+	case 0:
+	    ck ^= (int)*d++ << 24;
+	    --n;
+	case 3:
+	    ck ^= (int)*d++ << 16;
+	    --n;
+	case 2:
+	    ck ^= (int)*d++ << 8;
+	    --n;
+	case 1:
+	    ck ^= (int)*d++;
+	    --n;
+	}
+    return(ck);
+}
+
+static int
+pack_cred(CREDENTIALS *cred, unsigned char *buf)
+{
+    unsigned char *p = buf;
+    
+    memcpy (p, cred->service, ANAME_SZ);
+    p += ANAME_SZ;
+    memcpy (p, cred->instance, INST_SZ);
+    p += INST_SZ;
+    memcpy (p, cred->realm, REALM_SZ);
+    p += REALM_SZ;
+    memcpy(p, cred->session, 8);
+    p += 8;
+    p += KRB_PUT_INT(cred->lifetime, p, 4, 4);
+    p += KRB_PUT_INT(cred->kvno, p, 4, 4);
+    p += KRB_PUT_INT(cred->ticket_st.length, p, 4, 4);
+    memcpy(p, cred->ticket_st.dat, cred->ticket_st.length);
+    p += cred->ticket_st.length;
+    p += KRB_PUT_INT(0, p, 4, 4);
+    p += KRB_PUT_INT(cred->issue_date, p, 4, 4);
+    memcpy (p, cred->pname, ANAME_SZ);
+    p += ANAME_SZ;
+    memcpy (p, cred->pinst, INST_SZ);
+    p += INST_SZ;
+    return p - buf;
+}
+
+static int
+unpack_cred(unsigned char *buf, int len, CREDENTIALS *cred)
+{
+    unsigned char *p = buf;
+    u_int32_t tmp;
+
+    strncpy (cred->service, p, ANAME_SZ);
+    cred->service[ANAME_SZ - 1] = '\0';
+    p += ANAME_SZ;
+    strncpy (cred->instance, p, INST_SZ);
+    cred->instance[INST_SZ - 1] = '\0';
+    p += INST_SZ;
+    strncpy (cred->realm, p, REALM_SZ);
+    cred->realm[REALM_SZ - 1] = '\0';
+    p += REALM_SZ;
+
+    memcpy(cred->session, p, 8);
+    p += 8;
+    p += krb_get_int(p, &tmp, 4, 0);
+    cred->lifetime = tmp;
+    p += krb_get_int(p, &tmp, 4, 0);
+    cred->kvno = tmp;
+
+    p += krb_get_int(p, &cred->ticket_st.length, 4, 0);
+    memcpy(cred->ticket_st.dat, p, cred->ticket_st.length);
+    p += cred->ticket_st.length;
+    p += krb_get_int(p, &tmp, 4, 0);
+    cred->ticket_st.mbz = 0;
+    p += krb_get_int(p, (u_int32_t *)&cred->issue_date, 4, 0);
+
+    strncpy (cred->pname, p, ANAME_SZ);
+    cred->pname[ANAME_SZ - 1] = '\0';
+    p += ANAME_SZ;
+    strncpy (cred->pinst, p, INST_SZ);
+    cred->pinst[INST_SZ - 1] = '\0';
+    p += INST_SZ;
+    return 0;
+}
+
+
+int
+kerberos4_forward(Authenticator *ap, void *v)
+{
+    des_cblock *key = (des_cblock *)v;
+    CREDENTIALS cred;
+    char *realm;
+    des_key_schedule ks;
+    int len;
+    unsigned char netcred[sizeof(CREDENTIALS)];
+    int ret;
+
+    realm = krb_realmofhost(RemoteHostName);
+    if(realm == NULL)
+	return -1;
+    memset(&cred, 0, sizeof(cred));
+    ret = krb_get_cred(KRB_TICKET_GRANTING_TICKET,
+		       realm,
+		       realm, 
+		       &cred);
+    if(ret)
+	return ret;
+    des_set_key(key, ks);
+    len = pack_cred(&cred, netcred);
+    des_pcbc_encrypt((void*)netcred, (void*)netcred, len,
+		     ks, key, DES_ENCRYPT);
+    memset(ks, 0, sizeof(ks));
+    Data(ap, KRB_FORWARD, netcred, len);
+    memset(netcred, 0, sizeof(netcred));
+    return 0;
+}
+
+#endif /* KRB4 */
+
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c
new file mode 100644
index 0000000..0b7818f
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c
@@ -0,0 +1,734 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <config.h>
+
+RCSID("$Id: kerberos5.c,v 1.37 1999/06/24 17:09:10 assar Exp $");
+
+#ifdef	KRB5
+
+#include <arpa/telnet.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <netdb.h>
+#include <ctype.h>
+#include <pwd.h>
+#define Authenticator k5_Authenticator
+#include <krb5.h>
+#undef Authenticator
+#include <roken.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+
+int forward_flags = 0;  /* Flags get set in telnet/main.c on -f and -F */
+
+/* These values need to be the same as those defined in telnet/main.c. */
+/* Either define them in both places, or put in some common header file. */
+#define OPTS_FORWARD_CREDS	0x00000002
+#define OPTS_FORWARDABLE_CREDS	0x00000001
+
+void kerberos5_forward (Authenticator *);
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+			  		AUTHTYPE_KERBEROS_V5, };
+
+#define	KRB_AUTH		0	/* Authentication data follows */
+#define	KRB_REJECT		1	/* Rejected (reason might follow) */
+#define	KRB_ACCEPT		2	/* Accepted */
+#define	KRB_RESPONSE		3	/* Response for mutual auth. */
+
+#define KRB_FORWARD     	4       /* Forwarded credentials follow */
+#define KRB_FORWARD_ACCEPT     	5       /* Forwarded credentials accepted */
+#define KRB_FORWARD_REJECT     	6       /* Forwarded credentials rejected */
+
+static	krb5_data auth;
+static  krb5_ticket *ticket;
+
+static krb5_context context;
+static krb5_auth_context auth_context;
+
+static int
+Data(Authenticator *ap, int type, void *d, int c)
+{
+    unsigned char *p = str_data + 4;
+    unsigned char *cd = (unsigned char *)d;
+
+    if (c == -1)
+	c = strlen(cd);
+
+    if (auth_debug_mode) {
+	printf("%s:%d: [%d] (%d)",
+	       str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+	       str_data[3],
+	       type, c);
+	printd(d, c);
+	printf("\r\n");
+    }
+    *p++ = ap->type;
+    *p++ = ap->way;
+    *p++ = type;
+    while (c-- > 0) {
+	if ((*p++ = *cd++) == IAC)
+	    *p++ = IAC;
+    }
+    *p++ = IAC;
+    *p++ = SE;
+    if (str_data[3] == TELQUAL_IS)
+	printsub('>', &str_data[2], p - &str_data[2]);
+    return(telnet_net_write(str_data, p - str_data));
+}
+
+int
+kerberos5_init(Authenticator *ap, int server)
+{
+    if (server)
+	str_data[3] = TELQUAL_REPLY;
+    else
+	str_data[3] = TELQUAL_IS;
+    krb5_init_context(&context);
+    return(1);
+}
+
+static int
+kerberos5_send(char *name, Authenticator *ap)
+{
+    krb5_error_code ret;
+    krb5_ccache ccache;
+    int ap_opts;
+    krb5_data cksum_data;
+    char foo[2];
+    extern int net;
+    
+    printf("[ Trying %s ... ]\r\n", name);
+    if (!UserNameRequested) {
+	if (auth_debug_mode) {
+	    printf("Kerberos V5: no user name supplied\r\n");
+	}
+	return(0);
+    }
+    
+    ret = krb5_cc_default(context, &ccache);
+    if (ret) {
+	if (auth_debug_mode) {
+	    printf("Kerberos V5: could not get default ccache: %s\r\n",
+		   krb5_get_err_text (context, ret));
+	}
+	return 0;
+    }
+	
+    if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
+	ap_opts = AP_OPTS_MUTUAL_REQUIRED;
+    else
+	ap_opts = 0;
+    
+    ret = krb5_auth_con_init (context, &auth_context);
+    if (ret) {
+	if (auth_debug_mode) {
+	    printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n",
+		   krb5_get_err_text(context, ret));
+	}
+	return(0);
+    }
+
+    ret = krb5_auth_con_setaddrs_from_fd (context,
+					  auth_context,
+					  &net);
+    if (ret) {
+	if (auth_debug_mode) {
+	    printf ("Kerberos V5:"
+		    " krb5_auth_con_setaddrs_from_fd failed (%s)\r\n",
+		    krb5_get_err_text(context, ret));
+	}
+	return(0);
+    }
+
+    krb5_auth_setkeytype (context, auth_context, KEYTYPE_DES);
+
+    foo[0] = ap->type;
+    foo[1] = ap->way;
+
+    cksum_data.length = sizeof(foo);
+    cksum_data.data   = foo;
+    ret = krb5_mk_req(context, &auth_context, ap_opts,
+		      "host", RemoteHostName, 
+		      &cksum_data, ccache, &auth);
+
+    if (ret) {
+	if (1 || auth_debug_mode) {
+	    printf("Kerberos V5: mk_req failed (%s)\r\n",
+		   krb5_get_err_text(context, ret));
+	}
+	return(0);
+    }
+
+    if (!auth_sendname((unsigned char *)UserNameRequested,
+		       strlen(UserNameRequested))) {
+	if (auth_debug_mode)
+	    printf("Not enough room for user name\r\n");
+	return(0);
+    }
+    if (!Data(ap, KRB_AUTH, auth.data, auth.length)) {
+	if (auth_debug_mode)
+	    printf("Not enough room for authentication data\r\n");
+	return(0);
+    }
+    if (auth_debug_mode) {
+	printf("Sent Kerberos V5 credentials to server\r\n");
+    }
+    return(1);
+}
+
+int
+kerberos5_send_mutual(Authenticator *ap)
+{
+    return kerberos5_send("mutual KERBEROS5", ap);
+}
+
+int
+kerberos5_send_oneway(Authenticator *ap)
+{
+    return kerberos5_send("KERBEROS5", ap);
+}
+
+void
+kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
+{
+    krb5_error_code ret;
+    krb5_data outbuf;
+    krb5_keyblock *key_block;
+    char *name;
+    krb5_principal server;
+    int zero = 0;
+
+    if (cnt-- < 1)
+	return;
+    switch (*data++) {
+    case KRB_AUTH:
+	auth.data = (char *)data;
+	auth.length = cnt;
+
+	auth_context = NULL;
+
+	ret = krb5_auth_con_init (context, &auth_context);
+	if (ret) {
+	    Data(ap, KRB_REJECT, "krb5_auth_con_init failed", -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    if (auth_debug_mode)
+		printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n",
+		       krb5_get_err_text(context, ret));
+	    return;
+	}
+
+	ret = krb5_auth_con_setaddrs_from_fd (context,
+					      auth_context,
+					      &zero);
+	if (ret) {
+	    Data(ap, KRB_REJECT, "krb5_auth_con_setaddrs_from_fd failed", -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    if (auth_debug_mode)
+		printf("Kerberos V5: "
+		       "krb5_auth_con_setaddrs_from_fd failed (%s)\r\n",
+		       krb5_get_err_text(context, ret));
+	    return;
+	}
+
+	ret = krb5_sock_to_principal (context,
+				      0,
+				      "host",
+				      KRB5_NT_SRV_HST,
+				      &server);
+	if (ret) {
+	    Data(ap, KRB_REJECT, "krb5_sock_to_principal failed", -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    if (auth_debug_mode)
+		printf("Kerberos V5: "
+		       "krb5_sock_to_principal failed (%s)\r\n",
+		       krb5_get_err_text(context, ret));
+	    return;
+	}
+
+	ret = krb5_rd_req(context,
+			  &auth_context,
+			  &auth, 
+			  server,
+			  NULL,
+			  NULL,
+			  &ticket);
+	krb5_free_principal (context, server);
+
+	if (ret) {
+	    char *errbuf;
+
+	    asprintf(&errbuf,
+		     "Read req failed: %s",
+		     krb5_get_err_text(context, ret));
+	    Data(ap, KRB_REJECT, errbuf, -1);
+	    if (auth_debug_mode)
+		printf("%s\r\n", errbuf);
+	    free (errbuf);
+	    return;
+	}
+	
+	{
+	    char foo[2];
+	    
+	    foo[0] = ap->type;
+	    foo[1] = ap->way;
+	    
+	    ret = krb5_verify_authenticator_checksum(context,
+						     auth_context,
+						     foo, 
+						     sizeof(foo));
+
+	    if (ret) {
+		char *errbuf;
+		asprintf(&errbuf, "Bad checksum: %s", 
+			 krb5_get_err_text(context, ret));
+		Data(ap, KRB_REJECT, errbuf, -1);
+		if (auth_debug_mode)
+		    printf ("%s\r\n", errbuf);
+		free(errbuf);
+		return;
+	    }
+	}
+	ret = krb5_auth_con_getremotesubkey (context,
+					     auth_context,
+					     &key_block);
+
+	if (ret) {
+	    Data(ap, KRB_REJECT, "krb5_auth_con_getremotesubkey failed", -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    if (auth_debug_mode)
+		printf("Kerberos V5: "
+		       "krb5_auth_con_getremotesubkey failed (%s)\r\n",
+		       krb5_get_err_text(context, ret));
+	    return;
+	}
+
+	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+	    ret = krb5_mk_rep(context, &auth_context, &outbuf);
+	    if (ret) {
+		Data(ap, KRB_REJECT,
+		     "krb5_mk_rep failed", -1);
+		auth_finished(ap, AUTH_REJECT);
+		if (auth_debug_mode)
+		    printf("Kerberos V5: "
+			   "krb5_mk_rep failed (%s)\r\n",
+			   krb5_get_err_text(context, ret));
+		return;
+	    }
+	    Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length);
+	}
+	if (krb5_unparse_name(context, ticket->client, &name))
+	    name = 0;
+
+	if(UserNameRequested && krb5_kuserok(context,
+					     ticket->client,
+					     UserNameRequested)) {
+	    Data(ap, KRB_ACCEPT, name, name ? -1 : 0);
+	    if (auth_debug_mode) {
+		printf("Kerberos5 identifies him as ``%s''\r\n",
+		       name ? name : "");
+	    }
+
+	    if(key_block->keytype == ETYPE_DES_CBC_MD5 ||
+	       key_block->keytype == ETYPE_DES_CBC_MD4 ||
+	       key_block->keytype == ETYPE_DES_CBC_CRC) {
+		Session_Key skey;
+
+		skey.type = SK_DES;
+		skey.length = 8;
+		skey.data = key_block->keyvalue.data;
+		encrypt_session_key(&skey, 0);
+	    }
+
+	} else {
+	    char *msg;
+
+	    asprintf (&msg, "user `%s' is not authorized to "
+		      "login as `%s'", 
+		      name ? name : "<unknown>",
+		      UserNameRequested ? UserNameRequested : "<nobody>");
+	    if (msg == NULL)
+		Data(ap, KRB_REJECT, NULL, 0);
+	    else {
+		Data(ap, KRB_REJECT, (void *)msg, -1);
+		free(msg);
+	    }
+	}
+	auth_finished(ap, AUTH_USER);
+
+	krb5_free_keyblock_contents(context, key_block);
+	
+	break;
+    case KRB_FORWARD: {
+	struct passwd *pwd;
+	char ccname[1024];	/* XXX */
+	krb5_data inbuf;
+	krb5_ccache ccache;
+	inbuf.data = (char *)data;
+	inbuf.length = cnt;
+
+	pwd = getpwnam (UserNameRequested);
+	if (pwd == NULL)
+	    break;
+
+	snprintf (ccname, sizeof(ccname),
+		  "FILE:/tmp/krb5cc_%u", pwd->pw_uid);
+
+	ret = krb5_cc_resolve (context, ccname, &ccache);
+	if (ret) {
+	    if (auth_debug_mode)
+		printf ("Kerberos V5: could not get ccache: %s\r\n",
+			krb5_get_err_text(context, ret));
+	    break;
+	}
+
+	ret = krb5_cc_initialize (context,
+				  ccache,
+				  ticket->client);
+	if (ret) {
+	    if (auth_debug_mode)
+		printf ("Kerberos V5: could not init ccache: %s\r\n",
+			krb5_get_err_text(context, ret));
+	    break;
+	}
+
+	ret = krb5_rd_cred (context,
+			    auth_context,
+			    ccache,
+			    &inbuf);
+	if(ret) {
+	    char *errbuf;
+
+	    asprintf (&errbuf,
+		      "Read forwarded creds failed: %s",
+		      krb5_get_err_text (context, ret));
+	    if(errbuf == NULL)
+		Data(ap, KRB_FORWARD_REJECT, NULL, 0);
+	    else
+		Data(ap, KRB_FORWARD_REJECT, errbuf, -1);
+	    if (auth_debug_mode)
+		printf("Could not read forwarded credentials: %s\r\n",
+		       errbuf);
+	    free (errbuf);
+	} else
+	    Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
+	chown (ccname + 5, pwd->pw_uid, -1);
+	if (auth_debug_mode)
+	    printf("Forwarded credentials obtained\r\n");
+	break;
+    }
+    default:
+	if (auth_debug_mode)
+	    printf("Unknown Kerberos option %d\r\n", data[-1]);
+	Data(ap, KRB_REJECT, 0, 0);
+	break;
+    }
+}
+
+void
+kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt)
+{
+    static int mutual_complete = 0;
+
+    if (cnt-- < 1)
+	return;
+    switch (*data++) {
+    case KRB_REJECT:
+	if (cnt > 0) {
+	    printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n",
+		   cnt, data);
+	} else
+	    printf("[ Kerberos V5 refuses authentication ]\r\n");
+	auth_send_retry();
+	return;
+    case KRB_ACCEPT: {
+	krb5_error_code ret;
+	Session_Key skey;
+	krb5_keyblock *keyblock;
+	
+	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL &&
+	    !mutual_complete) {
+	    printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n");
+	    auth_send_retry();
+	    return;
+	}
+	if (cnt)
+	    printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data);
+	else
+	    printf("[ Kerberos V5 accepts you ]\r\n");
+	      
+	ret = krb5_auth_con_getlocalsubkey (context,
+					    auth_context,
+					    &keyblock);
+	if (ret)
+	    ret = krb5_auth_con_getkey (context,
+					auth_context,
+					&keyblock);
+	if(ret) {
+	    printf("[ krb5_auth_con_getkey: %s ]\r\n",
+		   krb5_get_err_text(context, ret));
+	    auth_send_retry();
+	    return;
+	}
+	      
+	skey.type = SK_DES;
+	skey.length = 8;
+	skey.data = keyblock->keyvalue.data;
+	encrypt_session_key(&skey, 0);
+	krb5_free_keyblock_contents (context, keyblock);
+	auth_finished(ap, AUTH_USER);
+	if (forward_flags & OPTS_FORWARD_CREDS)
+	    kerberos5_forward(ap);
+	break;
+    }
+    case KRB_RESPONSE:
+	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+	    /* the rest of the reply should contain a krb_ap_rep */
+	  krb5_ap_rep_enc_part *reply;
+	  krb5_data inbuf;
+	  krb5_error_code ret;
+	    
+	  inbuf.length = cnt;
+	  inbuf.data = (char *)data;
+
+	  ret = krb5_rd_rep(context, auth_context, &inbuf, &reply);
+	  if (ret) {
+	      printf("[ Mutual authentication failed: %s ]\r\n",
+		     krb5_get_err_text (context, ret));
+	      auth_send_retry();
+	      return;
+	  }
+	  krb5_free_ap_rep_enc_part(context, reply);
+	  mutual_complete = 1;
+	}
+	return;
+    case KRB_FORWARD_ACCEPT:
+	printf("[ Kerberos V5 accepted forwarded credentials ]\r\n");
+	return;
+    case KRB_FORWARD_REJECT:
+	printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n",
+	       cnt, data);
+	return;
+    default:
+	if (auth_debug_mode)
+	    printf("Unknown Kerberos option %d\r\n", data[-1]);
+	return;
+    }
+}
+
+int
+kerberos5_status(Authenticator *ap, char *name, size_t name_sz, int level)
+{
+    if (level < AUTH_USER)
+	return(level);
+
+    if (UserNameRequested &&
+	krb5_kuserok(context,
+		     ticket->client,
+		     UserNameRequested))
+	{
+	    strcpy_truncate(name, UserNameRequested, name_sz);
+	    return(AUTH_VALID);
+	} else
+	    return(AUTH_USER);
+}
+
+#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
+#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+void
+kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
+{
+    int i;
+
+    buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+    buflen -= 1;
+
+    switch(data[3]) {
+    case KRB_REJECT:		/* Rejected (reason might follow) */
+	strcpy_truncate((char *)buf, " REJECT ", buflen);
+	goto common;
+
+    case KRB_ACCEPT:		/* Accepted (name might follow) */
+	strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+    common:
+	BUMP(buf, buflen);
+	if (cnt <= 4)
+	    break;
+	ADDC(buf, buflen, '"');
+	for (i = 4; i < cnt; i++)
+	    ADDC(buf, buflen, data[i]);
+	ADDC(buf, buflen, '"');
+	ADDC(buf, buflen, '\0');
+	break;
+
+
+    case KRB_AUTH:			/* Authentication data follows */
+	strcpy_truncate((char *)buf, " AUTH", buflen);
+	goto common2;
+
+    case KRB_RESPONSE:
+	strcpy_truncate((char *)buf, " RESPONSE", buflen);
+	goto common2;
+
+    case KRB_FORWARD:		/* Forwarded credentials follow */
+	strcpy_truncate((char *)buf, " FORWARD", buflen);
+	goto common2;
+
+    case KRB_FORWARD_ACCEPT:	/* Forwarded credentials accepted */
+	strcpy_truncate((char *)buf, " FORWARD_ACCEPT", buflen);
+	goto common2;
+
+    case KRB_FORWARD_REJECT:	/* Forwarded credentials rejected */
+	/* (reason might follow) */
+	strcpy_truncate((char *)buf, " FORWARD_REJECT", buflen);
+	goto common2;
+
+    default:
+	snprintf(buf, buflen, " %d (unknown)", data[3]);
+    common2:
+	BUMP(buf, buflen);
+	for (i = 4; i < cnt; i++) {
+	    snprintf(buf, buflen, " %d", data[i]);
+	    BUMP(buf, buflen);
+	}
+	break;
+    }
+}
+
+void
+kerberos5_forward(Authenticator *ap)
+{
+    krb5_error_code ret;
+    krb5_ccache     ccache;
+    krb5_creds      creds;
+    krb5_kdc_flags  flags;
+    krb5_data       out_data;
+    krb5_principal  principal;
+
+    ret = krb5_cc_default (context, &ccache);
+    if (ret) {
+	if (auth_debug_mode)
+	    printf ("KerberosV5: could not get default ccache: %s\r\n",
+		    krb5_get_err_text (context, ret));
+	return;
+    }
+
+    ret = krb5_cc_get_principal (context, ccache, &principal);
+    if (ret) {
+	if (auth_debug_mode)
+	    printf ("KerberosV5: could not get principal: %s\r\n",
+		    krb5_get_err_text (context, ret));
+	return;
+    }
+
+    memset (&creds, 0, sizeof(creds));
+
+    creds.client = principal;
+    
+    ret = krb5_build_principal (context,
+				&creds.server,
+				strlen(principal->realm),
+				principal->realm,
+				"krbtgt",
+				principal->realm,
+				NULL);
+
+    if (ret) {
+	if (auth_debug_mode)
+	    printf ("KerberosV5: could not get principal: %s\r\n",
+		    krb5_get_err_text (context, ret));
+	return;
+    }
+
+    creds.times.endtime = 0;
+
+    flags.i = 0;
+    flags.b.forwarded = 1;
+    if (forward_flags & OPTS_FORWARDABLE_CREDS)
+	flags.b.forwardable = 1;
+
+    ret = krb5_get_forwarded_creds (context,
+				    auth_context,
+				    ccache,
+				    flags.i,
+				    RemoteHostName,
+				    &creds,
+				    &out_data);
+    if (ret) {
+	if (auth_debug_mode)
+	    printf ("Kerberos V5: error gettting forwarded creds: %s\r\n",
+		    krb5_get_err_text (context, ret));
+	return;
+    }
+
+    if(!Data(ap, KRB_FORWARD, out_data.data, out_data.length)) {
+	if (auth_debug_mode)
+	    printf("Not enough room for authentication data\r\n");
+    } else {
+	if (auth_debug_mode)
+	    printf("Forwarded local Kerberos V5 credentials to server\r\n");
+    }
+}
+
+#endif /* KRB5 */
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c b/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c
new file mode 100644
index 0000000..ee1eee2
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c
@@ -0,0 +1,437 @@
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+RCSID("$Id: krb4encpwd.c,v 1.17 1998/07/09 23:16:29 assar Exp $");
+
+#ifdef	KRB4_ENCPWD
+/*
+ * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
+ * ALL RIGHTS RESERVED
+ *
+ * "Digital Equipment Corporation authorizes the reproduction,
+ * distribution and modification of this software subject to the following
+ * restrictions:
+ *
+ * 1.  Any partial or whole copy of this software, or any modification
+ * thereof, must include this copyright notice in its entirety.
+ *
+ * 2.  This software is supplied "as is" with no warranty of any kind,
+ * expressed or implied, for any purpose, including any warranty of fitness
+ * or merchantibility.  DIGITAL assumes no responsibility for the use or
+ * reliability of this software, nor promises to provide any form of
+ * support for it on any basis.
+ *
+ * 3.  Distribution of this software is authorized only if no profit or
+ * remuneration of any kind is received in exchange for such distribution.
+ *
+ * 4.  This software produces public key authentication certificates
+ * bearing an expiration date established by DIGITAL and RSA Data
+ * Security, Inc.  It may cease to generate certificates after the expiration
+ * date.  Any modification of this software that changes or defeats
+ * the expiration date or its effect is unauthorized.
+ *
+ * 5.  Software that will renew or extend the expiration date of
+ * authentication certificates produced by this software may be obtained
+ * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
+ * 94065, (415)595-8782, or from DIGITAL"
+ *
+ */
+
+#include <sys/types.h>
+#include <arpa/telnet.h>
+#include <pwd.h>
+#include <stdio.h>
+
+#include <des.h>
+#include <krb.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+
+int krb_mk_encpwd_req (KTEXT, char *, char *, char *, char *, char *, char *);
+int krb_rd_encpwd_req (KTEXT, char *, char *, u_long, AUTH_DAT *, char *, char *, char *, char *);
+
+extern auth_debug_mode;
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+			  		AUTHTYPE_KRB4_ENCPWD, };
+static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
+					TELQUAL_NAME, };
+
+#define	KRB4_ENCPWD_AUTH	0	/* Authentication data follows */
+#define	KRB4_ENCPWD_REJECT	1	/* Rejected (reason might follow) */
+#define KRB4_ENCPWD_ACCEPT	2	/* Accepted */
+#define	KRB4_ENCPWD_CHALLENGE	3	/* Challenge for mutual auth. */
+#define	KRB4_ENCPWD_ACK		4	/* Acknowledge */
+
+#define KRB_SERVICE_NAME    "rcmd"
+
+static	KTEXT_ST auth;
+static	char name[ANAME_SZ];
+static	char user_passwd[ANAME_SZ];
+static	AUTH_DAT adat = { 0 };
+static des_key_schedule sched;
+static char  challenge[REALM_SZ];
+
+	static int
+Data(ap, type, d, c)
+	Authenticator *ap;
+	int type;
+	void *d;
+	int c;
+{
+	unsigned char *p = str_data + 4;
+	unsigned char *cd = (unsigned char *)d;
+
+	if (c == -1)
+		c = strlen(cd);
+
+	if (0) {
+		printf("%s:%d: [%d] (%d)",
+			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+			str_data[3],
+			type, c);
+		printd(d, c);
+		printf("\r\n");
+	}
+	*p++ = ap->type;
+	*p++ = ap->way;
+	*p++ = type;
+	while (c-- > 0) {
+		if ((*p++ = *cd++) == IAC)
+			*p++ = IAC;
+	}
+	*p++ = IAC;
+	*p++ = SE;
+	if (str_data[3] == TELQUAL_IS)
+		printsub('>', &str_data[2], p - (&str_data[2]));
+	return(telnet_net_write(str_data, p - str_data));
+}
+
+	int
+krb4encpwd_init(ap, server)
+	Authenticator *ap;
+	int server;
+{
+	char hostname[80], *cp, *realm;
+	des_clock skey;
+
+	if (server) {
+		str_data[3] = TELQUAL_REPLY;
+	} else {
+		str_data[3] = TELQUAL_IS;
+		gethostname(hostname, sizeof(hostname));
+		realm = krb_realmofhost(hostname);
+		cp = strchr(hostname, '.');
+		if (*cp != NULL) *cp = NULL;
+		if (read_service_key(KRB_SERVICE_NAME, hostname, realm, 0,
+					KEYFILE, (char *)skey)) {
+		  return(0);
+		}
+	}
+	return(1);
+}
+
+	int
+krb4encpwd_send(ap)
+	Authenticator *ap;
+{
+
+	printf("[ Trying KRB4ENCPWD ... ]\r\n");
+	if (!UserNameRequested) {
+		return(0);
+	}
+	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
+		return(0);
+	}
+
+	if (!Data(ap, KRB4_ENCPWD_ACK, NULL, 0)) {
+		return(0);
+	}
+
+	return(1);
+}
+
+	void
+krb4encpwd_is(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+	des_cblock datablock;
+	char  r_passwd[ANAME_SZ], r_user[ANAME_SZ];
+	char  lhostname[ANAME_SZ], *cp;
+	int r;
+	time_t now;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case KRB4_ENCPWD_AUTH:
+		memmove(auth.dat, data, auth.length = cnt);
+
+		gethostname(lhostname, sizeof(lhostname));
+		if ((cp = strchr(lhostname, '.')) != 0)  *cp = '\0';
+
+		if (r = krb_rd_encpwd_req(&auth, KRB_SERVICE_NAME, lhostname, 0, &adat, NULL, challenge, r_user, r_passwd)) {
+			Data(ap, KRB4_ENCPWD_REJECT, "Auth failed", -1);
+			auth_finished(ap, AUTH_REJECT);
+			return;
+		}
+		auth_encrypt_userpwd(r_passwd);
+		if (passwdok(UserNameRequested, UserPassword) == 0) {
+		  /*
+		   *  illegal username and password
+		   */
+		  Data(ap, KRB4_ENCPWD_REJECT, "Illegal password", -1);
+		  auth_finished(ap, AUTH_REJECT);
+		  return;
+		}
+
+		memmove(session_key, adat.session, sizeof(des_cblock));
+		Data(ap, KRB4_ENCPWD_ACCEPT, 0, 0);
+		auth_finished(ap, AUTH_USER);
+		break;
+
+	case KRB4_ENCPWD_CHALLENGE:
+		/*
+		 *  Take the received random challenge text and save
+		 *  for future authentication.
+		 */
+		memmove(challenge, data, sizeof(des_cblock));
+		break;
+
+
+	case KRB4_ENCPWD_ACK:
+		/*
+		 *  Receive ack, if mutual then send random challenge
+		 */
+
+		/*
+		 * If we are doing mutual authentication, get set up to send
+		 * the challenge, and verify it when the response comes back.
+		 */
+
+		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+		  int i;
+
+		  time(&now);
+		  snprintf(challenge, sizeof(challenge), "%x", now);
+		  Data(ap, KRB4_ENCPWD_CHALLENGE, challenge, strlen(challenge));
+		}
+		break;
+
+	default:
+		Data(ap, KRB4_ENCPWD_REJECT, 0, 0);
+		break;
+	}
+}
+
+
+	void
+krb4encpwd_reply(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+	KTEXT_ST krb_token;
+	des_cblock enckey;
+	CREDENTIALS cred;
+	int r;
+	char	randchal[REALM_SZ], instance[ANAME_SZ], *cp;
+	char	hostname[80], *realm;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case KRB4_ENCPWD_REJECT:
+		if (cnt > 0) {
+			printf("[ KRB4_ENCPWD refuses authentication because %.*s ]\r\n",
+				cnt, data);
+		} else
+			printf("[ KRB4_ENCPWD refuses authentication ]\r\n");
+		auth_send_retry();
+		return;
+	case KRB4_ENCPWD_ACCEPT:
+		printf("[ KRB4_ENCPWD accepts you ]\r\n");
+		auth_finished(ap, AUTH_USER);
+		return;
+	case KRB4_ENCPWD_CHALLENGE:
+		/*
+		 * Verify that the response to the challenge is correct.
+		 */
+
+		gethostname(hostname, sizeof(hostname));
+		realm = krb_realmofhost(hostname);
+		memmove(challenge, data, cnt);
+		memset(user_passwd, 0, sizeof(user_passwd));
+		des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
+		UserPassword = user_passwd;
+		Challenge = challenge;
+		strcpy_truncate(instance, RemoteHostName, sizeof(instance));
+		if ((cp = strchr(instance, '.')) != 0)  *cp = '\0';
+
+		if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) {
+		  krb_token.length = 0;
+		}
+
+		if (!Data(ap, KRB4_ENCPWD_AUTH, krb_token.dat, krb_token.length)) {
+		  return;
+		}
+
+		break;
+
+	default:
+		return;
+	}
+}
+
+	int
+krb4encpwd_status(ap, name, name_sz, level)
+	Authenticator *ap;
+	char *name;
+	size_t name_sz;
+	int level;
+{
+
+	if (level < AUTH_USER)
+		return(level);
+
+	if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) {
+		strcpy_truncate(name, UserNameRequested, name_sz);
+		return(AUTH_VALID);
+	} else {
+		return(AUTH_USER);
+	}
+}
+
+#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
+#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+	void
+krb4encpwd_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	int i;
+
+	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buflen -= 1;
+
+	switch(data[3]) {
+	case KRB4_ENCPWD_REJECT:	/* Rejected (reason might follow) */
+		strcpy_truncate((char *)buf, " REJECT ", buflen);
+		goto common;
+
+	case KRB4_ENCPWD_ACCEPT:	/* Accepted (name might follow) */
+		strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+	common:
+		BUMP(buf, buflen);
+		if (cnt <= 4)
+			break;
+		ADDC(buf, buflen, '"');
+		for (i = 4; i < cnt; i++)
+			ADDC(buf, buflen, data[i]);
+		ADDC(buf, buflen, '"');
+		ADDC(buf, buflen, '\0');
+		break;
+
+	case KRB4_ENCPWD_AUTH:		/* Authentication data follows */
+		strcpy_truncate((char *)buf, " AUTH", buflen);
+		goto common2;
+
+	case KRB4_ENCPWD_CHALLENGE:
+		strcpy_truncate((char *)buf, " CHALLENGE", buflen);
+		goto common2;
+
+	case KRB4_ENCPWD_ACK:
+		strcpy_truncate((char *)buf, " ACK", buflen);
+		goto common2;
+
+	default:
+		snprintf(buf, buflen, " %d (unknown)", data[3]);
+	common2:
+		BUMP(buf, buflen);
+		for (i = 4; i < cnt; i++) {
+			snprintf(buf, buflen, " %d", data[i]);
+			BUMP(buf, buflen);
+		}
+		break;
+	}
+}
+
+int passwdok(name, passwd)
+char *name, *passwd;
+{
+  char *crypt();
+  char *salt, *p;
+  struct passwd *pwd;
+  int   passwdok_status = 0;
+
+  if (pwd = k_getpwnam(name))
+    salt = pwd->pw_passwd;
+  else salt = "xx";
+
+  p = crypt(passwd, salt);
+
+  if (pwd && !strcmp(p, pwd->pw_passwd)) {
+    passwdok_status = 1;
+  } else passwdok_status = 0;
+  return(passwdok_status);
+}
+
+#endif
+
+#ifdef notdef
+
+prkey(msg, key)
+	char *msg;
+	unsigned char *key;
+{
+	int i;
+	printf("%s:", msg);
+	for (i = 0; i < 8; i++)
+		printf(" %3d", key[i]);
+	printf("\r\n");
+}
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/misc-proto.h b/crypto/kerberosIV/appl/telnet/libtelnet/misc-proto.h
new file mode 100644
index 0000000..a31d924
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/misc-proto.h
@@ -0,0 +1,79 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)misc-proto.h	8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* $Id: misc-proto.h,v 1.7 1998/07/09 23:16:30 assar Exp $ */
+
+#ifndef	__MISC_PROTO__
+#define	__MISC_PROTO__
+
+void auth_encrypt_init (char *, char *, char *, int);
+void auth_encrypt_user(char *name);
+void auth_encrypt_connect (int);
+void printd (const unsigned char *, int);
+
+char** genget (char *name, char **table, int stlen);
+int isprefix(char *s1, char *s2);
+int Ambiguous(void *s);
+
+/*
+ * These functions are imported from the application
+ */
+int telnet_net_write (unsigned char *, int);
+void net_encrypt (void);
+int telnet_spin (void);
+char *telnet_getenv (char *);
+char *telnet_gets (char *, char *, int, int);
+void printsub(int direction, unsigned char *pointer, int length);
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/misc.c b/crypto/kerberosIV/appl/telnet/libtelnet/misc.c
new file mode 100644
index 0000000..2d9199f
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/misc.c
@@ -0,0 +1,94 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+RCSID("$Id: misc.c,v 1.13 1998/06/13 00:06:54 assar Exp $");
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <roken.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+#include "misc.h"
+#include "auth.h"
+#include "encrypt.h"
+
+
+char *RemoteHostName;
+char *LocalHostName;
+char *UserNameRequested = 0;
+int ConnectedCount = 0;
+
+void
+auth_encrypt_init(char *local, char *remote, char *name, int server)
+{
+    RemoteHostName = remote;
+    LocalHostName = local;
+#ifdef AUTHENTICATION
+    auth_init(name, server);
+#endif
+#ifdef ENCRYPTION
+    encrypt_init(name, server);
+#endif
+    if (UserNameRequested) {
+	free(UserNameRequested);
+	UserNameRequested = 0;
+    }
+}
+
+void
+auth_encrypt_user(char *name)
+{
+    if (UserNameRequested)
+	free(UserNameRequested);
+    UserNameRequested = name ? strdup(name) : 0;
+}
+
+void
+auth_encrypt_connect(int cnt)
+{
+}
+
+void
+printd(const unsigned char *data, int cnt)
+{
+    if (cnt > 16)
+	cnt = 16;
+    while (cnt-- > 0) {
+	printf(" %02x", *data);
+	++data;
+    }
+}
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/misc.h b/crypto/kerberosIV/appl/telnet/libtelnet/misc.h
new file mode 100644
index 0000000..41ffa7f
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/misc.h
@@ -0,0 +1,42 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)misc.h	8.1 (Berkeley) 6/4/93
+ */
+
+extern char *UserNameRequested;
+extern char *LocalHostName;
+extern char *RemoteHostName;
+extern int ConnectedCount;
+extern int ReservedPort;
+
+#include "misc-proto.h"
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c b/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c
new file mode 100644
index 0000000..267e98e
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c
@@ -0,0 +1,487 @@
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+RCSID("$Id: rsaencpwd.c,v 1.17 1998/07/09 23:16:32 assar Exp $");
+
+#ifdef	RSA_ENCPWD
+/*
+ * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
+ * ALL RIGHTS RESERVED
+ *
+ * "Digital Equipment Corporation authorizes the reproduction,
+ * distribution and modification of this software subject to the following
+ * restrictions:
+ *
+ * 1.  Any partial or whole copy of this software, or any modification
+ * thereof, must include this copyright notice in its entirety.
+ *
+ * 2.  This software is supplied "as is" with no warranty of any kind,
+ * expressed or implied, for any purpose, including any warranty of fitness
+ * or merchantibility.  DIGITAL assumes no responsibility for the use or
+ * reliability of this software, nor promises to provide any form of
+ * support for it on any basis.
+ *
+ * 3.  Distribution of this software is authorized only if no profit or
+ * remuneration of any kind is received in exchange for such distribution.
+ *
+ * 4.  This software produces public key authentication certificates
+ * bearing an expiration date established by DIGITAL and RSA Data
+ * Security, Inc.  It may cease to generate certificates after the expiration
+ * date.  Any modification of this software that changes or defeats
+ * the expiration date or its effect is unauthorized.
+ *
+ * 5.  Software that will renew or extend the expiration date of
+ * authentication certificates produced by this software may be obtained
+ * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
+ * 94065, (415)595-8782, or from DIGITAL"
+ *
+ */
+
+#include <sys/types.h>
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+#include <pwd.h>
+#include <stdio.h>
+
+#include <stdlib.h>
+#include <string.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+#include "cdc.h"
+
+extern auth_debug_mode;
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+			  		AUTHTYPE_RSA_ENCPWD, };
+static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
+					TELQUAL_NAME, };
+
+#define	RSA_ENCPWD_AUTH	0	/* Authentication data follows */
+#define	RSA_ENCPWD_REJECT	1	/* Rejected (reason might follow) */
+#define RSA_ENCPWD_ACCEPT	2	/* Accepted */
+#define	RSA_ENCPWD_CHALLENGEKEY	3	/* Challenge and public key */
+
+#define NAME_SZ   40
+#define CHAL_SZ   20
+#define PWD_SZ    40
+
+static	KTEXT_ST auth;
+static	char name[NAME_SZ];
+static	char user_passwd[PWD_SZ];
+static  char key_file[2*NAME_SZ];
+static  char lhostname[NAME_SZ];
+static char  challenge[CHAL_SZ];
+static int   challenge_len;
+
+	static int
+Data(ap, type, d, c)
+	Authenticator *ap;
+	int type;
+	void *d;
+	int c;
+{
+	unsigned char *p = str_data + 4;
+	unsigned char *cd = (unsigned char *)d;
+
+	if (c == -1)
+		c = strlen((char *)cd);
+
+	if (0) {
+		printf("%s:%d: [%d] (%d)",
+			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+			str_data[3],
+			type, c);
+		printd(d, c);
+		printf("\r\n");
+	}
+	*p++ = ap->type;
+	*p++ = ap->way;
+	if (type != NULL) *p++ = type;
+	while (c-- > 0) {
+		if ((*p++ = *cd++) == IAC)
+			*p++ = IAC;
+	}
+	*p++ = IAC;
+	*p++ = SE;
+	if (str_data[3] == TELQUAL_IS)
+		printsub('>', &str_data[2], p - (&str_data[2]));
+	return(telnet_net_write(str_data, p - str_data));
+}
+
+	int
+rsaencpwd_init(ap, server)
+	Authenticator *ap;
+	int server;
+{
+	char  *cp;
+	FILE  *fp;
+
+	if (server) {
+		str_data[3] = TELQUAL_REPLY;
+		memset(key_file, 0, sizeof(key_file));
+		gethostname(lhostname, sizeof(lhostname));
+		if ((cp = strchr(lhostname, '.')) != 0)  *cp = '\0';
+		snprintf(key_file, sizeof(key_file),
+			 "/etc/.%s_privkey", lhostname);
+		if ((fp=fopen(key_file, "r"))==NULL) return(0);
+		fclose(fp);
+	} else {
+		str_data[3] = TELQUAL_IS;
+	}
+	return(1);
+}
+
+	int
+rsaencpwd_send(ap)
+	Authenticator *ap;
+{
+
+	printf("[ Trying RSAENCPWD ... ]\r\n");
+	if (!UserNameRequested) {
+		return(0);
+	}
+	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
+		return(0);
+	}
+	if (!Data(ap, NULL, NULL, 0)) {
+		return(0);
+	}
+
+
+	return(1);
+}
+
+	void
+rsaencpwd_is(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+	des_cblock datablock;
+	char  r_passwd[PWD_SZ], r_user[NAME_SZ];
+	char  *cp, key[160];
+	char  chalkey[160], *ptr;
+	FILE  *fp;
+	int r, i, j, chalkey_len, len;
+	time_t now;
+
+	cnt--;
+	switch (*data++) {
+	case RSA_ENCPWD_AUTH:
+		memmove(auth.dat, data, auth.length = cnt);
+
+		if ((fp=fopen(key_file, "r"))==NULL) {
+		  Data(ap, RSA_ENCPWD_REJECT, "Auth failed", -1);
+		  auth_finished(ap, AUTH_REJECT);
+		  return;
+		}
+		/*
+		 *  get privkey
+		 */
+		fscanf(fp, "%x;", &len);
+		for (i=0;i<len;i++) {
+		  j = getc(fp);  key[i]=j;
+		}
+		fclose(fp);
+
+		r = accept_rsa_encpwd(&auth, key, challenge,
+				      challenge_len, r_passwd);
+		if (r < 0) {
+		  Data(ap, RSA_ENCPWD_REJECT, "Auth failed", -1);
+		  auth_finished(ap, AUTH_REJECT);
+		  return;
+		}
+		auth_encrypt_userpwd(r_passwd);
+		if (rsaencpwd_passwdok(UserNameRequested, UserPassword) == 0) {
+		  /*
+		   *  illegal username and password
+		   */
+		  Data(ap, RSA_ENCPWD_REJECT, "Illegal password", -1);
+		  auth_finished(ap, AUTH_REJECT);
+		  return;
+		}
+
+		Data(ap, RSA_ENCPWD_ACCEPT, 0, 0);
+		auth_finished(ap, AUTH_USER);
+		break;
+
+
+	case IAC:
+
+		/*
+		 * If we are doing mutual authentication, get set up to send
+		 * the challenge, and verify it when the response comes back.
+		 */
+		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_ONE_WAY) {
+		  int i;
+
+
+		  time(&now);
+		  if ((now % 2) == 0) {
+		    snprintf(challenge, sizeof(challenge), "%x", now);
+		    challenge_len = strlen(challenge);
+		  } else {
+		    strcpy_truncate(challenge, "randchal", sizeof(challenge));
+		    challenge_len = 8;
+		  }
+
+		  if ((fp=fopen(key_file, "r"))==NULL) {
+		    Data(ap, RSA_ENCPWD_REJECT, "Auth failed", -1);
+		    auth_finished(ap, AUTH_REJECT);
+		    return;
+		  }
+		  /*
+		   *  skip privkey
+		   */
+		  fscanf(fp, "%x;", &len);
+		  for (i=0;i<len;i++) {
+		    j = getc(fp);
+		  }
+		  /*
+		   * get pubkey
+		   */
+		  fscanf(fp, "%x;", &len);
+		  for (i=0;i<len;i++) {
+		    j = getc(fp);  key[i]=j;
+		  }
+		  fclose(fp);
+		  chalkey[0] = 0x30;
+		  ptr = (char *) &chalkey[1];
+		  chalkey_len = 1+NumEncodeLengthOctets(i)+i+1+NumEncodeLengthOctets(challenge_len)+challenge_len;
+		  EncodeLength(ptr, chalkey_len);
+		  ptr +=NumEncodeLengthOctets(chalkey_len);
+		  *ptr++ = 0x04;  /* OCTET STRING */
+		  *ptr++ = challenge_len;
+		  memmove(ptr, challenge, challenge_len);
+		  ptr += challenge_len;
+		  *ptr++ = 0x04;  /* OCTET STRING */
+		  EncodeLength(ptr, i);
+		  ptr += NumEncodeLengthOctets(i);
+		  memmove(ptr, key, i);
+		  chalkey_len = 1+NumEncodeLengthOctets(chalkey_len)+chalkey_len;
+		  Data(ap, RSA_ENCPWD_CHALLENGEKEY, chalkey, chalkey_len);
+		}
+		break;
+
+	default:
+		Data(ap, RSA_ENCPWD_REJECT, 0, 0);
+		break;
+	}
+}
+
+
+	void
+rsaencpwd_reply(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+	KTEXT_ST token;
+	des_cblock enckey;
+	int r, pubkey_len;
+	char	randchal[CHAL_SZ], *cp;
+	char	chalkey[160], pubkey[128], *ptr;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case RSA_ENCPWD_REJECT:
+		if (cnt > 0) {
+			printf("[ RSA_ENCPWD refuses authentication because %.*s ]\r\n",
+				cnt, data);
+		} else
+			printf("[ RSA_ENCPWD refuses authentication ]\r\n");
+		auth_send_retry();
+		return;
+	case RSA_ENCPWD_ACCEPT:
+		printf("[ RSA_ENCPWD accepts you ]\r\n");
+		auth_finished(ap, AUTH_USER);
+		return;
+	case RSA_ENCPWD_CHALLENGEKEY:
+		/*
+		 * Verify that the response to the challenge is correct.
+		 */
+
+		memmove(chalkey, data, cnt);
+		ptr = (char *) &chalkey[0];
+		ptr += DecodeHeaderLength(chalkey);
+		if (*ptr != 0x04) {
+		  return;
+		}
+		*ptr++;
+		challenge_len = DecodeValueLength(ptr);
+		ptr += NumEncodeLengthOctets(challenge_len);
+		memmove(challenge, ptr, challenge_len);
+		ptr += challenge_len;
+		if (*ptr != 0x04) {
+		  return;
+		}
+		*ptr++;
+		pubkey_len = DecodeValueLength(ptr);
+		ptr += NumEncodeLengthOctets(pubkey_len);
+		memmove(pubkey, ptr, pubkey_len);
+		memset(user_passwd, 0, sizeof(user_passwd));
+		des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
+		UserPassword = user_passwd;
+		Challenge = challenge;
+		r = init_rsa_encpwd(&token, user_passwd, challenge, challenge_len, pubkey);
+		if (r < 0) {
+		  token.length = 1;
+		}
+
+		if (!Data(ap, RSA_ENCPWD_AUTH, token.dat, token.length)) {
+		  return;
+		}
+
+		break;
+
+	default:
+		return;
+	}
+}
+
+	int
+rsaencpwd_status(ap, name, name_sz, level)
+	Authenticator *ap;
+	char *name;
+	size_t name_sz;
+	int level;
+{
+
+	if (level < AUTH_USER)
+		return(level);
+
+	if (UserNameRequested && rsaencpwd_passwdok(UserNameRequested, UserPassword)) {
+		strcpy_truncate(name, UserNameRequested, name_sz);
+		return(AUTH_VALID);
+	} else {
+		return(AUTH_USER);
+	}
+}
+
+#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
+#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+	void
+rsaencpwd_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	int i;
+
+	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buflen -= 1;
+
+	switch(data[3]) {
+	case RSA_ENCPWD_REJECT:	/* Rejected (reason might follow) */
+		strcpy_truncate((char *)buf, " REJECT ", buflen);
+		goto common;
+
+	case RSA_ENCPWD_ACCEPT:	/* Accepted (name might follow) */
+		strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+	common:
+		BUMP(buf, buflen);
+		if (cnt <= 4)
+			break;
+		ADDC(buf, buflen, '"');
+		for (i = 4; i < cnt; i++)
+			ADDC(buf, buflen, data[i]);
+		ADDC(buf, buflen, '"');
+		ADDC(buf, buflen, '\0');
+		break;
+
+	case RSA_ENCPWD_AUTH:		/* Authentication data follows */
+		strcpy_truncate((char *)buf, " AUTH", buflen);
+		goto common2;
+
+	case RSA_ENCPWD_CHALLENGEKEY:
+		strcpy_truncate((char *)buf, " CHALLENGEKEY", buflen);
+		goto common2;
+
+	default:
+		snprintf(buf, buflen, " %d (unknown)", data[3]);
+	common2:
+		BUMP(buf, buflen);
+		for (i = 4; i < cnt; i++) {
+			snprintf(buf, buflen, " %d", data[i]);
+			BUMP(buf, buflen);
+		}
+		break;
+	}
+}
+
+int rsaencpwd_passwdok(name, passwd)
+char *name, *passwd;
+{
+  char *crypt();
+  char *salt, *p;
+  struct passwd *pwd;
+  int   passwdok_status = 0;
+
+  if (pwd = k_getpwnam(name))
+    salt = pwd->pw_passwd;
+  else salt = "xx";
+
+  p = crypt(passwd, salt);
+
+  if (pwd && !strcmp(p, pwd->pw_passwd)) {
+    passwdok_status = 1;
+  } else passwdok_status = 0;
+  return(passwdok_status);
+}
+
+#endif
+
+#ifdef notdef
+
+prkey(msg, key)
+	char *msg;
+	unsigned char *key;
+{
+	int i;
+	printf("%s:", msg);
+	for (i = 0; i < 8; i++)
+		printf(" %3d", key[i]);
+	printf("\r\n");
+}
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/spx.c b/crypto/kerberosIV/appl/telnet/libtelnet/spx.c
new file mode 100644
index 0000000..6d2eefe
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/spx.c
@@ -0,0 +1,586 @@
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+RCSID("$Id: spx.c,v 1.16 1998/07/09 23:16:33 assar Exp $");
+
+#ifdef	SPX
+/*
+ * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
+ * ALL RIGHTS RESERVED
+ *
+ * "Digital Equipment Corporation authorizes the reproduction,
+ * distribution and modification of this software subject to the following
+ * restrictions:
+ *
+ * 1.  Any partial or whole copy of this software, or any modification
+ * thereof, must include this copyright notice in its entirety.
+ *
+ * 2.  This software is supplied "as is" with no warranty of any kind,
+ * expressed or implied, for any purpose, including any warranty of fitness
+ * or merchantibility.  DIGITAL assumes no responsibility for the use or
+ * reliability of this software, nor promises to provide any form of
+ * support for it on any basis.
+ *
+ * 3.  Distribution of this software is authorized only if no profit or
+ * remuneration of any kind is received in exchange for such distribution.
+ *
+ * 4.  This software produces public key authentication certificates
+ * bearing an expiration date established by DIGITAL and RSA Data
+ * Security, Inc.  It may cease to generate certificates after the expiration
+ * date.  Any modification of this software that changes or defeats
+ * the expiration date or its effect is unauthorized.
+ *
+ * 5.  Software that will renew or extend the expiration date of
+ * authentication certificates produced by this software may be obtained
+ * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
+ * 94065, (415)595-8782, or from DIGITAL"
+ *
+ */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+#include <stdio.h>
+#include "gssapi_defs.h"
+#include <stdlib.h>
+#include <string.h>
+
+#include <pwd.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+
+extern auth_debug_mode;
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+			  		AUTHTYPE_SPX, };
+static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
+					TELQUAL_NAME, };
+
+#define	SPX_AUTH	0		/* Authentication data follows */
+#define	SPX_REJECT	1		/* Rejected (reason might follow) */
+#define SPX_ACCEPT	2		/* Accepted */
+
+static des_key_schedule sched;
+static des_cblock	challenge	= { 0 };
+
+
+/*******************************************************************/
+
+gss_OID_set		actual_mechs;
+gss_OID			actual_mech_type, output_name_type;
+int			major_status, status, msg_ctx = 0, new_status;
+int			req_flags = 0, ret_flags, lifetime_rec;
+gss_cred_id_t		gss_cred_handle;
+gss_ctx_id_t		actual_ctxhandle, context_handle;
+gss_buffer_desc		output_token, input_token, input_name_buffer;
+gss_buffer_desc		status_string;
+gss_name_t		desired_targname, src_name;
+gss_channel_bindings	input_chan_bindings;
+char			lhostname[GSS_C_MAX_PRINTABLE_NAME];
+char			targ_printable[GSS_C_MAX_PRINTABLE_NAME];
+int			to_addr=0, from_addr=0;
+char			*address;
+gss_buffer_desc		fullname_buffer;
+gss_OID			fullname_type;
+gss_cred_id_t		gss_delegated_cred_handle;
+
+/*******************************************************************/
+
+
+
+	static int
+Data(ap, type, d, c)
+	Authenticator *ap;
+	int type;
+	void *d;
+	int c;
+{
+	unsigned char *p = str_data + 4;
+	unsigned char *cd = (unsigned char *)d;
+
+	if (c == -1)
+		c = strlen((char *)cd);
+
+	if (0) {
+		printf("%s:%d: [%d] (%d)",
+			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+			str_data[3],
+			type, c);
+		printd(d, c);
+		printf("\r\n");
+	}
+	*p++ = ap->type;
+	*p++ = ap->way;
+	*p++ = type;
+	while (c-- > 0) {
+		if ((*p++ = *cd++) == IAC)
+			*p++ = IAC;
+	}
+	*p++ = IAC;
+	*p++ = SE;
+	if (str_data[3] == TELQUAL_IS)
+		printsub('>', &str_data[2], p - (&str_data[2]));
+	return(telnet_net_write(str_data, p - str_data));
+}
+
+	int
+spx_init(ap, server)
+	Authenticator *ap;
+	int server;
+{
+	gss_cred_id_t	tmp_cred_handle;
+
+	if (server) {
+		str_data[3] = TELQUAL_REPLY;
+		gethostname(lhostname, sizeof(lhostname));
+		snprintf (targ_printable, sizeof(targ_printable),
+			  "SERVICE:rcmd@%s", lhostname);
+		input_name_buffer.length = strlen(targ_printable);
+		input_name_buffer.value = targ_printable;
+		major_status = gss_import_name(&status,
+					&input_name_buffer,
+					GSS_C_NULL_OID,
+					&desired_targname);
+		major_status = gss_acquire_cred(&status,
+					desired_targname,
+					0,
+					GSS_C_NULL_OID_SET,
+					GSS_C_ACCEPT,
+					&tmp_cred_handle,
+					&actual_mechs,
+					&lifetime_rec);
+		if (major_status != GSS_S_COMPLETE) return(0);
+	} else {
+		str_data[3] = TELQUAL_IS;
+	}
+	return(1);
+}
+
+	int
+spx_send(ap)
+	Authenticator *ap;
+{
+	des_cblock enckey;
+	int r;
+
+	gss_OID	actual_mech_type, output_name_type;
+	int	msg_ctx = 0, new_status, status;
+	int	req_flags = 0, ret_flags, lifetime_rec, major_status;
+	gss_buffer_desc  output_token, input_token, input_name_buffer;
+	gss_buffer_desc  output_name_buffer, status_string;
+	gss_name_t    desired_targname;
+	gss_channel_bindings  input_chan_bindings;
+	char targ_printable[GSS_C_MAX_PRINTABLE_NAME];
+	int  from_addr=0, to_addr=0, myhostlen, j;
+	int  deleg_flag=1, mutual_flag=0, replay_flag=0, seq_flag=0;
+	char *address;
+
+	printf("[ Trying SPX ... ]\r\n");
+	snprintf (targ_printable, sizeof(targ_printable),
+		  "SERVICE:rcmd@%s", RemoteHostName);
+
+	input_name_buffer.length = strlen(targ_printable);
+	input_name_buffer.value = targ_printable;
+
+	if (!UserNameRequested) {
+		return(0);
+	}
+
+	major_status = gss_import_name(&status,
+					&input_name_buffer,
+					GSS_C_NULL_OID,
+					&desired_targname);
+
+
+	major_status = gss_display_name(&status,
+					desired_targname,
+					&output_name_buffer,
+					&output_name_type);
+
+	printf("target is '%s'\n", output_name_buffer.value); fflush(stdout);
+
+	major_status = gss_release_buffer(&status, &output_name_buffer);
+
+	input_chan_bindings = (gss_channel_bindings)
+	  malloc(sizeof(gss_channel_bindings_desc));
+
+	input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
+	input_chan_bindings->initiator_address.length = 4;
+	address = (char *) malloc(4);
+	input_chan_bindings->initiator_address.value = (char *) address;
+	address[0] = ((from_addr & 0xff000000) >> 24);
+	address[1] = ((from_addr & 0xff0000) >> 16);
+	address[2] = ((from_addr & 0xff00) >> 8);
+	address[3] = (from_addr & 0xff);
+	input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
+	input_chan_bindings->acceptor_address.length = 4;
+	address = (char *) malloc(4);
+	input_chan_bindings->acceptor_address.value = (char *) address;
+	address[0] = ((to_addr & 0xff000000) >> 24);
+	address[1] = ((to_addr & 0xff0000) >> 16);
+	address[2] = ((to_addr & 0xff00) >> 8);
+	address[3] = (to_addr & 0xff);
+	input_chan_bindings->application_data.length = 0;
+
+	req_flags = 0;
+	if (deleg_flag)  req_flags = req_flags | 1;
+	if (mutual_flag) req_flags = req_flags | 2;
+	if (replay_flag) req_flags = req_flags | 4;
+	if (seq_flag)    req_flags = req_flags | 8;
+
+	major_status = gss_init_sec_context(&status,         /* minor status */
+					GSS_C_NO_CREDENTIAL, /* cred handle */
+					&actual_ctxhandle,   /* ctx handle */
+					desired_targname,    /* target name */
+					GSS_C_NULL_OID,      /* mech type */
+					req_flags,           /* req flags */
+					0,                   /* time req */
+					input_chan_bindings, /* chan binding */
+					GSS_C_NO_BUFFER,     /* input token */
+					&actual_mech_type,   /* actual mech */
+					&output_token,       /* output token */
+					&ret_flags,          /* ret flags */
+					&lifetime_rec);      /* time rec */
+
+	if ((major_status != GSS_S_COMPLETE) &&
+	    (major_status != GSS_S_CONTINUE_NEEDED)) {
+	  gss_display_status(&new_status,
+				status,
+				GSS_C_MECH_CODE,
+				GSS_C_NULL_OID,
+				&msg_ctx,
+				&status_string);
+	  printf("%s\n", status_string.value);
+	  return(0);
+	}
+
+	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
+		return(0);
+	}
+
+	if (!Data(ap, SPX_AUTH, output_token.value, output_token.length)) {
+		return(0);
+	}
+
+	return(1);
+}
+
+	void
+spx_is(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+	des_cblock datablock;
+	int r;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case SPX_AUTH:
+		input_token.length = cnt;
+		input_token.value = (char *) data;
+
+		gethostname(lhostname, sizeof(lhostname));
+
+		snprintf(targ_printable, sizeof(targ_printable),
+			 "SERVICE:rcmd@%s", lhostname);
+
+		input_name_buffer.length = strlen(targ_printable);
+		input_name_buffer.value = targ_printable;
+
+		major_status = gss_import_name(&status,
+					&input_name_buffer,
+					GSS_C_NULL_OID,
+					&desired_targname);
+
+		major_status = gss_acquire_cred(&status,
+					desired_targname,
+					0,
+					GSS_C_NULL_OID_SET,
+					GSS_C_ACCEPT,
+					&gss_cred_handle,
+					&actual_mechs,
+					&lifetime_rec);
+
+		major_status = gss_release_name(&status, desired_targname);
+
+		input_chan_bindings = (gss_channel_bindings)
+		  malloc(sizeof(gss_channel_bindings_desc));
+
+		input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
+		input_chan_bindings->initiator_address.length = 4;
+		address = (char *) malloc(4);
+		input_chan_bindings->initiator_address.value = (char *) address;
+		address[0] = ((from_addr & 0xff000000) >> 24);
+		address[1] = ((from_addr & 0xff0000) >> 16);
+		address[2] = ((from_addr & 0xff00) >> 8);
+		address[3] = (from_addr & 0xff);
+		input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
+		input_chan_bindings->acceptor_address.length = 4;
+		address = (char *) malloc(4);
+		input_chan_bindings->acceptor_address.value = (char *) address;
+		address[0] = ((to_addr & 0xff000000) >> 24);
+		address[1] = ((to_addr & 0xff0000) >> 16);
+		address[2] = ((to_addr & 0xff00) >> 8);
+		address[3] = (to_addr & 0xff);
+		input_chan_bindings->application_data.length = 0;
+
+		major_status = gss_accept_sec_context(&status,
+						&context_handle,
+						gss_cred_handle,
+						&input_token,
+						input_chan_bindings,
+						&src_name,
+						&actual_mech_type,
+						&output_token,
+						&ret_flags,
+						&lifetime_rec,
+						&gss_delegated_cred_handle);
+
+
+		if (major_status != GSS_S_COMPLETE) {
+
+		  major_status = gss_display_name(&status,
+					src_name,
+					&fullname_buffer,
+					&fullname_type);
+			Data(ap, SPX_REJECT, "auth failed", -1);
+			auth_finished(ap, AUTH_REJECT);
+			return;
+		}
+
+		major_status = gss_display_name(&status,
+					src_name,
+					&fullname_buffer,
+					&fullname_type);
+
+
+		Data(ap, SPX_ACCEPT, output_token.value, output_token.length);
+		auth_finished(ap, AUTH_USER);
+		break;
+
+	default:
+		Data(ap, SPX_REJECT, 0, 0);
+		break;
+	}
+}
+
+
+	void
+spx_reply(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case SPX_REJECT:
+		if (cnt > 0) {
+			printf("[ SPX refuses authentication because %.*s ]\r\n",
+				cnt, data);
+		} else
+			printf("[ SPX refuses authentication ]\r\n");
+		auth_send_retry();
+		return;
+	case SPX_ACCEPT:
+		printf("[ SPX accepts you ]\r\n");
+		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+			/*
+			 * Send over the encrypted challenge.
+		 	 */
+		  input_token.value = (char *) data;
+		  input_token.length = cnt;
+
+		  major_status = gss_init_sec_context(&status, /* minor stat */
+					GSS_C_NO_CREDENTIAL, /* cred handle */
+					&actual_ctxhandle,   /* ctx handle */
+					desired_targname,    /* target name */
+					GSS_C_NULL_OID,      /* mech type */
+					req_flags,           /* req flags */
+					0,                   /* time req */
+					input_chan_bindings, /* chan binding */
+					&input_token,        /* input token */
+					&actual_mech_type,   /* actual mech */
+					&output_token,       /* output token */
+					&ret_flags,          /* ret flags */
+					&lifetime_rec);      /* time rec */
+
+		  if (major_status != GSS_S_COMPLETE) {
+		    gss_display_status(&new_status,
+					status,
+					GSS_C_MECH_CODE,
+					GSS_C_NULL_OID,
+					&msg_ctx,
+					&status_string);
+		    printf("[ SPX mutual response fails ... '%s' ]\r\n",
+			 status_string.value);
+		    auth_send_retry();
+		    return;
+		  }
+		}
+		auth_finished(ap, AUTH_USER);
+		return;
+
+	default:
+		return;
+	}
+}
+
+	int
+spx_status(ap, name, name_sz, level)
+	Authenticator *ap;
+	char *name;
+	size_t name_sz;
+	int level;
+{
+
+	gss_buffer_desc  fullname_buffer, acl_file_buffer;
+	gss_OID          fullname_type;
+	char acl_file[160], fullname[160];
+	int major_status, status = 0;
+	struct passwd  *pwd;
+
+	/*
+	 * hard code fullname to
+	 *   "SPX:/C=US/O=Digital/OU=LKG/OU=Sphinx/OU=Users/CN=Kannan Alagappan"
+	 * and acl_file to "~kannan/.sphinx"
+	 */
+
+	pwd = k_getpwnam(UserNameRequested);
+	if (pwd == NULL) {
+	  return(AUTH_USER);   /*  not authenticated  */
+	}
+
+	snprintf (acl_file, sizeof(acl_file),
+		  "%s/.sphinx", pwd->pw_dir);
+
+	acl_file_buffer.value = acl_file;
+	acl_file_buffer.length = strlen(acl_file);
+
+	major_status = gss_display_name(&status,
+					src_name,
+					&fullname_buffer,
+					&fullname_type);
+
+	if (level < AUTH_USER)
+		return(level);
+
+	major_status = gss__check_acl(&status, &fullname_buffer,
+					&acl_file_buffer);
+
+	if (major_status == GSS_S_COMPLETE) {
+	  strcpy_truncate(name, UserNameRequested, name_sz);
+	  return(AUTH_VALID);
+	} else {
+	   return(AUTH_USER);
+	}
+
+}
+
+#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
+#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+	void
+spx_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	int i;
+
+	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buflen -= 1;
+
+	switch(data[3]) {
+	case SPX_REJECT:		/* Rejected (reason might follow) */
+		strcpy_truncate((char *)buf, " REJECT ", buflen);
+		goto common;
+
+	case SPX_ACCEPT:		/* Accepted (name might follow) */
+		strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+	common:
+		BUMP(buf, buflen);
+		if (cnt <= 4)
+			break;
+		ADDC(buf, buflen, '"');
+		for (i = 4; i < cnt; i++)
+			ADDC(buf, buflen, data[i]);
+		ADDC(buf, buflen, '"');
+		ADDC(buf, buflen, '\0');
+		break;
+
+	case SPX_AUTH:			/* Authentication data follows */
+		strcpy_truncate((char *)buf, " AUTH", buflen);
+		goto common2;
+
+	default:
+		snprintf(buf, buflen, " %d (unknown)", data[3]);
+	common2:
+		BUMP(buf, buflen);
+		for (i = 4; i < cnt; i++) {
+			snprintf(buf, buflen, " %d", data[i]);
+			BUMP(buf, buflen);
+		}
+		break;
+	}
+}
+
+#endif
+
+#ifdef notdef
+
+prkey(msg, key)
+	char *msg;
+	unsigned char *key;
+{
+	int i;
+	printf("%s:", msg);
+	for (i = 0; i < 8; i++)
+		printf(" %3d", key[i]);
+	printf("\r\n");
+}
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/telnet.state b/crypto/kerberosIV/appl/telnet/telnet.state
new file mode 100644
index 0000000..1927a2b
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet.state
@@ -0,0 +1,80 @@
+
+   Three pieces of state need to be kept for each side of each option.
+   (You need the localside, sending WILL/WONT & receiving DO/DONT, and
+   the remoteside, sending DO/DONT and receiving WILL/WONT)
+
+	MY_STATE:	What state am I in?
+	WANT_STATE:	What state do I want?
+	WANT_RESP:	How many requests have I initiated?
+
+   Default values:
+	MY_STATE = WANT_STATE = DONT
+	WANT_RESP = 0
+
+   The local setup will change based on the state of the Telnet
+   variables.  When we are the originator, we can either make the
+   local setup changes at option request time (in which case if
+   the option is denied we need to change things back) or when
+   the option is acknowledged.
+
+   To initiate a switch to NEW_STATE:
+
+	if ((WANT_RESP == 0 && NEW_STATE == MY_STATE) ||
+			WANT_STATE == NEW_STATE) {
+	    do nothing;
+	} else {
+	    /*
+	     * This is where the logic goes to change the local setup
+	     * if we are doing so at request initiation
+	     */
+	    WANT_STATE = NEW_STATE;
+	    send NEW_STATE;
+	    WANT_RESP += 1;
+	}
+
+   When receiving NEW_STATE:
+
+	if (WANT_RESP) {
+	    --WANT_RESP;
+	    if (WANT_RESP && (NEW_STATE == MY_STATE))
+		--WANT_RESP;
+	}
+	if (WANT_RESP == 0) {
+	    if (NEW_STATE != WANT_STATE) {
+		/*
+		 * This is where the logic goes to decide if it is ok
+		 * to switch to NEW_STATE, and if so, do any necessary
+		 * local setup changes.
+		 */
+		if (ok_to_switch_to NEW_STATE)
+		    WANT_STATE = NEW_STATE;
+		else
+		    WANT_RESP++;
+*		if (MY_STATE != WANT_STATE)
+		    reply with WANT_STATE;
+	    } else {
+		/*
+		 * This is where the logic goes to change the local setup
+		 * if we are doing so at request acknowledgment
+		 */
+	    }
+	}
+	MY_STATE = NEW_STATE;
+
+* This if() line is not needed, it should be ok to always do the
+  "reply with WANT_STATE".  With the if() line, asking to turn on
+  an option that the other side doesn't understand is:
+		Send DO option
+		Recv WONT option
+  Without the if() line, it is:
+		Send DO option
+		Recv WONT option
+		Send DONT option
+  If the other side does not expect to receive the latter case,
+  but generates the latter case, then there is a potential for
+  option negotiation loops.  An implementation that does not expect
+  to get the second case should not generate it, an implementation
+  that does expect to get it may or may not generate it, and things
+  will still work.  Being conservative in what we send, we have the
+  if() statement in, but we expect the other side to generate the
+  last response.
diff --git a/crypto/kerberosIV/appl/telnet/telnet/Makefile.am b/crypto/kerberosIV/appl/telnet/telnet/Makefile.am
new file mode 100644
index 0000000..882aa24
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/Makefile.am
@@ -0,0 +1,20 @@
+# $Id: Makefile.am,v 1.12 1999/06/23 12:37:58 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += -I$(srcdir)/.. $(INCLUDE_krb4)
+
+bin_PROGRAMS = telnet
+
+CHECK_LOCAL = 
+
+telnet_SOURCES  = authenc.c commands.c main.c network.c ring.c \
+		  sys_bsd.c telnet.c terminal.c \
+		  utilities.c defines.h externs.h ring.h telnet_locl.h types.h
+
+LDADD = ../libtelnet/libtelnet.a \
+	$(LIB_krb5) \
+	$(LIB_krb4) \
+	$(top_builddir)/lib/des/libdes.la \
+	$(LIB_tgetent) \
+	$(LIB_roken)
diff --git a/crypto/kerberosIV/appl/telnet/telnet/Makefile.in b/crypto/kerberosIV/appl/telnet/telnet/Makefile.in
new file mode 100644
index 0000000..4da3e05
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/Makefile.in
@@ -0,0 +1,75 @@
+# $Id: Makefile.in,v 1.34 1999/03/11 13:50:09 joda Exp $
+
+srcdir		= @srcdir@
+top_srcdir	= @top_srcdir@
+VPATH		= @srcdir@
+
+SHELL		= /bin/sh
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+LIBS = @LIBS@
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+PROGS = telnet$(EXECSUFFIX)
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+libdir = @libdir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+SOURCES=authenc.c commands.c main.c network.c ring.c \
+	sys_bsd.c telnet.c terminal.c \
+	utilities.c
+
+OBJECTS=authenc.o commands.o main.o network.o ring.o sys_bsd.o \
+	telnet.o terminal.o utilities.o
+
+libtop=@libtop@
+
+LIBKRB		= -L../../../lib/krb -lkrb
+LIBDES		= -L../../../lib/des -ldes
+LIBROKEN	= -L../../../lib/roken -lroken
+
+KLIB=$(LIBKRB) $(LIBDES)
+
+
+all: $(PROGS)
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../../include -I.. -I$(srcdir)/.. $(CFLAGS) $(CPPFLAGS) $<
+
+telnet$(EXECSUFFIX): $(OBJECTS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS) -L../libtelnet -ltelnet $(KLIB) $(LIBROKEN) $(LIBS) @LIB_tgetent@ $(LIBROKEN)
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
+	for x in $(PROGS); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(PROGS); do \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+clean cleandir:
+	rm -f *.o *.a telnet$(EXECSUFFIX) \#* *~ core
+
+distclean: clean
+	rm -f Makefile *~
+
+.PHONY: all install uninstall clean cleandir distclean
diff --git a/crypto/kerberosIV/appl/telnet/telnet/authenc.c b/crypto/kerberosIV/appl/telnet/telnet/authenc.c
new file mode 100644
index 0000000..08da93d
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/authenc.c
@@ -0,0 +1,91 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: authenc.c,v 1.9 1999/03/19 23:13:51 assar Exp $");
+
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+int
+telnet_net_write(unsigned char *str, int len)
+{
+	if (NETROOM() > len) {
+		ring_supply_data(&netoring, str, len);
+		if (str[0] == IAC && str[1] == SE)
+			printsub('>', &str[2], len-2);
+		return(len);
+	}
+	return(0);
+}
+
+void
+net_encrypt(void)
+{
+#if	defined(ENCRYPTION)
+	if (encrypt_output)
+		ring_encrypt(&netoring, encrypt_output);
+	else
+		ring_clearto(&netoring);
+#endif
+}
+
+int
+telnet_spin(void)
+{
+	return(-1);
+}
+
+char *
+telnet_getenv(char *val)
+{
+	return((char *)env_getvalue((unsigned char *)val));
+}
+
+char *
+telnet_gets(char *prompt, char *result, int length, int echo)
+{
+	int om = globalmode;
+	char *res;
+
+	TerminalNewMode(-1);
+	if (echo) {
+		printf("%s", prompt);
+		res = fgets(result, length, stdin);
+	} else if ((res = getpass(prompt))) {
+		strcpy_truncate(result, res, length);
+		res = result;
+	}
+	TerminalNewMode(om);
+	return(res);
+}
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/telnet/commands.c b/crypto/kerberosIV/appl/telnet/telnet/commands.c
new file mode 100644
index 0000000..57803fa
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/commands.c
@@ -0,0 +1,2693 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: commands.c,v 1.53 1999/07/07 14:56:17 assar Exp $");
+
+#if	defined(IPPROTO_IP) && defined(IP_TOS)
+int tos = -1;
+#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
+
+char	*hostname;
+static char _hostname[MaxHostNameLen];
+
+typedef int (*intrtn_t)(int, char**);
+static int call(intrtn_t, ...);
+
+typedef struct {
+	char	*name;		/* command name */
+	char	*help;		/* help string (NULL for no help) */
+	int	(*handler)();	/* routine which executes command */
+	int	needconnect;	/* Do we need to be connected to execute? */
+} Command;
+
+static char line[256];
+static char saveline[256];
+static int margc;
+static char *margv[20];
+
+static void
+makeargv()
+{
+    char *cp, *cp2, c;
+    char **argp = margv;
+
+    margc = 0;
+    cp = line;
+    if (*cp == '!') {		/* Special case shell escape */
+	/* save for shell command */
+	strcpy_truncate(saveline, line, sizeof(saveline));
+	*argp++ = "!";		/* No room in string to get this */
+	margc++;
+	cp++;
+    }
+    while ((c = *cp)) {
+	int inquote = 0;
+	while (isspace(c))
+	    c = *++cp;
+	if (c == '\0')
+	    break;
+	*argp++ = cp;
+	margc += 1;
+	for (cp2 = cp; c != '\0'; c = *++cp) {
+	    if (inquote) {
+		if (c == inquote) {
+		    inquote = 0;
+		    continue;
+		}
+	    } else {
+		if (c == '\\') {
+		    if ((c = *++cp) == '\0')
+			break;
+		} else if (c == '"') {
+		    inquote = '"';
+		    continue;
+		} else if (c == '\'') {
+		    inquote = '\'';
+		    continue;
+		} else if (isspace(c))
+		    break;
+	    }
+	    *cp2++ = c;
+	}
+	*cp2 = '\0';
+	if (c == '\0')
+	    break;
+	cp++;
+    }
+    *argp++ = 0;
+}
+
+/*
+ * Make a character string into a number.
+ *
+ * Todo:  1.  Could take random integers (12, 0x12, 012, 0b1).
+ */
+
+static char
+special(char *s)
+{
+	char c;
+	char b;
+
+	switch (*s) {
+	case '^':
+		b = *++s;
+		if (b == '?') {
+		    c = b | 0x40;		/* DEL */
+		} else {
+		    c = b & 0x1f;
+		}
+		break;
+	default:
+		c = *s;
+		break;
+	}
+	return c;
+}
+
+/*
+ * Construct a control character sequence
+ * for a special character.
+ */
+static char *
+control(cc_t c)
+{
+	static char buf[5];
+	/*
+	 * The only way I could get the Sun 3.5 compiler
+	 * to shut up about
+	 *	if ((unsigned int)c >= 0x80)
+	 * was to assign "c" to an unsigned int variable...
+	 * Arggg....
+	 */
+	unsigned int uic = (unsigned int)c;
+
+	if (uic == 0x7f)
+		return ("^?");
+	if (c == (cc_t)_POSIX_VDISABLE) {
+		return "off";
+	}
+	if (uic >= 0x80) {
+		buf[0] = '\\';
+		buf[1] = ((c>>6)&07) + '0';
+		buf[2] = ((c>>3)&07) + '0';
+		buf[3] = (c&07) + '0';
+		buf[4] = 0;
+	} else if (uic >= 0x20) {
+		buf[0] = c;
+		buf[1] = 0;
+	} else {
+		buf[0] = '^';
+		buf[1] = '@'+c;
+		buf[2] = 0;
+	}
+	return (buf);
+}
+
+
+
+/*
+ *	The following are data structures and routines for
+ *	the "send" command.
+ *
+ */
+
+struct sendlist {
+    char	*name;		/* How user refers to it (case independent) */
+    char	*help;		/* Help information (0 ==> no help) */
+    int		needconnect;	/* Need to be connected */
+    int		narg;		/* Number of arguments */
+    int		(*handler)();	/* Routine to perform (for special ops) */
+    int		nbyte;		/* Number of bytes to send this command */
+    int		what;		/* Character to be sent (<0 ==> special) */
+};
+
+
+static int
+	send_esc (void),
+	send_help (void),
+	send_docmd (char *),
+	send_dontcmd (char *),
+	send_willcmd (char *),
+	send_wontcmd (char *);
+
+static struct sendlist Sendlist[] = {
+    { "ao",	"Send Telnet Abort output",		1, 0, 0, 2, AO },
+    { "ayt",	"Send Telnet 'Are You There'",		1, 0, 0, 2, AYT },
+    { "brk",	"Send Telnet Break",			1, 0, 0, 2, BREAK },
+    { "break",	0,					1, 0, 0, 2, BREAK },
+    { "ec",	"Send Telnet Erase Character",		1, 0, 0, 2, EC },
+    { "el",	"Send Telnet Erase Line",		1, 0, 0, 2, EL },
+    { "escape",	"Send current escape character",	1, 0, send_esc, 1, 0 },
+    { "ga",	"Send Telnet 'Go Ahead' sequence",	1, 0, 0, 2, GA },
+    { "ip",	"Send Telnet Interrupt Process",	1, 0, 0, 2, IP },
+    { "intp",	0,					1, 0, 0, 2, IP },
+    { "interrupt", 0,					1, 0, 0, 2, IP },
+    { "intr",	0,					1, 0, 0, 2, IP },
+    { "nop",	"Send Telnet 'No operation'",		1, 0, 0, 2, NOP },
+    { "eor",	"Send Telnet 'End of Record'",		1, 0, 0, 2, EOR },
+    { "abort",	"Send Telnet 'Abort Process'",		1, 0, 0, 2, ABORT },
+    { "susp",	"Send Telnet 'Suspend Process'",	1, 0, 0, 2, SUSP },
+    { "eof",	"Send Telnet End of File Character",	1, 0, 0, 2, xEOF },
+    { "synch",	"Perform Telnet 'Synch operation'",	1, 0, dosynch, 2, 0 },
+    { "getstatus", "Send request for STATUS",		1, 0, get_status, 6, 0 },
+    { "?",	"Display send options",			0, 0, send_help, 0, 0 },
+    { "help",	0,					0, 0, send_help, 0, 0 },
+    { "do",	0,					0, 1, send_docmd, 3, 0 },
+    { "dont",	0,					0, 1, send_dontcmd, 3, 0 },
+    { "will",	0,					0, 1, send_willcmd, 3, 0 },
+    { "wont",	0,					0, 1, send_wontcmd, 3, 0 },
+    { 0 }
+};
+
+#define	GETSEND(name) ((struct sendlist *) genget(name, (char **) Sendlist, \
+				sizeof(struct sendlist)))
+
+static int
+sendcmd(int argc, char **argv)
+{
+    int count;		/* how many bytes we are going to need to send */
+    int i;
+    struct sendlist *s;	/* pointer to current command */
+    int success = 0;
+    int needconnect = 0;
+
+    if (argc < 2) {
+	printf("need at least one argument for 'send' command\r\n");
+	printf("'send ?' for help\r\n");
+	return 0;
+    }
+    /*
+     * First, validate all the send arguments.
+     * In addition, we see how much space we are going to need, and
+     * whether or not we will be doing a "SYNCH" operation (which
+     * flushes the network queue).
+     */
+    count = 0;
+    for (i = 1; i < argc; i++) {
+	s = GETSEND(argv[i]);
+	if (s == 0) {
+	    printf("Unknown send argument '%s'\r\n'send ?' for help.\r\n",
+			argv[i]);
+	    return 0;
+	} else if (Ambiguous(s)) {
+	    printf("Ambiguous send argument '%s'\r\n'send ?' for help.\r\n",
+			argv[i]);
+	    return 0;
+	}
+	if (i + s->narg >= argc) {
+	    fprintf(stderr,
+	    "Need %d argument%s to 'send %s' command.  'send %s ?' for help.\r\n",
+		s->narg, s->narg == 1 ? "" : "s", s->name, s->name);
+	    return 0;
+	}
+	count += s->nbyte;
+	if (s->handler == send_help) {
+	    send_help();
+	    return 0;
+	}
+
+	i += s->narg;
+	needconnect += s->needconnect;
+    }
+    if (!connected && needconnect) {
+	printf("?Need to be connected first.\r\n");
+	printf("'send ?' for help\r\n");
+	return 0;
+    }
+    /* Now, do we have enough room? */
+    if (NETROOM() < count) {
+	printf("There is not enough room in the buffer TO the network\r\n");
+	printf("to process your request.  Nothing will be done.\r\n");
+	printf("('send synch' will throw away most data in the network\r\n");
+	printf("buffer, if this might help.)\r\n");
+	return 0;
+    }
+    /* OK, they are all OK, now go through again and actually send */
+    count = 0;
+    for (i = 1; i < argc; i++) {
+	if ((s = GETSEND(argv[i])) == 0) {
+	    fprintf(stderr, "Telnet 'send' error - argument disappeared!\r\n");
+	    quit();
+	    /*NOTREACHED*/
+	}
+	if (s->handler) {
+	    count++;
+	    success += (*s->handler)((s->narg > 0) ? argv[i+1] : 0,
+				  (s->narg > 1) ? argv[i+2] : 0);
+	    i += s->narg;
+	} else {
+	    NET2ADD(IAC, s->what);
+	    printoption("SENT", IAC, s->what);
+	}
+    }
+    return (count == success);
+}
+
+static int
+send_tncmd(void (*func)(), char *cmd, char *name);
+
+static int
+send_esc()
+{
+    NETADD(escape);
+    return 1;
+}
+
+static int
+send_docmd(char *name)
+{
+    return(send_tncmd(send_do, "do", name));
+}
+
+static int
+send_dontcmd(char *name)
+{
+    return(send_tncmd(send_dont, "dont", name));
+}
+
+static int
+send_willcmd(char *name)
+{
+    return(send_tncmd(send_will, "will", name));
+}
+
+static int
+send_wontcmd(char *name)
+{
+    return(send_tncmd(send_wont, "wont", name));
+}
+
+static int
+send_tncmd(void (*func)(), char *cmd, char *name)
+{
+    char **cpp;
+    extern char *telopts[];
+    int val = 0;
+
+    if (isprefix(name, "help") || isprefix(name, "?")) {
+	int col, len;
+
+	printf("Usage: send %s <value|option>\r\n", cmd);
+	printf("\"value\" must be from 0 to 255\r\n");
+	printf("Valid options are:\r\n\t");
+
+	col = 8;
+	for (cpp = telopts; *cpp; cpp++) {
+	    len = strlen(*cpp) + 3;
+	    if (col + len > 65) {
+		printf("\r\n\t");
+		col = 8;
+	    }
+	    printf(" \"%s\"", *cpp);
+	    col += len;
+	}
+	printf("\r\n");
+	return 0;
+    }
+    cpp = genget(name, telopts, sizeof(char *));
+    if (Ambiguous(cpp)) {
+	fprintf(stderr,"'%s': ambiguous argument ('send %s ?' for help).\r\n",
+					name, cmd);
+	return 0;
+    }
+    if (cpp) {
+	val = cpp - telopts;
+    } else {
+	char *cp = name;
+
+	while (*cp >= '0' && *cp <= '9') {
+	    val *= 10;
+	    val += *cp - '0';
+	    cp++;
+	}
+	if (*cp != 0) {
+	    fprintf(stderr, "'%s': unknown argument ('send %s ?' for help).\r\n",
+					name, cmd);
+	    return 0;
+	} else if (val < 0 || val > 255) {
+	    fprintf(stderr, "'%s': bad value ('send %s ?' for help).\r\n",
+					name, cmd);
+	    return 0;
+	}
+    }
+    if (!connected) {
+	printf("?Need to be connected first.\r\n");
+	return 0;
+    }
+    (*func)(val, 1);
+    return 1;
+}
+
+static int
+send_help()
+{
+    struct sendlist *s;	/* pointer to current command */
+    for (s = Sendlist; s->name; s++) {
+	if (s->help)
+	    printf("%-15s %s\r\n", s->name, s->help);
+    }
+    return(0);
+}
+
+/*
+ * The following are the routines and data structures referred
+ * to by the arguments to the "toggle" command.
+ */
+
+static int
+lclchars()
+{
+    donelclchars = 1;
+    return 1;
+}
+
+static int
+togdebug()
+{
+#ifndef	NOT43
+    if (net > 0 &&
+	(SetSockOpt(net, SOL_SOCKET, SO_DEBUG, debug)) < 0) {
+	    perror("setsockopt (SO_DEBUG)");
+    }
+#else	/* NOT43 */
+    if (debug) {
+	if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 0, 0) < 0)
+	    perror("setsockopt (SO_DEBUG)");
+    } else
+	printf("Cannot turn off socket debugging\r\n");
+#endif	/* NOT43 */
+    return 1;
+}
+
+#if defined(KRB4) && defined(HAVE_KRB_DISABLE_DEBUG)
+#include <krb.h>
+
+static int
+togkrbdebug(void)
+{
+    if(krb_debug)
+	krb_enable_debug();
+    else
+	krb_disable_debug();
+    return 1;
+}
+#endif
+
+static int
+togcrlf()
+{
+    if (crlf) {
+	printf("Will send carriage returns as telnet <CR><LF>.\r\n");
+    } else {
+	printf("Will send carriage returns as telnet <CR><NUL>.\r\n");
+    }
+    return 1;
+}
+
+int binmode;
+
+static int
+togbinary(int val)
+{
+    donebinarytoggle = 1;
+
+    if (val >= 0) {
+	binmode = val;
+    } else {
+	if (my_want_state_is_will(TELOPT_BINARY) &&
+				my_want_state_is_do(TELOPT_BINARY)) {
+	    binmode = 1;
+	} else if (my_want_state_is_wont(TELOPT_BINARY) &&
+				my_want_state_is_dont(TELOPT_BINARY)) {
+	    binmode = 0;
+	}
+	val = binmode ? 0 : 1;
+    }
+
+    if (val == 1) {
+	if (my_want_state_is_will(TELOPT_BINARY) &&
+					my_want_state_is_do(TELOPT_BINARY)) {
+	    printf("Already operating in binary mode with remote host.\r\n");
+	} else {
+	    printf("Negotiating binary mode with remote host.\r\n");
+	    tel_enter_binary(3);
+	}
+    } else {
+	if (my_want_state_is_wont(TELOPT_BINARY) &&
+					my_want_state_is_dont(TELOPT_BINARY)) {
+	    printf("Already in network ascii mode with remote host.\r\n");
+	} else {
+	    printf("Negotiating network ascii mode with remote host.\r\n");
+	    tel_leave_binary(3);
+	}
+    }
+    return 1;
+}
+
+static int
+togrbinary(int val)
+{
+    donebinarytoggle = 1;
+
+    if (val == -1)
+	val = my_want_state_is_do(TELOPT_BINARY) ? 0 : 1;
+
+    if (val == 1) {
+	if (my_want_state_is_do(TELOPT_BINARY)) {
+	    printf("Already receiving in binary mode.\r\n");
+	} else {
+	    printf("Negotiating binary mode on input.\r\n");
+	    tel_enter_binary(1);
+	}
+    } else {
+	if (my_want_state_is_dont(TELOPT_BINARY)) {
+	    printf("Already receiving in network ascii mode.\r\n");
+	} else {
+	    printf("Negotiating network ascii mode on input.\r\n");
+	    tel_leave_binary(1);
+	}
+    }
+    return 1;
+}
+
+static int
+togxbinary(int val)
+{
+    donebinarytoggle = 1;
+
+    if (val == -1)
+	val = my_want_state_is_will(TELOPT_BINARY) ? 0 : 1;
+
+    if (val == 1) {
+	if (my_want_state_is_will(TELOPT_BINARY)) {
+	    printf("Already transmitting in binary mode.\r\n");
+	} else {
+	    printf("Negotiating binary mode on output.\r\n");
+	    tel_enter_binary(2);
+	}
+    } else {
+	if (my_want_state_is_wont(TELOPT_BINARY)) {
+	    printf("Already transmitting in network ascii mode.\r\n");
+	} else {
+	    printf("Negotiating network ascii mode on output.\r\n");
+	    tel_leave_binary(2);
+	}
+    }
+    return 1;
+}
+
+
+static int togglehelp (void);
+#if	defined(AUTHENTICATION)
+extern int auth_togdebug (int);
+#endif
+#if	defined(ENCRYPTION)
+extern int EncryptAutoEnc (int);
+extern int EncryptAutoDec (int);
+extern int EncryptDebug (int);
+extern int EncryptVerbose (int);
+#endif
+
+struct togglelist {
+    char	*name;		/* name of toggle */
+    char	*help;		/* help message */
+    int		(*handler)();	/* routine to do actual setting */
+    int		*variable;
+    char	*actionexplanation;
+};
+
+static struct togglelist Togglelist[] = {
+    { "autoflush",
+	"flushing of output when sending interrupt characters",
+	    0,
+		&autoflush,
+		    "flush output when sending interrupt characters" },
+    { "autosynch",
+	"automatic sending of interrupt characters in urgent mode",
+	    0,
+		&autosynch,
+		    "send interrupt characters in urgent mode" },
+#if	defined(AUTHENTICATION)
+    { "autologin",
+	"automatic sending of login and/or authentication info",
+	    0,
+		&autologin,
+		    "send login name and/or authentication information" },
+    { "authdebug",
+	"Toggle authentication debugging",
+	    auth_togdebug,
+		0,
+		     "print authentication debugging information" },
+#endif
+#if	defined(ENCRYPTION)
+    { "autoencrypt",
+	"automatic encryption of data stream",
+	    EncryptAutoEnc,
+		0,
+		    "automatically encrypt output" },
+    { "autodecrypt",
+	"automatic decryption of data stream",
+	    EncryptAutoDec,
+		0,
+		    "automatically decrypt input" },
+    { "verbose_encrypt",
+	"Toggle verbose encryption output",
+	    EncryptVerbose,
+		0,
+		    "print verbose encryption output" },
+    { "encdebug",
+	"Toggle encryption debugging",
+	    EncryptDebug,
+		0,
+		    "print encryption debugging information" },
+#endif
+    { "skiprc",
+	"don't read ~/.telnetrc file",
+	    0,
+		&skiprc,
+		    "skip reading of ~/.telnetrc file" },
+    { "binary",
+	"sending and receiving of binary data",
+	    togbinary,
+		0,
+		    0 },
+    { "inbinary",
+	"receiving of binary data",
+	    togrbinary,
+		0,
+		    0 },
+    { "outbinary",
+	"sending of binary data",
+	    togxbinary,
+		0,
+		    0 },
+    { "crlf",
+	"sending carriage returns as telnet <CR><LF>",
+	    togcrlf,
+		&crlf,
+		    0 },
+    { "crmod",
+	"mapping of received carriage returns",
+	    0,
+		&crmod,
+		    "map carriage return on output" },
+    { "localchars",
+	"local recognition of certain control characters",
+	    lclchars,
+		&localchars,
+		    "recognize certain control characters" },
+    { " ", "", 0 },		/* empty line */
+    { "debug",
+	"debugging",
+	    togdebug,
+		&debug,
+		    "turn on socket level debugging" },
+#if defined(KRB4) && defined(HAVE_KRB_DISABLE_DEBUG)
+    { "krb_debug",
+      "kerberos 4 debugging",
+      togkrbdebug,
+      &krb_debug,
+      "turn on kerberos 4 debugging" },
+#endif
+    { "netdata",
+	"printing of hexadecimal network data (debugging)",
+	    0,
+		&netdata,
+		    "print hexadecimal representation of network traffic" },
+    { "prettydump",
+	"output of \"netdata\" to user readable format (debugging)",
+	    0,
+		&prettydump,
+		    "print user readable output for \"netdata\"" },
+    { "options",
+	"viewing of options processing (debugging)",
+	    0,
+		&showoptions,
+		    "show option processing" },
+    { "termdata",
+	"(debugging) toggle printing of hexadecimal terminal data",
+	    0,
+		&termdata,
+		    "print hexadecimal representation of terminal traffic" },
+    { "?",
+	0,
+	    togglehelp },
+    { "help",
+	0,
+	    togglehelp },
+    { 0 }
+};
+
+static int
+togglehelp()
+{
+    struct togglelist *c;
+
+    for (c = Togglelist; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s toggle %s\r\n", c->name, c->help);
+	    else
+		printf("\r\n");
+	}
+    }
+    printf("\r\n");
+    printf("%-15s %s\r\n", "?", "display help information");
+    return 0;
+}
+
+static void
+settogglehelp(int set)
+{
+    struct togglelist *c;
+
+    for (c = Togglelist; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s %s %s\r\n", c->name, set ? "enable" : "disable",
+						c->help);
+	    else
+		printf("\r\n");
+	}
+    }
+}
+
+#define	GETTOGGLE(name) (struct togglelist *) \
+		genget(name, (char **) Togglelist, sizeof(struct togglelist))
+
+static int
+toggle(int argc, char *argv[])
+{
+    int retval = 1;
+    char *name;
+    struct togglelist *c;
+
+    if (argc < 2) {
+	fprintf(stderr,
+	    "Need an argument to 'toggle' command.  'toggle ?' for help.\r\n");
+	return 0;
+    }
+    argc--;
+    argv++;
+    while (argc--) {
+	name = *argv++;
+	c = GETTOGGLE(name);
+	if (Ambiguous(c)) {
+	    fprintf(stderr, "'%s': ambiguous argument ('toggle ?' for help).\r\n",
+					name);
+	    return 0;
+	} else if (c == 0) {
+	    fprintf(stderr, "'%s': unknown argument ('toggle ?' for help).\r\n",
+					name);
+	    return 0;
+	} else {
+	    if (c->variable) {
+		*c->variable = !*c->variable;		/* invert it */
+		if (c->actionexplanation) {
+		    printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
+							c->actionexplanation);
+		}
+	    }
+	    if (c->handler) {
+		retval &= (*c->handler)(-1);
+	    }
+	}
+    }
+    return retval;
+}
+
+/*
+ * The following perform the "set" command.
+ */
+
+struct termios new_tc = { 0 };
+
+struct setlist {
+    char *name;				/* name */
+    char *help;				/* help information */
+    void (*handler)();
+    cc_t *charp;			/* where it is located at */
+};
+
+static struct setlist Setlist[] = {
+#ifdef	KLUDGELINEMODE
+    { "echo", 	"character to toggle local echoing on/off", 0, &echoc },
+#endif
+    { "escape",	"character to escape back to telnet command mode", 0, &escape },
+    { "rlogin", "rlogin escape character", 0, &rlogin },
+    { "tracefile", "file to write trace information to", SetNetTrace, (cc_t *)NetTraceFile},
+    { " ", "" },
+    { " ", "The following need 'localchars' to be toggled true", 0, 0 },
+    { "flushoutput", "character to cause an Abort Output", 0, &termFlushChar },
+    { "interrupt", "character to cause an Interrupt Process", 0, &termIntChar },
+    { "quit",	"character to cause an Abort process", 0, &termQuitChar },
+    { "eof",	"character to cause an EOF ", 0, &termEofChar },
+    { " ", "" },
+    { " ", "The following are for local editing in linemode", 0, 0 },
+    { "erase",	"character to use to erase a character", 0, &termEraseChar },
+    { "kill",	"character to use to erase a line", 0, &termKillChar },
+    { "lnext",	"character to use for literal next", 0, &termLiteralNextChar },
+    { "susp",	"character to cause a Suspend Process", 0, &termSuspChar },
+    { "reprint", "character to use for line reprint", 0, &termRprntChar },
+    { "worderase", "character to use to erase a word", 0, &termWerasChar },
+    { "start",	"character to use for XON", 0, &termStartChar },
+    { "stop",	"character to use for XOFF", 0, &termStopChar },
+    { "forw1",	"alternate end of line character", 0, &termForw1Char },
+    { "forw2",	"alternate end of line character", 0, &termForw2Char },
+    { "ayt",	"alternate AYT character", 0, &termAytChar },
+    { 0 }
+};
+
+static struct setlist *
+getset(char *name)
+{
+    return (struct setlist *)
+		genget(name, (char **) Setlist, sizeof(struct setlist));
+}
+
+void
+set_escape_char(char *s)
+{
+	if (rlogin != _POSIX_VDISABLE) {
+		rlogin = (s && *s) ? special(s) : _POSIX_VDISABLE;
+		printf("Telnet rlogin escape character is '%s'.\r\n",
+					control(rlogin));
+	} else {
+		escape = (s && *s) ? special(s) : _POSIX_VDISABLE;
+		printf("Telnet escape character is '%s'.\r\n", control(escape));
+	}
+}
+
+static int
+setcmd(int argc, char *argv[])
+{
+    int value;
+    struct setlist *ct;
+    struct togglelist *c;
+
+    if (argc < 2 || argc > 3) {
+	printf("Format is 'set Name Value'\r\n'set ?' for help.\r\n");
+	return 0;
+    }
+    if ((argc == 2) && (isprefix(argv[1], "?") || isprefix(argv[1], "help"))) {
+	for (ct = Setlist; ct->name; ct++)
+	    printf("%-15s %s\r\n", ct->name, ct->help);
+	printf("\r\n");
+	settogglehelp(1);
+	printf("%-15s %s\r\n", "?", "display help information");
+	return 0;
+    }
+
+    ct = getset(argv[1]);
+    if (ct == 0) {
+	c = GETTOGGLE(argv[1]);
+	if (c == 0) {
+	    fprintf(stderr, "'%s': unknown argument ('set ?' for help).\r\n",
+			argv[1]);
+	    return 0;
+	} else if (Ambiguous(c)) {
+	    fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\r\n",
+			argv[1]);
+	    return 0;
+	}
+	if (c->variable) {
+	    if ((argc == 2) || (strcmp("on", argv[2]) == 0))
+		*c->variable = 1;
+	    else if (strcmp("off", argv[2]) == 0)
+		*c->variable = 0;
+	    else {
+		printf("Format is 'set togglename [on|off]'\r\n'set ?' for help.\r\n");
+		return 0;
+	    }
+	    if (c->actionexplanation) {
+		printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
+							c->actionexplanation);
+	    }
+	}
+	if (c->handler)
+	    (*c->handler)(1);
+    } else if (argc != 3) {
+	printf("Format is 'set Name Value'\r\n'set ?' for help.\r\n");
+	return 0;
+    } else if (Ambiguous(ct)) {
+	fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\r\n",
+			argv[1]);
+	return 0;
+    } else if (ct->handler) {
+	(*ct->handler)(argv[2]);
+	printf("%s set to \"%s\".\r\n", ct->name, (char *)ct->charp);
+    } else {
+	if (strcmp("off", argv[2])) {
+	    value = special(argv[2]);
+	} else {
+	    value = _POSIX_VDISABLE;
+	}
+	*(ct->charp) = (cc_t)value;
+	printf("%s character is '%s'.\r\n", ct->name, control(*(ct->charp)));
+    }
+    slc_check();
+    return 1;
+}
+
+static int
+unsetcmd(int argc, char *argv[])
+{
+    struct setlist *ct;
+    struct togglelist *c;
+    char *name;
+
+    if (argc < 2) {
+	fprintf(stderr,
+	    "Need an argument to 'unset' command.  'unset ?' for help.\r\n");
+	return 0;
+    }
+    if (isprefix(argv[1], "?") || isprefix(argv[1], "help")) {
+	for (ct = Setlist; ct->name; ct++)
+	    printf("%-15s %s\r\n", ct->name, ct->help);
+	printf("\r\n");
+	settogglehelp(0);
+	printf("%-15s %s\r\n", "?", "display help information");
+	return 0;
+    }
+
+    argc--;
+    argv++;
+    while (argc--) {
+	name = *argv++;
+	ct = getset(name);
+	if (ct == 0) {
+	    c = GETTOGGLE(name);
+	    if (c == 0) {
+		fprintf(stderr, "'%s': unknown argument ('unset ?' for help).\r\n",
+			name);
+		return 0;
+	    } else if (Ambiguous(c)) {
+		fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\r\n",
+			name);
+		return 0;
+	    }
+	    if (c->variable) {
+		*c->variable = 0;
+		if (c->actionexplanation) {
+		    printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
+							c->actionexplanation);
+		}
+	    }
+	    if (c->handler)
+		(*c->handler)(0);
+	} else if (Ambiguous(ct)) {
+	    fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\r\n",
+			name);
+	    return 0;
+	} else if (ct->handler) {
+	    (*ct->handler)(0);
+	    printf("%s reset to \"%s\".\r\n", ct->name, (char *)ct->charp);
+	} else {
+	    *(ct->charp) = _POSIX_VDISABLE;
+	    printf("%s character is '%s'.\r\n", ct->name, control(*(ct->charp)));
+	}
+    }
+    return 1;
+}
+
+/*
+ * The following are the data structures and routines for the
+ * 'mode' command.
+ */
+#ifdef	KLUDGELINEMODE
+extern int kludgelinemode;
+
+static int
+dokludgemode(void)
+{
+    kludgelinemode = 1;
+    send_wont(TELOPT_LINEMODE, 1);
+    send_dont(TELOPT_SGA, 1);
+    send_dont(TELOPT_ECHO, 1);
+    return 1;
+}
+#endif
+
+static int
+dolinemode()
+{
+#ifdef	KLUDGELINEMODE
+    if (kludgelinemode)
+	send_dont(TELOPT_SGA, 1);
+#endif
+    send_will(TELOPT_LINEMODE, 1);
+    send_dont(TELOPT_ECHO, 1);
+    return 1;
+}
+
+static int
+docharmode()
+{
+#ifdef	KLUDGELINEMODE
+    if (kludgelinemode)
+	send_do(TELOPT_SGA, 1);
+    else
+#endif
+    send_wont(TELOPT_LINEMODE, 1);
+    send_do(TELOPT_ECHO, 1);
+    return 1;
+}
+
+static int
+dolmmode(int bit, int on)
+{
+    unsigned char c;
+    extern int linemode;
+
+    if (my_want_state_is_wont(TELOPT_LINEMODE)) {
+	printf("?Need to have LINEMODE option enabled first.\r\n");
+	printf("'mode ?' for help.\r\n");
+ 	return 0;
+    }
+
+    if (on)
+	c = (linemode | bit);
+    else
+	c = (linemode & ~bit);
+    lm_mode(&c, 1, 1);
+    return 1;
+}
+
+static int
+tn_setmode(int bit)
+{
+    return dolmmode(bit, 1);
+}
+
+static int
+tn_clearmode(int bit)
+{
+    return dolmmode(bit, 0);
+}
+
+struct modelist {
+	char	*name;		/* command name */
+	char	*help;		/* help string */
+	int	(*handler)();	/* routine which executes command */
+	int	needconnect;	/* Do we need to be connected to execute? */
+	int	arg1;
+};
+
+static int modehelp(void);
+
+static struct modelist ModeList[] = {
+    { "character", "Disable LINEMODE option",	docharmode, 1 },
+#ifdef	KLUDGELINEMODE
+    { "",	"(or disable obsolete line-by-line mode)", 0 },
+#endif
+    { "line",	"Enable LINEMODE option",	dolinemode, 1 },
+#ifdef	KLUDGELINEMODE
+    { "",	"(or enable obsolete line-by-line mode)", 0 },
+#endif
+    { "", "", 0 },
+    { "",	"These require the LINEMODE option to be enabled", 0 },
+    { "isig",	"Enable signal trapping",	tn_setmode, 1, MODE_TRAPSIG },
+    { "+isig",	0,				tn_setmode, 1, MODE_TRAPSIG },
+    { "-isig",	"Disable signal trapping",	tn_clearmode, 1, MODE_TRAPSIG },
+    { "edit",	"Enable character editing",	tn_setmode, 1, MODE_EDIT },
+    { "+edit",	0,				tn_setmode, 1, MODE_EDIT },
+    { "-edit",	"Disable character editing",	tn_clearmode, 1, MODE_EDIT },
+    { "softtabs", "Enable tab expansion",	tn_setmode, 1, MODE_SOFT_TAB },
+    { "+softtabs", 0,				tn_setmode, 1, MODE_SOFT_TAB },
+    { "-softtabs", "Disable character editing",	tn_clearmode, 1, MODE_SOFT_TAB },
+    { "litecho", "Enable literal character echo", tn_setmode, 1, MODE_LIT_ECHO },
+    { "+litecho", 0,				tn_setmode, 1, MODE_LIT_ECHO },
+    { "-litecho", "Disable literal character echo", tn_clearmode, 1, MODE_LIT_ECHO },
+    { "help",	0,				modehelp, 0 },
+#ifdef	KLUDGELINEMODE
+    { "kludgeline", 0,				dokludgemode, 1 },
+#endif
+    { "", "", 0 },
+    { "?",	"Print help information",	modehelp, 0 },
+    { 0 },
+};
+
+
+static int
+modehelp(void)
+{
+    struct modelist *mt;
+
+    printf("format is:  'mode Mode', where 'Mode' is one of:\r\n\r\n");
+    for (mt = ModeList; mt->name; mt++) {
+	if (mt->help) {
+	    if (*mt->help)
+		printf("%-15s %s\r\n", mt->name, mt->help);
+	    else
+		printf("\r\n");
+	}
+    }
+    return 0;
+}
+
+#define	GETMODECMD(name) (struct modelist *) \
+		genget(name, (char **) ModeList, sizeof(struct modelist))
+
+static int
+modecmd(int argc, char **argv)
+{
+    struct modelist *mt;
+
+    if (argc != 2) {
+	printf("'mode' command requires an argument\r\n");
+	printf("'mode ?' for help.\r\n");
+    } else if ((mt = GETMODECMD(argv[1])) == 0) {
+	fprintf(stderr, "Unknown mode '%s' ('mode ?' for help).\r\n", argv[1]);
+    } else if (Ambiguous(mt)) {
+	fprintf(stderr, "Ambiguous mode '%s' ('mode ?' for help).\r\n", argv[1]);
+    } else if (mt->needconnect && !connected) {
+	printf("?Need to be connected first.\r\n");
+	printf("'mode ?' for help.\r\n");
+    } else if (mt->handler) {
+	return (*mt->handler)(mt->arg1);
+    }
+    return 0;
+}
+
+/*
+ * The following data structures and routines implement the
+ * "display" command.
+ */
+
+static int
+display(int argc, char *argv[])
+{
+    struct togglelist *tl;
+    struct setlist *sl;
+
+#define	dotog(tl)	if (tl->variable && tl->actionexplanation) { \
+			    if (*tl->variable) { \
+				printf("will"); \
+			    } else { \
+				printf("won't"); \
+			    } \
+			    printf(" %s.\r\n", tl->actionexplanation); \
+			}
+
+#define	doset(sl)   if (sl->name && *sl->name != ' ') { \
+			if (sl->handler == 0) \
+			    printf("%-15s [%s]\r\n", sl->name, control(*sl->charp)); \
+			else \
+			    printf("%-15s \"%s\"\r\n", sl->name, (char *)sl->charp); \
+		    }
+
+    if (argc == 1) {
+	for (tl = Togglelist; tl->name; tl++) {
+	    dotog(tl);
+	}
+	printf("\r\n");
+	for (sl = Setlist; sl->name; sl++) {
+	    doset(sl);
+	}
+    } else {
+	int i;
+
+	for (i = 1; i < argc; i++) {
+	    sl = getset(argv[i]);
+	    tl = GETTOGGLE(argv[i]);
+	    if (Ambiguous(sl) || Ambiguous(tl)) {
+		printf("?Ambiguous argument '%s'.\r\n", argv[i]);
+		return 0;
+	    } else if (!sl && !tl) {
+		printf("?Unknown argument '%s'.\r\n", argv[i]);
+		return 0;
+	    } else {
+		if (tl) {
+		    dotog(tl);
+		}
+		if (sl) {
+		    doset(sl);
+		}
+	    }
+	}
+    }
+/*@*/optionstatus();
+#if	defined(ENCRYPTION)
+    EncryptStatus();
+#endif
+    return 1;
+#undef	doset
+#undef	dotog
+}
+
+/*
+ * The following are the data structures, and many of the routines,
+ * relating to command processing.
+ */
+
+/*
+ * Set the escape character.
+ */
+static int
+setescape(int argc, char *argv[])
+{
+	char *arg;
+	char buf[50];
+
+	printf(
+	    "Deprecated usage - please use 'set escape%s%s' in the future.\r\n",
+				(argc > 2)? " ":"", (argc > 2)? argv[1]: "");
+	if (argc > 2)
+		arg = argv[1];
+	else {
+		printf("new escape character: ");
+		fgets(buf, sizeof(buf), stdin);
+		arg = buf;
+	}
+	if (arg[0] != '\0')
+		escape = arg[0];
+	printf("Escape character is '%s'.\r\n", control(escape));
+
+	fflush(stdout);
+	return 1;
+}
+
+static int
+togcrmod()
+{
+    crmod = !crmod;
+    printf("Deprecated usage - please use 'toggle crmod' in the future.\r\n");
+    printf("%s map carriage return on output.\r\n", crmod ? "Will" : "Won't");
+    fflush(stdout);
+    return 1;
+}
+
+static int
+telnetsuspend()
+{
+#ifdef	SIGTSTP
+    setcommandmode();
+    {
+	long oldrows, oldcols, newrows, newcols, err;
+
+	err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0;
+	kill(0, SIGTSTP);
+	/*
+	 * If we didn't get the window size before the SUSPEND, but we
+	 * can get them now (?), then send the NAWS to make sure that
+	 * we are set up for the right window size.
+	 */
+	if (TerminalWindowSize(&newrows, &newcols) && connected &&
+	    (err || ((oldrows != newrows) || (oldcols != newcols)))) {
+		sendnaws();
+	}
+    }
+    /* reget parameters in case they were changed */
+    TerminalSaveState();
+    setconnmode(0);
+#else
+    printf("Suspend is not supported.  Try the '!' command instead\r\n");
+#endif
+    return 1;
+}
+
+static int
+shell(int argc, char **argv)
+{
+    long oldrows, oldcols, newrows, newcols, err;
+
+    setcommandmode();
+
+    err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0;
+    switch(fork()) {
+    case -1:
+	perror("Fork failed\r\n");
+	break;
+
+    case 0:
+	{
+	    /*
+	     * Fire up the shell in the child.
+	     */
+	    char *shellp, *shellname;
+
+	    shellp = getenv("SHELL");
+	    if (shellp == NULL)
+		shellp = "/bin/sh";
+	    if ((shellname = strrchr(shellp, '/')) == 0)
+		shellname = shellp;
+	    else
+		shellname++;
+	    if (argc > 1)
+		execl(shellp, shellname, "-c", &saveline[1], 0);
+	    else
+		execl(shellp, shellname, 0);
+	    perror("Execl");
+	    _exit(1);
+	}
+    default:
+	    wait((int *)0);	/* Wait for the shell to complete */
+
+	    if (TerminalWindowSize(&newrows, &newcols) && connected &&
+		(err || ((oldrows != newrows) || (oldcols != newcols)))) {
+		    sendnaws();
+	    }
+	    break;
+    }
+    return 1;
+}
+
+static int
+bye(int argc, char **argv)
+{
+    extern int resettermname;
+
+    if (connected) {
+	shutdown(net, 2);
+	printf("Connection closed.\r\n");
+	NetClose(net);
+	connected = 0;
+	resettermname = 1;
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+	auth_encrypt_connect(connected);
+#endif
+	/* reset options */
+	tninit();
+    }
+    if ((argc != 2) || (strcmp(argv[1], "fromquit") != 0)) 
+	longjmp(toplevel, 1);
+    return 0;	/* NOTREACHED */
+}
+
+int
+quit(void)
+{
+	call(bye, "bye", "fromquit", 0);
+	Exit(0);
+	return 0; /*NOTREACHED*/
+}
+
+static int
+logout()
+{
+	send_do(TELOPT_LOGOUT, 1);
+	netflush();
+	return 1;
+}
+
+
+/*
+ * The SLC command.
+ */
+
+struct slclist {
+	char	*name;
+	char	*help;
+	void	(*handler)();
+	int	arg;
+};
+
+static void slc_help(void);
+
+struct slclist SlcList[] = {
+    { "export",	"Use local special character definitions",
+						slc_mode_export,	0 },
+    { "import",	"Use remote special character definitions",
+						slc_mode_import,	1 },
+    { "check",	"Verify remote special character definitions",
+						slc_mode_import,	0 },
+    { "help",	0,				slc_help,		0 },
+    { "?",	"Print help information",	slc_help,		0 },
+    { 0 },
+};
+
+static void
+slc_help(void)
+{
+    struct slclist *c;
+
+    for (c = SlcList; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s %s\r\n", c->name, c->help);
+	    else
+		printf("\r\n");
+	}
+    }
+}
+
+static struct slclist *
+getslc(char *name)
+{
+    return (struct slclist *)
+		genget(name, (char **) SlcList, sizeof(struct slclist));
+}
+
+static int
+slccmd(int argc, char **argv)
+{
+    struct slclist *c;
+
+    if (argc != 2) {
+	fprintf(stderr,
+	    "Need an argument to 'slc' command.  'slc ?' for help.\r\n");
+	return 0;
+    }
+    c = getslc(argv[1]);
+    if (c == 0) {
+	fprintf(stderr, "'%s': unknown argument ('slc ?' for help).\r\n",
+    				argv[1]);
+	return 0;
+    }
+    if (Ambiguous(c)) {
+	fprintf(stderr, "'%s': ambiguous argument ('slc ?' for help).\r\n",
+    				argv[1]);
+	return 0;
+    }
+    (*c->handler)(c->arg);
+    slcstate();
+    return 1;
+}
+
+/*
+ * The ENVIRON command.
+ */
+
+struct envlist {
+	char	*name;
+	char	*help;
+	void	(*handler)();
+	int	narg;
+};
+
+static void env_help (void);
+
+struct envlist EnvList[] = {
+    { "define",	"Define an environment variable",
+						(void (*)())env_define,	2 },
+    { "undefine", "Undefine an environment variable",
+						env_undefine,	1 },
+    { "export",	"Mark an environment variable for automatic export",
+						env_export,	1 },
+    { "unexport", "Don't mark an environment variable for automatic export",
+						env_unexport,	1 },
+    { "send",	"Send an environment variable", env_send,	1 },
+    { "list",	"List the current environment variables",
+						env_list,	0 },
+    { "help",	0,				env_help,		0 },
+    { "?",	"Print help information",	env_help,		0 },
+    { 0 },
+};
+
+static void
+env_help()
+{
+    struct envlist *c;
+
+    for (c = EnvList; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s %s\r\n", c->name, c->help);
+	    else
+		printf("\r\n");
+	}
+    }
+}
+
+static struct envlist *
+getenvcmd(char *name)
+{
+    return (struct envlist *)
+		genget(name, (char **) EnvList, sizeof(struct envlist));
+}
+
+static int
+env_cmd(int argc, char **argv)
+{
+    struct envlist *c;
+
+    if (argc < 2) {
+	fprintf(stderr,
+	    "Need an argument to 'environ' command.  'environ ?' for help.\r\n");
+	return 0;
+    }
+    c = getenvcmd(argv[1]);
+    if (c == 0) {
+	fprintf(stderr, "'%s': unknown argument ('environ ?' for help).\r\n",
+    				argv[1]);
+	return 0;
+    }
+    if (Ambiguous(c)) {
+	fprintf(stderr, "'%s': ambiguous argument ('environ ?' for help).\r\n",
+    				argv[1]);
+	return 0;
+    }
+    if (c->narg + 2 != argc) {
+	fprintf(stderr,
+	    "Need %s%d argument%s to 'environ %s' command.  'environ ?' for help.\r\n",
+		c->narg < argc + 2 ? "only " : "",
+		c->narg, c->narg == 1 ? "" : "s", c->name);
+	return 0;
+    }
+    (*c->handler)(argv[2], argv[3]);
+    return 1;
+}
+
+struct env_lst {
+	struct env_lst *next;	/* pointer to next structure */
+	struct env_lst *prev;	/* pointer to previous structure */
+	unsigned char *var;	/* pointer to variable name */
+	unsigned char *value;	/* pointer to variable value */
+	int export;		/* 1 -> export with default list of variables */
+	int welldefined;	/* A well defined variable */
+};
+
+struct env_lst envlisthead;
+
+struct env_lst *
+env_find(unsigned char *var)
+{
+	struct env_lst *ep;
+
+	for (ep = envlisthead.next; ep; ep = ep->next) {
+		if (strcmp((char *)ep->var, (char *)var) == 0)
+			return(ep);
+	}
+	return(NULL);
+}
+
+#if IRIX == 4
+#define environ _environ
+#endif
+
+void
+env_init(void)
+{
+	extern char **environ;
+	char **epp, *cp;
+	struct env_lst *ep;
+
+	for (epp = environ; *epp; epp++) {
+		if ((cp = strchr(*epp, '='))) {
+			*cp = '\0';
+			ep = env_define((unsigned char *)*epp,
+					(unsigned char *)cp+1);
+			ep->export = 0;
+			*cp = '=';
+		}
+	}
+	/*
+	 * Special case for DISPLAY variable.  If it is ":0.0" or
+	 * "unix:0.0", we have to get rid of "unix" and insert our
+	 * hostname.
+	 */
+	if ((ep = env_find("DISPLAY"))
+	    && (*ep->value == ':'
+	    || strncmp((char *)ep->value, "unix:", 5) == 0)) {
+		char hbuf[256+1];
+		char *cp2 = strchr((char *)ep->value, ':');
+
+		/* XXX - should be k_gethostname? */
+		gethostname(hbuf, 256);
+		hbuf[256] = '\0';
+
+		/* If this is not the full name, try to get it via DNS */
+		if (strchr(hbuf, '.') == 0) {
+			struct hostent *he = roken_gethostbyname(hbuf);
+			if (he != NULL)
+				strcpy_truncate(hbuf, he->h_name, 256);
+		}
+
+		asprintf (&cp, "%s%s", hbuf, cp2);
+		free (ep->value);
+		ep->value = (unsigned char *)cp;
+	}
+	/*
+	 * If USER is not defined, but LOGNAME is, then add
+	 * USER with the value from LOGNAME.  By default, we
+	 * don't export the USER variable.
+	 */
+	if ((env_find("USER") == NULL) && (ep = env_find("LOGNAME"))) {
+		env_define((unsigned char *)"USER", ep->value);
+		env_unexport((unsigned char *)"USER");
+	}
+	env_export((unsigned char *)"DISPLAY");
+	env_export((unsigned char *)"PRINTER");
+	env_export((unsigned char *)"XAUTHORITY");
+}
+
+struct env_lst *
+env_define(unsigned char *var, unsigned char *value)
+{
+	struct env_lst *ep;
+
+	if ((ep = env_find(var))) {
+		if (ep->var)
+			free(ep->var);
+		if (ep->value)
+			free(ep->value);
+	} else {
+		ep = (struct env_lst *)malloc(sizeof(struct env_lst));
+		ep->next = envlisthead.next;
+		envlisthead.next = ep;
+		ep->prev = &envlisthead;
+		if (ep->next)
+			ep->next->prev = ep;
+	}
+	ep->welldefined = opt_welldefined((char *)var);
+	ep->export = 1;
+	ep->var = (unsigned char *)strdup((char *)var);
+	ep->value = (unsigned char *)strdup((char *)value);
+	return(ep);
+}
+
+void
+env_undefine(unsigned char *var)
+{
+	struct env_lst *ep;
+
+	if ((ep = env_find(var))) {
+		ep->prev->next = ep->next;
+		if (ep->next)
+			ep->next->prev = ep->prev;
+		if (ep->var)
+			free(ep->var);
+		if (ep->value)
+			free(ep->value);
+		free(ep);
+	}
+}
+
+void
+env_export(unsigned char *var)
+{
+	struct env_lst *ep;
+
+	if ((ep = env_find(var)))
+		ep->export = 1;
+}
+
+void
+env_unexport(unsigned char *var)
+{
+	struct env_lst *ep;
+
+	if ((ep = env_find(var)))
+		ep->export = 0;
+}
+
+void
+env_send(unsigned char *var)
+{
+	struct env_lst *ep;
+
+	if (my_state_is_wont(TELOPT_NEW_ENVIRON)
+#ifdef	OLD_ENVIRON
+	    && my_state_is_wont(TELOPT_OLD_ENVIRON)
+#endif
+		) {
+		fprintf(stderr,
+		    "Cannot send '%s': Telnet ENVIRON option not enabled\r\n",
+									var);
+		return;
+	}
+	ep = env_find(var);
+	if (ep == 0) {
+		fprintf(stderr, "Cannot send '%s': variable not defined\r\n",
+									var);
+		return;
+	}
+	env_opt_start_info();
+	env_opt_add(ep->var);
+	env_opt_end(0);
+}
+
+void
+env_list(void)
+{
+	struct env_lst *ep;
+
+	for (ep = envlisthead.next; ep; ep = ep->next) {
+		printf("%c %-20s %s\r\n", ep->export ? '*' : ' ',
+					ep->var, ep->value);
+	}
+}
+
+unsigned char *
+env_default(int init, int welldefined)
+{
+	static struct env_lst *nep = NULL;
+
+	if (init) {
+		nep = &envlisthead;
+		return NULL;
+	}
+	if (nep) {
+		while ((nep = nep->next)) {
+			if (nep->export && (nep->welldefined == welldefined))
+				return(nep->var);
+		}
+	}
+	return(NULL);
+}
+
+unsigned char *
+env_getvalue(unsigned char *var)
+{
+	struct env_lst *ep;
+
+	if ((ep = env_find(var)))
+		return(ep->value);
+	return(NULL);
+}
+
+
+#if	defined(AUTHENTICATION)
+/*
+ * The AUTHENTICATE command.
+ */
+
+struct authlist {
+	char	*name;
+	char	*help;
+	int	(*handler)();
+	int	narg;
+};
+
+static int
+	auth_help (void);
+
+struct authlist AuthList[] = {
+    { "status",	"Display current status of authentication information",
+						auth_status,	0 },
+    { "disable", "Disable an authentication type ('auth disable ?' for more)",
+						auth_disable,	1 },
+    { "enable", "Enable an authentication type ('auth enable ?' for more)",
+						auth_enable,	1 },
+    { "help",	0,				auth_help,		0 },
+    { "?",	"Print help information",	auth_help,		0 },
+    { 0 },
+};
+
+static int
+auth_help()
+{
+    struct authlist *c;
+
+    for (c = AuthList; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s %s\r\n", c->name, c->help);
+	    else
+		printf("\r\n");
+	}
+    }
+    return 0;
+}
+
+static int
+auth_cmd(int argc, char **argv)
+{
+    struct authlist *c;
+
+    if (argc < 2) {
+	fprintf(stderr,
+	    "Need an argument to 'auth' command.  'auth ?' for help.\r\n");
+	return 0;
+    }
+
+    c = (struct authlist *)
+		genget(argv[1], (char **) AuthList, sizeof(struct authlist));
+    if (c == 0) {
+	fprintf(stderr, "'%s': unknown argument ('auth ?' for help).\r\n",
+    				argv[1]);
+	return 0;
+    }
+    if (Ambiguous(c)) {
+	fprintf(stderr, "'%s': ambiguous argument ('auth ?' for help).\r\n",
+    				argv[1]);
+	return 0;
+    }
+    if (c->narg + 2 != argc) {
+	fprintf(stderr,
+	    "Need %s%d argument%s to 'auth %s' command.  'auth ?' for help.\r\n",
+		c->narg < argc + 2 ? "only " : "",
+		c->narg, c->narg == 1 ? "" : "s", c->name);
+	return 0;
+    }
+    return((*c->handler)(argv[2], argv[3]));
+}
+#endif
+
+
+#if	defined(ENCRYPTION)
+/*
+ * The ENCRYPT command.
+ */
+
+struct encryptlist {
+	char	*name;
+	char	*help;
+	int	(*handler)();
+	int	needconnect;
+	int	minarg;
+	int	maxarg;
+};
+
+static int
+	EncryptHelp (void);
+
+struct encryptlist EncryptList[] = {
+    { "enable", "Enable encryption. ('encrypt enable ?' for more)",
+						EncryptEnable, 1, 1, 2 },
+    { "disable", "Disable encryption. ('encrypt enable ?' for more)",
+						EncryptDisable, 0, 1, 2 },
+    { "type", "Set encryptiong type. ('encrypt type ?' for more)",
+						EncryptType, 0, 1, 1 },
+    { "start", "Start encryption. ('encrypt start ?' for more)",
+						EncryptStart, 1, 0, 1 },
+    { "stop", "Stop encryption. ('encrypt stop ?' for more)",
+						EncryptStop, 1, 0, 1 },
+    { "input", "Start encrypting the input stream",
+						EncryptStartInput, 1, 0, 0 },
+    { "-input", "Stop encrypting the input stream",
+						EncryptStopInput, 1, 0, 0 },
+    { "output", "Start encrypting the output stream",
+						EncryptStartOutput, 1, 0, 0 },
+    { "-output", "Stop encrypting the output stream",
+						EncryptStopOutput, 1, 0, 0 },
+
+    { "status",	"Display current status of authentication information",
+						EncryptStatus,	0, 0, 0 },
+    { "help",	0,				EncryptHelp,	0, 0, 0 },
+    { "?",	"Print help information",	EncryptHelp,	0, 0, 0 },
+    { 0 },
+};
+
+static int
+EncryptHelp()
+{
+    struct encryptlist *c;
+
+    for (c = EncryptList; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s %s\r\n", c->name, c->help);
+	    else
+		printf("\r\n");
+	}
+    }
+    return 0;
+}
+
+static int
+encrypt_cmd(int argc, char **argv)
+{
+    struct encryptlist *c;
+
+    c = (struct encryptlist *)
+		genget(argv[1], (char **) EncryptList, sizeof(struct encryptlist));
+    if (c == 0) {
+        fprintf(stderr, "'%s': unknown argument ('encrypt ?' for help).\r\n",
+    				argv[1]);
+        return 0;
+    }
+    if (Ambiguous(c)) {
+        fprintf(stderr, "'%s': ambiguous argument ('encrypt ?' for help).\r\n",
+    				argv[1]);
+        return 0;
+    }
+    argc -= 2;
+    if (argc < c->minarg || argc > c->maxarg) {
+	if (c->minarg == c->maxarg) {
+	    fprintf(stderr, "Need %s%d argument%s ",
+		c->minarg < argc ? "only " : "", c->minarg,
+		c->minarg == 1 ? "" : "s");
+	} else {
+	    fprintf(stderr, "Need %s%d-%d arguments ",
+		c->maxarg < argc ? "only " : "", c->minarg, c->maxarg);
+	}
+	fprintf(stderr, "to 'encrypt %s' command.  'encrypt ?' for help.\r\n",
+		c->name);
+	return 0;
+    }
+    if (c->needconnect && !connected) {
+	if (!(argc && (isprefix(argv[2], "help") || isprefix(argv[2], "?")))) {
+	    printf("?Need to be connected first.\r\n");
+	    return 0;
+	}
+    }
+    return ((*c->handler)(argc > 0 ? argv[2] : 0,
+			argc > 1 ? argv[3] : 0,
+			argc > 2 ? argv[4] : 0));
+}
+#endif
+
+
+/*
+ * Print status about the connection.
+ */
+
+static int
+status(int argc, char **argv)
+{
+    if (connected) {
+	printf("Connected to %s.\r\n", hostname);
+	if ((argc < 2) || strcmp(argv[1], "notmuch")) {
+	    int mode = getconnmode();
+
+	    if (my_want_state_is_will(TELOPT_LINEMODE)) {
+		printf("Operating with LINEMODE option\r\n");
+		printf("%s line editing\r\n", (mode&MODE_EDIT) ? "Local" : "No");
+		printf("%s catching of signals\r\n",
+					(mode&MODE_TRAPSIG) ? "Local" : "No");
+		slcstate();
+#ifdef	KLUDGELINEMODE
+	    } else if (kludgelinemode && my_want_state_is_dont(TELOPT_SGA)) {
+		printf("Operating in obsolete linemode\r\n");
+#endif
+	    } else {
+		printf("Operating in single character mode\r\n");
+		if (localchars)
+		    printf("Catching signals locally\r\n");
+	    }
+	    printf("%s character echo\r\n", (mode&MODE_ECHO) ? "Local" : "Remote");
+	    if (my_want_state_is_will(TELOPT_LFLOW))
+		printf("%s flow control\r\n", (mode&MODE_FLOW) ? "Local" : "No");
+#if	defined(ENCRYPTION)
+	    encrypt_display();
+#endif
+	}
+    } else {
+	printf("No connection.\r\n");
+    }
+    printf("Escape character is '%s'.\r\n", control(escape));
+    fflush(stdout);
+    return 1;
+}
+
+#ifdef	SIGINFO
+/*
+ * Function that gets called when SIGINFO is received.
+ */
+void
+ayt_status(int ignore)
+{
+    call(status, "status", "notmuch", 0);
+}
+#endif
+
+static Command *getcmd(char *name);
+
+static void
+cmdrc(char *m1, char *m2)
+{
+    static char rcname[128];
+    Command *c;
+    FILE *rcfile;
+    int gotmachine = 0;
+    int l1 = strlen(m1);
+    int l2 = strlen(m2);
+    char m1save[64];
+
+    if (skiprc)
+	return;
+
+    strcpy_truncate(m1save, m1, sizeof(m1save));
+    m1 = m1save;
+
+    if (rcname[0] == 0) {
+	char *home = getenv("HOME");
+
+	snprintf (rcname, sizeof(rcname), "%s/.telnetrc",
+		  home ? home : "");
+    }
+
+    if ((rcfile = fopen(rcname, "r")) == 0) {
+	return;
+    }
+
+    for (;;) {
+	if (fgets(line, sizeof(line), rcfile) == NULL)
+	    break;
+	if (line[0] == 0)
+	    break;
+	if (line[0] == '#')
+	    continue;
+	if (gotmachine) {
+	    if (!isspace(line[0]))
+		gotmachine = 0;
+	}
+	if (gotmachine == 0) {
+	    if (isspace(line[0]))
+		continue;
+	    if (strncasecmp(line, m1, l1) == 0)
+		strncpy(line, &line[l1], sizeof(line) - l1);
+	    else if (strncasecmp(line, m2, l2) == 0)
+		strncpy(line, &line[l2], sizeof(line) - l2);
+	    else if (strncasecmp(line, "DEFAULT", 7) == 0)
+		strncpy(line, &line[7], sizeof(line) - 7);
+	    else
+		continue;
+	    if (line[0] != ' ' && line[0] != '\t' && line[0] != '\n')
+		continue;
+	    gotmachine = 1;
+	}
+	makeargv();
+	if (margv[0] == 0)
+	    continue;
+	c = getcmd(margv[0]);
+	if (Ambiguous(c)) {
+	    printf("?Ambiguous command: %s\r\n", margv[0]);
+	    continue;
+	}
+	if (c == 0) {
+	    printf("?Invalid command: %s\r\n", margv[0]);
+	    continue;
+	}
+	/*
+	 * This should never happen...
+	 */
+	if (c->needconnect && !connected) {
+	    printf("?Need to be connected first for %s.\r\n", margv[0]);
+	    continue;
+	}
+	(*c->handler)(margc, margv);
+    }
+    fclose(rcfile);
+}
+
+int
+tn(int argc, char **argv)
+{
+    struct hostent *host = 0;
+#ifdef HAVE_IPV6
+    struct sockaddr_in6 sin6;
+#endif
+    struct sockaddr_in sin;
+    struct sockaddr *sa = NULL;
+    int sa_size = 0;
+    struct servent *sp = 0;
+    unsigned long temp;
+    extern char *inet_ntoa();
+#if defined(IP_OPTIONS) && defined(IPPROTO_IP)
+    char *srp = 0;
+    int srlen;
+#endif
+    char *cmd, *hostp = 0, *portp = 0;
+    char *user = 0;
+    int family, port = 0;
+    char **addr_list;
+
+    /* clear the socket address prior to use */
+
+    if (connected) {
+	printf("?Already connected to %s\r\n", hostname);
+	setuid(getuid());
+	return 0;
+    }
+    if (argc < 2) {
+	strcpy_truncate(line, "open ", sizeof(line));
+	printf("(to) ");
+	fgets(&line[strlen(line)], sizeof(line) - strlen(line), stdin);
+	makeargv();
+	argc = margc;
+	argv = margv;
+    }
+    cmd = *argv;
+    --argc; ++argv;
+    while (argc) {
+	if (strcmp(*argv, "help") == 0 || isprefix(*argv, "?"))
+	    goto usage;
+	if (strcmp(*argv, "-l") == 0) {
+	    --argc; ++argv;
+	    if (argc == 0)
+		goto usage;
+	    user = strdup(*argv++);
+	    --argc;
+	    continue;
+	}
+	if (strcmp(*argv, "-a") == 0) {
+	    --argc; ++argv;
+	    autologin = 1;
+	    continue;
+	}
+	if (hostp == 0) {
+	    hostp = *argv++;
+	    --argc;
+	    continue;
+	}
+	if (portp == 0) {
+	    portp = *argv++;
+	    --argc;
+	    continue;
+	}
+    usage:
+	printf("usage: %s [-l user] [-a] host-name [port]\r\n", cmd);
+	setuid(getuid());
+	return 0;
+    }
+    if (hostp == 0)
+	goto usage;
+
+#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
+    if (hostp[0] == '@' || hostp[0] == '!') {
+	if ((hostname = strrchr(hostp, ':')) == NULL)
+	    hostname = strrchr(hostp, '@');
+	hostname++;
+	srp = 0;
+	temp = sourceroute(hostp, &srp, &srlen);
+	if (temp == 0) {
+	    fprintf (stderr, "%s: %s\r\n", srp ? srp : "", hstrerror(h_errno));
+	    setuid(getuid());
+	    return 0;
+	} else if (temp == -1) {
+	    printf("Bad source route option: %s\r\n", hostp);
+	    setuid(getuid());
+	    return 0;
+	} else {
+	    abort();
+	}
+    } else {
+#endif
+	memset (&sin, 0, sizeof(sin));
+#ifdef HAVE_IPV6
+	memset (&sin6, 0, sizeof(sin6));
+
+	if(inet_pton(AF_INET6, hostp, &sin6.sin6_addr)) {
+	    sin6.sin6_family = family = AF_INET6;
+	    sa = (struct sockaddr *)&sin6;
+	    sa_size = sizeof(sin6);
+	    strcpy_truncate(_hostname, hostp, sizeof(_hostname));
+	    hostname =_hostname;
+	} else
+#endif
+	if(inet_aton(hostp, &sin.sin_addr)){
+	    sin.sin_family = family = AF_INET;
+	    sa = (struct sockaddr *)&sin;
+	    sa_size = sizeof(sin);
+	    strcpy_truncate(_hostname, hostp, sizeof(_hostname));
+	    hostname = _hostname;
+	} else {
+#ifdef HAVE_GETHOSTBYNAME2
+#ifdef HAVE_IPV6
+	    host = gethostbyname2(hostp, AF_INET6);
+	    if(host == NULL)
+#endif
+		host = gethostbyname2(hostp, AF_INET);
+#else
+	    host = roken_gethostbyname(hostp);
+#endif
+	    if (host) {
+		strcpy_truncate(_hostname, host->h_name, sizeof(_hostname));
+		family = host->h_addrtype;
+		addr_list = host->h_addr_list;
+
+		switch(family) {
+		case AF_INET:
+		    memset(&sin, 0, sizeof(sin));
+		    sa_size = sizeof(sin);
+		    sa = (struct sockaddr *)&sin;
+		    sin.sin_family = family;
+		    sin.sin_addr   = *((struct in_addr *)(*addr_list));
+		    break;
+#ifdef HAVE_IPV6
+		case AF_INET6:
+		    memset(&sin6, 0, sizeof(sin6));
+		    sa_size = sizeof(sin6);
+		    sa = (struct sockaddr *)&sin6;
+		    sin6.sin6_family = family;
+		    sin6.sin6_addr   = *((struct in6_addr *)(*addr_list));
+		    break;
+#endif
+		default:
+		    fprintf(stderr, "Bad address family: %d\n", family);
+		    return 0;
+		}
+
+		_hostname[sizeof(_hostname)-1] = '\0';
+		hostname = _hostname;
+	    } else {
+	        fprintf (stderr, "%s: %s\r\n", hostp ? hostp : "",
+			 hstrerror(h_errno));
+		setuid(getuid());
+		return 0;
+	    }
+	}
+#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
+    }
+#endif
+    if (portp) {
+	if (*portp == '-') {
+	    portp++;
+	    telnetport = 1;
+	} else
+	    telnetport = 0;
+	port = atoi(portp);
+	if (port == 0) {
+	    sp = roken_getservbyname(portp, "tcp");
+	    if (sp)
+		port = sp->s_port;
+	    else {
+		printf("%s: bad port number\r\n", portp);
+		setuid(getuid());
+		return 0;
+	    }
+	} else {
+	    port = htons(port);
+	}
+    } else {
+	if (sp == 0) {
+	    sp = roken_getservbyname("telnet", "tcp");
+	    if (sp == 0) {
+		fprintf(stderr, "telnet: tcp/telnet: unknown service\r\n");
+		setuid(getuid());
+		return 0;
+	    }
+	    port = sp->s_port;
+	}
+	telnetport = 1;
+    }
+    do {
+	switch(family) {
+	case AF_INET:
+	    sin.sin_port = port;
+	    printf("Trying %s...\r\n", inet_ntoa(sin.sin_addr));
+	    break;
+#ifdef HAVE_IPV6
+	case AF_INET6: {
+#ifndef INET6_ADDRSTRLEN
+#define INET6_ADDRSTRLEN 46 
+#endif
+
+	    char buf[INET6_ADDRSTRLEN];
+
+	    sin6.sin6_port = port;
+#ifdef HAVE_INET_NTOP
+	    printf("Trying %s...\r\n", inet_ntop(AF_INET6,
+						 &sin6.sin6_addr,
+						 buf,
+						 sizeof(buf)));
+#endif
+	    break;
+	}
+#endif
+	default:
+	    abort();
+	}
+
+
+	net = socket(family, SOCK_STREAM, 0);
+	setuid(getuid());
+	if (net < 0) {
+	    perror("telnet: socket");
+	    return 0;
+	}
+#if	defined(IP_OPTIONS) && defined(IPPROTO_IP) && defined(HAVE_SETSOCKOPT)
+	if (srp && setsockopt(net, IPPROTO_IP, IP_OPTIONS, (void *)srp,
+			      srlen) < 0)
+		perror("setsockopt (IP_OPTIONS)");
+#endif
+#if	defined(IPPROTO_IP) && defined(IP_TOS)
+	{
+# if	defined(HAVE_GETTOSBYNAME)
+	    struct tosent *tp;
+	    if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
+		tos = tp->t_tos;
+# endif
+	    if (tos < 0)
+		tos = 020;	/* Low Delay bit */
+	    if (tos
+		&& (setsockopt(net, IPPROTO_IP, IP_TOS,
+		    (void *)&tos, sizeof(int)) < 0)
+		&& (errno != ENOPROTOOPT))
+		    perror("telnet: setsockopt (IP_TOS) (ignored)");
+	}
+#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
+
+	if (debug && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) {
+		perror("setsockopt (SO_DEBUG)");
+	}
+
+	if (connect(net, sa, sa_size) < 0) {
+	    if (host && addr_list[1]) {
+		int oerrno = errno;
+
+		switch(family) {
+		case AF_INET :
+		    fprintf(stderr, "telnet: connect to address %s: ",
+			    inet_ntoa(sin.sin_addr));
+		    sin.sin_addr = *((struct in_addr *)(*++addr_list));
+		    break;
+#ifdef HAVE_IPV6
+		case AF_INET6: {
+		    char buf[INET6_ADDRSTRLEN];
+
+		    fprintf(stderr, "telnet: connect to address %s: ",
+			    inet_ntop(AF_INET6, &sin6.sin6_addr, buf,
+				      sizeof(buf)));
+		    sin6.sin6_addr = *((struct in6_addr *)(*++addr_list));
+		    break;
+		}
+#endif
+		default:
+		    abort();
+		}
+		    
+		errno = oerrno;
+		perror(NULL);
+		NetClose(net);
+		continue;
+	    }
+	    perror("telnet: Unable to connect to remote host");
+	    return 0;
+	}
+	connected++;
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+	auth_encrypt_connect(connected);
+#endif
+    } while (connected == 0);
+    cmdrc(hostp, hostname);
+    if (autologin && user == NULL)
+	user = (char *)get_default_username ();
+    if (user) {
+	env_define((unsigned char *)"USER", (unsigned char *)user);
+	env_export((unsigned char *)"USER");
+    }
+    call(status, "status", "notmuch", 0);
+    if (setjmp(peerdied) == 0)
+	my_telnet((char *)user);
+    NetClose(net);
+    ExitString("Connection closed by foreign host.\r\n",1);
+    /*NOTREACHED*/
+    return 0;
+}
+
+#define HELPINDENT ((int)sizeof ("connect"))
+
+static char
+	openhelp[] =	"connect to a site",
+	closehelp[] =	"close current connection",
+	logouthelp[] =	"forcibly logout remote user and close the connection",
+	quithelp[] =	"exit telnet",
+	statushelp[] =	"print status information",
+	helphelp[] =	"print help information",
+	sendhelp[] =	"transmit special characters ('send ?' for more)",
+	sethelp[] = 	"set operating parameters ('set ?' for more)",
+	unsethelp[] = 	"unset operating parameters ('unset ?' for more)",
+	togglestring[] ="toggle operating parameters ('toggle ?' for more)",
+	slchelp[] =	"change state of special charaters ('slc ?' for more)",
+	displayhelp[] =	"display operating parameters",
+#if	defined(AUTHENTICATION)
+	authhelp[] =	"turn on (off) authentication ('auth ?' for more)",
+#endif
+#if	defined(ENCRYPTION)
+	encrypthelp[] =	"turn on (off) encryption ('encrypt ?' for more)",
+#endif
+	zhelp[] =	"suspend telnet",
+	shellhelp[] =	"invoke a subshell",
+	envhelp[] =	"change environment variables ('environ ?' for more)",
+	modestring[] = "try to enter line or character mode ('mode ?' for more)";
+
+static int help(int argc, char **argv);
+
+static Command cmdtab[] = {
+	{ "close",	closehelp,	bye,		1 },
+	{ "logout",	logouthelp,	logout,		1 },
+	{ "display",	displayhelp,	display,	0 },
+	{ "mode",	modestring,	modecmd,	0 },
+	{ "open",	openhelp,	tn,		0 },
+	{ "quit",	quithelp,	quit,		0 },
+	{ "send",	sendhelp,	sendcmd,	0 },
+	{ "set",	sethelp,	setcmd,		0 },
+	{ "unset",	unsethelp,	unsetcmd,	0 },
+	{ "status",	statushelp,	status,		0 },
+	{ "toggle",	togglestring,	toggle,		0 },
+	{ "slc",	slchelp,	slccmd,		0 },
+#if	defined(AUTHENTICATION)
+	{ "auth",	authhelp,	auth_cmd,	0 },
+#endif
+#if	defined(ENCRYPTION)
+	{ "encrypt",	encrypthelp,	encrypt_cmd,	0 },
+#endif
+	{ "z",		zhelp,		telnetsuspend,	0 },
+	{ "!",		shellhelp,	shell,		0 },
+	{ "environ",	envhelp,	env_cmd,	0 },
+	{ "?",		helphelp,	help,		0 },
+	{ 0,            0,              0,              0 }
+};
+
+static char	crmodhelp[] =	"deprecated command -- use 'toggle crmod' instead";
+static char	escapehelp[] =	"deprecated command -- use 'set escape' instead";
+
+static Command cmdtab2[] = {
+	{ "help",	0,		help,		0 },
+	{ "escape",	escapehelp,	setescape,	0 },
+	{ "crmod",	crmodhelp,	togcrmod,	0 },
+	{ 0,            0,		0, 		0 }
+};
+
+
+/*
+ * Call routine with argc, argv set from args (terminated by 0).
+ */
+
+static int
+call(intrtn_t routine, ...)
+{
+    va_list ap;
+    char *args[100];
+    int argno = 0;
+
+    va_start(ap, routine);
+    while ((args[argno++] = va_arg(ap, char *)) != 0);
+    va_end(ap);
+    return (*routine)(argno-1, args);
+}
+
+
+static Command
+*getcmd(char *name)
+{
+    Command *cm;
+
+    if ((cm = (Command *) genget(name, (char **) cmdtab, sizeof(Command))))
+	return cm;
+    return (Command *) genget(name, (char **) cmdtab2, sizeof(Command));
+}
+
+void
+command(int top, char *tbuf, int cnt)
+{
+    Command *c;
+
+    setcommandmode();
+    if (!top) {
+	putchar('\n');
+    } else {
+	signal(SIGINT, SIG_DFL);
+	signal(SIGQUIT, SIG_DFL);
+    }
+    for (;;) {
+	if (rlogin == _POSIX_VDISABLE)
+		printf("%s> ", prompt);
+	if (tbuf) {
+	    char *cp;
+	    cp = line;
+	    while (cnt > 0 && (*cp++ = *tbuf++) != '\n')
+		cnt--;
+	    tbuf = 0;
+	    if (cp == line || *--cp != '\n' || cp == line)
+		goto getline;
+	    *cp = '\0';
+	    if (rlogin == _POSIX_VDISABLE)
+		printf("%s\r\n", line);
+	} else {
+	getline:
+	    if (rlogin != _POSIX_VDISABLE)
+		printf("%s> ", prompt);
+	    if (fgets(line, sizeof(line), stdin) == NULL) {
+		if (feof(stdin) || ferror(stdin)) {
+		    quit();
+		    /*NOTREACHED*/
+		}
+		break;
+	    }
+	}
+	if (line[0] == 0)
+	    break;
+	makeargv();
+	if (margv[0] == 0) {
+	    break;
+	}
+	c = getcmd(margv[0]);
+	if (Ambiguous(c)) {
+	    printf("?Ambiguous command\r\n");
+	    continue;
+	}
+	if (c == 0) {
+	    printf("?Invalid command\r\n");
+	    continue;
+	}
+	if (c->needconnect && !connected) {
+	    printf("?Need to be connected first.\r\n");
+	    continue;
+	}
+	if ((*c->handler)(margc, margv)) {
+	    break;
+	}
+    }
+    if (!top) {
+	if (!connected) {
+	    longjmp(toplevel, 1);
+	    /*NOTREACHED*/
+	}
+	setconnmode(0);
+    }
+}
+
+/*
+ * Help command.
+ */
+static int
+help(int argc, char **argv)
+{
+	Command *c;
+
+	if (argc == 1) {
+		printf("Commands may be abbreviated.  Commands are:\r\n\r\n");
+		for (c = cmdtab; c->name; c++)
+			if (c->help) {
+				printf("%-*s\t%s\r\n", HELPINDENT, c->name,
+								    c->help);
+			}
+		return 0;
+	}
+	while (--argc > 0) {
+		char *arg;
+		arg = *++argv;
+		c = getcmd(arg);
+		if (Ambiguous(c))
+			printf("?Ambiguous help command %s\r\n", arg);
+		else if (c == (Command *)0)
+			printf("?Invalid help command %s\r\n", arg);
+		else
+			printf("%s\r\n", c->help);
+	}
+	return 0;
+}
+
+
+#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
+
+/*
+ * Source route is handed in as
+ *	[!]@hop1@hop2...[@|:]dst
+ * If the leading ! is present, it is a
+ * strict source route, otherwise it is
+ * assmed to be a loose source route.
+ *
+ * We fill in the source route option as
+ *	hop1,hop2,hop3...dest
+ * and return a pointer to hop1, which will
+ * be the address to connect() to.
+ *
+ * Arguments:
+ *	arg:	pointer to route list to decipher
+ *
+ *	cpp: 	If *cpp is not equal to NULL, this is a
+ *		pointer to a pointer to a character array
+ *		that should be filled in with the option.
+ *
+ *	lenp:	pointer to an integer that contains the
+ *		length of *cpp if *cpp != NULL.
+ *
+ * Return values:
+ *
+ *	Returns the address of the host to connect to.  If the
+ *	return value is -1, there was a syntax error in the
+ *	option, either unknown characters, or too many hosts.
+ *	If the return value is 0, one of the hostnames in the
+ *	path is unknown, and *cpp is set to point to the bad
+ *	hostname.
+ *
+ *	*cpp:	If *cpp was equal to NULL, it will be filled
+ *		in with a pointer to our static area that has
+ *		the option filled in.  This will be 32bit aligned.
+ *
+ *	*lenp:	This will be filled in with how long the option
+ *		pointed to by *cpp is.
+ *
+ */
+unsigned long
+sourceroute(char *arg, char **cpp, int *lenp)
+{
+	static char lsr[44];
+	char *cp, *cp2, *lsrp, *lsrep;
+	int tmp;
+	struct in_addr sin_addr;
+	struct hostent *host = 0;
+	char c;
+
+	/*
+	 * Verify the arguments, and make sure we have
+	 * at least 7 bytes for the option.
+	 */
+	if (cpp == NULL || lenp == NULL)
+		return((unsigned long)-1);
+	if (*cpp != NULL && *lenp < 7)
+		return((unsigned long)-1);
+	/*
+	 * Decide whether we have a buffer passed to us,
+	 * or if we need to use our own static buffer.
+	 */
+	if (*cpp) {
+		lsrp = *cpp;
+		lsrep = lsrp + *lenp;
+	} else {
+		*cpp = lsrp = lsr;
+		lsrep = lsrp + 44;
+	}
+
+	cp = arg;
+
+	/*
+	 * Next, decide whether we have a loose source
+	 * route or a strict source route, and fill in
+	 * the begining of the option.
+	 */
+	if (*cp == '!') {
+		cp++;
+		*lsrp++ = IPOPT_SSRR;
+	} else
+		*lsrp++ = IPOPT_LSRR;
+
+	if (*cp != '@')
+		return((unsigned long)-1);
+
+	lsrp++;		/* skip over length, we'll fill it in later */
+	*lsrp++ = 4;
+
+	cp++;
+
+	sin_addr.s_addr = 0;
+
+	for (c = 0;;) {
+		if (c == ':')
+			cp2 = 0;
+		else for (cp2 = cp; (c = *cp2); cp2++) {
+			if (c == ',') {
+				*cp2++ = '\0';
+				if (*cp2 == '@')
+					cp2++;
+			} else if (c == '@') {
+				*cp2++ = '\0';
+			} else if (c == ':') {
+				*cp2++ = '\0';
+			} else
+				continue;
+			break;
+		}
+		if (!c)
+			cp2 = 0;
+
+		if ((tmp = inet_addr(cp)) != -1) {
+			sin_addr.s_addr = tmp;
+		} else if ((host = roken_gethostbyname(cp))) {
+			memmove(&sin_addr,
+				host->h_addr_list[0],
+				sizeof(sin_addr));
+		} else {
+			*cpp = cp;
+			return(0);
+		}
+		memmove(lsrp, &sin_addr, 4);
+		lsrp += 4;
+		if (cp2)
+			cp = cp2;
+		else
+			break;
+		/*
+		 * Check to make sure there is space for next address
+		 */
+		if (lsrp + 4 > lsrep)
+			return((unsigned long)-1);
+	}
+	if ((*(*cpp+IPOPT_OLEN) = lsrp - *cpp) <= 7) {
+		*cpp = 0;
+		*lenp = 0;
+		return((unsigned long)-1);
+	}
+	*lsrp++ = IPOPT_NOP; /* 32 bit word align it */
+	*lenp = lsrp - *cpp;
+	return(sin_addr.s_addr);
+}
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/telnet/defines.h b/crypto/kerberosIV/appl/telnet/telnet/defines.h
new file mode 100644
index 0000000..5c1ac2b
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/defines.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)defines.h	8.1 (Berkeley) 6/6/93
+ */
+
+#define	settimer(x)	clocks.x = clocks.system++
+
+#define	NETADD(c)	{ *netoring.supply = c; ring_supplied(&netoring, 1); }
+#define	NET2ADD(c1,c2)	{ NETADD(c1); NETADD(c2); }
+#define	NETBYTES()	(ring_full_count(&netoring))
+#define	NETROOM()	(ring_empty_count(&netoring))
+
+#define	TTYADD(c)	if (!(SYNCHing||flushout)) { \
+				*ttyoring.supply = c; \
+				ring_supplied(&ttyoring, 1); \
+			}
+#define	TTYBYTES()	(ring_full_count(&ttyoring))
+#define	TTYROOM()	(ring_empty_count(&ttyoring))
+
+/*	Various modes */
+#define	MODE_LOCAL_CHARS(m)	((m)&(MODE_EDIT|MODE_TRAPSIG))
+#define	MODE_LOCAL_ECHO(m)	((m)&MODE_ECHO)
+#define	MODE_COMMAND_LINE(m)	((m)==-1)
+
+#define	CONTROL(x)	((x)&0x1f)		/* CTRL(x) is not portable */
+
+
+/* XXX extra mode bits, these should be synced with <arpa/telnet.h> */
+
+#define MODE_OUT8	0x8000 /* binary mode sans -opost */
diff --git a/crypto/kerberosIV/appl/telnet/telnet/externs.h b/crypto/kerberosIV/appl/telnet/telnet/externs.h
new file mode 100644
index 0000000..f8b1668
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/externs.h
@@ -0,0 +1,429 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)externs.h	8.3 (Berkeley) 5/30/95
+ */
+
+/* $Id: externs.h,v 1.18 1998/07/09 23:16:36 assar Exp $ */
+
+#ifndef	BSD
+# define BSD 43
+#endif
+
+#ifndef	_POSIX_VDISABLE
+# ifdef sun
+#  include <sys/param.h>	/* pick up VDISABLE definition, mayby */
+# endif
+# ifdef VDISABLE
+#  define _POSIX_VDISABLE VDISABLE
+# else
+#  define _POSIX_VDISABLE ((cc_t)'\377')
+# endif
+#endif
+
+#define	SUBBUFSIZE	256
+
+extern int
+    autologin,		/* Autologin enabled */
+    skiprc,		/* Don't process the ~/.telnetrc file */
+    eight,		/* use eight bit mode (binary in and/or out */
+    binary,
+    flushout,		/* flush output */
+    connected,		/* Are we connected to the other side? */
+    globalmode,		/* Mode tty should be in */
+    telnetport,		/* Are we connected to the telnet port? */
+    localflow,		/* Flow control handled locally */
+    restartany,		/* If flow control, restart output on any character */
+    localchars,		/* we recognize interrupt/quit */
+    donelclchars,	/* the user has set "localchars" */
+    showoptions,
+    net,		/* Network file descriptor */
+    tin,		/* Terminal input file descriptor */
+    tout,		/* Terminal output file descriptor */
+    crlf,		/* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
+    autoflush,		/* flush output when interrupting? */
+    autosynch,		/* send interrupt characters with SYNCH? */
+    SYNCHing,		/* Is the stream in telnet SYNCH mode? */
+    donebinarytoggle,	/* the user has put us in binary */
+    dontlecho,		/* do we suppress local echoing right now? */
+    crmod,
+    netdata,		/* Print out network data flow */
+    prettydump,		/* Print "netdata" output in user readable format */
+    termdata,		/* Print out terminal data flow */
+    debug;		/* Debug level */
+
+extern cc_t escape;	/* Escape to command mode */
+extern cc_t rlogin;	/* Rlogin mode escape character */
+#ifdef	KLUDGELINEMODE
+extern cc_t echoc;	/* Toggle local echoing */
+#endif
+
+extern char
+    *prompt;		/* Prompt for command. */
+
+extern char
+    doopt[],
+    dont[],
+    will[],
+    wont[],
+    options[],		/* All the little options */
+    *hostname;		/* Who are we connected to? */
+#if	defined(ENCRYPTION)
+extern void (*encrypt_output) (unsigned char *, int);
+extern int (*decrypt_input) (int);
+#endif
+
+/*
+ * We keep track of each side of the option negotiation.
+ */
+
+#define	MY_STATE_WILL		0x01
+#define	MY_WANT_STATE_WILL	0x02
+#define	MY_STATE_DO		0x04
+#define	MY_WANT_STATE_DO	0x08
+
+/*
+ * Macros to check the current state of things
+ */
+
+#define	my_state_is_do(opt)		(options[opt]&MY_STATE_DO)
+#define	my_state_is_will(opt)		(options[opt]&MY_STATE_WILL)
+#define my_want_state_is_do(opt)	(options[opt]&MY_WANT_STATE_DO)
+#define my_want_state_is_will(opt)	(options[opt]&MY_WANT_STATE_WILL)
+
+#define	my_state_is_dont(opt)		(!my_state_is_do(opt))
+#define	my_state_is_wont(opt)		(!my_state_is_will(opt))
+#define my_want_state_is_dont(opt)	(!my_want_state_is_do(opt))
+#define my_want_state_is_wont(opt)	(!my_want_state_is_will(opt))
+
+#define	set_my_state_do(opt)		{options[opt] |= MY_STATE_DO;}
+#define	set_my_state_will(opt)		{options[opt] |= MY_STATE_WILL;}
+#define	set_my_want_state_do(opt)	{options[opt] |= MY_WANT_STATE_DO;}
+#define	set_my_want_state_will(opt)	{options[opt] |= MY_WANT_STATE_WILL;}
+
+#define	set_my_state_dont(opt)		{options[opt] &= ~MY_STATE_DO;}
+#define	set_my_state_wont(opt)		{options[opt] &= ~MY_STATE_WILL;}
+#define	set_my_want_state_dont(opt)	{options[opt] &= ~MY_WANT_STATE_DO;}
+#define	set_my_want_state_wont(opt)	{options[opt] &= ~MY_WANT_STATE_WILL;}
+
+/*
+ * Make everything symetrical
+ */
+
+#define	HIS_STATE_WILL			MY_STATE_DO
+#define	HIS_WANT_STATE_WILL		MY_WANT_STATE_DO
+#define HIS_STATE_DO			MY_STATE_WILL
+#define HIS_WANT_STATE_DO		MY_WANT_STATE_WILL
+
+#define	his_state_is_do			my_state_is_will
+#define	his_state_is_will		my_state_is_do
+#define his_want_state_is_do		my_want_state_is_will
+#define his_want_state_is_will		my_want_state_is_do
+
+#define	his_state_is_dont		my_state_is_wont
+#define	his_state_is_wont		my_state_is_dont
+#define his_want_state_is_dont		my_want_state_is_wont
+#define his_want_state_is_wont		my_want_state_is_dont
+
+#define	set_his_state_do		set_my_state_will
+#define	set_his_state_will		set_my_state_do
+#define	set_his_want_state_do		set_my_want_state_will
+#define	set_his_want_state_will		set_my_want_state_do
+
+#define	set_his_state_dont		set_my_state_wont
+#define	set_his_state_wont		set_my_state_dont
+#define	set_his_want_state_dont		set_my_want_state_wont
+#define	set_his_want_state_wont		set_my_want_state_dont
+
+
+extern FILE
+    *NetTrace;		/* Where debugging output goes */
+extern char
+    NetTraceFile[];	/* Name of file where debugging output goes */
+extern void
+    SetNetTrace (char *);	/* Function to change where debugging goes */
+
+extern jmp_buf
+    peerdied,
+    toplevel;		/* For error conditions. */
+
+/* authenc.c */
+
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+int telnet_net_write(unsigned char *str, int len);
+void net_encrypt(void);
+int telnet_spin(void);
+char *telnet_getenv(char *val);
+char *telnet_gets(char *prompt, char *result, int length, int echo);
+#endif
+
+/* commands.c */
+
+struct env_lst *env_define (unsigned char *, unsigned char *);
+struct env_lst *env_find(unsigned char *var);
+void env_init (void);
+void env_undefine (unsigned char *);
+void env_export (unsigned char *);
+void env_unexport (unsigned char *);
+void env_send (unsigned char *);
+void env_list (void);
+unsigned char * env_default(int init, int welldefined);
+unsigned char * env_getvalue(unsigned char *var);
+
+void set_escape_char(char *s);
+unsigned long sourceroute(char *arg, char **cpp, int *lenp);
+
+#if	defined(AUTHENTICATION)
+int auth_enable (char *);
+int auth_disable (char *);
+int auth_status (void);
+#endif
+
+#if defined(ENCRYPTION)
+int 	EncryptEnable (char *, char *);
+int 	EncryptDisable (char *, char *);
+int 	EncryptType (char *, char *);
+int 	EncryptStart (char *);
+int 	EncryptStartInput (void);
+int 	EncryptStartOutput (void);
+int 	EncryptStop (char *);
+int 	EncryptStopInput (void);
+int 	EncryptStopOutput (void);
+int 	EncryptStatus (void);
+#endif
+
+#ifdef SIGINFO
+void ayt_status(int);
+#endif
+int tn(int argc, char **argv);
+void command(int top, char *tbuf, int cnt);
+
+/* main.c */
+
+void tninit(void);
+void usage(void);
+
+/* network.c */
+
+void init_network(void);
+int stilloob(void);
+void setneturg(void);
+int netflush(void);
+
+/* sys_bsd.c */
+
+void init_sys(void);
+int TerminalWrite(char *buf, int n);
+int TerminalRead(unsigned char *buf, int n);
+int TerminalAutoFlush(void);
+int TerminalSpecialChars(int c);
+void TerminalFlushOutput(void);
+void TerminalSaveState(void);
+void TerminalDefaultChars(void);
+void TerminalNewMode(int f);
+cc_t *tcval(int func);
+void TerminalSpeeds(long *input_speed, long *output_speed);
+int TerminalWindowSize(long *rows, long *cols);
+int NetClose(int fd);
+void NetNonblockingIO(int fd, int onoff);
+int process_rings(int netin, int netout, int netex, int ttyin, int ttyout,
+		  int poll);
+
+/* telnet.c */
+
+void init_telnet(void);
+
+void tel_leave_binary(int rw);
+void tel_enter_binary(int rw);
+int opt_welldefined(char *ep);
+int telrcv(void);
+int rlogin_susp(void);
+void intp(void);
+void sendbrk(void);
+void sendabort(void);
+void sendsusp(void);
+void sendeof(void);
+void sendayt(void);
+
+void xmitAO(void);
+void xmitEL(void);
+void xmitEC(void);
+
+
+void     Dump (char, unsigned char *, int);
+void     printoption (char *, int, int);
+void     printsub (int, unsigned char *, int);
+void     sendnaws (void);
+void     setconnmode (int);
+void     setcommandmode (void);
+void     setneturg (void);
+void     sys_telnet_init (void);
+void     my_telnet (char *);
+void     tel_enter_binary (int);
+void     TerminalFlushOutput (void);
+void     TerminalNewMode (int);
+void     TerminalRestoreState (void);
+void     TerminalSaveState (void);
+void     tninit (void);
+void     willoption (int);
+void     wontoption (int);
+
+
+void     send_do (int, int);
+void     send_dont (int, int);
+void     send_will (int, int);
+void     send_wont (int, int);
+
+void     lm_will (unsigned char *, int);
+void     lm_wont (unsigned char *, int);
+void     lm_do (unsigned char *, int);
+void     lm_dont (unsigned char *, int);
+void     lm_mode (unsigned char *, int, int);
+
+void     slc_init (void);
+void     slcstate (void);
+void     slc_mode_export (void);
+void     slc_mode_import (int);
+void     slc_import (int);
+void     slc_export (void);
+void     slc (unsigned char *, int);
+void     slc_check (void);
+void     slc_start_reply (void);
+void     slc_add_reply (unsigned char, unsigned char, cc_t);
+void     slc_end_reply (void);
+int	 slc_update (void);
+
+void     env_opt (unsigned char *, int);
+void     env_opt_start (void);
+void     env_opt_start_info (void);
+void     env_opt_add (unsigned char *);
+void     env_opt_end (int);
+
+unsigned char     *env_default (int, int);
+unsigned char     *env_getvalue (unsigned char *);
+
+int get_status (void);
+int dosynch (void);
+
+cc_t *tcval (int);
+
+int quit (void);
+
+/* terminal.c */
+
+void init_terminal(void);
+int ttyflush(int drop);
+int getconnmode(void);
+
+/* utilities.c */
+
+int SetSockOpt(int fd, int level, int option, int yesno);
+void SetNetTrace(char *file);
+void Dump(char direction, unsigned char *buffer, int length);
+void printoption(char *direction, int cmd, int option);
+void optionstatus(void);
+void printsub(int direction, unsigned char *pointer, int length);
+void EmptyTerminal(void);
+void SetForExit(void);
+void Exit(int returnCode);
+void ExitString(char *string, int returnCode);
+
+extern struct	termios new_tc;
+
+# define termEofChar		new_tc.c_cc[VEOF]
+# define termEraseChar		new_tc.c_cc[VERASE]
+# define termIntChar		new_tc.c_cc[VINTR]
+# define termKillChar		new_tc.c_cc[VKILL]
+# define termQuitChar		new_tc.c_cc[VQUIT]
+
+# ifndef	VSUSP
+extern cc_t termSuspChar;
+# else
+#  define termSuspChar		new_tc.c_cc[VSUSP]
+# endif
+# if	defined(VFLUSHO) && !defined(VDISCARD)
+#  define VDISCARD VFLUSHO
+# endif
+# ifndef	VDISCARD
+extern cc_t termFlushChar;
+# else
+#  define termFlushChar		new_tc.c_cc[VDISCARD]
+# endif
+# ifndef VWERASE
+extern cc_t termWerasChar;
+# else
+#  define termWerasChar		new_tc.c_cc[VWERASE]
+# endif
+# ifndef	VREPRINT
+extern cc_t termRprntChar;
+# else
+#  define termRprntChar		new_tc.c_cc[VREPRINT]
+# endif
+# ifndef	VLNEXT
+extern cc_t termLiteralNextChar;
+# else
+#  define termLiteralNextChar	new_tc.c_cc[VLNEXT]
+# endif
+# ifndef	VSTART
+extern cc_t termStartChar;
+# else
+#  define termStartChar		new_tc.c_cc[VSTART]
+# endif
+# ifndef	VSTOP
+extern cc_t termStopChar;
+# else
+#  define termStopChar		new_tc.c_cc[VSTOP]
+# endif
+# ifndef	VEOL
+extern cc_t termForw1Char;
+# else
+#  define termForw1Char		new_tc.c_cc[VEOL]
+# endif
+# ifndef	VEOL2
+extern cc_t termForw2Char;
+# else
+#  define termForw2Char		new_tc.c_cc[VEOL]
+# endif
+# ifndef	VSTATUS
+extern cc_t termAytChar;
+#else
+#  define termAytChar		new_tc.c_cc[VSTATUS]
+#endif
+
+/* Ring buffer structures which are shared */
+
+extern Ring
+    netoring,
+    netiring,
+    ttyoring,
+    ttyiring;
+
diff --git a/crypto/kerberosIV/appl/telnet/telnet/main.c b/crypto/kerberosIV/appl/telnet/telnet/main.c
new file mode 100644
index 0000000..2c896eb
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/main.c
@@ -0,0 +1,321 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+static char *copyright[] = {
+    "@(#) Copyright (c) 1988, 1990, 1993\n"
+    "\tThe Regents of the University of California.  All rights reserved.\n",
+    (char*)copyright
+};
+
+#include "telnet_locl.h"
+RCSID("$Id: main.c,v 1.27 1999/03/11 13:49:23 joda Exp $");
+
+/* These values need to be the same as defined in libtelnet/kerberos5.c */
+/* Either define them in both places, or put in some common header file. */
+#define OPTS_FORWARD_CREDS	0x00000002
+#define OPTS_FORWARDABLE_CREDS	0x00000001
+
+#if KRB5
+#define FORWARD
+#endif
+
+/*
+ * Initialize variables.
+ */
+void
+tninit(void)
+{
+    init_terminal();
+
+    init_network();
+
+    init_telnet();
+
+    init_sys();
+}
+
+void
+usage(void)
+{
+  fprintf(stderr, "Usage: %s %s%s%s%s\n", prompt,
+#ifdef	AUTHENTICATION
+	  "[-8] [-E] [-K] [-L] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]",
+	  "\n\t[-k realm] [-l user] [-f/-F] [-n tracefile] ",
+#else
+	  "[-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user]",
+	  "\n\t[-n tracefile]",
+#endif
+	  "[-r] ",
+#ifdef	ENCRYPTION
+	  "[-x] [host-name [port]]"
+#else
+	  "[host-name [port]]"
+#endif
+    );
+  exit(1);
+}
+
+/*
+ * main.  Parse arguments, invoke the protocol or command parser.
+ */
+
+
+#ifdef KRB5
+/* XXX ugly hack to setup dns-proxy stuff */
+#define Authenticator asn1_Authenticator
+#include <krb5.h>
+static void
+krb5_init(void)
+{
+    krb5_context context;
+    krb5_init_context(&context);
+    krb5_free_context(context);
+    
+}
+#endif
+
+int
+main(int argc, char **argv)
+{
+	int ch;
+	char *user;
+#ifdef	FORWARD
+	extern int forward_flags;
+#endif	/* FORWARD */
+
+#ifdef KRB5
+	krb5_init();
+#endif
+	
+	tninit();		/* Clear out things */
+
+	TerminalSaveState();
+
+	if ((prompt = strrchr(argv[0], '/')))
+		++prompt;
+	else
+		prompt = argv[0];
+
+	user = NULL;
+
+	rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
+
+	/* 
+	 * if AUTHENTICATION and ENCRYPTION is set autologin will be
+	 * se to true after the getopt switch; unless the -K option is
+	 * passed 
+	 */
+	autologin = -1;
+
+	while((ch = getopt(argc, argv, "78DEKLS:X:abcde:fFk:l:n:rx")) != EOF) {
+		switch(ch) {
+		case '8':
+			eight = 3;	/* binary output and input */
+			break;
+		case '7':
+			eight = 0;
+			break;
+		case 'b':
+		    binary = 3;
+		    break;
+		case 'D': {
+		    /* sometimes we don't want a mangled display */
+		    char *p;
+		    if((p = getenv("DISPLAY")))
+			env_define("DISPLAY", (unsigned char*)p);
+		    break;
+		}
+		case 'E':
+			rlogin = escape = _POSIX_VDISABLE;
+			break;
+		case 'K':
+#ifdef	AUTHENTICATION
+			autologin = 0;
+#endif
+			break;
+		case 'L':
+			eight |= 2;	/* binary output only */
+			break;
+		case 'S':
+		    {
+#ifdef	HAVE_PARSETOS
+			extern int tos;
+
+			if ((tos = parsetos(optarg, "tcp")) < 0)
+				fprintf(stderr, "%s%s%s%s\n",
+					prompt, ": Bad TOS argument '",
+					optarg,
+					"; will try to use default TOS");
+#else
+			fprintf(stderr,
+			   "%s: Warning: -S ignored, no parsetos() support.\n",
+								prompt);
+#endif
+		    }
+			break;
+		case 'X':
+#ifdef	AUTHENTICATION
+			auth_disable_name(optarg);
+#endif
+			break;
+		case 'a':
+			autologin = 1;
+			break;
+		case 'c':
+			skiprc = 1;
+			break;
+		case 'd':
+			debug = 1;
+			break;
+		case 'e':
+			set_escape_char(optarg);
+			break;
+		case 'f':
+#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
+			if (forward_flags & OPTS_FORWARD_CREDS) {
+			    fprintf(stderr,
+				    "%s: Only one of -f and -F allowed.\n",
+				    prompt);
+			    usage();
+			}
+			forward_flags |= OPTS_FORWARD_CREDS;
+#else
+			fprintf(stderr,
+			 "%s: Warning: -f ignored, no Kerberos V5 support.\n",
+				prompt);
+#endif
+			break;
+		case 'F':
+#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
+			if (forward_flags & OPTS_FORWARD_CREDS) {
+			    fprintf(stderr,
+				    "%s: Only one of -f and -F allowed.\n",
+				    prompt);
+			    usage();
+			}
+			forward_flags |= OPTS_FORWARD_CREDS;
+			forward_flags |= OPTS_FORWARDABLE_CREDS;
+#else
+			fprintf(stderr,
+			 "%s: Warning: -F ignored, no Kerberos V5 support.\n",
+				prompt);
+#endif
+			break;
+		case 'k':
+#if defined(AUTHENTICATION) && defined(KRB4)
+		    {
+			extern char *dest_realm, dst_realm_buf[];
+			extern int dst_realm_sz;
+			dest_realm = dst_realm_buf;
+			strcpy_truncate(dest_realm, optarg, dst_realm_sz);
+		    }
+#else
+			fprintf(stderr,
+			   "%s: Warning: -k ignored, no Kerberos V4 support.\n",
+								prompt);
+#endif
+			break;
+		case 'l':
+		  if(autologin == 0){
+		    fprintf(stderr, "%s: Warning: -K ignored\n", prompt);
+		    autologin = -1;
+		  }
+			user = optarg;
+			break;
+		case 'n':
+				SetNetTrace(optarg);
+			break;
+		case 'r':
+			rlogin = '~';
+			break;
+		case 'x':
+#ifdef	ENCRYPTION
+			encrypt_auto(1);
+			decrypt_auto(1);
+			EncryptVerbose(1);
+#else
+			fprintf(stderr,
+			    "%s: Warning: -x ignored, no ENCRYPT support.\n",
+								prompt);
+#endif
+			break;
+		case '?':
+		default:
+			usage();
+			/* NOTREACHED */
+		}
+	}
+
+	if (autologin == -1) {		/* esc@magic.fi; force  */
+#if defined(AUTHENTICATION)
+		autologin = 1;
+#endif
+#if defined(ENCRYPTION)
+		encrypt_auto(1);
+		decrypt_auto(1);
+#endif
+	}
+
+	if (autologin == -1)
+		autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
+
+	argc -= optind;
+	argv += optind;
+
+	if (argc) {
+		char *args[7], **argp = args;
+
+		if (argc > 2)
+			usage();
+		*argp++ = prompt;
+		if (user) {
+			*argp++ = "-l";
+			*argp++ = user;
+		}
+		*argp++ = argv[0];		/* host */
+		if (argc > 1)
+			*argp++ = argv[1];	/* port */
+		*argp = 0;
+
+		if (setjmp(toplevel) != 0)
+			Exit(0);
+		if (tn(argp - args, args) == 1)
+			return (0);
+		else
+			return (1);
+	}
+	setjmp(toplevel);
+	for (;;) {
+			command(1, 0, 0);
+	}
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnet/network.c b/crypto/kerberosIV/appl/telnet/telnet/network.c
new file mode 100644
index 0000000..faacc30
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/network.c
@@ -0,0 +1,163 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: network.c,v 1.10 1997/05/04 04:01:08 assar Exp $");
+
+Ring		netoring, netiring;
+unsigned char	netobuf[2*BUFSIZ], netibuf[BUFSIZ];
+
+/*
+ * Initialize internal network data structures.
+ */
+
+void
+init_network(void)
+{
+    if (ring_init(&netoring, netobuf, sizeof netobuf) != 1) {
+	exit(1);
+    }
+    if (ring_init(&netiring, netibuf, sizeof netibuf) != 1) {
+	exit(1);
+    }
+    NetTrace = stdout;
+}
+
+
+/*
+ * Check to see if any out-of-band data exists on a socket (for
+ * Telnet "synch" processing).
+ */
+
+int
+stilloob(void)
+{
+    static struct timeval timeout = { 0 };
+    fd_set	excepts;
+    int value;
+
+    do {
+	FD_ZERO(&excepts);
+	FD_SET(net, &excepts);
+	value = select(net+1, 0, 0, &excepts, &timeout);
+    } while ((value == -1) && (errno == EINTR));
+
+    if (value < 0) {
+	perror("select");
+	quit();
+	/* NOTREACHED */
+    }
+    if (FD_ISSET(net, &excepts)) {
+	return 1;
+    } else {
+	return 0;
+    }
+}
+
+
+/*
+ *  setneturg()
+ *
+ *	Sets "neturg" to the current location.
+ */
+
+void
+setneturg(void)
+{
+    ring_mark(&netoring);
+}
+
+
+/*
+ *  netflush
+ *		Send as much data as possible to the network,
+ *	handling requests for urgent data.
+ *
+ *		The return value indicates whether we did any
+ *	useful work.
+ */
+
+
+int
+netflush(void)
+{
+    int n, n1;
+
+#if	defined(ENCRYPTION)
+    if (encrypt_output)
+	ring_encrypt(&netoring, encrypt_output);
+#endif
+    if ((n1 = n = ring_full_consecutive(&netoring)) > 0) {
+	if (!ring_at_mark(&netoring)) {
+	    n = send(net, (char *)netoring.consume, n, 0); /* normal write */
+	} else {
+	    /*
+	     * In 4.2 (and 4.3) systems, there is some question about
+	     * what byte in a sendOOB operation is the "OOB" data.
+	     * To make ourselves compatible, we only send ONE byte
+	     * out of band, the one WE THINK should be OOB (though
+	     * we really have more the TCP philosophy of urgent data
+	     * rather than the Unix philosophy of OOB data).
+	     */
+	    n = send(net, (char *)netoring.consume, 1, MSG_OOB);/* URGENT data */
+	}
+    }
+    if (n < 0) {
+	if (errno != ENOBUFS && errno != EWOULDBLOCK) {
+	    setcommandmode();
+	    perror(hostname);
+	    NetClose(net);
+	    ring_clear_mark(&netoring);
+	    longjmp(peerdied, -1);
+	    /*NOTREACHED*/
+	}
+	n = 0;
+    }
+    if (netdata && n) {
+	Dump('>', netoring.consume, n);
+    }
+    if (n) {
+	ring_consumed(&netoring, n);
+	/*
+	 * If we sent all, and more to send, then recurse to pick
+	 * up the other half.
+	 */
+	if ((n1 == n) && ring_full_consecutive(&netoring)) {
+	    netflush();
+	}
+	return 1;
+    } else {
+	return 0;
+    }
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnet/ring.c b/crypto/kerberosIV/appl/telnet/telnet/ring.c
new file mode 100644
index 0000000..d791476
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/ring.c
@@ -0,0 +1,321 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: ring.c,v 1.10 1997/05/04 04:01:08 assar Exp $");
+
+/*
+ * This defines a structure for a ring buffer.
+ *
+ * The circular buffer has two parts:
+ *(((
+ *	full:	[consume, supply)
+ *	empty:	[supply, consume)
+ *]]]
+ *
+ */
+
+/* Internal macros */
+
+#define	ring_subtract(d,a,b)	(((a)-(b) >= 0)? \
+					(a)-(b): (((a)-(b))+(d)->size))
+
+#define	ring_increment(d,a,c)	(((a)+(c) < (d)->top)? \
+					(a)+(c) : (((a)+(c))-(d)->size))
+
+#define	ring_decrement(d,a,c)	(((a)-(c) >= (d)->bottom)? \
+					(a)-(c) : (((a)-(c))-(d)->size))
+
+
+/*
+ * The following is a clock, used to determine full, empty, etc.
+ *
+ * There is some trickiness here.  Since the ring buffers are initialized
+ * to ZERO on allocation, we need to make sure, when interpreting the
+ * clock, that when the times are EQUAL, then the buffer is FULL.
+ */
+static u_long ring_clock = 0;
+
+
+#define	ring_empty(d) (((d)->consume == (d)->supply) && \
+				((d)->consumetime >= (d)->supplytime))
+#define	ring_full(d) (((d)->supply == (d)->consume) && \
+				((d)->supplytime > (d)->consumetime))
+
+
+
+
+
+/* Buffer state transition routines */
+
+int
+ring_init(Ring *ring, unsigned char *buffer, int count)
+{
+    memset(ring, 0, sizeof *ring);
+
+    ring->size = count;
+
+    ring->supply = ring->consume = ring->bottom = buffer;
+
+    ring->top = ring->bottom+ring->size;
+
+#if	defined(ENCRYPTION)
+    ring->clearto = 0;
+#endif
+
+    return 1;
+}
+
+/* Mark routines */
+
+/*
+ * Mark the most recently supplied byte.
+ */
+
+void
+ring_mark(Ring *ring)
+{
+    ring->mark = ring_decrement(ring, ring->supply, 1);
+}
+
+/*
+ * Is the ring pointing to the mark?
+ */
+
+int
+ring_at_mark(Ring *ring)
+{
+    if (ring->mark == ring->consume) {
+	return 1;
+    } else {
+	return 0;
+    }
+}
+
+/*
+ * Clear any mark set on the ring.
+ */
+
+void
+ring_clear_mark(Ring *ring)
+{
+    ring->mark = 0;
+}
+
+/*
+ * Add characters from current segment to ring buffer.
+ */
+void
+ring_supplied(Ring *ring, int count)
+{
+    ring->supply = ring_increment(ring, ring->supply, count);
+    ring->supplytime = ++ring_clock;
+}
+
+/*
+ * We have just consumed "c" bytes.
+ */
+void
+ring_consumed(Ring *ring, int count)
+{
+    if (count == 0)	/* don't update anything */
+	return;
+
+    if (ring->mark &&
+		(ring_subtract(ring, ring->mark, ring->consume) < count)) {
+	ring->mark = 0;
+    }
+#if	defined(ENCRYPTION)
+    if (ring->consume < ring->clearto &&
+		ring->clearto <= ring->consume + count)
+	ring->clearto = 0;
+    else if (ring->consume + count > ring->top &&
+		ring->bottom <= ring->clearto &&
+		ring->bottom + ((ring->consume + count) - ring->top))
+	ring->clearto = 0;
+#endif
+    ring->consume = ring_increment(ring, ring->consume, count);
+    ring->consumetime = ++ring_clock;
+    /*
+     * Try to encourage "ring_empty_consecutive()" to be large.
+     */
+    if (ring_empty(ring)) {
+	ring->consume = ring->supply = ring->bottom;
+    }
+}
+
+
+
+/* Buffer state query routines */
+
+
+/* Number of bytes that may be supplied */
+int
+ring_empty_count(Ring *ring)
+{
+    if (ring_empty(ring)) {	/* if empty */
+	    return ring->size;
+    } else {
+	return ring_subtract(ring, ring->consume, ring->supply);
+    }
+}
+
+/* number of CONSECUTIVE bytes that may be supplied */
+int
+ring_empty_consecutive(Ring *ring)
+{
+    if ((ring->consume < ring->supply) || ring_empty(ring)) {
+			    /*
+			     * if consume is "below" supply, or empty, then
+			     * return distance to the top
+			     */
+	return ring_subtract(ring, ring->top, ring->supply);
+    } else {
+				    /*
+				     * else, return what we may.
+				     */
+	return ring_subtract(ring, ring->consume, ring->supply);
+    }
+}
+
+/* Return the number of bytes that are available for consuming
+ * (but don't give more than enough to get to cross over set mark)
+ */
+
+int
+ring_full_count(Ring *ring)
+{
+    if ((ring->mark == 0) || (ring->mark == ring->consume)) {
+	if (ring_full(ring)) {
+	    return ring->size;	/* nothing consumed, but full */
+	} else {
+	    return ring_subtract(ring, ring->supply, ring->consume);
+	}
+    } else {
+	return ring_subtract(ring, ring->mark, ring->consume);
+    }
+}
+
+/*
+ * Return the number of CONSECUTIVE bytes available for consuming.
+ * However, don't return more than enough to cross over set mark.
+ */
+int
+ring_full_consecutive(Ring *ring)
+{
+    if ((ring->mark == 0) || (ring->mark == ring->consume)) {
+	if ((ring->supply < ring->consume) || ring_full(ring)) {
+	    return ring_subtract(ring, ring->top, ring->consume);
+	} else {
+	    return ring_subtract(ring, ring->supply, ring->consume);
+	}
+    } else {
+	if (ring->mark < ring->consume) {
+	    return ring_subtract(ring, ring->top, ring->consume);
+	} else {	/* Else, distance to mark */
+	    return ring_subtract(ring, ring->mark, ring->consume);
+	}
+    }
+}
+
+/*
+ * Move data into the "supply" portion of of the ring buffer.
+ */
+void
+ring_supply_data(Ring *ring, unsigned char *buffer, int count)
+{
+    int i;
+
+    while (count) {
+	i = min(count, ring_empty_consecutive(ring));
+	memmove(ring->supply, buffer, i);
+	ring_supplied(ring, i);
+	count -= i;
+	buffer += i;
+    }
+}
+
+#ifdef notdef
+
+/*
+ * Move data from the "consume" portion of the ring buffer
+ */
+void
+ring_consume_data(Ring *ring, unsigned char *buffer, int count)
+{
+    int i;
+
+    while (count) {
+	i = min(count, ring_full_consecutive(ring));
+	memmove(buffer, ring->consume, i);
+	ring_consumed(ring, i);
+	count -= i;
+	buffer += i;
+    }
+}
+#endif
+
+#if	defined(ENCRYPTION)
+void
+ring_encrypt(Ring *ring, void (*encryptor)())
+{
+    unsigned char *s, *c;
+
+    if (ring_empty(ring) || ring->clearto == ring->supply)
+	return;
+
+    if (!(c = ring->clearto))
+	c = ring->consume;
+
+    s = ring->supply;
+
+    if (s <= c) {
+	(*encryptor)(c, ring->top - c);
+	(*encryptor)(ring->bottom, s - ring->bottom);
+    } else
+	(*encryptor)(c, s - c);
+
+    ring->clearto = ring->supply;
+}
+
+void
+ring_clearto(Ring *ring)
+{
+    if (!ring_empty(ring))
+	ring->clearto = ring->supply;
+    else
+	ring->clearto = 0;
+}
+#endif
+
diff --git a/crypto/kerberosIV/appl/telnet/telnet/ring.h b/crypto/kerberosIV/appl/telnet/telnet/ring.h
new file mode 100644
index 0000000..fa7ad18
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/ring.h
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)ring.h	8.1 (Berkeley) 6/6/93
+ */
+
+/* $Id: ring.h,v 1.3 1997/05/04 04:01:09 assar Exp $ */
+
+/*
+ * This defines a structure for a ring buffer.
+ *
+ * The circular buffer has two parts:
+ *(((
+ *	full:	[consume, supply)
+ *	empty:	[supply, consume)
+ *]]]
+ *
+ */
+typedef struct {
+    unsigned char	*consume,	/* where data comes out of */
+			*supply,	/* where data comes in to */
+			*bottom,	/* lowest address in buffer */
+			*top,		/* highest address+1 in buffer */
+			*mark;		/* marker (user defined) */
+#if	defined(ENCRYPTION)
+    unsigned char	*clearto;	/* Data to this point is clear text */
+    unsigned char	*encryyptedto;	/* Data is encrypted to here */
+#endif
+    int		size;		/* size in bytes of buffer */
+    u_long	consumetime,	/* help us keep straight full, empty, etc. */
+		supplytime;
+} Ring;
+
+/* Here are some functions and macros to deal with the ring buffer */
+
+/* Initialization routine */
+extern int
+	ring_init (Ring *ring, unsigned char *buffer, int count);
+
+/* Data movement routines */
+extern void
+	ring_supply_data (Ring *ring, unsigned char *buffer, int count);
+#ifdef notdef
+extern void
+	ring_consume_data (Ring *ring, unsigned char *buffer, int count);
+#endif
+
+/* Buffer state transition routines */
+extern void
+	ring_supplied (Ring *ring, int count),
+	ring_consumed (Ring *ring, int count);
+
+/* Buffer state query routines */
+extern int
+	ring_empty_count (Ring *ring),
+	ring_empty_consecutive (Ring *ring),
+	ring_full_count (Ring *ring),
+	ring_full_consecutive (Ring *ring);
+
+#if	defined(ENCRYPTION)
+extern void
+	ring_encrypt (Ring *ring, void (*func)()),
+	ring_clearto (Ring *ring);
+#endif
+
+extern int ring_at_mark(Ring *ring);
+
+extern void
+    ring_clear_mark(Ring *ring),
+    ring_mark(Ring *ring);
diff --git a/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c b/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c
new file mode 100644
index 0000000..334ef04
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c
@@ -0,0 +1,972 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: sys_bsd.c,v 1.23 1998/06/09 19:24:46 joda Exp $");
+
+/*
+ * The following routines try to encapsulate what is system dependent
+ * (at least between 4.x and dos) which is used in telnet.c.
+ */
+
+int
+	tout,			/* Output file descriptor */
+	tin,			/* Input file descriptor */
+	net;
+
+struct	termios old_tc = { 0 };
+extern struct termios new_tc;
+
+# ifndef	TCSANOW
+#  ifdef TCSETS
+#   define	TCSANOW		TCSETS
+#   define	TCSADRAIN	TCSETSW
+#   define	tcgetattr(f, t) ioctl(f, TCGETS, (char *)t)
+#  else
+#   ifdef TCSETA
+#    define	TCSANOW		TCSETA
+#    define	TCSADRAIN	TCSETAW
+#    define	tcgetattr(f, t) ioctl(f, TCGETA, (char *)t)
+#   else
+#    define	TCSANOW		TIOCSETA
+#    define	TCSADRAIN	TIOCSETAW
+#    define	tcgetattr(f, t) ioctl(f, TIOCGETA, (char *)t)
+#   endif
+#  endif
+#  define	tcsetattr(f, a, t) ioctl(f, a, (char *)t)
+#  define	cfgetospeed(ptr)	((ptr)->c_cflag&CBAUD)
+#  ifdef CIBAUD
+#   define	cfgetispeed(ptr)	(((ptr)->c_cflag&CIBAUD) >> IBSHIFT)
+#  else
+#   define	cfgetispeed(ptr)	cfgetospeed(ptr)
+#  endif
+# endif /* TCSANOW */
+
+static fd_set ibits, obits, xbits;
+
+
+void
+init_sys(void)
+{
+    tout = fileno(stdout);
+    tin = fileno(stdin);
+    FD_ZERO(&ibits);
+    FD_ZERO(&obits);
+    FD_ZERO(&xbits);
+
+    errno = 0;
+}
+
+
+int
+TerminalWrite(char *buf, int n)
+{
+    return write(tout, buf, n);
+}
+
+int
+TerminalRead(unsigned char *buf, int n)
+{
+    return read(tin, buf, n);
+}
+
+/*
+ *
+ */
+
+int
+TerminalAutoFlush(void)
+{
+#if	defined(LNOFLSH)
+    int flush;
+
+    ioctl(0, TIOCLGET, (char *)&flush);
+    return !(flush&LNOFLSH);	/* if LNOFLSH, no autoflush */
+#else	/* LNOFLSH */
+    return 1;
+#endif	/* LNOFLSH */
+}
+
+#ifdef	KLUDGELINEMODE
+extern int kludgelinemode;
+#endif
+/*
+ * TerminalSpecialChars()
+ *
+ * Look at an input character to see if it is a special character
+ * and decide what to do.
+ *
+ * Output:
+ *
+ *	0	Don't add this character.
+ *	1	Do add this character
+ */
+
+int
+TerminalSpecialChars(int c)
+{
+    if (c == termIntChar) {
+	intp();
+	return 0;
+    } else if (c == termQuitChar) {
+#ifdef	KLUDGELINEMODE
+	if (kludgelinemode)
+	    sendbrk();
+	else
+#endif
+	    sendabort();
+	return 0;
+    } else if (c == termEofChar) {
+	if (my_want_state_is_will(TELOPT_LINEMODE)) {
+	    sendeof();
+	    return 0;
+	}
+	return 1;
+    } else if (c == termSuspChar) {
+	sendsusp();
+	return(0);
+    } else if (c == termFlushChar) {
+	xmitAO();		/* Transmit Abort Output */
+	return 0;
+    } else if (!MODE_LOCAL_CHARS(globalmode)) {
+	if (c == termKillChar) {
+	    xmitEL();
+	    return 0;
+	} else if (c == termEraseChar) {
+	    xmitEC();		/* Transmit Erase Character */
+	    return 0;
+	}
+    }
+    return 1;
+}
+
+
+/*
+ * Flush output to the terminal
+ */
+
+void
+TerminalFlushOutput(void)
+{
+#ifdef	TIOCFLUSH
+    ioctl(fileno(stdout), TIOCFLUSH, (char *) 0);
+#else
+    ioctl(fileno(stdout), TCFLSH, (char *) 0);
+#endif
+}
+
+void
+TerminalSaveState(void)
+{
+    tcgetattr(0, &old_tc);
+
+    new_tc = old_tc;
+
+#ifndef	VDISCARD
+    termFlushChar = CONTROL('O');
+#endif
+#ifndef	VWERASE
+    termWerasChar = CONTROL('W');
+#endif
+#ifndef	VREPRINT
+    termRprntChar = CONTROL('R');
+#endif
+#ifndef	VLNEXT
+    termLiteralNextChar = CONTROL('V');
+#endif
+#ifndef	VSTART
+    termStartChar = CONTROL('Q');
+#endif
+#ifndef	VSTOP
+    termStopChar = CONTROL('S');
+#endif
+#ifndef	VSTATUS
+    termAytChar = CONTROL('T');
+#endif
+}
+
+cc_t*
+tcval(int func)
+{
+    switch(func) {
+    case SLC_IP:	return(&termIntChar);
+    case SLC_ABORT:	return(&termQuitChar);
+    case SLC_EOF:	return(&termEofChar);
+    case SLC_EC:	return(&termEraseChar);
+    case SLC_EL:	return(&termKillChar);
+    case SLC_XON:	return(&termStartChar);
+    case SLC_XOFF:	return(&termStopChar);
+    case SLC_FORW1:	return(&termForw1Char);
+    case SLC_FORW2:	return(&termForw2Char);
+# ifdef	VDISCARD
+    case SLC_AO:	return(&termFlushChar);
+# endif
+# ifdef	VSUSP
+    case SLC_SUSP:	return(&termSuspChar);
+# endif
+# ifdef	VWERASE
+    case SLC_EW:	return(&termWerasChar);
+# endif
+# ifdef	VREPRINT
+    case SLC_RP:	return(&termRprntChar);
+# endif
+# ifdef	VLNEXT
+    case SLC_LNEXT:	return(&termLiteralNextChar);
+# endif
+# ifdef	VSTATUS
+    case SLC_AYT:	return(&termAytChar);
+# endif
+
+    case SLC_SYNCH:
+    case SLC_BRK:
+    case SLC_EOR:
+    default:
+	return((cc_t *)0);
+    }
+}
+
+void
+TerminalDefaultChars(void)
+{
+    memmove(new_tc.c_cc, old_tc.c_cc, sizeof(old_tc.c_cc));
+# ifndef	VDISCARD
+    termFlushChar = CONTROL('O');
+# endif
+# ifndef	VWERASE
+    termWerasChar = CONTROL('W');
+# endif
+# ifndef	VREPRINT
+    termRprntChar = CONTROL('R');
+# endif
+# ifndef	VLNEXT
+    termLiteralNextChar = CONTROL('V');
+# endif
+# ifndef	VSTART
+    termStartChar = CONTROL('Q');
+# endif
+# ifndef	VSTOP
+    termStopChar = CONTROL('S');
+# endif
+# ifndef	VSTATUS
+    termAytChar = CONTROL('T');
+# endif
+}
+
+#ifdef notdef
+void
+TerminalRestoreState()
+{
+}
+#endif
+
+/*
+ * TerminalNewMode - set up terminal to a specific mode.
+ *	MODE_ECHO: do local terminal echo
+ *	MODE_FLOW: do local flow control
+ *	MODE_TRAPSIG: do local mapping to TELNET IAC sequences
+ *	MODE_EDIT: do local line editing
+ *
+ *	Command mode:
+ *		MODE_ECHO|MODE_EDIT|MODE_FLOW|MODE_TRAPSIG
+ *		local echo
+ *		local editing
+ *		local xon/xoff
+ *		local signal mapping
+ *
+ *	Linemode:
+ *		local/no editing
+ *	Both Linemode and Single Character mode:
+ *		local/remote echo
+ *		local/no xon/xoff
+ *		local/no signal mapping
+ */
+
+
+#ifdef	SIGTSTP
+static RETSIGTYPE susp();
+#endif	/* SIGTSTP */
+#ifdef	SIGINFO
+static RETSIGTYPE ayt();
+#endif
+
+void
+TerminalNewMode(int f)
+{
+    static int prevmode = 0;
+    struct termios tmp_tc;
+    int onoff;
+    int old;
+    cc_t esc;
+
+    globalmode = f&~MODE_FORCE;
+    if (prevmode == f)
+	return;
+
+    /*
+     * Write any outstanding data before switching modes
+     * ttyflush() returns 0 only when there is no more data
+     * left to write out, it returns -1 if it couldn't do
+     * anything at all, otherwise it returns 1 + the number
+     * of characters left to write.
+     */
+    old = ttyflush(SYNCHing|flushout);
+    if (old < 0 || old > 1) {
+	tcgetattr(tin, &tmp_tc);
+	do {
+	    /*
+	     * Wait for data to drain, then flush again.
+	     */
+	    tcsetattr(tin, TCSADRAIN, &tmp_tc);
+	    old = ttyflush(SYNCHing|flushout);
+	} while (old < 0 || old > 1);
+    }
+
+    old = prevmode;
+    prevmode = f&~MODE_FORCE;
+    tmp_tc = new_tc;
+
+    if (f&MODE_ECHO) {
+	tmp_tc.c_lflag |= ECHO;
+	tmp_tc.c_oflag |= ONLCR;
+	if (crlf)
+		tmp_tc.c_iflag |= ICRNL;
+    } else {
+	tmp_tc.c_lflag &= ~ECHO;
+	tmp_tc.c_oflag &= ~ONLCR;
+# ifdef notdef
+	if (crlf)
+		tmp_tc.c_iflag &= ~ICRNL;
+# endif
+    }
+
+    if ((f&MODE_FLOW) == 0) {
+	tmp_tc.c_iflag &= ~(IXOFF|IXON);	/* Leave the IXANY bit alone */
+    } else {
+	if (restartany < 0) {
+		tmp_tc.c_iflag |= IXOFF|IXON;	/* Leave the IXANY bit alone */
+	} else if (restartany > 0) {
+		tmp_tc.c_iflag |= IXOFF|IXON|IXANY;
+	} else {
+		tmp_tc.c_iflag |= IXOFF|IXON;
+		tmp_tc.c_iflag &= ~IXANY;
+	}
+    }
+
+    if ((f&MODE_TRAPSIG) == 0) {
+	tmp_tc.c_lflag &= ~ISIG;
+	localchars = 0;
+    } else {
+	tmp_tc.c_lflag |= ISIG;
+	localchars = 1;
+    }
+
+    if (f&MODE_EDIT) {
+	tmp_tc.c_lflag |= ICANON;
+    } else {
+	tmp_tc.c_lflag &= ~ICANON;
+	tmp_tc.c_iflag &= ~ICRNL;
+	tmp_tc.c_cc[VMIN] = 1;
+	tmp_tc.c_cc[VTIME] = 0;
+    }
+
+    if ((f&(MODE_EDIT|MODE_TRAPSIG)) == 0) {
+# ifdef VLNEXT
+	tmp_tc.c_cc[VLNEXT] = (cc_t)(_POSIX_VDISABLE);
+# endif
+    }
+
+    if (f&MODE_SOFT_TAB) {
+# ifdef	OXTABS
+	tmp_tc.c_oflag |= OXTABS;
+# endif
+# ifdef	TABDLY
+	tmp_tc.c_oflag &= ~TABDLY;
+	tmp_tc.c_oflag |= TAB3;
+# endif
+    } else {
+# ifdef	OXTABS
+	tmp_tc.c_oflag &= ~OXTABS;
+# endif
+# ifdef	TABDLY
+	tmp_tc.c_oflag &= ~TABDLY;
+# endif
+    }
+
+    if (f&MODE_LIT_ECHO) {
+# ifdef	ECHOCTL
+	tmp_tc.c_lflag &= ~ECHOCTL;
+# endif
+    } else {
+# ifdef	ECHOCTL
+	tmp_tc.c_lflag |= ECHOCTL;
+# endif
+    }
+
+    if (f == -1) {
+	onoff = 0;
+    } else {
+	if (f & MODE_INBIN)
+		tmp_tc.c_iflag &= ~ISTRIP;
+	else
+		tmp_tc.c_iflag |= ISTRIP;
+	if ((f & MODE_OUTBIN) || (f & MODE_OUT8)) {
+		tmp_tc.c_cflag &= ~(CSIZE|PARENB);
+		tmp_tc.c_cflag |= CS8;
+		if(f & MODE_OUTBIN)
+		    tmp_tc.c_oflag &= ~OPOST;
+		else
+		    tmp_tc.c_oflag |= OPOST;
+	} else {
+		tmp_tc.c_cflag &= ~(CSIZE|PARENB);
+		tmp_tc.c_cflag |= old_tc.c_cflag & (CSIZE|PARENB);
+		tmp_tc.c_oflag |= OPOST;
+	}
+	onoff = 1;
+    }
+
+    if (f != -1) {
+
+#ifdef	SIGTSTP
+	signal(SIGTSTP, susp);
+#endif	/* SIGTSTP */
+#ifdef	SIGINFO
+	signal(SIGINFO, ayt);
+#endif
+#ifdef NOKERNINFO
+	tmp_tc.c_lflag |= NOKERNINFO;
+#endif
+	/*
+	 * We don't want to process ^Y here.  It's just another
+	 * character that we'll pass on to the back end.  It has
+	 * to process it because it will be processed when the
+	 * user attempts to read it, not when we send it.
+	 */
+# ifdef	VDSUSP
+	tmp_tc.c_cc[VDSUSP] = (cc_t)(_POSIX_VDISABLE);
+# endif
+	/*
+	 * If the VEOL character is already set, then use VEOL2,
+	 * otherwise use VEOL.
+	 */
+	esc = (rlogin != _POSIX_VDISABLE) ? rlogin : escape;
+	if ((tmp_tc.c_cc[VEOL] != esc)
+# ifdef	VEOL2
+	    && (tmp_tc.c_cc[VEOL2] != esc)
+# endif
+	    ) {
+		if (tmp_tc.c_cc[VEOL] == (cc_t)(_POSIX_VDISABLE))
+		    tmp_tc.c_cc[VEOL] = esc;
+# ifdef	VEOL2
+		else if (tmp_tc.c_cc[VEOL2] == (cc_t)(_POSIX_VDISABLE))
+		    tmp_tc.c_cc[VEOL2] = esc;
+# endif
+	}
+    } else {
+        sigset_t sm;
+#ifdef	SIGINFO
+	RETSIGTYPE ayt_status();
+
+	signal(SIGINFO, ayt_status);
+#endif
+#ifdef	SIGTSTP
+	signal(SIGTSTP, SIG_DFL);
+	sigemptyset(&sm);
+	sigaddset(&sm, SIGTSTP);
+	sigprocmask(SIG_UNBLOCK, &sm, NULL);
+#endif	/* SIGTSTP */
+	tmp_tc = old_tc;
+    }
+    if (tcsetattr(tin, TCSADRAIN, &tmp_tc) < 0)
+	tcsetattr(tin, TCSANOW, &tmp_tc);
+
+    ioctl(tin, FIONBIO, (char *)&onoff);
+    ioctl(tout, FIONBIO, (char *)&onoff);
+
+}
+
+/*
+ * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD).
+ */
+#if B4800 != 4800
+#define	DECODE_BAUD
+#endif
+
+#ifdef	DECODE_BAUD
+#ifndef	B7200
+#define B7200   B4800
+#endif
+
+#ifndef	B14400
+#define B14400  B9600
+#endif
+
+#ifndef	B19200
+# define B19200 B14400
+#endif
+
+#ifndef	B28800
+#define B28800  B19200
+#endif
+
+#ifndef	B38400
+# define B38400 B28800
+#endif
+
+#ifndef B57600
+#define B57600  B38400
+#endif
+
+#ifndef B76800
+#define B76800  B57600
+#endif
+
+#ifndef B115200
+#define B115200 B76800
+#endif
+
+#ifndef B230400
+#define B230400 B115200
+#endif
+
+
+/*
+ * This code assumes that the values B0, B50, B75...
+ * are in ascending order.  They do not have to be
+ * contiguous.
+ */
+struct termspeeds {
+	long speed;
+	long value;
+} termspeeds[] = {
+	{ 0,      B0 },      { 50,    B50 },    { 75,     B75 },
+	{ 110,    B110 },    { 134,   B134 },   { 150,    B150 },
+	{ 200,    B200 },    { 300,   B300 },   { 600,    B600 },
+	{ 1200,   B1200 },   { 1800,  B1800 },  { 2400,   B2400 },
+	{ 4800,   B4800 },   { 7200,  B7200 },  { 9600,   B9600 },
+	{ 14400,  B14400 },  { 19200, B19200 }, { 28800,  B28800 },
+	{ 38400,  B38400 },  { 57600, B57600 }, { 115200, B115200 },
+	{ 230400, B230400 }, { -1,    B230400 }
+};
+#endif	/* DECODE_BAUD */
+
+void
+TerminalSpeeds(long *input_speed, long *output_speed)
+{
+#ifdef	DECODE_BAUD
+    struct termspeeds *tp;
+#endif	/* DECODE_BAUD */
+    long in, out;
+
+    out = cfgetospeed(&old_tc);
+    in = cfgetispeed(&old_tc);
+    if (in == 0)
+	in = out;
+
+#ifdef	DECODE_BAUD
+    tp = termspeeds;
+    while ((tp->speed != -1) && (tp->value < in))
+	tp++;
+    *input_speed = tp->speed;
+
+    tp = termspeeds;
+    while ((tp->speed != -1) && (tp->value < out))
+	tp++;
+    *output_speed = tp->speed;
+#else	/* DECODE_BAUD */
+	*input_speed = in;
+	*output_speed = out;
+#endif	/* DECODE_BAUD */
+}
+
+int
+TerminalWindowSize(long *rows, long *cols)
+{
+    struct winsize ws;
+
+    if (get_window_size (STDIN_FILENO, &ws) == 0) {
+	*rows = ws.ws_row;
+	*cols = ws.ws_col;
+	return 1;
+    } else
+	return 0;
+}
+
+int
+NetClose(int fd)
+{
+    return close(fd);
+}
+
+
+void
+NetNonblockingIO(int fd, int onoff)
+{
+    ioctl(fd, FIONBIO, (char *)&onoff);
+}
+
+
+/*
+ * Various signal handling routines.
+ */
+
+static RETSIGTYPE deadpeer(int),
+  intr(int), intr2(int), susp(int), sendwin(int);
+#ifdef SIGINFO
+static RETSIGTYPE ayt(int);
+#endif
+  
+
+    /* ARGSUSED */
+static RETSIGTYPE
+deadpeer(int sig)
+{
+	setcommandmode();
+	longjmp(peerdied, -1);
+}
+
+    /* ARGSUSED */
+static RETSIGTYPE
+intr(int sig)
+{
+    if (localchars) {
+	intp();
+	return;
+    }
+    setcommandmode();
+    longjmp(toplevel, -1);
+}
+
+    /* ARGSUSED */
+static RETSIGTYPE
+intr2(int sig)
+{
+    if (localchars) {
+#ifdef	KLUDGELINEMODE
+	if (kludgelinemode)
+	    sendbrk();
+	else
+#endif
+	    sendabort();
+	return;
+    }
+}
+
+#ifdef	SIGTSTP
+    /* ARGSUSED */
+static RETSIGTYPE
+susp(int sig)
+{
+    if ((rlogin != _POSIX_VDISABLE) && rlogin_susp())
+	return;
+    if (localchars)
+	sendsusp();
+}
+#endif
+
+#ifdef	SIGWINCH
+    /* ARGSUSED */
+static RETSIGTYPE
+sendwin(int sig)
+{
+    if (connected) {
+	sendnaws();
+    }
+}
+#endif
+
+#ifdef	SIGINFO
+    /* ARGSUSED */
+static RETSIGTYPE
+ayt(int sig)
+{
+    if (connected)
+	sendayt();
+    else
+	ayt_status(sig);
+}
+#endif
+
+
+void
+sys_telnet_init(void)
+{
+    signal(SIGINT, intr);
+    signal(SIGQUIT, intr2);
+    signal(SIGPIPE, deadpeer);
+#ifdef	SIGWINCH
+    signal(SIGWINCH, sendwin);
+#endif
+#ifdef	SIGTSTP
+    signal(SIGTSTP, susp);
+#endif
+#ifdef	SIGINFO
+    signal(SIGINFO, ayt);
+#endif
+
+    setconnmode(0);
+
+    NetNonblockingIO(net, 1);
+
+
+#if	defined(SO_OOBINLINE)
+    if (SetSockOpt(net, SOL_SOCKET, SO_OOBINLINE, 1) == -1) {
+	perror("SetSockOpt");
+    }
+#endif	/* defined(SO_OOBINLINE) */
+}
+
+/*
+ * Process rings -
+ *
+ *	This routine tries to fill up/empty our various rings.
+ *
+ *	The parameter specifies whether this is a poll operation,
+ *	or a block-until-something-happens operation.
+ *
+ *	The return value is 1 if something happened, 0 if not.
+ */
+
+int
+process_rings(int netin,
+	      int netout,
+	      int netex,
+	      int ttyin,
+	      int ttyout,
+	      int poll) /* If 0, then block until something to do */
+{
+    int c;
+		/* One wants to be a bit careful about setting returnValue
+		 * to one, since a one implies we did some useful work,
+		 * and therefore probably won't be called to block next
+		 * time (TN3270 mode only).
+		 */
+    int returnValue = 0;
+    static struct timeval TimeValue = { 0 };
+
+    if (netout) {
+	FD_SET(net, &obits);
+    }
+    if (ttyout) {
+	FD_SET(tout, &obits);
+    }
+    if (ttyin) {
+	FD_SET(tin, &ibits);
+    }
+    if (netin) {
+	FD_SET(net, &ibits);
+    }
+#if !defined(SO_OOBINLINE)
+    if (netex) {
+	FD_SET(net, &xbits);
+    }
+#endif
+    if ((c = select(16, &ibits, &obits, &xbits,
+			(poll == 0)? (struct timeval *)0 : &TimeValue)) < 0) {
+	if (c == -1) {
+		    /*
+		     * we can get EINTR if we are in line mode,
+		     * and the user does an escape (TSTP), or
+		     * some other signal generator.
+		     */
+	    if (errno == EINTR) {
+		return 0;
+	    }
+		    /* I don't like this, does it ever happen? */
+	    printf("sleep(5) from telnet, after select\r\n");
+	    sleep(5);
+	}
+	return 0;
+    }
+
+    /*
+     * Any urgent data?
+     */
+    if (FD_ISSET(net, &xbits)) {
+	FD_CLR(net, &xbits);
+	SYNCHing = 1;
+	ttyflush(1);	/* flush already enqueued data */
+    }
+
+    /*
+     * Something to read from the network...
+     */
+    if (FD_ISSET(net, &ibits)) {
+	int canread;
+
+	FD_CLR(net, &ibits);
+	canread = ring_empty_consecutive(&netiring);
+#if	!defined(SO_OOBINLINE)
+	    /*
+	     * In 4.2 (and some early 4.3) systems, the
+	     * OOB indication and data handling in the kernel
+	     * is such that if two separate TCP Urgent requests
+	     * come in, one byte of TCP data will be overlaid.
+	     * This is fatal for Telnet, but we try to live
+	     * with it.
+	     *
+	     * In addition, in 4.2 (and...), a special protocol
+	     * is needed to pick up the TCP Urgent data in
+	     * the correct sequence.
+	     *
+	     * What we do is:  if we think we are in urgent
+	     * mode, we look to see if we are "at the mark".
+	     * If we are, we do an OOB receive.  If we run
+	     * this twice, we will do the OOB receive twice,
+	     * but the second will fail, since the second
+	     * time we were "at the mark", but there wasn't
+	     * any data there (the kernel doesn't reset
+	     * "at the mark" until we do a normal read).
+	     * Once we've read the OOB data, we go ahead
+	     * and do normal reads.
+	     *
+	     * There is also another problem, which is that
+	     * since the OOB byte we read doesn't put us
+	     * out of OOB state, and since that byte is most
+	     * likely the TELNET DM (data mark), we would
+	     * stay in the TELNET SYNCH (SYNCHing) state.
+	     * So, clocks to the rescue.  If we've "just"
+	     * received a DM, then we test for the
+	     * presence of OOB data when the receive OOB
+	     * fails (and AFTER we did the normal mode read
+	     * to clear "at the mark").
+	     */
+	if (SYNCHing) {
+	    int atmark;
+	    static int bogus_oob = 0, first = 1;
+
+	    ioctl(net, SIOCATMARK, (char *)&atmark);
+	    if (atmark) {
+		c = recv(net, netiring.supply, canread, MSG_OOB);
+		if ((c == -1) && (errno == EINVAL)) {
+		    c = recv(net, netiring.supply, canread, 0);
+		    if (clocks.didnetreceive < clocks.gotDM) {
+			SYNCHing = stilloob();
+		    }
+		} else if (first && c > 0) {
+		    /*
+		     * Bogosity check.  Systems based on 4.2BSD
+		     * do not return an error if you do a second
+		     * recv(MSG_OOB).  So, we do one.  If it
+		     * succeeds and returns exactly the same
+		     * data, then assume that we are running
+		     * on a broken system and set the bogus_oob
+		     * flag.  (If the data was different, then
+		     * we probably got some valid new data, so
+		     * increment the count...)
+		     */
+		    int i;
+		    i = recv(net, netiring.supply + c, canread - c, MSG_OOB);
+		    if (i == c &&
+			 memcmp(netiring.supply, netiring.supply + c, i) == 0) {
+			bogus_oob = 1;
+			first = 0;
+		    } else if (i < 0) {
+			bogus_oob = 0;
+			first = 0;
+		    } else
+			c += i;
+		}
+		if (bogus_oob && c > 0) {
+		    int i;
+		    /*
+		     * Bogosity.  We have to do the read
+		     * to clear the atmark to get out of
+		     * an infinate loop.
+		     */
+		    i = read(net, netiring.supply + c, canread - c);
+		    if (i > 0)
+			c += i;
+		}
+	    } else {
+		c = recv(net, netiring.supply, canread, 0);
+	    }
+	} else {
+	    c = recv(net, netiring.supply, canread, 0);
+	}
+	settimer(didnetreceive);
+#else	/* !defined(SO_OOBINLINE) */
+	c = recv(net, (char *)netiring.supply, canread, 0);
+#endif	/* !defined(SO_OOBINLINE) */
+	if (c < 0 && errno == EWOULDBLOCK) {
+	    c = 0;
+	} else if (c <= 0) {
+	    return -1;
+	}
+	if (netdata) {
+	    Dump('<', netiring.supply, c);
+	}
+	if (c)
+	    ring_supplied(&netiring, c);
+	returnValue = 1;
+    }
+
+    /*
+     * Something to read from the tty...
+     */
+    if (FD_ISSET(tin, &ibits)) {
+	FD_CLR(tin, &ibits);
+	c = TerminalRead(ttyiring.supply, ring_empty_consecutive(&ttyiring));
+	if (c < 0 && errno == EIO)
+	    c = 0;
+	if (c < 0 && errno == EWOULDBLOCK) {
+	    c = 0;
+	} else {
+	    /* EOF detection for line mode!!!! */
+	    if ((c == 0) && MODE_LOCAL_CHARS(globalmode) && isatty(tin)) {
+			/* must be an EOF... */
+		*ttyiring.supply = termEofChar;
+		c = 1;
+	    }
+	    if (c <= 0) {
+		return -1;
+	    }
+	    if (termdata) {
+		Dump('<', ttyiring.supply, c);
+	    }
+	    ring_supplied(&ttyiring, c);
+	}
+	returnValue = 1;		/* did something useful */
+    }
+
+    if (FD_ISSET(net, &obits)) {
+	FD_CLR(net, &obits);
+	returnValue |= netflush();
+    }
+    if (FD_ISSET(tout, &obits)) {
+	FD_CLR(tout, &obits);
+	returnValue |= (ttyflush(SYNCHing|flushout) > 0);
+    }
+
+    return returnValue;
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnet/telnet.c b/crypto/kerberosIV/appl/telnet/telnet/telnet.c
new file mode 100644
index 0000000..1df4d6e
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/telnet.c
@@ -0,0 +1,2313 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+#ifdef HAVE_TERMCAP_H
+#include <termcap.h>
+#endif
+
+RCSID("$Id: telnet.c,v 1.25 1999/03/11 13:49:34 joda Exp $");
+
+#define	strip(x) (eight ? (x) : ((x) & 0x7f))
+
+static unsigned char	subbuffer[SUBBUFSIZE],
+			*subpointer, *subend;	 /* buffer for sub-options */
+#define	SB_CLEAR()	subpointer = subbuffer;
+#define	SB_TERM()	{ subend = subpointer; SB_CLEAR(); }
+#define	SB_ACCUM(c)	if (subpointer < (subbuffer+sizeof subbuffer)) { \
+				*subpointer++ = (c); \
+			}
+
+#define	SB_GET()	((*subpointer++)&0xff)
+#define	SB_PEEK()	((*subpointer)&0xff)
+#define	SB_EOF()	(subpointer >= subend)
+#define	SB_LEN()	(subend - subpointer)
+
+char	options[256];		/* The combined options */
+char	do_dont_resp[256];
+char	will_wont_resp[256];
+
+int
+	eight = 3,
+	binary = 0,
+	autologin = 0,	/* Autologin anyone? */
+	skiprc = 0,
+	connected,
+	showoptions,
+	ISend,		/* trying to send network data in */
+	debug = 0,
+	crmod,
+	netdata,	/* Print out network data flow */
+	crlf,		/* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
+	telnetport,
+	SYNCHing,	/* we are in TELNET SYNCH mode */
+	flushout,	/* flush output */
+	autoflush = 0,	/* flush output when interrupting? */
+	autosynch,	/* send interrupt characters with SYNCH? */
+	localflow,	/* we handle flow control locally */
+	restartany,	/* if flow control enabled, restart on any character */
+	localchars,	/* we recognize interrupt/quit */
+	donelclchars,	/* the user has set "localchars" */
+	donebinarytoggle,	/* the user has put us in binary */
+	dontlecho,	/* do we suppress local echoing right now? */
+	globalmode;
+
+char *prompt = 0;
+
+cc_t escape;
+cc_t rlogin;
+#ifdef	KLUDGELINEMODE
+cc_t echoc;
+#endif
+
+/*
+ * Telnet receiver states for fsm
+ */
+#define	TS_DATA		0
+#define	TS_IAC		1
+#define	TS_WILL		2
+#define	TS_WONT		3
+#define	TS_DO		4
+#define	TS_DONT		5
+#define	TS_CR		6
+#define	TS_SB		7		/* sub-option collection */
+#define	TS_SE		8		/* looking for sub-option end */
+
+static int	telrcv_state;
+#ifdef	OLD_ENVIRON
+unsigned char telopt_environ = TELOPT_NEW_ENVIRON;
+#else
+# define telopt_environ TELOPT_NEW_ENVIRON
+#endif
+
+jmp_buf	toplevel;
+jmp_buf	peerdied;
+
+int	flushline;
+int	linemode;
+
+#ifdef	KLUDGELINEMODE
+int	kludgelinemode = 1;
+#endif
+
+/*
+ * The following are some clocks used to decide how to interpret
+ * the relationship between various variables.
+ */
+
+Clocks clocks;
+
+static int is_unique(char *name, char **as, char **ae);
+
+
+/*
+ * Initialize telnet environment.
+ */
+
+void
+init_telnet(void)
+{
+    env_init();
+
+    SB_CLEAR();
+    memset(options, 0, sizeof options);
+
+    connected = ISend = localflow = donebinarytoggle = 0;
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+    auth_encrypt_connect(connected);
+#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION)  */
+    restartany = -1;
+
+    SYNCHing = 0;
+
+    /* Don't change NetTrace */
+
+    escape = CONTROL(']');
+    rlogin = _POSIX_VDISABLE;
+#ifdef	KLUDGELINEMODE
+    echoc = CONTROL('E');
+#endif
+
+    flushline = 1;
+    telrcv_state = TS_DATA;
+}
+
+
+/*
+ * These routines are in charge of sending option negotiations
+ * to the other side.
+ *
+ * The basic idea is that we send the negotiation if either side
+ * is in disagreement as to what the current state should be.
+ */
+
+void
+send_do(int c, int init)
+{
+    if (init) {
+	if (((do_dont_resp[c] == 0) && my_state_is_do(c)) ||
+				my_want_state_is_do(c))
+	    return;
+	set_my_want_state_do(c);
+	do_dont_resp[c]++;
+    }
+    NET2ADD(IAC, DO);
+    NETADD(c);
+    printoption("SENT", DO, c);
+}
+
+void
+send_dont(int c, int init)
+{
+    if (init) {
+	if (((do_dont_resp[c] == 0) && my_state_is_dont(c)) ||
+				my_want_state_is_dont(c))
+	    return;
+	set_my_want_state_dont(c);
+	do_dont_resp[c]++;
+    }
+    NET2ADD(IAC, DONT);
+    NETADD(c);
+    printoption("SENT", DONT, c);
+}
+
+void
+send_will(int c, int init)
+{
+    if (init) {
+	if (((will_wont_resp[c] == 0) && my_state_is_will(c)) ||
+				my_want_state_is_will(c))
+	    return;
+	set_my_want_state_will(c);
+	will_wont_resp[c]++;
+    }
+    NET2ADD(IAC, WILL);
+    NETADD(c);
+    printoption("SENT", WILL, c);
+}
+
+void
+send_wont(int c, int init)
+{
+    if (init) {
+	if (((will_wont_resp[c] == 0) && my_state_is_wont(c)) ||
+				my_want_state_is_wont(c))
+	    return;
+	set_my_want_state_wont(c);
+	will_wont_resp[c]++;
+    }
+    NET2ADD(IAC, WONT);
+    NETADD(c);
+    printoption("SENT", WONT, c);
+}
+
+
+void
+willoption(int option)
+{
+	int new_state_ok = 0;
+
+	if (do_dont_resp[option]) {
+	    --do_dont_resp[option];
+	    if (do_dont_resp[option] && my_state_is_do(option))
+		--do_dont_resp[option];
+	}
+
+	if ((do_dont_resp[option] == 0) && my_want_state_is_dont(option)) {
+
+	    switch (option) {
+
+	    case TELOPT_ECHO:
+	    case TELOPT_BINARY:
+	    case TELOPT_SGA:
+		settimer(modenegotiated);
+		/* FALL THROUGH */
+	    case TELOPT_STATUS:
+#if	defined(AUTHENTICATION)
+	    case TELOPT_AUTHENTICATION:
+#endif
+#if	defined(ENCRYPTION)
+	    case TELOPT_ENCRYPT:
+#endif
+		new_state_ok = 1;
+		break;
+
+	    case TELOPT_TM:
+		if (flushout)
+		    flushout = 0;
+		/*
+		 * Special case for TM.  If we get back a WILL,
+		 * pretend we got back a WONT.
+		 */
+		set_my_want_state_dont(option);
+		set_my_state_dont(option);
+		return;			/* Never reply to TM will's/wont's */
+
+	    case TELOPT_LINEMODE:
+	    default:
+		break;
+	    }
+
+	    if (new_state_ok) {
+		set_my_want_state_do(option);
+		send_do(option, 0);
+		setconnmode(0);		/* possibly set new tty mode */
+	    } else {
+		do_dont_resp[option]++;
+		send_dont(option, 0);
+	    }
+	}
+	set_my_state_do(option);
+#if	defined(ENCRYPTION)
+	if (option == TELOPT_ENCRYPT)
+		encrypt_send_support();
+#endif
+}
+
+void
+wontoption(int option)
+{
+	if (do_dont_resp[option]) {
+	    --do_dont_resp[option];
+	    if (do_dont_resp[option] && my_state_is_dont(option))
+		--do_dont_resp[option];
+	}
+
+	if ((do_dont_resp[option] == 0) && my_want_state_is_do(option)) {
+
+	    switch (option) {
+
+#ifdef	KLUDGELINEMODE
+	    case TELOPT_SGA:
+		if (!kludgelinemode)
+		    break;
+		/* FALL THROUGH */
+#endif
+	    case TELOPT_ECHO:
+		settimer(modenegotiated);
+		break;
+
+	    case TELOPT_TM:
+		if (flushout)
+		    flushout = 0;
+		set_my_want_state_dont(option);
+		set_my_state_dont(option);
+		return;		/* Never reply to TM will's/wont's */
+
+#ifdef ENCRYPTION
+  	    case TELOPT_ENCRYPT:
+	      encrypt_not();
+	      break;
+#endif
+	    default:
+		break;
+	    }
+	    set_my_want_state_dont(option);
+	    if (my_state_is_do(option))
+		send_dont(option, 0);
+	    setconnmode(0);			/* Set new tty mode */
+	} else if (option == TELOPT_TM) {
+	    /*
+	     * Special case for TM.
+	     */
+	    if (flushout)
+		flushout = 0;
+	    set_my_want_state_dont(option);
+	}
+	set_my_state_dont(option);
+}
+
+static void
+dooption(int option)
+{
+	int new_state_ok = 0;
+
+	if (will_wont_resp[option]) {
+	    --will_wont_resp[option];
+	    if (will_wont_resp[option] && my_state_is_will(option))
+		--will_wont_resp[option];
+	}
+
+	if (will_wont_resp[option] == 0) {
+	  if (my_want_state_is_wont(option)) {
+
+	    switch (option) {
+
+	    case TELOPT_TM:
+		/*
+		 * Special case for TM.  We send a WILL, but pretend
+		 * we sent WONT.
+		 */
+		send_will(option, 0);
+		set_my_want_state_wont(TELOPT_TM);
+		set_my_state_wont(TELOPT_TM);
+		return;
+
+	    case TELOPT_BINARY:		/* binary mode */
+	    case TELOPT_NAWS:		/* window size */
+	    case TELOPT_TSPEED:		/* terminal speed */
+	    case TELOPT_LFLOW:		/* local flow control */
+	    case TELOPT_TTYPE:		/* terminal type option */
+	    case TELOPT_SGA:		/* no big deal */
+#if	defined(ENCRYPTION)
+	    case TELOPT_ENCRYPT:	/* encryption variable option */
+#endif
+		new_state_ok = 1;
+		break;
+
+	    case TELOPT_NEW_ENVIRON:	/* New environment variable option */
+#ifdef	OLD_ENVIRON
+		if (my_state_is_will(TELOPT_OLD_ENVIRON))
+			send_wont(TELOPT_OLD_ENVIRON, 1); /* turn off the old */
+		goto env_common;
+	    case TELOPT_OLD_ENVIRON:	/* Old environment variable option */
+		if (my_state_is_will(TELOPT_NEW_ENVIRON))
+			break;		/* Don't enable if new one is in use! */
+	    env_common:
+		telopt_environ = option;
+#endif
+		new_state_ok = 1;
+		break;
+
+#if	defined(AUTHENTICATION)
+	    case TELOPT_AUTHENTICATION:
+		if (autologin)
+			new_state_ok = 1;
+		break;
+#endif
+
+	    case TELOPT_XDISPLOC:	/* X Display location */
+		if (env_getvalue((unsigned char *)"DISPLAY"))
+		    new_state_ok = 1;
+		break;
+
+	    case TELOPT_LINEMODE:
+#ifdef	KLUDGELINEMODE
+		kludgelinemode = 0;
+		send_do(TELOPT_SGA, 1);
+#endif
+		set_my_want_state_will(TELOPT_LINEMODE);
+		send_will(option, 0);
+		set_my_state_will(TELOPT_LINEMODE);
+		slc_init();
+		return;
+
+	    case TELOPT_ECHO:		/* We're never going to echo... */
+	    default:
+		break;
+	    }
+
+	    if (new_state_ok) {
+		set_my_want_state_will(option);
+		send_will(option, 0);
+		setconnmode(0);			/* Set new tty mode */
+	    } else {
+		will_wont_resp[option]++;
+		send_wont(option, 0);
+	    }
+	  } else {
+	    /*
+	     * Handle options that need more things done after the
+	     * other side has acknowledged the option.
+	     */
+	    switch (option) {
+	    case TELOPT_LINEMODE:
+#ifdef	KLUDGELINEMODE
+		kludgelinemode = 0;
+		send_do(TELOPT_SGA, 1);
+#endif
+		set_my_state_will(option);
+		slc_init();
+		send_do(TELOPT_SGA, 0);
+		return;
+	    }
+	  }
+	}
+	set_my_state_will(option);
+}
+
+static void
+dontoption(int option)
+{
+
+	if (will_wont_resp[option]) {
+	    --will_wont_resp[option];
+	    if (will_wont_resp[option] && my_state_is_wont(option))
+		--will_wont_resp[option];
+	}
+
+	if ((will_wont_resp[option] == 0) && my_want_state_is_will(option)) {
+	    switch (option) {
+	    case TELOPT_LINEMODE:
+		linemode = 0;	/* put us back to the default state */
+		break;
+#ifdef	OLD_ENVIRON
+	    case TELOPT_NEW_ENVIRON:
+		/*
+		 * The new environ option wasn't recognized, try
+		 * the old one.
+		 */
+		send_will(TELOPT_OLD_ENVIRON, 1);
+		telopt_environ = TELOPT_OLD_ENVIRON;
+		break;
+#endif
+#if 0
+#ifdef ENCRYPTION
+	    case TELOPT_ENCRYPT:
+	      encrypt_not();
+	      break;
+#endif
+#endif
+	    }
+	    /* we always accept a DONT */
+	    set_my_want_state_wont(option);
+	    if (my_state_is_will(option))
+		send_wont(option, 0);
+	    setconnmode(0);			/* Set new tty mode */
+	}
+	set_my_state_wont(option);
+}
+
+/*
+ * Given a buffer returned by tgetent(), this routine will turn
+ * the pipe seperated list of names in the buffer into an array
+ * of pointers to null terminated names.  We toss out any bad,
+ * duplicate, or verbose names (names with spaces).
+ */
+
+static char *name_unknown = "UNKNOWN";
+static char *unknown[] = { 0, 0 };
+
+static char **
+mklist(char *buf, char *name)
+{
+	int n;
+	char c, *cp, **argvp, *cp2, **argv, **avt;
+
+	if (name) {
+		if ((int)strlen(name) > 40) {
+			name = 0;
+			unknown[0] = name_unknown;
+		} else {
+			unknown[0] = name;
+			strupr(name);
+		}
+	} else
+		unknown[0] = name_unknown;
+	/*
+	 * Count up the number of names.
+	 */
+	for (n = 1, cp = buf; *cp && *cp != ':'; cp++) {
+		if (*cp == '|')
+			n++;
+	}
+	/*
+	 * Allocate an array to put the name pointers into
+	 */
+	argv = (char **)malloc((n+3)*sizeof(char *));
+	if (argv == 0)
+		return(unknown);
+
+	/*
+	 * Fill up the array of pointers to names.
+	 */
+	*argv = 0;
+	argvp = argv+1;
+	n = 0;
+	for (cp = cp2 = buf; (c = *cp);  cp++) {
+		if (c == '|' || c == ':') {
+			*cp++ = '\0';
+			/*
+			 * Skip entries that have spaces or are over 40
+			 * characters long.  If this is our environment
+			 * name, then put it up front.  Otherwise, as
+			 * long as this is not a duplicate name (case
+			 * insensitive) add it to the list.
+			 */
+			if (n || (cp - cp2 > 41))
+				;
+			else if (name && (strncasecmp(name, cp2, cp-cp2) == 0))
+				*argv = cp2;
+			else if (is_unique(cp2, argv+1, argvp))
+				*argvp++ = cp2;
+			if (c == ':')
+				break;
+			/*
+			 * Skip multiple delimiters. Reset cp2 to
+			 * the beginning of the next name. Reset n,
+			 * the flag for names with spaces.
+			 */
+			while ((c = *cp) == '|')
+				cp++;
+			cp2 = cp;
+			n = 0;
+		}
+		/*
+		 * Skip entries with spaces or non-ascii values.
+		 * Convert lower case letters to upper case.
+		 */
+#define ISASCII(c) (!((c)&0x80))
+		if ((c == ' ') || !ISASCII(c))
+			n = 1;
+		else if (islower(c))
+			*cp = toupper(c);
+	}
+
+	/*
+	 * Check for an old V6 2 character name.  If the second
+	 * name points to the beginning of the buffer, and is
+	 * only 2 characters long, move it to the end of the array.
+	 */
+	if ((argv[1] == buf) && (strlen(argv[1]) == 2)) {
+		--argvp;
+		for (avt = &argv[1]; avt < argvp; avt++)
+			*avt = *(avt+1);
+		*argvp++ = buf;
+	}
+
+	/*
+	 * Duplicate last name, for TTYPE option, and null
+	 * terminate the array.  If we didn't find a match on
+	 * our terminal name, put that name at the beginning.
+	 */
+	cp = *(argvp-1);
+	*argvp++ = cp;
+	*argvp = 0;
+
+	if (*argv == 0) {
+		if (name)
+			*argv = name;
+		else {
+			--argvp;
+			for (avt = argv; avt < argvp; avt++)
+				*avt = *(avt+1);
+		}
+	}
+	if (*argv)
+		return(argv);
+	else
+		return(unknown);
+}
+
+static int
+is_unique(char *name, char **as, char **ae)
+{
+	char **ap;
+	int n;
+
+	n = strlen(name) + 1;
+	for (ap = as; ap < ae; ap++)
+		if (strncasecmp(*ap, name, n) == 0)
+			return(0);
+	return (1);
+}
+
+static char termbuf[1024];
+
+static int
+telnet_setupterm(const char *tname, int fd, int *errp)
+{
+	if (tgetent(termbuf, tname) == 1) {
+		termbuf[1023] = '\0';
+		if (errp)
+			*errp = 1;
+		return(0);
+	}
+	if (errp)
+		*errp = 0;
+	return(-1);
+}
+
+int resettermname = 1;
+
+static char *
+gettermname()
+{
+	char *tname;
+	static char **tnamep = 0;
+	static char **next;
+	int err;
+
+	if (resettermname) {
+		resettermname = 0;
+		if (tnamep && tnamep != unknown)
+			free(tnamep);
+		if ((tname = (char *)env_getvalue((unsigned char *)"TERM")) &&
+				telnet_setupterm(tname, 1, &err) == 0) {
+			tnamep = mklist(termbuf, tname);
+		} else {
+			if (tname && ((int)strlen(tname) <= 40)) {
+				unknown[0] = tname;
+				strupr(tname);
+			} else
+				unknown[0] = name_unknown;
+			tnamep = unknown;
+		}
+		next = tnamep;
+	}
+	if (*next == 0)
+		next = tnamep;
+	return(*next++);
+}
+/*
+ * suboption()
+ *
+ *	Look at the sub-option buffer, and try to be helpful to the other
+ * side.
+ *
+ *	Currently we recognize:
+ *
+ *		Terminal type, send request.
+ *		Terminal speed (send request).
+ *		Local flow control (is request).
+ *		Linemode
+ */
+
+static void
+suboption()
+{
+    unsigned char subchar;
+
+    printsub('<', subbuffer, SB_LEN()+2);
+    switch (subchar = SB_GET()) {
+    case TELOPT_TTYPE:
+	if (my_want_state_is_wont(TELOPT_TTYPE))
+	    return;
+	if (SB_EOF() || SB_GET() != TELQUAL_SEND) {
+	    return;
+	} else {
+	    char *name;
+	    unsigned char temp[50];
+	    int len;
+
+	    name = gettermname();
+	    len = strlen(name) + 4 + 2;
+	    if (len < NETROOM()) {
+		snprintf((char *)temp, sizeof(temp),
+			 "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
+			 TELQUAL_IS, name, IAC, SE);
+		ring_supply_data(&netoring, temp, len);
+		printsub('>', &temp[2], len-2);
+	    } else {
+		ExitString("No room in buffer for terminal type.\n", 1);
+		/*NOTREACHED*/
+	    }
+	}
+	break;
+    case TELOPT_TSPEED:
+	if (my_want_state_is_wont(TELOPT_TSPEED))
+	    return;
+	if (SB_EOF())
+	    return;
+	if (SB_GET() == TELQUAL_SEND) {
+	    long output_speed, input_speed;
+	    unsigned char temp[50];
+	    int len;
+
+	    TerminalSpeeds(&input_speed, &output_speed);
+
+	    snprintf((char *)temp, sizeof(temp),
+		     "%c%c%c%c%u,%u%c%c", IAC, SB, TELOPT_TSPEED,
+		     TELQUAL_IS,
+		     (unsigned)output_speed,
+		     (unsigned)input_speed, IAC, SE);
+	    len = strlen((char *)temp+4) + 4;	/* temp[3] is 0 ... */
+
+	    if (len < NETROOM()) {
+		ring_supply_data(&netoring, temp, len);
+		printsub('>', temp+2, len - 2);
+	    }
+/*@*/	    else printf("lm_will: not enough room in buffer\n");
+	}
+	break;
+    case TELOPT_LFLOW:
+	if (my_want_state_is_wont(TELOPT_LFLOW))
+	    return;
+	if (SB_EOF())
+	    return;
+	switch(SB_GET()) {
+	case LFLOW_RESTART_ANY:
+	    restartany = 1;
+	    break;
+	case LFLOW_RESTART_XON:
+	    restartany = 0;
+	    break;
+	case LFLOW_ON:
+	    localflow = 1;
+	    break;
+	case LFLOW_OFF:
+	    localflow = 0;
+	    break;
+	default:
+	    return;
+	}
+	setcommandmode();
+	setconnmode(0);
+	break;
+
+    case TELOPT_LINEMODE:
+	if (my_want_state_is_wont(TELOPT_LINEMODE))
+	    return;
+	if (SB_EOF())
+	    return;
+	switch (SB_GET()) {
+	case WILL:
+	    lm_will(subpointer, SB_LEN());
+	    break;
+	case WONT:
+	    lm_wont(subpointer, SB_LEN());
+	    break;
+	case DO:
+	    lm_do(subpointer, SB_LEN());
+	    break;
+	case DONT:
+	    lm_dont(subpointer, SB_LEN());
+	    break;
+	case LM_SLC:
+	    slc(subpointer, SB_LEN());
+	    break;
+	case LM_MODE:
+	    lm_mode(subpointer, SB_LEN(), 0);
+	    break;
+	default:
+	    break;
+	}
+	break;
+
+#ifdef	OLD_ENVIRON
+    case TELOPT_OLD_ENVIRON:
+#endif
+    case TELOPT_NEW_ENVIRON:
+	if (SB_EOF())
+	    return;
+	switch(SB_PEEK()) {
+	case TELQUAL_IS:
+	case TELQUAL_INFO:
+	    if (my_want_state_is_dont(subchar))
+		return;
+	    break;
+	case TELQUAL_SEND:
+	    if (my_want_state_is_wont(subchar)) {
+		return;
+	    }
+	    break;
+	default:
+	    return;
+	}
+	env_opt(subpointer, SB_LEN());
+	break;
+
+    case TELOPT_XDISPLOC:
+	if (my_want_state_is_wont(TELOPT_XDISPLOC))
+	    return;
+	if (SB_EOF())
+	    return;
+	if (SB_GET() == TELQUAL_SEND) {
+	    unsigned char temp[50], *dp;
+	    int len;
+
+	    if ((dp = env_getvalue((unsigned char *)"DISPLAY")) == NULL) {
+		/*
+		 * Something happened, we no longer have a DISPLAY
+		 * variable.  So, turn off the option.
+		 */
+		send_wont(TELOPT_XDISPLOC, 1);
+		break;
+	    }
+	    snprintf((char *)temp, sizeof(temp),
+		     "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
+		     TELQUAL_IS, dp, IAC, SE);
+	    len = strlen((char *)temp+4) + 4;	/* temp[3] is 0 ... */
+
+	    if (len < NETROOM()) {
+		ring_supply_data(&netoring, temp, len);
+		printsub('>', temp+2, len - 2);
+	    }
+/*@*/	    else printf("lm_will: not enough room in buffer\n");
+	}
+	break;
+
+#if	defined(AUTHENTICATION)
+	case TELOPT_AUTHENTICATION: {
+		if (!autologin)
+			break;
+		if (SB_EOF())
+			return;
+		switch(SB_GET()) {
+		case TELQUAL_IS:
+			if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
+				return;
+			auth_is(subpointer, SB_LEN());
+			break;
+		case TELQUAL_SEND:
+			if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
+				return;
+			auth_send(subpointer, SB_LEN());
+			break;
+		case TELQUAL_REPLY:
+			if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
+				return;
+			auth_reply(subpointer, SB_LEN());
+			break;
+		case TELQUAL_NAME:
+			if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
+				return;
+			auth_name(subpointer, SB_LEN());
+			break;
+		}
+	}
+	break;
+#endif
+#if	defined(ENCRYPTION)
+	case TELOPT_ENCRYPT:
+		if (SB_EOF())
+			return;
+		switch(SB_GET()) {
+		case ENCRYPT_START:
+			if (my_want_state_is_dont(TELOPT_ENCRYPT))
+				return;
+			encrypt_start(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_END:
+			if (my_want_state_is_dont(TELOPT_ENCRYPT))
+				return;
+			encrypt_end();
+			break;
+		case ENCRYPT_SUPPORT:
+			if (my_want_state_is_wont(TELOPT_ENCRYPT))
+				return;
+			encrypt_support(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_REQSTART:
+			if (my_want_state_is_wont(TELOPT_ENCRYPT))
+				return;
+			encrypt_request_start(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_REQEND:
+			if (my_want_state_is_wont(TELOPT_ENCRYPT))
+				return;
+			/*
+			 * We can always send an REQEND so that we cannot
+			 * get stuck encrypting.  We should only get this
+			 * if we have been able to get in the correct mode
+			 * anyhow.
+			 */
+			encrypt_request_end();
+			break;
+		case ENCRYPT_IS:
+			if (my_want_state_is_dont(TELOPT_ENCRYPT))
+				return;
+			encrypt_is(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_REPLY:
+			if (my_want_state_is_wont(TELOPT_ENCRYPT))
+				return;
+			encrypt_reply(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_ENC_KEYID:
+			if (my_want_state_is_dont(TELOPT_ENCRYPT))
+				return;
+			encrypt_enc_keyid(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_DEC_KEYID:
+			if (my_want_state_is_wont(TELOPT_ENCRYPT))
+				return;
+			encrypt_dec_keyid(subpointer, SB_LEN());
+			break;
+		default:
+			break;
+		}
+		break;
+#endif
+    default:
+	break;
+    }
+}
+
+static unsigned char str_lm[] = { IAC, SB, TELOPT_LINEMODE, 0, 0, IAC, SE };
+
+void
+lm_will(unsigned char *cmd, int len)
+{
+    if (len < 1) {
+/*@*/	printf("lm_will: no command!!!\n");	/* Should not happen... */
+	return;
+    }
+    switch(cmd[0]) {
+    case LM_FORWARDMASK:	/* We shouldn't ever get this... */
+    default:
+	str_lm[3] = DONT;
+	str_lm[4] = cmd[0];
+	if (NETROOM() > sizeof(str_lm)) {
+	    ring_supply_data(&netoring, str_lm, sizeof(str_lm));
+	    printsub('>', &str_lm[2], sizeof(str_lm)-2);
+	}
+/*@*/	else printf("lm_will: not enough room in buffer\n");
+	break;
+    }
+}
+
+void
+lm_wont(unsigned char *cmd, int len)
+{
+    if (len < 1) {
+/*@*/	printf("lm_wont: no command!!!\n");	/* Should not happen... */
+	return;
+    }
+    switch(cmd[0]) {
+    case LM_FORWARDMASK:	/* We shouldn't ever get this... */
+    default:
+	/* We are always DONT, so don't respond */
+	return;
+    }
+}
+
+void
+lm_do(unsigned char *cmd, int len)
+{
+    if (len < 1) {
+/*@*/	printf("lm_do: no command!!!\n");	/* Should not happen... */
+	return;
+    }
+    switch(cmd[0]) {
+    case LM_FORWARDMASK:
+    default:
+	str_lm[3] = WONT;
+	str_lm[4] = cmd[0];
+	if (NETROOM() > sizeof(str_lm)) {
+	    ring_supply_data(&netoring, str_lm, sizeof(str_lm));
+	    printsub('>', &str_lm[2], sizeof(str_lm)-2);
+	}
+/*@*/	else printf("lm_do: not enough room in buffer\n");
+	break;
+    }
+}
+
+void
+lm_dont(unsigned char *cmd, int len)
+{
+    if (len < 1) {
+/*@*/	printf("lm_dont: no command!!!\n");	/* Should not happen... */
+	return;
+    }
+    switch(cmd[0]) {
+    case LM_FORWARDMASK:
+    default:
+	/* we are always WONT, so don't respond */
+	break;
+    }
+}
+
+static unsigned char str_lm_mode[] = {
+	IAC, SB, TELOPT_LINEMODE, LM_MODE, 0, IAC, SE
+};
+
+void
+lm_mode(unsigned char *cmd, int len, int init)
+{
+	if (len != 1)
+		return;
+	if ((linemode&MODE_MASK&~MODE_ACK) == *cmd)
+		return;
+	if (*cmd&MODE_ACK)
+		return;
+	linemode = *cmd&(MODE_MASK&~MODE_ACK);
+	str_lm_mode[4] = linemode;
+	if (!init)
+	    str_lm_mode[4] |= MODE_ACK;
+	if (NETROOM() > sizeof(str_lm_mode)) {
+	    ring_supply_data(&netoring, str_lm_mode, sizeof(str_lm_mode));
+	    printsub('>', &str_lm_mode[2], sizeof(str_lm_mode)-2);
+	}
+/*@*/	else printf("lm_mode: not enough room in buffer\n");
+	setconnmode(0);	/* set changed mode */
+}
+
+
+
+/*
+ * slc()
+ * Handle special character suboption of LINEMODE.
+ */
+
+struct spc {
+	cc_t val;
+	cc_t *valp;
+	char flags;	/* Current flags & level */
+	char mylevel;	/* Maximum level & flags */
+} spc_data[NSLC+1];
+
+#define SLC_IMPORT	0
+#define	SLC_EXPORT	1
+#define SLC_RVALUE	2
+static int slc_mode = SLC_EXPORT;
+
+void
+slc_init()
+{
+	struct spc *spcp;
+
+	localchars = 1;
+	for (spcp = spc_data; spcp < &spc_data[NSLC+1]; spcp++) {
+		spcp->val = 0;
+		spcp->valp = 0;
+		spcp->flags = spcp->mylevel = SLC_NOSUPPORT;
+	}
+
+#define	initfunc(func, flags) { \
+					spcp = &spc_data[func]; \
+					if ((spcp->valp = tcval(func))) { \
+					    spcp->val = *spcp->valp; \
+					    spcp->mylevel = SLC_VARIABLE|flags; \
+					} else { \
+					    spcp->val = 0; \
+					    spcp->mylevel = SLC_DEFAULT; \
+					} \
+				    }
+
+	initfunc(SLC_SYNCH, 0);
+	/* No BRK */
+	initfunc(SLC_AO, 0);
+	initfunc(SLC_AYT, 0);
+	/* No EOR */
+	initfunc(SLC_ABORT, SLC_FLUSHIN|SLC_FLUSHOUT);
+	initfunc(SLC_EOF, 0);
+	initfunc(SLC_SUSP, SLC_FLUSHIN);
+	initfunc(SLC_EC, 0);
+	initfunc(SLC_EL, 0);
+	initfunc(SLC_EW, 0);
+	initfunc(SLC_RP, 0);
+	initfunc(SLC_LNEXT, 0);
+	initfunc(SLC_XON, 0);
+	initfunc(SLC_XOFF, 0);
+	initfunc(SLC_FORW1, 0);
+	initfunc(SLC_FORW2, 0);
+	/* No FORW2 */
+
+	initfunc(SLC_IP, SLC_FLUSHIN|SLC_FLUSHOUT);
+#undef	initfunc
+
+	if (slc_mode == SLC_EXPORT)
+		slc_export();
+	else
+		slc_import(1);
+
+}
+
+void
+slcstate()
+{
+    printf("Special characters are %s values\n",
+		slc_mode == SLC_IMPORT ? "remote default" :
+		slc_mode == SLC_EXPORT ? "local" :
+					 "remote");
+}
+
+void
+slc_mode_export()
+{
+    slc_mode = SLC_EXPORT;
+    if (my_state_is_will(TELOPT_LINEMODE))
+	slc_export();
+}
+
+void
+slc_mode_import(int def)
+{
+    slc_mode = def ? SLC_IMPORT : SLC_RVALUE;
+    if (my_state_is_will(TELOPT_LINEMODE))
+	slc_import(def);
+}
+
+unsigned char slc_import_val[] = {
+	IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_VARIABLE, 0, IAC, SE
+};
+unsigned char slc_import_def[] = {
+	IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_DEFAULT, 0, IAC, SE
+};
+
+void
+slc_import(int def)
+{
+    if (NETROOM() > sizeof(slc_import_val)) {
+	if (def) {
+	    ring_supply_data(&netoring, slc_import_def, sizeof(slc_import_def));
+	    printsub('>', &slc_import_def[2], sizeof(slc_import_def)-2);
+	} else {
+	    ring_supply_data(&netoring, slc_import_val, sizeof(slc_import_val));
+	    printsub('>', &slc_import_val[2], sizeof(slc_import_val)-2);
+	}
+    }
+/*@*/ else printf("slc_import: not enough room\n");
+}
+
+void
+slc_export()
+{
+    struct spc *spcp;
+
+    TerminalDefaultChars();
+
+    slc_start_reply();
+    for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
+	if (spcp->mylevel != SLC_NOSUPPORT) {
+	    if (spcp->val == (cc_t)(_POSIX_VDISABLE))
+		spcp->flags = SLC_NOSUPPORT;
+	    else
+		spcp->flags = spcp->mylevel;
+	    if (spcp->valp)
+		spcp->val = *spcp->valp;
+	    slc_add_reply(spcp - spc_data, spcp->flags, spcp->val);
+	}
+    }
+    slc_end_reply();
+    slc_update();
+    setconnmode(1);	/* Make sure the character values are set */
+}
+
+void
+slc(unsigned char *cp, int len)
+{
+	struct spc *spcp;
+	int func,level;
+
+	slc_start_reply();
+
+	for (; len >= 3; len -=3, cp +=3) {
+
+		func = cp[SLC_FUNC];
+
+		if (func == 0) {
+			/*
+			 * Client side: always ignore 0 function.
+			 */
+			continue;
+		}
+		if (func > NSLC) {
+			if ((cp[SLC_FLAGS] & SLC_LEVELBITS) != SLC_NOSUPPORT)
+				slc_add_reply(func, SLC_NOSUPPORT, 0);
+			continue;
+		}
+
+		spcp = &spc_data[func];
+
+		level = cp[SLC_FLAGS]&(SLC_LEVELBITS|SLC_ACK);
+
+		if ((cp[SLC_VALUE] == (unsigned char)spcp->val) &&
+		    ((level&SLC_LEVELBITS) == (spcp->flags&SLC_LEVELBITS))) {
+			continue;
+		}
+
+		if (level == (SLC_DEFAULT|SLC_ACK)) {
+			/*
+			 * This is an error condition, the SLC_ACK
+			 * bit should never be set for the SLC_DEFAULT
+			 * level.  Our best guess to recover is to
+			 * ignore the SLC_ACK bit.
+			 */
+			cp[SLC_FLAGS] &= ~SLC_ACK;
+		}
+
+		if (level == ((spcp->flags&SLC_LEVELBITS)|SLC_ACK)) {
+			spcp->val = (cc_t)cp[SLC_VALUE];
+			spcp->flags = cp[SLC_FLAGS];	/* include SLC_ACK */
+			continue;
+		}
+
+		level &= ~SLC_ACK;
+
+		if (level <= (spcp->mylevel&SLC_LEVELBITS)) {
+			spcp->flags = cp[SLC_FLAGS]|SLC_ACK;
+			spcp->val = (cc_t)cp[SLC_VALUE];
+		}
+		if (level == SLC_DEFAULT) {
+			if ((spcp->mylevel&SLC_LEVELBITS) != SLC_DEFAULT)
+				spcp->flags = spcp->mylevel;
+			else
+				spcp->flags = SLC_NOSUPPORT;
+		}
+		slc_add_reply(func, spcp->flags, spcp->val);
+	}
+	slc_end_reply();
+	if (slc_update())
+		setconnmode(1);	/* set the  new character values */
+}
+
+void
+slc_check()
+{
+    struct spc *spcp;
+
+    slc_start_reply();
+    for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
+	if (spcp->valp && spcp->val != *spcp->valp) {
+	    spcp->val = *spcp->valp;
+	    if (spcp->val == (cc_t)(_POSIX_VDISABLE))
+		spcp->flags = SLC_NOSUPPORT;
+	    else
+		spcp->flags = spcp->mylevel;
+	    slc_add_reply(spcp - spc_data, spcp->flags, spcp->val);
+	}
+    }
+    slc_end_reply();
+    setconnmode(1);
+}
+
+
+unsigned char slc_reply[128];
+unsigned char *slc_replyp;
+
+void
+slc_start_reply()
+{
+	slc_replyp = slc_reply;
+	*slc_replyp++ = IAC;
+	*slc_replyp++ = SB;
+	*slc_replyp++ = TELOPT_LINEMODE;
+	*slc_replyp++ = LM_SLC;
+}
+
+void
+slc_add_reply(unsigned char func, unsigned char flags, cc_t value)
+{
+	if ((*slc_replyp++ = func) == IAC)
+		*slc_replyp++ = IAC;
+	if ((*slc_replyp++ = flags) == IAC)
+		*slc_replyp++ = IAC;
+	if ((*slc_replyp++ = (unsigned char)value) == IAC)
+		*slc_replyp++ = IAC;
+}
+
+void
+slc_end_reply()
+{
+    int len;
+
+    *slc_replyp++ = IAC;
+    *slc_replyp++ = SE;
+    len = slc_replyp - slc_reply;
+    if (len <= 6)
+	return;
+    if (NETROOM() > len) {
+	ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply);
+	printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2);
+    }
+/*@*/else printf("slc_end_reply: not enough room\n");
+}
+
+int
+slc_update()
+{
+	struct spc *spcp;
+	int need_update = 0;
+
+	for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
+		if (!(spcp->flags&SLC_ACK))
+			continue;
+		spcp->flags &= ~SLC_ACK;
+		if (spcp->valp && (*spcp->valp != spcp->val)) {
+			*spcp->valp = spcp->val;
+			need_update = 1;
+		}
+	}
+	return(need_update);
+}
+
+#ifdef	OLD_ENVIRON
+#  define old_env_var OLD_ENV_VAR
+#  define old_env_value OLD_ENV_VALUE
+#endif
+
+void
+env_opt(unsigned char *buf, int len)
+{
+	unsigned char *ep = 0, *epc = 0;
+	int i;
+
+	switch(buf[0]&0xff) {
+	case TELQUAL_SEND:
+		env_opt_start();
+		if (len == 1) {
+			env_opt_add(NULL);
+		} else for (i = 1; i < len; i++) {
+			switch (buf[i]&0xff) {
+#ifdef	OLD_ENVIRON
+			case OLD_ENV_VAR:
+			case OLD_ENV_VALUE:
+				/*
+				 * Although OLD_ENV_VALUE is not legal, we will
+				 * still recognize it, just in case it is an
+				 * old server that has VAR & VALUE mixed up...
+				 */
+				/* FALL THROUGH */
+#else
+			case NEW_ENV_VAR:
+#endif
+			case ENV_USERVAR:
+				if (ep) {
+					*epc = 0;
+					env_opt_add(ep);
+				}
+				ep = epc = &buf[i+1];
+				break;
+			case ENV_ESC:
+				i++;
+				/*FALL THROUGH*/
+			default:
+				if (epc)
+					*epc++ = buf[i];
+				break;
+			}
+		}
+		if (ep) {
+			*epc = 0;
+			env_opt_add(ep);
+		}
+		env_opt_end(1);
+		break;
+
+	case TELQUAL_IS:
+	case TELQUAL_INFO:
+		/* Ignore for now.  We shouldn't get it anyway. */
+		break;
+
+	default:
+		break;
+	}
+}
+
+#define	OPT_REPLY_SIZE	256
+unsigned char *opt_reply;
+unsigned char *opt_replyp;
+unsigned char *opt_replyend;
+
+void
+env_opt_start()
+{
+	if (opt_reply)
+		opt_reply = (unsigned char *)realloc(opt_reply, OPT_REPLY_SIZE);
+	else
+		opt_reply = (unsigned char *)malloc(OPT_REPLY_SIZE);
+	if (opt_reply == NULL) {
+/*@*/		printf("env_opt_start: malloc()/realloc() failed!!!\n");
+		opt_reply = opt_replyp = opt_replyend = NULL;
+		return;
+	}
+	opt_replyp = opt_reply;
+	opt_replyend = opt_reply + OPT_REPLY_SIZE;
+	*opt_replyp++ = IAC;
+	*opt_replyp++ = SB;
+	*opt_replyp++ = telopt_environ;
+	*opt_replyp++ = TELQUAL_IS;
+}
+
+void
+env_opt_start_info()
+{
+	env_opt_start();
+	if (opt_replyp)
+	    opt_replyp[-1] = TELQUAL_INFO;
+}
+
+void
+env_opt_add(unsigned char *ep)
+{
+	unsigned char *vp, c;
+
+	if (opt_reply == NULL)		/*XXX*/
+		return;			/*XXX*/
+
+	if (ep == NULL || *ep == '\0') {
+		/* Send user defined variables first. */
+		env_default(1, 0);
+		while ((ep = env_default(0, 0)))
+			env_opt_add(ep);
+
+		/* Now add the list of well know variables.  */
+		env_default(1, 1);
+		while ((ep = env_default(0, 1)))
+			env_opt_add(ep);
+		return;
+	}
+	vp = env_getvalue(ep);
+	if (opt_replyp + (vp ? strlen((char *)vp) : 0) +
+				strlen((char *)ep) + 6 > opt_replyend)
+	{
+		int len;
+		opt_replyend += OPT_REPLY_SIZE;
+		len = opt_replyend - opt_reply;
+		opt_reply = (unsigned char *)realloc(opt_reply, len);
+		if (opt_reply == NULL) {
+/*@*/			printf("env_opt_add: realloc() failed!!!\n");
+			opt_reply = opt_replyp = opt_replyend = NULL;
+			return;
+		}
+		opt_replyp = opt_reply + len - (opt_replyend - opt_replyp);
+		opt_replyend = opt_reply + len;
+	}
+	if (opt_welldefined((char *)ep)) {
+#ifdef	OLD_ENVIRON
+		if (telopt_environ == TELOPT_OLD_ENVIRON)
+			*opt_replyp++ = old_env_var;
+		else
+#endif
+			*opt_replyp++ = NEW_ENV_VAR;
+	} else
+		*opt_replyp++ = ENV_USERVAR;
+	for (;;) {
+		while ((c = *ep++)) {
+			switch(c&0xff) {
+			case IAC:
+				*opt_replyp++ = IAC;
+				break;
+			case NEW_ENV_VAR:
+			case NEW_ENV_VALUE:
+			case ENV_ESC:
+			case ENV_USERVAR:
+				*opt_replyp++ = ENV_ESC;
+				break;
+			}
+			*opt_replyp++ = c;
+		}
+		if ((ep = vp)) {
+#ifdef	OLD_ENVIRON
+			if (telopt_environ == TELOPT_OLD_ENVIRON)
+				*opt_replyp++ = old_env_value;
+			else
+#endif
+				*opt_replyp++ = NEW_ENV_VALUE;
+			vp = NULL;
+		} else
+			break;
+	}
+}
+
+int
+opt_welldefined(char *ep)
+{
+	if ((strcmp(ep, "USER") == 0) ||
+	    (strcmp(ep, "DISPLAY") == 0) ||
+	    (strcmp(ep, "PRINTER") == 0) ||
+	    (strcmp(ep, "SYSTEMTYPE") == 0) ||
+	    (strcmp(ep, "JOB") == 0) ||
+	    (strcmp(ep, "ACCT") == 0))
+		return(1);
+	return(0);
+}
+
+void
+env_opt_end(int emptyok)
+{
+	int len;
+
+	len = opt_replyp - opt_reply + 2;
+	if (emptyok || len > 6) {
+		*opt_replyp++ = IAC;
+		*opt_replyp++ = SE;
+		if (NETROOM() > len) {
+			ring_supply_data(&netoring, opt_reply, len);
+			printsub('>', &opt_reply[2], len - 2);
+		}
+/*@*/		else printf("slc_end_reply: not enough room\n");
+	}
+	if (opt_reply) {
+		free(opt_reply);
+		opt_reply = opt_replyp = opt_replyend = NULL;
+	}
+}
+
+
+
+int
+telrcv(void)
+{
+    int c;
+    int scc;
+    unsigned char *sbp = NULL;
+    int count;
+    int returnValue = 0;
+
+    scc = 0;
+    count = 0;
+    while (TTYROOM() > 2) {
+	if (scc == 0) {
+	    if (count) {
+		ring_consumed(&netiring, count);
+		returnValue = 1;
+		count = 0;
+	    }
+	    sbp = netiring.consume;
+	    scc = ring_full_consecutive(&netiring);
+	    if (scc == 0) {
+		/* No more data coming in */
+		break;
+	    }
+	}
+
+	c = *sbp++ & 0xff, scc--; count++;
+#if	defined(ENCRYPTION)
+	if (decrypt_input)
+		c = (*decrypt_input)(c);
+#endif
+
+	switch (telrcv_state) {
+
+	case TS_CR:
+	    telrcv_state = TS_DATA;
+	    if (c == '\0') {
+		break;	/* Ignore \0 after CR */
+	    }
+	    else if ((c == '\n') && my_want_state_is_dont(TELOPT_ECHO) && !crmod) {
+		TTYADD(c);
+		break;
+	    }
+	    /* Else, fall through */
+
+	case TS_DATA:
+	    if (c == IAC) {
+		telrcv_state = TS_IAC;
+		break;
+	    }
+		    /* 
+		     * The 'crmod' hack (see following) is needed
+		     * since we can't set CRMOD on output only.
+		     * Machines like MULTICS like to send \r without
+		     * \n; since we must turn off CRMOD to get proper
+		     * input, the mapping is done here (sigh).
+		     */
+	    if ((c == '\r') && my_want_state_is_dont(TELOPT_BINARY)) {
+		if (scc > 0) {
+		    c = *sbp&0xff;
+#if	defined(ENCRYPTION)
+		    if (decrypt_input)
+			c = (*decrypt_input)(c);
+#endif
+		    if (c == 0) {
+			sbp++, scc--; count++;
+			/* a "true" CR */
+			TTYADD('\r');
+		    } else if (my_want_state_is_dont(TELOPT_ECHO) &&
+					(c == '\n')) {
+			sbp++, scc--; count++;
+			TTYADD('\n');
+		    } else {
+#if	defined(ENCRYPTION)
+		        if (decrypt_input)
+			    (*decrypt_input)(-1);
+#endif
+
+			TTYADD('\r');
+			if (crmod) {
+				TTYADD('\n');
+			}
+		    }
+		} else {
+		    telrcv_state = TS_CR;
+		    TTYADD('\r');
+		    if (crmod) {
+			    TTYADD('\n');
+		    }
+		}
+	    } else {
+		TTYADD(c);
+	    }
+	    continue;
+
+	case TS_IAC:
+process_iac:
+	    switch (c) {
+
+	    case WILL:
+		telrcv_state = TS_WILL;
+		continue;
+
+	    case WONT:
+		telrcv_state = TS_WONT;
+		continue;
+
+	    case DO:
+		telrcv_state = TS_DO;
+		continue;
+
+	    case DONT:
+		telrcv_state = TS_DONT;
+		continue;
+
+	    case DM:
+		    /*
+		     * We may have missed an urgent notification,
+		     * so make sure we flush whatever is in the
+		     * buffer currently.
+		     */
+		printoption("RCVD", IAC, DM);
+		SYNCHing = 1;
+		ttyflush(1);
+		SYNCHing = stilloob();
+		settimer(gotDM);
+		break;
+
+	    case SB:
+		SB_CLEAR();
+		telrcv_state = TS_SB;
+		continue;
+
+
+	    case IAC:
+		TTYADD(IAC);
+		break;
+
+	    case NOP:
+	    case GA:
+	    default:
+		printoption("RCVD", IAC, c);
+		break;
+	    }
+	    telrcv_state = TS_DATA;
+	    continue;
+
+	case TS_WILL:
+	    printoption("RCVD", WILL, c);
+	    willoption(c);
+	    telrcv_state = TS_DATA;
+	    continue;
+
+	case TS_WONT:
+	    printoption("RCVD", WONT, c);
+	    wontoption(c);
+	    telrcv_state = TS_DATA;
+	    continue;
+
+	case TS_DO:
+	    printoption("RCVD", DO, c);
+	    dooption(c);
+	    if (c == TELOPT_NAWS) {
+		sendnaws();
+	    } else if (c == TELOPT_LFLOW) {
+		localflow = 1;
+		setcommandmode();
+		setconnmode(0);
+	    }
+	    telrcv_state = TS_DATA;
+	    continue;
+
+	case TS_DONT:
+	    printoption("RCVD", DONT, c);
+	    dontoption(c);
+	    flushline = 1;
+	    setconnmode(0);	/* set new tty mode (maybe) */
+	    telrcv_state = TS_DATA;
+	    continue;
+
+	case TS_SB:
+	    if (c == IAC) {
+		telrcv_state = TS_SE;
+	    } else {
+		SB_ACCUM(c);
+	    }
+	    continue;
+
+	case TS_SE:
+	    if (c != SE) {
+		if (c != IAC) {
+		    /*
+		     * This is an error.  We only expect to get
+		     * "IAC IAC" or "IAC SE".  Several things may
+		     * have happend.  An IAC was not doubled, the
+		     * IAC SE was left off, or another option got
+		     * inserted into the suboption are all possibilities.
+		     * If we assume that the IAC was not doubled,
+		     * and really the IAC SE was left off, we could
+		     * get into an infinate loop here.  So, instead,
+		     * we terminate the suboption, and process the
+		     * partial suboption if we can.
+		     */
+		    SB_ACCUM(IAC);
+		    SB_ACCUM(c);
+		    subpointer -= 2;
+		    SB_TERM();
+
+		    printoption("In SUBOPTION processing, RCVD", IAC, c);
+		    suboption();	/* handle sub-option */
+		    telrcv_state = TS_IAC;
+		    goto process_iac;
+		}
+		SB_ACCUM(c);
+		telrcv_state = TS_SB;
+	    } else {
+		SB_ACCUM(IAC);
+		SB_ACCUM(SE);
+		subpointer -= 2;
+		SB_TERM();
+		suboption();	/* handle sub-option */
+		telrcv_state = TS_DATA;
+	    }
+	}
+    }
+    if (count)
+	ring_consumed(&netiring, count);
+    return returnValue||count;
+}
+
+static int bol = 1, local = 0;
+
+int
+rlogin_susp(void)
+{
+    if (local) {
+	local = 0;
+	bol = 1;
+	command(0, "z\n", 2);
+	return(1);
+    }
+    return(0);
+}
+
+static int
+telsnd()
+{
+    int tcc;
+    int count;
+    int returnValue = 0;
+    unsigned char *tbp = NULL;
+
+    tcc = 0;
+    count = 0;
+    while (NETROOM() > 2) {
+	int sc;
+	int c;
+
+	if (tcc == 0) {
+	    if (count) {
+		ring_consumed(&ttyiring, count);
+		returnValue = 1;
+		count = 0;
+	    }
+	    tbp = ttyiring.consume;
+	    tcc = ring_full_consecutive(&ttyiring);
+	    if (tcc == 0) {
+		break;
+	    }
+	}
+	c = *tbp++ & 0xff, sc = strip(c), tcc--; count++;
+	if (rlogin != _POSIX_VDISABLE) {
+		if (bol) {
+			bol = 0;
+			if (sc == rlogin) {
+				local = 1;
+				continue;
+			}
+		} else if (local) {
+			local = 0;
+			if (sc == '.' || c == termEofChar) {
+				bol = 1;
+				command(0, "close\n", 6);
+				continue;
+			}
+			if (sc == termSuspChar) {
+				bol = 1;
+				command(0, "z\n", 2);
+				continue;
+			}
+			if (sc == escape) {
+				command(0, (char *)tbp, tcc);
+				bol = 1;
+				count += tcc;
+				tcc = 0;
+				flushline = 1;
+				break;
+			}
+			if (sc != rlogin) {
+				++tcc;
+				--tbp;
+				--count;
+				c = sc = rlogin;
+			}
+		}
+		if ((sc == '\n') || (sc == '\r'))
+			bol = 1;
+	} else if (sc == escape) {
+	    /*
+	     * Double escape is a pass through of a single escape character.
+	     */
+	    if (tcc && strip(*tbp) == escape) {
+		tbp++;
+		tcc--;
+		count++;
+		bol = 0;
+	    } else {
+		command(0, (char *)tbp, tcc);
+		bol = 1;
+		count += tcc;
+		tcc = 0;
+		flushline = 1;
+		break;
+	    }
+	} else
+	    bol = 0;
+#ifdef	KLUDGELINEMODE
+	if (kludgelinemode && (globalmode&MODE_EDIT) && (sc == echoc)) {
+	    if (tcc > 0 && strip(*tbp) == echoc) {
+		tcc--; tbp++; count++;
+	    } else {
+		dontlecho = !dontlecho;
+		settimer(echotoggle);
+		setconnmode(0);
+		flushline = 1;
+		break;
+	    }
+	}
+#endif
+	if (MODE_LOCAL_CHARS(globalmode)) {
+	    if (TerminalSpecialChars(sc) == 0) {
+		bol = 1;
+		break;
+	    }
+	}
+	if (my_want_state_is_wont(TELOPT_BINARY)) {
+	    switch (c) {
+	    case '\n':
+		    /*
+		     * If we are in CRMOD mode (\r ==> \n)
+		     * on our local machine, then probably
+		     * a newline (unix) is CRLF (TELNET).
+		     */
+		if (MODE_LOCAL_CHARS(globalmode)) {
+		    NETADD('\r');
+		}
+		NETADD('\n');
+		bol = flushline = 1;
+		break;
+	    case '\r':
+		if (!crlf) {
+		    NET2ADD('\r', '\0');
+		} else {
+		    NET2ADD('\r', '\n');
+		}
+		bol = flushline = 1;
+		break;
+	    case IAC:
+		NET2ADD(IAC, IAC);
+		break;
+	    default:
+		NETADD(c);
+		break;
+	    }
+	} else if (c == IAC) {
+	    NET2ADD(IAC, IAC);
+	} else {
+	    NETADD(c);
+	}
+    }
+    if (count)
+	ring_consumed(&ttyiring, count);
+    return returnValue||count;		/* Non-zero if we did anything */
+}
+
+/*
+ * Scheduler()
+ *
+ * Try to do something.
+ *
+ * If we do something useful, return 1; else return 0.
+ *
+ */
+
+
+static int
+Scheduler(int block) /* should we block in the select ? */
+{
+		/* One wants to be a bit careful about setting returnValue
+		 * to one, since a one implies we did some useful work,
+		 * and therefore probably won't be called to block next
+		 * time (TN3270 mode only).
+		 */
+    int returnValue;
+    int netin, netout, netex, ttyin, ttyout;
+
+    /* Decide which rings should be processed */
+
+    netout = ring_full_count(&netoring) &&
+	    (flushline ||
+		(my_want_state_is_wont(TELOPT_LINEMODE)
+#ifdef	KLUDGELINEMODE
+			&& (!kludgelinemode || my_want_state_is_do(TELOPT_SGA))
+#endif
+		) ||
+			my_want_state_is_will(TELOPT_BINARY));
+    ttyout = ring_full_count(&ttyoring);
+
+    ttyin = ring_empty_count(&ttyiring);
+
+    netin = !ISend && ring_empty_count(&netiring);
+
+    netex = !SYNCHing;
+
+    /* If we have seen a signal recently, reset things */
+
+    /* Call to system code to process rings */
+
+    returnValue = process_rings(netin, netout, netex, ttyin, ttyout, !block);
+
+    /* Now, look at the input rings, looking for work to do. */
+
+    if (ring_full_count(&ttyiring)) {
+	    returnValue |= telsnd();
+    }
+
+    if (ring_full_count(&netiring)) {
+	returnValue |= telrcv();
+    }
+    return returnValue;
+}
+
+/*
+ * Select from tty and network...
+ */
+void
+my_telnet(char *user)
+{
+    sys_telnet_init();
+
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+    {
+	static char local_host[256] = { 0 };
+
+	if (!local_host[0]) {
+		/* XXX - should be k_gethostname? */
+		gethostname(local_host, sizeof(local_host));
+		local_host[sizeof(local_host)-1] = 0;
+	}
+	auth_encrypt_init(local_host, hostname, "TELNET", 0);
+	auth_encrypt_user(user);
+    }
+#endif
+    if (telnetport) {
+#if	defined(AUTHENTICATION)
+	if (autologin)
+		send_will(TELOPT_AUTHENTICATION, 1);
+#endif
+#if	defined(ENCRYPTION)
+	send_do(TELOPT_ENCRYPT, 1);
+	send_will(TELOPT_ENCRYPT, 1);
+#endif
+	send_do(TELOPT_SGA, 1);
+	send_will(TELOPT_TTYPE, 1);
+	send_will(TELOPT_NAWS, 1);
+	send_will(TELOPT_TSPEED, 1);
+	send_will(TELOPT_LFLOW, 1);
+	send_will(TELOPT_LINEMODE, 1);
+	send_will(TELOPT_NEW_ENVIRON, 1);
+	send_do(TELOPT_STATUS, 1);
+	if (env_getvalue((unsigned char *)"DISPLAY"))
+	    send_will(TELOPT_XDISPLOC, 1);
+	if (binary)
+	    tel_enter_binary(binary);
+    }
+
+    for (;;) {
+	int schedValue;
+
+	while ((schedValue = Scheduler(0)) != 0) {
+	    if (schedValue == -1) {
+		setcommandmode();
+		return;
+	    }
+	}
+
+	if (Scheduler(1) == -1) {
+	    setcommandmode();
+	    return;
+	}
+    }
+}
+
+/*
+ * netclear()
+ *
+ *	We are about to do a TELNET SYNCH operation.  Clear
+ * the path to the network.
+ *
+ *	Things are a bit tricky since we may have sent the first
+ * byte or so of a previous TELNET command into the network.
+ * So, we have to scan the network buffer from the beginning
+ * until we are up to where we want to be.
+ *
+ *	A side effect of what we do, just to keep things
+ * simple, is to clear the urgent data pointer.  The principal
+ * caller should be setting the urgent data pointer AFTER calling
+ * us in any case.
+ */
+
+static void
+netclear()
+{
+#if	0	/* XXX */
+    char *thisitem, *next;
+    char *good;
+#define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
+				((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
+
+    thisitem = netobuf;
+
+    while ((next = nextitem(thisitem)) <= netobuf.send) {
+	thisitem = next;
+    }
+
+    /* Now, thisitem is first before/at boundary. */
+
+    good = netobuf;	/* where the good bytes go */
+
+    while (netoring.add > thisitem) {
+	if (wewant(thisitem)) {
+	    int length;
+
+	    next = thisitem;
+	    do {
+		next = nextitem(next);
+	    } while (wewant(next) && (nfrontp > next));
+	    length = next-thisitem;
+	    memmove(good, thisitem, length);
+	    good += length;
+	    thisitem = next;
+	} else {
+	    thisitem = nextitem(thisitem);
+	}
+    }
+
+#endif	/* 0 */
+}
+
+/*
+ * These routines add various telnet commands to the data stream.
+ */
+
+static void
+doflush()
+{
+    NET2ADD(IAC, DO);
+    NETADD(TELOPT_TM);
+    flushline = 1;
+    flushout = 1;
+    ttyflush(1);			/* Flush/drop output */
+    /* do printoption AFTER flush, otherwise the output gets tossed... */
+    printoption("SENT", DO, TELOPT_TM);
+}
+
+void
+xmitAO(void)
+{
+    NET2ADD(IAC, AO);
+    printoption("SENT", IAC, AO);
+    if (autoflush) {
+	doflush();
+    }
+}
+
+
+void
+xmitEL(void)
+{
+    NET2ADD(IAC, EL);
+    printoption("SENT", IAC, EL);
+}
+
+void
+xmitEC(void)
+{
+    NET2ADD(IAC, EC);
+    printoption("SENT", IAC, EC);
+}
+
+
+int
+dosynch()
+{
+    netclear();			/* clear the path to the network */
+    NETADD(IAC);
+    setneturg();
+    NETADD(DM);
+    printoption("SENT", IAC, DM);
+    return 1;
+}
+
+int want_status_response = 0;
+
+int
+get_status()
+{
+    unsigned char tmp[16];
+    unsigned char *cp;
+
+    if (my_want_state_is_dont(TELOPT_STATUS)) {
+	printf("Remote side does not support STATUS option\n");
+	return 0;
+    }
+    cp = tmp;
+
+    *cp++ = IAC;
+    *cp++ = SB;
+    *cp++ = TELOPT_STATUS;
+    *cp++ = TELQUAL_SEND;
+    *cp++ = IAC;
+    *cp++ = SE;
+    if (NETROOM() >= cp - tmp) {
+	ring_supply_data(&netoring, tmp, cp-tmp);
+	printsub('>', tmp+2, cp - tmp - 2);
+    }
+    ++want_status_response;
+    return 1;
+}
+
+void
+intp(void)
+{
+    NET2ADD(IAC, IP);
+    printoption("SENT", IAC, IP);
+    flushline = 1;
+    if (autoflush) {
+	doflush();
+    }
+    if (autosynch) {
+	dosynch();
+    }
+}
+
+void
+sendbrk(void)
+{
+    NET2ADD(IAC, BREAK);
+    printoption("SENT", IAC, BREAK);
+    flushline = 1;
+    if (autoflush) {
+	doflush();
+    }
+    if (autosynch) {
+	dosynch();
+    }
+}
+
+void
+sendabort(void)
+{
+    NET2ADD(IAC, ABORT);
+    printoption("SENT", IAC, ABORT);
+    flushline = 1;
+    if (autoflush) {
+	doflush();
+    }
+    if (autosynch) {
+	dosynch();
+    }
+}
+
+void
+sendsusp(void)
+{
+    NET2ADD(IAC, SUSP);
+    printoption("SENT", IAC, SUSP);
+    flushline = 1;
+    if (autoflush) {
+	doflush();
+    }
+    if (autosynch) {
+	dosynch();
+    }
+}
+
+void
+sendeof(void)
+{
+    NET2ADD(IAC, xEOF);
+    printoption("SENT", IAC, xEOF);
+}
+
+void
+sendayt(void)
+{
+    NET2ADD(IAC, AYT);
+    printoption("SENT", IAC, AYT);
+}
+
+/*
+ * Send a window size update to the remote system.
+ */
+
+void
+sendnaws()
+{
+    long rows, cols;
+    unsigned char tmp[16];
+    unsigned char *cp;
+
+    if (my_state_is_wont(TELOPT_NAWS))
+	return;
+
+#define	PUTSHORT(cp, x) { if ((*cp++ = ((x)>>8)&0xff) == IAC) *cp++ = IAC; \
+			    if ((*cp++ = ((x))&0xff) == IAC) *cp++ = IAC; }
+
+    if (TerminalWindowSize(&rows, &cols) == 0) {	/* Failed */
+	return;
+    }
+
+    cp = tmp;
+
+    *cp++ = IAC;
+    *cp++ = SB;
+    *cp++ = TELOPT_NAWS;
+    PUTSHORT(cp, cols);
+    PUTSHORT(cp, rows);
+    *cp++ = IAC;
+    *cp++ = SE;
+    if (NETROOM() >= cp - tmp) {
+	ring_supply_data(&netoring, tmp, cp-tmp);
+	printsub('>', tmp+2, cp - tmp - 2);
+    }
+}
+
+void
+tel_enter_binary(int rw)
+{
+    if (rw&1)
+	send_do(TELOPT_BINARY, 1);
+    if (rw&2)
+	send_will(TELOPT_BINARY, 1);
+}
+
+void
+tel_leave_binary(int rw)
+{
+    if (rw&1)
+	send_dont(TELOPT_BINARY, 1);
+    if (rw&2)
+	send_wont(TELOPT_BINARY, 1);
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h b/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h
new file mode 100644
index 0000000..b4a3782
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h
@@ -0,0 +1,176 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      H�gskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: telnet_locl.h,v 1.16.8.1 1999/07/22 03:22:52 assar Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <ctype.h>
+#ifdef HAVE_SIGNAL_H
+#include <signal.h>
+#endif
+#include <errno.h>
+#include <setjmp.h>
+#ifdef HAVE_BSDSETJMP_H
+#include <bsdsetjmp.h>
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+/* termios.h *must* be included before curses.h */
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#endif
+
+#if defined(SOCKS) && defined(HAVE_CURSES_H)
+#include <curses.h>
+#endif
+
+#if defined(HAVE_SYS_TERMIO_H) && !defined(HAVE_TERMIOS_H)
+#include <sys/termio.h>
+#endif
+
+#if defined(HAVE_TERMCAP_H)
+#include <termcap.h>
+#endif
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+/* not with SunOS 4 */
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif /* HAVE_SYS_RESOURCE_H */
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IP_H
+#include <netinet/ip.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <roken.h>
+/* krb.h? */
+
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+#include <libtelnet/auth.h>
+#include <libtelnet/encrypt.h>
+#endif
+#include <libtelnet/misc.h>
+#include <libtelnet/misc-proto.h>
+
+#define LINEMODE
+#define KLUDGELINEMODE
+
+#include "ring.h"
+#include "externs.h"
+#include "defines.h"
+#include "types.h"
+
+/* prototypes */
+
diff --git a/crypto/kerberosIV/appl/telnet/telnet/terminal.c b/crypto/kerberosIV/appl/telnet/telnet/terminal.c
new file mode 100644
index 0000000..4404384
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/terminal.c
@@ -0,0 +1,225 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: terminal.c,v 1.10 1997/12/15 19:53:06 joda Exp $");
+
+Ring		ttyoring, ttyiring;
+unsigned char	ttyobuf[2*BUFSIZ], ttyibuf[BUFSIZ];
+
+int termdata;			/* Debugging flag */
+
+# ifndef VDISCARD
+cc_t termFlushChar;
+# endif
+# ifndef VLNEXT
+cc_t termLiteralNextChar;
+# endif
+# ifndef VSUSP
+cc_t termSuspChar;
+# endif
+# ifndef VWERASE
+cc_t termWerasChar;
+# endif
+# ifndef VREPRINT
+cc_t termRprntChar;
+# endif
+# ifndef VSTART
+cc_t termStartChar;
+# endif
+# ifndef VSTOP
+cc_t termStopChar;
+# endif
+# ifndef VEOL
+cc_t termForw1Char;
+# endif
+# ifndef VEOL2
+cc_t termForw2Char;
+# endif
+# ifndef VSTATUS
+cc_t termAytChar;
+# endif
+
+/*
+ * initialize the terminal data structures.
+ */
+
+void
+init_terminal(void)
+{
+    if (ring_init(&ttyoring, ttyobuf, sizeof ttyobuf) != 1) {
+	exit(1);
+    }
+    if (ring_init(&ttyiring, ttyibuf, sizeof ttyibuf) != 1) {
+	exit(1);
+    }
+    autoflush = TerminalAutoFlush();
+}
+
+
+/*
+ *		Send as much data as possible to the terminal.
+ *
+ *		Return value:
+ *			-1: No useful work done, data waiting to go out.
+ *			 0: No data was waiting, so nothing was done.
+ *			 1: All waiting data was written out.
+ *			 n: All data - n was written out.
+ */
+
+
+int
+ttyflush(int drop)
+{
+    int n, n0, n1;
+
+    n0 = ring_full_count(&ttyoring);
+    if ((n1 = n = ring_full_consecutive(&ttyoring)) > 0) {
+	if (drop) {
+	    TerminalFlushOutput();
+	    /* we leave 'n' alone! */
+	} else {
+	    n = TerminalWrite((char *)ttyoring.consume, n);
+	}
+    }
+    if (n > 0) {
+	if (termdata && n) {
+	    Dump('>', ttyoring.consume, n);
+	}
+	/*
+	 * If we wrote everything, and the full count is
+	 * larger than what we wrote, then write the
+	 * rest of the buffer.
+	 */
+	if (n1 == n && n0 > n) {
+		n1 = n0 - n;
+		if (!drop)
+			n1 = TerminalWrite((char *)ttyoring.bottom, n1);
+		if (n1 > 0)
+			n += n1;
+	}
+	ring_consumed(&ttyoring, n);
+    }
+    if (n < 0)
+	return -1;
+    if (n == n0) {
+	if (n0)
+	    return -1;
+	return 0;
+    }
+    return n0 - n + 1;
+}
+
+
+/*
+ * These routines decides on what the mode should be (based on the values
+ * of various global variables).
+ */
+
+
+int
+getconnmode(void)
+{
+    extern int linemode;
+    int mode = 0;
+#ifdef	KLUDGELINEMODE
+    extern int kludgelinemode;
+#endif
+
+    if (my_want_state_is_dont(TELOPT_ECHO))
+	mode |= MODE_ECHO;
+
+    if (localflow)
+	mode |= MODE_FLOW;
+
+    if ((eight & 1) || my_want_state_is_will(TELOPT_BINARY))
+	mode |= MODE_INBIN;
+
+    if (eight & 2)
+	mode |= MODE_OUT8;
+    if (his_want_state_is_will(TELOPT_BINARY))
+	mode |= MODE_OUTBIN;
+
+#ifdef	KLUDGELINEMODE
+    if (kludgelinemode) {
+	if (my_want_state_is_dont(TELOPT_SGA)) {
+	    mode |= (MODE_TRAPSIG|MODE_EDIT);
+	    if (dontlecho && (clocks.echotoggle > clocks.modenegotiated)) {
+		mode &= ~MODE_ECHO;
+	    }
+	}
+	return(mode);
+    }
+#endif
+    if (my_want_state_is_will(TELOPT_LINEMODE))
+	mode |= linemode;
+    return(mode);
+}
+
+    void
+setconnmode(force)
+    int force;
+{
+#ifdef	ENCRYPTION
+    static int enc_passwd = 0;
+#endif
+    int newmode;
+
+    newmode = getconnmode()|(force?MODE_FORCE:0);
+
+    TerminalNewMode(newmode);
+    
+#ifdef  ENCRYPTION
+    if ((newmode & (MODE_ECHO|MODE_EDIT)) == MODE_EDIT) {
+	if (my_want_state_is_will(TELOPT_ENCRYPT)
+				&& (enc_passwd == 0) && !encrypt_output) {
+	    encrypt_request_start(0, 0);
+	    enc_passwd = 1;
+	}
+    } else {
+	if (enc_passwd) {
+	    encrypt_request_end();
+	    enc_passwd = 0;
+	}
+    }
+#endif
+
+}
+
+
+    void
+setcommandmode()
+{
+    TerminalNewMode(-1);
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnet/types.h b/crypto/kerberosIV/appl/telnet/telnet/types.h
new file mode 100644
index 0000000..191d311
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/types.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)types.h	8.1 (Berkeley) 6/6/93
+ */
+
+typedef struct {
+    char *modedescriptions;
+    char modetype;
+} Modelist;
+
+extern Modelist modelist[];
+
+typedef struct {
+    int
+	system,			/* what the current time is */
+	echotoggle,		/* last time user entered echo character */
+	modenegotiated,		/* last time operating mode negotiated */
+	didnetreceive,		/* last time we read data from network */
+	gotDM;			/* when did we last see a data mark */
+} Clocks;
+
+extern Clocks clocks;
diff --git a/crypto/kerberosIV/appl/telnet/telnet/utilities.c b/crypto/kerberosIV/appl/telnet/telnet/utilities.c
new file mode 100644
index 0000000..5d677cf
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/utilities.c
@@ -0,0 +1,863 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#define TELOPTS
+#define TELCMDS
+#define SLC_NAMES
+
+#include "telnet_locl.h"
+
+RCSID("$Id: utilities.c,v 1.21 1998/06/09 19:24:47 joda Exp $");
+
+FILE	*NetTrace = 0;		/* Not in bss, since needs to stay */
+int	prettydump;
+
+/*
+ * SetSockOpt()
+ *
+ * Compensate for differences in 4.2 and 4.3 systems.
+ */
+
+int
+SetSockOpt(int fd, int level, int option, int yesno)
+{
+#ifdef HAVE_SETSOCKOPT
+#ifndef	NOT43
+    return setsockopt(fd, level, option,
+				(void *)&yesno, sizeof yesno);
+#else	/* NOT43 */
+    if (yesno == 0) {		/* Can't do that in 4.2! */
+	fprintf(stderr, "Error: attempt to turn off an option 0x%x.\n",
+				option);
+	return -1;
+    }
+    return setsockopt(fd, level, option, 0, 0);
+#endif	/* NOT43 */
+#else
+    return -1;
+#endif
+}
+
+/*
+ * The following are routines used to print out debugging information.
+ */
+
+char NetTraceFile[256] = "(standard output)";
+
+void
+SetNetTrace(char *file)
+{
+    if (NetTrace && NetTrace != stdout)
+	fclose(NetTrace);
+    if (file  && (strcmp(file, "-") != 0)) {
+	NetTrace = fopen(file, "w");
+	if (NetTrace) {
+	    strcpy_truncate(NetTraceFile, file, sizeof(NetTraceFile));
+	    return;
+	}
+	fprintf(stderr, "Cannot open %s.\n", file);
+    }
+    NetTrace = stdout;
+    strcpy_truncate(NetTraceFile, "(standard output)", sizeof(NetTraceFile));
+}
+
+void
+Dump(char direction, unsigned char *buffer, int length)
+{
+#   define BYTES_PER_LINE	32
+    unsigned char *pThis;
+    int offset;
+
+    offset = 0;
+
+    while (length) {
+	/* print one line */
+	fprintf(NetTrace, "%c 0x%x\t", direction, offset);
+	pThis = buffer;
+	if (prettydump) {
+	    buffer = buffer + min(length, BYTES_PER_LINE/2);
+	    while (pThis < buffer) {
+		fprintf(NetTrace, "%c%.2x",
+		    (((*pThis)&0xff) == 0xff) ? '*' : ' ',
+		    (*pThis)&0xff);
+		pThis++;
+	    }
+	    length -= BYTES_PER_LINE/2;
+	    offset += BYTES_PER_LINE/2;
+	} else {
+	    buffer = buffer + min(length, BYTES_PER_LINE);
+	    while (pThis < buffer) {
+		fprintf(NetTrace, "%.2x", (*pThis)&0xff);
+		pThis++;
+	    }
+	    length -= BYTES_PER_LINE;
+	    offset += BYTES_PER_LINE;
+	}
+	if (NetTrace == stdout) {
+	    fprintf(NetTrace, "\r\n");
+	} else {
+	    fprintf(NetTrace, "\n");
+	}
+	if (length < 0) {
+	    fflush(NetTrace);
+	    return;
+	}
+	/* find next unique line */
+    }
+    fflush(NetTrace);
+}
+
+
+void
+printoption(char *direction, int cmd, int option)
+{
+	if (!showoptions)
+		return;
+	if (cmd == IAC) {
+		if (TELCMD_OK(option))
+		    fprintf(NetTrace, "%s IAC %s", direction, TELCMD(option));
+		else
+		    fprintf(NetTrace, "%s IAC %d", direction, option);
+	} else {
+		char *fmt;
+		fmt = (cmd == WILL) ? "WILL" : (cmd == WONT) ? "WONT" :
+			(cmd == DO) ? "DO" : (cmd == DONT) ? "DONT" : 0;
+		if (fmt) {
+		    fprintf(NetTrace, "%s %s ", direction, fmt);
+		    if (TELOPT_OK(option))
+			fprintf(NetTrace, "%s", TELOPT(option));
+		    else if (option == TELOPT_EXOPL)
+			fprintf(NetTrace, "EXOPL");
+		    else
+			fprintf(NetTrace, "%d", option);
+		} else
+		    fprintf(NetTrace, "%s %d %d", direction, cmd, option);
+	}
+	if (NetTrace == stdout) {
+	    fprintf(NetTrace, "\r\n");
+	    fflush(NetTrace);
+	} else {
+	    fprintf(NetTrace, "\n");
+	}
+	return;
+}
+
+void
+optionstatus(void)
+{
+    int i;
+    extern char will_wont_resp[], do_dont_resp[];
+
+    for (i = 0; i < 256; i++) {
+	if (do_dont_resp[i]) {
+	    if (TELOPT_OK(i))
+		printf("resp DO_DONT %s: %d\n", TELOPT(i), do_dont_resp[i]);
+	    else if (TELCMD_OK(i))
+		printf("resp DO_DONT %s: %d\n", TELCMD(i), do_dont_resp[i]);
+	    else
+		printf("resp DO_DONT %d: %d\n", i,
+				do_dont_resp[i]);
+	    if (my_want_state_is_do(i)) {
+		if (TELOPT_OK(i))
+		    printf("want DO   %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("want DO   %s\n", TELCMD(i));
+		else
+		    printf("want DO   %d\n", i);
+	    } else {
+		if (TELOPT_OK(i))
+		    printf("want DONT %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("want DONT %s\n", TELCMD(i));
+		else
+		    printf("want DONT %d\n", i);
+	    }
+	} else {
+	    if (my_state_is_do(i)) {
+		if (TELOPT_OK(i))
+		    printf("     DO   %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("     DO   %s\n", TELCMD(i));
+		else
+		    printf("     DO   %d\n", i);
+	    }
+	}
+	if (will_wont_resp[i]) {
+	    if (TELOPT_OK(i))
+		printf("resp WILL_WONT %s: %d\n", TELOPT(i), will_wont_resp[i]);
+	    else if (TELCMD_OK(i))
+		printf("resp WILL_WONT %s: %d\n", TELCMD(i), will_wont_resp[i]);
+	    else
+		printf("resp WILL_WONT %d: %d\n",
+				i, will_wont_resp[i]);
+	    if (my_want_state_is_will(i)) {
+		if (TELOPT_OK(i))
+		    printf("want WILL %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("want WILL %s\n", TELCMD(i));
+		else
+		    printf("want WILL %d\n", i);
+	    } else {
+		if (TELOPT_OK(i))
+		    printf("want WONT %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("want WONT %s\n", TELCMD(i));
+		else
+		    printf("want WONT %d\n", i);
+	    }
+	} else {
+	    if (my_state_is_will(i)) {
+		if (TELOPT_OK(i))
+		    printf("     WILL %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("     WILL %s\n", TELCMD(i));
+		else
+		    printf("     WILL %d\n", i);
+	    }
+	}
+    }
+
+}
+
+void
+printsub(int direction, unsigned char *pointer, int length)
+{
+    int i;
+    unsigned char buf[512];
+    extern int want_status_response;
+
+    if (showoptions || direction == 0 ||
+	(want_status_response && (pointer[0] == TELOPT_STATUS))) {
+	if (direction) {
+	    fprintf(NetTrace, "%s IAC SB ",
+				(direction == '<')? "RCVD":"SENT");
+	    if (length >= 3) {
+		int j;
+
+		i = pointer[length-2];
+		j = pointer[length-1];
+
+		if (i != IAC || j != SE) {
+		    fprintf(NetTrace, "(terminated by ");
+		    if (TELOPT_OK(i))
+			fprintf(NetTrace, "%s ", TELOPT(i));
+		    else if (TELCMD_OK(i))
+			fprintf(NetTrace, "%s ", TELCMD(i));
+		    else
+			fprintf(NetTrace, "%d ", i);
+		    if (TELOPT_OK(j))
+			fprintf(NetTrace, "%s", TELOPT(j));
+		    else if (TELCMD_OK(j))
+			fprintf(NetTrace, "%s", TELCMD(j));
+		    else
+			fprintf(NetTrace, "%d", j);
+		    fprintf(NetTrace, ", not IAC SE!) ");
+		}
+	    }
+	    length -= 2;
+	}
+	if (length < 1) {
+	    fprintf(NetTrace, "(Empty suboption??\?)");
+	    if (NetTrace == stdout)
+		fflush(NetTrace);
+	    return;
+	}
+	switch (pointer[0]) {
+	case TELOPT_TTYPE:
+	    fprintf(NetTrace, "TERMINAL-TYPE ");
+	    switch (pointer[1]) {
+	    case TELQUAL_IS:
+		fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
+		break;
+	    case TELQUAL_SEND:
+		fprintf(NetTrace, "SEND");
+		break;
+	    default:
+		fprintf(NetTrace,
+				"- unknown qualifier %d (0x%x).",
+				pointer[1], pointer[1]);
+	    }
+	    break;
+	case TELOPT_TSPEED:
+	    fprintf(NetTrace, "TERMINAL-SPEED");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption??\?)");
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case TELQUAL_IS:
+		fprintf(NetTrace, " IS ");
+		fprintf(NetTrace, "%.*s", length-2, (char *)pointer+2);
+		break;
+	    default:
+		if (pointer[1] == 1)
+		    fprintf(NetTrace, " SEND");
+		else
+		    fprintf(NetTrace, " %d (unknown)", pointer[1]);
+		for (i = 2; i < length; i++)
+		    fprintf(NetTrace, " ?%d?", pointer[i]);
+		break;
+	    }
+	    break;
+
+	case TELOPT_LFLOW:
+	    fprintf(NetTrace, "TOGGLE-FLOW-CONTROL");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption??\?)");
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case LFLOW_OFF:
+		fprintf(NetTrace, " OFF"); break;
+	    case LFLOW_ON:
+		fprintf(NetTrace, " ON"); break;
+	    case LFLOW_RESTART_ANY:
+		fprintf(NetTrace, " RESTART-ANY"); break;
+	    case LFLOW_RESTART_XON:
+		fprintf(NetTrace, " RESTART-XON"); break;
+	    default:
+		fprintf(NetTrace, " %d (unknown)", pointer[1]);
+	    }
+	    for (i = 2; i < length; i++)
+		fprintf(NetTrace, " ?%d?", pointer[i]);
+	    break;
+
+	case TELOPT_NAWS:
+	    fprintf(NetTrace, "NAWS");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption??\?)");
+		break;
+	    }
+	    if (length == 2) {
+		fprintf(NetTrace, " ?%d?", pointer[1]);
+		break;
+	    }
+	    fprintf(NetTrace, " %d %d (%d)",
+		pointer[1], pointer[2],
+		(int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2])));
+	    if (length == 4) {
+		fprintf(NetTrace, " ?%d?", pointer[3]);
+		break;
+	    }
+	    fprintf(NetTrace, " %d %d (%d)",
+		pointer[3], pointer[4],
+		(int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4])));
+	    for (i = 5; i < length; i++)
+		fprintf(NetTrace, " ?%d?", pointer[i]);
+	    break;
+
+#if	defined(AUTHENTICATION)
+	case TELOPT_AUTHENTICATION:
+	    fprintf(NetTrace, "AUTHENTICATION");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption??\?)");
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case TELQUAL_REPLY:
+	    case TELQUAL_IS:
+		fprintf(NetTrace, " %s ", (pointer[1] == TELQUAL_IS) ?
+							"IS" : "REPLY");
+		if (AUTHTYPE_NAME_OK(pointer[2]))
+		    fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[2]));
+		else
+		    fprintf(NetTrace, "%d ", pointer[2]);
+		if (length < 3) {
+		    fprintf(NetTrace, "(partial suboption??\?)");
+		    break;
+		}
+		fprintf(NetTrace, "%s|%s",
+			((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+			"CLIENT" : "SERVER",
+			((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+			"MUTUAL" : "ONE-WAY");
+
+		auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+		fprintf(NetTrace, "%s", buf);
+		break;
+
+	    case TELQUAL_SEND:
+		i = 2;
+		fprintf(NetTrace, " SEND ");
+		while (i < length) {
+		    if (AUTHTYPE_NAME_OK(pointer[i]))
+			fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[i]));
+		    else
+			fprintf(NetTrace, "%d ", pointer[i]);
+		    if (++i >= length) {
+			fprintf(NetTrace, "(partial suboption??\?)");
+			break;
+		    }
+		    fprintf(NetTrace, "%s|%s ",
+			((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+							"CLIENT" : "SERVER",
+			((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+							"MUTUAL" : "ONE-WAY");
+		    ++i;
+		}
+		break;
+
+	    case TELQUAL_NAME:
+		i = 2;
+		fprintf(NetTrace, " NAME \"");
+		while (i < length)
+		    putc(pointer[i++], NetTrace);
+		putc('"', NetTrace);
+		break;
+
+	    default:
+		    for (i = 2; i < length; i++)
+			fprintf(NetTrace, " ?%d?", pointer[i]);
+		    break;
+	    }
+	    break;
+#endif
+
+#if	defined(ENCRYPTION)
+	case TELOPT_ENCRYPT:
+	    fprintf(NetTrace, "ENCRYPT");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption?)");
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case ENCRYPT_START:
+		fprintf(NetTrace, " START");
+		break;
+
+	    case ENCRYPT_END:
+		fprintf(NetTrace, " END");
+		break;
+
+	    case ENCRYPT_REQSTART:
+		fprintf(NetTrace, " REQUEST-START");
+		break;
+
+	    case ENCRYPT_REQEND:
+		fprintf(NetTrace, " REQUEST-END");
+		break;
+
+	    case ENCRYPT_IS:
+	    case ENCRYPT_REPLY:
+		fprintf(NetTrace, " %s ", (pointer[1] == ENCRYPT_IS) ?
+							"IS" : "REPLY");
+		if (length < 3) {
+		    fprintf(NetTrace, " (partial suboption?)");
+		    break;
+		}
+		if (ENCTYPE_NAME_OK(pointer[2]))
+		    fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[2]));
+		else
+		    fprintf(NetTrace, " %d (unknown)", pointer[2]);
+
+		encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+		fprintf(NetTrace, "%s", buf);
+		break;
+
+	    case ENCRYPT_SUPPORT:
+		i = 2;
+		fprintf(NetTrace, " SUPPORT ");
+		while (i < length) {
+		    if (ENCTYPE_NAME_OK(pointer[i]))
+			fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[i]));
+		    else
+			fprintf(NetTrace, "%d ", pointer[i]);
+		    i++;
+		}
+		break;
+
+	    case ENCRYPT_ENC_KEYID:
+		fprintf(NetTrace, " ENC_KEYID ");
+		goto encommon;
+
+	    case ENCRYPT_DEC_KEYID:
+		fprintf(NetTrace, " DEC_KEYID ");
+		goto encommon;
+
+	    default:
+		fprintf(NetTrace, " %d (unknown)", pointer[1]);
+	    encommon:
+		for (i = 2; i < length; i++)
+		    fprintf(NetTrace, " %d", pointer[i]);
+		break;
+	    }
+	    break;
+#endif
+
+	case TELOPT_LINEMODE:
+	    fprintf(NetTrace, "LINEMODE ");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption??\?)");
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case WILL:
+		fprintf(NetTrace, "WILL ");
+		goto common;
+	    case WONT:
+		fprintf(NetTrace, "WONT ");
+		goto common;
+	    case DO:
+		fprintf(NetTrace, "DO ");
+		goto common;
+	    case DONT:
+		fprintf(NetTrace, "DONT ");
+	    common:
+		if (length < 3) {
+		    fprintf(NetTrace, "(no option??\?)");
+		    break;
+		}
+		switch (pointer[2]) {
+		case LM_FORWARDMASK:
+		    fprintf(NetTrace, "Forward Mask");
+		    for (i = 3; i < length; i++)
+			fprintf(NetTrace, " %x", pointer[i]);
+		    break;
+		default:
+		    fprintf(NetTrace, "%d (unknown)", pointer[2]);
+		    for (i = 3; i < length; i++)
+			fprintf(NetTrace, " %d", pointer[i]);
+		    break;
+		}
+		break;
+
+	    case LM_SLC:
+		fprintf(NetTrace, "SLC");
+		for (i = 2; i < length - 2; i += 3) {
+		    if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
+			fprintf(NetTrace, " %s", SLC_NAME(pointer[i+SLC_FUNC]));
+		    else
+			fprintf(NetTrace, " %d", pointer[i+SLC_FUNC]);
+		    switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
+		    case SLC_NOSUPPORT:
+			fprintf(NetTrace, " NOSUPPORT"); break;
+		    case SLC_CANTCHANGE:
+			fprintf(NetTrace, " CANTCHANGE"); break;
+		    case SLC_VARIABLE:
+			fprintf(NetTrace, " VARIABLE"); break;
+		    case SLC_DEFAULT:
+			fprintf(NetTrace, " DEFAULT"); break;
+		    }
+		    fprintf(NetTrace, "%s%s%s",
+			pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
+			pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
+			pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
+		    if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
+						SLC_FLUSHOUT| SLC_LEVELBITS))
+			fprintf(NetTrace, "(0x%x)", pointer[i+SLC_FLAGS]);
+		    fprintf(NetTrace, " %d;", pointer[i+SLC_VALUE]);
+		    if ((pointer[i+SLC_VALUE] == IAC) &&
+			(pointer[i+SLC_VALUE+1] == IAC))
+				i++;
+		}
+		for (; i < length; i++)
+		    fprintf(NetTrace, " ?%d?", pointer[i]);
+		break;
+
+	    case LM_MODE:
+		fprintf(NetTrace, "MODE ");
+		if (length < 3) {
+		    fprintf(NetTrace, "(no mode??\?)");
+		    break;
+		}
+		{
+		    char tbuf[64];
+		    snprintf(tbuf, sizeof(tbuf),
+			     "%s%s%s%s%s",
+			     pointer[2]&MODE_EDIT ? "|EDIT" : "",
+			     pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
+			     pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
+			     pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
+			     pointer[2]&MODE_ACK ? "|ACK" : "");
+		    fprintf(NetTrace, "%s", tbuf[1] ? &tbuf[1] : "0");
+		}
+		if (pointer[2]&~(MODE_MASK))
+		    fprintf(NetTrace, " (0x%x)", pointer[2]);
+		for (i = 3; i < length; i++)
+		    fprintf(NetTrace, " ?0x%x?", pointer[i]);
+		break;
+	    default:
+		fprintf(NetTrace, "%d (unknown)", pointer[1]);
+		for (i = 2; i < length; i++)
+		    fprintf(NetTrace, " %d", pointer[i]);
+	    }
+	    break;
+
+	case TELOPT_STATUS: {
+	    char *cp;
+	    int j, k;
+
+	    fprintf(NetTrace, "STATUS");
+
+	    switch (pointer[1]) {
+	    default:
+		if (pointer[1] == TELQUAL_SEND)
+		    fprintf(NetTrace, " SEND");
+		else
+		    fprintf(NetTrace, " %d (unknown)", pointer[1]);
+		for (i = 2; i < length; i++)
+		    fprintf(NetTrace, " ?%d?", pointer[i]);
+		break;
+	    case TELQUAL_IS:
+		if (--want_status_response < 0)
+		    want_status_response = 0;
+		if (NetTrace == stdout)
+		    fprintf(NetTrace, " IS\r\n");
+		else
+		    fprintf(NetTrace, " IS\n");
+
+		for (i = 2; i < length; i++) {
+		    switch(pointer[i]) {
+		    case DO:	cp = "DO"; goto common2;
+		    case DONT:	cp = "DONT"; goto common2;
+		    case WILL:	cp = "WILL"; goto common2;
+		    case WONT:	cp = "WONT"; goto common2;
+		    common2:
+			i++;
+			if (TELOPT_OK((int)pointer[i]))
+			    fprintf(NetTrace, " %s %s", cp, TELOPT(pointer[i]));
+			else
+			    fprintf(NetTrace, " %s %d", cp, pointer[i]);
+
+			if (NetTrace == stdout)
+			    fprintf(NetTrace, "\r\n");
+			else
+			    fprintf(NetTrace, "\n");
+			break;
+
+		    case SB:
+			fprintf(NetTrace, " SB ");
+			i++;
+			j = k = i;
+			while (j < length) {
+			    if (pointer[j] == SE) {
+				if (j+1 == length)
+				    break;
+				if (pointer[j+1] == SE)
+				    j++;
+				else
+				    break;
+			    }
+			    pointer[k++] = pointer[j++];
+			}
+			printsub(0, &pointer[i], k - i);
+			if (i < length) {
+			    fprintf(NetTrace, " SE");
+			    i = j;
+			} else
+			    i = j - 1;
+
+			if (NetTrace == stdout)
+			    fprintf(NetTrace, "\r\n");
+			else
+			    fprintf(NetTrace, "\n");
+
+			break;
+
+		    default:
+			fprintf(NetTrace, " %d", pointer[i]);
+			break;
+		    }
+		}
+		break;
+	    }
+	    break;
+	  }
+
+	case TELOPT_XDISPLOC:
+	    fprintf(NetTrace, "X-DISPLAY-LOCATION ");
+	    switch (pointer[1]) {
+	    case TELQUAL_IS:
+		fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
+		break;
+	    case TELQUAL_SEND:
+		fprintf(NetTrace, "SEND");
+		break;
+	    default:
+		fprintf(NetTrace, "- unknown qualifier %d (0x%x).",
+				pointer[1], pointer[1]);
+	    }
+	    break;
+
+	case TELOPT_NEW_ENVIRON:
+	    fprintf(NetTrace, "NEW-ENVIRON ");
+#ifdef	OLD_ENVIRON
+	    goto env_common1;
+	case TELOPT_OLD_ENVIRON:
+	    fprintf(NetTrace, "OLD-ENVIRON");
+	env_common1:
+#endif
+	    switch (pointer[1]) {
+	    case TELQUAL_IS:
+		fprintf(NetTrace, "IS ");
+		goto env_common;
+	    case TELQUAL_SEND:
+		fprintf(NetTrace, "SEND ");
+		goto env_common;
+	    case TELQUAL_INFO:
+		fprintf(NetTrace, "INFO ");
+	    env_common:
+		{
+		    int noquote = 2;
+		    for (i = 2; i < length; i++ ) {
+			switch (pointer[i]) {
+			case NEW_ENV_VALUE:
+#ifdef OLD_ENVIRON
+		     /*	case NEW_ENV_OVAR: */
+			    if (pointer[0] == TELOPT_OLD_ENVIRON) {
+				    fprintf(NetTrace, "\" VAR " + noquote);
+			    } else
+#endif /* OLD_ENVIRON */
+				fprintf(NetTrace, "\" VALUE " + noquote);
+			    noquote = 2;
+			    break;
+
+			case NEW_ENV_VAR:
+#ifdef OLD_ENVIRON
+		     /* case OLD_ENV_VALUE: */
+			    if (pointer[0] == TELOPT_OLD_ENVIRON) {
+				    fprintf(NetTrace, "\" VALUE " + noquote);
+			    } else
+#endif /* OLD_ENVIRON */
+				fprintf(NetTrace, "\" VAR " + noquote);
+			    noquote = 2;
+			    break;
+
+			case ENV_ESC:
+			    fprintf(NetTrace, "\" ESC " + noquote);
+			    noquote = 2;
+			    break;
+
+			case ENV_USERVAR:
+			    fprintf(NetTrace, "\" USERVAR " + noquote);
+			    noquote = 2;
+			    break;
+
+			default:
+			    if (isprint(pointer[i]) && pointer[i] != '"') {
+				if (noquote) {
+				    putc('"', NetTrace);
+				    noquote = 0;
+				}
+				putc(pointer[i], NetTrace);
+			    } else {
+				fprintf(NetTrace, "\" %03o " + noquote,
+							pointer[i]);
+				noquote = 2;
+			    }
+			    break;
+			}
+		    }
+		    if (!noquote)
+			putc('"', NetTrace);
+		    break;
+		}
+	    }
+	    break;
+
+	default:
+	    if (TELOPT_OK(pointer[0]))
+		fprintf(NetTrace, "%s (unknown)", TELOPT(pointer[0]));
+	    else
+		fprintf(NetTrace, "%d (unknown)", pointer[0]);
+	    for (i = 1; i < length; i++)
+		fprintf(NetTrace, " %d", pointer[i]);
+	    break;
+	}
+	if (direction) {
+	    if (NetTrace == stdout)
+		fprintf(NetTrace, "\r\n");
+	    else
+		fprintf(NetTrace, "\n");
+	}
+	if (NetTrace == stdout)
+	    fflush(NetTrace);
+    }
+}
+
+/* EmptyTerminal - called to make sure that the terminal buffer is empty.
+ *			Note that we consider the buffer to run all the
+ *			way to the kernel (thus the select).
+ */
+
+void
+EmptyTerminal(void)
+{
+    fd_set	outs;
+
+    FD_ZERO(&outs);
+
+    if (TTYBYTES() == 0) {
+	FD_SET(tout, &outs);
+	select(tout+1, 0, &outs, 0,
+		      (struct timeval *) 0); /* wait for TTLOWAT */
+    } else {
+	while (TTYBYTES()) {
+	    ttyflush(0);
+	    FD_SET(tout, &outs);
+	    select(tout+1, 0, &outs, 0,
+			  (struct timeval *) 0); /* wait for TTLOWAT */
+	}
+    }
+}
+
+void
+SetForExit(void)
+{
+    setconnmode(0);
+    do {
+	telrcv();			/* Process any incoming data */
+	EmptyTerminal();
+    } while (ring_full_count(&netiring));	/* While there is any */
+    setcommandmode();
+    fflush(stdout);
+    fflush(stderr);
+    setconnmode(0);
+    EmptyTerminal();			/* Flush the path to the tty */
+    setcommandmode();
+}
+
+void
+Exit(int returnCode)
+{
+    SetForExit();
+    exit(returnCode);
+}
+
+void
+ExitString(char *string, int returnCode)
+{
+    SetForExit();
+    fwrite(string, 1, strlen(string), stderr);
+    exit(returnCode);
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/Makefile.am b/crypto/kerberosIV/appl/telnet/telnetd/Makefile.am
new file mode 100644
index 0000000..c228518
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/Makefile.am
@@ -0,0 +1,21 @@
+# $Id: Makefile.am,v 1.12 1999/04/09 18:24:38 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += -I$(srcdir)/.. $(INCLUDE_krb4)
+
+libexec_PROGRAMS = telnetd
+
+CHECK_LOCAL = 
+
+telnetd_SOURCES  = telnetd.c state.c termstat.c slc.c sys_term.c \
+		   utility.c global.c authenc.c defs.h ext.h telnetd.h
+
+LDADD = \
+	../libtelnet/libtelnet.a \
+	$(LIB_krb5) \
+	$(LIB_krb4) \
+	$(top_builddir)/lib/des/libdes.la \
+	$(LIB_tgetent) \
+	$(LIB_logwtmp) \
+	$(LIB_roken)
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/Makefile.in b/crypto/kerberosIV/appl/telnet/telnetd/Makefile.in
new file mode 100644
index 0000000..ed42d1d
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/Makefile.in
@@ -0,0 +1,79 @@
+# $Id: Makefile.in,v 1.38 1999/03/11 13:50:16 joda Exp $
+
+srcdir		= @srcdir@
+top_srcdir	= @top_srcdir@
+VPATH		= @srcdir@
+
+top_builddir		= ../../..
+
+SHELL		= /bin/sh
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@ -DBINDIR='"$(bindir)"'
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+LIBS = @LIBS@
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+libdir = @libdir@
+libexecdir = @libexecdir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROGS = telnetd$(EXECSUFFIX)
+
+SOURCES=telnetd.c state.c termstat.c slc.c sys_term.c \
+	utility.c global.c authenc.c
+
+OBJECTS=telnetd.o state.o termstat.o slc.o sys_term.o \
+	utility.o global.o authenc.o
+
+libtop = @libtop@
+
+LIBKRB		= -L../../../lib/krb -lkrb
+LIBDES		= -L../../../lib/des -ldes
+LIBKAFS		= @KRB_KAFS_LIB@
+LIBROKEN	= -L../../../lib/roken -lroken
+
+KLIB=$(LIBKAFS) $(LIBKRB) $(LIBDES)
+
+
+all: $(PROGS)
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../../include -I.. -I$(srcdir)/.. -I. -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
+
+telnetd$(EXECSUFFIX): $(OBJECTS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS) -L../libtelnet -ltelnet $(KLIB) $(LIBROKEN) $(LIBS) @LIB_tgetent@ $(LIBROKEN)
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
+	for x in $(PROGS); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(PROGS); do \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+clean cleandir:
+	rm -f *.o *.a telnetd$(EXECSUFFIX) \#* *~ core
+
+distclean: clean
+	rm -f Makefile *~
+
+
+.PHONY: all install uninstall clean cleandir distclean
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/authenc.c b/crypto/kerberosIV/appl/telnet/telnetd/authenc.c
new file mode 100644
index 0000000..2a95127
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/authenc.c
@@ -0,0 +1,82 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: authenc.c,v 1.8 1998/07/09 23:16:37 assar Exp $");
+
+#ifdef AUTHENTICATION
+
+int
+telnet_net_write(unsigned char *str, int len)
+{
+    if (nfrontp + len < netobuf + BUFSIZ) {
+	memmove(nfrontp, str, len);
+	nfrontp += len;
+	return(len);
+    }
+    return(0);
+}
+
+void
+net_encrypt(void)
+{
+#ifdef ENCRYPTION
+    char *s = (nclearto > nbackp) ? nclearto : nbackp;
+    if (s < nfrontp && encrypt_output) {
+	(*encrypt_output)((unsigned char *)s, nfrontp - s);
+    }
+    nclearto = nfrontp;
+#endif
+}
+
+int
+telnet_spin(void)
+{
+    ttloop();
+    return(0);
+}
+
+char *
+telnet_getenv(char *val)
+{
+    extern char *getenv(const char *);
+    return(getenv(val));
+}
+
+char *
+telnet_gets(char *prompt, char *result, int length, int echo)
+{
+    return NULL;
+}
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/defs.h b/crypto/kerberosIV/appl/telnet/telnetd/defs.h
new file mode 100644
index 0000000..dc3f842
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/defs.h
@@ -0,0 +1,190 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)defs.h	8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Telnet server defines
+ */
+
+#ifndef __DEFS_H__
+#define __DEFS_H__
+
+#ifndef	BSD
+# define	BSD 43
+#endif
+
+#if defined(PRINTOPTIONS) && defined(DIAGNOSTICS)
+#define TELOPTS
+#define TELCMDS
+#define	SLC_NAMES
+#endif
+
+#if	!defined(TIOCSCTTY) && defined(TCSETCTTY)
+# define	TIOCSCTTY TCSETCTTY
+#endif
+
+#ifndef TIOCPKT_FLUSHWRITE
+#define TIOCPKT_FLUSHWRITE      0x02
+#endif
+ 
+#ifndef TIOCPKT_NOSTOP
+#define TIOCPKT_NOSTOP  0x10
+#endif
+ 
+#ifndef TIOCPKT_DOSTOP
+#define TIOCPKT_DOSTOP  0x20
+#endif
+
+/*
+ * I/O data buffers defines
+ */
+#define	NETSLOP	64
+#ifdef _CRAY
+#undef BUFSIZ
+#define BUFSIZ  2048
+#endif
+
+#define	NIACCUM(c)	{   *netip++ = c; \
+			    ncc++; \
+			}
+
+/* clock manipulations */
+#define	settimer(x)	(clocks.x = ++clocks.system)
+#define	sequenceIs(x,y)	(clocks.x < clocks.y)
+
+/*
+ * Structures of information for each special character function.
+ */
+typedef struct {
+	unsigned char	flag;		/* the flags for this function */
+	cc_t		val;		/* the value of the special character */
+} slcent, *Slcent;
+
+typedef struct {
+	slcent		defset;		/* the default settings */
+	slcent		current;	/* the current settings */
+	cc_t		*sptr;		/* a pointer to the char in */
+					/* system data structures */
+} slcfun, *Slcfun;
+
+#ifdef DIAGNOSTICS
+/*
+ * Diagnostics capabilities
+ */
+#define	TD_REPORT	0x01	/* Report operations to client */
+#define TD_EXERCISE	0x02	/* Exercise client's implementation */
+#define TD_NETDATA	0x04	/* Display received data stream */
+#define TD_PTYDATA	0x08	/* Display data passed to pty */
+#define	TD_OPTIONS	0x10	/* Report just telnet options */
+#endif /* DIAGNOSTICS */
+
+/*
+ * We keep track of each side of the option negotiation.
+ */
+
+#define	MY_STATE_WILL		0x01
+#define	MY_WANT_STATE_WILL	0x02
+#define	MY_STATE_DO		0x04
+#define	MY_WANT_STATE_DO	0x08
+
+/*
+ * Macros to check the current state of things
+ */
+
+#define	my_state_is_do(opt)		(options[opt]&MY_STATE_DO)
+#define	my_state_is_will(opt)		(options[opt]&MY_STATE_WILL)
+#define my_want_state_is_do(opt)	(options[opt]&MY_WANT_STATE_DO)
+#define my_want_state_is_will(opt)	(options[opt]&MY_WANT_STATE_WILL)
+
+#define	my_state_is_dont(opt)		(!my_state_is_do(opt))
+#define	my_state_is_wont(opt)		(!my_state_is_will(opt))
+#define my_want_state_is_dont(opt)	(!my_want_state_is_do(opt))
+#define my_want_state_is_wont(opt)	(!my_want_state_is_will(opt))
+
+#define	set_my_state_do(opt)		(options[opt] |= MY_STATE_DO)
+#define	set_my_state_will(opt)		(options[opt] |= MY_STATE_WILL)
+#define	set_my_want_state_do(opt)	(options[opt] |= MY_WANT_STATE_DO)
+#define	set_my_want_state_will(opt)	(options[opt] |= MY_WANT_STATE_WILL)
+
+#define	set_my_state_dont(opt)		(options[opt] &= ~MY_STATE_DO)
+#define	set_my_state_wont(opt)		(options[opt] &= ~MY_STATE_WILL)
+#define	set_my_want_state_dont(opt)	(options[opt] &= ~MY_WANT_STATE_DO)
+#define	set_my_want_state_wont(opt)	(options[opt] &= ~MY_WANT_STATE_WILL)
+
+/*
+ * Tricky code here.  What we want to know is if the MY_STATE_WILL
+ * and MY_WANT_STATE_WILL bits have the same value.  Since the two
+ * bits are adjacent, a little arithmatic will show that by adding
+ * in the lower bit, the upper bit will be set if the two bits were
+ * different, and clear if they were the same.
+ */
+#define my_will_wont_is_changing(opt) \
+			((options[opt]+MY_STATE_WILL) & MY_WANT_STATE_WILL)
+
+#define my_do_dont_is_changing(opt) \
+			((options[opt]+MY_STATE_DO) & MY_WANT_STATE_DO)
+
+/*
+ * Make everything symetrical
+ */
+
+#define	HIS_STATE_WILL			MY_STATE_DO
+#define	HIS_WANT_STATE_WILL		MY_WANT_STATE_DO
+#define HIS_STATE_DO			MY_STATE_WILL
+#define HIS_WANT_STATE_DO		MY_WANT_STATE_WILL
+
+#define	his_state_is_do			my_state_is_will
+#define	his_state_is_will		my_state_is_do
+#define his_want_state_is_do		my_want_state_is_will
+#define his_want_state_is_will		my_want_state_is_do
+
+#define	his_state_is_dont		my_state_is_wont
+#define	his_state_is_wont		my_state_is_dont
+#define his_want_state_is_dont		my_want_state_is_wont
+#define his_want_state_is_wont		my_want_state_is_dont
+
+#define	set_his_state_do		set_my_state_will
+#define	set_his_state_will		set_my_state_do
+#define	set_his_want_state_do		set_my_want_state_will
+#define	set_his_want_state_will		set_my_want_state_do
+
+#define	set_his_state_dont		set_my_state_wont
+#define	set_his_state_wont		set_my_state_dont
+#define	set_his_want_state_dont		set_my_want_state_wont
+#define	set_his_want_state_wont		set_my_want_state_dont
+
+#define his_will_wont_is_changing	my_do_dont_is_changing
+#define his_do_dont_is_changing		my_will_wont_is_changing
+
+#endif /* __DEFS_H__ */
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/ext.h b/crypto/kerberosIV/appl/telnet/telnetd/ext.h
new file mode 100644
index 0000000..83b7166
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/ext.h
@@ -0,0 +1,204 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)ext.h	8.2 (Berkeley) 12/15/93
+ */
+
+/* $Id: ext.h,v 1.17 1998/07/09 23:16:38 assar Exp $ */
+
+#ifndef __EXT_H__
+#define __EXT_H__
+
+/*
+ * Telnet server variable declarations
+ */
+extern char	options[256];
+extern char	do_dont_resp[256];
+extern char	will_wont_resp[256];
+extern int	flowmode;	/* current flow control state */
+extern int	restartany;	/* restart output on any character state */
+#ifdef DIAGNOSTICS
+extern int	diagnostic;	/* telnet diagnostic capabilities */
+#endif /* DIAGNOSTICS */
+extern int	require_otp;
+#ifdef AUTHENTICATION
+extern int	auth_level;
+#endif
+extern const char *new_login;
+
+extern slcfun	slctab[NSLC + 1];	/* slc mapping table */
+
+extern char	*terminaltype;
+
+/*
+ * I/O data buffers, pointers, and counters.
+ */
+extern char	ptyobuf[BUFSIZ+NETSLOP], *pfrontp, *pbackp;
+
+extern char	netibuf[BUFSIZ], *netip;
+
+extern char	netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
+extern char	*neturg;		/* one past last bye of urgent data */
+
+extern int	pcc, ncc;
+
+extern int	ourpty, net;
+extern char	*line;
+extern int	SYNCHing;		/* we are in TELNET SYNCH mode */
+
+int telnet_net_write (unsigned char *str, int len);
+void net_encrypt (void);
+int telnet_spin (void);
+char *telnet_getenv (char *val);
+char *telnet_gets (char *prompt, char *result, int length, int echo);
+void get_slc_defaults (void);
+void telrcv (void);
+void send_do (int option, int init);
+void willoption (int option);
+void send_dont (int option, int init);
+void wontoption (int option);
+void send_will (int option, int init);
+void dooption (int option);
+void send_wont (int option, int init);
+void dontoption (int option);
+void suboption (void);
+void doclientstat (void);
+void send_status (void);
+void init_termbuf (void);
+void set_termbuf (void);
+int spcset (int func, cc_t *valp, cc_t **valpp);
+void set_utid (void);
+int getpty (int *ptynum);
+int tty_isecho (void);
+int tty_flowmode (void);
+int tty_restartany (void);
+void tty_setecho (int on);
+int tty_israw (void);
+void tty_binaryin (int on);
+void tty_binaryout (int on);
+int tty_isbinaryin (void);
+int tty_isbinaryout (void);
+int tty_issofttab (void);
+void tty_setsofttab (int on);
+int tty_islitecho (void);
+void tty_setlitecho (int on);
+int tty_iscrnl (void);
+void tty_tspeed (int val);
+void tty_rspeed (int val);
+void getptyslave (void);
+int cleanopen (char *line);
+void startslave (char *host, int autologin, char *autoname);
+void init_env (void);
+void start_login (char *host, int autologin, char *name);
+void cleanup (int sig);
+int main (int argc, char **argv);
+void usage (void);
+int getterminaltype (char *name, size_t);
+void _gettermname (void);
+int terminaltypeok (char *s);
+void doit (struct sockaddr_in *who);
+void my_telnet (int f, int p, char*, int, char*);
+void interrupt (void);
+void sendbrk (void);
+void sendsusp (void);
+void recv_ayt (void);
+void doeof (void);
+void flowstat (void);
+void clientstat (int code, int parm1, int parm2);
+void ttloop (void);
+int stilloob (int s);
+void ptyflush (void);
+char *nextitem (char *current);
+void netclear (void);
+void netflush (void);
+void writenet (unsigned char *ptr, int len);
+void fatal (int f, char *msg);
+void fatalperror (int f, const char *msg);
+void edithost (char *pat, char *host);
+void putstr (char *s);
+void putchr (int cc);
+void putf (char *cp, char *where);
+void printoption (char *fmt, int option);
+void printsub (int direction, unsigned char *pointer, int length);
+void printdata (char *tag, char *ptr, int cnt);
+int login_tty(int t);
+
+#ifdef ENCRYPTION
+extern void	(*encrypt_output) (unsigned char *, int);
+extern int	(*decrypt_input) (int);
+extern char	*nclearto;
+#endif
+
+
+/*
+ * The following are some clocks used to decide how to interpret
+ * the relationship between various variables.
+ */
+
+struct clocks_t{
+    int
+	system,			/* what the current time is */
+	echotoggle,		/* last time user entered echo character */
+	modenegotiated,		/* last time operating mode negotiated */
+	didnetreceive,		/* last time we read data from network */
+	ttypesubopt,		/* ttype subopt is received */
+	tspeedsubopt,		/* tspeed subopt is received */
+	environsubopt,		/* environ subopt is received */
+	oenvironsubopt,		/* old environ subopt is received */
+	xdisplocsubopt,		/* xdisploc subopt is received */
+	baseline,		/* time started to do timed action */
+	gotDM;			/* when did we last see a data mark */
+};
+extern struct clocks_t clocks;
+
+extern int log_unauth;
+extern int no_warn;
+
+#ifdef STREAMSPTY
+extern int really_stream;
+#endif
+
+#ifndef USE_IM
+# ifdef CRAY
+#  define USE_IM "Cray UNICOS (%h) (%t)"
+# endif
+# ifdef _AIX
+#  define USE_IM "%s %v.%r (%h) (%t)"
+# endif
+# ifndef USE_IM
+#  define USE_IM "%s %r (%h) (%t)"
+# endif
+#endif
+
+#define DEFAULT_IM "\r\n\r\n" USE_IM "\r\n\r\n\r\n"
+
+#endif /* __EXT_H__ */
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/global.c b/crypto/kerberosIV/appl/telnet/telnetd/global.c
new file mode 100644
index 0000000..275cb45
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/global.c
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* a *lot* of ugly global definitions that really should be removed...
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: global.c,v 1.12 1997/05/11 06:29:59 assar Exp $");
+
+/*
+ * Telnet server variable declarations
+ */
+char	options[256];
+char	do_dont_resp[256];
+char	will_wont_resp[256];
+int	linemode;	/* linemode on/off */
+int	flowmode;	/* current flow control state */
+int	restartany;	/* restart output on any character state */
+#ifdef DIAGNOSTICS
+int	diagnostic;	/* telnet diagnostic capabilities */
+#endif /* DIAGNOSTICS */
+int	require_otp;
+
+slcfun	slctab[NSLC + 1];	/* slc mapping table */
+
+char	*terminaltype;
+
+/*
+ * I/O data buffers, pointers, and counters.
+ */
+char	ptyobuf[BUFSIZ+NETSLOP], *pfrontp, *pbackp;
+
+char	netibuf[BUFSIZ], *netip;
+
+char	netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
+char	*neturg;		/* one past last bye of urgent data */
+
+int	pcc, ncc;
+
+int	ourpty, net;
+int	SYNCHing;		/* we are in TELNET SYNCH mode */
+
+/*
+ * The following are some clocks used to decide how to interpret
+ * the relationship between various variables.
+ */
+
+struct clocks_t clocks;
+
+
+/* whether to log unauthenticated login attempts */
+int log_unauth;
+
+/* do not print warning if connection is not encrypted */
+int no_warn;
+
+/*
+ * This function appends data to nfrontp and advances nfrontp.
+ */
+
+int
+output_data (const char *format, ...)
+{
+  va_list args;
+  size_t remaining, ret;
+
+  va_start(args, format);
+  remaining = BUFSIZ - (nfrontp - netobuf);
+  ret = vsnprintf (nfrontp,
+		   remaining,
+		   format,
+		   args);
+  nfrontp += ret;
+  va_end(args);
+  return ret;
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/slc.c b/crypto/kerberosIV/appl/telnet/telnetd/slc.c
new file mode 100644
index 0000000..799d2d8
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/slc.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: slc.c,v 1.10 1997/05/11 06:30:00 assar Exp $");
+
+/*
+ * get_slc_defaults
+ *
+ * Initialize the slc mapping table.
+ */
+void
+get_slc_defaults(void)
+{
+    int i;
+    
+    init_termbuf();
+    
+    for (i = 1; i <= NSLC; i++) {
+	slctab[i].defset.flag =
+	    spcset(i, &slctab[i].defset.val, &slctab[i].sptr);
+	slctab[i].current.flag = SLC_NOSUPPORT;
+	slctab[i].current.val = 0;
+    }
+    
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/state.c b/crypto/kerberosIV/appl/telnet/telnetd/state.c
new file mode 100644
index 0000000..80b90ea
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/state.c
@@ -0,0 +1,1356 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: state.c,v 1.13 1999/05/13 23:12:50 assar Exp $");
+
+unsigned char	doopt[] = { IAC, DO, '%', 'c', 0 };
+unsigned char	dont[] = { IAC, DONT, '%', 'c', 0 };
+unsigned char	will[] = { IAC, WILL, '%', 'c', 0 };
+unsigned char	wont[] = { IAC, WONT, '%', 'c', 0 };
+int	not42 = 1;
+
+/*
+ * Buffer for sub-options, and macros
+ * for suboptions buffer manipulations
+ */
+unsigned char subbuffer[2048], *subpointer= subbuffer, *subend= subbuffer;
+
+#define	SB_CLEAR()	subpointer = subbuffer
+#define	SB_TERM()	{ subend = subpointer; SB_CLEAR(); }
+#define	SB_ACCUM(c)	if (subpointer < (subbuffer+sizeof subbuffer)) { \
+    *subpointer++ = (c); \
+			     }
+#define	SB_GET()	((*subpointer++)&0xff)
+#define	SB_EOF()	(subpointer >= subend)
+#define	SB_LEN()	(subend - subpointer)
+
+#ifdef	ENV_HACK
+unsigned char *subsave;
+#define SB_SAVE()	subsave = subpointer;
+#define	SB_RESTORE()	subpointer = subsave;
+#endif
+
+
+/*
+ * State for recv fsm
+ */
+#define	TS_DATA		0	/* base state */
+#define	TS_IAC		1	/* look for double IAC's */
+#define	TS_CR		2	/* CR-LF ->'s CR */
+#define	TS_SB		3	/* throw away begin's... */
+#define	TS_SE		4	/* ...end's (suboption negotiation) */
+#define	TS_WILL		5	/* will option negotiation */
+#define	TS_WONT		6	/* wont -''- */
+#define	TS_DO		7	/* do -''- */
+#define	TS_DONT		8	/* dont -''- */
+
+void
+telrcv(void)
+{
+    int c;
+    static int state = TS_DATA;
+
+    while (ncc > 0) {
+	if ((&ptyobuf[BUFSIZ] - pfrontp) < 2)
+	    break;
+	c = *netip++ & 0377, ncc--;
+#ifdef ENCRYPTION
+	if (decrypt_input)
+	    c = (*decrypt_input)(c);
+#endif
+	switch (state) {
+
+	case TS_CR:
+	    state = TS_DATA;
+	    /* Strip off \n or \0 after a \r */
+	    if ((c == 0) || (c == '\n')) {
+		break;
+	    }
+	    /* FALL THROUGH */
+
+	case TS_DATA:
+	    if (c == IAC) {
+		state = TS_IAC;
+		break;
+	    }
+	    /*
+	     * We now map \r\n ==> \r for pragmatic reasons.
+	     * Many client implementations send \r\n when
+	     * the user hits the CarriageReturn key.
+	     *
+	     * We USED to map \r\n ==> \n, since \r\n says
+	     * that we want to be in column 1 of the next
+	     * printable line, and \n is the standard
+	     * unix way of saying that (\r is only good
+	     * if CRMOD is set, which it normally is).
+	     */
+	    if ((c == '\r') && his_state_is_wont(TELOPT_BINARY)) {
+		int nc = *netip;
+#ifdef ENCRYPTION
+		if (decrypt_input)
+		    nc = (*decrypt_input)(nc & 0xff);
+#endif
+		{
+#ifdef ENCRYPTION
+		    if (decrypt_input)
+			(void)(*decrypt_input)(-1);
+#endif
+		    state = TS_CR;
+		}
+	    }
+	    *pfrontp++ = c;
+	    break;
+
+	case TS_IAC:
+	gotiac:			switch (c) {
+
+	    /*
+	     * Send the process on the pty side an
+	     * interrupt.  Do this with a NULL or
+	     * interrupt char; depending on the tty mode.
+	     */
+	case IP:
+	    DIAG(TD_OPTIONS,
+		 printoption("td: recv IAC", c));
+	    interrupt();
+	    break;
+
+	case BREAK:
+	    DIAG(TD_OPTIONS,
+		 printoption("td: recv IAC", c));
+	    sendbrk();
+	    break;
+
+	    /*
+	     * Are You There?
+	     */
+	case AYT:
+	    DIAG(TD_OPTIONS,
+		 printoption("td: recv IAC", c));
+	    recv_ayt();
+	    break;
+
+	    /*
+	     * Abort Output
+	     */
+	case AO:
+	    {
+		DIAG(TD_OPTIONS,
+		     printoption("td: recv IAC", c));
+		ptyflush();	/* half-hearted */
+		init_termbuf();
+
+		if (slctab[SLC_AO].sptr &&
+		    *slctab[SLC_AO].sptr != (cc_t)(_POSIX_VDISABLE)) {
+		    *pfrontp++ =
+			(unsigned char)*slctab[SLC_AO].sptr;
+		}
+
+		netclear();	/* clear buffer back */
+		output_data ("%c%c", IAC, DM);
+		neturg = nfrontp-1; /* off by one XXX */
+		DIAG(TD_OPTIONS,
+		     printoption("td: send IAC", DM));
+		break;
+	    }
+
+	/*
+	 * Erase Character and
+	 * Erase Line
+	 */
+	case EC:
+	case EL:
+	    {
+		cc_t ch;
+
+		DIAG(TD_OPTIONS,
+		     printoption("td: recv IAC", c));
+		ptyflush();	/* half-hearted */
+		init_termbuf();
+		if (c == EC)
+		    ch = *slctab[SLC_EC].sptr;
+		else
+		    ch = *slctab[SLC_EL].sptr;
+		if (ch != (cc_t)(_POSIX_VDISABLE))
+		    *pfrontp++ = (unsigned char)ch;
+		break;
+	    }
+
+	/*
+	 * Check for urgent data...
+	 */
+	case DM:
+	    DIAG(TD_OPTIONS,
+		 printoption("td: recv IAC", c));
+	    SYNCHing = stilloob(net);
+	    settimer(gotDM);
+	    break;
+
+
+	    /*
+	     * Begin option subnegotiation...
+	     */
+	case SB:
+	    state = TS_SB;
+	    SB_CLEAR();
+	    continue;
+
+	case WILL:
+	    state = TS_WILL;
+	    continue;
+
+	case WONT:
+	    state = TS_WONT;
+	    continue;
+
+	case DO:
+	    state = TS_DO;
+	    continue;
+
+	case DONT:
+	    state = TS_DONT;
+	    continue;
+	case EOR:
+	    if (his_state_is_will(TELOPT_EOR))
+		doeof();
+	    break;
+
+	    /*
+	     * Handle RFC 10xx Telnet linemode option additions
+	     * to command stream (EOF, SUSP, ABORT).
+	     */
+	case xEOF:
+	    doeof();
+	    break;
+
+	case SUSP:
+	    sendsusp();
+	    break;
+
+	case ABORT:
+	    sendbrk();
+	    break;
+
+	case IAC:
+	    *pfrontp++ = c;
+	    break;
+	}
+	state = TS_DATA;
+	break;
+
+	case TS_SB:
+	    if (c == IAC) {
+		state = TS_SE;
+	    } else {
+		SB_ACCUM(c);
+	    }
+	    break;
+
+	case TS_SE:
+	    if (c != SE) {
+		if (c != IAC) {
+		    /*
+		     * bad form of suboption negotiation.
+		     * handle it in such a way as to avoid
+		     * damage to local state.  Parse
+		     * suboption buffer found so far,
+		     * then treat remaining stream as
+		     * another command sequence.
+		     */
+
+		    /* for DIAGNOSTICS */
+		    SB_ACCUM(IAC);
+		    SB_ACCUM(c);
+		    subpointer -= 2;
+
+		    SB_TERM();
+		    suboption();
+		    state = TS_IAC;
+		    goto gotiac;
+		}
+		SB_ACCUM(c);
+		state = TS_SB;
+	    } else {
+		/* for DIAGNOSTICS */
+		SB_ACCUM(IAC);
+		SB_ACCUM(SE);
+		subpointer -= 2;
+
+		SB_TERM();
+		suboption();	/* handle sub-option */
+		state = TS_DATA;
+	    }
+	    break;
+
+	case TS_WILL:
+	    willoption(c);
+	    state = TS_DATA;
+	    continue;
+
+	case TS_WONT:
+	    wontoption(c);
+	    if (c==TELOPT_ENCRYPT && his_do_dont_is_changing(TELOPT_ENCRYPT) )
+                dontoption(c);
+	    state = TS_DATA;
+	    continue;
+
+	case TS_DO:
+	    dooption(c);
+	    state = TS_DATA;
+	    continue;
+
+	case TS_DONT:
+	    dontoption(c);
+	    state = TS_DATA;
+	    continue;
+
+	default:
+	    syslog(LOG_ERR, "telnetd: panic state=%d\n", state);
+	    printf("telnetd: panic state=%d\n", state);
+	    exit(1);
+	}
+    }
+}  /* end of telrcv */
+
+/*
+ * The will/wont/do/dont state machines are based on Dave Borman's
+ * Telnet option processing state machine.
+ *
+ * These correspond to the following states:
+ *	my_state = the last negotiated state
+ *	want_state = what I want the state to go to
+ *	want_resp = how many requests I have sent
+ * All state defaults are negative, and resp defaults to 0.
+ *
+ * When initiating a request to change state to new_state:
+ *
+ * if ((want_resp == 0 && new_state == my_state) || want_state == new_state) {
+ *	do nothing;
+ * } else {
+ *	want_state = new_state;
+ *	send new_state;
+ *	want_resp++;
+ * }
+ *
+ * When receiving new_state:
+ *
+ * if (want_resp) {
+ *	want_resp--;
+ *	if (want_resp && (new_state == my_state))
+ *		want_resp--;
+ * }
+ * if ((want_resp == 0) && (new_state != want_state)) {
+ *	if (ok_to_switch_to new_state)
+ *		want_state = new_state;
+ *	else
+ *		want_resp++;
+ *	send want_state;
+ * }
+ * my_state = new_state;
+ *
+ * Note that new_state is implied in these functions by the function itself.
+ * will and do imply positive new_state, wont and dont imply negative.
+ *
+ * Finally, there is one catch.  If we send a negative response to a
+ * positive request, my_state will be the positive while want_state will
+ * remain negative.  my_state will revert to negative when the negative
+ * acknowlegment arrives from the peer.  Thus, my_state generally tells
+ * us not only the last negotiated state, but also tells us what the peer
+ * wants to be doing as well.  It is important to understand this difference
+ * as we may wish to be processing data streams based on our desired state
+ * (want_state) or based on what the peer thinks the state is (my_state).
+ *
+ * This all works fine because if the peer sends a positive request, the data
+ * that we receive prior to negative acknowlegment will probably be affected
+ * by the positive state, and we can process it as such (if we can; if we
+ * can't then it really doesn't matter).  If it is that important, then the
+ * peer probably should be buffering until this option state negotiation
+ * is complete.
+ *
+ */
+void
+send_do(int option, int init)
+{
+    if (init) {
+	if ((do_dont_resp[option] == 0 && his_state_is_will(option)) ||
+	    his_want_state_is_will(option))
+	    return;
+	/*
+	 * Special case for TELOPT_TM:  We send a DO, but pretend
+	 * that we sent a DONT, so that we can send more DOs if
+	 * we want to.
+	 */
+	if (option == TELOPT_TM)
+	    set_his_want_state_wont(option);
+	else
+	    set_his_want_state_will(option);
+	do_dont_resp[option]++;
+    }
+    output_data((const char *)doopt, option);
+
+    DIAG(TD_OPTIONS, printoption("td: send do", option));
+}
+
+#ifdef	AUTHENTICATION
+extern void auth_request(void);
+#endif
+#ifdef	ENCRYPTION
+extern void encrypt_send_support();
+#endif
+
+void
+willoption(int option)
+{
+    int changeok = 0;
+    void (*func)() = 0;
+
+    /*
+     * process input from peer.
+     */
+
+    DIAG(TD_OPTIONS, printoption("td: recv will", option));
+
+    if (do_dont_resp[option]) {
+	do_dont_resp[option]--;
+	if (do_dont_resp[option] && his_state_is_will(option))
+	    do_dont_resp[option]--;
+    }
+    if (do_dont_resp[option] == 0) {
+	if (his_want_state_is_wont(option)) {
+	    switch (option) {
+
+	    case TELOPT_BINARY:
+		init_termbuf();
+		tty_binaryin(1);
+		set_termbuf();
+		changeok++;
+		break;
+
+	    case TELOPT_ECHO:
+		/*
+		 * See comments below for more info.
+		 */
+		not42 = 0;	/* looks like a 4.2 system */
+		break;
+
+	    case TELOPT_TM:
+		/*
+		 * We never respond to a WILL TM, and
+		 * we leave the state WONT.
+		 */
+		return;
+
+	    case TELOPT_LFLOW:
+		/*
+		 * If we are going to support flow control
+		 * option, then don't worry peer that we can't
+		 * change the flow control characters.
+		 */
+		slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
+		slctab[SLC_XON].defset.flag |= SLC_DEFAULT;
+		slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
+		slctab[SLC_XOFF].defset.flag |= SLC_DEFAULT;
+	    case TELOPT_TTYPE:
+	    case TELOPT_SGA:
+	    case TELOPT_NAWS:
+	    case TELOPT_TSPEED:
+	    case TELOPT_XDISPLOC:
+	    case TELOPT_NEW_ENVIRON:
+	    case TELOPT_OLD_ENVIRON:
+		changeok++;
+		break;
+
+
+#ifdef	AUTHENTICATION
+	    case TELOPT_AUTHENTICATION:
+		func = auth_request;
+		changeok++;
+		break;
+#endif
+
+#ifdef	ENCRYPTION
+	    case TELOPT_ENCRYPT:
+		func = encrypt_send_support;
+		changeok++;
+		break;
+#endif
+			
+	    default:
+		break;
+	    }
+	    if (changeok) {
+		set_his_want_state_will(option);
+		send_do(option, 0);
+	    } else {
+		do_dont_resp[option]++;
+		send_dont(option, 0);
+	    }
+	} else {
+	    /*
+	     * Option processing that should happen when
+	     * we receive conformation of a change in
+	     * state that we had requested.
+	     */
+	    switch (option) {
+	    case TELOPT_ECHO:
+		not42 = 0;	/* looks like a 4.2 system */
+		/*
+		 * Egads, he responded "WILL ECHO".  Turn
+		 * it off right now!
+		 */
+		send_dont(option, 1);
+		/*
+		 * "WILL ECHO".  Kludge upon kludge!
+		 * A 4.2 client is now echoing user input at
+		 * the tty.  This is probably undesireable and
+		 * it should be stopped.  The client will
+		 * respond WONT TM to the DO TM that we send to
+		 * check for kludge linemode.  When the WONT TM
+		 * arrives, linemode will be turned off and a
+		 * change propogated to the pty.  This change
+		 * will cause us to process the new pty state
+		 * in localstat(), which will notice that
+		 * linemode is off and send a WILL ECHO
+		 * so that we are properly in character mode and
+		 * all is well.
+		 */
+		break;
+
+#ifdef	AUTHENTICATION
+	    case TELOPT_AUTHENTICATION:
+		func = auth_request;
+		break;
+#endif
+
+#ifdef	ENCRYPTION
+	    case TELOPT_ENCRYPT:
+		func = encrypt_send_support;
+		break;
+#endif
+
+	    case TELOPT_LFLOW:
+		func = flowstat;
+		break;
+	    }
+	}
+    }
+    set_his_state_will(option);
+    if (func)
+	(*func)();
+}  /* end of willoption */
+
+void
+send_dont(int option, int init)
+{
+    if (init) {
+	if ((do_dont_resp[option] == 0 && his_state_is_wont(option)) ||
+	    his_want_state_is_wont(option))
+	    return;
+	set_his_want_state_wont(option);
+	do_dont_resp[option]++;
+    }
+    output_data((const char *)dont, option);
+
+    DIAG(TD_OPTIONS, printoption("td: send dont", option));
+}
+
+void
+wontoption(int option)
+{
+    /*
+     * Process client input.
+	 */
+
+    DIAG(TD_OPTIONS, printoption("td: recv wont", option));
+
+    if (do_dont_resp[option]) {
+	do_dont_resp[option]--;
+	if (do_dont_resp[option] && his_state_is_wont(option))
+	    do_dont_resp[option]--;
+    }
+    if (do_dont_resp[option] == 0) {
+	if (his_want_state_is_will(option)) {
+	    /* it is always ok to change to negative state */
+	    switch (option) {
+	    case TELOPT_ECHO:
+		not42 = 1; /* doesn't seem to be a 4.2 system */
+		break;
+
+	    case TELOPT_BINARY:
+		init_termbuf();
+		tty_binaryin(0);
+		set_termbuf();
+		break;
+
+	    case TELOPT_TM:
+		/*
+		 * If we get a WONT TM, and had sent a DO TM,
+		 * don't respond with a DONT TM, just leave it
+		 * as is.  Short circut the state machine to
+		 * achive this.
+		 */
+		set_his_want_state_wont(TELOPT_TM);
+		return;
+
+	    case TELOPT_LFLOW:
+		/*
+		 * If we are not going to support flow control
+		 * option, then let peer know that we can't
+		 * change the flow control characters.
+		 */
+		slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
+		slctab[SLC_XON].defset.flag |= SLC_CANTCHANGE;
+		slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
+		slctab[SLC_XOFF].defset.flag |= SLC_CANTCHANGE;
+		break;
+
+#ifdef AUTHENTICATION
+	    case TELOPT_AUTHENTICATION:
+		auth_finished(0, AUTH_REJECT);
+		break;
+#endif
+
+		/*
+		 * For options that we might spin waiting for
+		 * sub-negotiation, if the client turns off the
+		 * option rather than responding to the request,
+		 * we have to treat it here as if we got a response
+		 * to the sub-negotiation, (by updating the timers)
+		 * so that we'll break out of the loop.
+		 */
+	    case TELOPT_TTYPE:
+		settimer(ttypesubopt);
+		break;
+
+	    case TELOPT_TSPEED:
+		settimer(tspeedsubopt);
+		break;
+
+	    case TELOPT_XDISPLOC:
+		settimer(xdisplocsubopt);
+		break;
+
+	    case TELOPT_OLD_ENVIRON:
+		settimer(oenvironsubopt);
+		break;
+
+	    case TELOPT_NEW_ENVIRON:
+		settimer(environsubopt);
+		break;
+
+	    default:
+		break;
+	    }
+	    set_his_want_state_wont(option);
+	    if (his_state_is_will(option))
+		send_dont(option, 0);
+	} else {
+	    switch (option) {
+	    case TELOPT_TM:
+		break;
+
+#ifdef AUTHENTICATION
+	    case TELOPT_AUTHENTICATION:
+		auth_finished(0, AUTH_REJECT);
+		break;
+#endif
+	    default:
+		break;
+	    }
+	}
+    }
+    set_his_state_wont(option);
+
+}  /* end of wontoption */
+
+void
+send_will(int option, int init)
+{
+    if (init) {
+	if ((will_wont_resp[option] == 0 && my_state_is_will(option))||
+	    my_want_state_is_will(option))
+	    return;
+	set_my_want_state_will(option);
+	will_wont_resp[option]++;
+    }
+    output_data ((const char *)will, option);
+
+    DIAG(TD_OPTIONS, printoption("td: send will", option));
+}
+
+/*
+ * When we get a DONT SGA, we will try once to turn it
+ * back on.  If the other side responds DONT SGA, we
+ * leave it at that.  This is so that when we talk to
+ * clients that understand KLUDGELINEMODE but not LINEMODE,
+ * we'll keep them in char-at-a-time mode.
+ */
+int turn_on_sga = 0;
+
+void
+dooption(int option)
+{
+    int changeok = 0;
+
+    /*
+     * Process client input.
+     */
+
+    DIAG(TD_OPTIONS, printoption("td: recv do", option));
+
+    if (will_wont_resp[option]) {
+	will_wont_resp[option]--;
+	if (will_wont_resp[option] && my_state_is_will(option))
+	    will_wont_resp[option]--;
+    }
+    if ((will_wont_resp[option] == 0) && (my_want_state_is_wont(option))) {
+	switch (option) {
+	case TELOPT_ECHO:
+	    {
+		init_termbuf();
+		tty_setecho(1);
+		set_termbuf();
+	    }
+	changeok++;
+	break;
+
+	case TELOPT_BINARY:
+	    init_termbuf();
+	    tty_binaryout(1);
+	    set_termbuf();
+	    changeok++;
+	    break;
+
+	case TELOPT_SGA:
+	    turn_on_sga = 0;
+	    changeok++;
+	    break;
+
+	case TELOPT_STATUS:
+	    changeok++;
+	    break;
+
+	case TELOPT_TM:
+	    /*
+	     * Special case for TM.  We send a WILL, but
+	     * pretend we sent a WONT.
+	     */
+	    send_will(option, 0);
+	    set_my_want_state_wont(option);
+	    set_my_state_wont(option);
+	    return;
+
+	case TELOPT_LOGOUT:
+	    /*
+	     * When we get a LOGOUT option, respond
+	     * with a WILL LOGOUT, make sure that
+	     * it gets written out to the network,
+	     * and then just go away...
+	     */
+	    set_my_want_state_will(TELOPT_LOGOUT);
+	    send_will(TELOPT_LOGOUT, 0);
+	    set_my_state_will(TELOPT_LOGOUT);
+	    netflush();
+	    cleanup(0);
+	    /* NOT REACHED */
+	    break;
+
+#ifdef ENCRYPTION
+	case TELOPT_ENCRYPT:
+	    changeok++;
+	    break;
+#endif
+	case TELOPT_LINEMODE:
+	case TELOPT_TTYPE:
+	case TELOPT_NAWS:
+	case TELOPT_TSPEED:
+	case TELOPT_LFLOW:
+	case TELOPT_XDISPLOC:
+#ifdef	TELOPT_ENVIRON
+	case TELOPT_NEW_ENVIRON:
+#endif
+	case TELOPT_OLD_ENVIRON:
+	default:
+	    break;
+	}
+	if (changeok) {
+	    set_my_want_state_will(option);
+	    send_will(option, 0);
+	} else {
+	    will_wont_resp[option]++;
+	    send_wont(option, 0);
+	}
+    }
+    set_my_state_will(option);
+
+}  /* end of dooption */
+
+void
+send_wont(int option, int init)
+{
+    if (init) {
+	if ((will_wont_resp[option] == 0 && my_state_is_wont(option)) ||
+	    my_want_state_is_wont(option))
+	    return;
+	set_my_want_state_wont(option);
+	will_wont_resp[option]++;
+    }
+    output_data ((const char *)wont, option);
+
+    DIAG(TD_OPTIONS, printoption("td: send wont", option));
+}
+
+void
+dontoption(int option)
+{
+    /*
+     * Process client input.
+	 */
+
+
+    DIAG(TD_OPTIONS, printoption("td: recv dont", option));
+
+    if (will_wont_resp[option]) {
+	will_wont_resp[option]--;
+	if (will_wont_resp[option] && my_state_is_wont(option))
+	    will_wont_resp[option]--;
+    }
+    if ((will_wont_resp[option] == 0) && (my_want_state_is_will(option))) {
+	switch (option) {
+	case TELOPT_BINARY:
+	    init_termbuf();
+	    tty_binaryout(0);
+	    set_termbuf();
+	    break;
+
+	case TELOPT_ECHO:	/* we should stop echoing */
+	    {
+		init_termbuf();
+		tty_setecho(0);
+		set_termbuf();
+	    }
+	break;
+
+	case TELOPT_SGA:
+	    set_my_want_state_wont(option);
+	    if (my_state_is_will(option))
+		send_wont(option, 0);
+	    set_my_state_wont(option);
+	    if (turn_on_sga ^= 1)
+		send_will(option, 1);
+	    return;
+
+	default:
+	    break;
+	}
+
+	set_my_want_state_wont(option);
+	if (my_state_is_will(option))
+	    send_wont(option, 0);
+    }
+    set_my_state_wont(option);
+
+}  /* end of dontoption */
+
+#ifdef	ENV_HACK
+int env_ovar = -1;
+int env_ovalue = -1;
+#else	/* ENV_HACK */
+# define env_ovar OLD_ENV_VAR
+# define env_ovalue OLD_ENV_VALUE
+#endif	/* ENV_HACK */
+
+/*
+ * suboption()
+ *
+ *	Look at the sub-option buffer, and try to be helpful to the other
+ * side.
+ *
+ *	Currently we recognize:
+ *
+ *	Terminal type is
+ *	Linemode
+ *	Window size
+ *	Terminal speed
+ */
+void
+suboption(void)
+{
+    int subchar;
+
+    DIAG(TD_OPTIONS, {netflush(); printsub('<', subpointer, SB_LEN()+2);});
+
+    subchar = SB_GET();
+    switch (subchar) {
+    case TELOPT_TSPEED: {
+	int xspeed, rspeed;
+
+	if (his_state_is_wont(TELOPT_TSPEED))	/* Ignore if option disabled */
+	    break;
+
+	settimer(tspeedsubopt);
+
+	if (SB_EOF() || SB_GET() != TELQUAL_IS)
+	    return;
+
+	xspeed = atoi((char *)subpointer);
+
+	while (SB_GET() != ',' && !SB_EOF());
+	if (SB_EOF())
+	    return;
+
+	rspeed = atoi((char *)subpointer);
+	clientstat(TELOPT_TSPEED, xspeed, rspeed);
+
+	break;
+
+    }  /* end of case TELOPT_TSPEED */
+
+    case TELOPT_TTYPE: {		/* Yaaaay! */
+	static char terminalname[41];
+
+	if (his_state_is_wont(TELOPT_TTYPE))	/* Ignore if option disabled */
+	    break;
+	settimer(ttypesubopt);
+
+	if (SB_EOF() || SB_GET() != TELQUAL_IS) {
+	    return;		/* ??? XXX but, this is the most robust */
+	}
+
+	terminaltype = terminalname;
+
+	while ((terminaltype < (terminalname + sizeof terminalname-1)) &&
+	       !SB_EOF()) {
+	    int c;
+
+	    c = SB_GET();
+	    if (isupper(c)) {
+		c = tolower(c);
+	    }
+	    *terminaltype++ = c;    /* accumulate name */
+	}
+	*terminaltype = 0;
+	terminaltype = terminalname;
+	break;
+    }  /* end of case TELOPT_TTYPE */
+
+    case TELOPT_NAWS: {
+	int xwinsize, ywinsize;
+
+	if (his_state_is_wont(TELOPT_NAWS))	/* Ignore if option disabled */
+	    break;
+
+	if (SB_EOF())
+	    return;
+	xwinsize = SB_GET() << 8;
+	if (SB_EOF())
+	    return;
+	xwinsize |= SB_GET();
+	if (SB_EOF())
+	    return;
+	ywinsize = SB_GET() << 8;
+	if (SB_EOF())
+	    return;
+	ywinsize |= SB_GET();
+	clientstat(TELOPT_NAWS, xwinsize, ywinsize);
+
+	break;
+
+    }  /* end of case TELOPT_NAWS */
+
+    case TELOPT_STATUS: {
+	int mode;
+
+	if (SB_EOF())
+	    break;
+	mode = SB_GET();
+	switch (mode) {
+	case TELQUAL_SEND:
+	    if (my_state_is_will(TELOPT_STATUS))
+		send_status();
+	    break;
+
+	case TELQUAL_IS:
+	    break;
+
+	default:
+	    break;
+	}
+	break;
+    }  /* end of case TELOPT_STATUS */
+
+    case TELOPT_XDISPLOC: {
+	if (SB_EOF() || SB_GET() != TELQUAL_IS)
+	    return;
+	settimer(xdisplocsubopt);
+	subpointer[SB_LEN()] = '\0';
+	setenv("DISPLAY", (char *)subpointer, 1);
+	break;
+    }  /* end of case TELOPT_XDISPLOC */
+
+#ifdef	TELOPT_NEW_ENVIRON
+    case TELOPT_NEW_ENVIRON:
+#endif
+    case TELOPT_OLD_ENVIRON: {
+	int c;
+	char *cp, *varp, *valp;
+
+	if (SB_EOF())
+	    return;
+	c = SB_GET();
+	if (c == TELQUAL_IS) {
+	    if (subchar == TELOPT_OLD_ENVIRON)
+		settimer(oenvironsubopt);
+	    else
+		settimer(environsubopt);
+	} else if (c != TELQUAL_INFO) {
+	    return;
+	}
+
+#ifdef	TELOPT_NEW_ENVIRON
+	if (subchar == TELOPT_NEW_ENVIRON) {
+	    while (!SB_EOF()) {
+		c = SB_GET();
+		if ((c == NEW_ENV_VAR) || (c == ENV_USERVAR))
+		    break;
+	    }
+	} else
+#endif
+	    {
+#ifdef	ENV_HACK
+		/*
+		 * We only want to do this if we haven't already decided
+		 * whether or not the other side has its VALUE and VAR
+		 * reversed.
+		 */
+		if (env_ovar < 0) {
+		    int last = -1;		/* invalid value */
+		    int empty = 0;
+		    int got_var = 0, got_value = 0, got_uservar = 0;
+
+		    /*
+		     * The other side might have its VALUE and VAR values
+		     * reversed.  To be interoperable, we need to determine
+		     * which way it is.  If the first recognized character
+		     * is a VAR or VALUE, then that will tell us what
+		     * type of client it is.  If the fist recognized
+		     * character is a USERVAR, then we continue scanning
+		     * the suboption looking for two consecutive
+		     * VAR or VALUE fields.  We should not get two
+		     * consecutive VALUE fields, so finding two
+		     * consecutive VALUE or VAR fields will tell us
+		     * what the client is.
+		     */
+		    SB_SAVE();
+		    while (!SB_EOF()) {
+			c = SB_GET();
+			switch(c) {
+			case OLD_ENV_VAR:
+			    if (last < 0 || last == OLD_ENV_VAR
+				|| (empty && (last == OLD_ENV_VALUE)))
+				goto env_ovar_ok;
+			    got_var++;
+			    last = OLD_ENV_VAR;
+			    break;
+			case OLD_ENV_VALUE:
+			    if (last < 0 || last == OLD_ENV_VALUE
+				|| (empty && (last == OLD_ENV_VAR)))
+				goto env_ovar_wrong;
+			    got_value++;
+			    last = OLD_ENV_VALUE;
+			    break;
+			case ENV_USERVAR:
+			    /* count strings of USERVAR as one */
+			    if (last != ENV_USERVAR)
+				got_uservar++;
+			    if (empty) {
+				if (last == OLD_ENV_VALUE)
+				    goto env_ovar_ok;
+				if (last == OLD_ENV_VAR)
+				    goto env_ovar_wrong;
+			    }
+			    last = ENV_USERVAR;
+			    break;
+			case ENV_ESC:
+			    if (!SB_EOF())
+				c = SB_GET();
+			    /* FALL THROUGH */
+			default:
+			    empty = 0;
+			    continue;
+			}
+			empty = 1;
+		    }
+		    if (empty) {
+			if (last == OLD_ENV_VALUE)
+			    goto env_ovar_ok;
+			if (last == OLD_ENV_VAR)
+			    goto env_ovar_wrong;
+		    }
+		    /*
+		     * Ok, the first thing was a USERVAR, and there
+		     * are not two consecutive VAR or VALUE commands,
+		     * and none of the VAR or VALUE commands are empty.
+		     * If the client has sent us a well-formed option,
+		     * then the number of VALUEs received should always
+		     * be less than or equal to the number of VARs and
+		     * USERVARs received.
+		     *
+		     * If we got exactly as many VALUEs as VARs and
+		     * USERVARs, the client has the same definitions.
+		     *
+		     * If we got exactly as many VARs as VALUEs and
+		     * USERVARS, the client has reversed definitions.
+		     */
+		    if (got_uservar + got_var == got_value) {
+		    env_ovar_ok:
+			env_ovar = OLD_ENV_VAR;
+			env_ovalue = OLD_ENV_VALUE;
+		    } else if (got_uservar + got_value == got_var) {
+		    env_ovar_wrong:
+			env_ovar = OLD_ENV_VALUE;
+			env_ovalue = OLD_ENV_VAR;
+			DIAG(TD_OPTIONS, {
+			    output_data("ENVIRON VALUE and VAR are reversed!\r\n");
+			});
+
+		    }
+		}
+		SB_RESTORE();
+#endif
+
+		while (!SB_EOF()) {
+		    c = SB_GET();
+		    if ((c == env_ovar) || (c == ENV_USERVAR))
+			break;
+		}
+	    }
+
+	if (SB_EOF())
+	    return;
+
+	cp = varp = (char *)subpointer;
+	valp = 0;
+
+	while (!SB_EOF()) {
+	    c = SB_GET();
+	    if (subchar == TELOPT_OLD_ENVIRON) {
+		if (c == env_ovar)
+		    c = NEW_ENV_VAR;
+		else if (c == env_ovalue)
+		    c = NEW_ENV_VALUE;
+	    }
+	    switch (c) {
+
+	    case NEW_ENV_VALUE:
+		*cp = '\0';
+		cp = valp = (char *)subpointer;
+		break;
+
+	    case NEW_ENV_VAR:
+	    case ENV_USERVAR:
+		*cp = '\0';
+		if (valp)
+		    setenv(varp, valp, 1);
+		else
+		    unsetenv(varp);
+		cp = varp = (char *)subpointer;
+		valp = 0;
+		break;
+
+	    case ENV_ESC:
+		if (SB_EOF())
+		    break;
+		c = SB_GET();
+		/* FALL THROUGH */
+	    default:
+		*cp++ = c;
+		break;
+	    }
+	}
+	*cp = '\0';
+	if (valp)
+	    setenv(varp, valp, 1);
+	else
+	    unsetenv(varp);
+	break;
+    }  /* end of case TELOPT_NEW_ENVIRON */
+#ifdef AUTHENTICATION
+    case TELOPT_AUTHENTICATION:
+	if (SB_EOF())
+	    break;
+	switch(SB_GET()) {
+	case TELQUAL_SEND:
+	case TELQUAL_REPLY:
+	    /*
+	     * These are sent by us and cannot be sent by
+	     * the client.
+	     */
+	    break;
+	case TELQUAL_IS:
+	    auth_is(subpointer, SB_LEN());
+	    break;
+	case TELQUAL_NAME:
+	    auth_name(subpointer, SB_LEN());
+	    break;
+	}
+	break;
+#endif
+#ifdef ENCRYPTION
+    case TELOPT_ENCRYPT:
+	if (SB_EOF())
+	    break;
+	switch(SB_GET()) {
+	case ENCRYPT_SUPPORT:
+	    encrypt_support(subpointer, SB_LEN());
+	    break;
+	case ENCRYPT_IS:
+	    encrypt_is(subpointer, SB_LEN());
+	    break;
+	case ENCRYPT_REPLY:
+	    encrypt_reply(subpointer, SB_LEN());
+	    break;
+	case ENCRYPT_START:
+	    encrypt_start(subpointer, SB_LEN());
+	    break;
+	case ENCRYPT_END:
+	    encrypt_end();
+	    break;
+	case ENCRYPT_REQSTART:
+	    encrypt_request_start(subpointer, SB_LEN());
+	    break;
+	case ENCRYPT_REQEND:
+	    /*
+	     * We can always send an REQEND so that we cannot
+	     * get stuck encrypting.  We should only get this
+	     * if we have been able to get in the correct mode
+	     * anyhow.
+	     */
+	    encrypt_request_end();
+	    break;
+	case ENCRYPT_ENC_KEYID:
+	    encrypt_enc_keyid(subpointer, SB_LEN());
+	    break;
+	case ENCRYPT_DEC_KEYID:
+	    encrypt_dec_keyid(subpointer, SB_LEN());
+	    break;
+	default:
+	    break;
+	}
+	break;
+#endif
+
+    default:
+	break;
+    }  /* end of switch */
+
+}  /* end of suboption */
+
+void
+doclientstat(void)
+{
+    clientstat(TELOPT_LINEMODE, WILL, 0);
+}
+
+#define	ADD(c)	 *ncp++ = c
+#define	ADD_DATA(c) { *ncp++ = c; if (c == SE || c == IAC) *ncp++ = c; }
+
+void
+send_status(void)
+{
+    unsigned char statusbuf[256];
+    unsigned char *ncp;
+    unsigned char i;
+
+    ncp = statusbuf;
+
+    netflush();	/* get rid of anything waiting to go out */
+
+    ADD(IAC);
+    ADD(SB);
+    ADD(TELOPT_STATUS);
+    ADD(TELQUAL_IS);
+
+    /*
+     * We check the want_state rather than the current state,
+     * because if we received a DO/WILL for an option that we
+     * don't support, and the other side didn't send a DONT/WONT
+     * in response to our WONT/DONT, then the "state" will be
+     * WILL/DO, and the "want_state" will be WONT/DONT.  We
+     * need to go by the latter.
+     */
+    for (i = 0; i < (unsigned char)NTELOPTS; i++) {
+	if (my_want_state_is_will(i)) {
+	    ADD(WILL);
+	    ADD_DATA(i);
+	}
+	if (his_want_state_is_will(i)) {
+	    ADD(DO);
+	    ADD_DATA(i);
+	}
+    }
+
+    if (his_want_state_is_will(TELOPT_LFLOW)) {
+	ADD(SB);
+	ADD(TELOPT_LFLOW);
+	if (flowmode) {
+	    ADD(LFLOW_ON);
+	} else {
+	    ADD(LFLOW_OFF);
+	}
+	ADD(SE);
+
+	if (restartany >= 0) {
+	    ADD(SB);
+	    ADD(TELOPT_LFLOW);
+	    if (restartany) {
+		ADD(LFLOW_RESTART_ANY);
+	    } else {
+		ADD(LFLOW_RESTART_XON);
+	    }
+	    ADD(SE);
+	}
+    }
+
+
+    ADD(IAC);
+    ADD(SE);
+
+    writenet(statusbuf, ncp - statusbuf);
+    netflush();	/* Send it on its way */
+
+    DIAG(TD_OPTIONS,
+	 {printsub('>', statusbuf, ncp - statusbuf); netflush();});
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c b/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c
new file mode 100644
index 0000000..09753c0
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c
@@ -0,0 +1,1863 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: sys_term.c,v 1.85.2.1 1999/07/22 03:23:19 assar Exp $");
+
+#if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H))
+# define PARENT_DOES_UTMP
+#endif
+
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+
+#ifdef HAVE_UTMPX_H
+struct	utmpx wtmp;
+#elif defined(HAVE_UTMP_H)
+struct	utmp wtmp;
+#endif /* HAVE_UTMPX_H */
+
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
+int	utmp_len = sizeof(wtmp.ut_host);
+#else
+int	utmp_len = MaxHostNameLen;
+#endif
+
+#ifndef UTMP_FILE
+#ifdef _PATH_UTMP
+#define UTMP_FILE _PATH_UTMP
+#else
+#define UTMP_FILE "/etc/utmp"
+#endif
+#endif
+
+#if !defined(WTMP_FILE) && defined(_PATH_WTMP)
+#define WTMP_FILE _PATH_WTMP
+#endif
+
+#ifndef PARENT_DOES_UTMP
+#ifdef WTMP_FILE
+char	wtmpf[] = WTMP_FILE;
+#else
+char	wtmpf[]	= "/usr/adm/wtmp";
+#endif
+char	utmpf[] = UTMP_FILE;
+#else /* PARENT_DOES_UTMP */
+#ifdef WTMP_FILE
+char	wtmpf[] = WTMP_FILE;
+#else
+char	wtmpf[]	= "/etc/wtmp";
+#endif
+#endif /* PARENT_DOES_UTMP */
+
+#ifdef HAVE_TMPDIR_H
+#include <tmpdir.h>
+#endif	/* CRAY */
+
+#ifdef	STREAMSPTY
+
+#ifdef HAVE_SAC_H
+#include <sac.h>
+#endif
+
+#ifdef HAVE_SYS_STROPTS_H
+#include <sys/stropts.h>
+#endif
+
+#endif /* STREAMSPTY */
+
+#ifdef	HAVE_SYS_STREAM_H
+#ifdef  HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif
+#ifdef __hpux
+#undef SE
+#endif
+#include <sys/stream.h>
+#endif
+#if !(defined(__sgi) || defined(__linux) || defined(_AIX)) && defined(HAVE_SYS_TTY)
+#include <sys/tty.h>
+#endif
+#ifdef	t_erase
+#undef	t_erase
+#undef	t_kill
+#undef	t_intrc
+#undef	t_quitc
+#undef	t_startc
+#undef	t_stopc
+#undef	t_eofc
+#undef	t_brkc
+#undef	t_suspc
+#undef	t_dsuspc
+#undef	t_rprntc
+#undef	t_flushc
+#undef	t_werasc
+#undef	t_lnextc
+#endif
+
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#else
+#ifdef HAVE_TERMIO_H
+#include <termio.h>
+#endif
+#endif
+
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+
+# ifndef	TCSANOW
+#  ifdef TCSETS
+#   define	TCSANOW		TCSETS
+#   define	TCSADRAIN	TCSETSW
+#   define	tcgetattr(f, t)	ioctl(f, TCGETS, (char *)t)
+#  else
+#   ifdef TCSETA
+#    define	TCSANOW		TCSETA
+#    define	TCSADRAIN	TCSETAW
+#    define	tcgetattr(f, t)	ioctl(f, TCGETA, (char *)t)
+#   else
+#    define	TCSANOW		TIOCSETA
+#    define	TCSADRAIN	TIOCSETAW
+#    define	tcgetattr(f, t)	ioctl(f, TIOCGETA, (char *)t)
+#   endif
+#  endif
+#  define	tcsetattr(f, a, t)	ioctl(f, a, t)
+#  define	cfsetospeed(tp, val)	(tp)->c_cflag &= ~CBAUD; \
+(tp)->c_cflag |= (val)
+#  define	cfgetospeed(tp)		((tp)->c_cflag & CBAUD)
+#  ifdef CIBAUD
+#   define	cfsetispeed(tp, val)	(tp)->c_cflag &= ~CIBAUD; \
+     (tp)->c_cflag |= ((val)<<IBSHIFT)
+#   define	cfgetispeed(tp)		(((tp)->c_cflag & CIBAUD)>>IBSHIFT)
+#  else
+#   define	cfsetispeed(tp, val)	(tp)->c_cflag &= ~CBAUD; \
+     (tp)->c_cflag |= (val)
+#   define	cfgetispeed(tp)		((tp)->c_cflag & CBAUD)
+#  endif
+# endif /* TCSANOW */
+     struct termios termbuf, termbuf2;	/* pty control structure */
+# ifdef  STREAMSPTY
+     static int ttyfd = -1;
+     int really_stream = 0;
+# endif
+
+     const char *new_login = _PATH_LOGIN;
+
+/*
+ * init_termbuf()
+ * copy_termbuf(cp)
+ * set_termbuf()
+ *
+ * These three routines are used to get and set the "termbuf" structure
+ * to and from the kernel.  init_termbuf() gets the current settings.
+ * copy_termbuf() hands in a new "termbuf" to write to the kernel, and
+ * set_termbuf() writes the structure into the kernel.
+ */
+
+     void
+     init_termbuf(void)
+{
+# ifdef  STREAMSPTY
+    if (really_stream)
+	tcgetattr(ttyfd, &termbuf);
+    else
+# endif
+	tcgetattr(ourpty, &termbuf);
+    termbuf2 = termbuf;
+}
+
+void
+set_termbuf(void)
+{
+    /*
+     * Only make the necessary changes.
+	 */
+    if (memcmp(&termbuf, &termbuf2, sizeof(termbuf)))
+# ifdef  STREAMSPTY
+	if (really_stream)
+	    tcsetattr(ttyfd, TCSANOW, &termbuf);
+	else
+# endif
+	    tcsetattr(ourpty, TCSANOW, &termbuf);
+}
+
+
+/*
+ * spcset(func, valp, valpp)
+ *
+ * This function takes various special characters (func), and
+ * sets *valp to the current value of that character, and
+ * *valpp to point to where in the "termbuf" structure that
+ * value is kept.
+ *
+ * It returns the SLC_ level of support for this function.
+ */
+
+
+int
+spcset(int func, cc_t *valp, cc_t **valpp)
+{
+
+#define	setval(a, b)	*valp = termbuf.c_cc[a]; \
+    *valpp = &termbuf.c_cc[a]; \
+				   return(b);
+#define	defval(a) *valp = ((cc_t)a); *valpp = (cc_t *)0; return(SLC_DEFAULT);
+
+    switch(func) {
+    case SLC_EOF:
+	setval(VEOF, SLC_VARIABLE);
+    case SLC_EC:
+	setval(VERASE, SLC_VARIABLE);
+    case SLC_EL:
+	setval(VKILL, SLC_VARIABLE);
+    case SLC_IP:
+	setval(VINTR, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
+    case SLC_ABORT:
+	setval(VQUIT, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
+    case SLC_XON:
+#ifdef	VSTART
+	setval(VSTART, SLC_VARIABLE);
+#else
+	defval(0x13);
+#endif
+    case SLC_XOFF:
+#ifdef	VSTOP
+	setval(VSTOP, SLC_VARIABLE);
+#else
+	defval(0x11);
+#endif
+    case SLC_EW:
+#ifdef	VWERASE
+	setval(VWERASE, SLC_VARIABLE);
+#else
+	defval(0);
+#endif
+    case SLC_RP:
+#ifdef	VREPRINT
+	setval(VREPRINT, SLC_VARIABLE);
+#else
+	defval(0);
+#endif
+    case SLC_LNEXT:
+#ifdef	VLNEXT
+	setval(VLNEXT, SLC_VARIABLE);
+#else
+	defval(0);
+#endif
+    case SLC_AO:
+#if	!defined(VDISCARD) && defined(VFLUSHO)
+# define VDISCARD VFLUSHO
+#endif
+#ifdef	VDISCARD
+	setval(VDISCARD, SLC_VARIABLE|SLC_FLUSHOUT);
+#else
+	defval(0);
+#endif
+    case SLC_SUSP:
+#ifdef	VSUSP
+	setval(VSUSP, SLC_VARIABLE|SLC_FLUSHIN);
+#else
+	defval(0);
+#endif
+#ifdef	VEOL
+    case SLC_FORW1:
+	setval(VEOL, SLC_VARIABLE);
+#endif
+#ifdef	VEOL2
+    case SLC_FORW2:
+	setval(VEOL2, SLC_VARIABLE);
+#endif
+    case SLC_AYT:
+#ifdef	VSTATUS
+	setval(VSTATUS, SLC_VARIABLE);
+#else
+	defval(0);
+#endif
+
+    case SLC_BRK:
+    case SLC_SYNCH:
+    case SLC_EOR:
+	defval(0);
+
+    default:
+	*valp = 0;
+	*valpp = 0;
+	return(SLC_NOSUPPORT);
+    }
+}
+
+#ifdef _CRAY
+/*
+ * getnpty()
+ *
+ * Return the number of pty's configured into the system.
+ */
+int
+getnpty()
+{
+#ifdef _SC_CRAY_NPTY
+    int numptys;
+
+    if ((numptys = sysconf(_SC_CRAY_NPTY)) != -1)
+	return numptys;
+    else
+#endif /* _SC_CRAY_NPTY */
+	return 128;
+}
+#endif /* CRAY */
+
+/*
+ * getpty()
+ *
+ * Allocate a pty.  As a side effect, the external character
+ * array "line" contains the name of the slave side.
+ *
+ * Returns the file descriptor of the opened pty.
+ */
+
+static char Xline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+char *line = Xline;
+
+#ifdef	_CRAY
+char myline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+#endif	/* CRAY */
+
+#if !defined(HAVE_PTSNAME) && defined(STREAMSPTY)
+static char *ptsname(int fd)
+{
+#ifdef HAVE_TTYNAME
+    return ttyname(fd);
+#else
+    return NULL;
+#endif
+}
+#endif
+
+int getpty(int *ptynum)
+{
+#ifdef __osf__ /* XXX */
+    int master;
+    int slave;
+    if(openpty(&master, &slave, line, 0, 0) == 0){
+	close(slave);
+	return master;
+    }
+    return -1;
+#else
+#ifdef HAVE__GETPTY
+    int master, slave;
+    char *p;
+    p = _getpty(&master, O_RDWR, 0600, 1);
+    if(p == NULL)
+	return -1;
+    strcpy_truncate(line, p, sizeof(Xline));
+    return master;
+#else
+
+    int p;
+    char *cp, *p1, *p2;
+    int i;
+#if SunOS == 40
+    int dummy;
+#endif
+#if 0 /* && defined(HAVE_OPENPTY) */
+    int master;
+    int slave;
+    if(openpty(&master, &slave, line, 0, 0) == 0){
+	close(slave);
+	return master;
+    }
+#else
+#ifdef	STREAMSPTY
+    char *clone[] = { "/dev/ptc", "/dev/ptmx", "/dev/ptm", 
+		      "/dev/ptym/clone", 0 };
+
+    char **q;
+    for(q=clone; *q; q++){
+	p=open(*q, O_RDWR);
+	if(p >= 0){
+#ifdef HAVE_GRANTPT
+	    grantpt(p);
+#endif
+#ifdef HAVE_UNLOCKPT
+	    unlockpt(p);
+#endif
+	    strcpy_truncate(line, ptsname(p), sizeof(Xline));
+	    really_stream = 1;
+	    return p;
+	}
+    }
+#endif /* STREAMSPTY */
+#ifndef _CRAY
+
+#ifndef	__hpux
+    snprintf(line, sizeof(Xline), "/dev/ptyXX");
+    p1 = &line[8];
+    p2 = &line[9];
+#else
+    snprintf(line, sizeof(Xline), "/dev/ptym/ptyXX");
+    p1 = &line[13];
+    p2 = &line[14];
+#endif
+
+	
+    for (cp = "pqrstuvwxyzPQRST"; *cp; cp++) {
+	struct stat stb;
+
+	*p1 = *cp;
+	*p2 = '0';
+	/*
+	 * This stat() check is just to keep us from
+	 * looping through all 256 combinations if there
+	 * aren't that many ptys available.
+	 */
+	if (stat(line, &stb) < 0)
+	    break;
+	for (i = 0; i < 16; i++) {
+	    *p2 = "0123456789abcdef"[i];
+	    p = open(line, O_RDWR);
+	    if (p > 0) {
+#ifndef	__hpux
+		line[5] = 't';
+#else
+		for (p1 = &line[8]; *p1; p1++)
+		    *p1 = *(p1+1);
+		line[9] = 't';
+#endif
+		chown(line, 0, 0);
+		chmod(line, 0600);
+#if SunOS == 40
+		if (ioctl(p, TIOCGPGRP, &dummy) == 0
+		    || errno != EIO) {
+		    chmod(line, 0666);
+		    close(p);
+		    line[5] = 'p';
+		} else
+#endif /* SunOS == 40 */
+		    return(p);
+	    }
+	}
+    }
+#else	/* CRAY */
+    extern lowpty, highpty;
+    struct stat sb;
+
+    for (*ptynum = lowpty; *ptynum <= highpty; (*ptynum)++) {
+	snprintf(myline, sizeof(myline), "/dev/pty/%03d", *ptynum);
+	p = open(myline, 2);
+	if (p < 0)
+	    continue;
+	snprintf(line, sizeof(Xline), "/dev/ttyp%03d", *ptynum);
+	/*
+	 * Here are some shenanigans to make sure that there
+	 * are no listeners lurking on the line.
+	 */
+	if(stat(line, &sb) < 0) {
+	    close(p);
+	    continue;
+	}
+	if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) {
+	    chown(line, 0, 0);
+	    chmod(line, 0600);
+	    close(p);
+	    p = open(myline, 2);
+	    if (p < 0)
+		continue;
+	}
+	/*
+	 * Now it should be safe...check for accessability.
+	 */
+	if (access(line, 6) == 0)
+	    return(p);
+	else {
+	    /* no tty side to pty so skip it */
+	    close(p);
+	}
+    }
+#endif	/* CRAY */
+#endif	/* STREAMSPTY */
+#endif /* OPENPTY */
+    return(-1);
+#endif
+}
+
+
+int
+tty_isecho(void)
+{
+    return (termbuf.c_lflag & ECHO);
+}
+
+int
+tty_flowmode(void)
+{
+    return((termbuf.c_iflag & IXON) ? 1 : 0);
+}
+
+int
+tty_restartany(void)
+{
+    return((termbuf.c_iflag & IXANY) ? 1 : 0);
+}
+
+void
+tty_setecho(int on)
+{
+    if (on)
+	termbuf.c_lflag |= ECHO;
+    else
+	termbuf.c_lflag &= ~ECHO;
+}
+
+int
+tty_israw(void)
+{
+    return(!(termbuf.c_lflag & ICANON));
+}
+
+void
+tty_binaryin(int on)
+{
+    if (on) {
+	termbuf.c_iflag &= ~ISTRIP;
+    } else {
+	termbuf.c_iflag |= ISTRIP;
+    }
+}
+
+void
+tty_binaryout(int on)
+{
+    if (on) {
+	termbuf.c_cflag &= ~(CSIZE|PARENB);
+	termbuf.c_cflag |= CS8;
+	termbuf.c_oflag &= ~OPOST;
+    } else {
+	termbuf.c_cflag &= ~CSIZE;
+	termbuf.c_cflag |= CS7|PARENB;
+	termbuf.c_oflag |= OPOST;
+    }
+}
+
+int
+tty_isbinaryin(void)
+{
+    return(!(termbuf.c_iflag & ISTRIP));
+}
+
+int
+tty_isbinaryout(void)
+{
+    return(!(termbuf.c_oflag&OPOST));
+}
+
+
+int
+tty_issofttab(void)
+{
+# ifdef	OXTABS
+    return (termbuf.c_oflag & OXTABS);
+# endif
+# ifdef	TABDLY
+    return ((termbuf.c_oflag & TABDLY) == TAB3);
+# endif
+}
+
+void
+tty_setsofttab(int on)
+{
+    if (on) {
+# ifdef	OXTABS
+	termbuf.c_oflag |= OXTABS;
+# endif
+# ifdef	TABDLY
+	termbuf.c_oflag &= ~TABDLY;
+	termbuf.c_oflag |= TAB3;
+# endif
+    } else {
+# ifdef	OXTABS
+	termbuf.c_oflag &= ~OXTABS;
+# endif
+# ifdef	TABDLY
+	termbuf.c_oflag &= ~TABDLY;
+	termbuf.c_oflag |= TAB0;
+# endif
+    }
+}
+
+int
+tty_islitecho(void)
+{
+# ifdef	ECHOCTL
+    return (!(termbuf.c_lflag & ECHOCTL));
+# endif
+# ifdef	TCTLECH
+    return (!(termbuf.c_lflag & TCTLECH));
+# endif
+# if	!defined(ECHOCTL) && !defined(TCTLECH)
+    return (0);	/* assumes ctl chars are echoed '^x' */
+# endif
+}
+
+void
+tty_setlitecho(int on)
+{
+# ifdef	ECHOCTL
+    if (on)
+	termbuf.c_lflag &= ~ECHOCTL;
+    else
+	termbuf.c_lflag |= ECHOCTL;
+# endif
+# ifdef	TCTLECH
+    if (on)
+	termbuf.c_lflag &= ~TCTLECH;
+    else
+	termbuf.c_lflag |= TCTLECH;
+# endif
+}
+
+int
+tty_iscrnl(void)
+{
+    return (termbuf.c_iflag & ICRNL);
+}
+
+/*
+ * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD).
+ */
+#if B4800 != 4800
+#define	DECODE_BAUD
+#endif
+
+#ifdef	DECODE_BAUD
+
+/*
+ * A table of available terminal speeds
+ */
+struct termspeeds {
+    int	speed;
+    int	value;
+} termspeeds[] = {
+    { 0,      B0 },      { 50,    B50 },    { 75,     B75 },
+    { 110,    B110 },    { 134,   B134 },   { 150,    B150 },
+    { 200,    B200 },    { 300,   B300 },   { 600,    B600 },
+    { 1200,   B1200 },   { 1800,  B1800 },  { 2400,   B2400 },
+    { 4800,   B4800 },
+#ifdef	B7200
+    { 7200,  B7200 },
+#endif
+    { 9600,   B9600 },
+#ifdef	B14400
+    { 14400,  B14400 },
+#endif
+#ifdef	B19200
+    { 19200,  B19200 },
+#endif
+#ifdef	B28800
+    { 28800,  B28800 },
+#endif
+#ifdef	B38400
+    { 38400,  B38400 },
+#endif
+#ifdef	B57600
+    { 57600,  B57600 },
+#endif
+#ifdef	B115200
+    { 115200, B115200 },
+#endif
+#ifdef	B230400
+    { 230400, B230400 },
+#endif
+    { -1,     0 }
+};
+#endif	/* DECODE_BUAD */
+
+void
+tty_tspeed(int val)
+{
+#ifdef	DECODE_BAUD
+    struct termspeeds *tp;
+
+    for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++)
+	;
+    if (tp->speed == -1)	/* back up to last valid value */
+	--tp;
+    cfsetospeed(&termbuf, tp->value);
+#else	/* DECODE_BUAD */
+    cfsetospeed(&termbuf, val);
+#endif	/* DECODE_BUAD */
+}
+
+void
+tty_rspeed(int val)
+{
+#ifdef	DECODE_BAUD
+    struct termspeeds *tp;
+
+    for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++)
+	;
+    if (tp->speed == -1)	/* back up to last valid value */
+	--tp;
+    cfsetispeed(&termbuf, tp->value);
+#else	/* DECODE_BAUD */
+    cfsetispeed(&termbuf, val);
+#endif	/* DECODE_BAUD */
+}
+
+#ifdef PARENT_DOES_UTMP
+extern	struct utmp wtmp;
+extern char wtmpf[];
+
+extern void utmp_sig_init (void);
+extern void utmp_sig_reset (void);
+extern void utmp_sig_wait (void);
+extern void utmp_sig_notify (int);
+# endif /* PARENT_DOES_UTMP */
+
+#ifdef STREAMSPTY
+
+/* I_FIND seems to live a life of its own */
+static int my_find(int fd, char *module)
+{
+#if defined(I_FIND) && defined(I_LIST)
+    static int flag;
+    static struct str_list sl;
+    int n;
+    int i;
+  
+    if(!flag){
+	n = ioctl(fd, I_LIST, 0);
+	if(n < 0){
+	    perror("ioctl(fd, I_LIST, 0)");
+	    return -1;
+	}
+	sl.sl_modlist=(struct str_mlist*)malloc(n * sizeof(struct str_mlist));
+	sl.sl_nmods = n;
+	n = ioctl(fd, I_LIST, &sl);
+	if(n < 0){
+	    perror("ioctl(fd, I_LIST, n)");
+	    return -1;
+	}
+	flag = 1;
+    }
+  
+    for(i=0; i<sl.sl_nmods; i++)
+	if(!strcmp(sl.sl_modlist[i].l_name, module))
+	    return 1;
+#endif
+    return 0;
+}
+
+static void maybe_push_modules(int fd, char **modules)
+{
+    char **p;
+    int err;
+
+    for(p=modules; *p; p++){
+	err = my_find(fd, *p);
+	if(err == 1)
+	    break;
+	if(err < 0 && errno != EINVAL)
+	    fatalperror(net, "my_find()");
+	/* module not pushed or does not exist */
+    }
+    /* p points to null or to an already pushed module, now push all
+       modules before this one */
+  
+    for(p--; p >= modules; p--){
+	err = ioctl(fd, I_PUSH, *p);
+	if(err < 0 && errno != EINVAL)
+	    fatalperror(net, "I_PUSH");
+    }
+}
+#endif
+
+/*
+ * getptyslave()
+ *
+ * Open the slave side of the pty, and do any initialization
+ * that is necessary.  The return value is a file descriptor
+ * for the slave side.
+ */
+void getptyslave(void)
+{
+    int t = -1;
+
+    struct winsize ws;
+    extern int def_row, def_col;
+    extern int def_tspeed, def_rspeed;
+    /*
+     * Opening the slave side may cause initilization of the
+     * kernel tty structure.  We need remember the state of
+     * 	if linemode was turned on
+     *	terminal window size
+     *	terminal speed
+     * so that we can re-set them if we need to.
+     */
+
+
+    /*
+     * Make sure that we don't have a controlling tty, and
+     * that we are the session (process group) leader.
+     */
+
+#ifdef HAVE_SETSID
+    if(setsid()<0)
+	fatalperror(net, "setsid()");
+#else
+# ifdef	TIOCNOTTY
+    t = open(_PATH_TTY, O_RDWR);
+    if (t >= 0) {
+	ioctl(t, TIOCNOTTY, (char *)0);
+	close(t);
+    }
+# endif
+#endif
+
+# ifdef PARENT_DOES_UTMP
+    /*
+     * Wait for our parent to get the utmp stuff to get done.
+     */
+    utmp_sig_wait();
+# endif
+
+    t = cleanopen(line);
+    if (t < 0)
+	fatalperror(net, line);
+
+#ifdef  STREAMSPTY
+    ttyfd = t;
+	  
+
+    /*
+     * Not all systems have (or need) modules ttcompat and pckt so
+     * don't flag it as a fatal error if they don't exist.
+     */
+
+    if (really_stream)
+	{
+	    /* these are the streams modules that we want pushed. note
+	       that they are in reverse order, ptem will be pushed
+	       first. maybe_push_modules() will try to push all modules
+	       before the first one that isn't already pushed. i.e if
+	       ldterm is pushed, only ttcompat will be attempted.
+
+	       all this is because we don't know which modules are
+	       available, and we don't know which modules are already
+	       pushed (via autopush, for instance).
+
+	       */
+	     
+	    char *ttymodules[] = { "ttcompat", "ldterm", "ptem", NULL };
+	    char *ptymodules[] = { "pckt", NULL };
+
+	    maybe_push_modules(t, ttymodules);
+	    maybe_push_modules(ourpty, ptymodules);
+	}
+#endif
+    /*
+     * set up the tty modes as we like them to be.
+     */
+    init_termbuf();
+# ifdef	TIOCSWINSZ
+    if (def_row || def_col) {
+	memset(&ws, 0, sizeof(ws));
+	ws.ws_col = def_col;
+	ws.ws_row = def_row;
+	ioctl(t, TIOCSWINSZ, (char *)&ws);
+    }
+# endif
+
+    /*
+     * Settings for sgtty based systems
+     */
+
+    /*
+     * Settings for UNICOS (and HPUX)
+     */
+# if defined(_CRAY) || defined(__hpux)
+    termbuf.c_oflag = OPOST|ONLCR|TAB3;
+    termbuf.c_iflag = IGNPAR|ISTRIP|ICRNL|IXON;
+    termbuf.c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK;
+    termbuf.c_cflag = EXTB|HUPCL|CS8;
+# endif
+
+    /*
+     * Settings for all other termios/termio based
+     * systems, other than 4.4BSD.  In 4.4BSD the
+     * kernel does the initial terminal setup.
+     */
+# if !(defined(_CRAY) || defined(__hpux)) && (BSD <= 43)
+#  ifndef	OXTABS
+#   define OXTABS	0
+#  endif
+    termbuf.c_lflag |= ECHO;
+    termbuf.c_oflag |= ONLCR|OXTABS;
+    termbuf.c_iflag |= ICRNL;
+    termbuf.c_iflag &= ~IXOFF;
+# endif
+    tty_rspeed((def_rspeed > 0) ? def_rspeed : 9600);
+    tty_tspeed((def_tspeed > 0) ? def_tspeed : 9600);
+
+    /*
+     * Set the tty modes, and make this our controlling tty.
+     */
+    set_termbuf();
+    if (login_tty(t) == -1)
+	fatalperror(net, "login_tty");
+    if (net > 2)
+	close(net);
+    if (ourpty > 2) {
+	close(ourpty);
+	ourpty = -1;
+    }
+}
+
+#ifndef	O_NOCTTY
+#define	O_NOCTTY	0
+#endif
+/*
+ * Open the specified slave side of the pty,
+ * making sure that we have a clean tty.
+ */
+
+int cleanopen(char *line)
+{
+    int t;
+
+#ifdef STREAMSPTY
+    if (!really_stream)
+#endif
+	{
+	    /*
+	     * Make sure that other people can't open the
+	     * slave side of the connection.
+	     */
+	    chown(line, 0, 0);
+	    chmod(line, 0600);
+	}
+
+#ifdef HAVE_REVOKE
+    revoke(line);
+#endif
+
+    t = open(line, O_RDWR|O_NOCTTY);
+
+    if (t < 0)
+	return(-1);
+
+    /*
+     * Hangup anybody else using this ttyp, then reopen it for
+     * ourselves.
+     */
+# if !(defined(_CRAY) || defined(__hpux)) && (BSD <= 43) && !defined(STREAMSPTY)
+    signal(SIGHUP, SIG_IGN);
+#ifdef HAVE_VHANGUP
+    vhangup();
+#else
+#endif
+    signal(SIGHUP, SIG_DFL);
+    t = open(line, O_RDWR|O_NOCTTY);
+    if (t < 0)
+	return(-1);
+# endif
+# if	defined(_CRAY) && defined(TCVHUP)
+    {
+	int i;
+	signal(SIGHUP, SIG_IGN);
+	ioctl(t, TCVHUP, (char *)0);
+	signal(SIGHUP, SIG_DFL);
+
+	i = open(line, O_RDWR);
+
+	if (i < 0)
+	    return(-1);
+	close(t);
+	t = i;
+    }
+# endif	/* defined(CRAY) && defined(TCVHUP) */
+    return(t);
+}
+
+#if !defined(BSD4_4)
+
+int login_tty(int t)
+{
+# if defined(TIOCSCTTY) && !defined(__hpux)
+    if (ioctl(t, TIOCSCTTY, (char *)0) < 0)
+	fatalperror(net, "ioctl(sctty)");
+#  ifdef _CRAY
+    /*
+     * Close the hard fd to /dev/ttypXXX, and re-open through
+     * the indirect /dev/tty interface.
+     */
+    close(t);
+    if ((t = open("/dev/tty", O_RDWR)) < 0)
+	fatalperror(net, "open(/dev/tty)");
+#  endif
+# else
+    /*
+     * We get our controlling tty assigned as a side-effect
+     * of opening up a tty device.  But on BSD based systems,
+     * this only happens if our process group is zero.  The
+     * setsid() call above may have set our pgrp, so clear
+     * it out before opening the tty...
+     */
+#ifdef HAVE_SETPGID
+    setpgid(0, 0);
+#else
+    setpgrp(0, 0); /* if setpgid isn't available, setpgrp
+		      probably takes arguments */
+#endif
+    close(open(line, O_RDWR));
+# endif
+    if (t != 0)
+	dup2(t, 0);
+    if (t != 1)
+	dup2(t, 1);
+    if (t != 2)
+	dup2(t, 2);
+    if (t > 2)
+	close(t);
+    return(0);
+}
+#endif	/* BSD <= 43 */
+
+/*
+ * This comes from ../../bsd/tty.c and should not really be here.
+ */
+
+/*
+ * Clean the tty name.  Return a pointer to the cleaned version.
+ */
+
+static char *
+clean_ttyname (char *tty)
+{
+  char *res = tty;
+
+  if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0)
+    res += strlen(_PATH_DEV);
+  if (strncmp (res, "pty/", 4) == 0)
+    res += 4;
+  if (strncmp (res, "ptym/", 5) == 0)
+    res += 5;
+  return res;
+}
+
+/*
+ * Generate a name usable as an `ut_id', typically without `tty'.
+ */
+
+#ifdef HAVE_STRUCT_UTMP_UT_ID
+static char *
+make_id (char *tty)
+{
+  char *res = tty;
+  
+  if (strncmp (res, "pts/", 4) == 0)
+    res += 4;
+  if (strncmp (res, "tty", 3) == 0)
+    res += 3;
+  return res;
+}
+#endif
+
+/*
+ * startslave(host)
+ *
+ * Given a hostname, do whatever
+ * is necessary to startup the login process on the slave side of the pty.
+ */
+
+/* ARGSUSED */
+void
+startslave(char *host, int autologin, char *autoname)
+{
+    int i;
+
+#ifdef AUTHENTICATION
+    if (!autoname || !autoname[0])
+	autologin = 0;
+
+    if (autologin < auth_level) {
+	fatal(net, "Authorization failed");
+	exit(1);
+    }
+#endif
+
+    {
+	char *tbuf =
+	    "\r\n*** Connection not encrypted! "
+	    "Communication may be eavesdropped. ***\r\n";
+#ifdef ENCRYPTION
+	if (!no_warn && (encrypt_output == 0 || decrypt_input == 0))
+#endif
+	    writenet((unsigned char*)tbuf, strlen(tbuf));
+    }
+# ifdef	PARENT_DOES_UTMP
+    utmp_sig_init();
+# endif	/* PARENT_DOES_UTMP */
+
+    if ((i = fork()) < 0)
+	fatalperror(net, "fork");
+    if (i) {
+# ifdef PARENT_DOES_UTMP
+	/*
+	 * Cray parent will create utmp entry for child and send
+	 * signal to child to tell when done.  Child waits for signal
+	 * before doing anything important.
+	 */
+	int pid = i;
+	void sigjob (int);
+
+	setpgrp();
+	utmp_sig_reset();		/* reset handler to default */
+	/*
+	 * Create utmp entry for child
+	 */
+	time(&wtmp.ut_time);
+	wtmp.ut_type = LOGIN_PROCESS;
+	wtmp.ut_pid = pid;
+	strncpy(wtmp.ut_user,  "LOGIN", sizeof(wtmp.ut_user));
+	strncpy(wtmp.ut_host,  host, sizeof(wtmp.ut_host));
+	strncpy(wtmp.ut_line,  clean_ttyname(line), sizeof(wtmp.ut_line));
+#ifdef HAVE_STRUCT_UTMP_UT_ID
+	strncpy(wtmp.ut_id, wtmp.ut_line + 3, sizeof(wtmp.ut_id));
+#endif
+
+	pututline(&wtmp);
+	endutent();
+	if ((i = open(wtmpf, O_WRONLY|O_APPEND)) >= 0) {
+	    write(i, &wtmp, sizeof(struct utmp));
+	    close(i);
+	}
+#ifdef	_CRAY
+	signal(WJSIGNAL, sigjob);
+#endif
+	utmp_sig_notify(pid);
+# endif	/* PARENT_DOES_UTMP */
+    } else {
+	getptyslave();
+	start_login(host, autologin, autoname);
+	/*NOTREACHED*/
+    }
+}
+
+char	*envinit[3];
+extern char **environ;
+
+void
+init_env(void)
+{
+    extern char *getenv(const char *);
+    char **envp;
+
+    envp = envinit;
+    if ((*envp = getenv("TZ")))
+	*envp++ -= 3;
+#if defined(_CRAY) || defined(__hpux)
+    else
+	*envp++ = "TZ=GMT0";
+#endif
+    *envp = 0;
+    environ = envinit;
+}
+
+/*
+ * scrub_env()
+ *
+ * Remove variables from the environment that might cause login to
+ * behave in a bad manner. To avoid this, login should be staticly
+ * linked.
+ */
+
+static void scrub_env(void)
+{
+    static char *remove[] = { "LD_", "_RLD_", "LIBPATH=", "IFS=", NULL };
+
+    char **cpp, **cpp2;
+    char **p;
+  
+    for (cpp2 = cpp = environ; *cpp; cpp++) {
+	for(p = remove; *p; p++)
+	    if(strncmp(*cpp, *p, strlen(*p)) == 0)
+		break;
+	if(*p == NULL)
+	    *cpp2++ = *cpp;
+    }
+    *cpp2 = 0;
+}
+
+
+struct arg_val {
+    int size;
+    int argc;
+    char **argv;
+};
+
+static int addarg(struct arg_val*, char*);
+
+/*
+ * start_login(host)
+ *
+ * Assuming that we are now running as a child processes, this
+ * function will turn us into the login process.
+ */
+
+void
+start_login(char *host, int autologin, char *name)
+{
+    struct arg_val argv;
+    char *user;
+
+#ifdef HAVE_UTMPX_H
+    int pid = getpid();
+    struct utmpx utmpx;
+    char *clean_tty;
+
+    /*
+     * Create utmp entry for child
+     */
+
+    clean_tty = clean_ttyname(line);
+    memset(&utmpx, 0, sizeof(utmpx));
+    strncpy(utmpx.ut_user,  ".telnet", sizeof(utmpx.ut_user));
+    strncpy(utmpx.ut_line,  clean_tty, sizeof(utmpx.ut_line));
+#ifdef HAVE_STRUCT_UTMP_UT_ID
+    strncpy(utmpx.ut_id, make_id(clean_tty), sizeof(utmpx.ut_id));
+#endif
+    utmpx.ut_pid = pid;
+	
+    utmpx.ut_type = LOGIN_PROCESS;
+
+    gettimeofday (&utmpx.ut_tv, NULL);
+    if (pututxline(&utmpx) == NULL)
+	fatal(net, "pututxline failed");
+#endif
+
+    scrub_env();
+	
+    /*
+     * -h : pass on name of host.
+     *		WARNING:  -h is accepted by login if and only if
+     *			getuid() == 0.
+     * -p : don't clobber the environment (so terminal type stays set).
+     *
+     * -f : force this login, he has already been authenticated
+     */
+
+    /* init argv structure */ 
+    argv.size=0;
+    argv.argc=0;
+    argv.argv=(char**)malloc(0); /*so we can call realloc later */
+    addarg(&argv, "login");
+    addarg(&argv, "-h");
+    addarg(&argv, host);
+    addarg(&argv, "-p");
+    if(name[0])
+	user = name;
+    else
+	user = getenv("USER");
+#ifdef AUTHENTICATION
+    if (auth_level < 0 || autologin != AUTH_VALID) {
+	if(!no_warn) {
+	    printf("User not authenticated. ");
+	    if (require_otp)
+		printf("Using one-time password\r\n");
+	    else
+		printf("Using plaintext username and password\r\n");
+	}
+	if (require_otp) {
+	    addarg(&argv, "-a");
+	    addarg(&argv, "otp");
+	}
+	if(log_unauth) 
+	    syslog(LOG_INFO, "unauthenticated access from %s (%s)", 
+		   host, user ? user : "unknown user");
+    }
+    if (auth_level >= 0 && autologin == AUTH_VALID)
+	addarg(&argv, "-f");
+#endif
+    if(user){
+	addarg(&argv, "--");
+	addarg(&argv, strdup(user));
+    }
+    if (getenv("USER")) {
+	/*
+	 * Assume that login will set the USER variable
+	 * correctly.  For SysV systems, this means that
+	 * USER will no longer be set, just LOGNAME by
+	 * login.  (The problem is that if the auto-login
+	 * fails, and the user then specifies a different
+	 * account name, he can get logged in with both
+	 * LOGNAME and USER in his environment, but the
+	 * USER value will be wrong.
+	 */
+	unsetenv("USER");
+    }
+    closelog();
+    /*
+     * This sleep(1) is in here so that telnetd can
+     * finish up with the tty.  There's a race condition
+     * the login banner message gets lost...
+     */
+    sleep(1);
+
+    execv(new_login, argv.argv);
+
+    syslog(LOG_ERR, "%s: %m\n", new_login);
+    fatalperror(net, new_login);
+    /*NOTREACHED*/
+}
+
+
+
+static int addarg(struct arg_val *argv, char *val)
+{
+    if(argv->size <= argv->argc+1){
+	argv->argv = (char**)realloc(argv->argv, sizeof(char*) * (argv->size + 10));
+	if(argv->argv == NULL)
+	    return 1; /* this should probably be handled better */
+	argv->size+=10;
+    }
+    argv->argv[argv->argc++]=val;
+    argv->argv[argv->argc]=NULL;
+    return 0;
+}
+
+
+/*
+ * rmut()
+ *
+ * This is the function called by cleanup() to
+ * remove the utmp entry for this person.
+ */
+
+#ifdef HAVE_UTMPX_H
+static void
+rmut(void)
+{
+    struct utmpx *utxp, utmpx;
+    char *clean_tty = clean_ttyname(line);
+
+    /*
+     * This updates the utmpx and utmp entries and make a wtmp/x entry
+     */
+
+    setutxent();
+    memset(&utmpx, 0, sizeof(utmpx));
+    strncpy(utmpx.ut_line, clean_tty, sizeof(utmpx.ut_line));
+    utmpx.ut_type = LOGIN_PROCESS;
+    utxp = getutxline(&utmpx);
+    if (utxp) {
+	utxp->ut_user[0] = '\0';
+	utxp->ut_type = DEAD_PROCESS;
+#ifdef HAVE_STRUCT_UTMPX_UT_EXIT
+#ifdef _STRUCT___EXIT_STATUS
+	utxp->ut_exit.__e_termination = 0;
+	utxp->ut_exit.__e_exit = 0;
+#elif defined(__osf__) /* XXX */
+	utxp->ut_exit.ut_termination = 0;
+	utxp->ut_exit.ut_exit = 0;
+#else	
+	utxp->ut_exit.e_termination = 0;
+	utxp->ut_exit.e_exit = 0;
+#endif
+#endif
+	gettimeofday(&utxp->ut_tv, NULL);
+	pututxline(utxp);
+#ifdef WTMPX_FILE
+	updwtmpx(WTMPX_FILE, utxp);
+#elif defined(WTMP_FILE)
+	/* This is a strange system with a utmpx and a wtmp! */
+	{
+	  int f = open(wtmpf, O_WRONLY|O_APPEND);
+	  struct utmp wtmp;
+	  if (f >= 0) {
+	    strncpy(wtmp.ut_line,  clean_tty, sizeof(wtmp.ut_line));
+	    strncpy(wtmp.ut_name,  "", sizeof(wtmp.ut_name));
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
+	    strncpy(wtmp.ut_host,  "", sizeof(wtmp.ut_host));
+#endif
+	    time(&wtmp.ut_time);
+	    write(f, &wtmp, sizeof(wtmp));
+	    close(f);
+	  }
+	}
+#else
+
+#endif
+    }
+    endutxent();
+}  /* end of rmut */
+#endif
+
+#if !defined(HAVE_UTMPX_H) && !(defined(_CRAY) || defined(__hpux)) && BSD <= 43
+static void
+rmut(void)
+{
+    int f;
+    int found = 0;
+    struct utmp *u, *utmp;
+    int nutmp;
+    struct stat statbf;
+    char *clean_tty = clean_ttyname(line);
+
+    f = open(utmpf, O_RDWR);
+    if (f >= 0) {
+	fstat(f, &statbf);
+	utmp = (struct utmp *)malloc((unsigned)statbf.st_size);
+	if (!utmp)
+	    syslog(LOG_ERR, "utmp malloc failed");
+	if (statbf.st_size && utmp) {
+	    nutmp = read(f, utmp, (int)statbf.st_size);
+	    nutmp /= sizeof(struct utmp);
+
+	    for (u = utmp ; u < &utmp[nutmp] ; u++) {
+		if (strncmp(u->ut_line,
+			    clean_tty,
+			    sizeof(u->ut_line)) ||
+		    u->ut_name[0]==0)
+		    continue;
+		lseek(f, ((long)u)-((long)utmp), L_SET);
+		strncpy(u->ut_name,  "", sizeof(u->ut_name));
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
+		strncpy(u->ut_host,  "", sizeof(u->ut_host));
+#endif
+		time(&u->ut_time);
+		write(f, u, sizeof(wtmp));
+		found++;
+	    }
+	}
+	close(f);
+    }
+    if (found) {
+	f = open(wtmpf, O_WRONLY|O_APPEND);
+	if (f >= 0) {
+	    strncpy(wtmp.ut_line,  clean_tty, sizeof(wtmp.ut_line));
+	    strncpy(wtmp.ut_name,  "", sizeof(wtmp.ut_name));
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
+	    strncpy(wtmp.ut_host,  "", sizeof(wtmp.ut_host));
+#endif
+	    time(&wtmp.ut_time);
+	    write(f, &wtmp, sizeof(wtmp));
+	    close(f);
+	}
+    }
+    chmod(line, 0666);
+    chown(line, 0, 0);
+    line[strlen("/dev/")] = 'p';
+    chmod(line, 0666);
+    chown(line, 0, 0);
+}  /* end of rmut */
+#endif	/* CRAY */
+
+#if defined(__hpux) && !defined(HAVE_UTMPX_H)
+static void
+rmut (char *line)
+{
+    struct utmp utmp;
+    struct utmp *utptr;
+    int fd;			/* for /etc/wtmp */
+
+    utmp.ut_type = USER_PROCESS;
+    strncpy(utmp.ut_line, clean_ttyname(line), sizeof(utmp.ut_line));
+    setutent();
+    utptr = getutline(&utmp);
+    /* write it out only if it exists */
+    if (utptr) {
+	utptr->ut_type = DEAD_PROCESS;
+	utptr->ut_time = time(NULL);
+	pututline(utptr);
+	/* set wtmp entry if wtmp file exists */
+	if ((fd = open(wtmpf, O_WRONLY | O_APPEND)) >= 0) {
+	    write(fd, utptr, sizeof(utmp));
+	    close(fd);
+	}
+    }
+    endutent();
+
+    chmod(line, 0666);
+    chown(line, 0, 0);
+    line[14] = line[13];
+    line[13] = line[12];
+    line[8] = 'm';
+    line[9] = '/';
+    line[10] = 'p';
+    line[11] = 't';
+    line[12] = 'y';
+    chmod(line, 0666);
+    chown(line, 0, 0);
+}
+#endif
+
+/*
+ * cleanup()
+ *
+ * This is the routine to call when we are all through, to
+ * clean up anything that needs to be cleaned up.
+ */
+
+#ifdef PARENT_DOES_UTMP
+
+void
+cleanup(int sig)
+{
+#ifdef _CRAY
+    static int incleanup = 0;
+    int t;
+    int child_status; /* status of child process as returned by waitpid */
+    int flags = WNOHANG|WUNTRACED;
+    
+    /*
+     * 1: Pick up the zombie, if we are being called
+     *    as the signal handler.
+     * 2: If we are a nested cleanup(), return.
+     * 3: Try to clean up TMPDIR.
+     * 4: Fill in utmp with shutdown of process.
+     * 5: Close down the network and pty connections.
+     * 6: Finish up the TMPDIR cleanup, if needed.
+     */
+    if (sig == SIGCHLD) {
+	while (waitpid(-1, &child_status, flags) > 0)
+	    ;	/* VOID */
+	/* Check if the child process was stopped
+	 * rather than exited.  We want cleanup only if
+	 * the child has died.
+	 */
+	if (WIFSTOPPED(child_status)) {
+	    return;
+	}
+    }
+    t = sigblock(sigmask(SIGCHLD));
+    if (incleanup) {
+	sigsetmask(t);
+	return;
+    }
+    incleanup = 1;
+    sigsetmask(t);
+    
+    t = cleantmp(&wtmp);
+    setutent();	/* just to make sure */
+#endif /* CRAY */
+    rmut(line);
+    close(ourpty);
+    shutdown(net, 2);
+#ifdef _CRAY
+    if (t == 0)
+	cleantmp(&wtmp);
+#endif /* CRAY */
+    exit(1);
+}
+
+#else /* PARENT_DOES_UTMP */
+
+void
+cleanup(int sig)
+{
+#if defined(HAVE_UTMPX_H) || !defined(HAVE_LOGWTMP)
+    rmut();
+#ifdef HAVE_VHANGUP
+#ifndef __sgi
+    vhangup(); /* XXX */
+#endif
+#endif
+#else
+    char *p;
+    
+    p = line + sizeof("/dev/") - 1;
+    if (logout(p))
+	logwtmp(p, "", "");
+    chmod(line, 0666);
+    chown(line, 0, 0);
+    *p = 'p';
+    chmod(line, 0666);
+    chown(line, 0, 0);
+#endif
+    shutdown(net, 2);
+    exit(1);
+}
+
+#endif /* PARENT_DOES_UTMP */
+
+#ifdef PARENT_DOES_UTMP
+/*
+ * _utmp_sig_rcv
+ * utmp_sig_init
+ * utmp_sig_wait
+ *	These three functions are used to coordinate the handling of
+ *	the utmp file between the server and the soon-to-be-login shell.
+ *	The server actually creates the utmp structure, the child calls
+ *	utmp_sig_wait(), until the server calls utmp_sig_notify() and
+ *	signals the future-login shell to proceed.
+ */
+static int caught=0;		/* NZ when signal intercepted */
+static void (*func)();		/* address of previous handler */
+
+void
+_utmp_sig_rcv(sig)
+     int sig;
+{
+    caught = 1;
+    signal(SIGUSR1, func);
+}
+
+void
+utmp_sig_init()
+{
+    /*
+     * register signal handler for UTMP creation
+     */
+    if ((int)(func = signal(SIGUSR1, _utmp_sig_rcv)) == -1)
+	fatalperror(net, "telnetd/signal");
+}
+
+void
+utmp_sig_reset()
+{
+    signal(SIGUSR1, func);	/* reset handler to default */
+}
+
+# ifdef __hpux
+# define sigoff() /* do nothing */
+# define sigon() /* do nothing */
+# endif
+
+void
+utmp_sig_wait()
+{
+    /*
+     * Wait for parent to write our utmp entry.
+	 */
+    sigoff();
+    while (caught == 0) {
+	pause();	/* wait until we get a signal (sigon) */
+	sigoff();	/* turn off signals while we check caught */
+    }
+    sigon();		/* turn on signals again */
+}
+
+void
+utmp_sig_notify(pid)
+{
+    kill(pid, SIGUSR1);
+}
+
+#ifdef _CRAY
+static int gotsigjob = 0;
+
+	/*ARGSUSED*/
+void
+sigjob(sig)
+     int sig;
+{
+    int jid;
+    struct jobtemp *jp;
+
+    while ((jid = waitjob(NULL)) != -1) {
+	if (jid == 0) {
+	    return;
+	}
+	gotsigjob++;
+	jobend(jid, NULL, NULL);
+    }
+}
+
+/*
+ *	jid_getutid:
+ *		called by jobend() before calling cleantmp()
+ *		to find the correct $TMPDIR to cleanup.
+ */
+
+struct utmp *
+jid_getutid(jid)
+     int jid;
+{
+    struct utmp *cur = NULL;
+
+    setutent();	/* just to make sure */
+    while (cur = getutent()) {
+	if ( (cur->ut_type != NULL) && (jid == cur->ut_jid) ) {
+	    return(cur);
+	}
+    }
+
+    return(0);
+}
+
+/*
+ * Clean up the TMPDIR that login created.
+ * The first time this is called we pick up the info
+ * from the utmp.  If the job has already gone away,
+ * then we'll clean up and be done.  If not, then
+ * when this is called the second time it will wait
+ * for the signal that the job is done.
+ */
+int
+cleantmp(wtp)
+     struct utmp *wtp;
+{
+    struct utmp *utp;
+    static int first = 1;
+    int mask, omask, ret;
+    extern struct utmp *getutid (const struct utmp *_Id);
+
+
+    mask = sigmask(WJSIGNAL);
+
+    if (first == 0) {
+	omask = sigblock(mask);
+	while (gotsigjob == 0)
+	    sigpause(omask);
+	return(1);
+    }
+    first = 0;
+    setutent();	/* just to make sure */
+
+    utp = getutid(wtp);
+    if (utp == 0) {
+	syslog(LOG_ERR, "Can't get /etc/utmp entry to clean TMPDIR");
+	return(-1);
+    }
+    /*
+     * Nothing to clean up if the user shell was never started.
+     */
+    if (utp->ut_type != USER_PROCESS || utp->ut_jid == 0)
+	return(1);
+
+    /*
+     * Block the WJSIGNAL while we are in jobend().
+     */
+    omask = sigblock(mask);
+    ret = jobend(utp->ut_jid, utp->ut_tpath, utp->ut_user);
+    sigsetmask(omask);
+    return(ret);
+}
+
+int
+jobend(jid, path, user)
+     int jid;
+     char *path;
+     char *user;
+{
+    static int saved_jid = 0;
+    static int pty_saved_jid = 0;
+    static char saved_path[sizeof(wtmp.ut_tpath)+1];
+    static char saved_user[sizeof(wtmp.ut_user)+1];
+
+    /*
+     * this little piece of code comes into play
+     * only when ptyreconnect is used to reconnect
+     * to an previous session.
+     *
+     * this is the only time when the
+     * "saved_jid != jid" code is executed.
+     */
+
+    if ( saved_jid && saved_jid != jid ) {
+	if (!path) {	/* called from signal handler */
+	    pty_saved_jid = jid;
+	} else {
+	    pty_saved_jid = saved_jid;
+	}
+    }
+
+    if (path) {
+	strncpy(saved_path, path, sizeof(wtmp.ut_tpath));
+	strncpy(saved_user, user, sizeof(wtmp.ut_user));
+	saved_path[sizeof(saved_path)] = '\0';
+	saved_user[sizeof(saved_user)] = '\0';
+    }
+    if (saved_jid == 0) {
+	saved_jid = jid;
+	return(0);
+    }
+
+    /* if the jid has changed, get the correct entry from the utmp file */
+
+    if ( saved_jid != jid ) {
+	struct utmp *utp = NULL;
+	struct utmp *jid_getutid();
+
+	utp = jid_getutid(pty_saved_jid);
+
+	if (utp == 0) {
+	    syslog(LOG_ERR, "Can't get /etc/utmp entry to clean TMPDIR");
+	    return(-1);
+	}
+
+	cleantmpdir(jid, utp->ut_tpath, utp->ut_user);
+	return(1);
+    }
+
+    cleantmpdir(jid, saved_path, saved_user);
+    return(1);
+}
+
+/*
+ * Fork a child process to clean up the TMPDIR
+ */
+cleantmpdir(jid, tpath, user)
+     int jid;
+     char *tpath;
+     char *user;
+{
+    switch(fork()) {
+    case -1:
+	syslog(LOG_ERR, "TMPDIR cleanup(%s): fork() failed: %m\n",
+	       tpath);
+	break;
+    case 0:
+	execl(CLEANTMPCMD, CLEANTMPCMD, user, tpath, 0);
+	syslog(LOG_ERR, "TMPDIR cleanup(%s): execl(%s) failed: %m\n",
+	       tpath, CLEANTMPCMD);
+	exit(1);
+    default:
+	/*
+	 * Forget about child.  We will exit, and
+	 * /etc/init will pick it up.
+	 */
+	break;
+    }
+}
+#endif /* CRAY */
+#endif	/* defined(PARENT_DOES_UTMP) */
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c
new file mode 100644
index 0000000..73008a3
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c
@@ -0,0 +1,1357 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: telnetd.c,v 1.53 1999/03/15 16:40:52 joda Exp $");
+
+#ifdef _SC_CRAY_SECURE_SYS
+#include <sys/sysv.h>
+#include <sys/secdev.h>
+#include <sys/secparm.h>
+#include <sys/usrv.h>
+int	secflag;
+char	tty_dev[16];
+struct	secdev dv;
+struct	sysv sysv;
+struct	socksec ss;
+#endif	/* _SC_CRAY_SECURE_SYS */
+
+#ifdef AUTHENTICATION
+int	auth_level = 0;
+#endif
+
+extern	int utmp_len;
+int	registerd_host_only = 0;
+
+#ifdef	STREAMSPTY
+# include <stropts.h>
+# include <termios.h>
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif /* HAVE_SYS_UIO_H */
+#ifdef HAVE_SYS_STREAM_H
+#include <sys/stream.h>
+#endif
+#ifdef _AIX
+#include <sys/termio.h>
+#endif
+# ifdef HAVE_SYS_STRTTY_H
+# include <sys/strtty.h>
+# endif
+# ifdef HAVE_SYS_STR_TTY_H
+# include <sys/str_tty.h>
+# endif
+/* make sure we don't get the bsd version */
+/* what is this here for? solaris? /joda */
+# ifdef HAVE_SYS_TTY_H
+# include "/usr/include/sys/tty.h"
+# endif
+# ifdef HAVE_SYS_PTYVAR_H
+# include <sys/ptyvar.h>
+# endif
+
+/*
+ * Because of the way ptyibuf is used with streams messages, we need
+ * ptyibuf+1 to be on a full-word boundary.  The following wierdness
+ * is simply to make that happen.
+ */
+long	ptyibufbuf[BUFSIZ/sizeof(long)+1];
+char	*ptyibuf = ((char *)&ptyibufbuf[1])-1;
+char	*ptyip = ((char *)&ptyibufbuf[1])-1;
+char	ptyibuf2[BUFSIZ];
+unsigned char ctlbuf[BUFSIZ];
+struct	strbuf strbufc, strbufd;
+
+int readstream(int, char*, int);
+
+#else	/* ! STREAMPTY */
+
+/*
+ * I/O data buffers,
+ * pointers, and counters.
+ */
+char	ptyibuf[BUFSIZ], *ptyip = ptyibuf;
+char	ptyibuf2[BUFSIZ];
+
+#endif /* ! STREAMPTY */
+
+int	hostinfo = 1;			/* do we print login banner? */
+
+#ifdef	_CRAY
+extern int      newmap; /* nonzero if \n maps to ^M^J */
+int	lowpty = 0, highpty;	/* low, high pty numbers */
+#endif /* CRAY */
+
+int debug = 0;
+int keepalive = 1;
+char *progname;
+
+extern void usage (void);
+
+/*
+ * The string to pass to getopt().  We do it this way so
+ * that only the actual options that we support will be
+ * passed off to getopt().
+ */
+char valid_opts[] = "Bd:hklnS:u:UL:y"
+#ifdef AUTHENTICATION
+		    "a:X:z"
+#endif
+#ifdef DIAGNOSTICS
+		    "D:"
+#endif
+#ifdef _CRAY
+		    "r:"
+#endif
+		    ;
+
+void doit(struct sockaddr_in*);
+
+int main(int argc, char **argv)
+{
+    struct sockaddr_in from;
+    int on = 1, fromlen;
+    int ch;
+#if	defined(IPPROTO_IP) && defined(IP_TOS)
+    int tos = -1;
+#endif
+#ifdef ENCRYPTION
+    extern int des_check_key;
+    des_check_key = 1;	/* Kludge for Mac NCSA telnet 2.6 /bg */
+#endif
+    pfrontp = pbackp = ptyobuf;
+    netip = netibuf;
+    nfrontp = nbackp = netobuf;
+
+    progname = *argv;
+#ifdef ENCRYPTION
+    nclearto = 0;
+#endif
+
+#ifdef _CRAY
+    /*
+     * Get number of pty's before trying to process options,
+     * which may include changing pty range.
+     */
+    highpty = getnpty();
+#endif /* CRAY */
+
+    while ((ch = getopt(argc, argv, valid_opts)) != EOF) {
+	switch(ch) {
+
+#ifdef	AUTHENTICATION
+	case 'a':
+	    /*
+	     * Check for required authentication level
+	     */
+	    if (strcmp(optarg, "debug") == 0) {
+		auth_debug_mode = 1;
+	    } else if (strcasecmp(optarg, "none") == 0) {
+		auth_level = 0;
+	    } else if (strcasecmp(optarg, "otp") == 0) {
+		auth_level = 0;
+		require_otp = 1;
+	    } else if (strcasecmp(optarg, "other") == 0) {
+		auth_level = AUTH_OTHER;
+	    } else if (strcasecmp(optarg, "user") == 0) {
+		auth_level = AUTH_USER;
+	    } else if (strcasecmp(optarg, "valid") == 0) {
+		auth_level = AUTH_VALID;
+	    } else if (strcasecmp(optarg, "off") == 0) {
+		/*
+		 * This hack turns off authentication
+		 */
+		auth_level = -1;
+	    } else {
+		fprintf(stderr,
+			"telnetd: unknown authorization level for -a\n");
+	    }
+	    break;
+#endif	/* AUTHENTICATION */
+
+	case 'B': /* BFTP mode is not supported any more */
+	    break;
+	case 'd':
+	    if (strcmp(optarg, "ebug") == 0) {
+		debug++;
+		break;
+	    }
+	    usage();
+	    /* NOTREACHED */
+	    break;
+
+#ifdef DIAGNOSTICS
+	case 'D':
+	    /*
+	     * Check for desired diagnostics capabilities.
+	     */
+	    if (!strcmp(optarg, "report")) {
+		diagnostic |= TD_REPORT|TD_OPTIONS;
+	    } else if (!strcmp(optarg, "exercise")) {
+		diagnostic |= TD_EXERCISE;
+	    } else if (!strcmp(optarg, "netdata")) {
+		diagnostic |= TD_NETDATA;
+	    } else if (!strcmp(optarg, "ptydata")) {
+		diagnostic |= TD_PTYDATA;
+	    } else if (!strcmp(optarg, "options")) {
+		diagnostic |= TD_OPTIONS;
+	    } else {
+		usage();
+		/* NOT REACHED */
+	    }
+	    break;
+#endif /* DIAGNOSTICS */
+
+
+	case 'h':
+	    hostinfo = 0;
+	    break;
+
+	case 'k': /* Linemode is not supported any more */
+	case 'l':
+	    break;
+
+	case 'n':
+	    keepalive = 0;
+	    break;
+
+#ifdef _CRAY
+	case 'r':
+	    {
+		char *strchr();
+		char *c;
+
+		/*
+		 * Allow the specification of alterations
+		 * to the pty search range.  It is legal to
+		 * specify only one, and not change the
+		 * other from its default.
+		 */
+		c = strchr(optarg, '-');
+		if (c) {
+		    *c++ = '\0';
+		    highpty = atoi(c);
+		}
+		if (*optarg != '\0')
+		    lowpty = atoi(optarg);
+		if ((lowpty > highpty) || (lowpty < 0) ||
+		    (highpty > 32767)) {
+		    usage();
+		    /* NOT REACHED */
+		}
+		break;
+	    }
+#endif	/* CRAY */
+
+	case 'S':
+#ifdef	HAVE_PARSETOS
+	    if ((tos = parsetos(optarg, "tcp")) < 0)
+		fprintf(stderr, "%s%s%s\n",
+			"telnetd: Bad TOS argument '", optarg,
+			"'; will try to use default TOS");
+#else
+	    fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
+		    "-S flag not supported\n");
+#endif
+	    break;
+
+	case 'u':
+	    utmp_len = atoi(optarg);
+	    break;
+
+	case 'U':
+	    registerd_host_only = 1;
+	    break;
+
+#ifdef	AUTHENTICATION
+	case 'X':
+	    /*
+	     * Check for invalid authentication types
+	     */
+	    auth_disable_name(optarg);
+	    break;
+#endif
+	case 'y':
+	    no_warn = 1;
+	    break;
+#ifdef AUTHENTICATION
+	case 'z':
+	    log_unauth = 1;
+	    break;
+
+#endif	/* AUTHENTICATION */
+
+	case 'L':
+	    new_login = optarg;
+	    break;
+			
+	default:
+	    fprintf(stderr, "telnetd: %c: unknown option\n", ch);
+	    /* FALLTHROUGH */
+	case '?':
+	    usage();
+	    /* NOTREACHED */
+	}
+    }
+
+    argc -= optind;
+    argv += optind;
+
+    if (debug) {
+	int port = 0;
+	struct servent *sp;
+
+	if (argc > 1) {
+	    usage ();
+	} else if (argc == 1) {
+	    sp = roken_getservbyname (*argv, "tcp");
+	    if (sp)
+		port = sp->s_port;
+	    else
+		port = htons(atoi(*argv));
+	} else {
+#ifdef KRB5
+	    port = krb5_getportbyname (NULL, "telnet", "tcp", 23);
+#else
+	    port = k_getportbyname("telnet", "tcp", htons(23));
+#endif
+	}
+	mini_inetd (port);
+    } else if (argc > 0) {
+	usage();
+	/* NOT REACHED */
+    }
+
+#ifdef _SC_CRAY_SECURE_SYS
+    secflag = sysconf(_SC_CRAY_SECURE_SYS);
+
+    /*
+     *	Get socket's security label
+     */
+    if (secflag)  {
+	int szss = sizeof(ss);
+	int sock_multi;
+	int szi = sizeof(int);
+
+	memset(&dv, 0, sizeof(dv));
+
+	if (getsysv(&sysv, sizeof(struct sysv)) != 0) 
+	    fatalperror(net, "getsysv");
+
+	/*
+	 *	Get socket security label and set device values
+	 *	   {security label to be set on ttyp device}
+	 */
+#ifdef SO_SEC_MULTI			/* 8.0 code */
+	if ((getsockopt(0, SOL_SOCKET, SO_SECURITY,
+			(void *)&ss, &szss) < 0) ||
+	    (getsockopt(0, SOL_SOCKET, SO_SEC_MULTI,
+			(void *)&sock_multi, &szi) < 0)) 
+	    fatalperror(net, "getsockopt");
+	else {
+	    dv.dv_actlvl = ss.ss_actlabel.lt_level;
+	    dv.dv_actcmp = ss.ss_actlabel.lt_compart;
+	    if (!sock_multi) {
+		dv.dv_minlvl = dv.dv_maxlvl = dv.dv_actlvl;
+		dv.dv_valcmp = dv.dv_actcmp;
+	    } else {
+		dv.dv_minlvl = ss.ss_minlabel.lt_level;
+		dv.dv_maxlvl = ss.ss_maxlabel.lt_level;
+		dv.dv_valcmp = ss.ss_maxlabel.lt_compart;
+	    }
+	    dv.dv_devflg = 0;
+	}
+#else /* SO_SEC_MULTI */		/* 7.0 code */
+	if (getsockopt(0, SOL_SOCKET, SO_SECURITY,
+		       (void *)&ss, &szss) >= 0) {
+	    dv.dv_actlvl = ss.ss_slevel;
+	    dv.dv_actcmp = ss.ss_compart;
+	    dv.dv_minlvl = ss.ss_minlvl;
+	    dv.dv_maxlvl = ss.ss_maxlvl;
+	    dv.dv_valcmp = ss.ss_maxcmp;
+	}
+#endif /* SO_SEC_MULTI */
+    }
+#endif	/* _SC_CRAY_SECURE_SYS */
+
+    roken_openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
+    fromlen = sizeof (from);
+    if (getpeername(STDIN_FILENO, (struct sockaddr *)&from, &fromlen) < 0) {
+	fprintf(stderr, "%s: ", progname);
+	perror("getpeername");
+	_exit(1);
+    }
+    if (keepalive &&
+	setsockopt(0, SOL_SOCKET, SO_KEEPALIVE,
+		   (void *)&on, sizeof (on)) < 0) {
+	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
+    }
+
+#if	defined(IPPROTO_IP) && defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+    {
+# ifdef HAVE_GETTOSBYNAME
+	struct tosent *tp;
+	if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
+	    tos = tp->t_tos;
+# endif
+	if (tos < 0)
+	    tos = 020;	/* Low Delay bit */
+	if (tos
+	    && (setsockopt(0, IPPROTO_IP, IP_TOS,
+			   (void *)&tos, sizeof(tos)) < 0)
+	    && (errno != ENOPROTOOPT) )
+	    syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
+    }
+#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
+    net = 0;
+    doit(&from);
+    /* NOTREACHED */
+    return 0;
+}  /* end of main */
+
+void
+usage()
+{
+    fprintf(stderr, "Usage: telnetd");
+#ifdef	AUTHENTICATION
+    fprintf(stderr, " [-a (debug|other|otp|user|valid|off|none)]\n\t");
+#endif
+    fprintf(stderr, " [-debug]");
+#ifdef DIAGNOSTICS
+    fprintf(stderr, " [-D (options|report|exercise|netdata|ptydata)]\n\t");
+#endif
+#ifdef	AUTHENTICATION
+    fprintf(stderr, " [-edebug]");
+#endif
+    fprintf(stderr, " [-h]");
+    fprintf(stderr, " [-L login]");
+    fprintf(stderr, " [-n]");
+#ifdef	_CRAY
+    fprintf(stderr, " [-r[lowpty]-[highpty]]");
+#endif
+    fprintf(stderr, "\n\t");
+#ifdef	HAVE_GETTOSBYNAME
+    fprintf(stderr, " [-S tos]");
+#endif
+#ifdef	AUTHENTICATION
+    fprintf(stderr, " [-X auth-type] [-y] [-z]");
+#endif
+    fprintf(stderr, " [-u utmp_hostname_length] [-U]");
+    fprintf(stderr, " [port]\n");
+    exit(1);
+}
+
+/*
+ * getterminaltype
+ *
+ *	Ask the other end to send along its terminal type and speed.
+ * Output is the variable terminaltype filled in.
+ */
+static unsigned char ttytype_sbbuf[] = {
+    IAC, SB, TELOPT_TTYPE, TELQUAL_SEND, IAC, SE
+};
+
+int
+getterminaltype(char *name, size_t name_sz)
+{
+    int retval = -1;
+    void _gettermname();
+
+    settimer(baseline);
+#ifdef AUTHENTICATION
+    /*
+     * Handle the Authentication option before we do anything else.
+     */
+    send_do(TELOPT_AUTHENTICATION, 1);
+    while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
+	ttloop();
+    if (his_state_is_will(TELOPT_AUTHENTICATION)) {
+	retval = auth_wait(name, name_sz);
+    }
+#endif
+
+#ifdef ENCRYPTION
+    send_will(TELOPT_ENCRYPT, 1);
+    send_do(TELOPT_ENCRYPT, 1);	/* esc@magic.fi */
+#endif
+    send_do(TELOPT_TTYPE, 1);
+    send_do(TELOPT_TSPEED, 1);
+    send_do(TELOPT_XDISPLOC, 1);
+    send_do(TELOPT_NEW_ENVIRON, 1);
+    send_do(TELOPT_OLD_ENVIRON, 1);
+    while (
+#ifdef ENCRYPTION
+	   his_do_dont_is_changing(TELOPT_ENCRYPT) ||
+#endif
+	   his_will_wont_is_changing(TELOPT_TTYPE) ||
+	   his_will_wont_is_changing(TELOPT_TSPEED) ||
+	   his_will_wont_is_changing(TELOPT_XDISPLOC) ||
+	   his_will_wont_is_changing(TELOPT_NEW_ENVIRON) ||
+	   his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) {
+	ttloop();
+    }
+#ifdef ENCRYPTION
+    /*
+     * Wait for the negotiation of what type of encryption we can
+     * send with.  If autoencrypt is not set, this will just return.
+     */
+    if (his_state_is_will(TELOPT_ENCRYPT)) {
+	encrypt_wait();
+    }
+#endif
+    if (his_state_is_will(TELOPT_TSPEED)) {
+	static unsigned char sb[] =
+	{ IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
+
+	telnet_net_write (sb, sizeof sb);
+	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+    }
+    if (his_state_is_will(TELOPT_XDISPLOC)) {
+	static unsigned char sb[] =
+	{ IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
+
+	telnet_net_write (sb, sizeof sb);
+	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+    }
+    if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
+	static unsigned char sb[] =
+	{ IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE };
+
+	telnet_net_write (sb, sizeof sb);
+	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+    }
+    else if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
+	static unsigned char sb[] =
+	{ IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE };
+
+	telnet_net_write (sb, sizeof sb);
+	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+    }
+    if (his_state_is_will(TELOPT_TTYPE)) {
+
+	telnet_net_write (ttytype_sbbuf, sizeof ttytype_sbbuf);
+	DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
+				  sizeof ttytype_sbbuf - 2););
+    }
+    if (his_state_is_will(TELOPT_TSPEED)) {
+	while (sequenceIs(tspeedsubopt, baseline))
+	    ttloop();
+    }
+    if (his_state_is_will(TELOPT_XDISPLOC)) {
+	while (sequenceIs(xdisplocsubopt, baseline))
+	    ttloop();
+    }
+    if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
+	while (sequenceIs(environsubopt, baseline))
+	    ttloop();
+    }
+    if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
+	while (sequenceIs(oenvironsubopt, baseline))
+	    ttloop();
+    }
+    if (his_state_is_will(TELOPT_TTYPE)) {
+	char first[256], last[256];
+
+	while (sequenceIs(ttypesubopt, baseline))
+	    ttloop();
+
+	/*
+	 * If the other side has already disabled the option, then
+	 * we have to just go with what we (might) have already gotten.
+	 */
+	if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
+	    strcpy_truncate(first, terminaltype, sizeof(first));
+	    for(;;) {
+		/*
+		 * Save the unknown name, and request the next name.
+		 */
+		strcpy_truncate(last, terminaltype, sizeof(last));
+		_gettermname();
+		if (terminaltypeok(terminaltype))
+		    break;
+		if ((strncmp(last, terminaltype, sizeof(last)) == 0) ||
+		    his_state_is_wont(TELOPT_TTYPE)) {
+		    /*
+		     * We've hit the end.  If this is the same as
+		     * the first name, just go with it.
+		     */
+		    if (strncmp(first, terminaltype, sizeof(first)) == 0)
+			break;
+		    /*
+		     * Get the terminal name one more time, so that
+		     * RFC1091 compliant telnets will cycle back to
+		     * the start of the list.
+		     */
+		    _gettermname();
+		    if (strncmp(first, terminaltype, sizeof(first)) != 0)
+			strcpy(terminaltype, first);
+		    break;
+		}
+	    }
+	}
+    }
+    return(retval);
+}  /* end of getterminaltype */
+
+void
+_gettermname()
+{
+    /*
+     * If the client turned off the option,
+     * we can't send another request, so we
+     * just return.
+     */
+    if (his_state_is_wont(TELOPT_TTYPE))
+	return;
+    settimer(baseline);
+    telnet_net_write (ttytype_sbbuf, sizeof ttytype_sbbuf);
+    DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
+			      sizeof ttytype_sbbuf - 2););
+    while (sequenceIs(ttypesubopt, baseline))
+	ttloop();
+}
+
+int
+terminaltypeok(char *s)
+{
+    return 1;
+}
+
+
+char *hostname;
+char host_name[MaxHostNameLen];
+char remote_host_name[MaxHostNameLen];
+
+/*
+ * Get a pty, scan input lines.
+ */
+void
+doit(struct sockaddr_in *who)
+{
+    char *host = NULL;
+    struct hostent *hp;
+    int level;
+    int ptynum;
+    char user_name[256];
+
+    /*
+     * Find an available pty to use.
+     */
+    ourpty = getpty(&ptynum);
+    if (ourpty < 0)
+	fatal(net, "All network ports in use");
+
+#ifdef _SC_CRAY_SECURE_SYS
+    /*
+     *	set ttyp line security label
+     */
+    if (secflag) {
+	char slave_dev[16];
+
+	snprintf(tty_dev, sizeof(tty_dev), "/dev/pty/%03d", ptynum);
+	if (setdevs(tty_dev, &dv) < 0)
+	    fatal(net, "cannot set pty security");
+	snprintf(slave_dev, sizeof(slave_dev), "/dev/ttyp%03d", ptynum);
+	if (setdevs(slave_dev, &dv) < 0)
+	    fatal(net, "cannot set tty security");
+    }
+#endif	/* _SC_CRAY_SECURE_SYS */
+
+    /* get name of connected client */
+    hp = roken_gethostbyaddr((const char *)&who->sin_addr,
+		       sizeof (struct in_addr),
+		       who->sin_family);
+
+    if (hp == NULL && registerd_host_only) {
+	fatal(net, "Couldn't resolve your address into a host name.\r\n\
+Please contact your net administrator");
+    } else if (hp) {
+	host = hp->h_name;
+    } else {
+	host = inet_ntoa(who->sin_addr);
+    }
+    /*
+     * We must make a copy because Kerberos is probably going
+     * to also do a gethost* and overwrite the static data...
+     */
+    strcpy_truncate(remote_host_name, host, sizeof(remote_host_name));
+    host = remote_host_name;
+
+    /* XXX - should be k_gethostname? */
+    gethostname(host_name, sizeof (host_name));
+    hostname = host_name;
+
+    /* Only trim if too long (and possible) */
+    if (strlen(remote_host_name) > abs(utmp_len)) {
+	char *domain = strchr(host_name, '.');
+	char *p = strchr(remote_host_name, '.');
+	if (domain && p && (strcmp(p, domain) == 0))
+	    *p = 0; /* remove domain part */
+    }
+
+
+    /*
+     * If hostname still doesn't fit utmp, use ipaddr.
+     */
+    if (strlen(remote_host_name) > abs(utmp_len))
+	strcpy_truncate(remote_host_name,
+		inet_ntoa(who->sin_addr),
+		sizeof(remote_host_name));
+
+#ifdef AUTHENTICATION
+    auth_encrypt_init(hostname, host, "TELNETD", 1);
+#endif
+
+    init_env();
+    /*
+     * get terminal type.
+     */
+    *user_name = 0;
+    level = getterminaltype(user_name, sizeof(user_name));
+    setenv("TERM", terminaltype ? terminaltype : "network", 1);
+
+#ifdef _SC_CRAY_SECURE_SYS
+    if (secflag) {
+	if (setulvl(dv.dv_actlvl) < 0)
+	    fatal(net,"cannot setulvl()");
+	if (setucmp(dv.dv_actcmp) < 0)
+	    fatal(net, "cannot setucmp()");
+    }
+#endif	/* _SC_CRAY_SECURE_SYS */
+
+    /* begin server processing */
+    my_telnet(net, ourpty, host, level, user_name);
+    /*NOTREACHED*/
+}  /* end of doit */
+
+/* output contents of /etc/issue.net, or /etc/issue */
+static void
+show_issue(void)
+{
+    FILE *f;
+    char buf[128];
+    f = fopen("/etc/issue.net", "r");
+    if(f == NULL)
+	f = fopen("/etc/issue", "r");
+    if(f){
+	while(fgets(buf, sizeof(buf)-2, f)){
+	    strcpy(buf + strcspn(buf, "\r\n"), "\r\n");
+	    writenet((unsigned char*)buf, strlen(buf));
+	}
+	fclose(f);
+    }
+}
+
+/*
+ * Main loop.  Select from pty and network, and
+ * hand data to telnet receiver finite state machine.
+ */
+void
+my_telnet(int f, int p, char *host, int level, char *autoname)
+{
+    int on = 1;
+    char *he;
+    char *IM;
+    int nfd;
+    int startslave_called = 0;
+    time_t timeout;
+
+    /*
+     * Initialize the slc mapping table.
+     */
+    get_slc_defaults();
+
+    /*
+     * Do some tests where it is desireable to wait for a response.
+     * Rather than doing them slowly, one at a time, do them all
+     * at once.
+     */
+    if (my_state_is_wont(TELOPT_SGA))
+	send_will(TELOPT_SGA, 1);
+    /*
+     * Is the client side a 4.2 (NOT 4.3) system?  We need to know this
+     * because 4.2 clients are unable to deal with TCP urgent data.
+     *
+     * To find out, we send out a "DO ECHO".  If the remote system
+     * answers "WILL ECHO" it is probably a 4.2 client, and we note
+     * that fact ("WILL ECHO" ==> that the client will echo what
+     * WE, the server, sends it; it does NOT mean that the client will
+     * echo the terminal input).
+     */
+    send_do(TELOPT_ECHO, 1);
+
+    /*
+     * Send along a couple of other options that we wish to negotiate.
+     */
+    send_do(TELOPT_NAWS, 1);
+    send_will(TELOPT_STATUS, 1);
+    flowmode = 1;		/* default flow control state */
+    restartany = -1;	/* uninitialized... */
+    send_do(TELOPT_LFLOW, 1);
+
+    /*
+     * Spin, waiting for a response from the DO ECHO.  However,
+     * some REALLY DUMB telnets out there might not respond
+     * to the DO ECHO.  So, we spin looking for NAWS, (most dumb
+     * telnets so far seem to respond with WONT for a DO that
+     * they don't understand...) because by the time we get the
+     * response, it will already have processed the DO ECHO.
+     * Kludge upon kludge.
+     */
+    while (his_will_wont_is_changing(TELOPT_NAWS))
+	ttloop();
+
+    /*
+     * But...
+     * The client might have sent a WILL NAWS as part of its
+     * startup code; if so, we'll be here before we get the
+     * response to the DO ECHO.  We'll make the assumption
+     * that any implementation that understands about NAWS
+     * is a modern enough implementation that it will respond
+     * to our DO ECHO request; hence we'll do another spin
+     * waiting for the ECHO option to settle down, which is
+     * what we wanted to do in the first place...
+     */
+    if (his_want_state_is_will(TELOPT_ECHO) &&
+	his_state_is_will(TELOPT_NAWS)) {
+	while (his_will_wont_is_changing(TELOPT_ECHO))
+	    ttloop();
+    }
+    /*
+     * On the off chance that the telnet client is broken and does not
+     * respond to the DO ECHO we sent, (after all, we did send the
+     * DO NAWS negotiation after the DO ECHO, and we won't get here
+     * until a response to the DO NAWS comes back) simulate the
+     * receipt of a will echo.  This will also send a WONT ECHO
+     * to the client, since we assume that the client failed to
+     * respond because it believes that it is already in DO ECHO
+     * mode, which we do not want.
+     */
+    if (his_want_state_is_will(TELOPT_ECHO)) {
+	DIAG(TD_OPTIONS,
+	     {output_data("td: simulating recv\r\n");
+	     });
+	willoption(TELOPT_ECHO);
+    }
+
+    /*
+     * Finally, to clean things up, we turn on our echo.  This
+     * will break stupid 4.2 telnets out of local terminal echo.
+     */
+
+    if (my_state_is_wont(TELOPT_ECHO))
+	send_will(TELOPT_ECHO, 1);
+
+#ifdef TIOCPKT
+#ifdef	STREAMSPTY
+    if (!really_stream)
+#endif
+	/*
+	 * Turn on packet mode
+	 */
+	ioctl(p, TIOCPKT, (char *)&on);
+#endif
+
+
+    /*
+     * Call telrcv() once to pick up anything received during
+     * terminal type negotiation, 4.2/4.3 determination, and
+     * linemode negotiation.
+     */
+    telrcv();
+
+    ioctl(f, FIONBIO, (char *)&on);
+    ioctl(p, FIONBIO, (char *)&on);
+
+#if	defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
+    setsockopt(net, SOL_SOCKET, SO_OOBINLINE,
+	       (void *)&on, sizeof on);
+#endif	/* defined(SO_OOBINLINE) */
+
+#ifdef	SIGTSTP
+    signal(SIGTSTP, SIG_IGN);
+#endif
+#ifdef	SIGTTOU
+    /*
+     * Ignoring SIGTTOU keeps the kernel from blocking us
+     * in ttioct() in /sys/tty.c.
+     */
+    signal(SIGTTOU, SIG_IGN);
+#endif
+
+    signal(SIGCHLD, cleanup);
+
+#ifdef  TIOCNOTTY
+    {
+	int t;
+	t = open(_PATH_TTY, O_RDWR);
+	if (t >= 0) {
+	    ioctl(t, TIOCNOTTY, (char *)0);
+	    close(t);
+	}
+    }
+#endif
+
+    show_issue();
+    /*
+     * Show banner that getty never gave.
+     *
+     * We put the banner in the pty input buffer.  This way, it
+     * gets carriage return null processing, etc., just like all
+     * other pty --> client data.
+     */
+
+    if (getenv("USER"))
+	hostinfo = 0;
+
+    IM = DEFAULT_IM;
+    he = 0;
+    edithost(he, host_name);
+    if (hostinfo && *IM)
+	putf(IM, ptyibuf2);
+
+    if (pcc)
+	strncat(ptyibuf2, ptyip, pcc+1);
+    ptyip = ptyibuf2;
+    pcc = strlen(ptyip);
+
+    DIAG(TD_REPORT, {
+	output_data("td: Entering processing loop\r\n");
+    });
+
+
+    nfd = ((f > p) ? f : p) + 1;
+    timeout = time(NULL) + 5;
+    for (;;) {
+	fd_set ibits, obits, xbits;
+	int c;
+
+	/* wait for encryption to be turned on, but don't wait
+           indefinitely */
+	if(!startslave_called && (!encrypt_delay() || timeout > time(NULL))){
+	    startslave_called = 1;
+	    startslave(host, level, autoname);
+	}
+
+	if (ncc < 0 && pcc < 0)
+	    break;
+
+	FD_ZERO(&ibits);
+	FD_ZERO(&obits);
+	FD_ZERO(&xbits);
+	/*
+	 * Never look for input if there's still
+	 * stuff in the corresponding output buffer
+	 */
+	if (nfrontp - nbackp || pcc > 0) {
+	    FD_SET(f, &obits);
+	} else {
+	    FD_SET(p, &ibits);
+	}
+	if (pfrontp - pbackp || ncc > 0) {
+	    FD_SET(p, &obits);
+	} else {
+	    FD_SET(f, &ibits);
+	}
+	if (!SYNCHing) {
+	    FD_SET(f, &xbits);
+	}
+	if ((c = select(nfd, &ibits, &obits, &xbits,
+			(struct timeval *)0)) < 1) {
+	    if (c == -1) {
+		if (errno == EINTR) {
+		    continue;
+		}
+	    }
+	    sleep(5);
+	    continue;
+	}
+
+	/*
+	 * Any urgent data?
+	 */
+	if (FD_ISSET(net, &xbits)) {
+	    SYNCHing = 1;
+	}
+
+	/*
+	 * Something to read from the network...
+	 */
+	if (FD_ISSET(net, &ibits)) {
+#ifndef SO_OOBINLINE
+	    /*
+	     * In 4.2 (and 4.3 beta) systems, the
+	     * OOB indication and data handling in the kernel
+	     * is such that if two separate TCP Urgent requests
+	     * come in, one byte of TCP data will be overlaid.
+	     * This is fatal for Telnet, but we try to live
+	     * with it.
+	     *
+	     * In addition, in 4.2 (and...), a special protocol
+	     * is needed to pick up the TCP Urgent data in
+	     * the correct sequence.
+	     *
+	     * What we do is:  if we think we are in urgent
+	     * mode, we look to see if we are "at the mark".
+	     * If we are, we do an OOB receive.  If we run
+	     * this twice, we will do the OOB receive twice,
+	     * but the second will fail, since the second
+	     * time we were "at the mark", but there wasn't
+	     * any data there (the kernel doesn't reset
+	     * "at the mark" until we do a normal read).
+	     * Once we've read the OOB data, we go ahead
+	     * and do normal reads.
+	     *
+	     * There is also another problem, which is that
+	     * since the OOB byte we read doesn't put us
+	     * out of OOB state, and since that byte is most
+	     * likely the TELNET DM (data mark), we would
+	     * stay in the TELNET SYNCH (SYNCHing) state.
+	     * So, clocks to the rescue.  If we've "just"
+	     * received a DM, then we test for the
+	     * presence of OOB data when the receive OOB
+	     * fails (and AFTER we did the normal mode read
+	     * to clear "at the mark").
+	     */
+	    if (SYNCHing) {
+		int atmark;
+
+		ioctl(net, SIOCATMARK, (char *)&atmark);
+		if (atmark) {
+		    ncc = recv(net, netibuf, sizeof (netibuf), MSG_OOB);
+		    if ((ncc == -1) && (errno == EINVAL)) {
+			ncc = read(net, netibuf, sizeof (netibuf));
+			if (sequenceIs(didnetreceive, gotDM)) {
+			    SYNCHing = stilloob(net);
+			}
+		    }
+		} else {
+		    ncc = read(net, netibuf, sizeof (netibuf));
+		}
+	    } else {
+		ncc = read(net, netibuf, sizeof (netibuf));
+	    }
+	    settimer(didnetreceive);
+#else	/* !defined(SO_OOBINLINE)) */
+	    ncc = read(net, netibuf, sizeof (netibuf));
+#endif	/* !defined(SO_OOBINLINE)) */
+	    if (ncc < 0 && errno == EWOULDBLOCK)
+		ncc = 0;
+	    else {
+		if (ncc <= 0) {
+		    break;
+		}
+		netip = netibuf;
+	    }
+	    DIAG((TD_REPORT | TD_NETDATA), {
+		output_data("td: netread %d chars\r\n", ncc);
+		});
+	    DIAG(TD_NETDATA, printdata("nd", netip, ncc));
+	}
+
+	/*
+	 * Something to read from the pty...
+	 */
+	if (FD_ISSET(p, &ibits)) {
+#ifdef STREAMSPTY
+	    if (really_stream)
+		pcc = readstream(p, ptyibuf, BUFSIZ);
+	    else
+#endif
+		pcc = read(p, ptyibuf, BUFSIZ);
+
+	    /*
+	     * On some systems, if we try to read something
+	     * off the master side before the slave side is
+	     * opened, we get EIO.
+	     */
+	    if (pcc < 0 && (errno == EWOULDBLOCK ||
+#ifdef	EAGAIN
+			    errno == EAGAIN ||
+#endif
+			    errno == EIO)) {
+		pcc = 0;
+	    } else {
+		if (pcc <= 0)
+		    break;
+		if (ptyibuf[0] & TIOCPKT_FLUSHWRITE) {
+		    netclear();	/* clear buffer back */
+#ifndef	NO_URGENT
+		    /*
+		     * There are client telnets on some
+		     * operating systems get screwed up
+		     * royally if we send them urgent
+		     * mode data.
+		     */
+		    output_data ("%c%c", IAC, DM);
+
+		    neturg = nfrontp-1; /* off by one XXX */
+		    DIAG(TD_OPTIONS,
+			 printoption("td: send IAC", DM));
+
+#endif
+		}
+		if (his_state_is_will(TELOPT_LFLOW) &&
+		    (ptyibuf[0] &
+		     (TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))) {
+		    int newflow =
+			ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
+		    if (newflow != flowmode) {
+			flowmode = newflow;
+			output_data("%c%c%c%c%c%c",
+				    IAC, SB, TELOPT_LFLOW,
+				    flowmode ? LFLOW_ON
+				    : LFLOW_OFF,
+				    IAC, SE);
+			DIAG(TD_OPTIONS, printsub('>',
+						  (unsigned char *)nfrontp-4,
+						  4););
+		    }
+		}
+		pcc--;
+		ptyip = ptyibuf+1;
+	    }
+	}
+
+	while (pcc > 0) {
+	    if ((&netobuf[BUFSIZ] - nfrontp) < 3)
+		break;
+	    c = *ptyip++ & 0377, pcc--;
+	    if (c == IAC)
+		*nfrontp++ = c;
+	    *nfrontp++ = c;
+	    if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) {
+		if (pcc > 0 && ((*ptyip & 0377) == '\n')) {
+		    *nfrontp++ = *ptyip++ & 0377;
+		    pcc--;
+		} else
+		    *nfrontp++ = '\0';
+	    }
+	}
+
+	if (FD_ISSET(f, &obits) && (nfrontp - nbackp) > 0)
+	    netflush();
+	if (ncc > 0)
+	    telrcv();
+	if (FD_ISSET(p, &obits) && (pfrontp - pbackp) > 0)
+	    ptyflush();
+    }
+    cleanup(0);
+}
+
+#ifndef	TCSIG
+# ifdef	TIOCSIG
+#  define TCSIG TIOCSIG
+# endif
+#endif
+
+#ifdef	STREAMSPTY
+
+    int flowison = -1;  /* current state of flow: -1 is unknown */
+
+int
+readstream(int p, char *ibuf, int bufsize)
+{
+    int flags = 0;
+    int ret = 0;
+    struct termios *tsp;
+#if 0
+    struct termio *tp;
+#endif
+    struct iocblk *ip;
+    char vstop, vstart;
+    int ixon;
+    int newflow;
+
+    strbufc.maxlen = BUFSIZ;
+    strbufc.buf = (char *)ctlbuf;
+    strbufd.maxlen = bufsize-1;
+    strbufd.len = 0;
+    strbufd.buf = ibuf+1;
+    ibuf[0] = 0;
+
+    ret = getmsg(p, &strbufc, &strbufd, &flags);
+    if (ret < 0)  /* error of some sort -- probably EAGAIN */
+	return(-1);
+
+    if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) {
+	/* data message */
+	if (strbufd.len > 0) {			/* real data */
+	    return(strbufd.len + 1);	/* count header char */
+	} else {
+	    /* nothing there */
+	    errno = EAGAIN;
+	    return(-1);
+	}
+    }
+
+    /*
+     * It's a control message.  Return 1, to look at the flag we set
+     */
+
+    switch (ctlbuf[0]) {
+    case M_FLUSH:
+	if (ibuf[1] & FLUSHW)
+	    ibuf[0] = TIOCPKT_FLUSHWRITE;
+	return(1);
+
+    case M_IOCTL:
+	ip = (struct iocblk *) (ibuf+1);
+
+	switch (ip->ioc_cmd) {
+#ifdef TCSETS
+	case TCSETS:
+	case TCSETSW:
+	case TCSETSF:
+	    tsp = (struct termios *)
+		(ibuf+1 + sizeof(struct iocblk));
+	    vstop = tsp->c_cc[VSTOP];
+	    vstart = tsp->c_cc[VSTART];
+	    ixon = tsp->c_iflag & IXON;
+	    break;
+#endif
+#if 0
+	case TCSETA:
+	case TCSETAW:
+	case TCSETAF:
+	    tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk));
+	    vstop = tp->c_cc[VSTOP];
+	    vstart = tp->c_cc[VSTART];
+	    ixon = tp->c_iflag & IXON;
+	    break;
+#endif
+	default:
+	    errno = EAGAIN;
+	    return(-1);
+	}
+
+	newflow =  (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0;
+	if (newflow != flowison) {  /* it's a change */
+	    flowison = newflow;
+	    ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP;
+	    return(1);
+	}
+    }
+
+    /* nothing worth doing anything about */
+    errno = EAGAIN;
+    return(-1);
+}
+#endif /* STREAMSPTY */
+
+/*
+ * Send interrupt to process on other side of pty.
+ * If it is in raw mode, just write NULL;
+ * otherwise, write intr char.
+ */
+void
+interrupt()
+{
+    ptyflush();	/* half-hearted */
+
+#if defined(STREAMSPTY) && defined(TIOCSIGNAL)
+    /* Streams PTY style ioctl to post a signal */
+    if (really_stream)
+	{
+	    int sig = SIGINT;
+	    ioctl(ourpty, TIOCSIGNAL, &sig);
+	    ioctl(ourpty, I_FLUSH, FLUSHR);
+	}
+#else
+#ifdef	TCSIG
+    ioctl(ourpty, TCSIG, (char *)SIGINT);
+#else	/* TCSIG */
+    init_termbuf();
+    *pfrontp++ = slctab[SLC_IP].sptr ?
+	(unsigned char)*slctab[SLC_IP].sptr : '\177';
+#endif	/* TCSIG */
+#endif
+}
+
+/*
+ * Send quit to process on other side of pty.
+ * If it is in raw mode, just write NULL;
+ * otherwise, write quit char.
+ */
+void
+sendbrk()
+{
+    ptyflush();	/* half-hearted */
+#ifdef	TCSIG
+    ioctl(ourpty, TCSIG, (char *)SIGQUIT);
+#else	/* TCSIG */
+    init_termbuf();
+    *pfrontp++ = slctab[SLC_ABORT].sptr ?
+	(unsigned char)*slctab[SLC_ABORT].sptr : '\034';
+#endif	/* TCSIG */
+}
+
+void
+sendsusp()
+{
+#ifdef	SIGTSTP
+    ptyflush();	/* half-hearted */
+# ifdef	TCSIG
+    ioctl(ourpty, TCSIG, (char *)SIGTSTP);
+# else	/* TCSIG */
+    *pfrontp++ = slctab[SLC_SUSP].sptr ?
+	(unsigned char)*slctab[SLC_SUSP].sptr : '\032';
+# endif	/* TCSIG */
+#endif	/* SIGTSTP */
+}
+
+/*
+ * When we get an AYT, if ^T is enabled, use that.  Otherwise,
+ * just send back "[Yes]".
+ */
+void
+recv_ayt()
+{
+#if	defined(SIGINFO) && defined(TCSIG)
+    if (slctab[SLC_AYT].sptr && *slctab[SLC_AYT].sptr != _POSIX_VDISABLE) {
+	ioctl(ourpty, TCSIG, (char *)SIGINFO);
+	return;
+    }
+#endif
+    output_data("\r\n[Yes]\r\n");
+}
+
+void
+doeof()
+{
+    init_termbuf();
+
+    *pfrontp++ = slctab[SLC_EOF].sptr ?
+	(unsigned char)*slctab[SLC_EOF].sptr : '\004';
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h
new file mode 100644
index 0000000..5ad5bd8
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h
@@ -0,0 +1,224 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)telnetd.h	8.1 (Berkeley) 6/4/93
+ */
+
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif /* HAVE_SYS_RESOURCE_H */
+
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+/* including both <sys/ioctl.h> and <termios.h> in SunOS 4 generates a
+   lot of warnings */
+
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#include <signal.h>
+#include <errno.h>
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#include <ctype.h>
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include <termios.h>
+
+#ifdef HAVE_PTY_H
+#include <pty.h>
+#endif
+
+#include "defs.h"
+
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+
+#ifndef _POSIX_VDISABLE
+# ifdef VDISABLE
+#  define _POSIX_VDISABLE VDISABLE
+# else
+#  define _POSIX_VDISABLE ((unsigned char)'\377')
+# endif
+#endif
+
+
+#ifdef HAVE_SYS_PTY_H
+#include <sys/pty.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+#ifdef HAVE_SYS_PTYIO_H
+#include <sys/ptyio.h>
+#endif
+
+#ifdef HAVE_SYS_UTSNAME_H
+#include <sys/utsname.h>
+#endif
+
+#include "ext.h"
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
+#endif
+
+#ifdef KRB4
+#include <des.h>
+#include <krb.h>
+#endif
+
+#ifdef AUTHENTICATION
+#include <libtelnet/auth.h>
+#include <libtelnet/misc.h>
+#ifdef ENCRYPTION
+#include <libtelnet/encrypt.h>
+#endif
+#endif
+
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
+
+#include <roken.h>
+
+/* Don't use the system login, use our version instead */
+
+/* BINDIR should be defined somewhere else... */
+
+#ifndef BINDIR
+#define BINDIR "/usr/athena/bin"
+#endif
+
+#undef _PATH_LOGIN
+#define _PATH_LOGIN	BINDIR "/login"
+
+/* fallbacks */
+
+#ifndef _PATH_DEV
+#define _PATH_DEV "/dev/"
+#endif
+
+#ifndef _PATH_TTY
+#define _PATH_TTY "/dev/tty"
+#endif /* _PATH_TTY */
+
+#ifdef	DIAGNOSTICS
+#define	DIAG(a,b)	if (diagnostic & (a)) b
+#else
+#define	DIAG(a,b)
+#endif
+
+/* other external variables */
+extern	char **environ;
+
+/* prototypes */
+
+/* appends data to nfrontp and advances */
+int output_data (const char *format, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/termstat.c b/crypto/kerberosIV/appl/telnet/telnetd/termstat.c
new file mode 100644
index 0000000..80ee145
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/termstat.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: termstat.c,v 1.11 1997/05/11 06:30:04 assar Exp $");
+
+/*
+ * local variables
+ */
+int def_tspeed = -1, def_rspeed = -1;
+#ifdef	TIOCSWINSZ
+int def_row = 0, def_col = 0;
+#endif
+
+/*
+ * flowstat
+ *
+ * Check for changes to flow control
+ */
+void
+flowstat()
+{
+    if (his_state_is_will(TELOPT_LFLOW)) {
+	if (tty_flowmode() != flowmode) {
+	    flowmode = tty_flowmode();
+	    output_data("%c%c%c%c%c%c",
+			IAC, SB, TELOPT_LFLOW,
+			flowmode ? LFLOW_ON : LFLOW_OFF,
+			IAC, SE);
+	}
+	if (tty_restartany() != restartany) {
+	    restartany = tty_restartany();
+	    output_data("%c%c%c%c%c%c",
+			IAC, SB, TELOPT_LFLOW,
+			restartany ? LFLOW_RESTART_ANY
+			: LFLOW_RESTART_XON,
+			IAC, SE);
+	}
+    }
+}
+
+/*
+ * clientstat
+ *
+ * Process linemode related requests from the client.
+ * Client can request a change to only one of linemode, editmode or slc's
+ * at a time, and if using kludge linemode, then only linemode may be
+ * affected.
+ */
+void
+clientstat(int code, int parm1, int parm2)
+{
+    void netflush();
+
+    /*
+     * Get a copy of terminal characteristics.
+     */
+    init_termbuf();
+
+    /*
+     * Process request from client. code tells what it is.
+     */
+    switch (code) {
+    case TELOPT_NAWS:
+#ifdef	TIOCSWINSZ
+	{
+	    struct winsize ws;
+
+	    def_col = parm1;
+	    def_row = parm2;
+
+	    /*
+	     * Change window size as requested by client.
+	     */
+
+	    ws.ws_col = parm1;
+	    ws.ws_row = parm2;
+	    ioctl(ourpty, TIOCSWINSZ, (char *)&ws);
+	}
+#endif	/* TIOCSWINSZ */
+
+    break;
+
+    case TELOPT_TSPEED:
+	{
+	    def_tspeed = parm1;
+	    def_rspeed = parm2;
+	    /*
+	     * Change terminal speed as requested by client.
+	     * We set the receive speed first, so that if we can't
+	     * store seperate receive and transmit speeds, the transmit
+	     * speed will take precedence.
+	     */
+	    tty_rspeed(parm2);
+	    tty_tspeed(parm1);
+	    set_termbuf();
+
+	    break;
+
+	}  /* end of case TELOPT_TSPEED */
+
+    default:
+	/* What? */
+	break;
+    }  /* end of switch */
+
+    netflush();
+
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/utility.c b/crypto/kerberosIV/appl/telnet/telnetd/utility.c
new file mode 100644
index 0000000..cfca89a
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/utility.c
@@ -0,0 +1,1157 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#define PRINTOPTIONS
+#include "telnetd.h"
+
+RCSID("$Id: utility.c,v 1.20 1998/06/13 00:06:56 assar Exp $");
+
+/*
+ * utility functions performing io related tasks
+ */
+
+/*
+ * ttloop
+ *
+ * A small subroutine to flush the network output buffer, get some
+ * data from the network, and pass it through the telnet state
+ * machine.  We also flush the pty input buffer (by dropping its data)
+ * if it becomes too full.
+ */
+
+void
+ttloop(void)
+{
+    void netflush(void);
+    
+    DIAG(TD_REPORT, {
+	output_data("td: ttloop\r\n");
+    });
+    if (nfrontp-nbackp)
+	netflush();
+    ncc = read(net, netibuf, sizeof netibuf);
+    if (ncc < 0) {
+	syslog(LOG_INFO, "ttloop:  read: %m\n");
+	exit(1);
+    } else if (ncc == 0) {
+	syslog(LOG_INFO, "ttloop:  peer died: %m\n");
+	exit(1);
+    }
+    DIAG(TD_REPORT, {
+	output_data("td: ttloop read %d chars\r\n", ncc);
+    });
+    netip = netibuf;
+    telrcv();			/* state machine */
+    if (ncc > 0) {
+	pfrontp = pbackp = ptyobuf;
+	telrcv();
+    }
+}  /* end of ttloop */
+
+/*
+ * Check a descriptor to see if out of band data exists on it.
+ */
+int
+stilloob(int s)
+{
+    static struct timeval timeout = { 0 };
+    fd_set	excepts;
+    int value;
+
+    do {
+	FD_ZERO(&excepts);
+	FD_SET(s, &excepts);
+	value = select(s+1, 0, 0, &excepts, &timeout);
+    } while ((value == -1) && (errno == EINTR));
+
+    if (value < 0) {
+	fatalperror(ourpty, "select");
+    }
+    if (FD_ISSET(s, &excepts)) {
+	return 1;
+    } else {
+	return 0;
+    }
+}
+
+void
+ptyflush(void)
+{
+    int n;
+
+    if ((n = pfrontp - pbackp) > 0) {
+	DIAG((TD_REPORT | TD_PTYDATA), { 
+	    output_data("td: ptyflush %d chars\r\n", n);
+	});
+	DIAG(TD_PTYDATA, printdata("pd", pbackp, n));
+	n = write(ourpty, pbackp, n);
+    }
+    if (n < 0) {
+	if (errno == EWOULDBLOCK || errno == EINTR)
+	    return;
+	cleanup(0);
+    }
+    pbackp += n;
+    if (pbackp == pfrontp)
+	pbackp = pfrontp = ptyobuf;
+}
+
+/*
+ * nextitem()
+ *
+ *	Return the address of the next "item" in the TELNET data
+ * stream.  This will be the address of the next character if
+ * the current address is a user data character, or it will
+ * be the address of the character following the TELNET command
+ * if the current address is a TELNET IAC ("I Am a Command")
+ * character.
+ */
+char *
+nextitem(char *current)
+{
+    if ((*current&0xff) != IAC) {
+	return current+1;
+    }
+    switch (*(current+1)&0xff) {
+    case DO:
+    case DONT:
+    case WILL:
+    case WONT:
+	return current+3;
+    case SB:{
+	/* loop forever looking for the SE */
+	char *look = current+2;
+
+	for (;;) {
+	    if ((*look++&0xff) == IAC) {
+		if ((*look++&0xff) == SE) {
+		    return look;
+		}
+	    }
+	}
+    }
+    default:
+	return current+2;
+    }
+}
+
+
+/*
+ * netclear()
+ *
+ *	We are about to do a TELNET SYNCH operation.  Clear
+ * the path to the network.
+ *
+ *	Things are a bit tricky since we may have sent the first
+ * byte or so of a previous TELNET command into the network.
+ * So, we have to scan the network buffer from the beginning
+ * until we are up to where we want to be.
+ *
+ *	A side effect of what we do, just to keep things
+ * simple, is to clear the urgent data pointer.  The principal
+ * caller should be setting the urgent data pointer AFTER calling
+ * us in any case.
+ */
+void
+netclear(void)
+{
+    char *thisitem, *next;
+    char *good;
+#define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
+			 ((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
+
+#ifdef ENCRYPTION
+	thisitem = nclearto > netobuf ? nclearto : netobuf;
+#else
+	thisitem = netobuf;
+#endif
+
+	while ((next = nextitem(thisitem)) <= nbackp) {
+	    thisitem = next;
+	}
+
+	/* Now, thisitem is first before/at boundary. */
+
+#ifdef ENCRYPTION
+	good = nclearto > netobuf ? nclearto : netobuf;
+#else
+	good = netobuf;	/* where the good bytes go */
+#endif
+
+	while (nfrontp > thisitem) {
+	    if (wewant(thisitem)) {
+		int length;
+
+		next = thisitem;
+		do {
+		    next = nextitem(next);
+		} while (wewant(next) && (nfrontp > next));
+		length = next-thisitem;
+		memmove(good, thisitem, length);
+		good += length;
+		thisitem = next;
+	    } else {
+		thisitem = nextitem(thisitem);
+	    }
+	}
+
+	nbackp = netobuf;
+	nfrontp = good;		/* next byte to be sent */
+	neturg = 0;
+}  /* end of netclear */
+
+/*
+ *  netflush
+ *		Send as much data as possible to the network,
+ *	handling requests for urgent data.
+ */
+void
+netflush(void)
+{
+    int n;
+    extern int not42;
+
+    if ((n = nfrontp - nbackp) > 0) {
+	DIAG(TD_REPORT,
+	     { n += output_data("td: netflush %d chars\r\n", n);
+	     });
+#ifdef ENCRYPTION
+	if (encrypt_output) {
+	    char *s = nclearto ? nclearto : nbackp;
+	    if (nfrontp - s > 0) {
+		(*encrypt_output)((unsigned char *)s, nfrontp-s);
+		nclearto = nfrontp;
+	    }
+	}
+#endif
+	/*
+	 * if no urgent data, or if the other side appears to be an
+	 * old 4.2 client (and thus unable to survive TCP urgent data),
+	 * write the entire buffer in non-OOB mode.
+	 */
+#if 1 /* remove this to make it work between solaris 2.6 and linux */
+	if ((neturg == 0) || (not42 == 0)) {
+#endif
+	    n = write(net, nbackp, n);	/* normal write */
+#if 1 /* remove this to make it work between solaris 2.6 and linux */
+	} else {
+	    n = neturg - nbackp;
+	    /*
+	     * In 4.2 (and 4.3) systems, there is some question about
+	     * what byte in a sendOOB operation is the "OOB" data.
+	     * To make ourselves compatible, we only send ONE byte
+	     * out of band, the one WE THINK should be OOB (though
+	     * we really have more the TCP philosophy of urgent data
+	     * rather than the Unix philosophy of OOB data).
+	     */
+	    if (n > 1) {
+		n = send(net, nbackp, n-1, 0);	/* send URGENT all by itself */
+	    } else {
+		n = send(net, nbackp, n, MSG_OOB);	/* URGENT data */
+	    }
+	}
+#endif
+    }
+    if (n < 0) {
+	if (errno == EWOULDBLOCK || errno == EINTR)
+	    return;
+	cleanup(0);
+    }
+    nbackp += n;
+#ifdef ENCRYPTION
+    if (nbackp > nclearto)
+	nclearto = 0;
+#endif
+    if (nbackp >= neturg) {
+	neturg = 0;
+    }
+    if (nbackp == nfrontp) {
+	nbackp = nfrontp = netobuf;
+#ifdef ENCRYPTION
+	nclearto = 0;
+#endif
+    }
+    return;
+}
+
+
+/*
+ * writenet
+ *
+ * Just a handy little function to write a bit of raw data to the net.
+ * It will force a transmit of the buffer if necessary
+ *
+ * arguments
+ *    ptr - A pointer to a character string to write
+ *    len - How many bytes to write
+ */
+void
+writenet(unsigned char *ptr, int len)
+{
+    /* flush buffer if no room for new data) */
+    while ((&netobuf[BUFSIZ] - nfrontp) < len) {
+	/* if this fails, don't worry, buffer is a little big */
+	netflush();
+    }
+
+    memmove(nfrontp, ptr, len);
+    nfrontp += len;
+}
+
+
+/*
+ * miscellaneous functions doing a variety of little jobs follow ...
+ */
+
+
+void fatal(int f, char *msg)
+{
+    char buf[BUFSIZ];
+
+    snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg);
+#ifdef ENCRYPTION
+    if (encrypt_output) {
+	/*
+	 * Better turn off encryption first....
+	 * Hope it flushes...
+	 */
+	encrypt_send_end();
+	netflush();
+    }
+#endif
+    write(f, buf, (int)strlen(buf));
+    sleep(1);	/*XXX*/
+    exit(1);
+}
+
+void
+fatalperror(int f, const char *msg)
+{
+    char buf[BUFSIZ];
+    
+    snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(errno));
+    fatal(f, buf);
+}
+
+char editedhost[32];
+
+void edithost(char *pat, char *host)
+{
+    char *res = editedhost;
+
+    if (!pat)
+	pat = "";
+    while (*pat) {
+	switch (*pat) {
+
+	case '#':
+	    if (*host)
+		host++;
+	    break;
+
+	case '@':
+	    if (*host)
+		*res++ = *host++;
+	    break;
+
+	default:
+	    *res++ = *pat;
+	    break;
+	}
+	if (res == &editedhost[sizeof editedhost - 1]) {
+	    *res = '\0';
+	    return;
+	}
+	pat++;
+    }
+    if (*host)
+	strcpy_truncate (res, host,
+			 sizeof editedhost - (res - editedhost));
+    else
+	*res = '\0';
+    editedhost[sizeof editedhost - 1] = '\0';
+}
+
+static char *putlocation;
+
+void
+putstr(char *s)
+{
+
+    while (*s)
+	putchr(*s++);
+}
+
+void
+putchr(int cc)
+{
+    *putlocation++ = cc;
+}
+
+/*
+ * This is split on two lines so that SCCS will not see the M
+ * between two % signs and expand it...
+ */
+static char fmtstr[] = { "%l:%M" "%P on %A, %d %B %Y" };
+
+void putf(char *cp, char *where)
+{
+#ifdef HAVE_UNAME
+    struct utsname name;
+#endif
+    char *slash;
+    time_t t;
+    char db[100];
+
+    /* if we don't have uname, set these to sensible values */
+    char *sysname = "Unix", 
+	*machine = "", 
+	*release = "",
+	*version = ""; 
+
+#ifdef HAVE_UNAME
+    uname(&name);
+    sysname=name.sysname;
+    machine=name.machine;
+    release=name.release;
+    version=name.version;
+#endif
+
+    putlocation = where;
+
+    while (*cp) {
+	if (*cp != '%') {
+	    putchr(*cp++);
+	    continue;
+	}
+	switch (*++cp) {
+
+	case 't':
+#ifdef	STREAMSPTY
+	    /* names are like /dev/pts/2 -- we want pts/2 */
+	    slash = strchr(line+1, '/');
+#else
+	    slash = strrchr(line, '/');
+#endif
+	    if (slash == (char *) 0)
+		putstr(line);
+	    else
+		putstr(&slash[1]);
+	    break;
+
+	case 'h':
+	    putstr(editedhost);
+	    break;
+
+	case 's':
+	    putstr(sysname);
+	    break;
+
+	case 'm':
+	    putstr(machine);
+	    break;
+
+	case 'r':
+	    putstr(release);
+	    break;
+
+	case 'v':
+	    putstr(version);
+	    break;
+
+	case 'd':
+	    time(&t);
+	    strftime(db, sizeof(db), fmtstr, localtime(&t));
+	    putstr(db);
+	    break;
+
+	case '%':
+	    putchr('%');
+	    break;
+	}
+	cp++;
+    }
+}
+
+#ifdef DIAGNOSTICS
+/*
+ * Print telnet options and commands in plain text, if possible.
+ */
+void
+printoption(char *fmt, int option)
+{
+    if (TELOPT_OK(option))
+	output_data("%s %s\r\n",
+		    fmt,
+		    TELOPT(option));
+    else if (TELCMD_OK(option))
+	output_data("%s %s\r\n",
+		    fmt,
+		    TELCMD(option));
+    else
+	output_data("%s %d\r\n",
+		    fmt,
+		    option);
+    return;
+}
+
+void
+printsub(int direction, unsigned char *pointer, int length)
+        		          	/* '<' or '>' */
+                 	         	/* where suboption data sits */
+       			       		/* length of suboption data */
+{
+    int i = 0;
+    unsigned char buf[512];
+
+    if (!(diagnostic & TD_OPTIONS))
+	return;
+
+    if (direction) {
+	output_data("td: %s suboption ",
+		    direction == '<' ? "recv" : "send");
+	if (length >= 3) {
+	    int j;
+
+	    i = pointer[length-2];
+	    j = pointer[length-1];
+
+	    if (i != IAC || j != SE) {
+		output_data("(terminated by ");
+		if (TELOPT_OK(i))
+		    output_data("%s ",
+				TELOPT(i));
+		else if (TELCMD_OK(i))
+		    output_data("%s ",
+				TELCMD(i));
+		else
+		    output_data("%d ",
+				i);
+		if (TELOPT_OK(j))
+		    output_data("%s",
+				TELOPT(j));
+		else if (TELCMD_OK(j))
+		    output_data("%s",
+				TELCMD(j));
+		else
+		    output_data("%d",
+				j);
+		output_data(", not IAC SE!) ");
+	    }
+	}
+	length -= 2;
+    }
+    if (length < 1) {
+	output_data("(Empty suboption??\?)");
+	return;
+    }
+    switch (pointer[0]) {
+    case TELOPT_TTYPE:
+	output_data("TERMINAL-TYPE ");
+	switch (pointer[1]) {
+	case TELQUAL_IS:
+	    output_data("IS \"%.*s\"",
+			length-2,
+			(char *)pointer+2);
+	    break;
+	case TELQUAL_SEND:
+	    output_data("SEND");
+	    break;
+	default:
+	    output_data("- unknown qualifier %d (0x%x).",
+			pointer[1], pointer[1]);
+	}
+	break;
+    case TELOPT_TSPEED:
+	output_data("TERMINAL-SPEED");
+	if (length < 2) {
+	    output_data(" (empty suboption??\?)");
+	    break;
+	}
+	switch (pointer[1]) {
+	case TELQUAL_IS:
+	    output_data(" IS %.*s", length-2, (char *)pointer+2);
+	    break;
+	default:
+	    if (pointer[1] == 1)
+		output_data(" SEND");
+	    else
+		output_data(" %d (unknown)", pointer[1]);
+	    for (i = 2; i < length; i++) {
+		output_data(" ?%d?", pointer[i]);
+	    }
+	    break;
+	}
+	break;
+
+    case TELOPT_LFLOW:
+	output_data("TOGGLE-FLOW-CONTROL");
+	if (length < 2) {
+	    output_data(" (empty suboption??\?)");
+	    break;
+	}
+	switch (pointer[1]) {
+	case LFLOW_OFF:
+	    output_data(" OFF");
+	    break;
+	case LFLOW_ON:
+	    output_data(" ON");
+	    break;
+	case LFLOW_RESTART_ANY:
+	    output_data(" RESTART-ANY");
+	    break;
+	case LFLOW_RESTART_XON:
+	    output_data(" RESTART-XON");
+	    break;
+	default:
+	    output_data(" %d (unknown)",
+			pointer[1]);
+	}
+	for (i = 2; i < length; i++) {
+	    output_data(" ?%d?",
+			pointer[i]);
+	}
+	break;
+
+    case TELOPT_NAWS:
+	output_data("NAWS");
+	if (length < 2) {
+	    output_data(" (empty suboption??\?)");
+	    break;
+	}
+	if (length == 2) {
+	    output_data(" ?%d?",
+			pointer[1]);
+	    break;
+	}
+	output_data(" %u %u(%u)",
+		    pointer[1],
+		    pointer[2],
+		    (((unsigned int)pointer[1])<<8) + pointer[2]);
+	if (length == 4) {
+	    output_data(" ?%d?",
+			pointer[3]);
+	    break;
+	}
+	output_data(" %u %u(%u)",
+		    pointer[3],
+		    pointer[4],
+		    (((unsigned int)pointer[3])<<8) + pointer[4]);
+	for (i = 5; i < length; i++) {
+	    output_data(" ?%d?",
+			pointer[i]);
+	}
+	break;
+
+    case TELOPT_LINEMODE:
+	output_data("LINEMODE ");
+	if (length < 2) {
+	    output_data(" (empty suboption??\?)");
+	    break;
+	}
+	switch (pointer[1]) {
+	case WILL:
+	    output_data("WILL ");
+	    goto common;
+	case WONT:
+	    output_data("WONT ");
+	    goto common;
+	case DO:
+	    output_data("DO ");
+	    goto common;
+	case DONT:
+	    output_data("DONT ");
+	common:
+	    if (length < 3) {
+		output_data("(no option??\?)");
+		break;
+	    }
+	    switch (pointer[2]) {
+	    case LM_FORWARDMASK:
+		output_data("Forward Mask");
+		for (i = 3; i < length; i++) {
+		    output_data(" %x", pointer[i]);
+		}
+		break;
+	    default:
+		output_data("%d (unknown)",
+			    pointer[2]);
+		for (i = 3; i < length; i++) {
+		    output_data(" %d",
+				pointer[i]);
+		}
+		break;
+	    }
+	    break;
+
+	case LM_SLC:
+	    output_data("SLC");
+	    for (i = 2; i < length - 2; i += 3) {
+		if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
+		    output_data(" %s",
+				SLC_NAME(pointer[i+SLC_FUNC]));
+		else
+		    output_data(" %d",
+				pointer[i+SLC_FUNC]);
+		switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
+		case SLC_NOSUPPORT:
+		    output_data(" NOSUPPORT");
+		    break;
+		case SLC_CANTCHANGE:
+		    output_data(" CANTCHANGE");
+		    break;
+		case SLC_VARIABLE:
+		    output_data(" VARIABLE");
+		    break;
+		case SLC_DEFAULT:
+		    output_data(" DEFAULT");
+		    break;
+		}
+		output_data("%s%s%s",
+			    pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
+			    pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
+			    pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
+		if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
+					    SLC_FLUSHOUT| SLC_LEVELBITS)) {
+		    output_data("(0x%x)",
+				pointer[i+SLC_FLAGS]);
+		}
+		output_data(" %d;",
+			    pointer[i+SLC_VALUE]);
+		if ((pointer[i+SLC_VALUE] == IAC) &&
+		    (pointer[i+SLC_VALUE+1] == IAC))
+		    i++;
+	    }
+	    for (; i < length; i++) {
+		output_data(" ?%d?",
+			    pointer[i]);
+	    }
+	    break;
+
+	case LM_MODE:
+	    output_data("MODE ");
+	    if (length < 3) {
+		output_data("(no mode??\?)");
+		break;
+	    }
+	    {
+		char tbuf[32];
+		snprintf(tbuf,
+			 sizeof(tbuf),
+			 "%s%s%s%s%s",
+			 pointer[2]&MODE_EDIT ? "|EDIT" : "",
+			 pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
+			 pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
+			 pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
+			 pointer[2]&MODE_ACK ? "|ACK" : "");
+		output_data("%s",
+			    tbuf[1] ? &tbuf[1] : "0");
+	    }
+	    if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) {
+		output_data(" (0x%x)",
+			    pointer[2]);
+	    }
+	    for (i = 3; i < length; i++) {
+		output_data(" ?0x%x?",
+			 pointer[i]);
+	    }
+	    break;
+	default:
+	    output_data("%d (unknown)",
+			pointer[1]);
+	    for (i = 2; i < length; i++) {
+		output_data(" %d", pointer[i]);
+	    }
+	}
+	break;
+
+    case TELOPT_STATUS: {
+	char *cp;
+	int j, k;
+
+	output_data("STATUS");
+
+	switch (pointer[1]) {
+	default:
+	    if (pointer[1] == TELQUAL_SEND)
+		output_data(" SEND");
+	    else
+		output_data(" %d (unknown)",
+			    pointer[1]);
+	    for (i = 2; i < length; i++) {
+		output_data(" ?%d?",
+			    pointer[i]);
+	    }
+	    break;
+	case TELQUAL_IS:
+	    output_data(" IS\r\n");
+
+	    for (i = 2; i < length; i++) {
+		switch(pointer[i]) {
+		case DO:	cp = "DO"; goto common2;
+		case DONT:	cp = "DONT"; goto common2;
+		case WILL:	cp = "WILL"; goto common2;
+		case WONT:	cp = "WONT"; goto common2;
+		common2:
+		i++;
+		if (TELOPT_OK(pointer[i]))
+		    output_data(" %s %s",
+				cp,
+				TELOPT(pointer[i]));
+		else
+		    output_data(" %s %d",
+				cp,
+				pointer[i]);
+
+		output_data("\r\n");
+		break;
+
+		case SB:
+		    output_data(" SB ");
+		    i++;
+		    j = k = i;
+		    while (j < length) {
+			if (pointer[j] == SE) {
+			    if (j+1 == length)
+				break;
+			    if (pointer[j+1] == SE)
+				j++;
+			    else
+				break;
+			}
+			pointer[k++] = pointer[j++];
+		    }
+		    printsub(0, &pointer[i], k - i);
+		    if (i < length) {
+			output_data(" SE");
+			i = j;
+		    } else
+			i = j - 1;
+
+		    output_data("\r\n");
+
+		    break;
+
+		default:
+		    output_data(" %d",
+				pointer[i]);
+		    break;
+		}
+	    }
+	    break;
+	}
+	break;
+    }
+
+    case TELOPT_XDISPLOC:
+	output_data("X-DISPLAY-LOCATION ");
+	switch (pointer[1]) {
+	case TELQUAL_IS:
+	    output_data("IS \"%.*s\"",
+			length-2,
+			(char *)pointer+2);
+	    break;
+	case TELQUAL_SEND:
+	    output_data("SEND");
+	    break;
+	default:
+	    output_data("- unknown qualifier %d (0x%x).",
+			pointer[1], pointer[1]);
+	}
+	break;
+
+    case TELOPT_NEW_ENVIRON:
+	output_data("NEW-ENVIRON ");
+	goto env_common1;
+    case TELOPT_OLD_ENVIRON:
+	output_data("OLD-ENVIRON");
+    env_common1:
+	switch (pointer[1]) {
+	case TELQUAL_IS:
+	    output_data("IS ");
+	    goto env_common;
+	case TELQUAL_SEND:
+	    output_data("SEND ");
+	    goto env_common;
+	case TELQUAL_INFO:
+	    output_data("INFO ");
+	env_common:
+	    {
+		int noquote = 2;
+		for (i = 2; i < length; i++ ) {
+		    switch (pointer[i]) {
+		    case NEW_ENV_VAR:
+			output_data("\" VAR " + noquote);
+			noquote = 2;
+			break;
+
+		    case NEW_ENV_VALUE:
+			output_data("\" VALUE " + noquote);
+			noquote = 2;
+			break;
+
+		    case ENV_ESC:
+			output_data("\" ESC " + noquote);
+			noquote = 2;
+			break;
+
+		    case ENV_USERVAR:
+			output_data("\" USERVAR " + noquote);
+			noquote = 2;
+			break;
+
+		    default:
+			if (isprint(pointer[i]) && pointer[i] != '"') {
+			    if (noquote) {
+				output_data ("\"");
+				noquote = 0;
+			    }
+			    output_data ("%c", pointer[i]);
+			} else {
+			    output_data("\" %03o " + noquote,
+					pointer[i]);
+			    noquote = 2;
+			}
+			break;
+		    }
+		}
+		if (!noquote)
+		    output_data ("\"");
+		break;
+	    }
+	}
+	break;
+
+#ifdef AUTHENTICATION
+    case TELOPT_AUTHENTICATION:
+	output_data("AUTHENTICATION");
+
+	if (length < 2) {
+	    output_data(" (empty suboption??\?)");
+	    break;
+	}
+	switch (pointer[1]) {
+	case TELQUAL_REPLY:
+	case TELQUAL_IS:
+	    output_data(" %s ",
+			(pointer[1] == TELQUAL_IS) ?
+			"IS" : "REPLY");
+	    if (AUTHTYPE_NAME_OK(pointer[2]))
+		output_data("%s ",
+			    AUTHTYPE_NAME(pointer[2]));
+	    else
+		output_data("%d ",
+			    pointer[2]);
+	    if (length < 3) {
+		output_data("(partial suboption??\?)");
+		break;
+	    }
+	    output_data("%s|%s",
+			((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+			"CLIENT" : "SERVER",
+			((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+			"MUTUAL" : "ONE-WAY");
+
+	    auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+	    output_data("%s",
+			buf);
+	    break;
+
+	case TELQUAL_SEND:
+	    i = 2;
+	    output_data(" SEND ");
+	    while (i < length) {
+		if (AUTHTYPE_NAME_OK(pointer[i]))
+		    output_data("%s ",
+				AUTHTYPE_NAME(pointer[i]));
+		else
+		    output_data("%d ",
+				pointer[i]);
+		if (++i >= length) {
+		    output_data("(partial suboption??\?)");
+		    break;
+		}
+		output_data("%s|%s ",
+			    ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+			    "CLIENT" : "SERVER",
+			    ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+			    "MUTUAL" : "ONE-WAY");
+		++i;
+	    }
+	    break;
+
+	case TELQUAL_NAME:
+	    i = 2;
+	    output_data(" NAME \"%.*s\"",
+			length - 2,
+			pointer);
+	    break;
+
+	default:
+	    for (i = 2; i < length; i++) {
+		output_data(" ?%d?",
+			    pointer[i]);
+	    }
+	    break;
+	}
+	break;
+#endif
+
+#ifdef ENCRYPTION
+    case TELOPT_ENCRYPT:
+	output_data("ENCRYPT");
+	if (length < 2) {
+	    output_data(" (empty suboption?)");
+	    break;
+	}
+	switch (pointer[1]) {
+	case ENCRYPT_START:
+	    output_data(" START");
+	    break;
+
+	case ENCRYPT_END:
+	    output_data(" END");
+	    break;
+
+	case ENCRYPT_REQSTART:
+	    output_data(" REQUEST-START");
+	    break;
+
+	case ENCRYPT_REQEND:
+	    output_data(" REQUEST-END");
+	    break;
+
+	case ENCRYPT_IS:
+	case ENCRYPT_REPLY:
+	    output_data(" %s ",
+			(pointer[1] == ENCRYPT_IS) ?
+			"IS" : "REPLY");
+	    if (length < 3) {
+		output_data(" (partial suboption?)");
+		break;
+	    }
+	    if (ENCTYPE_NAME_OK(pointer[2]))
+		output_data("%s ",
+			    ENCTYPE_NAME(pointer[2]));
+	    else
+		output_data(" %d (unknown)",
+			    pointer[2]);
+
+	    encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+	    output_data("%s",
+			buf);
+	    break;
+
+	case ENCRYPT_SUPPORT:
+	    i = 2;
+	    output_data(" SUPPORT ");
+	    while (i < length) {
+		if (ENCTYPE_NAME_OK(pointer[i]))
+		    output_data("%s ",
+				ENCTYPE_NAME(pointer[i]));
+		else
+		    output_data("%d ",
+				pointer[i]);
+		i++;
+	    }
+	    break;
+
+	case ENCRYPT_ENC_KEYID:
+	    output_data(" ENC_KEYID %d", pointer[1]);
+	    goto encommon;
+
+	case ENCRYPT_DEC_KEYID:
+	    output_data(" DEC_KEYID %d", pointer[1]);
+	    goto encommon;
+
+	default:
+	    output_data(" %d (unknown)", pointer[1]);
+	encommon:
+	    for (i = 2; i < length; i++) {
+		output_data(" %d", pointer[i]);
+	    }
+	    break;
+	}
+	break;
+#endif
+
+    default:
+	if (TELOPT_OK(pointer[0]))
+	    output_data("%s (unknown)",
+			TELOPT(pointer[0]));
+	else
+	    output_data("%d (unknown)",
+			pointer[i]);
+	for (i = 1; i < length; i++) {
+	    output_data(" %d", pointer[i]);
+	}
+	break;
+    }
+    output_data("\r\n");
+}
+
+/*
+ * Dump a data buffer in hex and ascii to the output data stream.
+ */
+void
+printdata(char *tag, char *ptr, int cnt)
+{
+    int i;
+    char xbuf[30];
+
+    while (cnt) {
+	/* flush net output buffer if no room for new data) */
+	if ((&netobuf[BUFSIZ] - nfrontp) < 80) {
+	    netflush();
+	}
+
+	/* add a line of output */
+	output_data("%s: ", tag);
+	for (i = 0; i < 20 && cnt; i++) {
+	    output_data("%02x", *ptr);
+	    if (isprint(*ptr)) {
+		xbuf[i] = *ptr;
+	    } else {
+		xbuf[i] = '.';
+	    }
+	    if (i % 2) {
+		output_data(" ");
+	    }
+	    cnt--;
+	    ptr++;
+	}
+	xbuf[i] = '\0';
+	output_data(" %s\r\n", xbuf);
+    }
+}
+#endif /* DIAGNOSTICS */
diff --git a/crypto/kerberosIV/cf/ChangeLog b/crypto/kerberosIV/cf/ChangeLog
new file mode 100644
index 0000000..13d9bfd9
--- /dev/null
+++ b/crypto/kerberosIV/cf/ChangeLog
@@ -0,0 +1,216 @@
+1999-11-05  Assar Westerlund  <assar@sics.se>
+
+	* check-x.m4: include X_PRE_LIBS and X_EXTRA_LIBS when testing
+
+1999-11-01  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am.common (install-build-headers): use `cp' instead of
+ 	INSTALL_DATA for copying header files inside the build tree.  The
+ 	user might have redefined INSTALL_DATA to specify owners and other
+ 	information.
+
+1999-10-30  Assar Westerlund  <assar@sics.se>
+
+	* find-func-no-libs2.m4: add yet another argument to allow specify
+ 	linker flags that will be added _before_ the library when trying
+ 	to link
+
+	* find-func-no-libs.m4: add yet another argument to allow specify
+ 	linker flags that will be added _before_ the library when trying
+ 	to link
+
+1999-10-12  Assar Westerlund  <assar@sics.se>
+
+	* find-func-no-libs2.m4 (AC_FIND_FUNC_NO_LIBS2): new argument
+ 	`extra libs'
+
+	* find-func-no-libs.m4 (AC_FIND_FUNC_NO_LIBS): new argument `extra
+ 	libs'
+
+1999-09-01  Johan Danielsson  <joda@pdc.kth.se>
+
+	* capabilities.m4: sgi capabilities
+
+1999-07-29  Assar Westerlund  <assar@sics.se>
+
+	* have-struct-field.m4: quote macros when undefining
+
+1999-07-28  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am.common (install-build-headers): add dependencies
+
+1999-07-24  Assar Westerlund  <assar@sics.se>
+	
+	* have-type.m4: try to get autoheader to co-operate
+
+	* have-type.m4: stolen from Arla
+
+	* krb-struct-sockaddr-sa-len.m4: not used any longer.  removed.
+
+1999-06-13  Assar Westerlund  <assar@sics.se>
+
+	* krb-struct-spwd.m4: consequent name of cache variables
+
+	* krb-func-getlogin.m4: new file for testing for posix (broken)
+ 	getlogin
+
+	* shared-libs.m4 (freebsd[34]): don't use ld -Bshareable
+
+1999-06-02  Johan Danielsson  <joda@pdc.kth.se>
+
+	* check-x.m4: extended test for X
+	
+1999-05-14  Assar Westerlund  <assar@sics.se>
+
+	* check-netinet-ip-and-tcp.m4: proper autoheader tricks
+
+	* check-netinet-ip-and-tcp.m4: new file for checking for
+ 	netinet/{ip,tcp}.h.  These are special as they on Irix 6.5.3
+	require <standards.h> to be included in advance.
+ 
+	* check-xau.m4: we also need to check for XauFilename since it's
+ 	used by appl/kx.  And on Irix 6.5 that function requires linking
+ 	with -lX11.
+
+1999-05-08  Assar Westerlund  <assar@sics.se>
+
+	* krb-find-db.m4: try with more header files than ndbm.h
+
+1999-04-19  Assar Westerlund  <assar@sics.se>
+
+	* test-package.m4: try to handle the case of --without-package
+ 	correctly
+
+1999-04-17  Assar Westerlund  <assar@sics.se>
+
+	* make-aclocal: removed.  Not used anymore, being replaced by
+	aclocal from automake.
+
+Thu Apr 15 14:17:26 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* make-proto.pl: handle __attribute__
+
+Fri Apr  9 20:37:18 1999  Assar Westerlund  <assar@sics.se>
+
+	* shared-libs.m4: quote $@
+	(freebsd3): add install_symlink_command2
+
+Wed Apr  7 20:40:22 1999  Assar Westerlund  <assar@sics.se>
+
+	* shared-libs.m4 (hpux): no library dependencies
+
+Mon Apr  5 16:13:08 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* test-package.m4: compile and link, rather than looking for
+ 	files; also export more information, so it's possible to add rpath
+ 	information
+
+Tue Mar 30 13:49:54 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am.common: CFLAGS -> AM_CFLAGS
+
+Mon Mar 29 16:51:12 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* check-xau.m4: check for XauWriteAuth before checking for
+ 	XauReadAuth to catch -lX11:s not containing XauWriteAuth, and IRIX
+ 	6.5 that doesn't work with -lXau
+
+Sat Mar 27 18:03:58 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* osfc2.m4: --enable-osfc2
+
+Fri Mar 19 15:34:52 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* shared-libs.m4: move shared lib stuff here
+
+Wed Mar 24 23:24:51 1999  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am.common (install-build-headers): simplify loop
+
+Tue Mar 23 17:31:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* check-getpwnam_r-posix.m4: check for getpwnam_r, and if it's
+ 	posix or not
+
+Tue Mar 23 00:00:13 1999  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am.common (install_build_headers): try to make it work
+ 	better when list of headers is empty.  handle make rewriting the
+ 	filenames.
+
+	* Makefile.am.common: hesoid -> hesiod
+
+Sun Mar 21 14:48:03 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* grok-type.m4: <bind/bitypes.h>
+
+	* Makefile.am.common: fix for automake bug/feature; add more LIB_*
+
+	* test-package.m4: fix typo
+
+	* check-man.m4: fix some typos
+
+	* auth-modules.m4: tests for authentication modules
+
+Thu Mar 18 11:02:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am.common: make install-build-headers a multi
+ 	dependency target
+
+	* Makefile.am.common: remove include_dir hack
+
+	* Makefile.am.common: define LIB_kafs and LIB_gssapi
+
+	* krb-find-db.m4: subst DBLIB also
+
+	* check-xau.m4: test for Xau{Read,Write}Auth
+
+Wed Mar 10 19:29:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* wflags.m4: AC_WFLAGS
+
+Mon Mar  1 11:23:41 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* have-struct-field.m4: remove extra AC_MSG_RESULT
+
+	* proto-compat.m4: typo
+
+	* krb-func-getcwd-broken.m4: update to autoconf 2.13
+
+	* krb-find-db.m4: update to autoconf 2.13
+
+	* check-declaration.m4: typo
+
+	* have-pragma-weak.m4: update to autoconf 2.13
+
+	* have-struct-field.m4: better handling of types with spaces
+
+Mon Feb 22 20:05:06 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* broken-glob.m4: check for broken glob
+
+Sun Jan 31 06:50:33 1999  Assar Westerlund  <assar@sics.se>
+
+	* krb-ipv6.m4: more magic for different v6 implementations.  From
+ 	Jun-ichiro itojun Hagino <itojun@kame.net>
+
+Sun Nov 22 12:16:06 1998  Assar Westerlund  <assar@sics.se>
+
+	* krb-struct-spwd.m4: new file
+
+Thu Jun  4 04:07:41 1998  Assar Westerlund  <assar@sics.se>
+
+	* find-func-no-libs2.m4: new file
+
+Fri May  1 23:31:28 1998  Assar Westerlund  <assar@sics.se>
+
+	* c-attribute.m4, c-function.m4: new files (from arla)
+
+Wed Mar 18 23:11:29 1998  Assar Westerlund  <assar@sics.se>
+
+	* krb-ipv6.m4: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6
+
+Thu Feb 26 02:37:49 1998  Assar Westerlund  <assar@sics.se>
+
+	* make-proto.pl: should work with perl4
+
diff --git a/crypto/kerberosIV/cf/Makefile.am.common b/crypto/kerberosIV/cf/Makefile.am.common
new file mode 100644
index 0000000..e7d747b
--- /dev/null
+++ b/crypto/kerberosIV/cf/Makefile.am.common
@@ -0,0 +1,255 @@
+# $Id: Makefile.am.common,v 1.13 1999/11/01 03:19:58 assar Exp $
+
+AUTOMAKE_OPTIONS = foreign no-dependencies
+
+SUFFIXES = .et .h
+
+INCLUDES = -I$(top_builddir)/include
+
+AM_CFLAGS += $(WFLAGS)
+
+COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
+
+## set build_HEADERZ to headers that should just be installed in build tree
+
+buildinclude = $(top_builddir)/include
+
+## these aren't detected by automake
+LIB_XauReadAuth		= @LIB_XauReadAuth@
+LIB_crypt		= @LIB_crypt@
+LIB_dbm_firstkey	= @LIB_dbm_firstkey@
+LIB_dbopen		= @LIB_dbopen@
+LIB_dlopen		= @LIB_dlopen@
+LIB_dn_expand		= @LIB_dn_expand@
+LIB_el_init		= @LIB_el_init@
+LIB_getattr		= @LIB_getattr@
+LIB_gethostbyname	= @LIB_gethostbyname@
+LIB_getpwent_r		= @LIB_getpwent_r@
+LIB_getpwnam_r		= @LIB_getpwnam_r@
+LIB_getsockopt		= @LIB_getsockopt@
+LIB_logout		= @LIB_logout@
+LIB_logwtmp		= @LIB_logwtmp@
+LIB_odm_initialize	= @LIB_odm_initialize@
+LIB_readline		= @LIB_readline@
+LIB_res_search		= @LIB_res_search@
+LIB_setpcred		= @LIB_setpcred@
+LIB_setsockopt		= @LIB_setsockopt@
+LIB_socket		= @LIB_socket@
+LIB_syslog		= @LIB_syslog@
+LIB_tgetent		= @LIB_tgetent@
+
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+LIB_hesiod = @LIB_hesiod@
+
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
+
+INCLUDE_readline = @INCLUDE_readline@
+LIB_readline = @LIB_readline@
+
+LEXLIB = @LEXLIB@
+
+install-suid-programs:
+	@foo='$(bin_SUIDS)'; \
+	for file in $$foo; do \
+	x=$(DESTDIR)$(bindir)/$$file; \
+	if chown 0:0 $$x && chmod u+s $$x; then :; else \
+	chmod 0 $$x; fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
+	@foo='$(include_HEADERS) $(build_HEADERZ)'; \
+	for f in $$foo; do \
+		f=`basename $$f`; \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " cp $$file $(buildinclude)/$$f"; \
+			cp $$file $(buildinclude)/$$f; \
+		fi ; \
+	done
+
+all-local: install-build-headers
+
+cat1dir = $(mandir)/cat1
+cat3dir = $(mandir)/cat3
+cat5dir = $(mandir)/cat5
+cat8dir = $(mandir)/cat8
+
+MANRX = \(.*\)\.\([0-9]\)
+CATSUFFIX = @CATSUFFIX@
+
+SUFFIXES += .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+
+NROFF_MAN = groff -mandoc -Tascii
+#NROFF_MAN = nroff -man
+.1.cat1:
+	$(NROFF_MAN) $< > $@
+.3.cat3:
+	$(NROFF_MAN) $< > $@
+.5.cat5:
+	$(NROFF_MAN) $< > $@
+.8.cat8:
+	$(NROFF_MAN) $< > $@
+
+## MAINTAINERCLEANFILES += 
+
+dist-cat1-mans:
+	@foo='$(man1_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.1) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat3-mans:
+	@foo='$(man3_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.3) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat5-mans:
+	@foo='$(man5_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.5) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat8-mans:
+	@foo='$(man8_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.8) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat1-mans:
+	@ext=1;\
+	foo='$(man1_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.1) foo="$$foo $$i";; \
+	esac; done; \
+	if test "$$foo"; then \
+		$(mkinstalldirs) $(DESTDIR)$(cat1dir); \
+		for x in $$foo; do \
+			f=`echo $$x | sed 's/\.[^.]*$$/.cat1/'`; \
+			if test -f "$(srcdir)/$$f"; then \
+				b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
+				echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX)";\
+				$(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX);\
+			 fi; \
+		done ;\
+	fi
+
+install-cat3-mans:
+	@ext=3;\
+	foo='$(man3_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.3) foo="$$foo $$i";; \
+	esac; done; \
+	if test "$$foo"; then \
+		$(mkinstalldirs) $(DESTDIR)$(cat3dir); \
+		for x in $$foo; do \
+			f=`echo $$x | sed 's/\.[^.]*$$/.cat3/'`; \
+			if test -f "$(srcdir)/$$f"; then \
+				b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
+				echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX)";\
+				$(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX);\
+			 fi; \
+		done ;\
+	fi
+	
+install-cat5-mans:
+	@ext=5;\
+	foo='$(man5_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.5) foo="$$foo $$i";; \
+	esac; done; \
+	if test "$$foo"; then \
+		$(mkinstalldirs) $(DESTDIR)$(cat5dir); \
+		for x in $$foo; do \
+			f=`echo $$x | sed 's/\.[^.]*$$/.cat5/'`; \
+			if test -f "$(srcdir)/$$f"; then \
+				b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
+				echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX)";\
+				$(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX);\
+			 fi; \
+		done ;\
+	fi
+	
+install-cat8-mans:
+	@ext=8;\
+	foo='$(man8_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.8) foo="$$foo $$i";; \
+	esac; done; \
+	if test "$$foo"; then \
+		$(mkinstalldirs) $(DESTDIR)$(cat8dir); \
+		for x in $$foo; do \
+			f=`echo $$x | sed 's/\.[^.]*$$/.cat8/'`; \
+			if test -f "$(srcdir)/$$f"; then \
+				b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
+				echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX)";\
+				$(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX);\
+			 fi; \
+		done ;\
+	fi
+	
+
+install-cat-mans: install-cat1-mans install-cat3-mans install-cat5-mans install-cat8-mans
+
+install-data-local: install-cat-mans
+
+
+.et.h:
+	$(COMPILE_ET) $<
+.et.c:
+	$(COMPILE_ET) $<
+
+if KRB4
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+endif
+
+if KRB5
+LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+	$(top_builddir)/lib/asn1/libasn1.la
+LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+endif
+
diff --git a/crypto/kerberosIV/cf/auth-modules.m4 b/crypto/kerberosIV/cf/auth-modules.m4
new file mode 100644
index 0000000..2f11c73
--- /dev/null
+++ b/crypto/kerberosIV/cf/auth-modules.m4
@@ -0,0 +1,27 @@
+dnl $Id: auth-modules.m4,v 1.1 1999/03/21 13:48:00 joda Exp $
+dnl
+dnl Figure what authentication modules should be built
+
+AC_DEFUN(AC_AUTH_MODULES,[
+AC_MSG_CHECKING(which authentication modules should be built)
+
+LIB_AUTH_SUBDIRS=
+
+if test "$ac_cv_header_siad_h" = yes; then
+	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
+fi
+
+if test "$ac_cv_header_security_pam_modules_h" = yes -a "$enable_shared" = yes; then
+	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
+fi
+
+case "${host}" in
+changequote(,)dnl
+*-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
+changequote([,])dnl
+esac
+
+AC_MSG_RESULT($LIB_AUTH_SUBDIRS)
+
+AC_SUBST(LIB_AUTH_SUBDIRS)dnl
+])
diff --git a/crypto/kerberosIV/cf/broken-glob.m4 b/crypto/kerberosIV/cf/broken-glob.m4
new file mode 100644
index 0000000..8d52792
--- /dev/null
+++ b/crypto/kerberosIV/cf/broken-glob.m4
@@ -0,0 +1,22 @@
+dnl $Id: broken-glob.m4,v 1.2 1999/03/01 09:52:15 joda Exp $
+dnl
+dnl check for glob(3)
+dnl
+AC_DEFUN(AC_BROKEN_GLOB,[
+AC_CACHE_CHECK(for working glob, ac_cv_func_glob_working,
+ac_cv_func_glob_working=yes
+AC_TRY_LINK([
+#include <stdio.h>
+#include <glob.h>],[
+glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE, NULL, NULL);
+],:,ac_cv_func_glob_working=no,:))
+
+if test "$ac_cv_func_glob_working" = yes; then
+	AC_DEFINE(HAVE_GLOB, 1, [define if you have a glob() that groks 
+	GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, and GLOB_TILDE])
+fi
+if test "$ac_cv_func_glob_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>
+#include <glob.h>],glob)
+fi
+])
diff --git a/crypto/kerberosIV/cf/broken-snprintf.m4 b/crypto/kerberosIV/cf/broken-snprintf.m4
new file mode 100644
index 0000000..efd69f0
--- /dev/null
+++ b/crypto/kerberosIV/cf/broken-snprintf.m4
@@ -0,0 +1,58 @@
+dnl $Id: broken-snprintf.m4,v 1.3 1999/03/01 09:52:22 joda Exp $
+dnl
+AC_DEFUN(AC_BROKEN_SNPRINTF, [
+AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working,
+ac_cv_func_snprintf_working=yes
+AC_TRY_RUN([
+#include <stdio.h>
+#include <string.h>
+int main()
+{
+changequote(`,')dnl
+	char foo[3];
+changequote([,])dnl
+	snprintf(foo, 2, "12");
+	return strcmp(foo, "1");
+}],:,ac_cv_func_snprintf_working=no,:))
+
+if test "$ac_cv_func_snprintf_working" = yes; then
+	AC_DEFINE_UNQUOTED(HAVE_SNPRINTF, 1, [define if you have a working snprintf])
+fi
+if test "$ac_cv_func_snprintf_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>],snprintf)
+fi
+])
+
+AC_DEFUN(AC_BROKEN_VSNPRINTF,[
+AC_CACHE_CHECK(for working vsnprintf,ac_cv_func_vsnprintf_working,
+ac_cv_func_vsnprintf_working=yes
+AC_TRY_RUN([
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+
+int foo(int num, ...)
+{
+changequote(`,')dnl
+	char bar[3];
+changequote([,])dnl
+	va_list arg;
+	va_start(arg, num);
+	vsnprintf(bar, 2, "%s", arg);
+	va_end(arg);
+	return strcmp(bar, "1");
+}
+
+
+int main()
+{
+	return foo(0, "12");
+}],:,ac_cv_func_vsnprintf_working=no,:))
+
+if test "$ac_cv_func_vsnprintf_working" = yes; then
+	AC_DEFINE_UNQUOTED(HAVE_VSNPRINTF, 1, [define if you have a working vsnprintf])
+fi
+if test "$ac_cv_func_vsnprintf_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>],vsnprintf)
+fi
+])
diff --git a/crypto/kerberosIV/cf/broken.m4 b/crypto/kerberosIV/cf/broken.m4
new file mode 100644
index 0000000..4044064
--- /dev/null
+++ b/crypto/kerberosIV/cf/broken.m4
@@ -0,0 +1,19 @@
+dnl $Id: broken.m4,v 1.3 1998/03/16 22:16:19 joda Exp $
+dnl
+dnl
+dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal
+dnl libraries 
+
+AC_DEFUN(AC_BROKEN,
+[for ac_func in $1
+do
+AC_CHECK_FUNC($ac_func, [
+ac_tr_func=HAVE_[]upcase($ac_func)
+AC_DEFINE_UNQUOTED($ac_tr_func)],[LIBOBJS[]="$LIBOBJS ${ac_func}.o"])
+dnl autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs $1"@@@
+END
+done
+AC_SUBST(LIBOBJS)dnl
+])
diff --git a/crypto/kerberosIV/cf/c-attribute.m4 b/crypto/kerberosIV/cf/c-attribute.m4
new file mode 100644
index 0000000..87cea03
--- /dev/null
+++ b/crypto/kerberosIV/cf/c-attribute.m4
@@ -0,0 +1,31 @@
+dnl
+dnl $Id: c-attribute.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+
+dnl
+dnl Test for __attribute__
+dnl
+
+AC_DEFUN(AC_C___ATTRIBUTE__, [
+AC_MSG_CHECKING(for __attribute__)
+AC_CACHE_VAL(ac_cv___attribute__, [
+AC_TRY_COMPILE([
+#include <stdlib.h>
+],
+[
+static void foo(void) __attribute__ ((noreturn));
+
+static void
+foo(void)
+{
+  exit(1);
+}
+],
+ac_cv___attribute__=yes,
+ac_cv___attribute__=no)])
+if test "$ac_cv___attribute__" = "yes"; then
+  AC_DEFINE(HAVE___ATTRIBUTE__, 1, [define if your compiler has __attribute__])
+fi
+AC_MSG_RESULT($ac_cv___attribute__)
+])
+
diff --git a/crypto/kerberosIV/cf/c-function.m4 b/crypto/kerberosIV/cf/c-function.m4
new file mode 100644
index 0000000..b16d556
--- /dev/null
+++ b/crypto/kerberosIV/cf/c-function.m4
@@ -0,0 +1,33 @@
+dnl
+dnl $Id: c-function.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+
+dnl
+dnl Test for __FUNCTION__
+dnl
+
+AC_DEFUN(AC_C___FUNCTION__, [
+AC_MSG_CHECKING(for __FUNCTION__)
+AC_CACHE_VAL(ac_cv___function__, [
+AC_TRY_RUN([
+#include <string.h>
+
+static char *foo()
+{
+  return __FUNCTION__;
+}
+
+int main()
+{
+  return strcmp(foo(), "foo") != 0;
+}
+],
+ac_cv___function__=yes,
+ac_cv___function__=no,
+ac_cv___function__=no)])
+if test "$ac_cv___function__" = "yes"; then
+  AC_DEFINE(HAVE___FUNCTION__, 1, [define if your compiler has __FUNCTION__])
+fi
+AC_MSG_RESULT($ac_cv___function__)
+])
+
diff --git a/crypto/kerberosIV/cf/capabilities.m4 b/crypto/kerberosIV/cf/capabilities.m4
new file mode 100644
index 0000000..6d2669b
--- /dev/null
+++ b/crypto/kerberosIV/cf/capabilities.m4
@@ -0,0 +1,14 @@
+dnl
+dnl $Id: capabilities.m4,v 1.2 1999/09/01 11:02:26 joda Exp $
+dnl
+
+dnl
+dnl Test SGI capabilities
+dnl
+
+AC_DEFUN(KRB_CAPABILITIES,[
+
+AC_CHECK_HEADERS(capability.h sys/capability.h)
+
+AC_CHECK_FUNCS(sgi_getcapabilitybyname cap_set_proc)
+])
diff --git a/crypto/kerberosIV/cf/check-declaration.m4 b/crypto/kerberosIV/cf/check-declaration.m4
new file mode 100644
index 0000000..5f584e5
--- /dev/null
+++ b/crypto/kerberosIV/cf/check-declaration.m4
@@ -0,0 +1,25 @@
+dnl $Id: check-declaration.m4,v 1.3 1999/03/01 13:03:08 joda Exp $
+dnl
+dnl
+dnl Check if we need the declaration of a variable
+dnl
+
+dnl AC_HAVE_DECLARATION(includes, variable)
+AC_DEFUN(AC_CHECK_DECLARATION, [
+AC_MSG_CHECKING([if $2 is properly declared])
+AC_CACHE_VAL(ac_cv_var_$2_declaration, [
+AC_TRY_COMPILE([$1
+extern struct { int foo; } $2;],
+[$2.foo = 1;],
+eval "ac_cv_var_$2_declaration=no",
+eval "ac_cv_var_$2_declaration=yes")
+])
+
+define(foo, [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION])
+
+AC_MSG_RESULT($ac_cv_var_$2_declaration)
+if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then
+	AC_DEFINE(foo, 1, [define if your system declares $2])
+fi
+undefine([foo])
+])
diff --git a/crypto/kerberosIV/cf/check-getpwnam_r-posix.m4 b/crypto/kerberosIV/cf/check-getpwnam_r-posix.m4
new file mode 100644
index 0000000..cc75666
--- /dev/null
+++ b/crypto/kerberosIV/cf/check-getpwnam_r-posix.m4
@@ -0,0 +1,24 @@
+dnl $Id: check-getpwnam_r-posix.m4,v 1.2 1999/03/23 16:47:31 joda Exp $
+dnl
+dnl check for getpwnam_r, and if it's posix or not
+
+AC_DEFUN(AC_CHECK_GETPWNAM_R_POSIX,[
+AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r)
+if test "$ac_cv_func_getpwnam_r" = yes; then
+	AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix,
+	ac_libs="$LIBS"
+	LIBS="$LIBS $LIB_getpwnam_r"
+	AC_TRY_RUN([
+#include <pwd.h>
+int main()
+{
+	struct passwd pw, *pwd;
+	return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
+}
+],ac_cv_func_getpwnam_r_posix=yes,ac_cv_func_getpwnam_r_posix=no,:)
+LIBS="$ac_libs")
+if test "$ac_cv_func_getpwnam_r_posix" = yes; then
+	AC_DEFINE(POSIX_GETPWNAM_R, 1, [Define if getpwnam_r has POSIX flavour.])
+fi
+fi
+])
+\ No newline at end of file
diff --git a/crypto/kerberosIV/cf/check-man.m4 b/crypto/kerberosIV/cf/check-man.m4
new file mode 100644
index 0000000..2133069
--- /dev/null
+++ b/crypto/kerberosIV/cf/check-man.m4
@@ -0,0 +1,59 @@
+dnl $Id: check-man.m4,v 1.2 1999/03/21 14:30:50 joda Exp $
+dnl check how to format manual pages
+dnl
+
+AC_DEFUN(AC_CHECK_MAN,
+[AC_PATH_PROG(NROFF, nroff)
+AC_PATH_PROG(GROFF, groff)
+AC_CACHE_CHECK(how to format man pages,ac_cv_sys_man_format,
+[cat > conftest.1 << END
+.Dd January 1, 1970
+.Dt CONFTEST 1
+.Sh NAME
+.Nm conftest
+.Nd
+foobar
+END
+
+if test "$NROFF" ; then
+	for i in "-mdoc" "-mandoc"; do
+		if "$NROFF" $i conftest.1 2> /dev/null | \
+			grep Jan > /dev/null 2>&1 ; then
+			ac_cv_sys_man_format="$NROFF $i"
+			break
+		fi
+	done
+fi
+if test "$ac_cv_sys_man_format" = "" -a "$GROFF" ; then
+	for i in "-mdoc" "-mandoc"; do
+		if "$GROFF" -Tascii $i conftest.1 2> /dev/null | \
+			grep Jan > /dev/null 2>&1 ; then
+			ac_cv_sys_man_format="$GROFF -Tascii $i"
+			break
+		fi
+	done
+fi
+if test "$ac_cv_sys_man_format"; then
+	ac_cv_sys_man_format="$ac_cv_sys_man_format \[$]< > \[$]@"
+fi
+])
+if test "$ac_cv_sys_man_format"; then
+	CATMAN="$ac_cv_sys_man_format"
+	AC_SUBST(CATMAN)
+fi
+AM_CONDITIONAL(CATMAN, test "$CATMAN")
+AC_CACHE_CHECK(extension of pre-formatted manual pages,ac_cv_sys_catman_ext,
+[if grep _suffix /etc/man.conf > /dev/null 2>&1; then
+	ac_cv_sys_catman_ext=0
+else
+	ac_cv_sys_catman_ext=number
+fi
+])
+if test "$ac_cv_sys_catman_ext" = number; then
+	CATMANEXT='$$ext'
+else
+	CATMANEXT=0
+fi
+AC_SUBST(CATMANEXT)
+
+])
+\ No newline at end of file
diff --git a/crypto/kerberosIV/cf/check-netinet-ip-and-tcp.m4 b/crypto/kerberosIV/cf/check-netinet-ip-and-tcp.m4
new file mode 100644
index 0000000..8cb529d
--- /dev/null
+++ b/crypto/kerberosIV/cf/check-netinet-ip-and-tcp.m4
@@ -0,0 +1,38 @@
+dnl
+dnl $Id: check-netinet-ip-and-tcp.m4,v 1.2 1999/05/14 13:15:40 assar Exp $
+dnl
+
+dnl extra magic check for netinet/{ip.h,tcp.h} because on irix 6.5.3
+dnl you have to include standards.h before including these files
+
+AC_DEFUN(CHECK_NETINET_IP_AND_TCP,
+[
+AC_CHECK_HEADERS(standards.h)
+for i in netinet/ip.h netinet/tcp.h; do
+
+cv=`echo "$i" | sed 'y%./+-%__p_%'`
+
+AC_MSG_CHECKING([for $i])
+AC_CACHE_VAL([ac_cv_header_$cv],
+[AC_TRY_CPP([\
+#ifdef HAVE_STANDARDS_H
+#include <standards.h>
+#endif
+#include <$i>
+],
+eval "ac_cv_header_$cv=yes",
+eval "ac_cv_header_$cv=no")])
+AC_MSG_RESULT(`eval echo \\$ac_cv_header_$cv`)
+changequote(, )dnl
+if test `eval echo \\$ac_cv_header_$cv` = yes; then
+  ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+changequote([, ])dnl
+  AC_DEFINE_UNQUOTED($ac_tr_hdr, 1)
+fi
+done
+dnl autoheader tricks *sigh*
+: << END
+@@@headers="$headers netinet/ip.h netinet/tcp.h"@@@
+END
+
+])
diff --git a/crypto/kerberosIV/cf/check-type-extra.m4 b/crypto/kerberosIV/cf/check-type-extra.m4
new file mode 100644
index 0000000..e6af4bd
--- /dev/null
+++ b/crypto/kerberosIV/cf/check-type-extra.m4
@@ -0,0 +1,23 @@
+dnl $Id: check-type-extra.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+dnl ac_check_type + extra headers
+
+dnl AC_CHECK_TYPE_EXTRA(TYPE, DEFAULT, HEADERS)
+AC_DEFUN(AC_CHECK_TYPE_EXTRA,
+[AC_REQUIRE([AC_HEADER_STDC])dnl
+AC_MSG_CHECKING(for $1)
+AC_CACHE_VAL(ac_cv_type_$1,
+[AC_EGREP_CPP(dnl
+changequote(<<,>>)dnl
+<<$1[^a-zA-Z_0-9]>>dnl
+changequote([,]), [#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+$3], ac_cv_type_$1=yes, ac_cv_type_$1=no)])dnl
+AC_MSG_RESULT($ac_cv_type_$1)
+if test $ac_cv_type_$1 = no; then
+  AC_DEFINE($1, $2, [Define this to what the type $1 should be.])
+fi
+])
diff --git a/crypto/kerberosIV/cf/check-var.m4 b/crypto/kerberosIV/cf/check-var.m4
new file mode 100644
index 0000000..9f37366
--- /dev/null
+++ b/crypto/kerberosIV/cf/check-var.m4
@@ -0,0 +1,20 @@
+dnl $Id: check-var.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+dnl AC_CHECK_VAR(includes, variable)
+AC_DEFUN(AC_CHECK_VAR, [
+AC_MSG_CHECKING(for $2)
+AC_CACHE_VAL(ac_cv_var_$2, [
+AC_TRY_LINK([extern int $2;
+int foo() { return $2; }],
+	    [foo()],
+	    ac_cv_var_$2=yes, ac_cv_var_$2=no)
+])
+define([foo], [HAVE_]translit($2, [a-z], [A-Z]))
+
+AC_MSG_RESULT(`eval echo \\$ac_cv_var_$2`)
+if test `eval echo \\$ac_cv_var_$2` = yes; then
+	AC_DEFINE_UNQUOTED(foo, 1, [define if you have $2])
+	AC_CHECK_DECLARATION([$1],[$2])
+fi
+undefine([foo])
+])
diff --git a/crypto/kerberosIV/cf/check-x.m4 b/crypto/kerberosIV/cf/check-x.m4
new file mode 100644
index 0000000..1791e5a
--- /dev/null
+++ b/crypto/kerberosIV/cf/check-x.m4
@@ -0,0 +1,52 @@
+dnl 
+dnl See if there is any X11 present
+dnl
+dnl $Id: check-x.m4,v 1.2 1999/11/05 04:25:23 assar Exp $
+
+AC_DEFUN(KRB_CHECK_X,[
+AC_PATH_XTRA
+
+# try to figure out if we need any additional ld flags, like -R
+# and yes, the autoconf X test is utterly broken
+if test "$no_x" != yes; then
+	AC_CACHE_CHECK(for special X linker flags,krb_cv_sys_x_libs_rpath,[
+	ac_save_libs="$LIBS"
+	ac_save_cflags="$CFLAGS"
+	CFLAGS="$CFLAGS $X_CFLAGS"
+	krb_cv_sys_x_libs_rpath=""
+	krb_cv_sys_x_libs=""
+	for rflag in "" "-R" "-R " "-rpath "; do
+		if test "$rflag" = ""; then
+			foo="$X_LIBS"
+		else
+			foo=""
+			for flag in $X_LIBS; do
+			case $flag in
+			-L*)
+				foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`"
+				;;
+			*)
+				foo="$foo $flag"
+				;;
+			esac
+			done
+		fi
+		LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS"
+		AC_TRY_RUN([
+		#include <X11/Xlib.h>
+		foo()
+		{
+		XOpenDisplay(NULL);
+		}
+		main()
+		{
+		return 0;
+		}
+		], krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break,:)
+	done
+	LIBS="$ac_save_libs"
+	CFLAGS="$ac_save_cflags"
+	])
+	X_LIBS="$krb_cv_sys_x_libs"
+fi
+])
diff --git a/crypto/kerberosIV/cf/check-xau.m4 b/crypto/kerberosIV/cf/check-xau.m4
new file mode 100644
index 0000000..bad2a60
--- /dev/null
+++ b/crypto/kerberosIV/cf/check-xau.m4
@@ -0,0 +1,64 @@
+dnl $Id: check-xau.m4,v 1.3 1999/05/14 01:17:06 assar Exp $
+dnl
+dnl check for Xau{Read,Write}Auth and XauFileName
+dnl
+AC_DEFUN(AC_CHECK_XAU,[
+save_CFLAGS="$CFLAGS"
+CFLAGS="$X_CFLAGS $CFLAGS"
+save_LIBS="$LIBS"
+dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+save_LDFLAGS="$LDFLAGS"
+LDFLAGS="$LDFLAGS $X_LIBS"
+
+## check for XauWriteAuth first, so we detect the case where
+## XauReadAuth is in -lX11, but XauWriteAuth is only in -lXau this
+## could be done by checking for XauReadAuth in -lXau first, but this
+## breaks in IRIX 6.5
+
+AC_FIND_FUNC_NO_LIBS(XauWriteAuth, X11 Xau)
+ac_xxx="$LIBS"
+LIBS="$LIB_XauWriteAuth $LIBS"
+AC_FIND_FUNC_NO_LIBS(XauReadAuth, X11 Xau)
+LIBS="$LIB_XauReadAauth $LIBS"
+AC_FIND_FUNC_NO_LIBS(XauFileName, X11 Xau)
+LIBS="$ac_xxx"
+
+## set LIB_XauReadAuth to union of these tests, since this is what the
+## Makefiles are using
+case "$ac_cv_funclib_XauWriteAuth" in
+yes)	;;
+no)	;;
+*)	if test "$ac_cv_funclib_XauReadAuth" = yes; then
+		if test "$ac_cv_funclib_XauFileName" = yes; then
+			LIB_XauReadAuth="$LIB_XauWriteAuth"
+		else
+			LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName"
+		fi
+	else
+		if test "$ac_cv_funclib_XauFileName" = yes; then
+			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth"
+		else
+			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName"
+		fi
+	fi
+	;;
+esac
+
+if test "$AUTOMAKE" != ""; then
+	AM_CONDITIONAL(NEED_WRITEAUTH, test "$ac_cv_func_XauWriteAuth" != "yes")
+else
+	AC_SUBST(NEED_WRITEAUTH_TRUE)
+	AC_SUBST(NEED_WRITEAUTH_FALSE)
+	if test "$ac_cv_func_XauWriteAuth" != "yes"; then
+		NEED_WRITEAUTH_TRUE=
+		NEED_WRITEAUTH_FALSE='#'
+	else
+		NEED_WRITEAUTH_TRUE='#'
+		NEED_WRITEAUTH_FALSE=
+	fi
+fi
+CFLAGS=$save_CFLAGS
+LIBS=$save_LIBS
+LDFLAGS=$save_LDFLAGS
+])
diff --git a/crypto/kerberosIV/cf/find-func-no-libs.m4 b/crypto/kerberosIV/cf/find-func-no-libs.m4
new file mode 100644
index 0000000..3deab02
--- /dev/null
+++ b/crypto/kerberosIV/cf/find-func-no-libs.m4
@@ -0,0 +1,9 @@
+dnl $Id: find-func-no-libs.m4,v 1.5 1999/10/30 21:08:18 assar Exp $
+dnl
+dnl
+dnl Look for function in any of the specified libraries
+dnl
+
+dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra args)
+AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [
+AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])])
diff --git a/crypto/kerberosIV/cf/find-func-no-libs2.m4 b/crypto/kerberosIV/cf/find-func-no-libs2.m4
new file mode 100644
index 0000000..c404a7c
--- /dev/null
+++ b/crypto/kerberosIV/cf/find-func-no-libs2.m4
@@ -0,0 +1,63 @@
+dnl $Id: find-func-no-libs2.m4,v 1.3 1999/10/30 21:09:53 assar Exp $
+dnl
+dnl
+dnl Look for function in any of the specified libraries
+dnl
+
+dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments, extra libs, extra args)
+AC_DEFUN(AC_FIND_FUNC_NO_LIBS2, [
+
+AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(ac_cv_funclib_$1,
+[
+if eval "test \"\$ac_cv_func_$1\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in $2; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS="$6 $ac_lib $5 $ac_save_LIBS"
+		AC_TRY_LINK([$3],[$1($4)],eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break)
+	done
+	eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}"
+	LIBS="$ac_save_LIBS"
+fi
+])
+
+eval "ac_res=\$ac_cv_funclib_$1"
+
+dnl autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs $1"@@@
+@@@libs="$libs $2"@@@
+END
+
+# $1
+eval "ac_tr_func=HAVE_[]upcase($1)"
+eval "ac_tr_lib=HAVE_LIB[]upcase($ac_res | sed -e 's/-l//')"
+eval "LIB_$1=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_$1=yes"
+	eval "LIB_$1="
+	AC_DEFINE_UNQUOTED($ac_tr_func)
+	AC_MSG_RESULT([yes])
+	;;
+	no)
+	eval "ac_cv_func_$1=no"
+	eval "LIB_$1="
+	AC_MSG_RESULT([no])
+	;;
+	*)
+	eval "ac_cv_func_$1=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	AC_DEFINE_UNQUOTED($ac_tr_func)
+	AC_DEFINE_UNQUOTED($ac_tr_lib)
+	AC_MSG_RESULT([yes, in $ac_res])
+	;;
+esac
+AC_SUBST(LIB_$1)
+])
diff --git a/crypto/kerberosIV/cf/find-func.m4 b/crypto/kerberosIV/cf/find-func.m4
new file mode 100644
index 0000000..bb2b3ac
--- /dev/null
+++ b/crypto/kerberosIV/cf/find-func.m4
@@ -0,0 +1,9 @@
+dnl $Id: find-func.m4,v 1.1 1997/12/14 15:58:58 joda Exp $
+dnl
+dnl AC_FIND_FUNC(func, libraries, includes, arguments)
+AC_DEFUN(AC_FIND_FUNC, [
+AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4])
+if test -n "$LIB_$1"; then
+	LIBS="$LIB_$1 $LIBS"
+fi
+])
diff --git a/crypto/kerberosIV/cf/find-if-not-broken.m4 b/crypto/kerberosIV/cf/find-if-not-broken.m4
new file mode 100644
index 0000000..e855ec7
--- /dev/null
+++ b/crypto/kerberosIV/cf/find-if-not-broken.m4
@@ -0,0 +1,13 @@
+dnl $Id: find-if-not-broken.m4,v 1.2 1998/03/16 22:16:27 joda Exp $
+dnl
+dnl
+dnl Mix between AC_FIND_FUNC and AC_BROKEN
+dnl
+
+AC_DEFUN(AC_FIND_IF_NOT_BROKEN,
+[AC_FIND_FUNC([$1], [$2], [$3], [$4])
+if eval "test \"$ac_cv_func_$1\" != yes"; then
+LIBOBJS[]="$LIBOBJS $1.o"
+fi
+AC_SUBST(LIBOBJS)dnl
+])
diff --git a/crypto/kerberosIV/cf/grok-type.m4 b/crypto/kerberosIV/cf/grok-type.m4
new file mode 100644
index 0000000..5bc6a66
--- /dev/null
+++ b/crypto/kerberosIV/cf/grok-type.m4
@@ -0,0 +1,38 @@
+dnl $Id: grok-type.m4,v 1.4 1999/11/29 11:16:48 joda Exp $
+dnl
+AC_DEFUN(AC_GROK_TYPE, [
+AC_CACHE_VAL(ac_cv_type_$1, 
+AC_TRY_COMPILE([
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+],
+$i x;
+,
+eval ac_cv_type_$1=yes,
+eval ac_cv_type_$1=no))])
+
+AC_DEFUN(AC_GROK_TYPES, [
+for i in $1; do
+	AC_MSG_CHECKING(for $i)
+	AC_GROK_TYPE($i)
+	eval ac_res=\$ac_cv_type_$i
+	if test "$ac_res" = yes; then
+		type=HAVE_[]upcase($i)
+		AC_DEFINE_UNQUOTED($type)
+	fi
+	AC_MSG_RESULT($ac_res)
+done
+])
diff --git a/crypto/kerberosIV/cf/have-pragma-weak.m4 b/crypto/kerberosIV/cf/have-pragma-weak.m4
new file mode 100644
index 0000000..330e601
--- /dev/null
+++ b/crypto/kerberosIV/cf/have-pragma-weak.m4
@@ -0,0 +1,37 @@
+dnl $Id: have-pragma-weak.m4,v 1.3 1999/03/01 11:55:25 joda Exp $
+dnl
+AC_DEFUN(AC_HAVE_PRAGMA_WEAK, [
+if test "${enable_shared}" = "yes"; then
+AC_MSG_CHECKING(for pragma weak)
+AC_CACHE_VAL(ac_have_pragma_weak, [
+ac_have_pragma_weak=no
+cat > conftest_foo.$ac_ext <<'EOF'
+[#]line __oline__ "configure"
+#include "confdefs.h"
+#pragma weak foo = _foo
+int _foo = 17;
+EOF
+cat > conftest_bar.$ac_ext <<'EOF'
+[#]line __oline__ "configure"
+#include "confdefs.h"
+extern int foo;
+
+int t() {
+  return foo;
+}
+
+int main() {
+  return t();
+}
+EOF
+if AC_TRY_EVAL('CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&AC_FD_CC'); then
+ac_have_pragma_weak=yes
+fi
+rm -rf conftest*
+])
+if test "$ac_have_pragma_weak" = "yes"; then
+	AC_DEFINE(HAVE_PRAGMA_WEAK, 1, [Define this if your compiler supports \`#pragma weak.'])dnl
+fi
+AC_MSG_RESULT($ac_have_pragma_weak)
+fi
+])
diff --git a/crypto/kerberosIV/cf/have-struct-field.m4 b/crypto/kerberosIV/cf/have-struct-field.m4
new file mode 100644
index 0000000..88ad5c3
--- /dev/null
+++ b/crypto/kerberosIV/cf/have-struct-field.m4
@@ -0,0 +1,19 @@
+dnl $Id: have-struct-field.m4,v 1.6 1999/07/29 01:44:32 assar Exp $
+dnl
+dnl check for fields in a structure
+dnl
+dnl AC_HAVE_STRUCT_FIELD(struct, field, headers)
+
+AC_DEFUN(AC_HAVE_STRUCT_FIELD, [
+define(cache_val, translit(ac_cv_type_$1_$2, [A-Z ], [a-z_]))
+AC_CACHE_CHECK([for $2 in $1], cache_val,[
+AC_TRY_COMPILE([$3],[$1 x; x.$2;],
+cache_val=yes,
+cache_val=no)])
+if test "$cache_val" = yes; then
+	define(foo, translit(HAVE_$1_$2, [a-z ], [A-Z_]))
+	AC_DEFINE(foo, 1, [Define if $1 has field $2.])
+	undefine([foo])
+fi
+undefine([cache_val])
+])
diff --git a/crypto/kerberosIV/cf/have-type.m4 b/crypto/kerberosIV/cf/have-type.m4
new file mode 100644
index 0000000..7963355
--- /dev/null
+++ b/crypto/kerberosIV/cf/have-type.m4
@@ -0,0 +1,31 @@
+dnl $Id: have-type.m4,v 1.4 1999/07/24 19:23:01 assar Exp $
+dnl
+dnl check for existance of a type
+
+dnl AC_HAVE_TYPE(TYPE,INCLUDES)
+AC_DEFUN(AC_HAVE_TYPE, [
+cv=`echo "$1" | sed 'y%./+- %__p__%'`
+AC_MSG_CHECKING(for $1)
+AC_CACHE_VAL([ac_cv_type_$cv],
+AC_TRY_COMPILE(
+[#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+$2],
+[$1 foo;],
+eval "ac_cv_type_$cv=yes",
+eval "ac_cv_type_$cv=no"))dnl
+AC_MSG_RESULT(`eval echo \\$ac_cv_type_$cv`)
+if test `eval echo \\$ac_cv_type_$cv` = yes; then
+  ac_tr_hdr=HAVE_`echo $1 | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+dnl autoheader tricks *sigh*
+define(foo,translit($1, [ ], [_]))
+: << END
+@@@funcs="$funcs foo"@@@
+END
+undefine([foo])
+  AC_DEFINE_UNQUOTED($ac_tr_hdr, 1)
+fi
+])
diff --git a/crypto/kerberosIV/cf/have-types.m4 b/crypto/kerberosIV/cf/have-types.m4
new file mode 100644
index 0000000..7c85c5d
--- /dev/null
+++ b/crypto/kerberosIV/cf/have-types.m4
@@ -0,0 +1,14 @@
+dnl
+dnl $Id: have-types.m4,v 1.1 1999/07/24 18:38:58 assar Exp $
+dnl
+
+AC_DEFUN(AC_HAVE_TYPES, [
+for i in $1; do
+        AC_HAVE_TYPE($i)
+done
+: << END
+changequote(`,')dnl
+@@@funcs="$funcs $1"@@@
+changequote([,])dnl
+END
+])
diff --git a/crypto/kerberosIV/cf/krb-find-db.m4 b/crypto/kerberosIV/cf/krb-find-db.m4
new file mode 100644
index 0000000..5080049
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-find-db.m4
@@ -0,0 +1,98 @@
+dnl $Id: krb-find-db.m4,v 1.5 1999/05/08 02:24:04 assar Exp $
+dnl
+dnl find a suitable database library
+dnl
+dnl AC_FIND_DB(libraries)
+AC_DEFUN(KRB_FIND_DB, [
+
+lib_dbm=no
+lib_db=no
+
+for i in $1; do
+
+	if test "$i"; then
+		m="lib$i"
+		l="-l$i"
+	else
+		m="libc"
+		l=""
+	fi	
+
+	AC_MSG_CHECKING(for dbm_open in $m)
+	AC_CACHE_VAL(ac_cv_krb_dbm_open_$m, [
+
+	save_LIBS="$LIBS"
+	LIBS="$l $LIBS"
+	AC_TRY_RUN([
+#include <unistd.h>
+#include <fcntl.h>
+#if defined(HAVE_NDBM_H)
+#include <ndbm.h>
+#elif defined(HAVE_DBM_H)
+#include <dbm.h>
+#elif defined(HAVE_RPCSVC_DBM_H)
+#include <rpcsvc/dbm.h>
+#elif defined(HAVE_DB_H)
+#define DB_DBM_HSEARCH 1
+#include <db.h>
+#endif
+int main()
+{
+  DBM *d;
+
+  d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
+  if(d == NULL)
+    return 1;
+  dbm_close(d);
+  return 0;
+}], [
+	if test -f conftest.db; then
+		ac_res=db
+	else
+		ac_res=dbm
+	fi], ac_res=no, ac_res=no)
+
+	LIBS="$save_LIBS"
+
+	eval ac_cv_krb_dbm_open_$m=$ac_res])
+	eval ac_res=\$ac_cv_krb_dbm_open_$m
+	AC_MSG_RESULT($ac_res)
+
+	if test "$lib_dbm" = no -a $ac_res = dbm; then
+		lib_dbm="$l"
+	elif test "$lib_db" = no -a $ac_res = db; then
+		lib_db="$l"
+		break
+	fi
+done
+
+AC_MSG_CHECKING(for NDBM library)
+ac_ndbm=no
+if test "$lib_db" != no; then
+	LIB_DBM="$lib_db"
+	ac_ndbm=yes
+	AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files ending in .db).])
+	if test "$LIB_DBM"; then
+		ac_res="yes, $LIB_DBM"
+	else
+		ac_res=yes
+	fi
+elif test "$lib_dbm" != no; then
+	LIB_DBM="$lib_dbm"
+	ac_ndbm=yes
+	if test "$LIB_DBM"; then
+		ac_res="yes, $LIB_DBM"
+	else
+		ac_res=yes
+	fi
+else
+	LIB_DBM=""
+	ac_res=no
+fi
+test "$ac_ndbm" = yes && AC_DEFINE(NDBM, 1, [Define if you have NDBM (and not DBM)])dnl
+AC_SUBST(LIB_DBM)
+DBLIB="$LIB_DBM"
+AC_SUBST(DBLIB)
+AC_MSG_RESULT($ac_res)
+
+])
diff --git a/crypto/kerberosIV/cf/krb-func-getcwd-broken.m4 b/crypto/kerberosIV/cf/krb-func-getcwd-broken.m4
new file mode 100644
index 0000000..d248922
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-func-getcwd-broken.m4
@@ -0,0 +1,42 @@
+dnl $Id: krb-func-getcwd-broken.m4,v 1.2 1999/03/01 13:03:32 joda Exp $
+dnl
+dnl
+dnl test for broken getcwd in (SunOS braindamage)
+dnl
+
+AC_DEFUN(AC_KRB_FUNC_GETCWD_BROKEN, [
+if test "$ac_cv_func_getcwd" = yes; then
+AC_MSG_CHECKING(if getcwd is broken)
+AC_CACHE_VAL(ac_cv_func_getcwd_broken, [
+ac_cv_func_getcwd_broken=no
+
+AC_TRY_RUN([
+#include <errno.h>
+char *getcwd(char*, int);
+
+void *popen(char *cmd, char *mode)
+{
+	errno = ENOTTY;
+	return 0;
+}
+
+int main()
+{
+	char *ret;
+	ret = getcwd(0, 1024);
+	if(ret == 0 && errno == ENOTTY)
+		return 0;
+	return 1;
+}
+], ac_cv_func_getcwd_broken=yes,:,:)
+])
+if test "$ac_cv_func_getcwd_broken" = yes; then
+	AC_DEFINE(BROKEN_GETCWD, 1, [Define if getcwd is broken (like in SunOS 4).])dnl
+	LIBOBJS="$LIBOBJS getcwd.o"
+	AC_SUBST(LIBOBJS)dnl
+	AC_MSG_RESULT($ac_cv_func_getcwd_broken)
+else
+	AC_MSG_RESULT([seems ok])
+fi
+fi
+])
diff --git a/crypto/kerberosIV/cf/krb-func-getlogin.m4 b/crypto/kerberosIV/cf/krb-func-getlogin.m4
new file mode 100644
index 0000000..921c5ab
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-func-getlogin.m4
@@ -0,0 +1,22 @@
+dnl
+dnl $Id: krb-func-getlogin.m4,v 1.1 1999/07/13 17:45:30 assar Exp $
+dnl
+dnl test for POSIX (broken) getlogin
+dnl
+
+
+AC_DEFUN(AC_FUNC_GETLOGIN, [
+AC_CHECK_FUNCS(getlogin setlogin)
+if test "$ac_cv_func_getlogin" = yes; then
+AC_CACHE_CHECK(if getlogin is posix, ac_cv_func_getlogin_posix, [
+if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then
+	ac_cv_func_getlogin_posix=no
+else
+	ac_cv_func_getlogin_posix=yes
+fi
+])
+if test "$ac_cv_func_getlogin_posix" = yes; then
+	AC_DEFINE(POSIX_GETLOGIN, 1, [Define if getlogin has POSIX flavour (and not BSD).])
+fi
+fi
+])
diff --git a/crypto/kerberosIV/cf/krb-ipv6.m4 b/crypto/kerberosIV/cf/krb-ipv6.m4
new file mode 100644
index 0000000..490058d
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-ipv6.m4
@@ -0,0 +1,130 @@
+dnl $Id: krb-ipv6.m4,v 1.5 1999/03/21 14:06:16 joda Exp $
+dnl
+dnl test for IPv6
+dnl
+AC_DEFUN(AC_KRB_IPV6, [
+AC_CACHE_CHECK(for IPv6,ac_cv_lib_ipv6,
+AC_TRY_COMPILE([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+],
+[
+#if defined(IN6ADDR_ANY_INIT)
+struct in6_addr any = IN6ADDR_ANY_INIT;
+#elif defined(IPV6ADDR_ANY_INIT)
+struct in6_addr any = IPV6ADDR_ANY_INIT;
+#else
+#error no any?
+#endif
+ struct sockaddr_in6 sin6;
+ int s;
+
+ s = socket(AF_INET6, SOCK_DGRAM, 0);
+
+ sin6.sin6_family = AF_INET6;
+ sin6.sin6_port = htons(17);
+ sin6.sin6_addr = any;
+ bind(s, (struct sockaddr *)&sin6, sizeof(sin6));
+],
+ac_cv_lib_ipv6=yes,
+ac_cv_lib_ipv6=no))
+if test "$ac_cv_lib_ipv6" = yes; then
+  AC_DEFINE(HAVE_IPV6, 1, [Define if you have IPv6.])
+
+	dnl check for different v6 implementations (by itojun)
+	v6type=unknown
+	v6lib=none
+
+	AC_MSG_CHECKING([ipv6 stack type])
+	for i in v6d toshiba kame inria zeta linux; do
+		case $i in
+		v6d)
+			AC_EGREP_CPP(yes, [dnl
+#include </usr/local/v6/include/sys/types.h>
+#ifdef __V6D__
+yes
+#endif],
+				[v6type=$i; v6lib=v6;
+				v6libdir=/usr/local/v6/lib;
+				CFLAGS="-I/usr/local/v6/include $CFLAGS"])
+			;;
+		toshiba)
+			AC_EGREP_CPP(yes, [dnl
+#include <sys/param.h>
+#ifdef _TOSHIBA_INET6
+yes
+#endif],
+				[v6type=$i; v6lib=inet6;
+				v6libdir=/usr/local/v6/lib;
+				CFLAGS="-DINET6 $CFLAGS"])
+			;;
+		kame)
+			AC_EGREP_CPP(yes, [dnl
+#include <netinet/in.h>
+#ifdef __KAME__
+yes
+#endif],
+				[v6type=$i; v6lib=inet6;
+				v6libdir=/usr/local/v6/lib;
+				CFLAGS="-DINET6 $CFLAGS"])
+			;;
+		inria)
+			AC_EGREP_CPP(yes, [dnl
+#include <netinet/in.h>
+#ifdef IPV6_INRIA_VERSION
+yes
+#endif],
+				[v6type=$i; CFLAGS="-DINET6 $CFLAGS"])
+			;;
+		zeta)
+			AC_EGREP_CPP(yes, [dnl
+#include <sys/param.h>
+#ifdef _ZETA_MINAMI_INET6
+yes
+#endif],
+				[v6type=$i; v6lib=inet6;
+				v6libdir=/usr/local/v6/lib;
+				CFLAGS="-DINET6 $CFLAGS"])
+			;;
+		linux)
+			if test -d /usr/inet6; then
+				v6type=$i
+				v6lib=inet6
+				v6libdir=/usr/inet6
+				CFLAGS="-DINET6 $CFLAGS"
+			fi
+			;;
+		esac
+		if test "$v6type" != "unknown"; then
+			break
+		fi
+	done
+	AC_MSG_RESULT($v6type)
+
+	if test "$v6lib" != "none"; then
+		for dir in $v6libdir /usr/local/v6/lib /usr/local/lib; do
+			if test -d $dir -a -f $dir/lib$v6lib.a; then
+				LIBS="-L$dir -l$v6lib $LIBS"
+				break
+			fi
+		done
+dnl		AC_CHECK_LIB($v6lib, getaddrinfo,
+dnl			[SERVER_LIBS="-l$v6lib $SERVER_LIBS"],
+dnl			[dnl
+dnl			echo "Fatal: no $v6lib library found.  cannot continue."
+dnl			echo "You need to fetch lib$v6lib.a from appropriate v6 kit and"
+dnl			echo 'compile beforehand.'
+dnl			exit 1])
+	fi
+fi
+])
diff --git a/crypto/kerberosIV/cf/krb-prog-ln-s.m4 b/crypto/kerberosIV/cf/krb-prog-ln-s.m4
new file mode 100644
index 0000000..efb706e
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-prog-ln-s.m4
@@ -0,0 +1,28 @@
+dnl $Id: krb-prog-ln-s.m4,v 1.1 1997/12/14 15:59:01 joda Exp $
+dnl
+dnl
+dnl Better test for ln -s, ln or cp
+dnl
+
+AC_DEFUN(AC_KRB_PROG_LN_S,
+[AC_MSG_CHECKING(for ln -s or something else)
+AC_CACHE_VAL(ac_cv_prog_LN_S,
+[rm -f conftestdata
+if ln -s X conftestdata 2>/dev/null
+then
+  rm -f conftestdata
+  ac_cv_prog_LN_S="ln -s"
+else
+  touch conftestdata1
+  if ln conftestdata1 conftestdata2; then
+    rm -f conftestdata*
+    ac_cv_prog_LN_S=ln
+  else
+    ac_cv_prog_LN_S=cp
+  fi
+fi])dnl
+LN_S="$ac_cv_prog_LN_S"
+AC_MSG_RESULT($ac_cv_prog_LN_S)
+AC_SUBST(LN_S)dnl
+])
+
diff --git a/crypto/kerberosIV/cf/krb-prog-ranlib.m4 b/crypto/kerberosIV/cf/krb-prog-ranlib.m4
new file mode 100644
index 0000000..fd1d3db
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-prog-ranlib.m4
@@ -0,0 +1,8 @@
+dnl $Id: krb-prog-ranlib.m4,v 1.1 1997/12/14 15:59:01 joda Exp $
+dnl
+dnl
+dnl Also look for EMXOMF for OS/2
+dnl
+
+AC_DEFUN(AC_KRB_PROG_RANLIB,
+[AC_CHECK_PROGS(RANLIB, ranlib EMXOMF, :)])
diff --git a/crypto/kerberosIV/cf/krb-prog-yacc.m4 b/crypto/kerberosIV/cf/krb-prog-yacc.m4
new file mode 100644
index 0000000..28ae59c
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-prog-yacc.m4
@@ -0,0 +1,8 @@
+dnl $Id: krb-prog-yacc.m4,v 1.1 1997/12/14 15:59:02 joda Exp $
+dnl
+dnl
+dnl We prefer byacc or yacc because they do not use `alloca'
+dnl
+
+AC_DEFUN(AC_KRB_PROG_YACC,
+[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y')])
diff --git a/crypto/kerberosIV/cf/krb-struct-sockaddr-sa-len.m4 b/crypto/kerberosIV/cf/krb-struct-sockaddr-sa-len.m4
new file mode 100644
index 0000000..ac80690
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-struct-sockaddr-sa-len.m4
@@ -0,0 +1,22 @@
+dnl $Id: krb-struct-sockaddr-sa-len.m4,v 1.1 1997/12/14 15:59:02 joda Exp $
+dnl
+dnl
+dnl Check for sa_len in sys/socket.h
+dnl
+
+AC_DEFUN(AC_KRB_STRUCT_SOCKADDR_SA_LEN, [
+AC_MSG_CHECKING(for sa_len in struct sockaddr)
+AC_CACHE_VAL(ac_cv_struct_sockaddr_sa_len, [
+AC_TRY_COMPILE(
+[#include <sys/types.h>
+#include <sys/socket.h>],
+[struct sockaddr sa;
+int foo = sa.sa_len;],
+ac_cv_struct_sockaddr_sa_len=yes,
+ac_cv_struct_sockaddr_sa_len=no)
+])
+if test "$ac_cv_struct_sockaddr_sa_len" = yes; then
+	AC_DEFINE(SOCKADDR_HAS_SA_LEN)dnl
+fi
+AC_MSG_RESULT($ac_cv_struct_sockaddr_sa_len)
+])
diff --git a/crypto/kerberosIV/cf/krb-struct-spwd.m4 b/crypto/kerberosIV/cf/krb-struct-spwd.m4
new file mode 100644
index 0000000..4ab81fd
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-struct-spwd.m4
@@ -0,0 +1,22 @@
+dnl $Id: krb-struct-spwd.m4,v 1.3 1999/07/13 21:04:11 assar Exp $
+dnl
+dnl Test for `struct spwd'
+
+AC_DEFUN(AC_KRB_STRUCT_SPWD, [
+AC_MSG_CHECKING(for struct spwd)
+AC_CACHE_VAL(ac_cv_struct_spwd, [
+AC_TRY_COMPILE(
+[#include <pwd.h>
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif],
+[struct spwd foo;],
+ac_cv_struct_spwd=yes,
+ac_cv_struct_spwd=no)
+])
+AC_MSG_RESULT($ac_cv_struct_spwd)
+
+if test "$ac_cv_struct_spwd" = "yes"; then
+  AC_DEFINE(HAVE_STRUCT_SPWD, 1, [define if you have struct spwd])
+fi
+])
diff --git a/crypto/kerberosIV/cf/krb-struct-winsize.m4 b/crypto/kerberosIV/cf/krb-struct-winsize.m4
new file mode 100644
index 0000000..f89f683
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-struct-winsize.m4
@@ -0,0 +1,27 @@
+dnl $Id: krb-struct-winsize.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+dnl
+dnl Search for struct winsize
+dnl
+
+AC_DEFUN(AC_KRB_STRUCT_WINSIZE, [
+AC_MSG_CHECKING(for struct winsize)
+AC_CACHE_VAL(ac_cv_struct_winsize, [
+ac_cv_struct_winsize=no
+for i in sys/termios.h sys/ioctl.h; do
+AC_EGREP_HEADER(
+changequote(, )dnl
+struct[ 	]*winsize,dnl
+changequote([,])dnl
+$i, ac_cv_struct_winsize=yes; break)dnl
+done
+])
+if test "$ac_cv_struct_winsize" = "yes"; then
+  AC_DEFINE(HAVE_STRUCT_WINSIZE, 1, [define if struct winsize is declared in sys/termios.h])
+fi
+AC_MSG_RESULT($ac_cv_struct_winsize)
+AC_EGREP_HEADER(ws_xpixel, termios.h, 
+	AC_DEFINE(HAVE_WS_XPIXEL, 1, [define if struct winsize has ws_xpixel]))
+AC_EGREP_HEADER(ws_ypixel, termios.h, 
+	AC_DEFINE(HAVE_WS_YPIXEL, 1, [define if struct winsize has ws_ypixel]))
+])
diff --git a/crypto/kerberosIV/cf/krb-sys-aix.m4 b/crypto/kerberosIV/cf/krb-sys-aix.m4
new file mode 100644
index 0000000..a538005
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-sys-aix.m4
@@ -0,0 +1,15 @@
+dnl $Id: krb-sys-aix.m4,v 1.1 1997/12/14 15:59:02 joda Exp $
+dnl
+dnl
+dnl AIX have a very different syscall convention
+dnl
+AC_DEFUN(AC_KRB_SYS_AIX, [
+AC_MSG_CHECKING(for AIX)
+AC_CACHE_VAL(krb_cv_sys_aix,
+AC_EGREP_CPP(yes, 
+[#ifdef _AIX
+	yes
+#endif 
+], krb_cv_sys_aix=yes, krb_cv_sys_aix=no) )
+AC_MSG_RESULT($krb_cv_sys_aix)
+])
diff --git a/crypto/kerberosIV/cf/krb-sys-nextstep.m4 b/crypto/kerberosIV/cf/krb-sys-nextstep.m4
new file mode 100644
index 0000000..31dc907
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-sys-nextstep.m4
@@ -0,0 +1,21 @@
+dnl $Id: krb-sys-nextstep.m4,v 1.2 1998/06/03 23:48:40 joda Exp $
+dnl
+dnl
+dnl NEXTSTEP is not posix compliant by default,
+dnl you need a switch -posix to the compiler
+dnl
+
+AC_DEFUN(AC_KRB_SYS_NEXTSTEP, [
+AC_MSG_CHECKING(for NEXTSTEP)
+AC_CACHE_VAL(krb_cv_sys_nextstep,
+AC_EGREP_CPP(yes, 
+[#if defined(NeXT) && !defined(__APPLE__)
+	yes
+#endif 
+], krb_cv_sys_nextstep=yes, krb_cv_sys_nextstep=no) )
+if test "$krb_cv_sys_nextstep" = "yes"; then
+  CFLAGS="$CFLAGS -posix"
+  LIBS="$LIBS -posix"
+fi
+AC_MSG_RESULT($krb_cv_sys_nextstep)
+])
diff --git a/crypto/kerberosIV/cf/krb-version.m4 b/crypto/kerberosIV/cf/krb-version.m4
new file mode 100644
index 0000000..a4a1221
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-version.m4
@@ -0,0 +1,25 @@
+dnl $Id: krb-version.m4,v 1.1 1997/12/14 15:59:03 joda Exp $
+dnl
+dnl
+dnl output a C header-file with some version strings
+dnl
+AC_DEFUN(AC_KRB_VERSION,[
+dnl AC_OUTPUT_COMMANDS([
+cat > include/newversion.h.in <<FOOBAR
+char *${PACKAGE}_long_version = "@(#)\$Version: $PACKAGE-$VERSION by @USER@ on @HOST@ ($host) @DATE@ \$";
+char *${PACKAGE}_version = "$PACKAGE-$VERSION";
+FOOBAR
+
+if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
+	echo "include/version.h is unchanged"
+	rm -f include/newversion.h.in
+else
+ 	echo "creating include/version.h"
+ 	User=${USER-${LOGNAME}}
+ 	Host=`(hostname || uname -n) 2>/dev/null | sed 1q`
+ 	Date=`date`
+	mv -f include/newversion.h.in include/version.h.in
+	sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
+fi
+dnl ],host=$host PACKAGE=$PACKAGE VERSION=$VERSION)
+])
diff --git a/crypto/kerberosIV/cf/make-proto.pl b/crypto/kerberosIV/cf/make-proto.pl
new file mode 100644
index 0000000..9a47aed
--- /dev/null
+++ b/crypto/kerberosIV/cf/make-proto.pl
@@ -0,0 +1,199 @@
+# Make prototypes from .c files
+# $Id: make-proto.pl,v 1.11 1999/04/15 12:37:54 joda Exp $
+
+##use Getopt::Std;
+require 'getopts.pl';
+
+$brace = 0;
+$line = "";
+$debug = 0;
+
+do Getopts('o:p:d') || die "foo";
+
+if($opt_d) {
+    $debug = 1;
+}
+
+while(<>) {
+    print $brace, " ", $_ if($debug);
+    if(/^\#if 0/) {
+	$if_0 = 1;
+    }
+    if($if_0 && /^\#endif/) {
+	$if_0 = 0;
+    }
+    if($if_0) { next }
+    if(/^\s*\#/) {
+	next;
+    }
+    if(/^\s*$/) {
+	$line = "";
+	next;
+    }
+    if(/\{/){
+	$_ = $line;
+	while(s/\*\//\ca/){
+	    s/\/\*(.|\n)*\ca//;
+	}
+	s/^\s*//;
+	s/\s$//;
+	s/\s+/ /g;
+	if($line =~ /\)\s$/){
+	    if(!/^static/ && !/^PRIVATE/){
+		if(/(.*)(__attribute__\s?\(.*\))/) {
+		    $attr = $2;
+		    $_ = $1;
+		} else {
+		    $attr = "";
+		}
+		# remove outer ()
+		s/\s*\(/@/;
+		s/\)\s?$/@/;
+		# remove , within ()
+		while(s/\(([^()]*),(.*)\)/($1\$$2)/g){}
+		s/,\s*/,\n\t/g;
+		# fix removed ,
+		s/\$/,/g;
+		# match function name
+		/([a-zA-Z0-9_]+)\s*@/;
+		$f = $1;
+		# only add newline if more than one parameter
+		$LP = "((";  # XXX workaround for indentation bug in emacs
+		$RP = "))";
+		$P = "__P((";
+                if(/,/){ 
+		    s/@/ __P$LP\n\t/;
+		}else{
+		    s/@/ __P$LP/;
+		}
+		s/@/$RP/;
+		# insert newline before function name
+		s/(.*)\s([a-zA-Z0-9_]+ __P)/$1\n$2/;
+		if($attr ne "") {
+		    $_ .= "\n    $attr";
+		}
+		$_ = $_ . ";";
+		$funcs{$f} = $_;
+	    }
+	}
+	$line = "";
+	$brace++;
+    }
+    if(/\}/){
+	$brace--;
+    }
+    if(/^\}/){
+	$brace = 0;
+    }
+    if($brace == 0) {
+	$line = $line . " " . $_;
+    }
+}
+
+sub foo {
+    local ($arg) = @_;
+    $_ = $arg;
+    s/.*\/([^\/]*)/$1/;
+    s/[^a-zA-Z0-9]/_/g;
+    "__" . $_ . "__";
+}
+
+if($opt_o) {
+    open(OUT, ">$opt_o");
+    $block = &foo($opt_o);
+} else {
+    $block = "__public_h__";
+}
+
+if($opt_p) {
+    open(PRIV, ">$opt_p");
+    $private = &foo($opt_p);
+} else {
+    $private = "__private_h__";
+}
+
+$public_h = "";
+$private_h = "";
+
+$public_h_header = "/* This is a generated file */
+#ifndef $block
+#define $block
+
+#ifdef __STDC__
+#include <stdarg.h>
+#ifndef __P
+#define __P(x) x
+#endif
+#else
+#ifndef __P
+#define __P(x) ()
+#endif
+#endif
+
+";
+
+$private_h_header = "/* This is a generated file */
+#ifndef $private
+#define $private
+
+#ifdef __STDC__
+#include <stdarg.h>
+#ifndef __P
+#define __P(x) x
+#endif
+#else
+#ifndef __P
+#define __P(x) ()
+#endif
+#endif
+
+";
+
+foreach(sort keys %funcs){
+    if(/^(main)$/) { next }
+    if(/^_/) {
+	$private_h .= $funcs{$_} . "\n\n";
+	if($funcs{$_} =~ /__attribute__/) {
+	    $private_attribute_seen = 1;
+	}
+    } else {
+	$public_h .= $funcs{$_} . "\n\n";
+	if($funcs{$_} =~ /__attribute__/) {
+	    $public_attribute_seen = 1;
+	}
+    }
+}
+
+if ($public_attribute_seen) {
+    $public_h_header .= "#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(x)
+#endif
+
+";
+}
+
+if ($private_attribute_seen) {
+    $private_h_header .= "#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(x)
+#endif
+
+";
+}
+
+
+if ($public_h ne "") {
+    $public_h = $public_h_header . $public_h . "#endif /* $block */\n";
+}
+if ($private_h ne "") {
+    $private_h = $private_h_header . $private_h . "#endif /* $private */\n";
+}
+
+if($opt_o) {
+    print OUT $public_h;
+} 
+if($opt_p) {
+    print PRIV $private_h;
+} 
+
+close OUT;
+close PRIV;
diff --git a/crypto/kerberosIV/cf/mips-abi.m4 b/crypto/kerberosIV/cf/mips-abi.m4
new file mode 100644
index 0000000..c7b8815
--- /dev/null
+++ b/crypto/kerberosIV/cf/mips-abi.m4
@@ -0,0 +1,87 @@
+dnl $Id: mips-abi.m4,v 1.4 1998/05/16 20:44:15 joda Exp $
+dnl
+dnl
+dnl Check for MIPS/IRIX ABI flags. Sets $abi and $abilibdirext to some
+dnl value.
+
+AC_DEFUN(AC_MIPS_ABI, [
+AC_ARG_WITH(mips_abi,
+[  --with-mips-abi=abi     ABI to use for IRIX (32, n32, or 64)])
+
+case "$host_os" in
+irix*)
+with_mips_abi="${with_mips_abi:-yes}"
+if test -n "$GCC"; then
+
+# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select
+# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs.
+#
+# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old
+# GCC and revert back to O32. The same goes if O32 is asked for - old
+# GCCs doesn't like the -mabi option, and new GCCs can't output O32.
+#
+# Don't you just love *all* the different SGI ABIs?
+
+case "${with_mips_abi}" in 
+        32|o32) abi='-mabi=32';  abilibdirext=''     ;;
+       n32|yes) abi='-mabi=n32'; abilibdirext='32'  ;;
+        64) abi='-mabi=64';  abilibdirext='64'   ;;
+	no) abi=''; abilibdirext='';;
+         *) AC_ERROR("Invalid ABI specified") ;;
+esac
+if test -n "$abi" ; then
+ac_foo=krb_cv_gcc_`echo $abi | tr =- __`
+dnl
+dnl can't use AC_CACHE_CHECK here, since it doesn't quote CACHE-ID to
+dnl AC_MSG_RESULT
+dnl
+AC_MSG_CHECKING([if $CC supports the $abi option])
+AC_CACHE_VAL($ac_foo, [
+save_CFLAGS="$CFLAGS"
+CFLAGS="$CFLAGS $abi"
+AC_TRY_COMPILE(,int x;, eval $ac_foo=yes, eval $ac_foo=no)
+CFLAGS="$save_CFLAGS"
+])
+ac_res=`eval echo \\\$$ac_foo`
+AC_MSG_RESULT($ac_res)
+if test $ac_res = no; then
+# Try to figure out why that failed...
+case $abi in
+	-mabi=32) 
+	save_CFLAGS="$CFLAGS"
+	CFLAGS="$CFLAGS -mabi=n32"
+	AC_TRY_COMPILE(,int x;, ac_res=yes, ac_res=no)
+	CLAGS="$save_CFLAGS"
+	if test $ac_res = yes; then
+		# New GCC
+		AC_ERROR([$CC does not support the $with_mips_abi ABI])
+	fi
+	# Old GCC
+	abi=''
+	abilibdirext=''
+	;;
+	-mabi=n32|-mabi=64)
+		if test $with_mips_abi = yes; then
+			# Old GCC, default to O32
+			abi=''
+			abilibdirext=''
+		else
+			# Some broken GCC
+			AC_ERROR([$CC does not support the $with_mips_abi ABI])
+		fi
+	;;
+esac
+fi #if test $ac_res = no; then
+fi #if test -n "$abi" ; then
+else
+case "${with_mips_abi}" in
+        32|o32) abi='-32'; abilibdirext=''     ;;
+       n32|yes) abi='-n32'; abilibdirext='32'  ;;
+        64) abi='-64'; abilibdirext='64'   ;;
+	no) abi=''; abilibdirext='';;
+         *) AC_ERROR("Invalid ABI specified") ;;
+esac
+fi #if test -n "$GCC"; then
+;;
+esac
+])
diff --git a/crypto/kerberosIV/cf/misc.m4 b/crypto/kerberosIV/cf/misc.m4
new file mode 100644
index 0000000..0be97a4
--- /dev/null
+++ b/crypto/kerberosIV/cf/misc.m4
@@ -0,0 +1,3 @@
+dnl $Id: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
+dnl
+define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
diff --git a/crypto/kerberosIV/cf/need-proto.m4 b/crypto/kerberosIV/cf/need-proto.m4
new file mode 100644
index 0000000..8c8d1d3
--- /dev/null
+++ b/crypto/kerberosIV/cf/need-proto.m4
@@ -0,0 +1,25 @@
+dnl $Id: need-proto.m4,v 1.2 1999/03/01 09:52:24 joda Exp $
+dnl
+dnl
+dnl Check if we need the prototype for a function
+dnl
+
+dnl AC_NEED_PROTO(includes, function)
+
+AC_DEFUN(AC_NEED_PROTO, [
+if test "$ac_cv_func_$2+set" != set -o "$ac_cv_func_$2" = yes; then
+AC_CACHE_CHECK([if $2 needs a prototype], ac_cv_func_$2_noproto,
+AC_TRY_COMPILE([$1],
+[struct foo { int foo; } xx;
+extern int $2 (struct foo*);
+$2(&xx);
+],
+eval "ac_cv_func_$2_noproto=yes",
+eval "ac_cv_func_$2_noproto=no"))
+define([foo], [NEED_]translit($2, [a-z], [A-Z])[_PROTO])
+if test "$ac_cv_func_$2_noproto" = yes; then
+	AC_DEFINE(foo, 1, [define if the system is missing a prototype for $2()])
+fi
+undefine([foo])
+fi
+])
diff --git a/crypto/kerberosIV/cf/osfc2.m4 b/crypto/kerberosIV/cf/osfc2.m4
new file mode 100644
index 0000000..d8cb2e1
--- /dev/null
+++ b/crypto/kerberosIV/cf/osfc2.m4
@@ -0,0 +1,14 @@
+dnl $Id: osfc2.m4,v 1.2 1999/03/27 17:28:16 joda Exp $
+dnl
+dnl enable OSF C2 stuff
+
+AC_DEFUN(AC_CHECK_OSFC2,[
+AC_ARG_ENABLE(osfc2,
+[  --enable-osfc2          enable some OSF C2 support])
+LIB_security=
+if test "$enable_osfc2" = yes; then
+	AC_DEFINE(HAVE_OSFC2, 1, [Define to enable basic OSF C2 support.])
+	LIB_security=-lsecurity
+fi
+AC_SUBST(LIB_security)
+])
diff --git a/crypto/kerberosIV/cf/proto-compat.m4 b/crypto/kerberosIV/cf/proto-compat.m4
new file mode 100644
index 0000000..942f658
--- /dev/null
+++ b/crypto/kerberosIV/cf/proto-compat.m4
@@ -0,0 +1,22 @@
+dnl $Id: proto-compat.m4,v 1.3 1999/03/01 13:03:48 joda Exp $
+dnl
+dnl
+dnl Check if the prototype of a function is compatible with another one
+dnl
+
+dnl AC_PROTO_COMPAT(includes, function, prototype)
+
+AC_DEFUN(AC_PROTO_COMPAT, [
+AC_CACHE_CHECK([if $2 is compatible with system prototype],
+ac_cv_func_$2_proto_compat,
+AC_TRY_COMPILE([$1],
+[$3;],
+eval "ac_cv_func_$2_proto_compat=yes",
+eval "ac_cv_func_$2_proto_compat=no"))
+define([foo], translit($2, [a-z], [A-Z])[_PROTO_COMPATIBLE])
+if test "$ac_cv_func_$2_proto_compat" = yes; then
+	AC_DEFINE(foo, 1, [define if prototype of $2 is compatible with
+	$3])
+fi
+undefine([foo])
+])
+\ No newline at end of file
diff --git a/crypto/kerberosIV/cf/shared-libs.m4 b/crypto/kerberosIV/cf/shared-libs.m4
new file mode 100644
index 0000000..9fe576f
--- /dev/null
+++ b/crypto/kerberosIV/cf/shared-libs.m4
@@ -0,0 +1,187 @@
+dnl
+dnl $Id: shared-libs.m4,v 1.4 1999/07/13 17:47:09 assar Exp $
+dnl
+dnl Shared library stuff has to be different everywhere
+dnl
+
+AC_DEFUN(AC_SHARED_LIBS, [
+
+dnl Check if we want to use shared libraries
+AC_ARG_ENABLE(shared,
+[  --enable-shared         create shared libraries for Kerberos])
+
+AC_SUBST(CFLAGS)dnl
+AC_SUBST(LDFLAGS)dnl
+
+case ${enable_shared} in
+  yes ) enable_shared=yes;;
+  no  ) enable_shared=no;;
+  *   ) enable_shared=no;;
+esac
+
+# NOTE: Building shared libraries may not work if you do not use gcc!
+#
+# OS		$SHLIBEXT
+# HP-UX		sl
+# Linux		so
+# NetBSD	so
+# FreeBSD	so
+# OSF		so
+# SunOS5	so
+# SunOS4	so.0.5
+# Irix		so
+#
+# LIBEXT is the extension we should build (.a or $SHLIBEXT)
+LINK='$(CC)'
+AC_SUBST(LINK)
+lib_deps=yes
+REAL_PICFLAGS="-fpic"
+LDSHARED='$(CC) $(PICFLAGS) -shared'
+LIBPREFIX=lib
+build_symlink_command=@true
+install_symlink_command=@true
+install_symlink_command2=@true
+REAL_SHLIBEXT=so
+changequote({,})dnl
+SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'`
+SHLIB_SONAME=`echo $VERSION | sed 's/\([0-9]*\).*/\1/'`
+changequote([,])dnl
+case "${host}" in
+*-*-hpux*)
+	REAL_SHLIBEXT=sl
+	REAL_LD_FLAGS='-Wl,+b$(libdir)'
+	if test -z "$GCC"; then
+		LDSHARED="ld -b"
+		REAL_PICFLAGS="+z"
+	fi
+	lib_deps=no
+	;;
+*-*-linux*)
+	LDSHARED='$(CC) -shared -Wl,-soname,$(LIBNAME).so.'"${SHLIB_SONAME}"
+	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	build_symlink_command='$(LN_S) -f [$][@] $(LIBNAME).so'
+	install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
+	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
+	;;
+changequote(,)dnl
+*-*-freebsd[34]*)
+changequote([,])dnl
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	REAL_LD_FLAGS='-Wl,-R$(libdir)'
+	build_symlink_command='$(LN_S) -f [$][@] $(LIBNAME).so'
+	install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
+	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
+	;;
+*-*-*bsd*)
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	LDSHARED='ld -Bshareable'
+	REAL_LD_FLAGS='-Wl,-R$(libdir)'
+	;;
+*-*-osf*)
+	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+	REAL_PICFLAGS=
+	LDSHARED='ld -shared -expect_unresolved \*'
+	;;
+*-*-solaris2*)
+	REAL_LD_FLAGS='-Wl,-R$(libdir)'
+	if test -z "$GCC"; then
+		LDSHARED='$(CC) -G'
+		REAL_PICFLAGS="-Kpic"
+	fi
+	;;
+*-fujitsu-uxpv*)
+	REAL_LD_FLAGS='' # really: LD_RUN_PATH=$(libdir) cc -o ...
+	REAL_LINK='LD_RUN_PATH=$(libdir) $(CC)'
+	LDSHARED='$(CC) -G'
+	REAL_PICFLAGS="-Kpic"
+	lib_deps=no # fails in mysterious ways
+	;;
+*-*-sunos*)
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	REAL_LD_FLAGS='-Wl,-L$(libdir)'
+	lib_deps=no
+	;;
+*-*-irix*)
+        libdir="${libdir}${abilibdirext}"
+        REAL_LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)"
+        LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)"
+	LDSHARED="\$(CC) -shared ${abi}"
+        REAL_PICFLAGS=
+        CFLAGS="${abi} ${CFLAGS}"
+	;;
+*-*-os2*)
+	LIBPREFIX=
+	EXECSUFFIX='.exe'
+	RANLIB=EMXOMF
+	LD_FLAGS=-Zcrtdll
+	REAL_SHLIBEXT=nobuild
+	;;
+*-*-cygwin32*)
+	EXECSUFFIX='.exe'
+	REAL_SHLIBEXT=nobuild
+	;;
+*)	REAL_SHLIBEXT=nobuild
+	REAL_PICFLAGS= 
+	;;
+esac
+
+if test "${enable_shared}" != "yes" ; then 
+ PICFLAGS=""
+ SHLIBEXT="nobuild"
+ LIBEXT="a"
+ build_symlink_command=@true
+ install_symlink_command=@true
+ install_symlink_command2=@true
+else
+ PICFLAGS="$REAL_PICFLAGS"
+ SHLIBEXT="$REAL_SHLIBEXT"
+ LIBEXT="$SHLIBEXT"
+ AC_MSG_CHECKING(whether to use -rpath)
+ case "$libdir" in
+   /lib | /usr/lib | /usr/local/lib)
+     AC_MSG_RESULT(no)
+     REAL_LD_FLAGS=
+     LD_FLAGS=
+     ;;
+   *)
+     LD_FLAGS="$REAL_LD_FLAGS"
+     test "$REAL_LINK" && LINK="$REAL_LINK"
+     AC_MSG_RESULT($LD_FLAGS)
+     ;;
+   esac
+fi
+
+if test "$lib_deps" = yes; then
+	lib_deps_yes=""
+	lib_deps_no="# "
+else
+	lib_deps_yes="# "
+	lib_deps_no=""
+fi
+AC_SUBST(lib_deps_yes)
+AC_SUBST(lib_deps_no)
+
+# use supplied ld-flags, or none if `no'
+if test "$with_ld_flags" = no; then
+	LD_FLAGS=
+elif test -n "$with_ld_flags"; then
+	LD_FLAGS="$with_ld_flags"
+fi
+
+AC_SUBST(REAL_PICFLAGS) dnl
+AC_SUBST(REAL_SHLIBEXT) dnl
+AC_SUBST(REAL_LD_FLAGS) dnl
+
+AC_SUBST(PICFLAGS) dnl
+AC_SUBST(SHLIBEXT) dnl
+AC_SUBST(LDSHARED) dnl
+AC_SUBST(LD_FLAGS) dnl
+AC_SUBST(LIBEXT) dnl
+AC_SUBST(LIBPREFIX) dnl
+AC_SUBST(EXECSUFFIX) dnl
+
+AC_SUBST(build_symlink_command)dnl
+AC_SUBST(install_symlink_command)dnl
+AC_SUBST(install_symlink_command2)dnl
+])
diff --git a/crypto/kerberosIV/cf/test-package.m4 b/crypto/kerberosIV/cf/test-package.m4
new file mode 100644
index 0000000..6bae158
--- /dev/null
+++ b/crypto/kerberosIV/cf/test-package.m4
@@ -0,0 +1,88 @@
+dnl $Id: test-package.m4,v 1.7 1999/04/19 13:33:05 assar Exp $
+dnl
+dnl AC_TEST_PACKAGE_NEW(package,headers,libraries,extra libs,default locations)
+
+AC_DEFUN(AC_TEST_PACKAGE,[AC_TEST_PACKAGE_NEW($1,[#include <$2>],$4,,$5)])
+
+AC_DEFUN(AC_TEST_PACKAGE_NEW,[
+AC_ARG_WITH($1,
+[  --with-$1=dir                use $1 in dir])
+AC_ARG_WITH($1-lib,
+[  --with-$1-lib=dir            use $1 libraries in dir],
+[if test "$withval" = "yes" -o "$withval" = "no"; then
+  AC_MSG_ERROR([No argument for --with-$1-lib])
+elif test "X$with_$1" = "X"; then
+  with_$1=yes
+fi])
+AC_ARG_WITH($1-include,
+[  --with-$1-include=dir        use $1 headers in dir],
+[if test "$withval" = "yes" -o "$withval" = "no"; then
+  AC_MSG_ERROR([No argument for --with-$1-include])
+elif test "X$with_$1" = "X"; then
+  with_$1=yes
+fi])
+
+AC_MSG_CHECKING(for $1)
+
+case "$with_$1" in
+yes)	;;
+no)	;;
+"")	;;
+*)	if test "$with_$1_include" = ""; then
+		with_$1_include="$with_$1/include"
+	fi
+	if test "$with_$1_lib" = ""; then
+		with_$1_lib="$with_$1/lib$abilibdirext"
+	fi
+	;;
+esac
+header_dirs=
+lib_dirs=
+d='$5'
+for i in $d; do
+	header_dirs="$header_dirs $i/include"
+	lib_dirs="$lib_dirs $i/lib$abilibdirext"
+done
+
+case "$with_$1_include" in
+yes) ;;
+no)  ;;
+*)   header_dirs="$with_$1_include $header_dirs";;
+esac
+case "$with_$1_lib" in
+yes) ;;
+no)  ;;
+*)   lib_dirs="$with_$1_lib $lib_dirs";;
+esac
+
+save_CFLAGS="$CFLAGS"
+save_LIBS="$LIBS"
+ires= lres=
+for i in $header_dirs; do
+	CFLAGS="-I$i $save_CFLAGS"
+	AC_TRY_COMPILE([$2],,ires=$i;break)
+done
+for i in $lib_dirs; do
+	LIBS="-L$i $3 $4 $save_LIBS"
+	AC_TRY_LINK([$2],,lres=$i;break)
+done
+CFLAGS="$save_CFLAGS"
+LIBS="$save_LIBS"
+
+if test "$ires" -a "$lres" -a "$with_$1" != "no"; then
+	$1_includedir="$ires"
+	$1_libdir="$lres"
+	INCLUDE_$1="-I$$1_includedir"
+	LIB_$1="-L$$1_libdir $3"
+	AC_DEFINE_UNQUOTED(upcase($1),1,[Define if you have the $1 package.])
+	with_$1=yes
+	AC_MSG_RESULT([headers $ires, libraries $lres])
+else
+	INCLUDE_$1=
+	LIB_$1=
+	with_$1=no
+	AC_MSG_RESULT($with_$1)
+fi
+AC_SUBST(INCLUDE_$1)
+AC_SUBST(LIB_$1)
+])
diff --git a/crypto/kerberosIV/cf/wflags.m4 b/crypto/kerberosIV/cf/wflags.m4
new file mode 100644
index 0000000..6d9e073
--- /dev/null
+++ b/crypto/kerberosIV/cf/wflags.m4
@@ -0,0 +1,21 @@
+dnl $Id: wflags.m4,v 1.3 1999/03/11 12:11:41 joda Exp $
+dnl
+dnl set WFLAGS
+
+AC_DEFUN(AC_WFLAGS,[
+WFLAGS_NOUNUSED=""
+WFLAGS_NOIMPLICITINT=""
+if test -z "$WFLAGS" -a "$GCC" = "yes"; then
+  # -Wno-implicit-int for broken X11 headers
+  # leave these out for now:
+  #   -Wcast-align doesn't work well on alpha osf/1
+  #   -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
+  #   -Wmissing-declarations -Wnested-externs
+  WFLAGS="ifelse($#, 0,-Wall, $1)"
+  WFLAGS_NOUNUSED="-Wno-unused"
+  WFLAGS_NOIMPLICITINT="-Wno-implicit-int"
+fi
+AC_SUBST(WFLAGS)dnl
+AC_SUBST(WFLAGS_NOUNUSED)dnl
+AC_SUBST(WFLAGS_NOIMPLICITINT)dnl
+])
diff --git a/crypto/kerberosIV/config.guess b/crypto/kerberosIV/config.guess
new file mode 100644
index 0000000..153490d
--- /dev/null
+++ b/crypto/kerberosIV/config.guess
@@ -0,0 +1,896 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 93, 94, 95, 96, 97, 1998 Free Software Foundation, Inc.
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Written by Per Bothner <bothner@cygnus.com>.
+# The master version of this file is at the FSF in /home/gd/gnu/lib.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit system type (host/target name).
+#
+# Only a few systems have been added to this list; please add others
+# (but try to keep the structure clean).
+#
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 8/24/94.)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    alpha:OSF1:*:*)
+	if test $UNAME_RELEASE = "V4.0"; then
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+	fi
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	cat <<EOF >dummy.s
+	.globl main
+	.ent main
+main:
+	.frame \$30,0,\$26,0
+	.prologue 0
+	.long 0x47e03d80 # implver $0
+	lda \$2,259
+	.long 0x47e20c21 # amask $2,$1
+	srl \$1,8,\$2
+	sll \$2,2,\$2
+	sll \$0,3,\$0
+	addl \$1,\$0,\$0
+	addl \$2,\$0,\$0
+	ret \$31,(\$26),1
+	.end main
+EOF
+	${CC-cc} dummy.s -o dummy 2>/dev/null
+	if test "$?" = 0 ; then
+		./dummy
+		case "$?" in
+			7)
+				UNAME_MACHINE="alpha"
+				;;
+			15)
+				UNAME_MACHINE="alphaev5"
+				;;
+			14)
+				UNAME_MACHINE="alphaev56"
+				;;
+			10)
+				UNAME_MACHINE="alphapca56"
+				;;
+			16)
+				UNAME_MACHINE="alphaev6"
+				;;
+		esac
+	fi
+	rm -f dummy.s dummy
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr [[A-Z]] [[a-z]]`
+	exit 0 ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit 0 ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-cbm-sysv4
+	exit 0;;
+    amiga:NetBSD:*:*)
+      echo m68k-cbm-netbsd${UNAME_RELEASE}
+      exit 0 ;;
+    amiga:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    arc64:OpenBSD:*:*)
+	echo mips64el-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    arc:OpenBSD:*:*)
+	echo mipsel-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    hkmips:OpenBSD:*:*)
+	echo mips-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    pmax:OpenBSD:*:*)
+	echo mipsel-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    sgi:OpenBSD:*:*)
+	echo mips-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    wgrisc:OpenBSD:*:*)
+	echo mipsel-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit 0;;
+    arm32:NetBSD:*:*)
+	echo arm-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+	exit 0 ;;
+    SR2?01:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit 0;;
+    Pyramid*:OSx*:*:*|MIS*:OSx*:*:*)
+	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit 0 ;;
+    NILE:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit 0 ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit 0 ;;
+    i86pc:SunOS:5.*:*)
+	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit 0 ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit 0 ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit 0 ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit 0 ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(head -1 /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit 0 ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit 0 ;;
+    atari*:NetBSD:*:*)
+	echo m68k-atari-netbsd${UNAME_RELEASE}
+	exit 0 ;;
+    atari*:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    sun3*:NetBSD:*:*)
+	echo m68k-sun-netbsd${UNAME_RELEASE}
+	exit 0 ;;
+    sun3*:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    mac68k:NetBSD:*:*)
+	echo m68k-apple-netbsd${UNAME_RELEASE}
+	exit 0 ;;
+    mac68k:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    mvme68k:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    mvme88k:OpenBSD:*:*)
+	echo m88k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit 0 ;;
+    Power\ Macintosh:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+        exit 0 ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit 0 ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit 0 ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit 0 ;;
+    2020:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit 0 ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	sed 's/^	//' << EOF >dummy.c
+	int main (argc, argv) int argc; char **argv; {
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	${CC-cc} dummy.c -o dummy \
+	  && ./dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
+	  && rm dummy.c dummy && exit 0
+	rm -f dummy.c dummy
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit 0 ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit 0 ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit 0 ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit 0 ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit 0 ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+        if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then
+	if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \
+	     -o ${TARGET_BINARY_INTERFACE}x = x ] ; then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	fi
+        else echo i586-dg-dgux${UNAME_RELEASE}
+        fi
+ 	exit 0 ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit 0 ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit 0 ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit 0 ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit 0 ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit 0 ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix      # uname -m gives an 8 hex-code CPU id
+	exit 0 ;;              # Note that: echo "'`uname -s`'" gives 'AIX '
+    i?86:AIX:*:*)
+	echo i386-ibm-aix
+	exit 0 ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		sed 's/^		//' << EOF >dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0
+		rm -f dummy.c dummy
+		echo rs6000-ibm-aix3.2.5
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit 0 ;;
+    *:AIX:*:4)
+	if /usr/sbin/lsattr -EHl proc0 | grep POWER >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=4.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit 0 ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit 0 ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit 0 ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC NetBSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit 0 ;;                           # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit 0 ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit 0 ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit 0 ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit 0 ;;
+    9000/[3478]??:HP-UX:*:*)
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/7?? | 9000/8?[1679] ) HP_ARCH=hppa1.1 ;;
+	    9000/8?? )            HP_ARCH=hppa1.0 ;;
+	esac
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit 0 ;;
+    3050*:HI-UX:*:*)
+	sed 's/^	//' << EOF >dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0
+	rm -f dummy.c dummy
+	echo unknown-hitachi-hiuxwe2
+	exit 0 ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit 0 ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit 0 ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit 0 ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit 0 ;;
+    i?86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit 0 ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit 0 ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit 0 ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit 0 ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit 0 ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit 0 ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit 0 ;;
+    CRAY*X-MP:*:*:*)
+	echo xmp-cray-unicos
+        exit 0 ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE}
+	exit 0 ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/
+	exit 0 ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE}
+	exit 0 ;;
+    CRAY-2:*:*:*)
+	echo cray2-cray-unicos
+        exit 0 ;;
+    F300:UNIX_System_V:*:*)
+        FUJITSU_SYS=`uname -p | tr [A-Z] [a-z] | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit 0 ;;
+    F301:UNIX_System_V:*:*)
+       echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'`
+       exit 0 ;;
+    hp3[0-9][05]:NetBSD:*:*)
+	echo m68k-hp-netbsd${UNAME_RELEASE}
+	exit 0 ;;
+    hp300:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    i?86:BSD/386:*:* | *:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit 0 ;;
+    *:FreeBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit 0 ;;
+    *:NetBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+	exit 0 ;;
+    *:OpenBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+	exit 0 ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin32
+	exit 0 ;;
+    i*:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit 0 ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin32
+	exit 0 ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit 0 ;;
+    *:GNU:*:*)
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit 0 ;;
+    *:Linux:*:*)
+	# uname on the ARM produces all sorts of strangeness, and we need to
+	# filter it out.
+	case "$UNAME_MACHINE" in
+	  arm* | sa110*)	      UNAME_MACHINE="arm" ;;
+	esac
+
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us.
+	ld_help_string=`ld --help 2>&1`
+	ld_supported_emulations=`echo $ld_help_string \
+			 | sed -ne '/supported emulations:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported emulations: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_emulations" in
+	  i?86linux)  echo "${UNAME_MACHINE}-pc-linux-gnuaout"      ; exit 0 ;;
+	  i?86coff)   echo "${UNAME_MACHINE}-pc-linux-gnucoff"      ; exit 0 ;;
+	  sparclinux) echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 ;;
+	  armlinux)   echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 ;;
+	  m68klinux)  echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 ;;
+	  elf32ppc)   echo "powerpc-unknown-linux-gnu"              ; exit 0 ;;
+	esac
+
+	if test "${UNAME_MACHINE}" = "alpha" ; then
+		sed 's/^	//'  <<EOF >dummy.s
+		.globl main
+		.ent main
+	main:
+		.frame \$30,0,\$26,0
+		.prologue 0
+		.long 0x47e03d80 # implver $0
+		lda \$2,259
+		.long 0x47e20c21 # amask $2,$1
+		srl \$1,8,\$2
+		sll \$2,2,\$2
+		sll \$0,3,\$0
+		addl \$1,\$0,\$0
+		addl \$2,\$0,\$0
+		ret \$31,(\$26),1
+		.end main
+EOF
+		LIBC=""
+		${CC-cc} dummy.s -o dummy 2>/dev/null
+		if test "$?" = 0 ; then
+			./dummy
+			case "$?" in
+			7)
+				UNAME_MACHINE="alpha"
+				;;
+			15)
+				UNAME_MACHINE="alphaev5"
+				;;
+			14)
+				UNAME_MACHINE="alphaev56"
+				;;
+			10)
+				UNAME_MACHINE="alphapca56"
+				;;
+			16)
+				UNAME_MACHINE="alphaev6"
+				;;
+			esac	
+
+			objdump --private-headers dummy | \
+			  grep ld.so.1 > /dev/null
+			if test "$?" = 0 ; then
+				LIBC="libc1"
+			fi
+		fi	
+		rm -f dummy.s dummy
+		echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} ; exit 0
+	elif test "${UNAME_MACHINE}" = "mips" ; then
+	  cat >dummy.c <<EOF
+main(argc, argv)
+     int argc;
+     char *argv[];
+{
+#ifdef __MIPSEB__
+  printf ("%s-unknown-linux-gnu\n", argv[1]);
+#endif
+#ifdef __MIPSEL__
+  printf ("%sel-unknown-linux-gnu\n", argv[1]);
+#endif
+  return 0;
+}
+EOF
+	  ${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0
+	  rm -f dummy.c dummy
+	else
+	  # Either a pre-BFD a.out linker (linux-gnuoldld)
+	  # or one that does not give us useful --help.
+	  # GCC wants to distinguish between linux-gnuoldld and linux-gnuaout.
+	  # If ld does not provide *any* "supported emulations:"
+	  # that means it is gnuoldld.
+	  echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations:"
+	  test $? != 0 && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0
+
+	  case "${UNAME_MACHINE}" in
+	  i?86)
+	    VENDOR=pc;
+	    ;;
+	  *)
+	    VENDOR=unknown;
+	    ;;
+	  esac
+	  # Determine whether the default compiler is a.out or elf
+	  cat >dummy.c <<EOF
+#include <features.h>
+main(argc, argv)
+     int argc;
+     char *argv[];
+{
+#ifdef __ELF__
+# ifdef __GLIBC__
+#  if __GLIBC__ >= 2
+    printf ("%s-${VENDOR}-linux-gnu\n", argv[1]);
+#  else
+    printf ("%s-${VENDOR}-linux-gnulibc1\n", argv[1]);
+#  endif
+# else
+   printf ("%s-${VENDOR}-linux-gnulibc1\n", argv[1]);
+# endif
+#else
+  printf ("%s-${VENDOR}-linux-gnuaout\n", argv[1]);
+#endif
+  return 0;
+}
+EOF
+	  ${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0
+	  rm -f dummy.c dummy
+	fi ;;
+# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.  earlier versions
+# are messed up and put the nodename in both sysname and nodename.
+    i?86:DYNIX/ptx:4*:*)
+	echo i386-sequent-sysv4
+	exit 0 ;;
+    i?86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit 0 ;;
+    i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*)
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE}
+	fi
+	exit 0 ;;
+    i?86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit 0 ;;
+    pc:*:*:*)
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i386.
+	echo i386-pc-msdosdjgpp
+        exit 0 ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit 0 ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit 0 ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit 0 ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit 0 ;;
+    M68*:*:R3V[567]*:*)
+	test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
+    3[34]??:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && echo i486-ncr-sysv4.3${OS_REL} && exit 0
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && echo i486-ncr-sysv4 && exit 0 ;;
+    m68*:LynxOS:2.*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit 0 ;;
+    i?86:LynxOS:2.*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit 0 ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit 0 ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit 0 ;;
+    PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                           # says <Richard.M.Bartel@ccMail.Census.GOV>
+        echo i586-unisys-sysv4
+        exit 0 ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <hewes@openmarket.com>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit 0 ;;
+    *:*:*:FTX*)
+	# From seanf@swdc.stratus.com.
+	echo i860-stratus-sysv4
+	exit 0 ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit 0 ;;
+    news*:NEWS-OS:*:6*)
+	echo mips-sony-newsos6
+	exit 0 ;;
+    R3000:*System_V*:*:* | R4000:UNIX_SYSV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit 0 ;;
+    *:OS/2:*:*)
+	echo ${UNAME_MACHINE}-pc-os2_emx
+	exit 0 ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+cat >dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+#if !defined (ultrix)
+  printf ("vax-dec-bsd\n"); exit (0);
+#else
+  printf ("vax-dec-ultrix\n"); exit (0);
+#endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0
+rm -f dummy.c dummy
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit 0 ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit 0 ;;
+    c34*)
+	echo c34-convex-bsd
+	exit 0 ;;
+    c38*)
+	echo c38-convex-bsd
+	exit 0 ;;
+    c4*)
+	echo c4-convex-bsd
+	exit 0 ;;
+    esac
+fi
+
+#echo '(Unable to guess system type)' 1>&2
+
+exit 1
diff --git a/crypto/kerberosIV/config.sub b/crypto/kerberosIV/config.sub
new file mode 100644
index 0000000..e3c3480
--- /dev/null
+++ b/crypto/kerberosIV/config.sub
@@ -0,0 +1,959 @@
+#! /bin/sh
+# Configuration validation subroutine script, version 1.1.
+#   Copyright (C) 1991, 92-97, 1998 Free Software Foundation, Inc.
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330,
+# Boston, MA 02111-1307, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+if [ x$1 = x ]
+then
+	echo Configuration name missing. 1>&2
+	echo "Usage: $0 CPU-MFR-OPSYS" 1>&2
+	echo "or     $0 ALIAS" 1>&2
+	echo where ALIAS is a recognized configuration type. 1>&2
+	exit 1
+fi
+
+# First pass through any local machine types.
+case $1 in
+	*local*)
+		echo $1
+		exit 0
+		;;
+	*)
+	;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  linux-gnu*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple)
+		os=
+		basic_machine=$1
+		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco5)
+		os=sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	tahoe | i860 | m32r | m68k | m68000 | m88k | ns32k | arc | arm \
+		| arme[lb] | pyramid | mn10200 | mn10300 \
+		| tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \
+		| alpha | alphaev5 | alphaev56 | we32k | ns16k | clipper \
+		| i370 | sh | powerpc | powerpcle | 1750a | dsp16xx | pdp11 \
+		| mips64 | mipsel | mips64el | mips64orion | mips64orionel \
+		| mipstx39 | mipstx39el \
+		| sparc | sparclet | sparclite | sparc64 | v850)
+		basic_machine=$basic_machine-unknown
+		;;
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i[34567]86)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	vax-* | tahoe-* | i[34567]86-* | i860-* | m32r-* | m68k-* | m68000-* \
+	      | m88k-* | sparc-* | ns32k-* | fx80-* | arc-* | arm-* | c[123]* \
+	      | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* \
+	      | power-* | none-* | 580-* | cray2-* | h8300-* | i960-* \
+	      | xmp-* | ymp-* | hppa-* | hppa1.0-* | hppa1.1-* \
+	      | alpha-* | alphaev5-* | alphaev56-* | we32k-* | cydra-* \
+	      | ns16k-* | pn-* | np1-* | xps100-* | clipper-* | orion-* \
+	      | sparclite-* | pdp11-* | sh-* | powerpc-* | powerpcle-* \
+	      | sparc64-* | mips64-* | mipsel-* \
+	      | mips64el-* | mips64orion-* | mips64orionel-*  \
+	      | mipstx39-* | mipstx39el-* \
+	      | f301-*)
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-cbm
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-cbm
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-cbm
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	cray2)
+		basic_machine=cray2-cray
+		os=-unicos
+		;;
+	[ctj]90-cray)
+		#basic_machine=c90-cray
+		os=-unicos
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7)
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i[34567]86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i[34567]86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i[34567]86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i[34567]86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	mipsel*-linux*)
+		basic_machine=mipsel-unknown
+		os=-linux-gnu
+		;;
+	mips*-linux*)
+		basic_machine=mips-unknown
+		os=-linux-gnu
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+        pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pentium | p5 | k5 | nexen)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | k6 | 6x86)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | nexen-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | k6-* | 6x86-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=rs6000-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+	        ;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+	        ;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+               basic_machine=f301-fujitsu
+               ;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	xmp)
+		basic_machine=xmp-cray
+		os=-unicos
+		;;
+        xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	mips)
+		if [ x$os = x-linux-gnu ]; then
+			basic_machine=mips-unknown
+		else
+			basic_machine=mips-mips
+		fi
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sparc)
+		basic_machine=sparc-sun
+		;;
+        cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
+	      | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -uxpv*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-ns2 )
+	        os=-nextstep2
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-os2*)
+		;;
+	-rhapsody*)
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-ibm)
+		os=-aix
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+        *-gould)
+		os=-sysv
+		;;
+        *-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+        *-sgi)
+		os=-irix
+		;;
+        *-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f301-fujitsu)
+		os=-uxpv
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-aix*)
+				vendor=ibm
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-vxsim* | -vxworks*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
diff --git a/crypto/kerberosIV/configure b/crypto/kerberosIV/configure
new file mode 100644
index 0000000..796213e
--- /dev/null
+++ b/crypto/kerberosIV/configure
@@ -0,0 +1,11555 @@
+#! /bin/sh
+
+# From configure.in Revision: 1.432.2.2 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Define a conditional.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Guess values for system-dependent variables and create Makefiles.
+# Generated automatically using autoconf version 2.13 
+# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc.
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+
+# Defaults:
+ac_help=
+ac_default_prefix=/usr/local
+# Any additions from configure.in:
+ac_default_prefix=/usr/athena
+ac_help="$ac_help
+  --with-socks=dir                use socks in dir"
+ac_help="$ac_help
+  --with-socks-lib=dir            use socks libraries in dir"
+ac_help="$ac_help
+  --with-socks-include=dir        use socks headers in dir"
+ac_help="$ac_help
+  --enable-legacy-kdestroy    kdestroy doesn't destroy tokens by default"
+ac_help="$ac_help
+  --enable-match-subdomains	match realm in subdomains"
+ac_help="$ac_help
+  --with-ld-flags=flags   what flags use when linking"
+ac_help="$ac_help
+  --with-cracklib=dir     use the cracklib.a in dir"
+ac_help="$ac_help
+  --with-dictpath=path    use this dictionary with cracklib
+"
+ac_help="$ac_help
+  --with-mailspool=dir    this is the mail spool directory
+"
+ac_help="$ac_help
+  --with-db-dir=dir	   this is the database directory (default /var/kerberos)"
+ac_help="$ac_help
+  --enable-random-mkey    use new code for master keys"
+ac_help="$ac_help
+  --with-mkey=file        where to put the master key"
+ac_help="$ac_help
+  --disable-otp           if you don't want OTP support"
+ac_help="$ac_help
+  --enable-osfc2          enable some OSF C2 support"
+ac_help="$ac_help
+  --disable-mmap          disable use of mmap"
+ac_help="$ac_help
+  --disable-dynamic-afs   don't use loaded AFS library with AIX"
+ac_help="$ac_help
+  --without-berkeley-db   if you don't want berkeley db"
+ac_help="$ac_help
+  --without-afs-support   if you don't want support for afs"
+ac_help="$ac_help
+  --with-des-quad-checksum=kind
+                           default checksum to use (new, old, or guess)"
+ac_help="$ac_help
+  --with-afsws=dir        use AFS includes and libraries from dir=/usr/afsws"
+ac_help="$ac_help
+  --enable-rxkad           build rxkad library"
+ac_help="$ac_help
+  --disable-cat-manpages   don't install any preformatted manpages"
+ac_help="$ac_help
+  --with-readline=dir                use readline in dir"
+ac_help="$ac_help
+  --with-readline-lib=dir            use readline libraries in dir"
+ac_help="$ac_help
+  --with-readline-include=dir        use readline headers in dir"
+ac_help="$ac_help
+  --with-mips-abi=abi     ABI to use for IRIX (32, n32, or 64)"
+ac_help="$ac_help
+  --with-hesiod=dir                use hesiod in dir"
+ac_help="$ac_help
+  --with-hesiod-lib=dir            use hesiod libraries in dir"
+ac_help="$ac_help
+  --with-hesiod-include=dir        use hesiod headers in dir"
+ac_help="$ac_help
+  --enable-shared         create shared libraries for Kerberos"
+ac_help="$ac_help
+  --with-x                use the X Window System"
+
+# Initialize some variables set by options.
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+build=NONE
+cache_file=./config.cache
+exec_prefix=NONE
+host=NONE
+no_create=
+nonopt=NONE
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+target=NONE
+verbose=
+x_includes=NONE
+x_libraries=NONE
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datadir='${prefix}/share'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+libdir='${exec_prefix}/lib'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+infodir='${prefix}/info'
+mandir='${prefix}/man'
+
+# Initialize some other variables.
+subdirs=
+MFLAGS= MAKEFLAGS=
+SHELL=${CONFIG_SHELL-/bin/sh}
+# Maximum number of lines to put in a shell here document.
+ac_max_here_lines=12
+
+ac_prev=
+for ac_option
+do
+
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval "$ac_prev=\$ac_option"
+    ac_prev=
+    continue
+  fi
+
+  case "$ac_option" in
+  -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+  *) ac_optarg= ;;
+  esac
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case "$ac_option" in
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir="$ac_optarg" ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build="$ac_optarg" ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file="$ac_optarg" ;;
+
+  -datadir | --datadir | --datadi | --datad | --data | --dat | --da)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
+  | --da=*)
+    datadir="$ac_optarg" ;;
+
+  -disable-* | --disable-*)
+    ac_feature=`echo $ac_option|sed -e 's/-*disable-//'`
+    # Reject names that are not valid shell variable names.
+    if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then
+      { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; }
+    fi
+    ac_feature=`echo $ac_feature| sed 's/-/_/g'`
+    eval "enable_${ac_feature}=no" ;;
+
+  -enable-* | --enable-*)
+    ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'`
+    # Reject names that are not valid shell variable names.
+    if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then
+      { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; }
+    fi
+    ac_feature=`echo $ac_feature| sed 's/-/_/g'`
+    case "$ac_option" in
+      *=*) ;;
+      *) ac_optarg=yes ;;
+    esac
+    eval "enable_${ac_feature}='$ac_optarg'" ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix="$ac_optarg" ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he)
+    # Omit some internal or obsolete options to make the list less imposing.
+    # This message is too long to be a string in the A/UX 3.1 sh.
+    cat << EOF
+Usage: configure [options] [host]
+Options: [defaults in brackets after descriptions]
+Configuration:
+  --cache-file=FILE       cache test results in FILE
+  --help                  print this message
+  --no-create             do not create output files
+  --quiet, --silent       do not print \`checking...' messages
+  --version               print the version of autoconf that created configure
+Directory and file names:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [same as prefix]
+  --bindir=DIR            user executables in DIR [EPREFIX/bin]
+  --sbindir=DIR           system admin executables in DIR [EPREFIX/sbin]
+  --libexecdir=DIR        program executables in DIR [EPREFIX/libexec]
+  --datadir=DIR           read-only architecture-independent data in DIR
+                          [PREFIX/share]
+  --sysconfdir=DIR        read-only single-machine data in DIR [PREFIX/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data in DIR
+                          [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data in DIR [PREFIX/var]
+  --libdir=DIR            object code libraries in DIR [EPREFIX/lib]
+  --includedir=DIR        C header files in DIR [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc in DIR [/usr/include]
+  --infodir=DIR           info documentation in DIR [PREFIX/info]
+  --mandir=DIR            man documentation in DIR [PREFIX/man]
+  --srcdir=DIR            find the sources in DIR [configure dir or ..]
+  --program-prefix=PREFIX prepend PREFIX to installed program names
+  --program-suffix=SUFFIX append SUFFIX to installed program names
+  --program-transform-name=PROGRAM
+                          run sed PROGRAM on installed program names
+EOF
+    cat << EOF
+Host type:
+  --build=BUILD           configure for building on BUILD [BUILD=HOST]
+  --host=HOST             configure for HOST [guessed]
+  --target=TARGET         configure for TARGET [TARGET=HOST]
+Features and packages:
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --x-includes=DIR        X include files are in DIR
+  --x-libraries=DIR       X library files are in DIR
+EOF
+    if test -n "$ac_help"; then
+      echo "--enable and --with options recognized:$ac_help"
+    fi
+    exit 0 ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host="$ac_optarg" ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir="$ac_optarg" ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir="$ac_optarg" ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir="$ac_optarg" ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir="$ac_optarg" ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst \
+  | --locals | --local | --loca | --loc | --lo)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* \
+  | --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
+    localstatedir="$ac_optarg" ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir="$ac_optarg" ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir="$ac_optarg" ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix="$ac_optarg" ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix="$ac_optarg" ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix="$ac_optarg" ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name="$ac_optarg" ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir="$ac_optarg" ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir="$ac_optarg" ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site="$ac_optarg" ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir="$ac_optarg" ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir="$ac_optarg" ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target="$ac_optarg" ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers)
+    echo "configure generated by autoconf version 2.13"
+    exit 0 ;;
+
+  -with-* | --with-*)
+    ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'`
+    # Reject names that are not valid shell variable names.
+    if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then
+      { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; }
+    fi
+    ac_package=`echo $ac_package| sed 's/-/_/g'`
+    case "$ac_option" in
+      *=*) ;;
+      *) ac_optarg=yes ;;
+    esac
+    eval "with_${ac_package}='$ac_optarg'" ;;
+
+  -without-* | --without-*)
+    ac_package=`echo $ac_option|sed -e 's/-*without-//'`
+    # Reject names that are not valid shell variable names.
+    if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then
+      { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; }
+    fi
+    ac_package=`echo $ac_package| sed 's/-/_/g'`
+    eval "with_${ac_package}=no" ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes="$ac_optarg" ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries="$ac_optarg" ;;
+
+  -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; }
+    ;;
+
+  *)
+    if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then
+      echo "configure: warning: $ac_option: invalid host type" 1>&2
+    fi
+    if test "x$nonopt" != xNONE; then
+      { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; }
+    fi
+    nonopt="$ac_option"
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; }
+fi
+
+trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15
+
+# File descriptor usage:
+# 0 standard input
+# 1 file creation
+# 2 errors and warnings
+# 3 some systems may open it to /dev/tty
+# 4 used on the Kubota Titan
+# 6 checking for... messages and results
+# 5 compiler messages saved in config.log
+if test "$silent" = yes; then
+  exec 6>/dev/null
+else
+  exec 6>&1
+fi
+exec 5>./config.log
+
+echo "\
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+" 1>&5
+
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Also quote any args containing shell metacharacters.
+ac_configure_args=
+for ac_arg
+do
+  case "$ac_arg" in
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c) ;;
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;;
+  *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*)
+  ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+  *) ac_configure_args="$ac_configure_args $ac_arg" ;;
+  esac
+done
+
+# NLS nuisances.
+# Only set these to C if already set.  These must not be set unconditionally
+# because not all systems understand e.g. LANG=C (notably SCO).
+# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'!
+# Non-C LC_CTYPE values break the ctype check.
+if test "${LANG+set}"   = set; then LANG=C;   export LANG;   fi
+if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi
+if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi
+if test "${LC_CTYPE+set}"    = set; then LC_CTYPE=C;    export LC_CTYPE;    fi
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -rf conftest* confdefs.h
+# AIX cpp loses on an empty file, so make sure it contains at least a newline.
+echo > confdefs.h
+
+# A filename unique to this package, relative to the directory that
+# configure is in, which we can look for to find out if srcdir is correct.
+ac_unique_file=lib/krb/getrealm.c
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then its parent.
+  ac_prog=$0
+  ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'`
+  test "x$ac_confdir" = "x$ac_prog" && ac_confdir=.
+  srcdir=$ac_confdir
+  if test ! -r $srcdir/$ac_unique_file; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r $srcdir/$ac_unique_file; then
+  if test "$ac_srcdir_defaulted" = yes; then
+    { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; }
+  else
+    { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; }
+  fi
+fi
+srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'`
+
+# Prefer explicitly selected file to automatically selected ones.
+if test -z "$CONFIG_SITE"; then
+  if test "x$prefix" != xNONE; then
+    CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
+  else
+    CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
+  fi
+fi
+for ac_site_file in $CONFIG_SITE; do
+  if test -r "$ac_site_file"; then
+    echo "loading site script $ac_site_file"
+    . "$ac_site_file"
+  fi
+done
+
+if test -r "$cache_file"; then
+  echo "loading cache $cache_file"
+  . $cache_file
+else
+  echo "creating cache $cache_file"
+  > $cache_file
+fi
+
+ac_ext=c
+# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
+cross_compiling=$ac_cv_prog_cc_cross
+
+ac_exeext=
+ac_objext=o
+if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
+  # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu.
+  if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
+    ac_n= ac_c='
+' ac_t='	'
+  else
+    ac_n=-n ac_c= ac_t=
+  fi
+else
+  ac_n= ac_c='\c' ac_t=
+fi
+
+
+
+
+
+PACKAGE=krb4
+VERSION=1.0
+cat >> confdefs.h <<EOF
+#define PACKAGE "$PACKAGE"
+EOF
+cat >> confdefs.h <<EOF
+#define VERSION "$VERSION"
+EOF
+
+# This may be overridden using --prefix=/usr to configure
+
+
+ac_aux_dir=
+for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
+  if test -f $ac_dir/install-sh; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install-sh -c"
+    break
+  elif test -f $ac_dir/install.sh; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install.sh -c"
+    break
+  fi
+done
+if test -z "$ac_aux_dir"; then
+  { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; }
+fi
+ac_config_guess=$ac_aux_dir/config.guess
+ac_config_sub=$ac_aux_dir/config.sub
+ac_configure=$ac_aux_dir/configure # This should be Cygnus configure.
+
+
+# Make sure we can run config.sub.
+if ${CONFIG_SHELL-/bin/sh} $ac_config_sub sun4 >/dev/null 2>&1; then :
+else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; }
+fi
+
+echo $ac_n "checking host system type""... $ac_c" 1>&6
+echo "configure:750: checking host system type" >&5
+
+host_alias=$host
+case "$host_alias" in
+NONE)
+  case $nonopt in
+  NONE)
+    if host_alias=`${CONFIG_SHELL-/bin/sh} $ac_config_guess`; then :
+    else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; }
+    fi ;;
+  *) host_alias=$nonopt ;;
+  esac ;;
+esac
+
+host=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $host_alias`
+host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
+host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
+host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+echo "$ac_t""$host" 1>&6
+
+CANONICAL_HOST=$host
+
+
+
+sunos=no
+case "$host" in 
+*-*-sunos4*)
+	sunos=40
+	;;
+*-*-solaris2.7)
+	sunos=57
+	;;
+*-*-solaris2*)
+	sunos=50
+	;;
+esac
+if test "$sunos" != no; then
+	cat >> confdefs.h <<EOF
+#define SunOS $sunos
+EOF
+
+fi
+
+echo $ac_n "checking whether ${MAKE-make} sets \${MAKE}""... $ac_c" 1>&6
+echo "configure:794: checking whether ${MAKE-make} sets \${MAKE}" >&5
+set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_prog_make_${ac_make}_set'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftestmake <<\EOF
+all:
+	@echo 'ac_maketemp="${MAKE}"'
+EOF
+# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+eval `${MAKE-make} -f conftestmake 2>/dev/null | grep temp=`
+if test -n "$ac_maketemp"; then
+  eval ac_cv_prog_make_${ac_make}_set=yes
+else
+  eval ac_cv_prog_make_${ac_make}_set=no
+fi
+rm -f conftestmake
+fi
+if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  SET_MAKE=
+else
+  echo "$ac_t""no" 1>&6
+  SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+if test "$program_transform_name" = s,x,x,; then
+  program_transform_name=
+else
+  # Double any \ or $.  echo might interpret backslashes.
+  cat <<\EOF_SED > conftestsed
+s,\\,\\\\,g; s,\$,$$,g
+EOF_SED
+  program_transform_name="`echo $program_transform_name|sed -f conftestsed`"
+  rm -f conftestsed
+fi
+test "$program_prefix" != NONE &&
+  program_transform_name="s,^,${program_prefix},; $program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+  program_transform_name="s,\$\$,${program_suffix},; $program_transform_name"
+
+# sed with no file args requires a program.
+test "$program_transform_name" = "" && program_transform_name="s,x,x,"
+
+
+# We want these before the checks, so the checks can modify their values.
+test -z "$LDFLAGS" && LDFLAGS=-g
+
+
+echo $ac_n "checking for ln -s or something else""... $ac_c" 1>&6
+echo "configure:845: checking for ln -s or something else" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  rm -f conftestdata
+if ln -s X conftestdata 2>/dev/null
+then
+  rm -f conftestdata
+  ac_cv_prog_LN_S="ln -s"
+else
+  touch conftestdata1
+  if ln conftestdata1 conftestdata2; then
+    rm -f conftestdata*
+    ac_cv_prog_LN_S=ln
+  else
+    ac_cv_prog_LN_S=cp
+  fi
+fi
+fi
+LN_S="$ac_cv_prog_LN_S"
+echo "$ac_t""$ac_cv_prog_LN_S" 1>&6
+
+# Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:870: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_prog_CC="gcc"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+fi
+fi
+CC="$ac_cv_prog_CC"
+if test -n "$CC"; then
+  echo "$ac_t""$CC" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:900: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_prog_rejected=no
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then
+        ac_prog_rejected=yes
+	continue
+      fi
+      ac_cv_prog_CC="cc"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# -gt 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    set dummy "$ac_dir/$ac_word" "$@"
+    shift
+    ac_cv_prog_CC="$@"
+  fi
+fi
+fi
+fi
+CC="$ac_cv_prog_CC"
+if test -n "$CC"; then
+  echo "$ac_t""$CC" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+  if test -z "$CC"; then
+    case "`uname -s`" in
+    *win32* | *WIN32*)
+      # Extract the first word of "cl", so it can be a program name with args.
+set dummy cl; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:951: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_prog_CC="cl"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+fi
+fi
+CC="$ac_cv_prog_CC"
+if test -n "$CC"; then
+  echo "$ac_t""$CC" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+ ;;
+    esac
+  fi
+  test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; }
+fi
+
+echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6
+echo "configure:983: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
+
+ac_ext=c
+# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
+cross_compiling=$ac_cv_prog_cc_cross
+
+cat > conftest.$ac_ext << EOF
+
+#line 994 "configure"
+#include "confdefs.h"
+
+main(){return(0);}
+EOF
+if { (eval echo configure:999: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  ac_cv_prog_cc_works=yes
+  # If we can't run a trivial program, we are probably using a cross compiler.
+  if (./conftest; exit) 2>/dev/null; then
+    ac_cv_prog_cc_cross=no
+  else
+    ac_cv_prog_cc_cross=yes
+  fi
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  ac_cv_prog_cc_works=no
+fi
+rm -fr conftest*
+ac_ext=c
+# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
+cross_compiling=$ac_cv_prog_cc_cross
+
+echo "$ac_t""$ac_cv_prog_cc_works" 1>&6
+if test $ac_cv_prog_cc_works = no; then
+  { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; }
+fi
+echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6
+echo "configure:1025: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
+echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6
+cross_compiling=$ac_cv_prog_cc_cross
+
+echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6
+echo "configure:1030: checking whether we are using GNU C" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.c <<EOF
+#ifdef __GNUC__
+  yes;
+#endif
+EOF
+if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:1039: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
+  ac_cv_prog_gcc=yes
+else
+  ac_cv_prog_gcc=no
+fi
+fi
+
+echo "$ac_t""$ac_cv_prog_gcc" 1>&6
+
+if test $ac_cv_prog_gcc = yes; then
+  GCC=yes
+else
+  GCC=
+fi
+
+ac_test_CFLAGS="${CFLAGS+set}"
+ac_save_CFLAGS="$CFLAGS"
+CFLAGS=
+echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6
+echo "configure:1058: checking whether ${CC-cc} accepts -g" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  echo 'void f(){}' > conftest.c
+if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then
+  ac_cv_prog_cc_g=yes
+else
+  ac_cv_prog_cc_g=no
+fi
+rm -f conftest*
+
+fi
+
+echo "$ac_t""$ac_cv_prog_cc_g" 1>&6
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS="$ac_save_CFLAGS"
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
+else
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
+fi
+
+echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
+echo "configure:1090: checking how to run the C preprocessor" >&5
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+  CPP=
+fi
+if test -z "$CPP"; then
+if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+    # This must be in double quotes, not single quotes, because CPP may get
+  # substituted into the Makefile and "${CC-cc}" will confuse make.
+  CPP="${CC-cc} -E"
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp.
+  cat > conftest.$ac_ext <<EOF
+#line 1105 "configure"
+#include "confdefs.h"
+#include <assert.h>
+Syntax Error
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:1111: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  :
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  CPP="${CC-cc} -E -traditional-cpp"
+  cat > conftest.$ac_ext <<EOF
+#line 1122 "configure"
+#include "confdefs.h"
+#include <assert.h>
+Syntax Error
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:1128: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  :
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  CPP="${CC-cc} -nologo -E"
+  cat > conftest.$ac_ext <<EOF
+#line 1139 "configure"
+#include "confdefs.h"
+#include <assert.h>
+Syntax Error
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:1145: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  :
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  CPP=/lib/cpp
+fi
+rm -f conftest*
+fi
+rm -f conftest*
+fi
+rm -f conftest*
+  ac_cv_prog_CPP="$CPP"
+fi
+  CPP="$ac_cv_prog_CPP"
+else
+  ac_cv_prog_CPP="$CPP"
+fi
+echo "$ac_t""$CPP" 1>&6
+
+echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6
+echo "configure:1170: checking for POSIXized ISC" >&5
+if test -d /etc/conf/kconfig.d &&
+  grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1
+then
+  echo "$ac_t""yes" 1>&6
+  ISC=yes # If later tests want to check for ISC.
+  cat >> confdefs.h <<\EOF
+#define _POSIX_SOURCE 1
+EOF
+
+  if test "$GCC" = yes; then
+    CC="$CC -posix"
+  else
+    CC="$CC -Xp"
+  fi
+else
+  echo "$ac_t""no" 1>&6
+  ISC=
+fi
+
+for ac_prog in byacc yacc 'bison -y'
+do
+# Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:1195: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_YACC'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test -n "$YACC"; then
+  ac_cv_prog_YACC="$YACC" # Let the user override the test.
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_prog_YACC="$ac_prog"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+fi
+fi
+YACC="$ac_cv_prog_YACC"
+if test -n "$YACC"; then
+  echo "$ac_t""$YACC" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+test -n "$YACC" && break
+done
+
+# Extract the first word of "flex", so it can be a program name with args.
+set dummy flex; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:1227: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_LEX'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test -n "$LEX"; then
+  ac_cv_prog_LEX="$LEX" # Let the user override the test.
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_prog_LEX="flex"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+  test -z "$ac_cv_prog_LEX" && ac_cv_prog_LEX="lex"
+fi
+fi
+LEX="$ac_cv_prog_LEX"
+if test -n "$LEX"; then
+  echo "$ac_t""$LEX" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+if test -z "$LEXLIB"
+then
+  case "$LEX" in
+  flex*) ac_lib=fl ;;
+  *) ac_lib=l ;;
+  esac
+  echo $ac_n "checking for yywrap in -l$ac_lib""... $ac_c" 1>&6
+echo "configure:1261: checking for yywrap in -l$ac_lib" >&5
+ac_lib_var=`echo $ac_lib'_'yywrap | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-l$ac_lib  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 1269 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char yywrap();
+
+int main() {
+yywrap()
+; return 0; }
+EOF
+if { (eval echo configure:1280: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  LEXLIB="-l$ac_lib"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+fi
+
+# Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:1305: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test -n "$RANLIB"; then
+  ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_prog_RANLIB="ranlib"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+  test -z "$ac_cv_prog_RANLIB" && ac_cv_prog_RANLIB=":"
+fi
+fi
+RANLIB="$ac_cv_prog_RANLIB"
+if test -n "$RANLIB"; then
+  echo "$ac_t""$RANLIB" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+# Find a good install program.  We prefer a C program (faster),
+# so one script is as good as another.  But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# ./install, which can be erroneously created by make from ./install.sh.
+echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6
+echo "configure:1344: checking for a BSD compatible install" >&5
+if test -z "$INSTALL"; then
+if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+    IFS="${IFS= 	}"; ac_save_IFS="$IFS"; IFS=":"
+  for ac_dir in $PATH; do
+    # Account for people who put trailing slashes in PATH elements.
+    case "$ac_dir/" in
+    /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;;
+    *)
+      # OSF1 and SCO ODT 3.0 have their own names for install.
+      # Don't use installbsd from OSF since it installs stuff as root
+      # by default.
+      for ac_prog in ginstall scoinst install; do
+        if test -f $ac_dir/$ac_prog; then
+	  if test $ac_prog = install &&
+            grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then
+	    # AIX install.  It has an incompatible calling convention.
+	    :
+	  else
+	    ac_cv_path_install="$ac_dir/$ac_prog -c"
+	    break 2
+	  fi
+	fi
+      done
+      ;;
+    esac
+  done
+  IFS="$ac_save_IFS"
+
+fi
+  if test "${ac_cv_path_install+set}" = set; then
+    INSTALL="$ac_cv_path_install"
+  else
+    # As a last resort, use the slow shell script.  We don't cache a
+    # path for INSTALL within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the path is relative.
+    INSTALL="$ac_install_sh"
+  fi
+fi
+echo "$ac_t""$INSTALL" 1>&6
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+for ac_prog in mawk gawk nawk awk
+do
+# Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:1401: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_AWK'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test -n "$AWK"; then
+  ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_prog_AWK="$ac_prog"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+fi
+fi
+AWK="$ac_cv_prog_AWK"
+if test -n "$AWK"; then
+  echo "$ac_t""$AWK" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+test -n "$AWK" && break
+done
+
+# Extract the first word of "makeinfo", so it can be a program name with args.
+set dummy makeinfo; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:1433: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_MAKEINFO'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test -n "$MAKEINFO"; then
+  ac_cv_prog_MAKEINFO="$MAKEINFO" # Let the user override the test.
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_prog_MAKEINFO="makeinfo"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+  test -z "$ac_cv_prog_MAKEINFO" && ac_cv_prog_MAKEINFO=":"
+fi
+fi
+MAKEINFO="$ac_cv_prog_MAKEINFO"
+if test -n "$MAKEINFO"; then
+  echo "$ac_t""$MAKEINFO" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+
+WFLAGS=""
+WFLAGS_NOUNUSED=""
+WFLAGS_NOIMPLICITINT=""
+   
+
+
+# Check whether --with-socks or --without-socks was given.
+if test "${with_socks+set}" = set; then
+  withval="$with_socks"
+  :
+fi
+
+# Check whether --with-socks-lib or --without-socks-lib was given.
+if test "${with_socks_lib+set}" = set; then
+  withval="$with_socks_lib"
+  if test "$withval" = "yes" -o "$withval" = "no"; then
+  { echo "configure: error: No argument for --with-socks-lib" 1>&2; exit 1; }
+elif test "X$with_socks" = "X"; then
+  with_socks=yes
+fi
+fi
+
+# Check whether --with-socks-include or --without-socks-include was given.
+if test "${with_socks_include+set}" = set; then
+  withval="$with_socks_include"
+  if test "$withval" = "yes" -o "$withval" = "no"; then
+  { echo "configure: error: No argument for --with-socks-include" 1>&2; exit 1; }
+elif test "X$with_socks" = "X"; then
+  with_socks=yes
+fi
+fi
+
+
+echo $ac_n "checking for socks""... $ac_c" 1>&6
+echo "configure:1495: checking for socks" >&5
+
+case "$with_socks" in
+yes)	;;
+no)	;;
+"")	;;
+*)	if test "$with_socks_include" = ""; then
+		with_socks_include="$with_socks/include"
+	fi
+	if test "$with_socks_lib" = ""; then
+		with_socks_lib="$with_socks/lib$abilibdirext"
+	fi
+	;;
+esac
+header_dirs=
+lib_dirs=
+d=''
+for i in $d; do
+	header_dirs="$header_dirs $i/include"
+	lib_dirs="$lib_dirs $i/lib$abilibdirext"
+done
+
+case "$with_socks_include" in
+yes) ;;
+no)  ;;
+*)   header_dirs="$with_socks_include $header_dirs";;
+esac
+case "$with_socks_lib" in
+yes) ;;
+no)  ;;
+*)   lib_dirs="$with_socks_lib $lib_dirs";;
+esac
+
+save_CFLAGS="$CFLAGS"
+save_LIBS="$LIBS"
+ires= lres=
+for i in $header_dirs; do
+	CFLAGS="-I$i $save_CFLAGS"
+	cat > conftest.$ac_ext <<EOF
+#line 1534 "configure"
+#include "confdefs.h"
+#include <socks.h>
+int main() {
+
+; return 0; }
+EOF
+if { (eval echo configure:1541: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ires=$i;break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+done
+for i in $lib_dirs; do
+	LIBS="-L$i -lsocks5  $save_LIBS"
+	cat > conftest.$ac_ext <<EOF
+#line 1553 "configure"
+#include "confdefs.h"
+#include <socks.h>
+int main() {
+
+; return 0; }
+EOF
+if { (eval echo configure:1560: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  lres=$i;break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+done
+CFLAGS="$save_CFLAGS"
+LIBS="$save_LIBS"
+
+if test "$ires" -a "$lres" -a "$with_socks" != "no"; then
+	socks_includedir="$ires"
+	socks_libdir="$lres"
+	INCLUDE_socks="-I$socks_includedir"
+	LIB_socks="-L$socks_libdir -lsocks5"
+	cat >> confdefs.h <<EOF
+#define `echo socks | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ` 1
+EOF
+
+	with_socks=yes
+	echo "$ac_t""headers $ires, libraries $lres" 1>&6
+else
+	INCLUDE_socks=
+	LIB_socks=
+	with_socks=no
+	echo "$ac_t""$with_socks" 1>&6
+fi
+
+
+
+CFLAGS="$INCLUDE_socks $CFLAGS"
+LIBS="$LIB_socks $LIBS"
+
+# Check whether --enable-legacy-kdestroy or --disable-legacy-kdestroy was given.
+if test "${enable_legacy_kdestroy+set}" = set; then
+  enableval="$enable_legacy_kdestroy"
+  
+if test "$enableval" = "yes"; then
+	cat >> confdefs.h <<\EOF
+#define LEGACY_KDESTROY 1
+EOF
+
+fi
+
+fi
+
+
+# Check whether --enable-match-subdomains or --disable-match-subdomains was given.
+if test "${enable_match_subdomains+set}" = set; then
+  enableval="$enable_match_subdomains"
+  if test "$enableval" = "yes"; then
+	cat >> confdefs.h <<\EOF
+#define MATCH_SUBDOMAINS 1
+EOF
+
+fi
+
+fi
+
+
+# Check whether --with-ld-flags or --without-ld-flags was given.
+if test "${with_ld_flags+set}" = set; then
+  withval="$with_ld_flags"
+  :
+fi
+
+
+# Check whether --with-cracklib or --without-cracklib was given.
+if test "${with_cracklib+set}" = set; then
+  withval="$with_cracklib"
+  :
+fi
+
+
+# Check whether --with-dictpath or --without-dictpath was given.
+if test "${with_dictpath+set}" = set; then
+  withval="$with_dictpath"
+  :
+fi
+
+
+(test -z "$with_cracklib" && test -n "$with_dictpath") ||
+(test -n "$with_cracklib" && test -z "$with_dictpath") &&
+{ echo "configure: error: --with-cracklib requires --with-dictpath and vice versa" 1>&2; exit 1; }
+test -n "$with_cracklib" &&
+CRACKLIB="-L$with_cracklib -lcrack" &&
+echo "$ac_t""Using cracklib in $with_cracklib" 1>&6
+test -n "$with_dictpath" &&
+echo "$ac_t""Using dictpath=$with_dictpath" 1>&6 &&
+cat >> confdefs.h <<EOF
+#define DICTPATH "$with_dictpath"
+EOF
+
+
+# Check whether --with-mailspool or --without-mailspool was given.
+if test "${with_mailspool+set}" = set; then
+  withval="$with_mailspool"
+  :
+fi
+
+
+test -n "$with_mailspool" &&
+cat >> confdefs.h <<EOF
+#define KRB4_MAILDIR "$with_mailspool"
+EOF
+
+
+# Check whether --with-db-dir or --without-db-dir was given.
+if test "${with_db_dir+set}" = set; then
+  withval="$with_db_dir"
+  :
+fi
+
+
+test -n "$with_db_dir" &&
+cat >> confdefs.h <<EOF
+#define DB_DIR "$with_db_dir"
+EOF
+
+
+# Check whether --enable-random-mkey or --disable-random-mkey was given.
+if test "${enable_random_mkey+set}" = set; then
+  enableval="$enable_random_mkey"
+  
+if test "$enableval" = "yes"; then
+	cat >> confdefs.h <<\EOF
+#define RANDOM_MKEY 1
+EOF
+
+fi
+
+fi
+
+
+# Check whether --with-mkey or --without-mkey was given.
+if test "${with_mkey+set}" = set; then
+  withval="$with_mkey"
+  
+if test -n "$withval"; then
+	cat >> confdefs.h <<EOF
+#define MKEYFILE "$withval"
+EOF
+
+fi
+
+fi
+
+
+otp=yes
+# Check whether --enable-otp or --disable-otp was given.
+if test "${enable_otp+set}" = set; then
+  enableval="$enable_otp"
+  
+if test "$enableval" = "no"; then
+	otp=no
+fi
+
+fi
+
+
+if test "$otp" = "yes"; then
+	cat >> confdefs.h <<\EOF
+#define OTP 1
+EOF
+
+	LIB_otp='-L$(top_builddir)/lib/otp -lotp'
+	OTP_dir=otp
+	LIB_SUBDIRS="$LIB_SUBDIRS otp"
+fi
+
+
+
+
+# Check whether --enable-osfc2 or --disable-osfc2 was given.
+if test "${enable_osfc2+set}" = set; then
+  enableval="$enable_osfc2"
+  :
+fi
+
+LIB_security=
+if test "$enable_osfc2" = yes; then
+	cat >> confdefs.h <<\EOF
+#define HAVE_OSFC2 1
+EOF
+
+	LIB_security=-lsecurity
+fi
+
+
+
+mmap=yes
+# Check whether --enable-mmap or --disable-mmap was given.
+if test "${enable_mmap+set}" = set; then
+  enableval="$enable_mmap"
+  
+if test "$enableval" = "no"; then
+	mmap=no
+fi
+
+fi
+
+if test "$mmap" = "no"; then
+	cat >> confdefs.h <<\EOF
+#define NO_MMAP 1
+EOF
+
+fi
+
+aix_dynamic_afs=yes
+# Check whether --enable-dynamic-afs or --disable-dynamic-afs was given.
+if test "${enable_dynamic_afs+set}" = set; then
+  enableval="$enable_dynamic_afs"
+  
+if test "$enableval" = "no"; then
+	aix_dynamic_afs=no
+fi
+
+fi
+
+
+berkeley_db=db
+# Check whether --with-berkeley-db or --without-berkeley-db was given.
+if test "${with_berkeley_db+set}" = set; then
+  withval="$with_berkeley_db"
+  
+if test "$withval" = no; then
+	berkeley_db=""
+fi
+
+fi
+
+
+afs_support=yes
+# Check whether --with-afs-support or --without-afs-support was given.
+if test "${with_afs_support+set}" = set; then
+  withval="$with_afs_support"
+  
+if test "$withval" = no; then
+	cat >> confdefs.h <<\EOF
+#define NO_AFS 1
+EOF
+
+	afs_support=no
+fi
+
+fi
+
+
+des_quad=guess
+# Check whether --with-des-quad-checksum or --without-des-quad-checksum was given.
+if test "${with_des_quad_checksum+set}" = set; then
+  withval="$with_des_quad_checksum"
+  
+des_quad="$withval"
+
+fi
+
+if test "$des_quad" = "new"; then
+	ac_x=DES_QUAD_NEW
+elif test "$des_quad" = "old"; then
+	ac_x=DES_QUAD_OLD
+else
+	ac_x=DES_QUAD_GUESS
+fi	
+cat >> confdefs.h <<EOF
+#define DES_QUAD_DEFAULT $ac_x
+EOF
+
+
+# Check whether --with-afsws or --without-afsws was given.
+if test "${with_afsws+set}" = set; then
+  withval="$with_afsws"
+  AFSWS=$withval
+else
+  AFSWS=/usr/afsws
+
+fi
+
+test "$AFSWS" = "yes" && AFSWS=/usr/afsws
+
+
+# Check whether --enable-rxkad or --disable-rxkad was given.
+if test "${enable_rxkad+set}" = set; then
+  enableval="$enable_rxkad"
+  :
+else
+  
+test -f $AFSWS/include/rx/rx.h && enable_rxkad=yes
+
+fi
+
+
+if test "$afs_support" = yes -a "$enable_rxkad" = yes; then
+	LIB_SUBDIRS="$LIB_SUBDIRS rxkad"
+fi
+
+
+# Check whether --enable-cat-manpages or --disable-cat-manpages was given.
+if test "${enable_cat_manpages+set}" = set; then
+  enableval="$enable_cat_manpages"
+  
+if test "$enableval" = "no"; then
+	disable_cat_manpages=yes
+fi
+
+fi
+
+
+
+
+# Check whether --with-readline or --without-readline was given.
+if test "${with_readline+set}" = set; then
+  withval="$with_readline"
+  :
+fi
+
+# Check whether --with-readline-lib or --without-readline-lib was given.
+if test "${with_readline_lib+set}" = set; then
+  withval="$with_readline_lib"
+  if test "$withval" = "yes" -o "$withval" = "no"; then
+  { echo "configure: error: No argument for --with-readline-lib" 1>&2; exit 1; }
+elif test "X$with_readline" = "X"; then
+  with_readline=yes
+fi
+fi
+
+# Check whether --with-readline-include or --without-readline-include was given.
+if test "${with_readline_include+set}" = set; then
+  withval="$with_readline_include"
+  if test "$withval" = "yes" -o "$withval" = "no"; then
+  { echo "configure: error: No argument for --with-readline-include" 1>&2; exit 1; }
+elif test "X$with_readline" = "X"; then
+  with_readline=yes
+fi
+fi
+
+
+echo $ac_n "checking for readline""... $ac_c" 1>&6
+echo "configure:1900: checking for readline" >&5
+
+case "$with_readline" in
+yes)	;;
+no)	;;
+"")	;;
+*)	if test "$with_readline_include" = ""; then
+		with_readline_include="$with_readline/include"
+	fi
+	if test "$with_readline_lib" = ""; then
+		with_readline_lib="$with_readline/lib$abilibdirext"
+	fi
+	;;
+esac
+header_dirs=
+lib_dirs=
+d=''
+for i in $d; do
+	header_dirs="$header_dirs $i/include"
+	lib_dirs="$lib_dirs $i/lib$abilibdirext"
+done
+
+case "$with_readline_include" in
+yes) ;;
+no)  ;;
+*)   header_dirs="$with_readline_include $header_dirs";;
+esac
+case "$with_readline_lib" in
+yes) ;;
+no)  ;;
+*)   lib_dirs="$with_readline_lib $lib_dirs";;
+esac
+
+save_CFLAGS="$CFLAGS"
+save_LIBS="$LIBS"
+ires= lres=
+for i in $header_dirs; do
+	CFLAGS="-I$i $save_CFLAGS"
+	cat > conftest.$ac_ext <<EOF
+#line 1939 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+#include <readline.h>
+
+int main() {
+
+; return 0; }
+EOF
+if { (eval echo configure:1949: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ires=$i;break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+done
+for i in $lib_dirs; do
+	LIBS="-L$i -lreadline  $save_LIBS"
+	cat > conftest.$ac_ext <<EOF
+#line 1961 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+#include <readline.h>
+
+int main() {
+
+; return 0; }
+EOF
+if { (eval echo configure:1971: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  lres=$i;break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+done
+CFLAGS="$save_CFLAGS"
+LIBS="$save_LIBS"
+
+if test "$ires" -a "$lres" -a "$with_readline" != "no"; then
+	readline_includedir="$ires"
+	readline_libdir="$lres"
+	INCLUDE_readline="-I$readline_includedir"
+	LIB_readline="-L$readline_libdir -lreadline"
+	cat >> confdefs.h <<EOF
+#define `echo readline | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ` 1
+EOF
+
+	with_readline=yes
+	echo "$ac_t""headers $ires, libraries $lres" 1>&6
+else
+	INCLUDE_readline=
+	LIB_readline=
+	with_readline=no
+	echo "$ac_t""$with_readline" 1>&6
+fi
+
+
+
+
+
+# Check whether --with-mips_abi or --without-mips_abi was given.
+if test "${with_mips_abi+set}" = set; then
+  withval="$with_mips_abi"
+  :
+fi
+
+
+case "$host_os" in
+irix*)
+with_mips_abi="${with_mips_abi:-yes}"
+if test -n "$GCC"; then
+
+# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select
+# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs.
+#
+# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old
+# GCC and revert back to O32. The same goes if O32 is asked for - old
+# GCCs doesn't like the -mabi option, and new GCCs can't output O32.
+#
+# Don't you just love *all* the different SGI ABIs?
+
+case "${with_mips_abi}" in 
+        32|o32) abi='-mabi=32';  abilibdirext=''     ;;
+       n32|yes) abi='-mabi=n32'; abilibdirext='32'  ;;
+        64) abi='-mabi=64';  abilibdirext='64'   ;;
+	no) abi=''; abilibdirext='';;
+         *) { echo "configure: error: "Invalid ABI specified"" 1>&2; exit 1; } ;;
+esac
+if test -n "$abi" ; then
+ac_foo=krb_cv_gcc_`echo $abi | tr =- __`
+echo $ac_n "checking if $CC supports the $abi option""... $ac_c" 1>&6
+echo "configure:2036: checking if $CC supports the $abi option" >&5
+if eval "test \"`echo '$''{'$ac_foo'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+save_CFLAGS="$CFLAGS"
+CFLAGS="$CFLAGS $abi"
+cat > conftest.$ac_ext <<EOF
+#line 2044 "configure"
+#include "confdefs.h"
+
+int main() {
+int x;
+; return 0; }
+EOF
+if { (eval echo configure:2051: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval $ac_foo=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval $ac_foo=no
+fi
+rm -f conftest*
+CFLAGS="$save_CFLAGS"
+
+fi
+
+ac_res=`eval echo \\\$$ac_foo`
+echo "$ac_t""$ac_res" 1>&6
+if test $ac_res = no; then
+# Try to figure out why that failed...
+case $abi in
+	-mabi=32) 
+	save_CFLAGS="$CFLAGS"
+	CFLAGS="$CFLAGS -mabi=n32"
+	cat > conftest.$ac_ext <<EOF
+#line 2074 "configure"
+#include "confdefs.h"
+
+int main() {
+int x;
+; return 0; }
+EOF
+if { (eval echo configure:2081: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_res=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_res=no
+fi
+rm -f conftest*
+	CLAGS="$save_CFLAGS"
+	if test $ac_res = yes; then
+		# New GCC
+		{ echo "configure: error: $CC does not support the $with_mips_abi ABI" 1>&2; exit 1; }
+	fi
+	# Old GCC
+	abi=''
+	abilibdirext=''
+	;;
+	-mabi=n32|-mabi=64)
+		if test $with_mips_abi = yes; then
+			# Old GCC, default to O32
+			abi=''
+			abilibdirext=''
+		else
+			# Some broken GCC
+			{ echo "configure: error: $CC does not support the $with_mips_abi ABI" 1>&2; exit 1; }
+		fi
+	;;
+esac
+fi #if test $ac_res = no; then
+fi #if test -n "$abi" ; then
+else
+case "${with_mips_abi}" in
+        32|o32) abi='-32'; abilibdirext=''     ;;
+       n32|yes) abi='-n32'; abilibdirext='32'  ;;
+        64) abi='-64'; abilibdirext='64'   ;;
+	no) abi=''; abilibdirext='';;
+         *) { echo "configure: error: "Invalid ABI specified"" 1>&2; exit 1; } ;;
+esac
+fi #if test -n "$GCC"; then
+;;
+esac
+
+
+
+# Check whether --with-hesiod or --without-hesiod was given.
+if test "${with_hesiod+set}" = set; then
+  withval="$with_hesiod"
+  :
+fi
+
+# Check whether --with-hesiod-lib or --without-hesiod-lib was given.
+if test "${with_hesiod_lib+set}" = set; then
+  withval="$with_hesiod_lib"
+  if test "$withval" = "yes" -o "$withval" = "no"; then
+  { echo "configure: error: No argument for --with-hesiod-lib" 1>&2; exit 1; }
+elif test "X$with_hesiod" = "X"; then
+  with_hesiod=yes
+fi
+fi
+
+# Check whether --with-hesiod-include or --without-hesiod-include was given.
+if test "${with_hesiod_include+set}" = set; then
+  withval="$with_hesiod_include"
+  if test "$withval" = "yes" -o "$withval" = "no"; then
+  { echo "configure: error: No argument for --with-hesiod-include" 1>&2; exit 1; }
+elif test "X$with_hesiod" = "X"; then
+  with_hesiod=yes
+fi
+fi
+
+
+echo $ac_n "checking for hesiod""... $ac_c" 1>&6
+echo "configure:2155: checking for hesiod" >&5
+
+case "$with_hesiod" in
+yes)	;;
+no)	;;
+"")	;;
+*)	if test "$with_hesiod_include" = ""; then
+		with_hesiod_include="$with_hesiod/include"
+	fi
+	if test "$with_hesiod_lib" = ""; then
+		with_hesiod_lib="$with_hesiod/lib$abilibdirext"
+	fi
+	;;
+esac
+header_dirs=
+lib_dirs=
+d=''
+for i in $d; do
+	header_dirs="$header_dirs $i/include"
+	lib_dirs="$lib_dirs $i/lib$abilibdirext"
+done
+
+case "$with_hesiod_include" in
+yes) ;;
+no)  ;;
+*)   header_dirs="$with_hesiod_include $header_dirs";;
+esac
+case "$with_hesiod_lib" in
+yes) ;;
+no)  ;;
+*)   lib_dirs="$with_hesiod_lib $lib_dirs";;
+esac
+
+save_CFLAGS="$CFLAGS"
+save_LIBS="$LIBS"
+ires= lres=
+for i in $header_dirs; do
+	CFLAGS="-I$i $save_CFLAGS"
+	cat > conftest.$ac_ext <<EOF
+#line 2194 "configure"
+#include "confdefs.h"
+#include <hesiod.h>
+int main() {
+
+; return 0; }
+EOF
+if { (eval echo configure:2201: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ires=$i;break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+done
+for i in $lib_dirs; do
+	LIBS="-L$i -lhesiod  $save_LIBS"
+	cat > conftest.$ac_ext <<EOF
+#line 2213 "configure"
+#include "confdefs.h"
+#include <hesiod.h>
+int main() {
+
+; return 0; }
+EOF
+if { (eval echo configure:2220: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  lres=$i;break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+done
+CFLAGS="$save_CFLAGS"
+LIBS="$save_LIBS"
+
+if test "$ires" -a "$lres" -a "$with_hesiod" != "no"; then
+	hesiod_includedir="$ires"
+	hesiod_libdir="$lres"
+	INCLUDE_hesiod="-I$hesiod_includedir"
+	LIB_hesiod="-L$hesiod_libdir -lhesiod"
+	cat >> confdefs.h <<EOF
+#define `echo hesiod | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ` 1
+EOF
+
+	with_hesiod=yes
+	echo "$ac_t""headers $ires, libraries $lres" 1>&6
+else
+	INCLUDE_hesiod=
+	LIB_hesiod=
+	with_hesiod=no
+	echo "$ac_t""$with_hesiod" 1>&6
+fi
+
+
+
+
+
+
+# Check whether --enable-shared or --disable-shared was given.
+if test "${enable_shared+set}" = set; then
+  enableval="$enable_shared"
+  :
+fi
+
+
+
+case ${enable_shared} in
+  yes ) enable_shared=yes;;
+  no  ) enable_shared=no;;
+  *   ) enable_shared=no;;
+esac
+
+# NOTE: Building shared libraries may not work if you do not use gcc!
+#
+# OS		$SHLIBEXT
+# HP-UX		sl
+# Linux		so
+# NetBSD	so
+# FreeBSD	so
+# OSF		so
+# SunOS5	so
+# SunOS4	so.0.5
+# Irix		so
+#
+# LIBEXT is the extension we should build (.a or $SHLIBEXT)
+LINK='$(CC)'
+
+lib_deps=yes
+REAL_PICFLAGS="-fpic"
+LDSHARED='$(CC) $(PICFLAGS) -shared'
+LIBPREFIX=lib
+build_symlink_command=@true
+install_symlink_command=@true
+install_symlink_command2=@true
+REAL_SHLIBEXT=so
+SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'`
+SHLIB_SONAME=`echo $VERSION | sed 's/\([0-9]*\).*/\1/'`
+case "${host}" in
+*-*-hpux*)
+	REAL_SHLIBEXT=sl
+	REAL_LD_FLAGS='-Wl,+b$(libdir)'
+	if test -z "$GCC"; then
+		LDSHARED="ld -b"
+		REAL_PICFLAGS="+z"
+	fi
+	lib_deps=no
+	;;
+*-*-linux*)
+	LDSHARED='$(CC) -shared -Wl,-soname,$(LIBNAME).so.'"${SHLIB_SONAME}"
+	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	build_symlink_command='$(LN_S) -f $@ $(LIBNAME).so'
+	install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
+	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
+	;;
+*-*-freebsd[34]*)
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	REAL_LD_FLAGS='-Wl,-R$(libdir)'
+	build_symlink_command='$(LN_S) -f $@ $(LIBNAME).so'
+	install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
+	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
+	;;
+*-*-*bsd*)
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	LDSHARED='ld -Bshareable'
+	REAL_LD_FLAGS='-Wl,-R$(libdir)'
+	;;
+*-*-osf*)
+	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+	REAL_PICFLAGS=
+	LDSHARED='ld -shared -expect_unresolved \*'
+	;;
+*-*-solaris2*)
+	REAL_LD_FLAGS='-Wl,-R$(libdir)'
+	if test -z "$GCC"; then
+		LDSHARED='$(CC) -G'
+		REAL_PICFLAGS="-Kpic"
+	fi
+	;;
+*-fujitsu-uxpv*)
+	REAL_LD_FLAGS='' # really: LD_RUN_PATH=$(libdir) cc -o ...
+	REAL_LINK='LD_RUN_PATH=$(libdir) $(CC)'
+	LDSHARED='$(CC) -G'
+	REAL_PICFLAGS="-Kpic"
+	lib_deps=no # fails in mysterious ways
+	;;
+*-*-sunos*)
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	REAL_LD_FLAGS='-Wl,-L$(libdir)'
+	lib_deps=no
+	;;
+*-*-irix*)
+        libdir="${libdir}${abilibdirext}"
+        REAL_LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)"
+        LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)"
+	LDSHARED="\$(CC) -shared ${abi}"
+        REAL_PICFLAGS=
+        CFLAGS="${abi} ${CFLAGS}"
+	;;
+*-*-os2*)
+	LIBPREFIX=
+	EXECSUFFIX='.exe'
+	RANLIB=EMXOMF
+	LD_FLAGS=-Zcrtdll
+	REAL_SHLIBEXT=nobuild
+	;;
+*-*-cygwin32*)
+	EXECSUFFIX='.exe'
+	REAL_SHLIBEXT=nobuild
+	;;
+*)	REAL_SHLIBEXT=nobuild
+	REAL_PICFLAGS= 
+	;;
+esac
+
+if test "${enable_shared}" != "yes" ; then 
+ PICFLAGS=""
+ SHLIBEXT="nobuild"
+ LIBEXT="a"
+ build_symlink_command=@true
+ install_symlink_command=@true
+ install_symlink_command2=@true
+else
+ PICFLAGS="$REAL_PICFLAGS"
+ SHLIBEXT="$REAL_SHLIBEXT"
+ LIBEXT="$SHLIBEXT"
+ echo $ac_n "checking whether to use -rpath""... $ac_c" 1>&6
+echo "configure:2384: checking whether to use -rpath" >&5
+ case "$libdir" in
+   /lib | /usr/lib | /usr/local/lib)
+     echo "$ac_t""no" 1>&6
+     REAL_LD_FLAGS=
+     LD_FLAGS=
+     ;;
+   *)
+     LD_FLAGS="$REAL_LD_FLAGS"
+     test "$REAL_LINK" && LINK="$REAL_LINK"
+     echo "$ac_t""$LD_FLAGS" 1>&6
+     ;;
+   esac
+fi
+
+if test "$lib_deps" = yes; then
+	lib_deps_yes=""
+	lib_deps_no="# "
+else
+	lib_deps_yes="# "
+	lib_deps_no=""
+fi
+
+
+
+# use supplied ld-flags, or none if `no'
+if test "$with_ld_flags" = no; then
+	LD_FLAGS=
+elif test -n "$with_ld_flags"; then
+	LD_FLAGS="$with_ld_flags"
+fi
+
+   
+       
+
+
+echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6
+echo "configure:2421: checking whether byte ordering is bigendian" >&5
+if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_cv_c_bigendian=unknown
+# See if sys/param.h defines the BYTE_ORDER macro.
+cat > conftest.$ac_ext <<EOF
+#line 2428 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/param.h>
+int main() {
+
+#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
+ bogus endian macros
+#endif
+; return 0; }
+EOF
+if { (eval echo configure:2439: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  # It does; now see whether it defined to BIG_ENDIAN or not.
+cat > conftest.$ac_ext <<EOF
+#line 2443 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/param.h>
+int main() {
+
+#if BYTE_ORDER != BIG_ENDIAN
+ not big endian
+#endif
+; return 0; }
+EOF
+if { (eval echo configure:2454: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_c_bigendian=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_c_bigendian=no
+fi
+rm -f conftest*
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+if test $ac_cv_c_bigendian = unknown; then
+if test "$cross_compiling" = yes; then
+    { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2474 "configure"
+#include "confdefs.h"
+main () {
+  /* Are we little or big endian?  From Harbison&Steele.  */
+  union
+  {
+    long l;
+    char c[sizeof (long)];
+  } u;
+  u.l = 1;
+  exit (u.c[sizeof (long) - 1] == 1);
+}
+EOF
+if { (eval echo configure:2487: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  ac_cv_c_bigendian=no
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_cv_c_bigendian=yes
+fi
+rm -fr conftest*
+fi
+
+fi
+fi
+
+echo "$ac_t""$ac_cv_c_bigendian" 1>&6
+if test $ac_cv_c_bigendian = yes; then
+  cat >> confdefs.h <<\EOF
+#define WORDS_BIGENDIAN 1
+EOF
+
+fi
+
+
+echo $ac_n "checking for working const""... $ac_c" 1>&6
+echo "configure:2512: checking for working const" >&5
+if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2517 "configure"
+#include "confdefs.h"
+
+int main() {
+
+/* Ultrix mips cc rejects this.  */
+typedef int charset[2]; const charset x;
+/* SunOS 4.1.1 cc rejects this.  */
+char const *const *ccp;
+char **p;
+/* NEC SVR4.0.2 mips cc rejects this.  */
+struct point {int x, y;};
+static struct point const zero = {0,0};
+/* AIX XL C 1.02.0.0 rejects this.
+   It does not let you subtract one const X* pointer from another in an arm
+   of an if-expression whose if-part is not a constant expression */
+const char *g = "string";
+ccp = &g + (g ? g-g : 0);
+/* HPUX 7.0 cc rejects these. */
+++ccp;
+p = (char**) ccp;
+ccp = (char const *const *) p;
+{ /* SCO 3.2v4 cc rejects this.  */
+  char *t;
+  char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+  *t++ = 0;
+}
+{ /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
+  int x[] = {25, 17};
+  const int *foo = &x[0];
+  ++foo;
+}
+{ /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+  typedef const int *iptr;
+  iptr p = 0;
+  ++p;
+}
+{ /* AIX XL C 1.02.0.0 rejects this saying
+     "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+  struct s { int j; const int *ap[3]; };
+  struct s *b; b->j = 5;
+}
+{ /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+  const int foo = 10;
+}
+
+; return 0; }
+EOF
+if { (eval echo configure:2566: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_c_const=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_c_const=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_c_const" 1>&6
+if test $ac_cv_c_const = no; then
+  cat >> confdefs.h <<\EOF
+#define const 
+EOF
+
+fi
+
+
+echo $ac_n "checking for inline""... $ac_c" 1>&6
+echo "configure:2588: checking for inline" >&5
+if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_cv_c_inline=no
+for ac_kw in inline __inline__ __inline; do
+  cat > conftest.$ac_ext <<EOF
+#line 2595 "configure"
+#include "confdefs.h"
+
+int main() {
+} $ac_kw foo() {
+; return 0; }
+EOF
+if { (eval echo configure:2602: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_c_inline=$ac_kw; break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+done
+
+fi
+
+echo "$ac_t""$ac_cv_c_inline" 1>&6
+case "$ac_cv_c_inline" in
+  inline | yes) ;;
+  no) cat >> confdefs.h <<\EOF
+#define inline 
+EOF
+ ;;
+  *)  cat >> confdefs.h <<EOF
+#define inline $ac_cv_c_inline
+EOF
+ ;;
+esac
+
+
+
+echo $ac_n "checking for __attribute__""... $ac_c" 1>&6
+echo "configure:2630: checking for __attribute__" >&5
+if eval "test \"`echo '$''{'ac_cv___attribute__'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 2636 "configure"
+#include "confdefs.h"
+
+#include <stdlib.h>
+
+int main() {
+
+static void foo(void) __attribute__ ((noreturn));
+
+static void
+foo(void)
+{
+  exit(1);
+}
+
+; return 0; }
+EOF
+if { (eval echo configure:2653: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv___attribute__=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv___attribute__=no
+fi
+rm -f conftest*
+fi
+
+if test "$ac_cv___attribute__" = "yes"; then
+  cat >> confdefs.h <<\EOF
+#define HAVE___ATTRIBUTE__ 1
+EOF
+
+fi
+echo "$ac_t""$ac_cv___attribute__" 1>&6
+
+
+
+
+echo $ac_n "checking for NEXTSTEP""... $ac_c" 1>&6
+echo "configure:2677: checking for NEXTSTEP" >&5
+if eval "test \"`echo '$''{'krb_cv_sys_nextstep'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2682 "configure"
+#include "confdefs.h"
+#if defined(NeXT) && !defined(__APPLE__)
+	yes
+#endif 
+
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "yes" >/dev/null 2>&1; then
+  rm -rf conftest*
+  krb_cv_sys_nextstep=yes
+else
+  rm -rf conftest*
+  krb_cv_sys_nextstep=no
+fi
+rm -f conftest*
+ 
+fi
+
+if test "$krb_cv_sys_nextstep" = "yes"; then
+  CFLAGS="$CFLAGS -posix"
+  LIBS="$LIBS -posix"
+fi
+echo "$ac_t""$krb_cv_sys_nextstep" 1>&6
+
+
+echo $ac_n "checking for AIX""... $ac_c" 1>&6
+echo "configure:2709: checking for AIX" >&5
+if eval "test \"`echo '$''{'krb_cv_sys_aix'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2714 "configure"
+#include "confdefs.h"
+#ifdef _AIX
+	yes
+#endif 
+
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "yes" >/dev/null 2>&1; then
+  rm -rf conftest*
+  krb_cv_sys_aix=yes
+else
+  rm -rf conftest*
+  krb_cv_sys_aix=no
+fi
+rm -f conftest*
+ 
+fi
+
+echo "$ac_t""$krb_cv_sys_aix" 1>&6
+
+
+if test "$krb_cv_sys_aix" = yes ;then
+	if test "$aix_dynamic_afs" = yes; then
+		AFS_EXTRA_OBJS=
+		AFS_EXTRA_LIBS=afslib.so
+		# this works differently in AIX <=3 and 4
+		if test `uname -v` = 4 ; then
+			AFS_EXTRA_LD="-bnoentry"
+		else
+			AFS_EXTRA_LD="-e _nostart"
+		fi
+		AFS_EXTRA_DEFS=
+		
+
+
+echo $ac_n "checking for dlopen""... $ac_c" 1>&6
+echo "configure:2751: checking for dlopen" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_dlopen'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_dlopen\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" dl; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 2766 "configure"
+#include "confdefs.h"
+
+int main() {
+dlopen()
+; return 0; }
+EOF
+if { (eval echo configure:2773: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dlopen=$ac_lib; else ac_cv_funclib_dlopen=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_dlopen=\${ac_cv_funclib_dlopen-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_dlopen"
+
+: << END
+@@@funcs="$funcs dlopen"@@@
+@@@libs="$libs "" dl"@@@
+END
+
+# dlopen
+eval "ac_tr_func=HAVE_`echo dlopen | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_dlopen=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_dlopen=yes"
+	eval "LIB_dlopen="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_dlopen=no"
+	eval "LIB_dlopen="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_dlopen=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+		if test "$ac_cv_funclib_dlopen" = yes; then
+			AIX_EXTRA_KAFS=
+		elif test "$ac_cv_funclib_dlopen" != no; then
+			AIX_EXTRA_KAFS="$ac_cv_funclib_dlopen"
+		else
+			AFS_EXTRA_OBJS="$AFS_EXTRA_OBJS dlfcn.o"
+			AIX_EXTRA_KAFS=-lld
+		fi
+	else
+		AFS_EXTRA_OBJS='$(srcdir)/afsl.exp afslib.o'
+		AFS_EXTRA_LIBS=
+		AFS_EXTRA_DEFS='-DSTATIC_AFS_SYSCALLS'
+		AIX_EXTRA_KAFS=
+	fi
+					fi
+
+#
+# AIX needs /lib/pse.exp for getmsg, but alas that file is broken in
+# AIX414
+#
+
+case "${host}" in
+*-*-aix4.1*)
+if test -f /lib/pse.exp ;then
+	LIBS="$LIBS -Wl,-bnolibpath -Wl,-bI:/lib/pse.exp"
+fi
+;;
+esac
+
+
+echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
+echo "configure:2863: checking for ANSI C header files" >&5
+if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2868 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2876: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  ac_cv_header_stdc=yes
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+if test $ac_cv_header_stdc = yes; then
+  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+cat > conftest.$ac_ext <<EOF
+#line 2893 "configure"
+#include "confdefs.h"
+#include <string.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "memchr" >/dev/null 2>&1; then
+  :
+else
+  rm -rf conftest*
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+cat > conftest.$ac_ext <<EOF
+#line 2911 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "free" >/dev/null 2>&1; then
+  :
+else
+  rm -rf conftest*
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+if test "$cross_compiling" = yes; then
+  :
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2932 "configure"
+#include "confdefs.h"
+#include <ctype.h>
+#define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int main () { int i; for (i = 0; i < 256; i++)
+if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2);
+exit (0); }
+
+EOF
+if { (eval echo configure:2943: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  :
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_cv_header_stdc=no
+fi
+rm -fr conftest*
+fi
+
+fi
+fi
+
+echo "$ac_t""$ac_cv_header_stdc" 1>&6
+if test $ac_cv_header_stdc = yes; then
+  cat >> confdefs.h <<\EOF
+#define STDC_HEADERS 1
+EOF
+
+fi
+
+
+for ac_hdr in arpa/ftp.h			\
+	arpa/inet.h				\
+	arpa/nameser.h				\
+	arpa/telnet.h				\
+	bsd/bsd.h				\
+	bsdsetjmp.h				\
+	capability.h				\
+	crypt.h					\
+	curses.h				\
+	db.h					\
+	dbm.h					\
+	dirent.h				\
+	err.h					\
+	errno.h					\
+	fcntl.h					\
+	fnmatch.h				\
+	grp.h					\
+	inttypes.h				\
+	io.h					\
+	lastlog.h				\
+	libutil.h				\
+	limits.h				\
+	login.h					\
+	maillock.h				\
+	ndbm.h					\
+	net/if.h				\
+	net/if_tun.h				\
+	net/if_var.h				\
+	netdb.h					\
+	netinet/in.h				\
+	netinet/in6_machtypes.h			\
+	netinet/in_systm.h			\
+	paths.h					\
+	pty.h					\
+	pwd.h					\
+	resolv.h				\
+	rpcsvc/dbm.h				\
+	rpcsvc/ypclnt.h				\
+	sac.h					\
+	security/pam_modules.h			\
+	shadow.h				\
+	siad.h					\
+	signal.h				\
+	stropts.h				\
+	sys/bitypes.h				\
+	sys/category.h				\
+	sys/file.h				\
+	sys/filio.h				\
+	sys/ioccom.h				\
+	sys/ioctl.h				\
+	sys/locking.h				\
+	sys/mman.h				\
+	sys/param.h				\
+	sys/proc.h				\
+	sys/pty.h				\
+	sys/ptyio.h				\
+	sys/ptyvar.h				\
+	sys/resource.h				\
+	sys/select.h				\
+	sys/socket.h				\
+	sys/sockio.h				\
+	sys/stat.h				\
+	sys/str_tty.h				\
+	sys/stream.h				\
+	sys/stropts.h				\
+	sys/strtty.h				\
+	sys/syscall.h				\
+	sys/sysctl.h				\
+	sys/termio.h				\
+	sys/time.h				\
+	sys/timeb.h				\
+	sys/times.h				\
+	sys/tty.h				\
+	sys/types.h				\
+	sys/uio.h				\
+	sys/un.h				\
+	sys/utsname.h				\
+	sys/wait.h				\
+	syslog.h				\
+	term.h					\
+	termcap.h				\
+	termio.h				\
+	termios.h				\
+	tmpdir.h				\
+	ttyent.h				\
+	udb.h					\
+	ulimit.h				\
+	unistd.h				\
+	userpw.h				\
+	usersec.h				\
+	util.h					\
+	utime.h					\
+	utmp.h					\
+	utmpx.h					\
+	wait.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:3065: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3070 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:3075: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6
+echo "configure:3103: checking whether time.h and sys/time.h may both be included" >&5
+if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3108 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+int main() {
+struct tm *tp;
+; return 0; }
+EOF
+if { (eval echo configure:3117: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_header_time=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_header_time=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_header_time" 1>&6
+if test $ac_cv_header_time = yes; then
+  cat >> confdefs.h <<\EOF
+#define TIME_WITH_SYS_TIME 1
+EOF
+
+fi
+
+echo $ac_n "checking for sys_siglist declaration in signal.h or unistd.h""... $ac_c" 1>&6
+echo "configure:3138: checking for sys_siglist declaration in signal.h or unistd.h" >&5
+if eval "test \"`echo '$''{'ac_cv_decl_sys_siglist'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3143 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <signal.h>
+/* NetBSD declares sys_siglist in unistd.h.  */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+int main() {
+char *msg = *(sys_siglist + 1);
+; return 0; }
+EOF
+if { (eval echo configure:3155: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_decl_sys_siglist=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_decl_sys_siglist=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_decl_sys_siglist" 1>&6
+if test $ac_cv_decl_sys_siglist = yes; then
+  cat >> confdefs.h <<\EOF
+#define SYS_SIGLIST_DECLARED 1
+EOF
+
+fi
+
+
+
+for ac_hdr in standards.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:3181: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3186 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:3191: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for i in netinet/ip.h netinet/tcp.h; do
+
+cv=`echo "$i" | sed 'y%./+-%__p_%'`
+
+echo $ac_n "checking for $i""... $ac_c" 1>&6
+echo "configure:3222: checking for $i" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$cv'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3227 "configure"
+#include "confdefs.h"
+\
+#ifdef HAVE_STANDARDS_H
+#include <standards.h>
+#endif
+#include <$i>
+
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:3237: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$cv=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$cv=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""`eval echo \\$ac_cv_header_$cv`" 1>&6
+if test `eval echo \\$ac_cv_header_$cv` = yes; then
+  ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+fi
+done
+: << END
+@@@headers="$headers netinet/ip.h netinet/tcp.h"@@@
+END
+
+
+
+EXTRA_LOCL_HEADERS=
+EXTRA_HEADERS=
+if test "$ac_cv_header_err_h" != yes; then
+	EXTRA_HEADERS="$EXTRA_HEADERS err.h"
+fi
+if test "$ac_cv_header_fnmatch_h" != yes; then
+	EXTRA_LOCL_HEADERS="$EXTRA_LOCL_HEADERS fnmatch.h"
+fi
+
+
+
+
+for i in int8_t int16_t int32_t int64_t; do
+	echo $ac_n "checking for $i""... $ac_c" 1>&6
+echo "configure:3281: checking for $i" >&5
+	
+if eval "test \"`echo '$''{'ac_cv_type_$i'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3287 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+int main() {
+$i x;
+
+; return 0; }
+EOF
+if { (eval echo configure:3311: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval ac_cv_type_$i=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval ac_cv_type_$i=no
+fi
+rm -f conftest*
+fi
+
+	eval ac_res=\$ac_cv_type_$i
+	if test "$ac_res" = yes; then
+		type=HAVE_`echo $i | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+		cat >> confdefs.h <<EOF
+#define $type 1
+EOF
+
+	fi
+	echo "$ac_t""$ac_res" 1>&6
+done
+
+
+for i in u_int8_t u_int16_t u_int32_t u_int64_t; do
+	echo $ac_n "checking for $i""... $ac_c" 1>&6
+echo "configure:3337: checking for $i" >&5
+	
+if eval "test \"`echo '$''{'ac_cv_type_$i'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3343 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+int main() {
+$i x;
+
+; return 0; }
+EOF
+if { (eval echo configure:3367: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval ac_cv_type_$i=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval ac_cv_type_$i=no
+fi
+rm -f conftest*
+fi
+
+	eval ac_res=\$ac_cv_type_$i
+	if test "$ac_res" = yes; then
+		type=HAVE_`echo $i | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+		cat >> confdefs.h <<EOF
+#define $type 1
+EOF
+
+	fi
+	echo "$ac_t""$ac_res" 1>&6
+done
+
+
+echo $ac_n "checking for strange sys/bitypes.h""... $ac_c" 1>&6
+echo "configure:3392: checking for strange sys/bitypes.h" >&5
+if eval "test \"`echo '$''{'krb_cv_int8_t_ifdef'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 3398 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+int main() {
+int8_t x;
+
+; return 0; }
+EOF
+if { (eval echo configure:3416: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  krb_cv_int8_t_ifdef=no
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  krb_cv_int8_t_ifdef=yes
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$krb_cv_int8_t_ifdef" 1>&6
+if test "$krb_cv_int8_t_ifdef" = "yes"; then
+  cat >> confdefs.h <<\EOF
+#define HAVE_STRANGE_INT8_T 1
+EOF
+fi
+
+
+
+
+
+echo $ac_n "checking for crypt""... $ac_c" 1>&6
+echo "configure:3440: checking for crypt" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_crypt'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_crypt\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" crypt; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 3455 "configure"
+#include "confdefs.h"
+
+int main() {
+crypt()
+; return 0; }
+EOF
+if { (eval echo configure:3462: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_crypt=$ac_lib; else ac_cv_funclib_crypt=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_crypt=\${ac_cv_funclib_crypt-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_crypt"
+
+: << END
+@@@funcs="$funcs crypt"@@@
+@@@libs="$libs "" crypt"@@@
+END
+
+# crypt
+eval "ac_tr_func=HAVE_`echo crypt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_crypt=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_crypt=yes"
+	eval "LIB_crypt="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_crypt=no"
+	eval "LIB_crypt="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_crypt=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+
+
+
+
+
+echo $ac_n "checking for socket""... $ac_c" 1>&6
+echo "configure:3527: checking for socket" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_socket'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_socket\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" socket; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 3542 "configure"
+#include "confdefs.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+int main() {
+socket(0,0,0)
+; return 0; }
+EOF
+if { (eval echo configure:3554: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_socket=$ac_lib; else ac_cv_funclib_socket=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_socket=\${ac_cv_funclib_socket-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_socket"
+
+: << END
+@@@funcs="$funcs socket"@@@
+@@@libs="$libs "" socket"@@@
+END
+
+# socket
+eval "ac_tr_func=HAVE_`echo socket | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_socket=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_socket=yes"
+	eval "LIB_socket="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_socket=no"
+	eval "LIB_socket="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_socket=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+if test -n "$LIB_socket"; then
+	LIBS="$LIB_socket $LIBS"
+fi
+
+
+
+
+
+echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6
+echo "configure:3622: checking for gethostbyname" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_gethostbyname'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_gethostbyname\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" nsl; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 3637 "configure"
+#include "confdefs.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+int main() {
+gethostbyname("foo")
+; return 0; }
+EOF
+if { (eval echo configure:3649: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname=$ac_lib; else ac_cv_funclib_gethostbyname=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_gethostbyname=\${ac_cv_funclib_gethostbyname-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_gethostbyname"
+
+: << END
+@@@funcs="$funcs gethostbyname"@@@
+@@@libs="$libs "" nsl"@@@
+END
+
+# gethostbyname
+eval "ac_tr_func=HAVE_`echo gethostbyname | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_gethostbyname=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_gethostbyname=yes"
+	eval "LIB_gethostbyname="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_gethostbyname=no"
+	eval "LIB_gethostbyname="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_gethostbyname=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+if test -n "$LIB_gethostbyname"; then
+	LIBS="$LIB_gethostbyname $LIBS"
+fi
+
+
+
+
+
+
+
+echo $ac_n "checking for odm_initialize""... $ac_c" 1>&6
+echo "configure:3719: checking for odm_initialize" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_odm_initialize'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_odm_initialize\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" odm; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 3734 "configure"
+#include "confdefs.h"
+
+int main() {
+odm_initialize()
+; return 0; }
+EOF
+if { (eval echo configure:3741: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_odm_initialize=$ac_lib; else ac_cv_funclib_odm_initialize=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_odm_initialize=\${ac_cv_funclib_odm_initialize-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_odm_initialize"
+
+: << END
+@@@funcs="$funcs odm_initialize"@@@
+@@@libs="$libs "" odm"@@@
+END
+
+# odm_initialize
+eval "ac_tr_func=HAVE_`echo odm_initialize | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_odm_initialize=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_odm_initialize=yes"
+	eval "LIB_odm_initialize="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_odm_initialize=no"
+	eval "LIB_odm_initialize="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_odm_initialize=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+if test -n "$LIB_odm_initialize"; then
+	LIBS="$LIB_odm_initialize $LIBS"
+fi
+
+
+
+
+
+echo $ac_n "checking for getattr""... $ac_c" 1>&6
+echo "configure:3809: checking for getattr" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_getattr'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_getattr\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" cfg; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 3824 "configure"
+#include "confdefs.h"
+
+int main() {
+getattr()
+; return 0; }
+EOF
+if { (eval echo configure:3831: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_getattr=$ac_lib; else ac_cv_funclib_getattr=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_getattr=\${ac_cv_funclib_getattr-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_getattr"
+
+: << END
+@@@funcs="$funcs getattr"@@@
+@@@libs="$libs "" cfg"@@@
+END
+
+# getattr
+eval "ac_tr_func=HAVE_`echo getattr | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_getattr=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_getattr=yes"
+	eval "LIB_getattr="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_getattr=no"
+	eval "LIB_getattr="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_getattr=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+if test -n "$LIB_getattr"; then
+	LIBS="$LIB_getattr $LIBS"
+fi
+
+
+
+
+
+echo $ac_n "checking for setpcred""... $ac_c" 1>&6
+echo "configure:3899: checking for setpcred" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_setpcred'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_setpcred\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" s; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 3914 "configure"
+#include "confdefs.h"
+
+int main() {
+setpcred()
+; return 0; }
+EOF
+if { (eval echo configure:3921: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_setpcred=$ac_lib; else ac_cv_funclib_setpcred=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_setpcred=\${ac_cv_funclib_setpcred-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_setpcred"
+
+: << END
+@@@funcs="$funcs setpcred"@@@
+@@@libs="$libs "" s"@@@
+END
+
+# setpcred
+eval "ac_tr_func=HAVE_`echo setpcred | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_setpcred=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_setpcred=yes"
+	eval "LIB_setpcred="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_setpcred=no"
+	eval "LIB_setpcred="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_setpcred=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+if test -n "$LIB_setpcred"; then
+	LIBS="$LIB_setpcred $LIBS"
+fi
+
+
+
+
+
+echo $ac_n "checking for logwtmp""... $ac_c" 1>&6
+echo "configure:3989: checking for logwtmp" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_logwtmp'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_logwtmp\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" util; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 4004 "configure"
+#include "confdefs.h"
+
+int main() {
+logwtmp()
+; return 0; }
+EOF
+if { (eval echo configure:4011: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_logwtmp=$ac_lib; else ac_cv_funclib_logwtmp=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_logwtmp=\${ac_cv_funclib_logwtmp-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_logwtmp"
+
+: << END
+@@@funcs="$funcs logwtmp"@@@
+@@@libs="$libs "" util"@@@
+END
+
+# logwtmp
+eval "ac_tr_func=HAVE_`echo logwtmp | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_logwtmp=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_logwtmp=yes"
+	eval "LIB_logwtmp="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_logwtmp=no"
+	eval "LIB_logwtmp="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_logwtmp=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+if test -n "$LIB_logwtmp"; then
+	LIBS="$LIB_logwtmp $LIBS"
+fi
+
+
+
+
+
+
+echo $ac_n "checking for logout""... $ac_c" 1>&6
+echo "configure:4080: checking for logout" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_logout'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_logout\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" util; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 4095 "configure"
+#include "confdefs.h"
+
+int main() {
+logout()
+; return 0; }
+EOF
+if { (eval echo configure:4102: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_logout=$ac_lib; else ac_cv_funclib_logout=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_logout=\${ac_cv_funclib_logout-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_logout"
+
+: << END
+@@@funcs="$funcs logout"@@@
+@@@libs="$libs "" util"@@@
+END
+
+# logout
+eval "ac_tr_func=HAVE_`echo logout | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_logout=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_logout=yes"
+	eval "LIB_logout="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_logout=no"
+	eval "LIB_logout="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_logout=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+if test -n "$LIB_logout"; then
+	LIBS="$LIB_logout $LIBS"
+fi
+
+
+
+
+echo $ac_n "checking for tgetent""... $ac_c" 1>&6
+echo "configure:4169: checking for tgetent" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_tgetent'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_tgetent\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" termcap ncurses curses; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 4184 "configure"
+#include "confdefs.h"
+
+int main() {
+tgetent()
+; return 0; }
+EOF
+if { (eval echo configure:4191: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_tgetent=$ac_lib; else ac_cv_funclib_tgetent=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_tgetent=\${ac_cv_funclib_tgetent-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_tgetent"
+
+: << END
+@@@funcs="$funcs tgetent"@@@
+@@@libs="$libs "" termcap ncurses curses"@@@
+END
+
+# tgetent
+eval "ac_tr_func=HAVE_`echo tgetent | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_tgetent=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_tgetent=yes"
+	eval "LIB_tgetent="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_tgetent=no"
+	eval "LIB_tgetent="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_tgetent=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+	
+# If we find X, set shell vars x_includes and x_libraries to the
+# paths, otherwise set no_x=yes.
+# Uses ac_ vars as temps to allow command line to override cache and checks.
+# --without-x overrides everything else, but does not touch the cache.
+echo $ac_n "checking for X""... $ac_c" 1>&6
+echo "configure:4256: checking for X" >&5
+
+# Check whether --with-x or --without-x was given.
+if test "${with_x+set}" = set; then
+  withval="$with_x"
+  :
+fi
+
+# $have_x is `yes', `no', `disabled', or empty when we do not yet know.
+if test "x$with_x" = xno; then
+  # The user explicitly disabled X.
+  have_x=disabled
+else
+  if test "x$x_includes" != xNONE && test "x$x_libraries" != xNONE; then
+    # Both variables are already set.
+    have_x=yes
+  else
+if eval "test \"`echo '$''{'ac_cv_have_x'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  # One or both of the vars are not set, and there is no cached value.
+ac_x_includes=NO ac_x_libraries=NO
+rm -fr conftestdir
+if mkdir conftestdir; then
+  cd conftestdir
+  # Make sure to not put "make" in the Imakefile rules, since we grep it out.
+  cat > Imakefile <<'EOF'
+acfindx:
+	@echo 'ac_im_incroot="${INCROOT}"; ac_im_usrlibdir="${USRLIBDIR}"; ac_im_libdir="${LIBDIR}"'
+EOF
+  if (xmkmf) >/dev/null 2>/dev/null && test -f Makefile; then
+    # GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+    eval `${MAKE-make} acfindx 2>/dev/null | grep -v make`
+    # Open Windows xmkmf reportedly sets LIBDIR instead of USRLIBDIR.
+    for ac_extension in a so sl; do
+      if test ! -f $ac_im_usrlibdir/libX11.$ac_extension &&
+        test -f $ac_im_libdir/libX11.$ac_extension; then
+        ac_im_usrlibdir=$ac_im_libdir; break
+      fi
+    done
+    # Screen out bogus values from the imake configuration.  They are
+    # bogus both because they are the default anyway, and because
+    # using them would break gcc on systems where it needs fixed includes.
+    case "$ac_im_incroot" in
+	/usr/include) ;;
+	*) test -f "$ac_im_incroot/X11/Xos.h" && ac_x_includes="$ac_im_incroot" ;;
+    esac
+    case "$ac_im_usrlibdir" in
+	/usr/lib | /lib) ;;
+	*) test -d "$ac_im_usrlibdir" && ac_x_libraries="$ac_im_usrlibdir" ;;
+    esac
+  fi
+  cd ..
+  rm -fr conftestdir
+fi
+
+if test "$ac_x_includes" = NO; then
+  # Guess where to find include files, by looking for this one X11 .h file.
+  test -z "$x_direct_test_include" && x_direct_test_include=X11/Intrinsic.h
+
+  # First, try using that file with no special directory specified.
+cat > conftest.$ac_ext <<EOF
+#line 4318 "configure"
+#include "confdefs.h"
+#include <$x_direct_test_include>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:4323: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  # We can compile using X headers with no special include directory.
+ac_x_includes=
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  # Look for the header file in a standard set of common directories.
+# Check X11 before X11Rn because it is often a symlink to the current release.
+  for ac_dir in               \
+    /usr/X11/include          \
+    /usr/X11R6/include        \
+    /usr/X11R5/include        \
+    /usr/X11R4/include        \
+                              \
+    /usr/include/X11          \
+    /usr/include/X11R6        \
+    /usr/include/X11R5        \
+    /usr/include/X11R4        \
+                              \
+    /usr/local/X11/include    \
+    /usr/local/X11R6/include  \
+    /usr/local/X11R5/include  \
+    /usr/local/X11R4/include  \
+                              \
+    /usr/local/include/X11    \
+    /usr/local/include/X11R6  \
+    /usr/local/include/X11R5  \
+    /usr/local/include/X11R4  \
+                              \
+    /usr/X386/include         \
+    /usr/x386/include         \
+    /usr/XFree86/include/X11  \
+                              \
+    /usr/include              \
+    /usr/local/include        \
+    /usr/unsupported/include  \
+    /usr/athena/include       \
+    /usr/local/x11r5/include  \
+    /usr/lpp/Xamples/include  \
+                              \
+    /usr/openwin/include      \
+    /usr/openwin/share/include \
+    ; \
+  do
+    if test -r "$ac_dir/$x_direct_test_include"; then
+      ac_x_includes=$ac_dir
+      break
+    fi
+  done
+fi
+rm -f conftest*
+fi # $ac_x_includes = NO
+
+if test "$ac_x_libraries" = NO; then
+  # Check for the libraries.
+
+  test -z "$x_direct_test_library" && x_direct_test_library=Xt
+  test -z "$x_direct_test_function" && x_direct_test_function=XtMalloc
+
+  # See if we find them without any special options.
+  # Don't add to $LIBS permanently.
+  ac_save_LIBS="$LIBS"
+  LIBS="-l$x_direct_test_library $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4392 "configure"
+#include "confdefs.h"
+
+int main() {
+${x_direct_test_function}()
+; return 0; }
+EOF
+if { (eval echo configure:4399: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  LIBS="$ac_save_LIBS"
+# We can link X programs with no special library path.
+ac_x_libraries=
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  LIBS="$ac_save_LIBS"
+# First see if replacing the include by lib works.
+# Check X11 before X11Rn because it is often a symlink to the current release.
+for ac_dir in `echo "$ac_x_includes" | sed s/include/lib/` \
+    /usr/X11/lib          \
+    /usr/X11R6/lib        \
+    /usr/X11R5/lib        \
+    /usr/X11R4/lib        \
+                          \
+    /usr/lib/X11          \
+    /usr/lib/X11R6        \
+    /usr/lib/X11R5        \
+    /usr/lib/X11R4        \
+                          \
+    /usr/local/X11/lib    \
+    /usr/local/X11R6/lib  \
+    /usr/local/X11R5/lib  \
+    /usr/local/X11R4/lib  \
+                          \
+    /usr/local/lib/X11    \
+    /usr/local/lib/X11R6  \
+    /usr/local/lib/X11R5  \
+    /usr/local/lib/X11R4  \
+                          \
+    /usr/X386/lib         \
+    /usr/x386/lib         \
+    /usr/XFree86/lib/X11  \
+                          \
+    /usr/lib              \
+    /usr/local/lib        \
+    /usr/unsupported/lib  \
+    /usr/athena/lib       \
+    /usr/local/x11r5/lib  \
+    /usr/lpp/Xamples/lib  \
+    /lib/usr/lib/X11	  \
+                          \
+    /usr/openwin/lib      \
+    /usr/openwin/share/lib \
+    ; \
+do
+  for ac_extension in a so sl; do
+    if test -r $ac_dir/lib${x_direct_test_library}.$ac_extension; then
+      ac_x_libraries=$ac_dir
+      break 2
+    fi
+  done
+done
+fi
+rm -f conftest*
+fi # $ac_x_libraries = NO
+
+if test "$ac_x_includes" = NO || test "$ac_x_libraries" = NO; then
+  # Didn't find X anywhere.  Cache the known absence of X.
+  ac_cv_have_x="have_x=no"
+else
+  # Record where we found X for the cache.
+  ac_cv_have_x="have_x=yes \
+	        ac_x_includes=$ac_x_includes ac_x_libraries=$ac_x_libraries"
+fi
+fi
+  fi
+  eval "$ac_cv_have_x"
+fi # $with_x != no
+
+if test "$have_x" != yes; then
+  echo "$ac_t""$have_x" 1>&6
+  no_x=yes
+else
+  # If each of the values was on the command line, it overrides each guess.
+  test "x$x_includes" = xNONE && x_includes=$ac_x_includes
+  test "x$x_libraries" = xNONE && x_libraries=$ac_x_libraries
+  # Update the cache value to reflect the command line values.
+  ac_cv_have_x="have_x=yes \
+		ac_x_includes=$x_includes ac_x_libraries=$x_libraries"
+  echo "$ac_t""libraries $x_libraries, headers $x_includes" 1>&6
+fi
+
+
+if test "$no_x" = yes; then
+  # Not all programs may use this symbol, but it does not hurt to define it.
+  cat >> confdefs.h <<\EOF
+#define X_DISPLAY_MISSING 1
+EOF
+
+  X_CFLAGS= X_PRE_LIBS= X_LIBS= X_EXTRA_LIBS=
+else
+  if test -n "$x_includes"; then
+    X_CFLAGS="$X_CFLAGS -I$x_includes"
+  fi
+
+  # It would also be nice to do this for all -L options, not just this one.
+  if test -n "$x_libraries"; then
+    X_LIBS="$X_LIBS -L$x_libraries"
+    # For Solaris; some versions of Sun CC require a space after -R and
+    # others require no space.  Words are not sufficient . . . .
+    case "`(uname -sr) 2>/dev/null`" in
+    "SunOS 5"*)
+      echo $ac_n "checking whether -R must be followed by a space""... $ac_c" 1>&6
+echo "configure:4506: checking whether -R must be followed by a space" >&5
+      ac_xsave_LIBS="$LIBS"; LIBS="$LIBS -R$x_libraries"
+      cat > conftest.$ac_ext <<EOF
+#line 4509 "configure"
+#include "confdefs.h"
+
+int main() {
+
+; return 0; }
+EOF
+if { (eval echo configure:4516: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  ac_R_nospace=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_R_nospace=no
+fi
+rm -f conftest*
+      if test $ac_R_nospace = yes; then
+	echo "$ac_t""no" 1>&6
+	X_LIBS="$X_LIBS -R$x_libraries"
+      else
+	LIBS="$ac_xsave_LIBS -R $x_libraries"
+	cat > conftest.$ac_ext <<EOF
+#line 4532 "configure"
+#include "confdefs.h"
+
+int main() {
+
+; return 0; }
+EOF
+if { (eval echo configure:4539: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  ac_R_space=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_R_space=no
+fi
+rm -f conftest*
+	if test $ac_R_space = yes; then
+	  echo "$ac_t""yes" 1>&6
+	  X_LIBS="$X_LIBS -R $x_libraries"
+	else
+	  echo "$ac_t""neither works" 1>&6
+	fi
+      fi
+      LIBS="$ac_xsave_LIBS"
+    esac
+  fi
+
+  # Check for system-dependent libraries X programs must link with.
+  # Do this before checking for the system-independent R6 libraries
+  # (-lICE), since we may need -lsocket or whatever for X linking.
+
+  if test "$ISC" = yes; then
+    X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl_s -linet"
+  else
+    # Martyn.Johnson@cl.cam.ac.uk says this is needed for Ultrix, if the X
+    # libraries were built with DECnet support.  And karl@cs.umb.edu says
+    # the Alpha needs dnet_stub (dnet does not exist).
+    echo $ac_n "checking for dnet_ntoa in -ldnet""... $ac_c" 1>&6
+echo "configure:4571: checking for dnet_ntoa in -ldnet" >&5
+ac_lib_var=`echo dnet'_'dnet_ntoa | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-ldnet  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4579 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char dnet_ntoa();
+
+int main() {
+dnet_ntoa()
+; return 0; }
+EOF
+if { (eval echo configure:4590: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+    if test $ac_cv_lib_dnet_dnet_ntoa = no; then
+      echo $ac_n "checking for dnet_ntoa in -ldnet_stub""... $ac_c" 1>&6
+echo "configure:4612: checking for dnet_ntoa in -ldnet_stub" >&5
+ac_lib_var=`echo dnet_stub'_'dnet_ntoa | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-ldnet_stub  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4620 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char dnet_ntoa();
+
+int main() {
+dnet_ntoa()
+; return 0; }
+EOF
+if { (eval echo configure:4631: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet_stub"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+    fi
+
+    # msh@cis.ufl.edu says -lnsl (and -lsocket) are needed for his 386/AT,
+    # to get the SysV transport functions.
+    # chad@anasazi.com says the Pyramis MIS-ES running DC/OSx (SVR4)
+    # needs -lnsl.
+    # The nsl library prevents programs from opening the X display
+    # on Irix 5.2, according to dickey@clark.net.
+    echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6
+echo "configure:4660: checking for gethostbyname" >&5
+if eval "test \"`echo '$''{'ac_cv_func_gethostbyname'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 4665 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char gethostbyname(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char gethostbyname();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_gethostbyname) || defined (__stub___gethostbyname)
+choke me
+#else
+gethostbyname();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:4688: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_gethostbyname=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_gethostbyname=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'gethostbyname`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  :
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+    if test $ac_cv_func_gethostbyname = no; then
+      echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6
+echo "configure:4709: checking for gethostbyname in -lnsl" >&5
+ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lnsl  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4717 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char gethostbyname();
+
+int main() {
+gethostbyname()
+; return 0; }
+EOF
+if { (eval echo configure:4728: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+    fi
+
+    # lieder@skyler.mavd.honeywell.com says without -lsocket,
+    # socket/setsockopt and other routines are undefined under SCO ODT
+    # 2.0.  But -lsocket is broken on IRIX 5.2 (and is not necessary
+    # on later versions), says simon@lia.di.epfl.ch: it contains
+    # gethostby* variants that don't use the nameserver (or something).
+    # -lsocket must be given before -lnsl if both are needed.
+    # We assume that if connect needs -lnsl, so does gethostbyname.
+    echo $ac_n "checking for connect""... $ac_c" 1>&6
+echo "configure:4758: checking for connect" >&5
+if eval "test \"`echo '$''{'ac_cv_func_connect'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 4763 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char connect(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char connect();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_connect) || defined (__stub___connect)
+choke me
+#else
+connect();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:4786: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_connect=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_connect=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'connect`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  :
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+    if test $ac_cv_func_connect = no; then
+      echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6
+echo "configure:4807: checking for connect in -lsocket" >&5
+ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lsocket $X_EXTRA_LIBS $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4815 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char connect();
+
+int main() {
+connect()
+; return 0; }
+EOF
+if { (eval echo configure:4826: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  X_EXTRA_LIBS="-lsocket $X_EXTRA_LIBS"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+    fi
+
+    # gomez@mi.uni-erlangen.de says -lposix is necessary on A/UX.
+    echo $ac_n "checking for remove""... $ac_c" 1>&6
+echo "configure:4850: checking for remove" >&5
+if eval "test \"`echo '$''{'ac_cv_func_remove'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 4855 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char remove(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char remove();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_remove) || defined (__stub___remove)
+choke me
+#else
+remove();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:4878: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_remove=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_remove=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'remove`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  :
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+    if test $ac_cv_func_remove = no; then
+      echo $ac_n "checking for remove in -lposix""... $ac_c" 1>&6
+echo "configure:4899: checking for remove in -lposix" >&5
+ac_lib_var=`echo posix'_'remove | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lposix  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4907 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char remove();
+
+int main() {
+remove()
+; return 0; }
+EOF
+if { (eval echo configure:4918: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  X_EXTRA_LIBS="$X_EXTRA_LIBS -lposix"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+    fi
+
+    # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay.
+    echo $ac_n "checking for shmat""... $ac_c" 1>&6
+echo "configure:4942: checking for shmat" >&5
+if eval "test \"`echo '$''{'ac_cv_func_shmat'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 4947 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char shmat(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char shmat();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_shmat) || defined (__stub___shmat)
+choke me
+#else
+shmat();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:4970: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_shmat=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_shmat=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'shmat`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  :
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+    if test $ac_cv_func_shmat = no; then
+      echo $ac_n "checking for shmat in -lipc""... $ac_c" 1>&6
+echo "configure:4991: checking for shmat in -lipc" >&5
+ac_lib_var=`echo ipc'_'shmat | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lipc  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4999 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char shmat();
+
+int main() {
+shmat()
+; return 0; }
+EOF
+if { (eval echo configure:5010: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  X_EXTRA_LIBS="$X_EXTRA_LIBS -lipc"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+    fi
+  fi
+
+  # Check for libraries that X11R6 Xt/Xaw programs need.
+  ac_save_LDFLAGS="$LDFLAGS"
+  test -n "$x_libraries" && LDFLAGS="$LDFLAGS -L$x_libraries"
+  # SM needs ICE to (dynamically) link under SunOS 4.x (so we have to
+  # check for ICE first), but we must link in the order -lSM -lICE or
+  # we get undefined symbols.  So assume we have SM if we have ICE.
+  # These have to be linked with before -lX11, unlike the other
+  # libraries we check for below, so use a different variable.
+  #  --interran@uluru.Stanford.EDU, kb@cs.umb.edu.
+  echo $ac_n "checking for IceConnectionNumber in -lICE""... $ac_c" 1>&6
+echo "configure:5043: checking for IceConnectionNumber in -lICE" >&5
+ac_lib_var=`echo ICE'_'IceConnectionNumber | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lICE $X_EXTRA_LIBS $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 5051 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char IceConnectionNumber();
+
+int main() {
+IceConnectionNumber()
+; return 0; }
+EOF
+if { (eval echo configure:5062: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  X_PRE_LIBS="$X_PRE_LIBS -lSM -lICE"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+  LDFLAGS="$ac_save_LDFLAGS"
+
+fi
+
+
+# try to figure out if we need any additional ld flags, like -R
+# and yes, the autoconf X test is utterly broken
+if test "$no_x" != yes; then
+	echo $ac_n "checking for special X linker flags""... $ac_c" 1>&6
+echo "configure:5091: checking for special X linker flags" >&5
+if eval "test \"`echo '$''{'krb_cv_sys_x_libs_rpath'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+	ac_save_libs="$LIBS"
+	ac_save_cflags="$CFLAGS"
+	CFLAGS="$CFLAGS $X_CFLAGS"
+	krb_cv_sys_x_libs_rpath=""
+	krb_cv_sys_x_libs=""
+	for rflag in "" "-R" "-R " "-rpath "; do
+		if test "$rflag" = ""; then
+			foo="$X_LIBS"
+		else
+			foo=""
+			for flag in $X_LIBS; do
+			case $flag in
+			-L*)
+				foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`"
+				;;
+			*)
+				foo="$foo $flag"
+				;;
+			esac
+			done
+		fi
+		LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS"
+		if test "$cross_compiling" = yes; then
+    { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5122 "configure"
+#include "confdefs.h"
+
+		#include <X11/Xlib.h>
+		foo()
+		{
+		XOpenDisplay(NULL);
+		}
+		main()
+		{
+		return 0;
+		}
+		
+EOF
+if { (eval echo configure:5136: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  :
+fi
+rm -fr conftest*
+fi
+
+	done
+	LIBS="$ac_save_libs"
+	CFLAGS="$ac_save_cflags"
+	
+fi
+
+echo "$ac_t""$krb_cv_sys_x_libs_rpath" 1>&6
+	X_LIBS="$krb_cv_sys_x_libs"
+fi
+
+if test "$no_x" = "yes" ; then
+	MAKE_X_PROGS_BIN=""
+	MAKE_X_PROGS_LIBEXEC=""
+else
+	MAKE_X_PROGS_BIN='$(X_PROGS_BIN)'
+	MAKE_X_PROGS_LIBEXEC='$(X_PROGS_LIBEXEC)'
+fi
+
+
+save_CFLAGS="$CFLAGS"
+CFLAGS="$X_CFLAGS $CFLAGS"
+save_LIBS="$LIBS"
+LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+save_LDFLAGS="$LDFLAGS"
+LDFLAGS="$LDFLAGS $X_LIBS"
+
+
+
+
+
+echo $ac_n "checking for XauWriteAuth""... $ac_c" 1>&6
+echo "configure:5179: checking for XauWriteAuth" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_XauWriteAuth'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_XauWriteAuth\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" X11 Xau; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 5194 "configure"
+#include "confdefs.h"
+
+int main() {
+XauWriteAuth()
+; return 0; }
+EOF
+if { (eval echo configure:5201: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauWriteAuth=$ac_lib; else ac_cv_funclib_XauWriteAuth=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_XauWriteAuth=\${ac_cv_funclib_XauWriteAuth-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_XauWriteAuth"
+
+: << END
+@@@funcs="$funcs XauWriteAuth"@@@
+@@@libs="$libs "" X11 Xau"@@@
+END
+
+# XauWriteAuth
+eval "ac_tr_func=HAVE_`echo XauWriteAuth | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_XauWriteAuth=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_XauWriteAuth=yes"
+	eval "LIB_XauWriteAuth="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_XauWriteAuth=no"
+	eval "LIB_XauWriteAuth="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_XauWriteAuth=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+ac_xxx="$LIBS"
+LIBS="$LIB_XauWriteAuth $LIBS"
+
+
+
+echo $ac_n "checking for XauReadAuth""... $ac_c" 1>&6
+echo "configure:5266: checking for XauReadAuth" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_XauReadAuth'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_XauReadAuth\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" X11 Xau; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 5281 "configure"
+#include "confdefs.h"
+
+int main() {
+XauReadAuth()
+; return 0; }
+EOF
+if { (eval echo configure:5288: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauReadAuth=$ac_lib; else ac_cv_funclib_XauReadAuth=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_XauReadAuth=\${ac_cv_funclib_XauReadAuth-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_XauReadAuth"
+
+: << END
+@@@funcs="$funcs XauReadAuth"@@@
+@@@libs="$libs "" X11 Xau"@@@
+END
+
+# XauReadAuth
+eval "ac_tr_func=HAVE_`echo XauReadAuth | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_XauReadAuth=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_XauReadAuth=yes"
+	eval "LIB_XauReadAuth="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_XauReadAuth=no"
+	eval "LIB_XauReadAuth="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_XauReadAuth=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+LIBS="$LIB_XauReadAauth $LIBS"
+
+
+
+echo $ac_n "checking for XauFileName""... $ac_c" 1>&6
+echo "configure:5352: checking for XauFileName" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_XauFileName'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_XauFileName\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" X11 Xau; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 5367 "configure"
+#include "confdefs.h"
+
+int main() {
+XauFileName()
+; return 0; }
+EOF
+if { (eval echo configure:5374: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauFileName=$ac_lib; else ac_cv_funclib_XauFileName=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_XauFileName=\${ac_cv_funclib_XauFileName-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_XauFileName"
+
+: << END
+@@@funcs="$funcs XauFileName"@@@
+@@@libs="$libs "" X11 Xau"@@@
+END
+
+# XauFileName
+eval "ac_tr_func=HAVE_`echo XauFileName | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_XauFileName=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_XauFileName=yes"
+	eval "LIB_XauFileName="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_XauFileName=no"
+	eval "LIB_XauFileName="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_XauFileName=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+LIBS="$ac_xxx"
+
+case "$ac_cv_funclib_XauWriteAuth" in
+yes)	;;
+no)	;;
+*)	if test "$ac_cv_funclib_XauReadAuth" = yes; then
+		if test "$ac_cv_funclib_XauFileName" = yes; then
+			LIB_XauReadAuth="$LIB_XauWriteAuth"
+		else
+			LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName"
+		fi
+	else
+		if test "$ac_cv_funclib_XauFileName" = yes; then
+			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth"
+		else
+			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName"
+		fi
+	fi
+	;;
+esac
+
+if test "$AUTOMAKE" != ""; then
+	
+
+if test "$ac_cv_func_XauWriteAuth" != "yes"; then
+  NEED_WRITEAUTH_TRUE=
+  NEED_WRITEAUTH_FALSE='#'
+else
+  NEED_WRITEAUTH_TRUE='#'
+  NEED_WRITEAUTH_FALSE=
+fi
+else
+	
+	
+	if test "$ac_cv_func_XauWriteAuth" != "yes"; then
+		NEED_WRITEAUTH_TRUE=
+		NEED_WRITEAUTH_FALSE='#'
+	else
+		NEED_WRITEAUTH_TRUE='#'
+		NEED_WRITEAUTH_FALSE=
+	fi
+fi
+CFLAGS=$save_CFLAGS
+LIBS=$save_LIBS
+LDFLAGS=$save_LDFLAGS
+
+
+
+
+
+lib_dbm=no
+lib_db=no
+
+for i in "" $berkeley_db gdbm ndbm; do
+
+	if test "$i"; then
+		m="lib$i"
+		l="-l$i"
+	else
+		m="libc"
+		l=""
+	fi	
+
+	echo $ac_n "checking for dbm_open in $m""... $ac_c" 1>&6
+echo "configure:5497: checking for dbm_open in $m" >&5
+	if eval "test \"`echo '$''{'ac_cv_krb_dbm_open_$m'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+
+	save_LIBS="$LIBS"
+	LIBS="$l $LIBS"
+	if test "$cross_compiling" = yes; then
+  ac_res=no
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5509 "configure"
+#include "confdefs.h"
+
+#include <unistd.h>
+#include <fcntl.h>
+#if defined(HAVE_NDBM_H)
+#include <ndbm.h>
+#elif defined(HAVE_DBM_H)
+#include <dbm.h>
+#elif defined(HAVE_RPCSVC_DBM_H)
+#include <rpcsvc/dbm.h>
+#elif defined(HAVE_DB_H)
+#define DB_DBM_HSEARCH 1
+#include <db.h>
+#endif
+int main()
+{
+  DBM *d;
+
+  d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
+  if(d == NULL)
+    return 1;
+  dbm_close(d);
+  return 0;
+}
+EOF
+if { (eval echo configure:5535: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  
+	if test -f conftest.db; then
+		ac_res=db
+	else
+		ac_res=dbm
+	fi
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_res=no
+fi
+rm -fr conftest*
+fi
+
+
+	LIBS="$save_LIBS"
+
+	eval ac_cv_krb_dbm_open_$m=$ac_res
+fi
+
+	eval ac_res=\$ac_cv_krb_dbm_open_$m
+	echo "$ac_t""$ac_res" 1>&6
+
+	if test "$lib_dbm" = no -a $ac_res = dbm; then
+		lib_dbm="$l"
+	elif test "$lib_db" = no -a $ac_res = db; then
+		lib_db="$l"
+		break
+	fi
+done
+
+echo $ac_n "checking for NDBM library""... $ac_c" 1>&6
+echo "configure:5570: checking for NDBM library" >&5
+ac_ndbm=no
+if test "$lib_db" != no; then
+	LIB_DBM="$lib_db"
+	ac_ndbm=yes
+	cat >> confdefs.h <<\EOF
+#define HAVE_NEW_DB 1
+EOF
+
+	if test "$LIB_DBM"; then
+		ac_res="yes, $LIB_DBM"
+	else
+		ac_res=yes
+	fi
+elif test "$lib_dbm" != no; then
+	LIB_DBM="$lib_dbm"
+	ac_ndbm=yes
+	if test "$LIB_DBM"; then
+		ac_res="yes, $LIB_DBM"
+	else
+		ac_res=yes
+	fi
+else
+	LIB_DBM=""
+	ac_res=no
+fi
+test "$ac_ndbm" = yes && cat >> confdefs.h <<\EOF
+#define NDBM 1
+EOF
+
+DBLIB="$LIB_DBM"
+
+echo "$ac_t""$ac_res" 1>&6
+
+
+
+
+
+
+
+echo $ac_n "checking for syslog""... $ac_c" 1>&6
+echo "configure:5611: checking for syslog" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_syslog'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_syslog\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" syslog; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 5626 "configure"
+#include "confdefs.h"
+
+int main() {
+syslog()
+; return 0; }
+EOF
+if { (eval echo configure:5633: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_syslog=$ac_lib; else ac_cv_funclib_syslog=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_syslog=\${ac_cv_funclib_syslog-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_syslog"
+
+: << END
+@@@funcs="$funcs syslog"@@@
+@@@libs="$libs "" syslog"@@@
+END
+
+# syslog
+eval "ac_tr_func=HAVE_`echo syslog | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_syslog=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_syslog=yes"
+	eval "LIB_syslog="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_syslog=no"
+	eval "LIB_syslog="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_syslog=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+if test -n "$LIB_syslog"; then
+	LIBS="$LIB_syslog $LIBS"
+fi
+
+
+
+echo $ac_n "checking for working snprintf""... $ac_c" 1>&6
+echo "configure:5699: checking for working snprintf" >&5
+if eval "test \"`echo '$''{'ac_cv_func_snprintf_working'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_cv_func_snprintf_working=yes
+if test "$cross_compiling" = yes; then
+  :
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5708 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+#include <string.h>
+int main()
+{
+	char foo[3];
+	snprintf(foo, 2, "12");
+	return strcmp(foo, "1");
+}
+EOF
+if { (eval echo configure:5720: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  :
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_cv_func_snprintf_working=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$ac_cv_func_snprintf_working" 1>&6
+
+if test "$ac_cv_func_snprintf_working" = yes; then
+	cat >> confdefs.h <<EOF
+#define HAVE_SNPRINTF 1
+EOF
+
+fi
+if test "$ac_cv_func_snprintf_working" = yes; then
+
+if test "$ac_cv_func_snprintf+set" != set -o "$ac_cv_func_snprintf" = yes; then
+echo $ac_n "checking if snprintf needs a prototype""... $ac_c" 1>&6
+echo "configure:5746: checking if snprintf needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_snprintf_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5751 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+int main() {
+struct foo { int foo; } xx;
+extern int snprintf (struct foo*);
+snprintf(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:5761: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_snprintf_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_snprintf_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_snprintf_noproto" 1>&6
+
+if test "$ac_cv_func_snprintf_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_SNPRINTF_PROTO 1
+EOF
+
+fi
+
+fi
+
+fi
+
+
+echo $ac_n "checking for working glob""... $ac_c" 1>&6
+echo "configure:5788: checking for working glob" >&5
+if eval "test \"`echo '$''{'ac_cv_func_glob_working'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_cv_func_glob_working=yes
+cat > conftest.$ac_ext <<EOF
+#line 5794 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+#include <glob.h>
+int main() {
+
+glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE, NULL, NULL);
+
+; return 0; }
+EOF
+if { (eval echo configure:5805: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  :
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_func_glob_working=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_glob_working" 1>&6
+
+if test "$ac_cv_func_glob_working" = yes; then
+	cat >> confdefs.h <<\EOF
+#define HAVE_GLOB 1
+EOF
+
+fi
+if test "$ac_cv_func_glob_working" = yes; then
+
+if test "$ac_cv_func_glob+set" != set -o "$ac_cv_func_glob" = yes; then
+echo $ac_n "checking if glob needs a prototype""... $ac_c" 1>&6
+echo "configure:5829: checking if glob needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_glob_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5834 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+#include <glob.h>
+int main() {
+struct foo { int foo; } xx;
+extern int glob (struct foo*);
+glob(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:5845: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_glob_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_glob_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_glob_noproto" 1>&6
+
+if test "$ac_cv_func_glob_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_GLOB_PROTO 1
+EOF
+
+fi
+
+fi
+
+fi
+
+
+if test "$ac_cv_func_glob_working" != yes; then
+	EXTRA_LOCL_HEADERS="$EXTRA_LOCL_HEADERS glob.h"
+	LIBOBJS="$LIBOBJS glob.o"
+fi
+
+for ac_func in 				\
+	_getpty					\
+	_scrsize				\
+	_setsid					\
+	_stricmp				\
+	asnprintf				\
+	asprintf				\
+	atexit					\
+	cgetent					\
+	chroot					\
+	fattach					\
+	fchmod					\
+	fcntl					\
+	forkpty					\
+	frevoke					\
+	getpriority				\
+	getrlimit				\
+	getservbyname				\
+	getspnam				\
+	gettimeofday				\
+	gettosbyname				\
+	getuid					\
+	grantpt					\
+	mktime					\
+	on_exit					\
+	parsetos				\
+	ptsname					\
+	rand					\
+	random					\
+	revoke					\
+	setitimer				\
+	setpgid					\
+	setpriority				\
+	setproctitle				\
+	setregid				\
+	setresgid				\
+	setresuid				\
+	setreuid				\
+	setsid					\
+	setutent				\
+	sigaction				\
+	sysconf					\
+	sysctl					\
+	ttyname					\
+	ttyslot					\
+	ulimit					\
+	uname					\
+	unlockpt				\
+	vasnprintf				\
+	vasprintf				\
+	vhangup					\
+	vsnprintf				\
+	yp_get_default_domain			\
+	
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5932: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5937 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5960: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+
+
+for ac_hdr in capability.h sys/capability.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:5991: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5996 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:6001: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+for ac_func in sgi_getcapabilitybyname cap_set_proc
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6031: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6036 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6059: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+
+
+
+
+
+echo $ac_n "checking for getpwnam_r""... $ac_c" 1>&6
+echo "configure:6090: checking for getpwnam_r" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_getpwnam_r'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_getpwnam_r\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" c_r; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 6105 "configure"
+#include "confdefs.h"
+
+int main() {
+getpwnam_r()
+; return 0; }
+EOF
+if { (eval echo configure:6112: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_getpwnam_r=$ac_lib; else ac_cv_funclib_getpwnam_r=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_getpwnam_r=\${ac_cv_funclib_getpwnam_r-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_getpwnam_r"
+
+: << END
+@@@funcs="$funcs getpwnam_r"@@@
+@@@libs="$libs "" c_r"@@@
+END
+
+# getpwnam_r
+eval "ac_tr_func=HAVE_`echo getpwnam_r | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_getpwnam_r=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_getpwnam_r=yes"
+	eval "LIB_getpwnam_r="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_getpwnam_r=no"
+	eval "LIB_getpwnam_r="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_getpwnam_r=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+if test "$ac_cv_func_getpwnam_r" = yes; then
+	echo $ac_n "checking if getpwnam_r is posix""... $ac_c" 1>&6
+echo "configure:6173: checking if getpwnam_r is posix" >&5
+if eval "test \"`echo '$''{'ac_cv_func_getpwnam_r_posix'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_libs="$LIBS"
+	LIBS="$LIBS $LIB_getpwnam_r"
+	if test "$cross_compiling" = yes; then
+  :
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6183 "configure"
+#include "confdefs.h"
+
+#include <pwd.h>
+int main()
+{
+	struct passwd pw, *pwd;
+	return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
+}
+
+EOF
+if { (eval echo configure:6194: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  ac_cv_func_getpwnam_r_posix=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_cv_func_getpwnam_r_posix=no
+fi
+rm -fr conftest*
+fi
+
+LIBS="$ac_libs"
+fi
+
+echo "$ac_t""$ac_cv_func_getpwnam_r_posix" 1>&6
+if test "$ac_cv_func_getpwnam_r_posix" = yes; then
+	cat >> confdefs.h <<\EOF
+#define POSIX_GETPWNAM_R 1
+EOF
+
+fi
+fi
+
+
+
+
+
+echo $ac_n "checking for getsockopt""... $ac_c" 1>&6
+echo "configure:6223: checking for getsockopt" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_getsockopt'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_getsockopt\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" ; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 6238 "configure"
+#include "confdefs.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+int main() {
+getsockopt(0,0,0,0,0)
+; return 0; }
+EOF
+if { (eval echo configure:6250: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_getsockopt=$ac_lib; else ac_cv_funclib_getsockopt=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_getsockopt=\${ac_cv_funclib_getsockopt-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_getsockopt"
+
+: << END
+@@@funcs="$funcs getsockopt"@@@
+@@@libs="$libs "" "@@@
+END
+
+# getsockopt
+eval "ac_tr_func=HAVE_`echo getsockopt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_getsockopt=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_getsockopt=yes"
+	eval "LIB_getsockopt="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_getsockopt=no"
+	eval "LIB_getsockopt="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_getsockopt=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+
+
+
+echo $ac_n "checking for setsockopt""... $ac_c" 1>&6
+echo "configure:6313: checking for setsockopt" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_setsockopt'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_setsockopt\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" ; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 6328 "configure"
+#include "confdefs.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+int main() {
+setsockopt(0,0,0,0,0)
+; return 0; }
+EOF
+if { (eval echo configure:6340: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_setsockopt=$ac_lib; else ac_cv_funclib_setsockopt=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_setsockopt=\${ac_cv_funclib_setsockopt-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_setsockopt"
+
+: << END
+@@@funcs="$funcs setsockopt"@@@
+@@@libs="$libs "" "@@@
+END
+
+# setsockopt
+eval "ac_tr_func=HAVE_`echo setsockopt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_setsockopt=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_setsockopt=yes"
+	eval "LIB_setsockopt="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_setsockopt=no"
+	eval "LIB_setsockopt="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_setsockopt=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+
+for ac_func in getudbnam setlim
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6403: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6408 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6431: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+
+
+
+
+echo $ac_n "checking for res_search""... $ac_c" 1>&6
+echo "configure:6461: checking for res_search" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_res_search'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_res_search\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" resolv; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 6476 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+
+int main() {
+res_search(0,0,0,0,0)
+; return 0; }
+EOF
+if { (eval echo configure:6497: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_search=$ac_lib; else ac_cv_funclib_res_search=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_res_search=\${ac_cv_funclib_res_search-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_res_search"
+
+: << END
+@@@funcs="$funcs res_search"@@@
+@@@libs="$libs "" resolv"@@@
+END
+
+# res_search
+eval "ac_tr_func=HAVE_`echo res_search | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_res_search=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_res_search=yes"
+	eval "LIB_res_search="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_res_search=no"
+	eval "LIB_res_search="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_res_search=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+if test -n "$LIB_res_search"; then
+	LIBS="$LIB_res_search $LIBS"
+fi
+
+
+
+
+
+
+echo $ac_n "checking for dn_expand""... $ac_c" 1>&6
+echo "configure:6566: checking for dn_expand" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_dn_expand'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_dn_expand\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" resolv; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 6581 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+
+int main() {
+dn_expand(0,0,0,0,0)
+; return 0; }
+EOF
+if { (eval echo configure:6602: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dn_expand=$ac_lib; else ac_cv_funclib_dn_expand=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_dn_expand=\${ac_cv_funclib_dn_expand-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_dn_expand"
+
+: << END
+@@@funcs="$funcs dn_expand"@@@
+@@@libs="$libs "" resolv"@@@
+END
+
+# dn_expand
+eval "ac_tr_func=HAVE_`echo dn_expand | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_dn_expand=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_dn_expand=yes"
+	eval "LIB_dn_expand="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_dn_expand=no"
+	eval "LIB_dn_expand="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_dn_expand=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+if test -n "$LIB_dn_expand"; then
+	LIBS="$LIB_dn_expand $LIBS"
+fi
+
+
+
+for ac_hdr in unistd.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:6671: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6676 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:6681: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in getpagesize
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6710: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6715 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6738: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+echo $ac_n "checking for working mmap""... $ac_c" 1>&6
+echo "configure:6763: checking for working mmap" >&5
+if eval "test \"`echo '$''{'ac_cv_func_mmap_fixed_mapped'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_mmap_fixed_mapped=no
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6771 "configure"
+#include "confdefs.h"
+
+/* Thanks to Mike Haertel and Jim Avera for this test.
+   Here is a matrix of mmap possibilities:
+	mmap private not fixed
+	mmap private fixed at somewhere currently unmapped
+	mmap private fixed at somewhere already mapped
+	mmap shared not fixed
+	mmap shared fixed at somewhere currently unmapped
+	mmap shared fixed at somewhere already mapped
+   For private mappings, we should verify that changes cannot be read()
+   back from the file, nor mmap's back from the file at a different
+   address.  (There have been systems where private was not correctly
+   implemented like the infamous i386 svr4.0, and systems where the
+   VM page cache was not coherent with the filesystem buffer cache
+   like early versions of FreeBSD and possibly contemporary NetBSD.)
+   For shared mappings, we should conversely verify that changes get
+   propogated back to all the places they're supposed to be.
+
+   Grep wants private fixed already mapped.
+   The main things grep needs to know about mmap are:
+   * does it exist and is it safe to write into the mmap'd area
+   * how to use it (BSD variants)  */
+#include <sys/types.h>
+#include <fcntl.h>
+#include <sys/mman.h>
+
+/* This mess was copied from the GNU getpagesize.h.  */
+#ifndef HAVE_GETPAGESIZE
+# ifdef HAVE_UNISTD_H
+#  include <unistd.h>
+# endif
+
+/* Assume that all systems that can run configure have sys/param.h.  */
+# ifndef HAVE_SYS_PARAM_H
+#  define HAVE_SYS_PARAM_H 1
+# endif
+
+# ifdef _SC_PAGESIZE
+#  define getpagesize() sysconf(_SC_PAGESIZE)
+# else /* no _SC_PAGESIZE */
+#  ifdef HAVE_SYS_PARAM_H
+#   include <sys/param.h>
+#   ifdef EXEC_PAGESIZE
+#    define getpagesize() EXEC_PAGESIZE
+#   else /* no EXEC_PAGESIZE */
+#    ifdef NBPG
+#     define getpagesize() NBPG * CLSIZE
+#     ifndef CLSIZE
+#      define CLSIZE 1
+#     endif /* no CLSIZE */
+#    else /* no NBPG */
+#     ifdef NBPC
+#      define getpagesize() NBPC
+#     else /* no NBPC */
+#      ifdef PAGESIZE
+#       define getpagesize() PAGESIZE
+#      endif /* PAGESIZE */
+#     endif /* no NBPC */
+#    endif /* no NBPG */
+#   endif /* no EXEC_PAGESIZE */
+#  else /* no HAVE_SYS_PARAM_H */
+#   define getpagesize() 8192	/* punt totally */
+#  endif /* no HAVE_SYS_PARAM_H */
+# endif /* no _SC_PAGESIZE */
+
+#endif /* no HAVE_GETPAGESIZE */
+
+#ifdef __cplusplus
+extern "C" { void *malloc(unsigned); }
+#else
+char *malloc();
+#endif
+
+int
+main()
+{
+	char *data, *data2, *data3;
+	int i, pagesize;
+	int fd;
+
+	pagesize = getpagesize();
+
+	/*
+	 * First, make a file with some known garbage in it.
+	 */
+	data = malloc(pagesize);
+	if (!data)
+		exit(1);
+	for (i = 0; i < pagesize; ++i)
+		*(data + i) = rand();
+	umask(0);
+	fd = creat("conftestmmap", 0600);
+	if (fd < 0)
+		exit(1);
+	if (write(fd, data, pagesize) != pagesize)
+		exit(1);
+	close(fd);
+
+	/*
+	 * Next, try to mmap the file at a fixed address which
+	 * already has something else allocated at it.  If we can,
+	 * also make sure that we see the same garbage.
+	 */
+	fd = open("conftestmmap", O_RDWR);
+	if (fd < 0)
+		exit(1);
+	data2 = malloc(2 * pagesize);
+	if (!data2)
+		exit(1);
+	data2 += (pagesize - ((int) data2 & (pagesize - 1))) & (pagesize - 1);
+	if (data2 != mmap(data2, pagesize, PROT_READ | PROT_WRITE,
+	    MAP_PRIVATE | MAP_FIXED, fd, 0L))
+		exit(1);
+	for (i = 0; i < pagesize; ++i)
+		if (*(data + i) != *(data2 + i))
+			exit(1);
+
+	/*
+	 * Finally, make sure that changes to the mapped area
+	 * do not percolate back to the file as seen by read().
+	 * (This is a bug on some variants of i386 svr4.0.)
+	 */
+	for (i = 0; i < pagesize; ++i)
+		*(data2 + i) = *(data2 + i) + 1;
+	data3 = malloc(pagesize);
+	if (!data3)
+		exit(1);
+	if (read(fd, data3, pagesize) != pagesize)
+		exit(1);
+	for (i = 0; i < pagesize; ++i)
+		if (*(data + i) != *(data3 + i))
+			exit(1);
+	close(fd);
+	unlink("conftestmmap");
+	exit(0);
+}
+
+EOF
+if { (eval echo configure:6911: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  ac_cv_func_mmap_fixed_mapped=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_cv_func_mmap_fixed_mapped=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$ac_cv_func_mmap_fixed_mapped" 1>&6
+if test $ac_cv_func_mmap_fixed_mapped = yes; then
+  cat >> confdefs.h <<\EOF
+#define HAVE_MMAP 1
+EOF
+
+fi
+
+# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works
+# for constant arguments.  Useless!
+echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6
+echo "configure:6936: checking for working alloca.h" >&5
+if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6941 "configure"
+#include "confdefs.h"
+#include <alloca.h>
+int main() {
+char *p = alloca(2 * sizeof(int));
+; return 0; }
+EOF
+if { (eval echo configure:6948: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  ac_cv_header_alloca_h=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_header_alloca_h=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_header_alloca_h" 1>&6
+if test $ac_cv_header_alloca_h = yes; then
+  cat >> confdefs.h <<\EOF
+#define HAVE_ALLOCA_H 1
+EOF
+
+fi
+
+echo $ac_n "checking for alloca""... $ac_c" 1>&6
+echo "configure:6969: checking for alloca" >&5
+if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6974 "configure"
+#include "confdefs.h"
+
+#ifdef __GNUC__
+# define alloca __builtin_alloca
+#else
+# ifdef _MSC_VER
+#  include <malloc.h>
+#  define alloca _alloca
+# else
+#  if HAVE_ALLOCA_H
+#   include <alloca.h>
+#  else
+#   ifdef _AIX
+ #pragma alloca
+#   else
+#    ifndef alloca /* predefined by HP cc +Olibcalls */
+char *alloca ();
+#    endif
+#   endif
+#  endif
+# endif
+#endif
+
+int main() {
+char *p = (char *) alloca(1);
+; return 0; }
+EOF
+if { (eval echo configure:7002: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  ac_cv_func_alloca_works=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_func_alloca_works=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_alloca_works" 1>&6
+if test $ac_cv_func_alloca_works = yes; then
+  cat >> confdefs.h <<\EOF
+#define HAVE_ALLOCA 1
+EOF
+
+fi
+
+if test $ac_cv_func_alloca_works = no; then
+  # The SVR3 libPW and SVR4 libucb both contain incompatible functions
+  # that cause trouble.  Some versions do not even contain alloca or
+  # contain a buggy version.  If you still want to use their alloca,
+  # use ar to extract alloca.o from them instead of compiling alloca.c.
+  ALLOCA=alloca.${ac_objext}
+  cat >> confdefs.h <<\EOF
+#define C_ALLOCA 1
+EOF
+
+
+echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6
+echo "configure:7034: checking whether alloca needs Cray hooks" >&5
+if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7039 "configure"
+#include "confdefs.h"
+#if defined(CRAY) && ! defined(CRAY2)
+webecray
+#else
+wenotbecray
+#endif
+
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "webecray" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_os_cray=yes
+else
+  rm -rf conftest*
+  ac_cv_os_cray=no
+fi
+rm -f conftest*
+
+fi
+
+echo "$ac_t""$ac_cv_os_cray" 1>&6
+if test $ac_cv_os_cray = yes; then
+for ac_func in _getb67 GETB67 getb67; do
+  echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7064: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7069 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7092: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  cat >> confdefs.h <<EOF
+#define CRAY_STACKSEG_END $ac_func
+EOF
+
+  break
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+done
+fi
+
+echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6
+echo "configure:7119: checking stack direction for C alloca" >&5
+if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_c_stack_direction=0
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7127 "configure"
+#include "confdefs.h"
+find_stack_direction ()
+{
+  static char *addr = 0;
+  auto char dummy;
+  if (addr == 0)
+    {
+      addr = &dummy;
+      return find_stack_direction ();
+    }
+  else
+    return (&dummy > addr) ? 1 : -1;
+}
+main ()
+{
+  exit (find_stack_direction() < 0);
+}
+EOF
+if { (eval echo configure:7146: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  ac_cv_c_stack_direction=1
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_cv_c_stack_direction=-1
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$ac_cv_c_stack_direction" 1>&6
+cat >> confdefs.h <<EOF
+#define STACK_DIRECTION $ac_cv_c_stack_direction
+EOF
+
+fi
+
+
+
+for ac_func in getlogin setlogin
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7172: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7177 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7200: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+if test "$ac_cv_func_getlogin" = yes; then
+echo $ac_n "checking if getlogin is posix""... $ac_c" 1>&6
+echo "configure:7226: checking if getlogin is posix" >&5
+if eval "test \"`echo '$''{'ac_cv_func_getlogin_posix'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then
+	ac_cv_func_getlogin_posix=no
+else
+	ac_cv_func_getlogin_posix=yes
+fi
+
+fi
+
+echo "$ac_t""$ac_cv_func_getlogin_posix" 1>&6
+if test "$ac_cv_func_getlogin_posix" = yes; then
+	cat >> confdefs.h <<\EOF
+#define POSIX_GETLOGIN 1
+EOF
+
+fi
+fi
+
+
+
+
+
+
+echo $ac_n "checking for hstrerror""... $ac_c" 1>&6
+echo "configure:7254: checking for hstrerror" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_hstrerror'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_hstrerror\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" resolv; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 7269 "configure"
+#include "confdefs.h"
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+int main() {
+hstrerror(17)
+; return 0; }
+EOF
+if { (eval echo configure:7278: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_hstrerror=$ac_lib; else ac_cv_funclib_hstrerror=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_hstrerror=\${ac_cv_funclib_hstrerror-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_hstrerror"
+
+: << END
+@@@funcs="$funcs hstrerror"@@@
+@@@libs="$libs "" resolv"@@@
+END
+
+# hstrerror
+eval "ac_tr_func=HAVE_`echo hstrerror | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_hstrerror=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_hstrerror=yes"
+	eval "LIB_hstrerror="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_hstrerror=no"
+	eval "LIB_hstrerror="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_hstrerror=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+if test -n "$LIB_hstrerror"; then
+	LIBS="$LIB_hstrerror $LIBS"
+fi
+
+if eval "test \"$ac_cv_func_hstrerror\" != yes"; then
+LIBOBJS="$LIBOBJS hstrerror.o"
+fi
+
+if test "$ac_cv_func_hstrerror" = yes; then
+
+if test "$ac_cv_func_hstrerror+set" != set -o "$ac_cv_func_hstrerror" = yes; then
+echo $ac_n "checking if hstrerror needs a prototype""... $ac_c" 1>&6
+echo "configure:7349: checking if hstrerror needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_hstrerror_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7354 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+int main() {
+struct foo { int foo; } xx;
+extern int hstrerror (struct foo*);
+hstrerror(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:7367: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_hstrerror_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_hstrerror_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_hstrerror_noproto" 1>&6
+
+if test "$ac_cv_func_hstrerror_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_HSTRERROR_PROTO 1
+EOF
+
+fi
+
+fi
+
+fi
+
+for ac_func in chown copyhostent daemon err errx fchown flock fnmatch freehostent
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7395: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7400 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7423: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+: << END
+@@@funcs="$funcs chown copyhostent daemon err errx fchown flock fnmatch freehostent"@@@
+END
+done
+
+for ac_func in getcwd getdtablesize gethostname getipnodebyaddr getipnodebyname
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7456: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7461 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7484: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+: << END
+@@@funcs="$funcs getcwd getdtablesize gethostname getipnodebyaddr getipnodebyname"@@@
+END
+done
+
+for ac_func in geteuid getgid getegid
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7517: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7522 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7545: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+: << END
+@@@funcs="$funcs geteuid getgid getegid"@@@
+END
+done
+
+for ac_func in getopt getusershell
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7578: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7583 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7606: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+: << END
+@@@funcs="$funcs getopt getusershell"@@@
+END
+done
+
+for ac_func in inet_aton inet_ntop inet_pton initgroups innetgr iruserok lstat
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7639: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7644 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7667: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+: << END
+@@@funcs="$funcs inet_aton inet_ntop inet_pton initgroups innetgr iruserok lstat"@@@
+END
+done
+
+for ac_func in memmove
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7700: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7705 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7728: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+: << END
+@@@funcs="$funcs memmove"@@@
+END
+done
+
+for ac_func in mkstemp putenv rcmd readv recvmsg sendmsg setegid setenv seteuid
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7761: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7766 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+: << END
+@@@funcs="$funcs mkstemp putenv rcmd readv recvmsg sendmsg setegid setenv seteuid"@@@
+END
+done
+
+for ac_func in strcasecmp strncasecmp strdup strerror strftime
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7822: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7827 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7850: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+: << END
+@@@funcs="$funcs strcasecmp strncasecmp strdup strerror strftime"@@@
+END
+done
+
+for ac_func in strlcat strlcpy strlwr
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7883: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7888 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7911: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+: << END
+@@@funcs="$funcs strlcat strlcpy strlwr"@@@
+END
+done
+
+for ac_func in strndup strnlen strptime strsep strtok_r strupr
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7944: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7949 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7972: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+: << END
+@@@funcs="$funcs strndup strnlen strptime strsep strtok_r strupr"@@@
+END
+done
+
+for ac_func in swab unsetenv verr verrx vsyslog
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:8005: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8010 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:8033: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+: << END
+@@@funcs="$funcs swab unsetenv verr verrx vsyslog"@@@
+END
+done
+
+for ac_func in vwarn vwarnx warn warnx writev
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:8066: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8071 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:8094: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+: << END
+@@@funcs="$funcs vwarn vwarnx warn warnx writev"@@@
+END
+done
+
+
+if test "$ac_cv_func_gethostname" = "yes"; then
+
+if test "$ac_cv_func_gethostname+set" != set -o "$ac_cv_func_gethostname" = yes; then
+echo $ac_n "checking if gethostname needs a prototype""... $ac_c" 1>&6
+echo "configure:8129: checking if gethostname needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_gethostname_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8134 "configure"
+#include "confdefs.h"
+
+#include <unistd.h>
+int main() {
+struct foo { int foo; } xx;
+extern int gethostname (struct foo*);
+gethostname(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:8145: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_gethostname_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_gethostname_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_gethostname_noproto" 1>&6
+
+if test "$ac_cv_func_gethostname_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_GETHOSTNAME_PROTO 1
+EOF
+
+fi
+
+fi
+
+fi
+
+if test "$ac_cv_func_mkstemp" = "yes"; then
+
+if test "$ac_cv_func_mkstemp+set" != set -o "$ac_cv_func_mkstemp" = yes; then
+echo $ac_n "checking if mkstemp needs a prototype""... $ac_c" 1>&6
+echo "configure:8174: checking if mkstemp needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_mkstemp_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8179 "configure"
+#include "confdefs.h"
+
+#include <unistd.h>
+int main() {
+struct foo { int foo; } xx;
+extern int mkstemp (struct foo*);
+mkstemp(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:8190: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_mkstemp_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_mkstemp_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_mkstemp_noproto" 1>&6
+
+if test "$ac_cv_func_mkstemp_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_MKSTEMP_PROTO 1
+EOF
+
+fi
+
+fi
+
+fi
+
+if test "$ac_cv_func_inet_aton" = "yes"; then
+
+if test "$ac_cv_func_inet_aton+set" != set -o "$ac_cv_func_inet_aton" = yes; then
+echo $ac_n "checking if inet_aton needs a prototype""... $ac_c" 1>&6
+echo "configure:8219: checking if inet_aton needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_inet_aton_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8224 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+int main() {
+struct foo { int foo; } xx;
+extern int inet_aton (struct foo*);
+inet_aton(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:8246: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_inet_aton_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_inet_aton_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_inet_aton_noproto" 1>&6
+
+if test "$ac_cv_func_inet_aton_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_INET_ATON_PROTO 1
+EOF
+
+fi
+
+fi
+
+fi
+
+echo $ac_n "checking if realloc is broken""... $ac_c" 1>&6
+echo "configure:8272: checking if realloc is broken" >&5
+if eval "test \"`echo '$''{'ac_cv_func_realloc_broken'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+ac_cv_func_realloc_broken=no
+if test "$cross_compiling" = yes; then
+  :
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8282 "configure"
+#include "confdefs.h"
+
+#include <stddef.h>
+#include <stdlib.h>
+
+int main()
+{
+	return realloc(NULL, 17) == NULL;
+}
+
+EOF
+if { (eval echo configure:8294: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  :
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_cv_func_realloc_broken=yes
+fi
+rm -fr conftest*
+fi
+
+
+fi
+
+echo "$ac_t""$ac_cv_func_realloc_broken" 1>&6
+if test "$ac_cv_func_realloc_broken" = yes ; then
+	cat >> confdefs.h <<\EOF
+#define BROKEN_REALLOC 1
+EOF
+
+fi
+
+
+if test "$ac_cv_func_getcwd" = yes; then
+echo $ac_n "checking if getcwd is broken""... $ac_c" 1>&6
+echo "configure:8320: checking if getcwd is broken" >&5
+if eval "test \"`echo '$''{'ac_cv_func_getcwd_broken'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+ac_cv_func_getcwd_broken=no
+
+if test "$cross_compiling" = yes; then
+  :
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8331 "configure"
+#include "confdefs.h"
+
+#include <errno.h>
+char *getcwd(char*, int);
+
+void *popen(char *cmd, char *mode)
+{
+	errno = ENOTTY;
+	return 0;
+}
+
+int main()
+{
+	char *ret;
+	ret = getcwd(0, 1024);
+	if(ret == 0 && errno == ENOTTY)
+		return 0;
+	return 1;
+}
+
+EOF
+if { (eval echo configure:8353: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  ac_cv_func_getcwd_broken=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  :
+fi
+rm -fr conftest*
+fi
+
+
+fi
+
+if test "$ac_cv_func_getcwd_broken" = yes; then
+	cat >> confdefs.h <<\EOF
+#define BROKEN_GETCWD 1
+EOF
+	LIBOBJS="$LIBOBJS getcwd.o"
+		echo "$ac_t""$ac_cv_func_getcwd_broken" 1>&6
+else
+	echo "$ac_t""seems ok" 1>&6
+fi
+fi
+
+
+
+echo $ac_n "checking which authentication modules should be built""... $ac_c" 1>&6
+echo "configure:8382: checking which authentication modules should be built" >&5
+
+LIB_AUTH_SUBDIRS=
+
+if test "$ac_cv_header_siad_h" = yes; then
+	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
+fi
+
+if test "$ac_cv_header_security_pam_modules_h" = yes -a "$enable_shared" = yes; then
+	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
+fi
+
+case "${host}" in
+*-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
+esac
+
+echo "$ac_t""$LIB_AUTH_SUBDIRS" 1>&6
+
+
+
+echo $ac_n "checking for tunnel devices""... $ac_c" 1>&6
+echo "configure:8403: checking for tunnel devices" >&5
+
+APPL_KIP_DIR=
+
+if test "$ac_cv_header_net_if_tun_h" = "yes"; then
+	APPL_KIP_DIR=kip
+fi
+
+echo "$ac_t""$ac_cv_header_net_if_tun_h" 1>&6
+
+
+
+
+echo $ac_n "checking if gethostbyname is compatible with system prototype""... $ac_c" 1>&6
+echo "configure:8417: checking if gethostbyname is compatible with system prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_gethostbyname_proto_compat'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8422 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+int main() {
+struct hostent *gethostbyname(const char *);
+; return 0; }
+EOF
+if { (eval echo configure:8445: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_gethostbyname_proto_compat=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_gethostbyname_proto_compat=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_gethostbyname_proto_compat" 1>&6
+
+if test "$ac_cv_func_gethostbyname_proto_compat" = yes; then
+	cat >> confdefs.h <<\EOF
+#define GETHOSTBYNAME_PROTO_COMPATIBLE 1
+EOF
+
+fi
+
+
+
+
+echo $ac_n "checking if gethostbyaddr is compatible with system prototype""... $ac_c" 1>&6
+echo "configure:8470: checking if gethostbyaddr is compatible with system prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_gethostbyaddr_proto_compat'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8475 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+int main() {
+struct hostent *gethostbyaddr(const void *, size_t, int);
+; return 0; }
+EOF
+if { (eval echo configure:8498: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_gethostbyaddr_proto_compat=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_gethostbyaddr_proto_compat=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_gethostbyaddr_proto_compat" 1>&6
+
+if test "$ac_cv_func_gethostbyaddr_proto_compat" = yes; then
+	cat >> confdefs.h <<\EOF
+#define GETHOSTBYADDR_PROTO_COMPATIBLE 1
+EOF
+
+fi
+
+
+
+
+echo $ac_n "checking if getservbyname is compatible with system prototype""... $ac_c" 1>&6
+echo "configure:8523: checking if getservbyname is compatible with system prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_getservbyname_proto_compat'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8528 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+int main() {
+struct servent *getservbyname(const char *, const char *);
+; return 0; }
+EOF
+if { (eval echo configure:8551: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_getservbyname_proto_compat=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_getservbyname_proto_compat=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_getservbyname_proto_compat" 1>&6
+
+if test "$ac_cv_func_getservbyname_proto_compat" = yes; then
+	cat >> confdefs.h <<\EOF
+#define GETSERVBYNAME_PROTO_COMPATIBLE 1
+EOF
+
+fi
+
+
+
+
+echo $ac_n "checking if openlog is compatible with system prototype""... $ac_c" 1>&6
+echo "configure:8576: checking if openlog is compatible with system prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_openlog_proto_compat'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8581 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+
+int main() {
+void openlog(const char *, int, int);
+; return 0; }
+EOF
+if { (eval echo configure:8592: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_openlog_proto_compat=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_openlog_proto_compat=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_openlog_proto_compat" 1>&6
+
+if test "$ac_cv_func_openlog_proto_compat" = yes; then
+	cat >> confdefs.h <<\EOF
+#define OPENLOG_PROTO_COMPATIBLE 1
+EOF
+
+fi
+
+
+
+
+if test "$ac_cv_func_crypt+set" != set -o "$ac_cv_func_crypt" = yes; then
+echo $ac_n "checking if crypt needs a prototype""... $ac_c" 1>&6
+echo "configure:8618: checking if crypt needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_crypt_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8623 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+int main() {
+struct foo { int foo; } xx;
+extern int crypt (struct foo*);
+crypt(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:8640: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_crypt_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_crypt_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_crypt_noproto" 1>&6
+
+if test "$ac_cv_func_crypt_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_CRYPT_PROTO 1
+EOF
+
+fi
+
+fi
+
+
+
+if test "$ac_cv_func_fclose+set" != set -o "$ac_cv_func_fclose" = yes; then
+echo $ac_n "checking if fclose needs a prototype""... $ac_c" 1>&6
+echo "configure:8667: checking if fclose needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_fclose_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8672 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+
+int main() {
+struct foo { int foo; } xx;
+extern int fclose (struct foo*);
+fclose(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:8684: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_fclose_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_fclose_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_fclose_noproto" 1>&6
+
+if test "$ac_cv_func_fclose_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_FCLOSE_PROTO 1
+EOF
+
+fi
+
+fi
+
+
+
+if test "$ac_cv_func_strtok_r+set" != set -o "$ac_cv_func_strtok_r" = yes; then
+echo $ac_n "checking if strtok_r needs a prototype""... $ac_c" 1>&6
+echo "configure:8711: checking if strtok_r needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_strtok_r_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8716 "configure"
+#include "confdefs.h"
+
+#include <string.h>
+
+int main() {
+struct foo { int foo; } xx;
+extern int strtok_r (struct foo*);
+strtok_r(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:8728: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_strtok_r_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_strtok_r_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_strtok_r_noproto" 1>&6
+
+if test "$ac_cv_func_strtok_r_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_STRTOK_R_PROTO 1
+EOF
+
+fi
+
+fi
+
+
+
+if test "$ac_cv_func_strsep+set" != set -o "$ac_cv_func_strsep" = yes; then
+echo $ac_n "checking if strsep needs a prototype""... $ac_c" 1>&6
+echo "configure:8755: checking if strsep needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_strsep_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8760 "configure"
+#include "confdefs.h"
+
+#include <string.h>
+
+int main() {
+struct foo { int foo; } xx;
+extern int strsep (struct foo*);
+strsep(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:8772: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_strsep_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_strsep_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_strsep_noproto" 1>&6
+
+if test "$ac_cv_func_strsep_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_STRSEP_PROTO 1
+EOF
+
+fi
+
+fi
+
+
+
+if test "$ac_cv_func_getusershell+set" != set -o "$ac_cv_func_getusershell" = yes; then
+echo $ac_n "checking if getusershell needs a prototype""... $ac_c" 1>&6
+echo "configure:8799: checking if getusershell needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_getusershell_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8804 "configure"
+#include "confdefs.h"
+
+#include <unistd.h>
+
+int main() {
+struct foo { int foo; } xx;
+extern int getusershell (struct foo*);
+getusershell(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:8816: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_getusershell_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_getusershell_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_getusershell_noproto" 1>&6
+
+if test "$ac_cv_func_getusershell_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_GETUSERSHELL_PROTO 1
+EOF
+
+fi
+
+fi
+
+
+
+if test "$ac_cv_func_utime+set" != set -o "$ac_cv_func_utime" = yes; then
+echo $ac_n "checking if utime needs a prototype""... $ac_c" 1>&6
+echo "configure:8843: checking if utime needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_utime_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8848 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_UTIME_H
+#include <utime.h>
+#endif
+
+int main() {
+struct foo { int foo; } xx;
+extern int utime (struct foo*);
+utime(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:8862: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_utime_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_utime_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_utime_noproto" 1>&6
+
+if test "$ac_cv_func_utime_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_UTIME_PROTO 1
+EOF
+
+fi
+
+fi
+
+
+
+echo $ac_n "checking for h_errno""... $ac_c" 1>&6
+echo "configure:8888: checking for h_errno" >&5
+if eval "test \"`echo '$''{'ac_cv_var_h_errno'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 8894 "configure"
+#include "confdefs.h"
+extern int h_errno;
+int foo() { return h_errno; }
+int main() {
+foo()
+; return 0; }
+EOF
+if { (eval echo configure:8902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  ac_cv_var_h_errno=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_var_h_errno=no
+fi
+rm -f conftest*
+
+fi
+
+
+
+echo "$ac_t""`eval echo \\$ac_cv_var_h_errno`" 1>&6
+if test `eval echo \\$ac_cv_var_h_errno` = yes; then
+	cat >> confdefs.h <<EOF
+#define HAVE_H_ERRNO 1
+EOF
+
+	
+echo $ac_n "checking if h_errno is properly declared""... $ac_c" 1>&6
+echo "configure:8925: checking if h_errno is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_h_errno_declaration'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 8931 "configure"
+#include "confdefs.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+extern struct { int foo; } h_errno;
+int main() {
+h_errno.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:8944: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_var_h_errno_declaration=no"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_var_h_errno_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+
+
+echo "$ac_t""$ac_cv_var_h_errno_declaration" 1>&6
+if eval "test \"\$ac_cv_var_h_errno_declaration\" = yes"; then
+	cat >> confdefs.h <<\EOF
+#define HAVE_H_ERRNO_DECLARATION 1
+EOF
+
+fi
+
+
+fi
+
+
+
+
+echo $ac_n "checking for h_errlist""... $ac_c" 1>&6
+echo "configure:8975: checking for h_errlist" >&5
+if eval "test \"`echo '$''{'ac_cv_var_h_errlist'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 8981 "configure"
+#include "confdefs.h"
+extern int h_errlist;
+int foo() { return h_errlist; }
+int main() {
+foo()
+; return 0; }
+EOF
+if { (eval echo configure:8989: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  ac_cv_var_h_errlist=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_var_h_errlist=no
+fi
+rm -f conftest*
+
+fi
+
+
+
+echo "$ac_t""`eval echo \\$ac_cv_var_h_errlist`" 1>&6
+if test `eval echo \\$ac_cv_var_h_errlist` = yes; then
+	cat >> confdefs.h <<EOF
+#define HAVE_H_ERRLIST 1
+EOF
+
+	
+echo $ac_n "checking if h_errlist is properly declared""... $ac_c" 1>&6
+echo "configure:9012: checking if h_errlist is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_h_errlist_declaration'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9018 "configure"
+#include "confdefs.h"
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+extern struct { int foo; } h_errlist;
+int main() {
+h_errlist.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:9028: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_var_h_errlist_declaration=no"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_var_h_errlist_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+
+
+echo "$ac_t""$ac_cv_var_h_errlist_declaration" 1>&6
+if eval "test \"\$ac_cv_var_h_errlist_declaration\" = yes"; then
+	cat >> confdefs.h <<\EOF
+#define HAVE_H_ERRLIST_DECLARATION 1
+EOF
+
+fi
+
+
+fi
+
+
+
+
+echo $ac_n "checking for h_nerr""... $ac_c" 1>&6
+echo "configure:9059: checking for h_nerr" >&5
+if eval "test \"`echo '$''{'ac_cv_var_h_nerr'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9065 "configure"
+#include "confdefs.h"
+extern int h_nerr;
+int foo() { return h_nerr; }
+int main() {
+foo()
+; return 0; }
+EOF
+if { (eval echo configure:9073: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  ac_cv_var_h_nerr=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_var_h_nerr=no
+fi
+rm -f conftest*
+
+fi
+
+
+
+echo "$ac_t""`eval echo \\$ac_cv_var_h_nerr`" 1>&6
+if test `eval echo \\$ac_cv_var_h_nerr` = yes; then
+	cat >> confdefs.h <<EOF
+#define HAVE_H_NERR 1
+EOF
+
+	
+echo $ac_n "checking if h_nerr is properly declared""... $ac_c" 1>&6
+echo "configure:9096: checking if h_nerr is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_h_nerr_declaration'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9102 "configure"
+#include "confdefs.h"
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+extern struct { int foo; } h_nerr;
+int main() {
+h_nerr.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:9112: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_var_h_nerr_declaration=no"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_var_h_nerr_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+
+
+echo "$ac_t""$ac_cv_var_h_nerr_declaration" 1>&6
+if eval "test \"\$ac_cv_var_h_nerr_declaration\" = yes"; then
+	cat >> confdefs.h <<\EOF
+#define HAVE_H_NERR_DECLARATION 1
+EOF
+
+fi
+
+
+fi
+
+
+
+
+echo $ac_n "checking for __progname""... $ac_c" 1>&6
+echo "configure:9143: checking for __progname" >&5
+if eval "test \"`echo '$''{'ac_cv_var___progname'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9149 "configure"
+#include "confdefs.h"
+extern int __progname;
+int foo() { return __progname; }
+int main() {
+foo()
+; return 0; }
+EOF
+if { (eval echo configure:9157: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  ac_cv_var___progname=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_var___progname=no
+fi
+rm -f conftest*
+
+fi
+
+
+
+echo "$ac_t""`eval echo \\$ac_cv_var___progname`" 1>&6
+if test `eval echo \\$ac_cv_var___progname` = yes; then
+	cat >> confdefs.h <<EOF
+#define HAVE___PROGNAME 1
+EOF
+
+	
+echo $ac_n "checking if __progname is properly declared""... $ac_c" 1>&6
+echo "configure:9180: checking if __progname is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var___progname_declaration'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9186 "configure"
+#include "confdefs.h"
+#ifdef HAVE_ERR_H
+#include <err.h>
+#endif
+extern struct { int foo; } __progname;
+int main() {
+__progname.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:9196: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_var___progname_declaration=no"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_var___progname_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+
+
+echo "$ac_t""$ac_cv_var___progname_declaration" 1>&6
+if eval "test \"\$ac_cv_var___progname_declaration\" = yes"; then
+	cat >> confdefs.h <<\EOF
+#define HAVE___PROGNAME_DECLARATION 1
+EOF
+
+fi
+
+
+fi
+
+
+
+
+echo $ac_n "checking if optarg is properly declared""... $ac_c" 1>&6
+echo "configure:9227: checking if optarg is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_optarg_declaration'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9233 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+extern struct { int foo; } optarg;
+int main() {
+optarg.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:9244: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_var_optarg_declaration=no"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_var_optarg_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+
+
+echo "$ac_t""$ac_cv_var_optarg_declaration" 1>&6
+if eval "test \"\$ac_cv_var_optarg_declaration\" = yes"; then
+	cat >> confdefs.h <<\EOF
+#define HAVE_OPTARG_DECLARATION 1
+EOF
+
+fi
+
+
+
+echo $ac_n "checking if optind is properly declared""... $ac_c" 1>&6
+echo "configure:9271: checking if optind is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_optind_declaration'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9277 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+extern struct { int foo; } optind;
+int main() {
+optind.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:9288: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_var_optind_declaration=no"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_var_optind_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+
+
+echo "$ac_t""$ac_cv_var_optind_declaration" 1>&6
+if eval "test \"\$ac_cv_var_optind_declaration\" = yes"; then
+	cat >> confdefs.h <<\EOF
+#define HAVE_OPTIND_DECLARATION 1
+EOF
+
+fi
+
+
+
+echo $ac_n "checking if opterr is properly declared""... $ac_c" 1>&6
+echo "configure:9315: checking if opterr is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_opterr_declaration'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9321 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+extern struct { int foo; } opterr;
+int main() {
+opterr.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:9332: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_var_opterr_declaration=no"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_var_opterr_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+
+
+echo "$ac_t""$ac_cv_var_opterr_declaration" 1>&6
+if eval "test \"\$ac_cv_var_opterr_declaration\" = yes"; then
+	cat >> confdefs.h <<\EOF
+#define HAVE_OPTERR_DECLARATION 1
+EOF
+
+fi
+
+
+
+echo $ac_n "checking if optopt is properly declared""... $ac_c" 1>&6
+echo "configure:9359: checking if optopt is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_optopt_declaration'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9365 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+extern struct { int foo; } optopt;
+int main() {
+optopt.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:9376: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_var_optopt_declaration=no"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_var_optopt_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+
+
+echo "$ac_t""$ac_cv_var_optopt_declaration" 1>&6
+if eval "test \"\$ac_cv_var_optopt_declaration\" = yes"; then
+	cat >> confdefs.h <<\EOF
+#define HAVE_OPTOPT_DECLARATION 1
+EOF
+
+fi
+
+
+
+
+echo $ac_n "checking if environ is properly declared""... $ac_c" 1>&6
+echo "configure:9404: checking if environ is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_environ_declaration'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9410 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+extern struct { int foo; } environ;
+int main() {
+environ.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:9418: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_var_environ_declaration=no"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_var_environ_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+
+
+echo "$ac_t""$ac_cv_var_environ_declaration" 1>&6
+if eval "test \"\$ac_cv_var_environ_declaration\" = yes"; then
+	cat >> confdefs.h <<\EOF
+#define HAVE_ENVIRON_DECLARATION 1
+EOF
+
+fi
+
+
+
+echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6
+echo "configure:9445: checking return type of signal handlers" >&5
+if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 9450 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <signal.h>
+#ifdef signal
+#undef signal
+#endif
+#ifdef __cplusplus
+extern "C" void (*signal (int, void (*)(int)))(int);
+#else
+void (*signal ()) ();
+#endif
+
+int main() {
+int i;
+; return 0; }
+EOF
+if { (eval echo configure:9467: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_signal=void
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_signal=int
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_signal" 1>&6
+cat >> confdefs.h <<EOF
+#define RETSIGTYPE $ac_cv_type_signal
+EOF
+
+
+if test "$ac_cv_type_signal" = "void" ; then
+	cat >> confdefs.h <<\EOF
+#define VOID_RETSIGTYPE 1
+EOF
+
+fi
+
+
+
+
+echo $ac_n "checking for ut_addr in struct utmp""... $ac_c" 1>&6
+echo "configure:9496: checking for ut_addr in struct utmp" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_addr'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9502 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+ #include <utmp.h>
+int main() {
+struct utmp x; x.ut_addr;
+; return 0; }
+EOF
+if { (eval echo configure:9510: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_addr=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_addr=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_utmp_ut_addr" 1>&6
+if test "$ac_cv_type_struct_utmp_ut_addr" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_UTMP_UT_ADDR 1
+EOF
+
+	
+fi
+
+
+
+
+echo $ac_n "checking for ut_host in struct utmp""... $ac_c" 1>&6
+echo "configure:9536: checking for ut_host in struct utmp" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_host'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9542 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+ #include <utmp.h>
+int main() {
+struct utmp x; x.ut_host;
+; return 0; }
+EOF
+if { (eval echo configure:9550: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_host=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_host=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_utmp_ut_host" 1>&6
+if test "$ac_cv_type_struct_utmp_ut_host" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_UTMP_UT_HOST 1
+EOF
+
+	
+fi
+
+
+
+
+echo $ac_n "checking for ut_id in struct utmp""... $ac_c" 1>&6
+echo "configure:9576: checking for ut_id in struct utmp" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_id'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9582 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+ #include <utmp.h>
+int main() {
+struct utmp x; x.ut_id;
+; return 0; }
+EOF
+if { (eval echo configure:9590: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_id=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_id=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_utmp_ut_id" 1>&6
+if test "$ac_cv_type_struct_utmp_ut_id" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_UTMP_UT_ID 1
+EOF
+
+	
+fi
+
+
+
+
+echo $ac_n "checking for ut_pid in struct utmp""... $ac_c" 1>&6
+echo "configure:9616: checking for ut_pid in struct utmp" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_pid'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9622 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+ #include <utmp.h>
+int main() {
+struct utmp x; x.ut_pid;
+; return 0; }
+EOF
+if { (eval echo configure:9630: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_pid=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_pid=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_utmp_ut_pid" 1>&6
+if test "$ac_cv_type_struct_utmp_ut_pid" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_UTMP_UT_PID 1
+EOF
+
+	
+fi
+
+
+
+
+echo $ac_n "checking for ut_type in struct utmp""... $ac_c" 1>&6
+echo "configure:9656: checking for ut_type in struct utmp" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_type'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9662 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+ #include <utmp.h>
+int main() {
+struct utmp x; x.ut_type;
+; return 0; }
+EOF
+if { (eval echo configure:9670: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_type=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_type=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_utmp_ut_type" 1>&6
+if test "$ac_cv_type_struct_utmp_ut_type" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_UTMP_UT_TYPE 1
+EOF
+
+	
+fi
+
+
+
+
+echo $ac_n "checking for ut_user in struct utmp""... $ac_c" 1>&6
+echo "configure:9696: checking for ut_user in struct utmp" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_user'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9702 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+ #include <utmp.h>
+int main() {
+struct utmp x; x.ut_user;
+; return 0; }
+EOF
+if { (eval echo configure:9710: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_user=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_user=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_utmp_ut_user" 1>&6
+if test "$ac_cv_type_struct_utmp_ut_user" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_UTMP_UT_USER 1
+EOF
+
+	
+fi
+
+
+
+
+echo $ac_n "checking for ut_exit in struct utmpx""... $ac_c" 1>&6
+echo "configure:9736: checking for ut_exit in struct utmpx" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_utmpx_ut_exit'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9742 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+ #include <utmp.h>
+int main() {
+struct utmpx x; x.ut_exit;
+; return 0; }
+EOF
+if { (eval echo configure:9750: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_struct_utmpx_ut_exit=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_utmpx_ut_exit=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_utmpx_ut_exit" 1>&6
+if test "$ac_cv_type_struct_utmpx_ut_exit" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_UTMPX_UT_EXIT 1
+EOF
+
+	
+fi
+
+
+
+
+echo $ac_n "checking for ut_syslen in struct utmpx""... $ac_c" 1>&6
+echo "configure:9776: checking for ut_syslen in struct utmpx" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_utmpx_ut_syslen'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9782 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+ #include <utmp.h>
+int main() {
+struct utmpx x; x.ut_syslen;
+; return 0; }
+EOF
+if { (eval echo configure:9790: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_struct_utmpx_ut_syslen=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_utmpx_ut_syslen=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_utmpx_ut_syslen" 1>&6
+if test "$ac_cv_type_struct_utmpx_ut_syslen" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_UTMPX_UT_SYSLEN 1
+EOF
+
+	
+fi
+
+
+
+
+
+
+echo $ac_n "checking for tm_gmtoff in struct tm""... $ac_c" 1>&6
+echo "configure:9818: checking for tm_gmtoff in struct tm" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_tm_tm_gmtoff'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9824 "configure"
+#include "confdefs.h"
+#include <time.h>
+int main() {
+struct tm x; x.tm_gmtoff;
+; return 0; }
+EOF
+if { (eval echo configure:9831: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_struct_tm_tm_gmtoff=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_tm_tm_gmtoff=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_tm_tm_gmtoff" 1>&6
+if test "$ac_cv_type_struct_tm_tm_gmtoff" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_TM_TM_GMTOFF 1
+EOF
+
+	
+fi
+
+
+
+
+echo $ac_n "checking for tm_zone in struct tm""... $ac_c" 1>&6
+echo "configure:9857: checking for tm_zone in struct tm" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_tm_tm_zone'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9863 "configure"
+#include "confdefs.h"
+#include <time.h>
+int main() {
+struct tm x; x.tm_zone;
+; return 0; }
+EOF
+if { (eval echo configure:9870: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_struct_tm_tm_zone=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_tm_tm_zone=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_tm_tm_zone" 1>&6
+if test "$ac_cv_type_struct_tm_tm_zone" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_TM_TM_ZONE 1
+EOF
+
+	
+fi
+
+
+
+
+
+echo $ac_n "checking for timezone""... $ac_c" 1>&6
+echo "configure:9897: checking for timezone" >&5
+if eval "test \"`echo '$''{'ac_cv_var_timezone'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9903 "configure"
+#include "confdefs.h"
+extern int timezone;
+int foo() { return timezone; }
+int main() {
+foo()
+; return 0; }
+EOF
+if { (eval echo configure:9911: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  ac_cv_var_timezone=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_var_timezone=no
+fi
+rm -f conftest*
+
+fi
+
+
+
+echo "$ac_t""`eval echo \\$ac_cv_var_timezone`" 1>&6
+if test `eval echo \\$ac_cv_var_timezone` = yes; then
+	cat >> confdefs.h <<EOF
+#define HAVE_TIMEZONE 1
+EOF
+
+	
+echo $ac_n "checking if timezone is properly declared""... $ac_c" 1>&6
+echo "configure:9934: checking if timezone is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_timezone_declaration'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9940 "configure"
+#include "confdefs.h"
+#include <time.h>
+extern struct { int foo; } timezone;
+int main() {
+timezone.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:9948: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_var_timezone_declaration=no"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_var_timezone_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+
+
+echo "$ac_t""$ac_cv_var_timezone_declaration" 1>&6
+if eval "test \"\$ac_cv_var_timezone_declaration\" = yes"; then
+	cat >> confdefs.h <<\EOF
+#define HAVE_TIMEZONE_DECLARATION 1
+EOF
+
+fi
+
+
+fi
+
+
+
+
+cv=`echo "sa_family_t" | sed 'y%./+- %__p__%'`
+echo $ac_n "checking for sa_family_t""... $ac_c" 1>&6
+echo "configure:9980: checking for sa_family_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_$cv'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 9985 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+#include <sys/socket.h>
+int main() {
+sa_family_t foo;
+; return 0; }
+EOF
+if { (eval echo configure:9997: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_type_$cv=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_type_$cv=no"
+fi
+rm -f conftest*
+fi
+echo "$ac_t""`eval echo \\$ac_cv_type_$cv`" 1>&6
+if test `eval echo \\$ac_cv_type_$cv` = yes; then
+  ac_tr_hdr=HAVE_`echo sa_family_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+
+: << END
+@@@funcs="$funcs sa_family_t"@@@
+END
+
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+fi
+
+
+
+cv=`echo "struct sockaddr_storage" | sed 'y%./+- %__p__%'`
+echo $ac_n "checking for struct sockaddr_storage""... $ac_c" 1>&6
+echo "configure:10026: checking for struct sockaddr_storage" >&5
+if eval "test \"`echo '$''{'ac_cv_type_$cv'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10031 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+#include <sys/socket.h>
+int main() {
+struct sockaddr_storage foo;
+; return 0; }
+EOF
+if { (eval echo configure:10043: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_type_$cv=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_type_$cv=no"
+fi
+rm -f conftest*
+fi
+echo "$ac_t""`eval echo \\$ac_cv_type_$cv`" 1>&6
+if test `eval echo \\$ac_cv_type_$cv` = yes; then
+  ac_tr_hdr=HAVE_`echo struct sockaddr_storage | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+
+: << END
+@@@funcs="$funcs struct_sockaddr_storage"@@@
+END
+
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+
+fi
+
+
+
+echo $ac_n "checking for struct spwd""... $ac_c" 1>&6
+echo "configure:10071: checking for struct spwd" >&5
+if eval "test \"`echo '$''{'ac_cv_struct_spwd'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 10077 "configure"
+#include "confdefs.h"
+#include <pwd.h>
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+int main() {
+struct spwd foo;
+; return 0; }
+EOF
+if { (eval echo configure:10087: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_struct_spwd=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_struct_spwd=no
+fi
+rm -f conftest*
+
+fi
+
+echo "$ac_t""$ac_cv_struct_spwd" 1>&6
+
+if test "$ac_cv_struct_spwd" = "yes"; then
+  cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_SPWD 1
+EOF
+
+fi
+
+
+echo $ac_n "checking for st_blksize in struct stat""... $ac_c" 1>&6
+echo "configure:10111: checking for st_blksize in struct stat" >&5
+if eval "test \"`echo '$''{'ac_cv_struct_st_blksize'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10116 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+int main() {
+struct stat s; s.st_blksize;
+; return 0; }
+EOF
+if { (eval echo configure:10124: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_struct_st_blksize=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_struct_st_blksize=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_struct_st_blksize" 1>&6
+if test $ac_cv_struct_st_blksize = yes; then
+  cat >> confdefs.h <<\EOF
+#define HAVE_ST_BLKSIZE 1
+EOF
+
+fi
+
+
+
+
+echo $ac_n "checking for struct winsize""... $ac_c" 1>&6
+echo "configure:10148: checking for struct winsize" >&5
+if eval "test \"`echo '$''{'ac_cv_struct_winsize'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+ac_cv_struct_winsize=no
+for i in sys/termios.h sys/ioctl.h; do
+cat > conftest.$ac_ext <<EOF
+#line 10156 "configure"
+#include "confdefs.h"
+#include <$i>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "struct[ 	]*winsize" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_struct_winsize=yes; break
+fi
+rm -f conftest*
+done
+
+fi
+
+if test "$ac_cv_struct_winsize" = "yes"; then
+  cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_WINSIZE 1
+EOF
+
+fi
+echo "$ac_t""$ac_cv_struct_winsize" 1>&6
+cat > conftest.$ac_ext <<EOF
+#line 10178 "configure"
+#include "confdefs.h"
+#include <termios.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "ws_xpixel" >/dev/null 2>&1; then
+  rm -rf conftest*
+  cat >> confdefs.h <<\EOF
+#define HAVE_WS_XPIXEL 1
+EOF
+
+fi
+rm -f conftest*
+
+cat > conftest.$ac_ext <<EOF
+#line 10193 "configure"
+#include "confdefs.h"
+#include <termios.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "ws_ypixel" >/dev/null 2>&1; then
+  rm -rf conftest*
+  cat >> confdefs.h <<\EOF
+#define HAVE_WS_YPIXEL 1
+EOF
+
+fi
+rm -f conftest*
+
+
+
+
+echo $ac_n "checking for pid_t""... $ac_c" 1>&6
+echo "configure:10211: checking for pid_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10216 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "(^|[^a-zA-Z_0-9])pid_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_pid_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_pid_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_pid_t" 1>&6
+if test $ac_cv_type_pid_t = no; then
+  cat >> confdefs.h <<\EOF
+#define pid_t int
+EOF
+
+fi
+
+echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6
+echo "configure:10244: checking for uid_t in sys/types.h" >&5
+if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10249 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "uid_t" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_uid_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_uid_t=no
+fi
+rm -f conftest*
+
+fi
+
+echo "$ac_t""$ac_cv_type_uid_t" 1>&6
+if test $ac_cv_type_uid_t = no; then
+  cat >> confdefs.h <<\EOF
+#define uid_t int
+EOF
+
+  cat >> confdefs.h <<\EOF
+#define gid_t int
+EOF
+
+fi
+
+echo $ac_n "checking for off_t""... $ac_c" 1>&6
+echo "configure:10278: checking for off_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10283 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "(^|[^a-zA-Z_0-9])off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_off_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_off_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_off_t" 1>&6
+if test $ac_cv_type_off_t = no; then
+  cat >> confdefs.h <<\EOF
+#define off_t long
+EOF
+
+fi
+
+echo $ac_n "checking for size_t""... $ac_c" 1>&6
+echo "configure:10311: checking for size_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10316 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "(^|[^a-zA-Z_0-9])size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_size_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_size_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_size_t" 1>&6
+if test $ac_cv_type_size_t = no; then
+  cat >> confdefs.h <<\EOF
+#define size_t unsigned
+EOF
+
+fi
+
+
+echo $ac_n "checking for ssize_t""... $ac_c" 1>&6
+echo "configure:10345: checking for ssize_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_ssize_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10350 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "ssize_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_ssize_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_ssize_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_ssize_t" 1>&6
+if test $ac_cv_type_ssize_t = no; then
+  cat >> confdefs.h <<\EOF
+#define ssize_t int
+EOF
+
+fi
+
+
+
+echo $ac_n "checking for broken sys/socket.h""... $ac_c" 1>&6
+echo "configure:10384: checking for broken sys/socket.h" >&5
+if eval "test \"`echo '$''{'krb_cv_header_sys_socket_h_broken'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 10390 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/socket.h>
+int main() {
+
+; return 0; }
+EOF
+if { (eval echo configure:10399: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  krb_cv_header_sys_socket_h_broken=no
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  krb_cv_header_sys_socket_h_broken=yes
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$krb_cv_header_sys_socket_h_broken" 1>&6
+
+
+
+echo $ac_n "checking for broken netdb.h""... $ac_c" 1>&6
+echo "configure:10416: checking for broken netdb.h" >&5
+if eval "test \"`echo '$''{'krb_cv_header_netdb_h_broken'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 10422 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <netdb.h>
+#include <netdb.h>
+int main() {
+
+; return 0; }
+EOF
+if { (eval echo configure:10431: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  krb_cv_header_netdb_h_broken=no
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  krb_cv_header_netdb_h_broken=yes
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$krb_cv_header_netdb_h_broken" 1>&6
+
+if test "$krb_cv_header_netdb_h_broken" = "yes"; then
+  EXTRA_HEADERS="$EXTRA_HEADERS netdb.h"
+fi
+
+
+
+
+echo $ac_n "checking for sa_len in struct sockaddr""... $ac_c" 1>&6
+echo "configure:10453: checking for sa_len in struct sockaddr" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_sockaddr_sa_len'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 10459 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/socket.h>
+int main() {
+struct sockaddr x; x.sa_len;
+; return 0; }
+EOF
+if { (eval echo configure:10467: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_struct_sockaddr_sa_len=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_sockaddr_sa_len=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_sockaddr_sa_len" 1>&6
+if test "$ac_cv_type_struct_sockaddr_sa_len" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_SOCKADDR_SA_LEN 1
+EOF
+
+	
+fi
+
+
+
+
+if test "$ac_cv_header_siad_h" = yes; then
+
+
+echo $ac_n "checking for ouid in SIAENTITY""... $ac_c" 1>&6
+echo "configure:10496: checking for ouid in SIAENTITY" >&5
+if eval "test \"`echo '$''{'ac_cv_type_siaentity_ouid'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 10502 "configure"
+#include "confdefs.h"
+#include <siad.h>
+int main() {
+SIAENTITY x; x.ouid;
+; return 0; }
+EOF
+if { (eval echo configure:10509: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_siaentity_ouid=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_siaentity_ouid=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_siaentity_ouid" 1>&6
+if test "$ac_cv_type_siaentity_ouid" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_SIAENTITY_OUID 1
+EOF
+
+	
+fi
+
+
+fi
+
+
+for ac_func in getmsg
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:10538: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10543 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:10566: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+if test "$ac_cf_func_getmsg" = "yes"; then
+
+echo $ac_n "checking for working getmsg""... $ac_c" 1>&6
+echo "configure:10594: checking for working getmsg" >&5
+if eval "test \"`echo '$''{'ac_cv_func_getmsg'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_getmsg=no
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10602 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+
+int main()
+{
+  getmsg(open("/dev/null", 0), NULL, NULL, NULL);
+  return 0;
+}
+
+EOF
+if { (eval echo configure:10614: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  ac_cv_func_getmsg=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_cv_func_getmsg=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$ac_cv_func_getmsg" 1>&6
+test "$ac_cv_func_getmsg" = "yes" &&
+cat >> confdefs.h <<\EOF
+#define HAVE_GETMSG 1
+EOF
+
+
+fi
+
+
+
+
+
+
+echo $ac_n "checking for el_init""... $ac_c" 1>&6
+echo "configure:10643: checking for el_init" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_el_init'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_el_init\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" edit; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib $LIB_tgetent $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 10658 "configure"
+#include "confdefs.h"
+
+int main() {
+el_init()
+; return 0; }
+EOF
+if { (eval echo configure:10665: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_el_init=$ac_lib; else ac_cv_funclib_el_init=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_el_init=\${ac_cv_funclib_el_init-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_el_init"
+
+: << END
+@@@funcs="$funcs el_init"@@@
+@@@libs="$libs "" edit"@@@
+END
+
+# el_init
+eval "ac_tr_func=HAVE_`echo el_init | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_el_init=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_el_init=yes"
+	eval "LIB_el_init="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_el_init=no"
+	eval "LIB_el_init="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_el_init=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+if test "$ac_cv_func_el_init" = yes ; then
+	echo $ac_n "checking for four argument el_init""... $ac_c" 1>&6
+echo "configure:10726: checking for four argument el_init" >&5
+if eval "test \"`echo '$''{'ac_cv_func_el_init_four'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+		cat > conftest.$ac_ext <<EOF
+#line 10732 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+			#include <histedit.h>
+int main() {
+el_init("", NULL, NULL, NULL);
+; return 0; }
+EOF
+if { (eval echo configure:10740: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_func_el_init_four=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_func_el_init_four=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_el_init_four" 1>&6
+	if test "$ac_cv_func_el_init_four" = yes; then
+		cat >> confdefs.h <<\EOF
+#define HAVE_FOUR_VALUED_EL_INIT 1
+EOF
+
+	fi
+fi
+
+
+save_LIBS="$LIBS"
+LIBS="$LIB_tgetent $LIBS"
+
+
+
+echo $ac_n "checking for readline""... $ac_c" 1>&6
+echo "configure:10768: checking for readline" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_readline'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_readline\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" edit readline; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS=" $ac_lib  $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 10783 "configure"
+#include "confdefs.h"
+
+int main() {
+readline()
+; return 0; }
+EOF
+if { (eval echo configure:10790: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_readline=$ac_lib; else ac_cv_funclib_readline=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_readline=\${ac_cv_funclib_readline-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_readline"
+
+: << END
+@@@funcs="$funcs readline"@@@
+@@@libs="$libs "" edit readline"@@@
+END
+
+# readline
+eval "ac_tr_func=HAVE_`echo readline | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_readline=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_readline=yes"
+	eval "LIB_readline="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_readline=no"
+	eval "LIB_readline="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_readline=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+LIBS="$save_LIBS"
+el_yes="# "
+if test "$with_readline" -a "$with_readline" != "no"; then
+	:
+elif test "$ac_cv_func_readline" = yes; then
+	INCLUDE_readline=
+elif test "$ac_cv_func_el_init" = yes; then
+	el_yes=
+	LIB_readline="-L\$(top_builddir)/lib/editline -lel_compat $LIB_el_init"
+	INCLUDE_readline='-I$(top_srcdir)/lib/editline'
+else
+	LIB_readline='-L$(top_builddir)/lib/editline -leditline'
+	INCLUDE_readline='-I$(top_srcdir)/lib/editline'
+fi
+LIB_readline="$LIB_readline \$(LIB_tgetent)"
+cat >> confdefs.h <<\EOF
+#define HAVE_READLINE 1
+EOF
+
+
+
+
+
+cat >> confdefs.h <<\EOF
+#define AUTHENTICATION 1
+EOF
+cat >> confdefs.h <<\EOF
+#define KRB4 1
+EOF
+cat >> confdefs.h <<\EOF
+#define ENCRYPTION 1
+EOF
+cat >> confdefs.h <<\EOF
+#define DES_ENCRYPTION 1
+EOF
+cat >> confdefs.h <<\EOF
+#define DIAGNOSTICS 1
+EOF
+cat >> confdefs.h <<\EOF
+#define OLD_ENVIRON 1
+EOF
+
+# Simple test for streamspty, based on the existance of getmsg(), alas
+# this breaks on SunOS4 which have streams but BSD-like ptys
+#
+# And also something wierd has happend with dec-osf1, fallback to bsd-ptys
+
+echo $ac_n "checking for streamspty""... $ac_c" 1>&6
+echo "configure:10897: checking for streamspty" >&5
+case "`uname -sr`" in
+SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.10.*)
+	krb_cv_sys_streamspty=no
+	;;
+AIX*)
+	os_rel=`uname -v`.`uname -r`
+	if expr "$os_rel" : "3*" >/dev/null 2>&1; then
+		krb_cv_sys_streamspty=no
+	else
+		krb_cv_sys_streamspty="$ac_cv_func_getmsg"
+	fi
+	;;
+*)
+	krb_cv_sys_streamspty="$ac_cv_func_getmsg"
+	;;
+esac
+if test "$krb_cv_sys_streamspty" = yes; then
+	cat >> confdefs.h <<\EOF
+#define STREAMSPTY 1
+EOF
+
+fi
+echo "$ac_t""$krb_cv_sys_streamspty" 1>&6
+
+echo $ac_n "checking if /bin/ls takes -A""... $ac_c" 1>&6
+echo "configure:10923: checking if /bin/ls takes -A" >&5
+if /bin/ls -A > /dev/null 2>&1 ;then
+	cat >> confdefs.h <<\EOF
+#define HAVE_LS_A 1
+EOF
+
+	krb_ls_a=yes
+else
+	krb_ls_a=no
+fi
+echo "$ac_t""$krb_ls_a" 1>&6
+	
+echo $ac_n "checking for suffix of preformatted manual pages""... $ac_c" 1>&6
+echo "configure:10936: checking for suffix of preformatted manual pages" >&5
+if eval "test \"`echo '$''{'krb_cv_sys_cat_suffix'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if grep _version /etc/man.conf > /dev/null 2>&1; then
+	krb_cv_sys_cat_suffix=0
+else
+	krb_cv_sys_cat_suffix=number
+fi
+fi
+
+echo "$ac_t""$krb_cv_sys_cat_suffix" 1>&6
+if test "$krb_cv_sys_cat_suffix" = number; then
+		CATSUFFIX='$$s'
+else
+		CATSUFFIX=0
+fi
+
+
+
+KRB_KAFS_LIB="-L\$(top_builddir)/lib/kafs -lkafs $AIX_EXTRA_KAFS"
+
+
+
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+for i in bin lib libexec sbin; do
+	i=${i}dir
+	foo=`echo $i | tr 'xindiscernible' 'XINDISCERNIBLE'`
+	x="\$${i}"
+	eval y="$x"
+	while test "x$y" != "x$x"; do
+		x="$y"
+		eval y="$x"
+	done
+	cat >> confdefs.h <<EOF
+#define $foo "$x"
+EOF
+
+done
+
+trap '' 1 2 15
+cat > confcache <<\EOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs.  It is not useful on other systems.
+# If it contains results you don't want to keep, you may remove or edit it.
+#
+# By default, configure uses ./config.cache as the cache file,
+# creating it if it does not exist already.  You can give configure
+# the --cache-file=FILE option to use a different cache file; that is
+# what configure does when it calls configure scripts in
+# subdirectories, so they share the cache.
+# Giving --cache-file=/dev/null disables caching, for debugging configure.
+# config.status only pays attention to the cache file if you give it the
+# --recheck option to rerun configure.
+#
+EOF
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, don't put newlines in cache variables' values.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(set) 2>&1 |
+  case `(ac_space=' '; set | grep ac_space) 2>&1` in
+  *ac_space=\ *)
+    # `set' does not quote correctly, so add quotes (double-quote substitution
+    # turns \\\\ into \\, and sed turns \\ into \).
+    sed -n \
+      -e "s/'/'\\\\''/g" \
+      -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p"
+    ;;
+  *)
+    # `set' quotes correctly as required by POSIX, so do not add quotes.
+    sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p'
+    ;;
+  esac >> confcache
+if cmp -s $cache_file confcache; then
+  :
+else
+  if test -w $cache_file; then
+    echo "updating cache $cache_file"
+    cat confcache > $cache_file
+  else
+    echo "not updating unwritable cache $cache_file"
+  fi
+fi
+rm -f confcache
+
+trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+# Any assignment to VPATH causes Sun make to only execute
+# the first set of double-colon rules, so remove it if not needed.
+# If there is a colon in the path, we need to keep it.
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[ 	]*VPATH[ 	]*=[^:]*$/d'
+fi
+
+trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15
+
+DEFS=-DHAVE_CONFIG_H
+
+# Without the "./", some shells look in PATH for config.status.
+: ${CONFIG_STATUS=./config.status}
+
+echo creating $CONFIG_STATUS
+rm -f $CONFIG_STATUS
+cat > $CONFIG_STATUS <<EOF
+#! /bin/sh
+# Generated automatically by configure.
+# Run this file to recreate the current configuration.
+# This directory was configured as follows,
+# on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+#
+# $0 $ac_configure_args
+#
+# Compiler output produced by configure, useful for debugging
+# configure, is in ./config.log if it exists.
+
+ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]"
+for ac_option
+do
+  case "\$ac_option" in
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion"
+    exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;;
+  -version | --version | --versio | --versi | --vers | --ver | --ve | --v)
+    echo "$CONFIG_STATUS generated by autoconf version 2.13"
+    exit 0 ;;
+  -help | --help | --hel | --he | --h)
+    echo "\$ac_cs_usage"; exit 0 ;;
+  *) echo "\$ac_cs_usage"; exit 1 ;;
+  esac
+done
+
+ac_given_srcdir=$srcdir
+ac_given_INSTALL="$INSTALL"
+
+trap 'rm -fr `echo "\
+Makefile 					\
+include/Makefile				\
+include/sys/Makefile				\
+						\
+man/Makefile					\
+						\
+lib/Makefile					\
+lib/com_err/Makefile				\
+lib/des/Makefile				\
+lib/krb/Makefile				\
+lib/kdb/Makefile				\
+lib/kadm/Makefile				\
+lib/acl/Makefile				\
+lib/kafs/Makefile				\
+lib/roken/Makefile				\
+lib/otp/Makefile				\
+lib/sl/Makefile					\
+lib/editline/Makefile				\
+lib/rxkad/Makefile				\
+lib/auth/Makefile				\
+lib/auth/pam/Makefile				\
+lib/auth/sia/Makefile				\
+lib/auth/afskauthlib/Makefile			\
+						\
+kuser/Makefile					\
+server/Makefile					\
+slave/Makefile					\
+admin/Makefile					\
+kadmin/Makefile					\
+						\
+appl/Makefile					\
+						\
+appl/afsutil/Makefile 				\
+appl/ftp/Makefile				\
+appl/ftp/common/Makefile			\
+appl/ftp/ftp/Makefile				\
+appl/ftp/ftpd/Makefile				\
+appl/telnet/Makefile				\
+appl/telnet/libtelnet/Makefile			\
+appl/telnet/telnet/Makefile			\
+appl/telnet/telnetd/Makefile			\
+appl/bsd/Makefile 				\
+appl/kauth/Makefile				\
+appl/popper/Makefile				\
+appl/movemail/Makefile				\
+appl/push/Makefile				\
+appl/sample/Makefile				\
+appl/xnlock/Makefile				\
+appl/kx/Makefile				\
+appl/kip/Makefile				\
+appl/otp/Makefile				\
+doc/Makefile					\
+etc/inetd.conf.changes				\
+ include/config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
+EOF
+cat >> $CONFIG_STATUS <<EOF
+
+# Protect against being on the right side of a sed subst in config.status.
+sed 's/%@/@@/; s/@%/@@/; s/%g\$/@g/; /@g\$/s/[\\\\&%]/\\\\&/g;
+ s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF
+$ac_vpsub
+$extrasub
+s%@SHELL@%$SHELL%g
+s%@CFLAGS@%$CFLAGS%g
+s%@CPPFLAGS@%$CPPFLAGS%g
+s%@CXXFLAGS@%$CXXFLAGS%g
+s%@FFLAGS@%$FFLAGS%g
+s%@DEFS@%$DEFS%g
+s%@LDFLAGS@%$LDFLAGS%g
+s%@LIBS@%$LIBS%g
+s%@exec_prefix@%$exec_prefix%g
+s%@prefix@%$prefix%g
+s%@program_transform_name@%$program_transform_name%g
+s%@bindir@%$bindir%g
+s%@sbindir@%$sbindir%g
+s%@libexecdir@%$libexecdir%g
+s%@datadir@%$datadir%g
+s%@sysconfdir@%$sysconfdir%g
+s%@sharedstatedir@%$sharedstatedir%g
+s%@localstatedir@%$localstatedir%g
+s%@libdir@%$libdir%g
+s%@includedir@%$includedir%g
+s%@oldincludedir@%$oldincludedir%g
+s%@infodir@%$infodir%g
+s%@mandir@%$mandir%g
+s%@PACKAGE@%$PACKAGE%g
+s%@VERSION@%$VERSION%g
+s%@host@%$host%g
+s%@host_alias@%$host_alias%g
+s%@host_cpu@%$host_cpu%g
+s%@host_vendor@%$host_vendor%g
+s%@host_os@%$host_os%g
+s%@CANONICAL_HOST@%$CANONICAL_HOST%g
+s%@SET_MAKE@%$SET_MAKE%g
+s%@LN_S@%$LN_S%g
+s%@CC@%$CC%g
+s%@CPP@%$CPP%g
+s%@YACC@%$YACC%g
+s%@LEX@%$LEX%g
+s%@LEXLIB@%$LEXLIB%g
+s%@RANLIB@%$RANLIB%g
+s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g
+s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g
+s%@INSTALL_DATA@%$INSTALL_DATA%g
+s%@AWK@%$AWK%g
+s%@MAKEINFO@%$MAKEINFO%g
+s%@WFLAGS@%$WFLAGS%g
+s%@WFLAGS_NOUNUSED@%$WFLAGS_NOUNUSED%g
+s%@WFLAGS_NOIMPLICITINT@%$WFLAGS_NOIMPLICITINT%g
+s%@INCLUDE_socks@%$INCLUDE_socks%g
+s%@LIB_socks@%$LIB_socks%g
+s%@CRACKLIB@%$CRACKLIB%g
+s%@LIB_otp@%$LIB_otp%g
+s%@OTP_dir@%$OTP_dir%g
+s%@LIB_security@%$LIB_security%g
+s%@AFSWS@%$AFSWS%g
+s%@LIB_SUBDIRS@%$LIB_SUBDIRS%g
+s%@disable_cat_manpages@%$disable_cat_manpages%g
+s%@INCLUDE_readline@%$INCLUDE_readline%g
+s%@LIB_readline@%$LIB_readline%g
+s%@INCLUDE_hesiod@%$INCLUDE_hesiod%g
+s%@LIB_hesiod@%$LIB_hesiod%g
+s%@LINK@%$LINK%g
+s%@lib_deps_yes@%$lib_deps_yes%g
+s%@lib_deps_no@%$lib_deps_no%g
+s%@REAL_PICFLAGS@%$REAL_PICFLAGS%g
+s%@REAL_SHLIBEXT@%$REAL_SHLIBEXT%g
+s%@REAL_LD_FLAGS@%$REAL_LD_FLAGS%g
+s%@PICFLAGS@%$PICFLAGS%g
+s%@SHLIBEXT@%$SHLIBEXT%g
+s%@LDSHARED@%$LDSHARED%g
+s%@LD_FLAGS@%$LD_FLAGS%g
+s%@LIBEXT@%$LIBEXT%g
+s%@LIBPREFIX@%$LIBPREFIX%g
+s%@EXECSUFFIX@%$EXECSUFFIX%g
+s%@build_symlink_command@%$build_symlink_command%g
+s%@install_symlink_command@%$install_symlink_command%g
+s%@install_symlink_command2@%$install_symlink_command2%g
+s%@LIB_dlopen@%$LIB_dlopen%g
+s%@AFS_EXTRA_OBJS@%$AFS_EXTRA_OBJS%g
+s%@AFS_EXTRA_LIBS@%$AFS_EXTRA_LIBS%g
+s%@AFS_EXTRA_LD@%$AFS_EXTRA_LD%g
+s%@AFS_EXTRA_DEFS@%$AFS_EXTRA_DEFS%g
+s%@AIX_EXTRA_KAFS@%$AIX_EXTRA_KAFS%g
+s%@EXTRA_HEADERS@%$EXTRA_HEADERS%g
+s%@EXTRA_LOCL_HEADERS@%$EXTRA_LOCL_HEADERS%g
+s%@LIB_crypt@%$LIB_crypt%g
+s%@LIB_socket@%$LIB_socket%g
+s%@LIB_gethostbyname@%$LIB_gethostbyname%g
+s%@LIB_odm_initialize@%$LIB_odm_initialize%g
+s%@LIB_getattr@%$LIB_getattr%g
+s%@LIB_setpcred@%$LIB_setpcred%g
+s%@LIB_logwtmp@%$LIB_logwtmp%g
+s%@LIB_logout@%$LIB_logout%g
+s%@LIB_tgetent@%$LIB_tgetent%g
+s%@X_CFLAGS@%$X_CFLAGS%g
+s%@X_PRE_LIBS@%$X_PRE_LIBS%g
+s%@X_LIBS@%$X_LIBS%g
+s%@X_EXTRA_LIBS@%$X_EXTRA_LIBS%g
+s%@MAKE_X_PROGS_BIN@%$MAKE_X_PROGS_BIN%g
+s%@MAKE_X_PROGS_LIBEXEC@%$MAKE_X_PROGS_LIBEXEC%g
+s%@LIB_XauWriteAuth@%$LIB_XauWriteAuth%g
+s%@LIB_XauReadAuth@%$LIB_XauReadAuth%g
+s%@LIB_XauFileName@%$LIB_XauFileName%g
+s%@NEED_WRITEAUTH_TRUE@%$NEED_WRITEAUTH_TRUE%g
+s%@NEED_WRITEAUTH_FALSE@%$NEED_WRITEAUTH_FALSE%g
+s%@LIB_DBM@%$LIB_DBM%g
+s%@DBLIB@%$DBLIB%g
+s%@LIB_syslog@%$LIB_syslog%g
+s%@LIB_getpwnam_r@%$LIB_getpwnam_r%g
+s%@LIB_getsockopt@%$LIB_getsockopt%g
+s%@LIB_setsockopt@%$LIB_setsockopt%g
+s%@LIB_res_search@%$LIB_res_search%g
+s%@LIB_dn_expand@%$LIB_dn_expand%g
+s%@ALLOCA@%$ALLOCA%g
+s%@LIB_hstrerror@%$LIB_hstrerror%g
+s%@LIBOBJS@%$LIBOBJS%g
+s%@LIB_AUTH_SUBDIRS@%$LIB_AUTH_SUBDIRS%g
+s%@APPL_KIP_DIR@%$APPL_KIP_DIR%g
+s%@krb_cv_header_sys_socket_h_broken@%$krb_cv_header_sys_socket_h_broken%g
+s%@krb_cv_header_netdb_h_broken@%$krb_cv_header_netdb_h_broken%g
+s%@LIB_el_init@%$LIB_el_init%g
+s%@el_yes@%$el_yes%g
+s%@CATSUFFIX@%$CATSUFFIX%g
+s%@KRB_KAFS_LIB@%$KRB_KAFS_LIB%g
+
+CEOF
+EOF
+
+cat >> $CONFIG_STATUS <<\EOF
+
+# Split the substitutions into bite-sized pieces for seds with
+# small command number limits, like on Digital OSF/1 and HP-UX.
+ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script.
+ac_file=1 # Number of current file.
+ac_beg=1 # First line for current file.
+ac_end=$ac_max_sed_cmds # Line after last line for current file.
+ac_more_lines=:
+ac_sed_cmds=""
+while $ac_more_lines; do
+  if test $ac_beg -gt 1; then
+    sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file
+  else
+    sed "${ac_end}q" conftest.subs > conftest.s$ac_file
+  fi
+  if test ! -s conftest.s$ac_file; then
+    ac_more_lines=false
+    rm -f conftest.s$ac_file
+  else
+    if test -z "$ac_sed_cmds"; then
+      ac_sed_cmds="sed -f conftest.s$ac_file"
+    else
+      ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file"
+    fi
+    ac_file=`expr $ac_file + 1`
+    ac_beg=$ac_end
+    ac_end=`expr $ac_end + $ac_max_sed_cmds`
+  fi
+done
+if test -z "$ac_sed_cmds"; then
+  ac_sed_cmds=cat
+fi
+EOF
+
+cat >> $CONFIG_STATUS <<EOF
+
+CONFIG_FILES=\${CONFIG_FILES-"\
+Makefile 					\
+include/Makefile				\
+include/sys/Makefile				\
+						\
+man/Makefile					\
+						\
+lib/Makefile					\
+lib/com_err/Makefile				\
+lib/des/Makefile				\
+lib/krb/Makefile				\
+lib/kdb/Makefile				\
+lib/kadm/Makefile				\
+lib/acl/Makefile				\
+lib/kafs/Makefile				\
+lib/roken/Makefile				\
+lib/otp/Makefile				\
+lib/sl/Makefile					\
+lib/editline/Makefile				\
+lib/rxkad/Makefile				\
+lib/auth/Makefile				\
+lib/auth/pam/Makefile				\
+lib/auth/sia/Makefile				\
+lib/auth/afskauthlib/Makefile			\
+						\
+kuser/Makefile					\
+server/Makefile					\
+slave/Makefile					\
+admin/Makefile					\
+kadmin/Makefile					\
+						\
+appl/Makefile					\
+						\
+appl/afsutil/Makefile 				\
+appl/ftp/Makefile				\
+appl/ftp/common/Makefile			\
+appl/ftp/ftp/Makefile				\
+appl/ftp/ftpd/Makefile				\
+appl/telnet/Makefile				\
+appl/telnet/libtelnet/Makefile			\
+appl/telnet/telnet/Makefile			\
+appl/telnet/telnetd/Makefile			\
+appl/bsd/Makefile 				\
+appl/kauth/Makefile				\
+appl/popper/Makefile				\
+appl/movemail/Makefile				\
+appl/push/Makefile				\
+appl/sample/Makefile				\
+appl/xnlock/Makefile				\
+appl/kx/Makefile				\
+appl/kip/Makefile				\
+appl/otp/Makefile				\
+doc/Makefile					\
+etc/inetd.conf.changes				\
+"}
+EOF
+cat >> $CONFIG_STATUS <<\EOF
+for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
+  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
+  case "$ac_file" in
+  *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'`
+       ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
+  *) ac_file_in="${ac_file}.in" ;;
+  esac
+
+  # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories.
+
+  # Remove last slash and all that follows it.  Not all systems have dirname.
+  ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'`
+  if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then
+    # The file is in a subdirectory.
+    test ! -d "$ac_dir" && mkdir "$ac_dir"
+    ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`"
+    # A "../" for each directory in $ac_dir_suffix.
+    ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'`
+  else
+    ac_dir_suffix= ac_dots=
+  fi
+
+  case "$ac_given_srcdir" in
+  .)  srcdir=.
+      if test -z "$ac_dots"; then top_srcdir=.
+      else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;;
+  /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;;
+  *) # Relative path.
+    srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix"
+    top_srcdir="$ac_dots$ac_given_srcdir" ;;
+  esac
+
+  case "$ac_given_INSTALL" in
+  [/$]*) INSTALL="$ac_given_INSTALL" ;;
+  *) INSTALL="$ac_dots$ac_given_INSTALL" ;;
+  esac
+
+  echo creating "$ac_file"
+  rm -f "$ac_file"
+  configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure."
+  case "$ac_file" in
+  *Makefile*) ac_comsub="1i\\
+# $configure_input" ;;
+  *) ac_comsub= ;;
+  esac
+
+  ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"`
+  sed -e "$ac_comsub
+s%@configure_input@%$configure_input%g
+s%@srcdir@%$srcdir%g
+s%@top_srcdir@%$top_srcdir%g
+s%@INSTALL@%$INSTALL%g
+" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file
+fi; done
+rm -f conftest.s*
+
+# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
+# NAME is the cpp macro being defined and VALUE is the value it is being given.
+#
+# ac_d sets the value in "#define NAME VALUE" lines.
+ac_dA='s%^\([ 	]*\)#\([ 	]*define[ 	][ 	]*\)'
+ac_dB='\([ 	][ 	]*\)[^ 	]*%\1#\2'
+ac_dC='\3'
+ac_dD='%g'
+# ac_u turns "#undef NAME" with trailing blanks into "#define NAME VALUE".
+ac_uA='s%^\([ 	]*\)#\([ 	]*\)undef\([ 	][ 	]*\)'
+ac_uB='\([ 	]\)%\1#\2define\3'
+ac_uC=' '
+ac_uD='\4%g'
+# ac_e turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
+ac_eA='s%^\([ 	]*\)#\([ 	]*\)undef\([ 	][ 	]*\)'
+ac_eB='$%\1#\2define\3'
+ac_eC=' '
+ac_eD='%g'
+
+if test "${CONFIG_HEADERS+set}" != set; then
+EOF
+cat >> $CONFIG_STATUS <<EOF
+  CONFIG_HEADERS="include/config.h"
+EOF
+cat >> $CONFIG_STATUS <<\EOF
+fi
+for ac_file in .. $CONFIG_HEADERS; do if test "x$ac_file" != x..; then
+  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
+  case "$ac_file" in
+  *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'`
+       ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
+  *) ac_file_in="${ac_file}.in" ;;
+  esac
+
+  echo creating $ac_file
+
+  rm -f conftest.frag conftest.in conftest.out
+  ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"`
+  cat $ac_file_inputs > conftest.in
+
+EOF
+
+# Transform confdefs.h into a sed script conftest.vals that substitutes
+# the proper values into config.h.in to produce config.h.  And first:
+# Protect against being on the right side of a sed subst in config.status.
+# Protect against being in an unquoted here document in config.status.
+rm -f conftest.vals
+cat > conftest.hdr <<\EOF
+s/[\\&%]/\\&/g
+s%[\\$`]%\\&%g
+s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD}%gp
+s%ac_d%ac_u%gp
+s%ac_u%ac_e%gp
+EOF
+sed -n -f conftest.hdr confdefs.h > conftest.vals
+rm -f conftest.hdr
+
+# This sed command replaces #undef with comments.  This is necessary, for
+# example, in the case of _POSIX_SOURCE, which is predefined and required
+# on some systems where configure will not decide to define it.
+cat >> conftest.vals <<\EOF
+s%^[ 	]*#[ 	]*undef[ 	][ 	]*[a-zA-Z_][a-zA-Z_0-9]*%/* & */%
+EOF
+
+# Break up conftest.vals because some shells have a limit on
+# the size of here documents, and old seds have small limits too.
+
+rm -f conftest.tail
+while :
+do
+  ac_lines=`grep -c . conftest.vals`
+  # grep -c gives empty output for an empty file on some AIX systems.
+  if test -z "$ac_lines" || test "$ac_lines" -eq 0; then break; fi
+  # Write a limited-size here document to conftest.frag.
+  echo '  cat > conftest.frag <<CEOF' >> $CONFIG_STATUS
+  sed ${ac_max_here_lines}q conftest.vals >> $CONFIG_STATUS
+  echo 'CEOF
+  sed -f conftest.frag conftest.in > conftest.out
+  rm -f conftest.in
+  mv conftest.out conftest.in
+' >> $CONFIG_STATUS
+  sed 1,${ac_max_here_lines}d conftest.vals > conftest.tail
+  rm -f conftest.vals
+  mv conftest.tail conftest.vals
+done
+rm -f conftest.vals
+
+cat >> $CONFIG_STATUS <<\EOF
+  rm -f conftest.frag conftest.h
+  echo "/* $ac_file.  Generated automatically by configure.  */" > conftest.h
+  cat conftest.in >> conftest.h
+  rm -f conftest.in
+  if cmp -s $ac_file conftest.h 2>/dev/null; then
+    echo "$ac_file is unchanged"
+    rm -f conftest.h
+  else
+    # Remove last slash and all that follows it.  Not all systems have dirname.
+      ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'`
+      if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then
+      # The file is in a subdirectory.
+      test ! -d "$ac_dir" && mkdir "$ac_dir"
+    fi
+    rm -f $ac_file
+    mv conftest.h $ac_file
+  fi
+fi; done
+
+EOF
+cat >> $CONFIG_STATUS <<EOF
+
+EOF
+cat >> $CONFIG_STATUS <<\EOF
+
+exit 0
+EOF
+chmod +x $CONFIG_STATUS
+rm -fr confdefs* $ac_clean_files
+test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1
+ 
+
+cat > include/newversion.h.in <<FOOBAR
+char *${PACKAGE}_long_version = "@(#)\$Version: $PACKAGE-$VERSION by @USER@ on @HOST@ ($host) @DATE@ \$";
+char *${PACKAGE}_version = "$PACKAGE-$VERSION";
+FOOBAR
+
+if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
+	echo "include/version.h is unchanged"
+	rm -f include/newversion.h.in
+else
+ 	echo "creating include/version.h"
+ 	User=${USER-${LOGNAME}}
+ 	Host=`(hostname || uname -n) 2>/dev/null | sed 1q`
+ 	Date=`date`
+	mv -f include/newversion.h.in include/version.h.in
+	sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
+fi
+
diff --git a/crypto/kerberosIV/configure.in b/crypto/kerberosIV/configure.in
new file mode 100644
index 0000000..cd2a70e
--- /dev/null
+++ b/crypto/kerberosIV/configure.in
@@ -0,0 +1,1285 @@
+dnl
+dnl *** PLEASE NOTE ***
+dnl *** PLEASE NOTE ***
+dnl *** PLEASE NOTE ***
+dnl
+dnl Update $VERSION before making a new release
+dnl
+
+dnl Process this file with autoconf to produce a configure script.
+dnl
+AC_REVISION($Revision: 1.432.2.2 $)
+AC_INIT(lib/krb/getrealm.c)
+AC_CONFIG_HEADER(include/config.h)
+
+dnl
+dnl definitions
+dnl
+
+PACKAGE=krb4
+AC_SUBST(PACKAGE)dnl
+VERSION=1.0
+AC_SUBST(VERSION)dnl
+AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])dnl
+AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])dnl
+
+# This may be overridden using --prefix=/usr to configure
+AC_PREFIX_DEFAULT(/usr/athena)
+
+AC_CANONICAL_HOST
+CANONICAL_HOST=$host
+AC_SUBST(CANONICAL_HOST)
+
+dnl OS specific defines
+
+sunos=no
+case "$host" in 
+*-*-sunos4*)
+	sunos=40
+	;;
+*-*-solaris2.7)
+	sunos=57
+	;;
+*-*-solaris2*)
+	sunos=50
+	;;
+esac
+if test "$sunos" != no; then
+	AC_DEFINE_UNQUOTED(SunOS, $sunos, 
+		[Define to what version of SunOS you are running.])
+fi
+
+AC_PROG_MAKE_SET
+AC_ARG_PROGRAM
+
+# We want these before the checks, so the checks can modify their values.
+test -z "$LDFLAGS" && LDFLAGS=-g
+
+dnl
+dnl check for programs
+dnl
+
+AC_KRB_PROG_LN_S
+AC_PROG_CC
+AC_PROG_CPP
+AC_ISC_POSIX
+AC_KRB_PROG_YACC
+AC_PROG_LEX
+AC_PROG_RANLIB
+AC_PROG_INSTALL
+AC_PROG_AWK
+AC_CHECK_PROG(MAKEINFO, makeinfo, makeinfo, :)
+
+dnl Use make Wall or make WFLAGS=".."
+WFLAGS=""
+WFLAGS_NOUNUSED=""
+WFLAGS_NOIMPLICITINT=""
+AC_SUBST(WFLAGS) dnl
+AC_SUBST(WFLAGS_NOUNUSED) dnl
+AC_SUBST(WFLAGS_NOIMPLICITINT) dnl
+
+dnl
+dnl check for build options
+dnl
+
+AC_TEST_PACKAGE_NEW(socks,[#include <socks.h>],-lsocks5)
+CFLAGS="$INCLUDE_socks $CFLAGS"
+LIBS="$LIB_socks $LIBS"
+
+AC_ARG_ENABLE(legacy-kdestroy,
+[  --enable-legacy-kdestroy    kdestroy doesn't destroy tokens by default],[
+if test "$enableval" = "yes"; then
+	AC_DEFINE(LEGACY_KDESTROY,1, [Define to enable old kdestroy behavior.])
+fi
+])
+
+AC_ARG_ENABLE(match-subdomains,
+[  --enable-match-subdomains	match realm in subdomains],
+[if test "$enableval" = "yes"; then
+	AC_DEFINE(MATCH_SUBDOMAINS,1, [Define if you want to match subdomains.])
+fi
+])
+
+AC_ARG_WITH(ld-flags,
+[  --with-ld-flags=flags   what flags use when linking])
+
+AC_ARG_WITH(cracklib,
+[  --with-cracklib=dir     use the cracklib.a in dir],
+)
+
+AC_ARG_WITH(dictpath,
+[  --with-dictpath=path    use this dictionary with cracklib]
+)
+
+(test -z "$with_cracklib" && test -n "$with_dictpath") ||
+(test -n "$with_cracklib" && test -z "$with_dictpath") &&
+AC_MSG_ERROR(--with-cracklib requires --with-dictpath and vice versa)
+test -n "$with_cracklib" &&
+CRACKLIB="-L$with_cracklib -lcrack" &&
+AC_MSG_RESULT(Using cracklib in $with_cracklib)
+AC_SUBST(CRACKLIB)dnl
+test -n "$with_dictpath" &&
+AC_MSG_RESULT(Using dictpath=$with_dictpath) &&
+AC_DEFINE_UNQUOTED(DICTPATH,"$with_dictpath", [Define this to be the directory where the 
+	dictionary for cracklib resides.])
+
+AC_ARG_WITH(mailspool,
+[  --with-mailspool=dir    this is the mail spool directory]
+)
+
+test -n "$with_mailspool" &&
+AC_DEFINE_UNQUOTED(KRB4_MAILDIR, "$with_mailspool", [Define this to the path of the mail spool directory.])
+
+AC_ARG_WITH(db-dir,
+[  --with-db-dir=dir	   this is the database directory (default /var/kerberos)])
+
+test -n "$with_db_dir" &&
+AC_DEFINE_UNQUOTED(DB_DIR, "$with_db_dir", [Define this to the kerberos database directory.])
+
+AC_ARG_ENABLE(random-mkey,
+[  --enable-random-mkey    use new code for master keys],[
+if test "$enableval" = "yes"; then
+	AC_DEFINE(RANDOM_MKEY,1, [Define to enable new master key code.])
+fi
+])
+
+AC_ARG_WITH(mkey,
+[  --with-mkey=file        where to put the master key],[
+if test -n "$withval"; then
+	AC_DEFINE_UNQUOTED(MKEYFILE,"$withval", [Define this to the location of the master key.])
+fi
+])
+
+otp=yes
+AC_ARG_ENABLE(otp,
+[  --disable-otp           if you don't want OTP support],
+[
+if test "$enableval" = "no"; then
+	otp=no
+fi
+])
+
+if test "$otp" = "yes"; then
+	AC_DEFINE(OTP)
+	LIB_otp='-L$(top_builddir)/lib/otp -lotp'
+	OTP_dir=otp
+	LIB_SUBDIRS="$LIB_SUBDIRS otp"
+fi
+AC_SUBST(LIB_otp)
+AC_SUBST(OTP_dir)
+
+AC_CHECK_OSFC2
+
+mmap=yes
+AC_ARG_ENABLE(mmap,
+[  --disable-mmap          disable use of mmap],
+[
+if test "$enableval" = "no"; then
+	mmap=no
+fi
+])
+if test "$mmap" = "no"; then
+	AC_DEFINE(NO_MMAP, 1, [Define if you don't want to use mmap.])
+fi
+
+aix_dynamic_afs=yes
+AC_ARG_ENABLE(dynamic-afs,
+[  --disable-dynamic-afs   don't use loaded AFS library with AIX],[
+if test "$enableval" = "no"; then
+	aix_dynamic_afs=no
+fi
+])
+
+berkeley_db=db
+AC_ARG_WITH(berkeley-db,
+[  --without-berkeley-db   if you don't want berkeley db],[
+if test "$withval" = no; then
+	berkeley_db=""
+fi
+])
+
+afs_support=yes
+AC_ARG_WITH(afs-support,
+[  --without-afs-support   if you don't want support for afs],[
+if test "$withval" = no; then
+	AC_DEFINE(NO_AFS, 1, [Define if you don't wan't support for AFS.])
+	afs_support=no
+fi
+])
+
+des_quad=guess
+AC_ARG_WITH(des-quad-checksum,
+[  --with-des-quad-checksum=kind
+                           default checksum to use (new, old, or guess)],[
+des_quad="$withval"
+])
+if test "$des_quad" = "new"; then
+	ac_x=DES_QUAD_NEW
+elif test "$des_quad" = "old"; then
+	ac_x=DES_QUAD_OLD
+else
+	ac_x=DES_QUAD_GUESS
+fi	
+AC_DEFINE_UNQUOTED(DES_QUAD_DEFAULT,$ac_x, 
+	[Set this to the type of des-quad-cheksum to use.])
+
+AC_ARG_WITH(afsws,
+[  --with-afsws=dir        use AFS includes and libraries from dir=/usr/afsws],
+AFSWS=$withval,
+AFSWS=/usr/afsws
+)
+test "$AFSWS" = "yes" && AFSWS=/usr/afsws
+AC_SUBST(AFSWS)
+
+AC_ARG_ENABLE(rxkad,
+[  --enable-rxkad           build rxkad library],,[
+test -f $AFSWS/include/rx/rx.h && enable_rxkad=yes
+])
+
+if test "$afs_support" = yes -a "$enable_rxkad" = yes; then
+	LIB_SUBDIRS="$LIB_SUBDIRS rxkad"
+fi
+AC_SUBST(LIB_SUBDIRS)
+
+AC_ARG_ENABLE(cat-manpages,
+[  --disable-cat-manpages   don't install any preformatted manpages],
+[
+if test "$enableval" = "no"; then
+	disable_cat_manpages=yes
+fi
+])
+
+AC_SUBST(disable_cat_manpages)dnl
+
+AC_TEST_PACKAGE_NEW(readline,[
+#include <stdio.h>
+#include <readline.h>
+],-lreadline)
+
+AC_MIPS_ABI
+
+AC_TEST_PACKAGE_NEW(hesiod,[#include <hesiod.h>],-lhesiod)
+
+AC_SHARED_LIBS
+
+dnl
+dnl Check for endian-ness, this breaks cross compilation
+dnl
+AC_C_BIGENDIAN
+
+dnl
+dnl Check for constness
+dnl
+AC_C_CONST
+
+dnl
+dnl Check for inline keyword
+dnl
+AC_C_INLINE
+
+dnl
+dnl Check for __attribute__
+dnl
+AC_C___ATTRIBUTE__
+
+dnl
+dnl Check for strange operating systems that you need to handle differently
+dnl
+
+AC_KRB_SYS_NEXTSTEP
+AC_KRB_SYS_AIX
+
+if test "$krb_cv_sys_aix" = yes ;then
+	if test "$aix_dynamic_afs" = yes; then
+		AFS_EXTRA_OBJS=
+		AFS_EXTRA_LIBS=afslib.so
+		# this works differently in AIX <=3 and 4
+		if test `uname -v` = 4 ; then
+			AFS_EXTRA_LD="-bnoentry"
+		else
+			AFS_EXTRA_LD="-e _nostart"
+		fi
+		AFS_EXTRA_DEFS=
+		AC_FIND_FUNC_NO_LIBS(dlopen, dl)
+		if test "$ac_cv_funclib_dlopen" = yes; then
+			AIX_EXTRA_KAFS=
+		elif test "$ac_cv_funclib_dlopen" != no; then
+			AIX_EXTRA_KAFS="$ac_cv_funclib_dlopen"
+		else
+			AFS_EXTRA_OBJS="$AFS_EXTRA_OBJS dlfcn.o"
+			AIX_EXTRA_KAFS=-lld
+		fi
+	else
+		AFS_EXTRA_OBJS='$(srcdir)/afsl.exp afslib.o'
+		AFS_EXTRA_LIBS=
+		AFS_EXTRA_DEFS='-DSTATIC_AFS_SYSCALLS'
+		AIX_EXTRA_KAFS=
+	fi
+	AC_SUBST(AFS_EXTRA_OBJS)dnl
+	AC_SUBST(AFS_EXTRA_LIBS)dnl
+	AC_SUBST(AFS_EXTRA_LD)dnl
+	AC_SUBST(AFS_EXTRA_DEFS)dnl
+	AC_SUBST(AIX_EXTRA_KAFS)dnl
+fi
+
+#
+# AIX needs /lib/pse.exp for getmsg, but alas that file is broken in
+# AIX414
+#
+
+case "${host}" in
+*-*-aix4.1*)
+if test -f /lib/pse.exp ;then
+	LIBS="$LIBS -Wl,-bnolibpath -Wl,-bI:/lib/pse.exp"
+fi
+;;
+esac
+
+dnl
+dnl Various checks for headers and their contents
+dnl
+
+AC_HEADER_STDC
+
+AC_CHECK_HEADERS([arpa/ftp.h			\
+	arpa/inet.h				\
+	arpa/nameser.h				\
+	arpa/telnet.h				\
+	bsd/bsd.h				\
+	bsdsetjmp.h				\
+	capability.h				\
+	crypt.h					\
+	curses.h				\
+	db.h					\
+	dbm.h					\
+	dirent.h				\
+	err.h					\
+	errno.h					\
+	fcntl.h					\
+	fnmatch.h				\
+	grp.h					\
+	inttypes.h				\
+	io.h					\
+	lastlog.h				\
+	libutil.h				\
+	limits.h				\
+	login.h					\
+	maillock.h				\
+	ndbm.h					\
+	net/if.h				\
+	net/if_tun.h				\
+	net/if_var.h				\
+	netdb.h					\
+	netinet/in.h				\
+	netinet/in6_machtypes.h			\
+	netinet/in_systm.h			\
+	paths.h					\
+	pty.h					\
+	pwd.h					\
+	resolv.h				\
+	rpcsvc/dbm.h				\
+	rpcsvc/ypclnt.h				\
+	sac.h					\
+	security/pam_modules.h			\
+	shadow.h				\
+	siad.h					\
+	signal.h				\
+	stropts.h				\
+	sys/bitypes.h				\
+	sys/category.h				\
+	sys/file.h				\
+	sys/filio.h				\
+	sys/ioccom.h				\
+	sys/ioctl.h				\
+	sys/locking.h				\
+	sys/mman.h				\
+	sys/param.h				\
+	sys/proc.h				\
+	sys/pty.h				\
+	sys/ptyio.h				\
+	sys/ptyvar.h				\
+	sys/resource.h				\
+	sys/select.h				\
+	sys/socket.h				\
+	sys/sockio.h				\
+	sys/stat.h				\
+	sys/str_tty.h				\
+	sys/stream.h				\
+	sys/stropts.h				\
+	sys/strtty.h				\
+	sys/syscall.h				\
+	sys/sysctl.h				\
+	sys/termio.h				\
+	sys/time.h				\
+	sys/timeb.h				\
+	sys/times.h				\
+	sys/tty.h				\
+	sys/types.h				\
+	sys/uio.h				\
+	sys/un.h				\
+	sys/utsname.h				\
+	sys/wait.h				\
+	syslog.h				\
+	term.h					\
+	termcap.h				\
+	termio.h				\
+	termios.h				\
+	tmpdir.h				\
+	ttyent.h				\
+	udb.h					\
+	ulimit.h				\
+	unistd.h				\
+	userpw.h				\
+	usersec.h				\
+	util.h					\
+	utime.h					\
+	utmp.h					\
+	utmpx.h					\
+	wait.h])
+
+AC_HEADER_TIME
+AC_DECL_SYS_SIGLIST
+
+CHECK_NETINET_IP_AND_TCP
+
+EXTRA_LOCL_HEADERS=
+EXTRA_HEADERS=
+if test "$ac_cv_header_err_h" != yes; then
+	EXTRA_HEADERS="$EXTRA_HEADERS err.h"
+fi
+if test "$ac_cv_header_fnmatch_h" != yes; then
+	EXTRA_LOCL_HEADERS="$EXTRA_LOCL_HEADERS fnmatch.h"
+fi
+AC_SUBST(EXTRA_HEADERS)
+AC_SUBST(EXTRA_LOCL_HEADERS)
+
+AC_GROK_TYPES(int8_t int16_t int32_t int64_t)
+AC_GROK_TYPES(u_int8_t u_int16_t u_int32_t u_int64_t)
+
+AC_MSG_CHECKING(for strange sys/bitypes.h)
+AC_CACHE_VAL(krb_cv_int8_t_ifdef, [
+AC_TRY_COMPILE([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+],
+int8_t x;
+,
+krb_cv_int8_t_ifdef=no,
+krb_cv_int8_t_ifdef=yes)])
+AC_MSG_RESULT($krb_cv_int8_t_ifdef)
+if test "$krb_cv_int8_t_ifdef" = "yes"; then
+  AC_DEFINE(HAVE_STRANGE_INT8_T, 1, [Huh?])dnl
+fi
+
+dnl
+dnl Various checks for libraries and their contents
+dnl
+
+AC_FIND_FUNC_NO_LIBS(crypt, crypt)dnl
+
+dnl
+dnl System V is have misplaced the socket routines, should really be in libc
+dnl
+
+AC_FIND_FUNC(socket, socket,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif],
+[0,0,0])
+AC_FIND_FUNC(gethostbyname, nsl,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif],
+"foo")
+
+dnl
+dnl Horror AIX needs -lodm -lcfg to link login
+dnl
+
+AC_FIND_FUNC(odm_initialize, odm)
+AC_FIND_FUNC(getattr, cfg)
+AC_FIND_FUNC(setpcred, s)
+AC_FIND_FUNC(logwtmp, util)
+
+AC_FIND_FUNC(logout, util)
+AC_FIND_FUNC_NO_LIBS(tgetent, termcap ncurses curses)
+	
+dnl 
+dnl See if there is any X11 present
+dnl
+KRB_CHECK_X
+if test "$no_x" = "yes" ; then
+	MAKE_X_PROGS_BIN=""
+	MAKE_X_PROGS_LIBEXEC=""
+else
+	MAKE_X_PROGS_BIN='$(X_PROGS_BIN)'
+	MAKE_X_PROGS_LIBEXEC='$(X_PROGS_LIBEXEC)'
+fi
+AC_SUBST(MAKE_X_PROGS_BIN)dnl
+AC_SUBST(MAKE_X_PROGS_LIBEXEC)dnl
+
+AC_CHECK_XAU
+
+dnl
+dnl Look for berkeley db, gdbm, and ndbm in that order.
+dnl
+
+KRB_FIND_DB("" $berkeley_db gdbm ndbm)
+
+AC_FIND_FUNC(syslog, syslog)
+
+AC_BROKEN_SNPRINTF
+AC_BROKEN_GLOB
+
+if test "$ac_cv_func_glob_working" != yes; then
+	EXTRA_LOCL_HEADERS="$EXTRA_LOCL_HEADERS glob.h"
+	LIBOBJS="$LIBOBJS glob.o"
+fi
+
+AC_CHECK_FUNCS([				\
+	_getpty					\
+	_scrsize				\
+	_setsid					\
+	_stricmp				\
+	asnprintf				\
+	asprintf				\
+	atexit					\
+	cgetent					\
+	chroot					\
+	fattach					\
+	fchmod					\
+	fcntl					\
+	forkpty					\
+	frevoke					\
+	getpriority				\
+	getrlimit				\
+	getservbyname				\
+	getspnam				\
+	gettimeofday				\
+	gettosbyname				\
+	getuid					\
+	grantpt					\
+	mktime					\
+	on_exit					\
+	parsetos				\
+	ptsname					\
+	rand					\
+	random					\
+	revoke					\
+	setitimer				\
+	setpgid					\
+	setpriority				\
+	setproctitle				\
+	setregid				\
+	setresgid				\
+	setresuid				\
+	setreuid				\
+	setsid					\
+	setutent				\
+	sigaction				\
+	sysconf					\
+	sysctl					\
+	ttyname					\
+	ttyslot					\
+	ulimit					\
+	uname					\
+	unlockpt				\
+	vasnprintf				\
+	vasprintf				\
+	vhangup					\
+	vsnprintf				\
+	yp_get_default_domain			\
+	])
+
+KRB_CAPABILITIES
+
+AC_CHECK_GETPWNAM_R_POSIX
+
+AC_FIND_FUNC_NO_LIBS(getsockopt,,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif],
+[0,0,0,0,0])
+AC_FIND_FUNC_NO_LIBS(setsockopt,,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif],
+[0,0,0,0,0])
+
+dnl Cray stuff
+AC_CHECK_FUNCS(getudbnam setlim)
+
+AC_FIND_FUNC(res_search, resolv,
+[
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+],
+[0,0,0,0,0])
+
+AC_FIND_FUNC(dn_expand, resolv,
+[
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+],
+[0,0,0,0,0])
+
+AC_SUBST(LIB_res_search)dnl
+AC_SUBST(LIB_dn_expand)dnl
+
+AC_FUNC_MMAP
+AC_FUNC_ALLOCA
+
+AC_FUNC_GETLOGIN
+
+AC_FIND_IF_NOT_BROKEN(hstrerror, resolv,
+[#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif],
+17)
+if test "$ac_cv_func_hstrerror" = yes; then
+AC_NEED_PROTO([
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif],
+hstrerror)
+fi
+
+AC_BROKEN(chown copyhostent daemon err errx fchown flock fnmatch freehostent)
+AC_BROKEN(getcwd getdtablesize gethostname getipnodebyaddr getipnodebyname)
+AC_BROKEN(geteuid getgid getegid)
+AC_BROKEN(getopt getusershell)
+AC_BROKEN(inet_aton inet_ntop inet_pton initgroups innetgr iruserok lstat)
+AC_BROKEN(memmove)
+AC_BROKEN(mkstemp putenv rcmd readv recvmsg sendmsg setegid setenv seteuid)
+AC_BROKEN(strcasecmp strncasecmp strdup strerror strftime)
+AC_BROKEN(strlcat strlcpy strlwr)
+AC_BROKEN(strndup strnlen strptime strsep strtok_r strupr)
+AC_BROKEN(swab unsetenv verr verrx vsyslog)
+AC_BROKEN(vwarn vwarnx warn warnx writev)
+
+if test "$ac_cv_func_gethostname" = "yes"; then
+AC_NEED_PROTO([
+#include <unistd.h>],
+gethostname)
+fi
+
+if test "$ac_cv_func_mkstemp" = "yes"; then
+AC_NEED_PROTO([
+#include <unistd.h>],
+mkstemp)
+fi
+
+if test "$ac_cv_func_inet_aton" = "yes"; then
+AC_NEED_PROTO([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif],
+inet_aton)
+fi
+
+AC_CACHE_CHECK(if realloc is broken, ac_cv_func_realloc_broken, [
+ac_cv_func_realloc_broken=no
+AC_TRY_RUN([
+#include <stddef.h>
+#include <stdlib.h>
+
+int main()
+{
+	return realloc(NULL, 17) == NULL;
+}
+],:, ac_cv_func_realloc_broken=yes, :)
+])
+if test "$ac_cv_func_realloc_broken" = yes ; then
+	AC_DEFINE(BROKEN_REALLOC, 1, [Define if realloc(NULL, X) doesn't work.])
+fi
+
+AC_KRB_FUNC_GETCWD_BROKEN
+
+dnl
+dnl Figure what authentication modules should be built
+dnl
+
+AC_MSG_CHECKING(which authentication modules should be built)
+
+LIB_AUTH_SUBDIRS=
+
+if test "$ac_cv_header_siad_h" = yes; then
+	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
+fi
+
+if test "$ac_cv_header_security_pam_modules_h" = yes -a "$enable_shared" = yes; then
+	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
+fi
+
+case "${host}" in
+changequote(,)dnl
+*-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
+changequote([,])dnl
+esac
+
+AC_MSG_RESULT($LIB_AUTH_SUBDIRS)
+
+AC_SUBST(LIB_AUTH_SUBDIRS)dnl
+
+dnl
+dnl Figure out if we have tunnels
+dnl
+
+AC_MSG_CHECKING(for tunnel devices)
+
+APPL_KIP_DIR=
+
+if test "$ac_cv_header_net_if_tun_h" = "yes"; then
+	APPL_KIP_DIR=kip
+fi
+
+AC_MSG_RESULT($ac_cv_header_net_if_tun_h)
+
+AC_SUBST(APPL_KIP_DIR)dnl
+
+dnl
+dnl Checks for prototypes and declarations
+dnl
+
+AC_PROTO_COMPAT([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+],
+gethostbyname, struct hostent *gethostbyname(const char *))
+
+AC_PROTO_COMPAT([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+],
+gethostbyaddr, struct hostent *gethostbyaddr(const void *, size_t, int))
+
+AC_PROTO_COMPAT([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+],
+getservbyname, struct servent *getservbyname(const char *, const char *))
+
+AC_PROTO_COMPAT([
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+],
+openlog, void openlog(const char *, int, int))
+
+AC_NEED_PROTO([
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+],
+crypt)
+
+AC_NEED_PROTO([
+#include <stdio.h>
+],
+fclose)
+
+AC_NEED_PROTO([
+#include <string.h>
+],
+strtok_r)
+
+AC_NEED_PROTO([
+#include <string.h>
+],
+strsep)
+
+AC_NEED_PROTO([
+#include <unistd.h>
+],
+getusershell)
+
+AC_NEED_PROTO([
+#ifdef HAVE_UTIME_H
+#include <utime.h>
+#endif
+],
+utime)
+
+AC_CHECK_VAR([#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif],
+h_errno)
+
+AC_CHECK_VAR([#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif],
+h_errlist)
+
+AC_CHECK_VAR([#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif],
+h_nerr)
+
+AC_CHECK_VAR([#ifdef HAVE_ERR_H
+#include <err.h>
+#endif],[__progname])
+
+AC_CHECK_DECLARATION([#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif], optarg)
+AC_CHECK_DECLARATION([#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif], optind)
+AC_CHECK_DECLARATION([#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif], opterr)
+AC_CHECK_DECLARATION([#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif], optopt)
+
+AC_CHECK_DECLARATION([#include <stdlib.h>], environ)
+
+dnl
+dnl According to ANSI you are explicitly allowed to cast to void,
+dnl but the standard fails to say what should happen. Some compilers
+dnl think this is illegal:
+dnl
+dnl void foo(void)
+dnl {
+dnl   return (void)0;
+dnl }
+dnl
+dnl Thus explicitly test for void
+dnl
+AC_TYPE_SIGNAL
+if test "$ac_cv_type_signal" = "void" ; then
+	AC_DEFINE(VOID_RETSIGTYPE, 1, [Define if RETSIGTYPE == void.])
+fi
+
+dnl
+dnl Check for fields in struct utmp
+dnl
+
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_addr,
+[#include <sys/types.h>
+ #include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_host,
+[#include <sys/types.h>
+ #include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_id,
+[#include <sys/types.h>
+ #include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_pid,
+[#include <sys/types.h>
+ #include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_type,
+[#include <sys/types.h>
+ #include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_user,
+[#include <sys/types.h>
+ #include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmpx, ut_exit,
+[#include <sys/types.h>
+ #include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmpx, ut_syslen,
+[#include <sys/types.h>
+ #include <utmp.h>])
+
+dnl
+dnl Check for fields in struct tm
+dnl
+
+AC_HAVE_STRUCT_FIELD(struct tm, tm_gmtoff, [#include <time.h>])
+AC_HAVE_STRUCT_FIELD(struct tm, tm_zone, [#include <time.h>])
+
+dnl
+dnl or do we have a variable `timezone' ?
+dnl
+
+AC_CHECK_VAR(
+[#include <time.h>],
+timezone)
+
+AC_HAVE_TYPE([sa_family_t],[#include <sys/socket.h>])
+
+AC_HAVE_TYPE([struct sockaddr_storage], [#include <sys/socket.h>])
+
+AC_KRB_STRUCT_SPWD
+
+AC_STRUCT_ST_BLKSIZE
+
+dnl
+dnl Check for struct winsize
+dnl
+
+AC_KRB_STRUCT_WINSIZE
+
+dnl
+dnl Check for some common types
+dnl
+
+AC_TYPE_PID_T
+AC_TYPE_UID_T
+AC_TYPE_OFF_T
+AC_TYPE_SIZE_T
+
+AC_CHECK_TYPE_EXTRA(ssize_t, int, [
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif])
+
+dnl
+dnl Check for broken ultrix sys/socket.h
+dnl
+
+AC_MSG_CHECKING(for broken sys/socket.h)
+AC_CACHE_VAL(krb_cv_header_sys_socket_h_broken, [
+AC_TRY_COMPILE(
+[#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/socket.h>],[],
+krb_cv_header_sys_socket_h_broken=no,
+krb_cv_header_sys_socket_h_broken=yes)])
+AC_MSG_RESULT($krb_cv_header_sys_socket_h_broken)
+AC_SUBST(krb_cv_header_sys_socket_h_broken)
+
+dnl
+dnl Check for broken ultrix netdb.h
+dnl
+
+AC_MSG_CHECKING(for broken netdb.h)
+AC_CACHE_VAL(krb_cv_header_netdb_h_broken, [
+AC_TRY_COMPILE(
+[#include <sys/types.h>
+#include <netdb.h>
+#include <netdb.h>],[],
+krb_cv_header_netdb_h_broken=no,
+krb_cv_header_netdb_h_broken=yes)])
+AC_MSG_RESULT($krb_cv_header_netdb_h_broken)
+AC_SUBST(krb_cv_header_netdb_h_broken)
+if test "$krb_cv_header_netdb_h_broken" = "yes"; then
+  EXTRA_HEADERS="$EXTRA_HEADERS netdb.h"
+fi
+
+dnl
+dnl Check for sa_len in sys/socket.h
+dnl
+
+AC_HAVE_STRUCT_FIELD(struct sockaddr, sa_len, [#include <sys/types.h>
+#include <sys/socket.h>])
+
+dnl
+dnl Check for ouid in sys/siad.h
+dnl
+
+if test "$ac_cv_header_siad_h" = yes; then
+AC_HAVE_STRUCT_FIELD(SIAENTITY, ouid, [#include <siad.h>])
+fi
+
+dnl
+dnl you can link with getmsg on AIX 3.2 but you cannot run the program
+dnl
+
+AC_CHECK_FUNCS(getmsg)
+
+if test "$ac_cf_func_getmsg" = "yes"; then
+
+AC_CACHE_CHECK(for working getmsg, ac_cv_func_getmsg,
+AC_TRY_RUN(
+[
+#include <stdio.h>
+
+int main()
+{
+  getmsg(open("/dev/null", 0), NULL, NULL, NULL);
+  return 0;
+}
+], ac_cv_func_getmsg=yes, ac_cv_func_getmsg=no, ac_cv_func_getmsg=no))
+test "$ac_cv_func_getmsg" = "yes" &&
+AC_DEFINE(HAVE_GETMSG, 1, [Define if you have a working getmsg.])
+
+fi
+
+dnl
+dnl Tests for editline
+dnl
+
+dnl el_init
+
+AC_FIND_FUNC_NO_LIBS(el_init, edit, [], [], [$LIB_tgetent])
+if test "$ac_cv_func_el_init" = yes ; then
+	AC_CACHE_CHECK(for four argument el_init, ac_cv_func_el_init_four,[
+		AC_TRY_COMPILE([#include <stdio.h>
+			#include <histedit.h>],
+			[el_init("", NULL, NULL, NULL);],
+			ac_cv_func_el_init_four=yes,
+			ac_cv_func_el_init_four=no)])
+	if test "$ac_cv_func_el_init_four" = yes; then
+		AC_DEFINE(HAVE_FOUR_VALUED_EL_INIT, 1, [Define if el_init takes four arguments.])
+	fi
+fi
+
+dnl readline
+
+save_LIBS="$LIBS"
+LIBS="$LIB_tgetent $LIBS"
+AC_FIND_FUNC_NO_LIBS(readline, edit readline)
+LIBS="$save_LIBS"
+el_yes="# "
+if test "$with_readline" -a "$with_readline" != "no"; then
+	:
+elif test "$ac_cv_func_readline" = yes; then
+	INCLUDE_readline=
+elif test "$ac_cv_func_el_init" = yes; then
+	el_yes=
+	LIB_readline="-L\$(top_builddir)/lib/editline -lel_compat $LIB_el_init"
+	INCLUDE_readline='-I$(top_srcdir)/lib/editline'
+else
+	LIB_readline='-L$(top_builddir)/lib/editline -leditline'
+	INCLUDE_readline='-I$(top_srcdir)/lib/editline'
+fi
+LIB_readline="$LIB_readline \$(LIB_tgetent)"
+AC_DEFINE(HAVE_READLINE, 1, [Define if you have a readline function.])dnl XXX
+AC_SUBST(LIB_readline)
+AC_SUBST(INCLUDE_readline)
+AC_SUBST(el_yes)
+
+dnl telnet muck --------------------------------------------------
+
+AC_DEFINE(AUTHENTICATION)dnl
+AC_DEFINE(KRB4)dnl
+AC_DEFINE(ENCRYPTION)dnl
+AC_DEFINE(DES_ENCRYPTION)dnl
+AC_DEFINE(DIAGNOSTICS)dnl
+AC_DEFINE(OLD_ENVIRON)dnl
+
+# Simple test for streamspty, based on the existance of getmsg(), alas
+# this breaks on SunOS4 which have streams but BSD-like ptys
+#
+# And also something wierd has happend with dec-osf1, fallback to bsd-ptys
+
+AC_MSG_CHECKING(for streamspty)
+case "`uname -sr`" in
+SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.10.*)
+	krb_cv_sys_streamspty=no
+	;;
+AIX*)
+	os_rel=`uname -v`.`uname -r`
+	if expr "$os_rel" : "3*" >/dev/null 2>&1; then
+		krb_cv_sys_streamspty=no
+	else
+		krb_cv_sys_streamspty="$ac_cv_func_getmsg"
+	fi
+	;;
+*)
+	krb_cv_sys_streamspty="$ac_cv_func_getmsg"
+	;;
+esac
+if test "$krb_cv_sys_streamspty" = yes; then
+	AC_DEFINE(STREAMSPTY, 1, [Define if you have working stream ptys.])
+fi
+dnl AC_SUBST(STREAMSPTY)
+AC_MSG_RESULT($krb_cv_sys_streamspty)
+
+AC_MSG_CHECKING([if /bin/ls takes -A])
+if /bin/ls -A > /dev/null 2>&1 ;then
+	AC_DEFINE(HAVE_LS_A, 1, [Define if /bin/ls has a \`-A' flag.])
+	krb_ls_a=yes
+else
+	krb_ls_a=no
+fi
+AC_MSG_RESULT($krb_ls_a)
+	
+dnl ------------------------------------------------------------
+AC_CACHE_CHECK(for suffix of preformatted manual pages, krb_cv_sys_cat_suffix,
+if grep _version /etc/man.conf > /dev/null 2>&1; then
+	krb_cv_sys_cat_suffix=0
+else
+	krb_cv_sys_cat_suffix=number
+fi)
+if test "$krb_cv_sys_cat_suffix" = number; then
+		CATSUFFIX='$$s'
+else
+		CATSUFFIX=0
+fi
+AC_SUBST(CATSUFFIX)
+
+dnl ------------------------------------------------------------
+
+KRB_KAFS_LIB="-L\$(top_builddir)/lib/kafs -lkafs $AIX_EXTRA_KAFS"
+AC_SUBST(KRB_KAFS_LIB)dnl
+
+dnl ------------------------------------------------------------
+
+
+dnl This is done by AC_OUTPUT but we need the result here.
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+for i in bin lib libexec sbin; do
+	i=${i}dir
+	foo=`echo $i | tr 'xindiscernible' 'XINDISCERNIBLE'`
+	x="\$${i}"
+	eval y="$x"
+	while test "x$y" != "x$x"; do
+		x="$y"
+		eval y="$x"
+	done
+	AC_DEFINE_UNQUOTED($foo,"$x")
+done
+
+dnl
+dnl We are all set to emit the Makefiles and config.h
+dnl
+AC_OUTPUT(					\
+Makefile 					\
+include/Makefile				\
+include/sys/Makefile				\
+						\
+man/Makefile					\
+						\
+lib/Makefile					\
+lib/com_err/Makefile				\
+lib/des/Makefile				\
+lib/krb/Makefile				\
+lib/kdb/Makefile				\
+lib/kadm/Makefile				\
+lib/acl/Makefile				\
+lib/kafs/Makefile				\
+lib/roken/Makefile				\
+lib/otp/Makefile				\
+lib/sl/Makefile					\
+lib/editline/Makefile				\
+lib/rxkad/Makefile				\
+lib/auth/Makefile				\
+lib/auth/pam/Makefile				\
+lib/auth/sia/Makefile				\
+lib/auth/afskauthlib/Makefile			\
+						\
+kuser/Makefile					\
+server/Makefile					\
+slave/Makefile					\
+admin/Makefile					\
+kadmin/Makefile					\
+						\
+appl/Makefile					\
+						\
+appl/afsutil/Makefile 				\
+appl/ftp/Makefile				\
+appl/ftp/common/Makefile			\
+appl/ftp/ftp/Makefile				\
+appl/ftp/ftpd/Makefile				\
+appl/telnet/Makefile				\
+appl/telnet/libtelnet/Makefile			\
+appl/telnet/telnet/Makefile			\
+appl/telnet/telnetd/Makefile			\
+appl/bsd/Makefile 				\
+appl/kauth/Makefile				\
+appl/popper/Makefile				\
+appl/movemail/Makefile				\
+appl/push/Makefile				\
+appl/sample/Makefile				\
+appl/xnlock/Makefile				\
+appl/kx/Makefile				\
+appl/kip/Makefile				\
+appl/otp/Makefile				\
+doc/Makefile					\
+etc/inetd.conf.changes				\
+) dnl end of AC_OUTPUT
+
+AC_KRB_VERSION
diff --git a/crypto/kerberosIV/doc/Makefile.in b/crypto/kerberosIV/doc/Makefile.in
new file mode 100644
index 0000000..bbf870e
--- /dev/null
+++ b/crypto/kerberosIV/doc/Makefile.in
@@ -0,0 +1,78 @@
+# $Id: Makefile.in,v 1.19 1999/09/28 12:35:11 assar Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+MAKEINFO = @MAKEINFO@
+TEXI2DVI = texi2dvi
+TEXI2HTML = texi2html
+
+prefix = @prefix@
+infodir = @infodir@
+
+TEXI_SOURCES = ack.texi				\
+	index.texi				\
+	install.texi				\
+	intro.texi				\
+	kth-krb.texi				\
+	otp.texi				\
+	problems.texi				\
+	setup.texi				\
+	whatis.texi
+
+all: info
+
+install: all installdirs
+	if test -f kth-krb.info; then \
+	  $(INSTALL_DATA) kth-krb.info $(DESTDIR)$(infodir)/kth-krb.info; \
+	else \
+	  $(INSTALL_DATA) $(srcdir)/kth-krb.info $(DESTDIR)$(infodir)/kth-krb.info; \
+	fi
+	if test -f $(DESTDIR)$(infodir)/dir ; then :; else \
+		$(INSTALL_DATA) $(srcdir)/dir $(DESTDIR)$(infodir)/dir; \
+	fi
+	-if $(SHELL) -c 'install-info --version' >/dev/null 2>&1; then \
+	  install-info --dir-file=$(DESTDIR)$(infodir)/dir $(DESTDIR)$(infodir)/kth-krb.info; \
+	else \
+	  true; \
+	fi
+
+uninstall:
+	rm -f $(DESTDIR)$(infodir)/kth-krb.info
+
+installdirs:
+	$(MKINSTALLDIRS) $(DESTDIR)$(infodir)
+
+info: kth-krb.info
+
+kth-krb.info: $(TEXI_SOURCES)
+	$(MAKEINFO) --no-split -I$(srcdir) -o $@ $(srcdir)/kth-krb.texi
+
+dvi: kth-krb.dvi
+
+kth-krb.dvi: $(TEXI_SOURCES)
+	$(TEXI2DVI) $(srcdir)/kth-krb.texi
+
+html: kth-krb.html
+
+kth-krb.html: $(TEXI_SOURCES)
+	$(TEXI2HTML) $(srcdir)/kth-krb.texi
+
+clean:
+	rm -f *.aux *.cp *.cps *.dvi *.fn *.ky *.log *.pg *.toc *.tp *.vr
+
+distclean: clean
+
+mostlyclean: clean
+
+maintainer-clean: clean
+	rm -f *.info*
+
+check:
+
+.PHONY: all install uninstall installdirs info dvi html clean distclean mostlyclean maintainer-clean check
diff --git a/crypto/kerberosIV/doc/ack.texi b/crypto/kerberosIV/doc/ack.texi
new file mode 100644
index 0000000..327220c
--- /dev/null
+++ b/crypto/kerberosIV/doc/ack.texi
@@ -0,0 +1,106 @@
+@node  Acknowledgments, Index, Resolving frequent problems, Top
+@comment  node-name,  next,  previous,  up
+@appendix Acknowledgments
+
+People from the MIT Athena project wrote the original code that this is
+based on. @w{Kerberos 4} @w{patch-level 9} was stripped of both the
+encryption functions and the calls to them. This was exported from the
+US as the ``Bones'' release.  Eric Young put back the calls and hooked
+in his libdes, thereby creating the ``eBones'' release.
+@cindex Bones
+@cindex eBones
+
+The ``rcmd'' programs where initially developed at the University of
+California at Berkeley and then hacked on by the FreeBSD and NetBSD
+projects.
+
+Berkeley also wrote @code{ftp}, @code{ftpd}, @code{telnet}, and
+@code{telnetd}.  The authentication and encryption code of @code{telnet}
+and @code{telnetd} was added by David Borman (then of Cray Research,
+Inc).  The encryption code was removed when this was exported and then
+added back by Juha Eskelinen, @code{<esc@@magic.fi>}.
+
+The @code{popper} was also a Berkeley program initially.
+
+The @code{login} has the same origins but has received code written by
+Wietse Venema at Eindhoven University of Technology, The Netherlands.
+
+@code{movemail} was (at least partially) written by Jonathan Kamens,
+@code{<jik@@security.ov.com>}, and is Copyright @copyright{} 1986, 1991,
+1992, 1993, 1994 Free Software Foundation, Inc.
+
+@code{xnlock} was originally written by Dan Heller in 1985 for sunview.
+The X version was written by him in 1990.
+
+Some of the functions in @file{libroken} also come from Berkeley by the
+way of NetBSD/FreeBSD.
+
+The code to handle the dynamic loading of the AFS module for AIX is
+copyright @copyright{} 1992 HELIOS Software GmbH 30159 Hannover,
+Germany.
+
+@code{editline} was written by Simmule Turner and Rich Salz.
+
+Bugfixes and code has been contributed by:
+@table @asis
+@item Derrick J Brashear
+@code{<shadow@@dementia.org>}
+@item Anders Gertz
+@code{<gertz@@lysator.liu.se>}
+@item Dejan Ilic
+@code{<svedja@@lysator.liu.se>}
+@item Kent Engstr�m
+@code{<kent@@lysator.liu.se>}
+@item Simon Josefsson
+@code{<jas@@pdc.kth.se>}
+@item Robert Malmgren
+@code{<rom@@incolumitas.se>}
+@item Fredrik Ljungberg
+@code{<flag@@astrogator.se>}
+@item Joakim Fallsj�
+@code{jfa@@pobox.se}
+@item Lars Malinowsky
+@code{<lama@@pdc.kth.se>}
+@item Fabien Coelho
+@code{<coelho@@cri.ensmp.fr>}
+@item Chris Chiappa
+@code{<griffon+@@cmu.edu>}
+@item Gregory S. Stark
+@code{<gsstark@@mit.edu>}
+@item Love H�rnquist-�strand
+@code{<lha@@stacken.kth.se>}
+@item Daniel Staaf
+@code{<d96-dst@@nada.kth.se>}
+@item Magnus Ahltorp
+@code{<map@@stacken.kth.se>}
+@item Robert Burgess
+@code{<rb@@stacken.kth.se>}
+@item Lars Arvestad
+@code{<arve@@nada.kth.se>}
+@item J�rgen Wahlsten
+@code{<wahlsten@@pathfinder.com>}
+@item Daniel Staaf
+@code{<d96-dst@@nada.kth.se>}
+@item R Lindsay Todd
+@code{<toddr@@rpi.edu>}
+@item �ke Sandgren
+@code{<ake@@cs.umu.se>}
+@item Thomas Nystr�m
+@code{<thn@@stacken.kth.se>}
+@item and we hope that those not mentioned here will forgive us.
+@end table
+
+Ian Marsh @code{<ianm@@sics.se>} removed the worst abuses of the English
+language from this text.
+
+Ilja Hallberg @code{<iha@@incolumitas.se>} is still promising to help us
+finish the documentation.
+
+This work was supported in part by SUNET and the Centre for Parallel
+Computers at KTH.
+
+The port to Windows 95/NT was supported by the Computer Council at KTH
+and done by J�rgen Karlsson @code{<d93-jka@@nada.kth.se>}.
+
+All the bugs were introduced by ourselves.
+
diff --git a/crypto/kerberosIV/doc/dir b/crypto/kerberosIV/doc/dir
new file mode 100644
index 0000000..911f622
--- /dev/null
+++ b/crypto/kerberosIV/doc/dir
@@ -0,0 +1,17 @@
+$Id: dir,v 1.1 1997/06/12 16:15:21 joda Exp $
+This is the file .../info/dir, which contains the topmost node of the
+Info hierarchy.  The first time you invoke Info you start off
+looking at that node, which is (dir)Top.
+
+File: dir	Node: Top	This is the top of the INFO tree
+
+  This (the Directory node) gives a menu of major topics. 
+  Typing "q" exits, "?" lists all Info commands, "d" returns here,
+  "h" gives a primer for first-timers,
+  "mEmacs<Return>" visits the Emacs topic, etc.
+
+  In Emacs, you can click mouse button 2 on a menu item or cross reference
+  to select it.
+
+* Menu: 
+
diff --git a/crypto/kerberosIV/doc/index.texi b/crypto/kerberosIV/doc/index.texi
new file mode 100644
index 0000000..ebe5d91
--- /dev/null
+++ b/crypto/kerberosIV/doc/index.texi
@@ -0,0 +1,6 @@
+@node Index, , Acknowledgments, Top
+@comment  node-name,  next,  previous,  up
+@unnumbered Index
+
+@printindex cp
+
diff --git a/crypto/kerberosIV/doc/install.texi b/crypto/kerberosIV/doc/install.texi
new file mode 100644
index 0000000..26d2abf
--- /dev/null
+++ b/crypto/kerberosIV/doc/install.texi
@@ -0,0 +1,496 @@
+@node Installing programs, How to set up a realm, What is Kerberos?, Top
+@chapter Installing programs
+
+You have a choise to either build the distribution from source code or
+to install binaries, if they are available for your machine.
+
+@c XXX
+
+We recommend building from sources, but using pre-compiled binaries
+might be easier.  If there are no binaries available for your machine or
+you want to do some specific configuration, you will have to compile
+from source.
+
+@menu
+* Installing from source::      
+* Installing a binary distribution::  
+* Finishing the installation::  
+* .klogin::
+* Authentication modules::      
+@end menu
+
+@node Installing from source, Installing a binary distribution, Installing programs, Installing programs
+@comment  node-name,  next,  previous,  up
+@section Installing from source
+
+To build this software un-tar the distribution and run the
+@code{configure} script.
+
+To compile successfully, you will need an ANSI C compiler, such as
+@code{gcc}. Other compilers might also work, but setting the ``ANSI
+compliance'' too high, might break in parts of the code, not to mention
+the standard include files.
+
+To build in a separate build tree, run @code{configure} in the directory
+where the tree should reside.  You will need a Make that understands
+VPATH correctly.  GNU Make works fine.
+
+After building everything (which will take anywhere from a few minutes
+to a long time), you can install everything in @file{/usr/athena} with
+@kbd{make install} (running as root). It is possible to install in some
+other place, but it isn't recommended. To do this you will have to run
+@code{configure} with @samp{--prefix=/my/path}.
+
+If you need to change the default behavior, configure understands the
+following options:
+
+@table @asis
+@item @kbd{--enable-shared}
+Create shared versions of the Kerberos libraries. Not really
+recommended and might not work on all systems.
+
+@item @kbd{--with-ld-flags=}@var{flags}
+This allows you to specify which extra flags to pass to @code{ld}. Since
+this @emph{overrides} any choices made by configure, you should only use
+this if you know what you are doing.
+
+@item @kbd{--with-cracklib=}@var{dir}
+Use cracklib for password quality control in 
+@pindex kadmind
+@code{kadmind}. This option requires 
+@cindex cracklib
+cracklib with the patch from
+@url{ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch}.
+
+@item @kbd{--with-dictpath=}@var{dictpath}
+This is the dictionary that cracklib should use.
+
+@item @kbd{--with-socks=}@var{dir}
+@cindex firewall
+@cindex socks
+If you have to traverse a firewall and it uses the SocksV5 protocol
+(@cite{RFC 1928}), you can build with socks-support.  Point @var{dir} to
+the directory where you have socks5 installed.  For more information
+about socks see @url{http://www.socks.nec.com/}.
+
+@item @kbd{--with-readline=}@var{dir}
+@cindex readline
+To enable history/line editing in @code{ftp} and @code{kadmin}, any
+present version of readline will be used.  If you have readline
+installed but in a place where configure does not manage to find it,
+you can use this option.  The code also looks for @code{libedit}.  If
+there is no library at all, the bundled version of @code{editline} will
+be used.
+
+@item @kbd{--with-mailspool=}@var{dir}
+The configuration process tries to determine where your machine stores
+its incoming mail.  This is typically @file{/usr/spool/mail} or
+@file{/var/mail}.  If it does not work or you store your mail in some
+unusual directory, this option can be used to specify where the mail
+spool directory is located.  This directory is only accessed by
+@pindex popper
+@code{popper}, and the mail check in
+@pindex login
+@code{login}.
+
+@item @kbd{--with-hesiod=}@var{dir}
+@cindex Hesiod
+Enable the Hesiod support in
+@pindex push
+@code{push}.  With this option, it will try
+to use the hesiod library to locate the mail post-office for the user.
+
+@c @item @kbd{--enable-random-mkey}
+@c Do not use this option unless you think you know what you are doing.
+
+@item @kbd{--with-mkey=}@var{file}
+Put the master key here, the default is @file{/.k}.
+
+@item @kbd{--with-db-dir=}@var{dir}
+Where the kerberos database should be stored.  The default is
+@file{/var/kerberos}.
+
+@item @kbd{--without-berkeley-db}
+If you have
+@cindex Berkeley DB
+Berkeley DB installed, it is preferred over
+@c XXX
+dbm. If you already are running Kerberos this option might be useful,
+since there currently isn't an easy way to convert a dbm database to a
+db one (you have to dump the old database and then load it with the new
+binaries).
+
+@item @kbd{--without-afs-support}
+Do not include AFS support.
+
+@item @kbd{--with-afsws=}@var{dir}
+Where your AFS client installation resides.  The default is
+@file{/usr/afsws}.
+
+@item @kbd{--enable-rxkad}
+Build the rxkad library.  Normally automatically included if there is AFS.
+
+@item @kbd{--disable-dynamic-afs}
+The AFS support in AIX consists of a shared library that is loaded at
+runtime. This option disables this, and links with static system
+calls. Doing this will make the built binaries crash on a machine that
+doesn't have AFS in the kernel (for instance if the AFS module fails to
+load at boot).
+
+@item @kbd{--with-mips-api=}@var{api}
+This option enables creation of different types of binaries on Irix.
+The allowed values are @kbd{32}, @kbd{n32}, and @kbd{64}.
+
+@item @kbd{--enable-legacy-kdestroy}
+This compile-time option creates a @code{kdestroy} that does not destroy
+any AFS tokens.
+
+@item @kbd{--disable-otp}
+Do not build the OTP (@pxref{One-Time Passwords}) library and programs,
+and do not include OTP support in the application programs.
+
+@item @kbd{--enable-match-subdomains}
+Normally, the host @samp{host.domain} will be considered to be part of
+the realm @samp{DOMAIN}.  With this option will also enable hosts of the
+form @samp{host.sub.domain}, @samp{host.sub1.sub2.domain}, and so on to
+be considered part of the realm @samp{DOMAIN}.
+
+@item @kbd{--enable-osfc2}
+Enable the use of enhanced C2 security on OSF/1. @xref{Digital SIA}.
+
+@item @kbd{--disable-mmap}
+Do not use the mmap system call.  Normally, configure detects if there
+is a working mmap and it is only used if there is one.  Only try this
+option if it fails to work anyhow.
+
+@item @kbd{--disable-cat-manpages}
+Do not install preformatted man pages.
+
+@c --with-des-quad-checksum
+
+@end table
+
+@node Installing a binary distribution, Finishing the installation, Installing from source, Installing programs
+@comment  node-name,  next,  previous,  up
+@section Installing a binary distribution
+
+The binary distribution is supposed to be installed in
+@file{/usr/athena}, installing in some other place may work but is not
+recommended.  A symlink from @file{/usr/athena} to the install directory
+should be fine.
+
+@node Finishing the installation, .klogin, Installing a binary distribution, Installing programs
+@section Finishing the installation
+
+@pindex su
+The only program that needs to be installed setuid to root is @code{su}.
+
+If 
+@pindex rlogin
+@pindex rsh
+@code{rlogin} and @code{rsh} are setuid to root they will fall back to
+non-kerberised protocols if the kerberised ones fail for some
+reason. The old protocols use reserved ports as security, and therefore
+the programs have to be setuid to root. If you don't need this
+functionality consider turning off the setuid bit.
+
+@pindex login
+@code{login} does not have to be setuid, as it is always run by root
+(users should use @code{su} rather than @code{login}).  It will print a
+helpful message when not setuid to root and run by a user.
+
+The programs intended to be run by users are located in
+@file{/usr/athena/bin}.  Inform your users to include
+@file{/usr/athena/bin} in their paths, or copy or symlink the binaries
+to some good place.  The programs that you will want to use are:
+@code{kauth}/@code{kinit},
+@pindex kauth
+@pindex kinit
+@code{klist}, @code{kdestroy}, @code{kpasswd}, @code{ftp},
+@pindex klist
+@pindex kdestroy
+@pindex kpasswd
+@pindex ftp
+@code{telnet}, @code{rcp}, @code{rsh}, @code{rlogin}, @code{su},
+@pindex telnet
+@pindex rcp
+@pindex rsh
+@pindex rlogin
+@pindex su
+@pindex xnlock
+@pindex afslog
+@pindex pagsh
+@pindex rxtelnet
+@pindex tenletxr
+@pindex rxterm
+@code{rxtelnet}, @code{tenletxr}, @code{rxterm}, and
+@code{xnlock}. If you are using AFS, @code{afslog} and @code{pagsh}
+might also be useful.  Administrators will want to use @code{kadmin} and
+@code{ksrvutil}, which are located in @file{/usr/athena/sbin}.
+@pindex kadmin
+@pindex ksrvutil
+
+@code{telnetd} and @code{rlogind} assume that @code{login} is located in
+@file{/usr/athena/bin} (or whatever path you used as
+@samp{--prefix}). If for some reason you want to move @code{login}, you
+will have to specify the new location with the @samp{-L} switch when
+configuring
+@pindex telnetd
+telnetd
+and
+@pindex rlogind
+rlogind
+in @file{inetd.conf}.
+
+It should be possible to replace the system's default @code{login} with
+the kerberised @code{login}.  However some systems assume that login
+performs some serious amount of magic that our login might not do (although
+we've tried to do our best). So before replacing it on every machine,
+try and see what happens.  Another thing to try is to use one of the
+authentication modules (@pxref{Authentication modules}) supplied.
+
+The @code{login} program that we use was in an earlier life the standard
+login program from NetBSD. In order to use it with a lot of weird
+systems, it has been ``enhanced'' with features from many other logins
+(Solaris, SunOS, IRIX, AIX, and others).  Some of these features are
+actually useful and you might want to use them even on other systems.
+
+@table @file
+@item /etc/fbtab
+@pindex fbtab
+@itemx /etc/logindevperm
+@pindex logindevperm
+Allows you to chown some devices when a user logs in on a certain
+terminal.  Commonly used to change the ownership of @file{/dev/mouse},
+@file{/dev/kbd}, and other devices when someone logs in on
+@file{/dev/console}.
+
+@file{/etc/fbtab} is the SunOS file name and it is tried first.  If
+there is no such file then the Solaris file name
+@file{/etc/logindevperm} is tried.
+@item /etc/environment
+@pindex environment
+This file specifies what environment variables should be set when a user
+logs in. (AIX-style)
+@item /etc/default/login
+@pindex default/login
+Almost the same as @file{/etc/environment}, but the System V style.
+@item /etc/login.access
+@pindex login.access
+Can be used to control who is allowed to login from where and on what
+ttys. (From Wietse Venema)
+@end table
+
+@menu
+* .klogin::
+* Authentication modules::      
+@end menu
+
+@node .klogin, Authentication modules, Finishing the installation, Installing programs
+@comment  node-name,  next,  previous,  up
+
+Each user can have an authorization file @file{~@var{user}/.klogin}
+@pindex .klogin
+that
+determines what principals can login as that user.  It is similar to the
+@file{~user/.rhosts} except that it does not use IP and privileged-port
+based authentication.  If this file does not exist, the user herself
+@samp{user@@LOCALREALM} will be allowed to login.  Supplementary local
+realms (@pxref{Install the configuration files}) also apply here.  If the
+file exists, it should contain the additional principals that are to
+be allowed to login as the local user @var{user}.
+
+This file is consulted by most of the daemons (@code{rlogind},
+@code{rshd}, @code{ftpd}, @code{telnetd}, @code{popper}, @code{kauthd}, and
+@code{kxd})
+@pindex rlogind
+@pindex rshd
+@pindex ftpd
+@pindex telnetd
+@pindex popper
+@pindex kauthd
+@pindex kxd
+to determine if the
+principal requesting a service is allowed to receive it.  It is also
+used by
+@pindex su
+@code{su}, which is a good way of keeping an access control list (ACL)
+on who is allowed to become root.  Assuming that @file{~root/.klogin}
+contains:
+
+@example
+nisse.root@@FOO.SE
+lisa.root@@FOO.SE
+@end example
+
+both nisse and lisa will be able to su to root by entering the password
+of their root instance.  If that fails or if the user is not listed in
+@file{~root/.klogin}, @code{su} falls back to the normal policy of who
+is permitted to su.  Also note that that nisse and lisa can login
+with e.g. @code{telnet} as root provided that they have tickets for
+their root instance.
+
+@node  Authentication modules, , .klogin, Installing programs
+@comment  node-name,  next,  previous,  up
+@section Authentication modules
+The problem of having different authentication mechanisms has been
+recognised by several vendors, and several solutions has appeared. In
+most cases these solutions involve some kind of shared modules that are
+loaded at run-time.  Modules for some of these systems can be found in
+@file{lib/auth}.  Presently there are modules for Digital's SIA,
+Solaris' and Linux' PAM, and IRIX' @code{login} and @code{xdm} (in
+@file{lib/auth/afskauthlib}).
+
+@menu
+* Digital SIA::                 
+* IRIX::                        
+* PAM::                         
+@end menu
+
+@node Digital SIA, IRIX, Authentication modules, Authentication modules
+@subsection Digital SIA
+
+To install the SIA module you will have to do the following:
+
+@itemize @bullet
+
+@item
+Make sure @file{libsia_krb4.so} is available in
+@file{/usr/athena/lib}. If @file{/usr/athena} is not on local disk, you
+might want to put it in @file{/usr/shlib} or someplace else. If you do,
+you'll have to edit @file{krb4_matrix.conf} to reflect the new location
+(you will also have to do this if you installed in some other directory
+than @file{/usr/athena}). If you built with shared libraries, you will
+have to copy the shared @file{libkrb.so}, @file{libdes.so},
+@file{libkadm.so}, and @file{libkafs.so} to a place where the loader can
+find them (such as @file{/usr/shlib}).
+@item
+Copy (your possibly edited) @file{krb4_matrix.conf} to @file{/etc/sia}.
+@item
+Apply @file{security.patch} to @file{/sbin/init.d/security}.
+@item
+Turn on KRB4 security by issuing @kbd{rcmgr set SECURITY KRB4} and
+@kbd{rcmgr set KRB4_MATRIX_CONF krb4_matrix.conf}.
+@item
+Digital thinks you should reboot your machine, but that really shouldn't
+be necessary.  It's usually sufficient just to run
+@kbd{/sbin/init.d/security start} (and restart any applications that use
+SIA, like @code{xdm}.)
+@end itemize
+
+Users with local passwords (like @samp{root}) should be able to login
+safely.
+
+When using Digital's xdm the @samp{KRBTKFILE} environment variable isn't
+passed along as it should (since xdm zaps the environment). Instead you
+have to set @samp{KRBTKFILE} to the correct value in
+@file{/usr/lib/X11/xdm/Xsession}. Add a line similar to
+@example
+KRBTKFILE=/tmp/tkt`id -u`_`ps -o ppid= -p $$`; export KRBTKFILE
+@end example
+If you use CDE, @code{dtlogin} allows you to specify which additional
+environment variables it should export. To add @samp{KRBTKFILE} to this
+list, edit @file{/usr/dt/config/Xconfig}, and look for the definition of
+@samp{exportList}. You want to add something like:
+@example
+Dtlogin.exportList:     KRBTKFILE
+@end example
+
+@subsubheading Notes to users with Enhanced security
+
+Digital's @samp{ENHANCED} (C2) security, and Kerberos solves two
+different problems. C2 deals with local security, adds better control of
+who can do what, auditing, and similar things. Kerberos deals with
+network security.
+
+To make C2 security work with Kerberos you will have to do the
+following.
+
+@itemize @bullet
+@item
+Replace all occurencies of @file{krb4_matrix.conf} with
+@file{krb4+c2_matrix.conf} in the directions above.
+@item
+You must enable ``vouching'' in the @samp{default} database.  This will
+make the OSFC2 module trust other SIA modules, so you can login without
+giving your C2 password. To do this use @samp{edauth} to edit the
+default entry @kbd{/usr/tcb/bin/edauth -dd default}, and add a
+@samp{d_accept_alternate_vouching} capability, if not already present.
+@item
+For each user that does @emph{not} have a local C2 password, you should
+set the password expiration field to zero. You can do this for each
+user, or in the @samp{default} table. To do this use @samp{edauth} to
+set (or change) the @samp{u_exp} capability to @samp{u_exp#0}.
+@item
+You also need to be aware that the shipped @file{login}, @file{rcp}, and
+@file{rshd}, doesn't do any particular C2 magic (such as checking to
+various forms of disabled accounts), so if you rely on those features,
+you shouldn't use those programs. If you configure with
+@samp{--enable-osfc2}, these programs will, however, set the login
+UID. Still: use at your own risk.
+@end itemize
+
+At present @samp{su} does not accept the vouching flag, so it will not
+work as expected.
+
+Also, kerberised ftp will not work with C2 passwords. You can solve this
+by using both Digital's ftpd and our on different ports.
+
+@strong{Remember}, if you do these changes you will get a system that
+most certainly does @emph{not} fulfill the requirements of a C2
+system. If C2 is what you want, for instance if someone else is forcing
+you to use it, you're out of luck.  If you use enhanced security because
+you want a system that is more secure than it would otherwise be, you
+probably got an even more secure system. Passwords will not be sent in
+the clear, for instance.
+
+@node IRIX, PAM, Digital SIA, Authentication modules
+@subsection IRIX
+
+The IRIX support is a module that is compatible with Transarc's
+@file{afskauthlib.so}.  It should work with all programs that use this
+library, this should include @file{login} and @file{xdm}.
+
+The interface is not very documented but it seems that you have to copy
+@file{libkafs.so}, @file{libkrb.so}, and @file{libdes.so} to
+@file{/usr/lib}, or build your @file{afskauthlib.so} statically.
+
+The @file{afskauthlib.so} itself is able to reside in
+@file{/usr/vice/etc}, @file{/usr/afsws/lib}, or the current directory
+(wherever that is).
+
+IRIX 6.4 and newer seems to have all programs (including @file{xdm} and
+@file{login}) in the N32 object format, whereas in older versions they
+were O32. For it to work, the @file{afskauthlib.so} library has to be in
+the same object format as the program that tries to load it. This might
+require that you have to configure and build for O32 in addition to the
+default N32.
+
+Appart from this it should ``just work'', there are no configuration
+files.
+
+@node PAM,  , IRIX, Authentication modules
+@subsection PAM
+
+The PAM module was written more out of curiosity that anything else. It
+has not been updated for quite a while, but it seems to mostly work on
+both Linux and Solaris.
+
+To use this module you should:
+
+@itemize @bullet
+@item
+Make sure @file{pam_krb4.so} is available in @file{/usr/athena/lib}. You
+might actually want it on local disk, so @file{/lib/security} might be a
+better place if @file{/usr/athena} is not local.
+@item
+Look at @file{pam.conf.add} for examples of what to add to
+@file{/etc/pam.conf}.
+@end itemize
+
+There is currently no support for changing kerberos passwords. Use
+kpasswd instead.
+
+See also Derrick J Brashear's @code{<shadow@@dementia.org>} Kerberos PAM
+module at @* @url{ftp://ftp.dementia.org/pub/pam}. It has a lot more
+features, and it is also more in line with other PAM modules.
diff --git a/crypto/kerberosIV/doc/intro.texi b/crypto/kerberosIV/doc/intro.texi
new file mode 100644
index 0000000..7a28533
--- /dev/null
+++ b/crypto/kerberosIV/doc/intro.texi
@@ -0,0 +1,41 @@
+@node Introduction, What is Kerberos?, Top, Top
+@comment  node-name,  next,  previous,  up
+@chapter Introduction
+
+This is an attempt at documenting the Kerberos 4 distribution from
+Kungliga Tekniska H�gskolan (the Royal Institute of Technology in
+Stockholm, Sweden). This distribution is based on eBones, but has been
+improved in many ways. It is more portable, and several new features
+have been added. It should run on any reasonably modern unix-like
+system.
+
+In addition, some part compile and work on:
+
+@itemize @bullet
+@item
+OS/2 with EMX
+@item
+Windows 95/NT with gnu-win32 (with the proper amount of magic the
+libraries should compile with Microsoft C as well)
+@end itemize
+
+It should work on anything that is almost POSIX, has an ANSI C
+compiler, a dbm library (for the server side), and BSD Sockets.
+
+A web-page is available at @url{http://www.pdc.kth.se/kth-krb/}.
+
+@heading Bug reports
+
+If you cannot build the programs or they do not behave as you think they
+should, please send us a bug report.  The bug report should be sent to
+@code{<kth-krb-bugs@@pdc.kth.se>}.  Please include information on what
+machine and operating system (including version) you are running, what
+you are trying to do, what happens, what you think should have happened,
+an example for us to repeat, the output you get when trying the example,
+and a patch for the problem if you have one.  Please make any patches
+with @code{diff -u} or @code{diff -c}.  The more detailed the bug report
+is, the easier it will be for us to reproduce, understand, and fix it.
+
+Suggestions, comments and other non bug reports are welcome.  Send them
+to @code{<kth-krb@@pdc.kth.se>}.
+
diff --git a/crypto/kerberosIV/doc/kth-krb.texi b/crypto/kerberosIV/doc/kth-krb.texi
new file mode 100644
index 0000000..7898dff
--- /dev/null
+++ b/crypto/kerberosIV/doc/kth-krb.texi
@@ -0,0 +1,303 @@
+\input texinfo @c -*- texinfo -*-
+@c %**start of header
+@c $Id: kth-krb.texi,v 1.80 1999/12/02 16:58:35 joda Exp $
+@c $FreeBSD$
+@setfilename kth-krb.info
+@settitle KTH-KRB
+@iftex
+@afourpaper
+@end iftex
+@c some sensible characters, please?
+@tex
+\input latin1.tex
+@end tex
+@setchapternewpage on
+@syncodeindex pg cp
+@c %**end of header
+
+@ifinfo
+@dircategory Kerberos
+@direntry
+* Kth-krb: (kth-krb).           The Kerberos IV distribution from KTH
+@end direntry
+@end ifinfo
+
+@c title page
+@titlepage
+@title KTH-KRB
+@subtitle Kerberos 4 from KTH
+@subtitle For release 0.10.
+@subtitle 1999
+@author Johan Danielsson
+@author Assar Westerlund
+@author last updated $Date: 1999/12/02 16:58:35 $
+
+@def@copynext{@vskip 20pt plus 1fil@penalty-1000}
+@def@copyrightstart{}
+@def@copyrightend{}
+@page
+@copyrightstart
+Copyright (c) 1995-1999 Kungliga Tekniska H�gskolan 
+(Royal Institute of Technology, Stockholm, Sweden).
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the Institute nor the names of its contributors
+   may be used to endorse or promote products derived from this software
+   without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+@copynext
+
+Copyright (C) 1995 Eric Young (eay@@mincom.oz.au)
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+   This product includes software developed by Eric Young (eay@@mincom.oz.au)
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+@copynext
+
+Copyright (c) 1983, 1990 The Regents of the University of California.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+     This product includes software developed by the University of
+     California, Berkeley and its contributors.
+
+4. Neither the name of the University nor the names of its contributors
+   may be used to endorse or promote products derived from this software
+   without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+@copynext
+
+Copyright (C) 1990 by the Massachusetts Institute of Technology
+
+Export of this software from the United States of America is assumed
+to require a specific license from the United States Government.
+It is the responsibility of any person or organization contemplating
+export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+@copynext
+
+Copyright 1987, 1989 by the Student Information Processing Board
+	of the Massachusetts Institute of Technology
+
+Permission to use, copy, modify, and distribute this software
+and its documentation for any purpose and without fee is
+hereby granted, provided that the above copyright notice
+appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation,
+and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+used in advertising or publicity pertaining to distribution
+of the software without specific, written prior permission.
+M.I.T. and the M.I.T. S.I.P.B. make no representations about
+the suitability of this software for any purpose.  It is
+provided "as is" without express or implied warranty.
+
+@copynext
+
+Copyright 1992 Simmule Turner and Rich Salz.  All rights reserved. 
+
+This software is not subject to any license of the American Telephone 
+and Telegraph Company or of the Regents of the University of California. 
+
+Permission is granted to anyone to use this software for any purpose on
+any computer system, and to alter it and redistribute it freely, subject
+to the following restrictions:
+
+1. The authors are not responsible for the consequences of use of this
+   software, no matter how awful, even if they arise from flaws in it.
+
+2. The origin of this software must not be misrepresented, either by
+   explicit claim or by omission.  Since few users ever read sources,
+   credits must appear in the documentation.
+
+3. Altered versions must be plainly marked as such, and must not be
+   misrepresented as being the original software.  Since few users
+   ever read sources, credits must appear in the documentation.
+
+4. This notice may not be removed or altered.
+
+@copyrightend
+@end titlepage
+
+@c Less filling! Tastes great!
+@iftex
+@parindent=0pt
+@global@parskip 6pt plus 1pt
+@global@chapheadingskip = 15pt plus 4pt minus 2pt 
+@global@secheadingskip = 12pt plus 3pt minus 2pt
+@global@subsecheadingskip = 9pt plus 2pt minus 2pt
+@end iftex
+@ifinfo
+@paragraphindent 0
+@end ifinfo
+
+@ifinfo
+@node Top, Introduction, (dir), (dir)
+@top KTH-krb
+@end ifinfo
+
+@menu
+* Introduction::                
+* What is Kerberos?::           
+* Installing programs::         
+* How to set up a realm::       
+* One-Time Passwords::          
+* Resolving frequent problems::  
+* Acknowledgments::             
+* Index::                       
+
+@detailmenu
+ --- The Detailed Node Listing ---
+
+Installing programs
+
+* Installing from source::      
+* Installing a binary distribution::  
+* Finishing the installation::  
+* Authentication modules::      
+
+Finishing the installation
+
+* Authentication modules::      
+
+Authentication modules
+
+* Digital SIA::                 
+* IRIX::                        
+* PAM::                         
+
+How to set up a realm
+
+* How to set up the kerberos server::  
+* Install the client programs::  
+* Install the kerberised services::  
+* Install a slave kerberos server::  
+* Cross-realm functionality ::  
+
+How to set up the kerberos server
+
+* Choose a realm name::         
+* Choose a kerberos server::    
+* Install the configuration files::  
+* Install the /etc/services::   
+* Install the kerberos server::  
+* Set up the server::           
+* Add a few important principals::  
+* Start the server::            
+* Try to get tickets::          
+* Create initial ACL for the admin server::  
+* Start the admin server::      
+* Add users to the database::   
+* Automate the startup of the servers::  
+
+One-Time Passwords
+
+* What are one time passwords?::  
+* When to use one time passwords?::  
+* Configuring OTPs::            
+
+Resolving frequent problems
+
+* Problems compiling Kerberos::  
+* Problems with firewalls::     
+* Common error messages::       
+* Is Kerberos year 2000 safe?::  
+
+@end detailmenu
+@end menu
+
+@include intro.texi
+@include whatis.texi
+@include install.texi
+@include setup.texi
+@include otp.texi
+@include problems.texi
+@include ack.texi
+@include index.texi
+
+@c @shortcontents
+@contents
+
+@bye
diff --git a/crypto/kerberosIV/doc/latin1.tex b/crypto/kerberosIV/doc/latin1.tex
new file mode 100644
index 0000000..e683dd2
--- /dev/null
+++ b/crypto/kerberosIV/doc/latin1.tex
@@ -0,0 +1,95 @@
+% ISO Latin 1 (ISO 8859/1) encoding for Computer Modern fonts.
+% Jan Michael Rynning <jmr@nada.kth.se> 1990-10-12
+\def\inmathmode#1{\relax\ifmmode#1\else$#1$\fi}
+\global\catcode`\^^a0=\active \global\let^^a0=~		% no-break space
+\global\catcode`\^^a1=\active \global\def^^a1{!`}		% inverted exclamation mark
+\global\catcode`\^^a2=\active \global\def^^a2{{\rm\rlap/c}}	% cent sign
+\global\catcode`\^^a3=\active \global\def^^a3{{\it\$}}	% pound sign
+% currency sign, yen sign, broken bar
+\global\catcode`\^^a7=\active \global\let^^a7=\S		% section sign
+\global\catcode`\^^a8=\active \global\def^^a8{\"{}}		% diaeresis
+\global\catcode`\^^a9=\active \global\let^^a9=\copyright	% copyright sign
+% feminine ordinal indicator, left angle quotation mark
+\global\catcode`\^^ac=\active \global\def^^ac{\inmathmode\neg}% not sign
+\global\catcode`\^^ad=\active \global\let^^ad=\-		% soft hyphen
+% registered trade mark sign
+\global\catcode`\^^af=\active \global\def^^af{\={}}		% macron
+% ...
+\global\catcode`\^^b1=\active \global\def^^b1{\inmathmode\pm}	% plus minus
+\global\catcode`\^^b2=\active \global\def^^b2{\inmathmode{{^2}}}
+\global\catcode`\^^b3=\active \global\def^^b3{\inmathmode{{^3}}}
+\global\catcode`\^^b4=\active \global\def^^b4{\'{}}		% acute accent
+\global\catcode`\^^b5=\active \global\def^^b5{\inmathmode\mu}	% mu
+\global\catcode`\^^b6=\active \global\let^^b6=\P		% pilcroy
+\global\catcode`\^^b7=\active \global\def^^b7{\inmathmode{{\cdot}}}
+\global\catcode`\^^b8=\active \global\def^^b8{\c{}}		% cedilla
+\global\catcode`\^^b9=\active \global\def^^b9{\inmathmode{{^1}}}
+% ...
+\global\catcode`\^^bc=\active \global\def^^bc{\inmathmode{{1\over4}}}
+\global\catcode`\^^bd=\active \global\def^^bd{\inmathmode{{1\over2}}}
+\global\catcode`\^^be=\active \global\def^^be{\inmathmode{{3\over4}}}
+\global\catcode`\^^bf=\active \global\def^^bf{?`}		% inverted question mark
+\global\catcode`\^^c0=\active \global\def^^c0{\`A}
+\global\catcode`\^^c1=\active \global\def^^c1{\'A}
+\global\catcode`\^^c2=\active \global\def^^c2{\^A}
+\global\catcode`\^^c3=\active \global\def^^c3{\~A}
+\global\catcode`\^^c4=\active \global\def^^c4{\"A}		% capital a with diaeresis
+\global\catcode`\^^c5=\active \global\let^^c5=\AA		% capital a with ring above
+\global\catcode`\^^c6=\active \global\let^^c6=\AE
+\global\catcode`\^^c7=\active \global\def^^c7{\c C}
+\global\catcode`\^^c8=\active \global\def^^c8{\`E}
+\global\catcode`\^^c9=\active \global\def^^c9{\'E}
+\global\catcode`\^^ca=\active \global\def^^ca{\^E}
+\global\catcode`\^^cb=\active \global\def^^cb{\"E}
+\global\catcode`\^^cc=\active \global\def^^cc{\`I}
+\global\catcode`\^^cd=\active \global\def^^cd{\'I}
+\global\catcode`\^^ce=\active \global\def^^ce{\^I}
+\global\catcode`\^^cf=\active \global\def^^cf{\"I}
+% capital eth
+\global\catcode`\^^d1=\active \global\def^^d1{\~N}
+\global\catcode`\^^d2=\active \global\def^^d2{\`O}
+\global\catcode`\^^d3=\active \global\def^^d3{\'O}
+\global\catcode`\^^d4=\active \global\def^^d4{\^O}
+\global\catcode`\^^d5=\active \global\def^^d5{\~O}
+\global\catcode`\^^d6=\active \global\def^^d6{\"O}		% capital o with diaeresis
+\global\catcode`\^^d7=\active \global\def^^d7{\inmathmode\times}% multiplication sign
+\global\catcode`\^^d8=\active \global\let^^d8=\O
+\global\catcode`\^^d9=\active \global\def^^d9{\`U}
+\global\catcode`\^^da=\active \global\def^^da{\'U}
+\global\catcode`\^^db=\active \global\def^^db{\^U}
+\global\catcode`\^^dc=\active \global\def^^dc{\"U}
+\global\catcode`\^^dd=\active \global\def^^dd{\'Y}
+% capital thorn
+\global\catcode`\^^df=\active \global\def^^df{\ss}
+\global\catcode`\^^e0=\active \global\def^^e0{\`a}
+\global\catcode`\^^e1=\active \global\def^^e1{\'a}
+\global\catcode`\^^e2=\active \global\def^^e2{\^a}
+\global\catcode`\^^e3=\active \global\def^^e3{\~a}
+\global\catcode`\^^e4=\active \global\def^^e4{\"a}		% small a with diaeresis
+\global\catcode`\^^e5=\active \global\let^^e5=\aa		% small a with ring above
+\global\catcode`\^^e6=\active \global\let^^e6=\ae
+\global\catcode`\^^e7=\active \global\def^^e7{\c c}
+\global\catcode`\^^e8=\active \global\def^^e8{\`e}
+\global\catcode`\^^e9=\active \global\def^^e9{\'e}
+\global\catcode`\^^ea=\active \global\def^^ea{\^e}
+\global\catcode`\^^eb=\active \global\def^^eb{\"e}
+\global\catcode`\^^ec=\active \global\def^^ec{\`\i}
+\global\catcode`\^^ed=\active \global\def^^ed{\'\i}
+\global\catcode`\^^ee=\active \global\def^^ee{\^\i}
+\global\catcode`\^^ef=\active \global\def^^ef{\"\i}
+% small eth
+\global\catcode`\^^f1=\active \global\def^^f1{\~n}
+\global\catcode`\^^f2=\active \global\def^^f2{\`o}
+\global\catcode`\^^f3=\active \global\def^^f3{\'o}
+\global\catcode`\^^f4=\active \global\def^^f4{\^o}
+\global\catcode`\^^f5=\active \global\def^^f5{\~o}
+\global\catcode`\^^f6=\active \global\def^^f6{\"o}		% small o with diaeresis
+\global\catcode`\^^f7=\active \global\def^^f7{\inmathmode\div}% division sign
+\global\catcode`\^^f8=\active \global\let^^f8=\o
+\global\catcode`\^^f9=\active \global\def^^f9{\`u}
+\global\catcode`\^^fa=\active \global\def^^fa{\'u}
+\global\catcode`\^^fb=\active \global\def^^fb{\^u}
+\global\catcode`\^^fc=\active \global\def^^fc{\"u}
+\global\catcode`\^^fd=\active \global\def^^fd{\'y}
+% capital thorn
+\global\catcode`\^^ff=\active \global\def^^ff{\"y}
diff --git a/crypto/kerberosIV/doc/problems.texi b/crypto/kerberosIV/doc/problems.texi
new file mode 100644
index 0000000..d7a525f
--- /dev/null
+++ b/crypto/kerberosIV/doc/problems.texi
@@ -0,0 +1,342 @@
+@node Resolving frequent problems, Acknowledgments, One-Time Passwords, Top
+@chapter Resolving frequent problems
+
+@menu
+* Problems compiling Kerberos::  
+* Problems with firewalls::     
+* Common error messages::       
+* Is Kerberos year 2000 safe?::  
+@end menu
+
+@node Problems compiling Kerberos, Problems with firewalls, Resolving frequent problems, Resolving frequent problems
+@section Problems compiling Kerberos
+
+Many compilers require a switch to become ANSI compliant. Since krb4
+is written in ANSI C it is necessary to specify the name of the compiler
+to be used and the required switch to make it ANSI compliant. This is
+most easily done when running configure using the @kbd{env} command. For
+instance to build under HP-UX using the native compiler do:
+
+@cartouche
+@example
+datan$ env CC="cc -Ae" ./configure
+@end example
+@end cartouche
+
+@cindex GCC
+In general @kbd{gcc} works. The following combinations have also been
+verified to successfully compile the distribution:
+
+@table @asis
+
+@item @samp{HP-UX}
+@kbd{cc -Ae}
+@item @samp{Digital UNIX}
+@kbd{cc -std1}
+@item @samp{AIX}
+@kbd{xlc}
+@item @samp{Solaris 2.x}
+@kbd{cc} (unbundled one)
+@item @samp{IRIX}
+@kbd{cc}
+
+@end table
+
+@subheading Linux problems
+
+The libc functions gethostby*() under RedHat4.2 can sometimes cause
+core dumps. If you experience these problems make sure that the file
+@file{/etc/nsswitch.conf} contains a hosts entry no more complex than
+the line
+
+@cartouche
+hosts: files dns
+@end cartouche
+
+Some systems have lost @file{/usr/include/ndbm.h} which is necessary to
+build krb4 correctly. There is a @file{ndbm.h.Linux} right next to
+the source distribution.
+
+@cindex Linux
+There has been reports of non-working @file{libdb} on some Linux
+distributions.  If that happens, use the @kbd{--without-berkeley-db}
+when configuring.
+
+@subheading SunOS 5 (aka Solaris 2) problems
+
+@cindex SunOS 5
+
+When building shared libraries and using some combinations of GNU gcc/ld
+you better set the environment variable RUN_PATH to /usr/athena/lib
+(your target libdir). If you don't, then you will have to set
+LD_LIBRARY_PATH during runtime and the PAM module will not work.
+
+@subheading HP-UX problems
+
+@cindex HP-UX
+The shared library @file{/usr/lib/libndbm.sl} doesn't exist on all
+systems.  To make problems even worse, there is never an archive version
+for static linking either. Therefore, when building ``truly portable''
+binaries first install GNU gdbm or Berkeley DB, and make sure that you
+are linking against that library.
+
+@subheading Cray problems
+
+@kbd{rlogind} won't work on Crays until @code{forkpty()} has been
+ported, in the mean time use @kbd{telnetd}.
+
+@subheading IRIX problems
+
+@cindex IRIX
+
+IRIX has three different ABI:s (Application Binary Interface), there's
+an old 32 bit interface (known as O32, or just 32), a new 32 bit
+interface (N32), and a 64 bit interface (64). O32 and N32 are both 32
+bits, but they have different calling conventions, and alignment
+constraints, and similar. The N32 format is the default format from IRIX
+6.4.
+
+You select ABI at compile time, and you can do this with the
+@samp{--with-mips-abi} configure option. The valid arguments are
+@samp{o32}, @samp{n32}, and @samp{64}, N32 is the default. Libraries for
+the three different ABI:s are normally installed installed in different
+directories (@samp{lib}, @samp{lib32}, and @samp{lib64}). If you want
+more than one set of libraries you have to reconfigure and recompile for
+each ABI, but you should probably install only N32 binaries.
+
+@cindex GCC
+GCC had had some known problems with the different ABI:s. Old GCC could
+only handle O32, newer GCC can handle N32, and 64, but not O32, but in
+some versions of GCC the structure alignment was broken in N32.
+
+This confusion with different ABI:s can cause some trouble. For
+instance, the @file{afskauthlib.so} library has to use the same ABI as
+@file{xdm}, and @file{login}. The easiest way to check what ABI to use
+is to run @samp{file} on @file{/usr/bin/X11/xdm}.
+
+@cindex AFS
+Another problem that you might encounter if you run AFS is that Transarc
+apparently doesn't support the 64-bit ABI, and because of this you can't
+get tokens with a 64 bit application. If you really need to do this,
+there is a kernel module that provides this functionality at
+@url{ftp://ftp.pdc.kth.se/home/joda/irix-afs64.tar.gz}.
+
+@subheading AIX problems
+
+@cindex GCC
+@kbd{gcc} version 2.7.2.* has a bug which makes it miscompile
+@file{appl/telnet/telnetd/sys_term.c} (and possibily
+@file{appl/bsd/forkpty.c}), if used with too much optimization.
+
+Some versions of the @kbd{xlc} preprocessor doesn't recognise the
+(undocumented) @samp{-qnolm} option. If this option is passed to the
+preprocessor (like via the configuration file @file{/etc/ibmcxx.cfg},
+configure will fail.
+
+The solution is to remove this option from the configuration file,
+either globally, or for just the preprocessor:
+
+@example
+$ cp /etc/ibmcxx.cfg /tmp
+$ed /tmp/ibmcxx.cfg
+8328
+/nolm
+        options   = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000,-qnolm
+s/,-qnolm//p 
+        options   = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000
+w
+8321
+q
+$ env CC=xlc CPP="xlc -E -F/tmp/ibmcxx.cfg" configure
+@end example
+
+There is a bug in AFS 3.4 version 5.38 for AIX 4.3 that causes the
+kernel to panic in some cases. There is a hack for this in @kbd{login},
+but other programs could be affected also. This seems to be fixed in
+version 5.55.
+
+@subheading C2 problems
+
+@cindex C2
+The programs that checks passwords works with @file{passwd}, OTP, and
+Kerberos paswords. This is problem if you use C2 security (or use some
+other password database), that normally keeps passwords in some obscure
+place. If you want to use Kerberos with C2 security you will have to
+think about what kind of changes are necessary. See also the discussion
+about Digital's SIA and C2 security, see @ref{Digital SIA}.
+
+@node Problems with firewalls, Common error messages, Problems compiling Kerberos, Resolving frequent problems
+@section Problems with firewalls
+
+@cindex firewall
+A firewall is a network device that filters out certain types of packets
+going from one side of the firewall to the other. A firewall is supposed
+to solve the same kinds of problems as Kerberos (basically hindering
+unauthorised network use). The difference is that Kerberos tries to
+authenticate users, while firewall splits the network in a `secure'
+inside, and an `insecure' outside. 
+
+Firewall people usually think that UDP is insecure, partly because many
+`insecure' protocols use UDP. Since Kerberos by default uses UDP to send
+and recieve packets, Kerberos and firewalls doesn't work very well
+together.
+
+The symptoms of trying to use Kerberos behind a firewall is that you
+can't get any tickets (@code{kinit} exits with the infamous @samp{Can't
+send request} error message).
+
+There are a few ways to solve these problems:
+
+@itemize @bullet
+@item 
+Convince your firewall administrator to open UDP port 750 or 88 for
+incoming packets. This usually turns out to be difficult.
+@item 
+Convince your firewall administrator to open TCP port 750 or 88 for
+outgoing connections. This can be a lot easier, and might already be
+enabled.
+@item 
+Use TCP connections over some non-standard port. This requires that you
+have to convince the administrator of the kerberos server to allow
+connections on this port.
+@item 
+@cindex HTTP
+Use HTTP to get tickets. Since web-stuff has become almost infinitely
+popular, many firewalls either has the HTTP port open, or has a HTTP
+proxy.
+@end itemize
+
+The last two methods might be considered to be offensive (since you are
+not sending the `right' type of data in each port). You probably do best
+in discussuing this with firewall administrator.
+
+For information on how to use other protocols when communication with
+KDC, see @ref{Install the configuration files}.
+
+It is often the case that the firewall hides addresses on the `inside',
+so it looks like all packets are coming from the firewall. Since address
+of the client host is encoded in the ticket, this can cause trouble. If
+you get errors like @samp{Incorrect network address}, when trying to use
+the ticket, the problem is usually becuase the server you are trying to
+talk to sees a different address than the KDC did. If you experience
+this kind of trouble, the easiest way to solve them is probably to try
+some other mechanism to fetch tickets. You might also be able to
+convince the administrator of the server that the two different
+addresses should be added to the @file{/etc/krb.equiv} file.
+
+@node Common error messages, Is Kerberos year 2000 safe?, Problems with firewalls, Resolving frequent problems
+@section Common error messages
+
+These are some of the more obscure error messages you might encounter:
+
+@table @asis
+
+@item @samp{Time is out of bounds}
+
+The time on your machine differs from the time on either the kerberos
+server or the machine you are trying to login to. If it isn't obvious
+that this is the case, remember that all times are compared in UTC.
+
+On unix systems you usually can find out what the local time is by doing
+@code{telnet machine daytime}. This time (again, usually is the keyword)
+is with correction for time-zone and daylight savings.
+
+If you have problem keeping your clocks synchronized, consider using a
+time keeping system such as NTP (see also the discussion in
+@ref{Install the client programs}).
+
+@item @samp{Ticket issue date too far in the future}
+
+The time on the kerberos server is more than five minutes ahead of the
+time on the server.
+
+@item @samp{Can't decode authenticator}
+
+This means that there is a mismatch between the service key in the
+kerberos server and the service key file on the specific machine.
+Either:
+@itemize @bullet
+@item
+the server couldn't find a service key matching the request
+@item
+the service key (or version number) does not match the key the packet
+was encrypted with
+@end itemize
+
+@item @samp{Incorrect network address}
+
+The address in the ticket does not match the address you sent the
+request from. This happens on systems with more than one network
+address, either physically or logically. You can list addresses which
+should be considered equal in @file{/etc/krb.equiv} on your servers. 
+
+A note to programmers: a server should not pass @samp{*} as the instance
+to @samp{krb_rd_req}. It should try to figure out on which interface the
+request was received, for instance by using @samp{k_getsockinst}.
+
+If you change addresses on your computer you invalidate any tickets you
+might have. The easiest way to fix this is to get new tickets with the
+new address.
+
+@item @samp{Message integrity error}
+
+The packet is broken in some way:
+@itemize @bullet
+@item
+the lengths does not match the size of the packet, or
+@item
+the checksum does not match the contents of the packet
+@end itemize
+
+@item @samp{Can't send request}
+There is some problem contacting the kerberos server. Either the server
+is down, or it is using the wrong port (compare the entries for
+@samp{kerberos-iv} in @file{/etc/services}). The client might also have
+failed to guess what kerberos server to talk to (check
+@file{/etc/krb.conf} and @file{/etc/krb.realms}).
+
+One reason you can't contact the kerberos server might be because you're
+behind a firewall that doesn't allow kerberos packets to pass. For
+possible solutions to this see the firewall section above.
+
+@item @samp{kerberos: socket: Unable to open socket...}
+
+The kerberos server has to open four sockets for each interface.  If you
+have a machine with lots of virtual interfaces, you run the risk of
+running out of file descriptors.  If that happens you will get this
+error message.
+
+@item @samp{ftp: User foo access denied}
+
+This usually happens because the user's shell is not listed in
+@file{/etc/shells}.  Note that @kbd{ftpd} checks this file even on
+systems where the system version does not and there is no
+@file{/etc/shells}.
+
+@item @samp{Generic kerberos error}
+This is a generic catch-all error message.
+
+@end table
+
+@node Is Kerberos year 2000 safe?,  , Common error messages, Resolving frequent problems
+@section Is Kerberos year 2000 safe?
+
+@cindex Year 2000
+
+Yes.
+
+A somewhat longer answer is that we can't think of anything that can
+break. The protocol itself doesn't use time stamps in textual form, the
+two-digit year problems in the original MIT code has been fixed (this
+was a problem mostly with log files). The FTP client had a bug in the
+command `newer' (which fetches a file if it's newer than what you
+already got).
+
+Another thing to look out for, but that isn't a Y2K problem per se, is
+the expiration date of old principals. The MIT code set the default
+expiration date for some new principals to 1999-12-31, so you might want
+to check your database for things like this.
+
+Now, the Y2038 problem is something completely different (but the
+authors should have retired by then, presumably growing rowanberrys in
+some nice and warm place).
diff --git a/crypto/kerberosIV/doc/setup.texi b/crypto/kerberosIV/doc/setup.texi
new file mode 100644
index 0000000..24a955d
--- /dev/null
+++ b/crypto/kerberosIV/doc/setup.texi
@@ -0,0 +1,905 @@
+@node How to set up a realm, One-Time Passwords, Installing programs, Top
+@chapter How to set up a realm
+
+@quotation
+@flushleft
+	Who willed you? or whose will stands but mine?
+	There's none protector of the realm but I.
+	Break up the gates, I'll be your warrantize.
+	Shall I be flouted thus by dunghill grooms?
+        --- King Henry VI, 6.1
+@end flushleft
+@end quotation
+
+@menu
+* How to set up the kerberos server::  
+* Install the client programs::  
+* Install the kerberised services::  
+* Install a slave kerberos server::  
+* Cross-realm functionality ::  
+@end menu
+
+@node How to set up the kerberos server, Install the client programs, How to set up a realm, How to set up a realm
+@section How to set up the kerberos server
+
+@menu
+* Choose a realm name::         
+* Choose a kerberos server::    
+* Install the configuration files::  
+* Install the /etc/services::   
+* Install the kerberos server::  
+* Set up the server::           
+* Add a few important principals::  
+* Start the server::            
+* Try to get tickets::          
+* Create initial ACL for the admin server::  
+* Start the admin server::      
+* Add users to the database::   
+* Automate the startup of the servers::  
+@end menu
+
+@node Choose a realm name, Choose a kerberos server, How to set up the kerberos server, How to set up the kerberos server
+@subsection Choose a realm name
+
+A 
+@cindex realm
+realm is an administrative domain.  Kerberos realms are usually
+written in uppercase and consist of a Internet domain
+name@footnote{Using lowercase characters in the realm name might break
+in mysterious ways. This really should have been fixed, but has not.}.
+Call your realm the same as your Internet domain name if you do not have
+strong reasons for not doing so.  It will make life easier for you and
+everyone else.
+
+@node Choose a kerberos server, Install the configuration files, Choose a realm name, How to set up the kerberos server
+@subsection Choose a kerberos server
+
+You need to choose a machine to run the 
+@pindex kerberos
+kerberos server program.  If the kerberos database residing on this host
+is compromised, your entire realm will be compromised.  Therefore, this
+machine must be as secure as possible.  Preferably it should not run any
+services other than Kerberos.  The secure-minded administrator might
+only allow logins on the console.
+
+This machine has also to be reliable.  If it is down, you will not be
+able to use any kerberised services unless you have also configured a
+slave server (@pxref{Install a slave kerberos server}).
+
+Running the kerberos server requires very little CPU power and a small
+amount of disk. An old PC with some hundreds of megabytes of free disk
+space should do fine. Most of the disk space will be used for various
+logs.
+
+@node Install the configuration files, Install the /etc/services, Choose a kerberos server, How to set up the kerberos server
+@subsection Install the configuration files
+
+There are two important configuration files: @file{/etc/krb.conf} and
+@file{/etc/krb.realms}.
+@pindex krb.conf
+@pindex krb.realms
+
+The @file{krb.conf} file determines which machines are servers for
+different realms.  The format of this file is:
+
+@example
+THIS.REALM
+SUPP.LOCAL.REALM
+THIS.REALM              kerberos.this.realm admin server
+THIS.REALM              kerberos-1.this.realm
+SUPP.LOCAL.REALM        kerberos.supp.local.realm admin server
+ANOTHER.REALM           kerberos.another.realm
+@end example
+
+The first line defines the name of the local realm. The next few lines
+optionally defines supplementary local realms. 
+@cindex supplementary local realms
+The rest of the file
+defines the names of the kerberos servers and the database
+administration servers for all known realms. You can define any number
+of kerberos slave servers similar to the one defined on line
+four. Clients will try to contact servers in listed order.
+
+The @samp{admin server} clause at the first entry states that this is
+the master server
+@cindex master server
+(the one to contact when modifying the database, such as changing
+passwords). There should be only one such entry for each realm.
+
+In the original MIT Kerberos 4 (as in most others), the server
+specification could only take the form of a host-name. To facilitate
+having kerberos servers in odd places (such as behind a firewall),
+support has been added for ports other than the default (750), and
+protocols other than UDP.
+
+The formal syntax for an entry is now
+@samp{[@var{proto}/]@var{host}[:@var{port}]}. @var{proto} is either
+@samp{UDP}, @samp{TCP}, or @samp{HTTP}, and @var{port} is the port to
+talk to. Default value for @var{proto} is @samp{UDP} and for @var{port}
+whatever @samp{kerberos-iv} is defined to be in @file{/etc/services} or
+750 if undefined. If @var{proto} is @samp{HTTP}, the default port is
+80. An @samp{http} entry may also be specified in URL format.
+
+If the information about a realm is missing from the @file{krb.conf}
+file, or if the information is wrong, the following methods will be
+tried in order.
+
+@enumerate
+@item
+If you have an SRV-record (@cite{RFC 2052}) for your realm it will be
+used. This record should be of the form
+@samp{kerberos-iv.@var{protocol}.@var{REALM}}, where @var{proto} is
+either @samp{UDP}, @samp{TCP}, or @samp{HTTP}. (Note: the current
+implementation does not look at priority or weight when deciding which
+server to talk to.)
+@item
+If there isn't any SRV-record, it tries to find a TXT-record for the
+same domain. The contents of the record should have the same format as the
+host specification in @file{krb.conf}. (Note: this is a temporary
+solution if your name server doesn't support SRV records. The clients
+should work fine with SRV records, so if your name server supports them,
+they are very much preferred.)
+@item
+If no valid kerberos server is found, it will try to talk UDP to the
+service @samp{kerberos-iv} with fall-back to port 750 with
+@samp{kerberos.@var{REALM}} (which is also assumed to be the master
+server), and then @samp{kerberos-1.@var{REALM}},
+@samp{kerberos-2.@var{REALM}}, and so on.
+@end enumerate
+
+SRV records have been supported in BIND since 4.9.5T2A.  An example
+would look like the following in the zone file:
+
+@example
+kerberos-iv.udp.foo.se.  1M IN SRV  1 0 750 kerberos-1.foo.se.
+kerberos-iv.udp.foo.se.  1M IN SRV  0 0 750 kerberos.foo.se.
+@end example
+
+We strongly recommend that you add a CNAME @samp{kerberos.@var{REALM}}
+pointing to your kerberos master server.
+
+The @file{krb.realms} file is used to find out what realm a particular
+host belongs to.  An example of this file could look like:
+
+@example
+this.realm            THIS.REALM
+.this.realm           THIS.REALM
+foo.com               SOME.OTHER.REALM
+www.foo.com           A.STRANGE.REALM
+.foo.com              FOO.REALM
+@end example
+
+Entries starting with a dot are taken as the name of a domain. Entries
+not starting with a dot are taken as a host-name. The first entry matched
+is used. The entry for @samp{this.realm} is only necessary if there is a
+host named @samp{this.realm}.
+
+If no matching realm is found in @file{krb.realms}, DNS is searched for
+the correct realm. For example, if we are looking for host @samp{a.b.c},
+@samp{krb4-realm.a.b.c} is first tried and then @samp{krb4-realm.b.c}
+and so on. The entry should be a TXT record containing the name of the
+realm, such as:
+
+@example
+krb4-realm.pdc.kth.se.  7200    TXT     "NADA.KTH.SE"
+@end example
+
+If this didn't help the domain name sans the first part in uppercase is
+tried.
+
+The plain vanilla version of Kerberos doesn't have any fancy methods of
+getting realms and servers so it is generally a good idea to keep
+@file{krb.conf} and @file{krb.realms} up to date.
+
+In addition to these commonly used files, @file{/etc/krb.extra}
+@pindex krb.extra
+holds some things that are not normally used. It consists of a number of
+@samp{@var{variable} = @var{value}} pairs, blank lines and lines
+beginning with a hash (#) are ignored.
+
+The currently defined variables are:
+
+@table @samp
+@item kdc_timeout
+@cindex kdc_timeout
+The time in seconds to wait for an answer from the KDC (the default is 4
+seconds).
+@item kdc_timesync
+@cindex kdc_timesync
+This flag enables storing of the time differential to the KDC when
+getting an initial ticket. This differential is used later on to compute
+the correct time. This can help if your machine doesn't have a working
+clock.
+@item firewall_address
+@cindex firewall_address
+The IP address that hosts outside the firewall see when connecting from
+within the firewall. If this is specified, the code will try to compute
+the value for @samp{reverse_lsb_test}.
+@item krb4_proxy
+@cindex krb4_proxy
+When getting tickets via HTTP, this specifies the proxy to use. The
+default is to speak directly to the KDC.
+@item krb_default_tkt_root
+@cindex krb_default_tkt_root
+The default prefix for ticket files.  The default is @file{/tmp/tkt}.
+Normally the uid or tty is appended to this prefix.
+@item krb_default_keyfile
+@cindex krb_default_keyfile
+The file where the server keys are stored, the default is @file{/etc/srvtab}.
+@item nat_in_use
+@cindex nat_in_use
+If the client is behind a Network Address Translator (NAT).
+@cindex Network Address Translator
+@cindex NAT
+@item reverse_lsb_test
+@cindex reverse_lsb_test
+Reverses the test used by @code{krb_mk_safe}, @code{krb_rd_safe},
+@code{krb_mk_priv}, and @code{krb_rd_priv} to compute the ordering of
+the communicating hosts. This test can cause truble when using
+firewalls.
+@end table
+
+@node Install the /etc/services, Install the kerberos server, Install the configuration files, How to set up the kerberos server
+@subsection Updating /etc/services
+
+You should append or merge the contents of @file{services.append} to
+your @file{/etc/services} files or NIS-map. Remove any unused factory
+installed kerberos port definitions to avoid possible conflicts.
+@pindex services
+
+Most of the programs will fall back to the default ports if the port
+numbers are not found in @file{/etc/services}, but it is convenient to
+have them there anyway.
+
+@node Install the kerberos server, Set up the server, Install the /etc/services, How to set up the kerberos server
+@subsection Install the kerberos server
+
+You should have already chosen the machine where you want to run the
+kerberos server and the realm name.  The machine should also be as
+secure as possible (@pxref{Choose a kerberos server}) before installing
+the kerberos server.  In this example, we will install a kerberos server
+for the realm @samp{FOO.SE} on a machine called @samp{hemlig.foo.se}.
+
+@node Set up the server, Add a few important principals, Install the kerberos server, How to set up the kerberos server
+@subsection Setup the server
+
+Login as root on the console of the kerberos server.  Add
+@file{/usr/athena/bin} and @file{/usr/athena/sbin} to your path.  Create
+the directory @file{/var/kerberos} (@kbd{mkdir /var/kerberos}), which is
+where the database will be stored.  Then, to create the database, run
+@kbd{kdb_init}:
+@pindex kdb_init
+
+@example
+@cartouche
+hemlig# mkdir /var/kerberos
+hemlig# kdb_init
+Realm name [default  FOO.SE ]: 
+You will be prompted for the database Master Password.
+It is important that you NOT FORGET this password.
+
+Enter Kerberos master password: 
+Verifying password 
+Enter Kerberos master password: 
+@end cartouche
+@end example
+
+If you have set up the configuration files correctly, @kbd{kdb_init}
+should choose the correct realm as the default, otherwise a (good) guess
+is made.  Enter the master password.
+
+This password will only be used for encrypting the kerberos database on
+disk and for generating new random keys.  You will not have to remember
+it, only to type it again when you run @kbd{kstash}.  Choose something
+long and random.  Now run @kbd{kstash} using the same password:
+@pindex kstash
+
+@example
+@cartouche
+hemlig# kstash
+
+Enter Kerberos master password: 
+
+Current Kerberos master key version is 1.
+
+Master key entered.  BEWARE!
+Wrote master key to /.k
+@end cartouche
+@end example
+
+After entering the same master password it will be saved in the file
+@file{/.k} and the kerberos server will read it when needed. Write down
+the master password and put it in a sealed envelope in a safe, you might
+need it if your disk crashes or should you want to set up a slave
+server.
+
+@code{kdb_init} initializes the database with a few entries:
+
+@table @samp
+@item krbtgt.@var{REALM}
+The key used for authenticating to the kerberos server.
+
+@item changepw.kerberos
+The key used for authenticating to the administrative server, i.e. when
+adding users, changing passwords, and so on.
+
+@item default
+This entry is copied to new items when these are added.  Enter here the
+values you want new entries to have, particularly the expiry date.
+
+@item K.M
+This is the master key and it is only used to verify that the master key
+that is saved un-encrypted in @file{/.k} is correct and corresponds to
+this database.
+
+@end table
+
+@code{kstash} only reads the master password and writes it to
+@file{/.k}.  This enables the kerberos server to start without you
+having to enter the master password.  This file (@file{/.k}) is only
+readable by root and resides on a ``secure'' machine.
+
+@node Add a few important principals, Start the server, Set up the server, How to set up the kerberos server
+@subsection Add a few important principals
+
+Now the kerberos database has been created, containing only a few
+principals.  The next step is to add a few more so that you can test
+that it works properly and so that you can administer your realm without
+having to use the console on the kerberos server.  Use @kbd{kdb_edit}
+to edit the kerberos database directly on the server.
+@pindex kdb_edit
+
+@code{kdb_edit} is intended as a bootstrapping and fall-back mechanism
+for editing the database.  For normal purposes, use the @code{kadmin}
+program (@pxref{Add users to the database}).
+
+The following example shows the adding of the principal
+@samp{nisse.admin} into the kerberos database.  This principal is used
+by @samp{nisse} when administrating the kerberos database.  Later on the
+normal principal for @samp{nisse} will be created.  Replace @samp{nisse}
+and @samp{password} with your own username and password.
+
+@example
+@cartouche
+hemlig# kdb_edit -n
+Opening database...
+Current Kerberos master key version is 1.
+
+Master key entered.  BEWARE!
+Previous or default values are in [brackets] ,
+enter return to leave the same, or new value.
+
+Principal name: <nisse>
+Instance: <admin>
+
+<Not found>, Create [y] ? <>
+
+Principal: nisse, Instance: admin, kdc_key_ver: 1
+New Password: <password>
+Verifying password 
+New Password: <password>
+
+Principal's new key version = 1
+Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ? <>
+Max ticket lifetime (*5 minutes) [ 255 ] ? <>
+Attributes [ 0 ] ? <>
+Edit O.K.
+Principal name: <>
+@end cartouche
+@end example
+
+@code{kdb_edit} will loop until you hit the @kbd{return} key at the
+``Principal name'' prompt. Now you have added nisse as an administrator.
+
+@page
+
+@node Start the server, Try to get tickets, Add a few important principals, How to set up the kerberos server
+@subsection Start the server
+
+@pindex kerberos
+@example
+@cartouche
+hemlig# /usr/athena/libexec/kerberos &
+Kerberos server starting
+Sleep forever on error
+Log file is /var/log/kerberos.log
+Current Kerberos master key version is 1.
+
+Master key entered.  BEWARE!
+
+Current Kerberos master key version is 1
+Local realm: FOO.SE
+@end cartouche
+@end example
+
+@node  Try to get tickets, Create initial ACL for the admin server, Start the server, How to set up the kerberos server
+@subsection Try to get tickets
+
+You can now verify that these principals have been added and that the
+server is working correctly.
+
+@pindex kinit
+@example
+@cartouche
+hemlig# kinit
+eBones International (hemlig.foo.se)
+Kerberos Initialization
+Kerberos name: <nisse.admin>
+Password: <password>
+@end cartouche
+@end example
+
+If you do not get any error message from @code{kinit}, then everything
+is working (otherwise, see @ref{Common error messages}).  Use
+@code{klist} to verify the tickets you acquired with @code{kinit}:
+
+@pindex klist
+@example
+@cartouche
+hemlig# klist
+Ticket file:    /tmp/tkt0
+Principal:      nisse.admin@@FOO.SE
+
+Issued           Expires          Principal
+May 24 21:06:03  May 25 07:06:03  krbtgt.FOO.SE@@FOO.SE
+@end cartouche
+@end example
+
+@node Create initial ACL for the admin server, Start the admin server, Try to get tickets, How to set up the kerberos server
+@subsection Create initial ACL for the admin server
+
+The admin server, @code{kadmind}, uses a series of files to determine who has
+@pindex kadmind
+the right to perform certain operations.  The files are:
+@file{admin_acl.add}, @file{admin_acl.get}, @file{admin_acl.del}, and
+@file{admin_acl.mod}.  Create these with @samp{nisse.admin@@FOO.SE} as
+the contents.
+@pindex admin_acl.add
+@pindex admin_acl.get
+@pindex admin_acl.del
+@pindex admin_acl.mod
+
+@example
+@cartouche
+hemlig# echo "nisse.admin@@FOO.SE" >> /var/kerberos/admin_acl.add
+hemlig# echo "nisse.admin@@FOO.SE" >> /var/kerberos/admin_acl.get
+hemlig# echo "nisse.admin@@FOO.SE" >> /var/kerberos/admin_acl.mod
+hemlig# echo "nisse.admin@@FOO.SE" >> /var/kerberos/admin_acl.del
+@end cartouche
+@end example
+
+Later on you may wish to add more users with administration
+privileges. Make sure that you create both the administration principals
+and add them to the admin server ACL.
+
+@node Start the admin server, Add users to the database, Create initial ACL for the admin server, How to set up the kerberos server
+@subsection Start the admin server
+
+@pindex kadmind
+@example
+@cartouche
+hemlig# /usr/athena/libexec/kadmind &
+KADM Server KADM0.0A initializing
+Please do not use 'kill -9' to kill this job, use a
+regular kill instead
+
+Current Kerberos master key version is 1.
+
+Master key entered.  BEWARE!
+@end cartouche
+@end example
+
+@node Add users to the database, Automate the startup of the servers, Start the admin server, How to set up the kerberos server
+@subsection Add users to the database
+
+Use the @code{kadmin} client to add users to the database:
+@pindex kadmin
+
+@example
+@cartouche
+hemlig# kadmin -p nisse.admin -m
+Welcome to the Kerberos Administration Program, version 2
+Type "help" if you need it.
+admin:  <add nisse>
+Admin password: <nisse.admin's password>
+Maximum ticket lifetime?  (255)  [Forever]  
+Attributes?  [0x00]  
+Expiration date (enter yyyy-mm-dd) ?  [Sat Jan  1 05:59:00 2000]  
+Password for nisse:
+Verifying password Password for nisse:
+nisse added to database.
+@end cartouche
+@end example
+
+Add whatever other users you want to have in the same way.  Verify that
+a user is in the database and check the database entry for that user:
+
+@example
+@cartouche
+admin:  <get nisse>
+Info in Database for nisse.:
+Max Life: 255 (Forever)   Exp Date: Sat Jan  1 05:59:59 2000
+
+Attribs: 00  key: 0 0
+admin:  <^D>
+Cleaning up and exiting.
+@end cartouche
+@end example
+
+@node Automate the startup of the servers,  , Add users to the database, How to set up the kerberos server
+@subsection Automate the startup of the servers
+
+Add the lines that were used to start the kerberos server and the
+admin server to your startup scripts (@file{/etc/rc} or similar).
+@pindex rc
+
+@node Install the client programs, Install the kerberised services, How to set up the kerberos server, How to set up a realm
+@section Install the client programs
+
+Making a machine a kerberos client only requires a few steps.  First you
+might need to change the configuration files as with the kerberos
+server.  (@pxref{Install the configuration files} and @pxref{Install the
+/etc/services}.) Also you need to make the programs in
+@file{/usr/athena/bin} available.  This can be done by adding the
+@file{/usr/athena/bin} directory to the users' paths, by making symbolic
+links, or even by copying the programs.
+
+You should also verify that the local time on the client is synchronised
+with the time on the kerberos server by some means. The maximum allowed
+time difference between the participating servers and a client is 5
+minutes.
+@cindex NTP.
+One good way to synchronize the time is NTP (Network Time Protocol), see
+@url{http://www.eecis.udel.edu/~ntp/}.
+
+If you need to run the client programs on a machine where you do not
+have root-access, you can hopefully just use the binaries and no
+configuration will be needed.  The heuristics used are mentioned above
+(see @ref{Install the configuration files}).  If this is not the case
+and you need to have @file{krb.conf} and/or @file{krb.realms}, you can
+copy them into a directory of your choice and
+@pindex krb.conf
+@pindex krb.realms
+set the environment variable @var{KRBCONFDIR} to point at this
+@cindex KRBCONFDIR
+directory.
+
+To test the client functionality, run the @code{kinit} program:
+
+@example
+@cartouche
+foo$ kinit
+eBones International (foo.foo.se)
+Kerberos Initialization
+Kerberos name: <nisse>
+Password: <password>
+
+foo$ klist
+Ticket file:    /tmp/tkt4711
+Principal:      nisse@@FOO.SE
+
+Issued           Expires          Principal
+May 24 21:06:03  May 25 07:06:03  krbtgt.FOO.SE@@FOO.SE
+@end cartouche
+@end example
+
+@node Install the kerberised services, Install a slave kerberos server, Install the client programs, How to set up a realm
+@section Install the kerberised services
+
+These includes @code{rsh}, @code{rlogin}, @code{telnet}, @code{ftp},
+@code{rxtelnet}, and so on.
+@pindex rsh
+@pindex rlogin
+@pindex telnet
+@pindex ftp
+@pindex rxtelnet
+
+First follow the steps mentioned in the prior section to make it a
+client and verify its operation.  Change @file{inetd.conf} next to use
+the new daemons.  Look at the file
+@pindex inetd.conf
+@file{etc/inetd.conf.changes} to see the changes that we recommend you
+perform on @file{inetd.conf}.
+
+You should at this point decide what services you want to run on
+each machine.
+
+@subsection rsh, rlogin, and rcp
+@pindex rsh
+@pindex rlogin
+@pindex rcp
+
+These exist in kerberised versions and ``old-style'' versions.  The
+different versions use different port numbers, so you can choose none,
+one, or both.  If you do not want to use ``old-style'' r* services, you
+can let the programs output the text ``Remote host requires Kerberos
+authentication'' instead of just refusing connections to that port.
+This is enabled with the @samp{-v} option.  The kerberised services
+exist in encrypted and non-encrypted versions.  The encrypted services
+have an ``e'' prepended to the name and the programs take @samp{-x} as an
+option indicating encryption.
+
+Our recommendation is to only use the kerberised services and give
+explanation messages for the old ports.
+
+@subsection telnet
+@pindex telnet
+
+The telnet service always uses the same port and negotiates as to which
+authentication method should be used.  The @code{telnetd} program has
+@pindex telnetd
+an option ``-a user'' that only allows kerberised and authenticated
+connections.  If this is not included, it falls back to using clear text
+passwords.  For obvious reasons, we recommend that you enable this
+option.  If you want to use one-time passwords (@pxref{One-Time
+Passwords}) you can use the ``-a otp'' option which will allow OTPs or
+kerberised connections.
+
+@subsection ftp
+@pindex ftp
+
+The ftp service works as telnet does, with just one port being used.  By
+default only kerberos authenticated connections are allowed.  You can
+specify additional levels that are thus allowed with these options:
+
+@table @asis
+@item @kbd{-a otp}
+Allow one-time passwords (@pxref{One-Time Passwords}).
+@item @kbd{-a ftp}
+Allow anonymous login (as user ``ftp'' or ``anonymous'').
+@item @kbd{-a safe}
+The same as @kbd{-a ftp}, for backwards compatibility.
+@item @kbd{-a plain}
+Allow clear-text passwords.
+@item @kbd{-a none}
+The same as @kbd{-a ftp -a plain}.
+@item @kbd{-a user}
+A no-op, also there for backwards compatibility reasons.
+@end table
+
+When running anonymous ftp you should read the man page on @code{ftpd}
+which explains how to set it up.
+
+@subsection pop
+@pindex popper
+
+The Post Office Protocol (POP) is used to retrieve mail from the mail
+hub.  The @code{popper} program implements the standard POP3 protocol
+and the kerberised KPOP.  Use the @samp{-k} option to run the kerberos
+version of the protocol. This service should only be run on your mail
+hub.
+
+@subsection kx
+@pindex kx
+
+@code{kx} allows you to run X over a kerberos-authenticated and
+encrypted connection.  This program is used by @code{rxtelnet},
+@code{tenletxr}, and @code{rxterm}.
+
+If you have some strange kind of operating system with X libraries that
+do not allow you to use unix-sockets, you need to specify the @samp{-t}
+@pindex kxd
+option to @code{kxd}.  Otherwise it should be sufficient by adding the
+daemon in @file{inetd.conf}.
+
+@subsection kauth
+@pindex kauth
+
+This service allows you to create tickets on a remote host.  To
+enable it just insert the corresponding line in @file{inetd.conf}.
+
+@section srvtabs
+@pindex srvtab
+
+In the same way every user needs to have a password registered with
+the kerberos server, every service needs to have a shared key with the
+kerberos server.  The service keys are stored in a file, usually called
+@file{/etc/srvtab}.  This file should not be readable to anyone but
+root, in order to keep the key from being divulged.  The name of this principal
+in the kerberos database is usually the service name and the hostname.  Examples
+of such principals are @samp{pop.@var{hostname}} and
+@samp{rcmd.@var{hostname}}.  (rcmd comes from ``remote command''.)  Here
+is a list of the most commonly used srvtab types and what programs use them.
+
+@table @asis
+@item rcmd.@var{hostname}
+rsh, rcp, rlogin, telnet, kauth, su, kx
+@item rcmd.kerberos
+kprop
+@item pop.@var{hostname}
+popper, movemail, push
+@item sample.@var{hostname}
+sample_server, simple_server
+@item changepw.kerberos
+kadmin, kpasswd
+@item krbtgt.@var{realm}
+kerberos (not stored in any srvtab)
+@item ftp.@var{hostname}
+ftp (also tries with rcmd.@var{hostname})
+@item zephyr.zephyr
+Zephyr
+@item afs or afs.@var{cellname}
+Andrew File System
+@end table
+
+To create these keys you will use the the @code{ksrvutil} program.
+Perform the
+@pindex ksrvutil
+following:
+
+@example
+@cartouche
+bar# ksrvutil -p nisse.admin get
+Name [rcmd]: <>
+Instance [bar]: <>
+Realm [FOO.SE]: <>
+Is this correct? (y,n) [y] <>
+Add more keys? (y,n) [n] <>
+Password for nisse.admin@@FOO.SE: <nisse.admin's password>
+Written rcmd.bar
+rcmd.bar@@FOO.SE
+Old keyfile in /etc/srvtab.old.
+@end cartouche
+@end example
+
+@subsection Complete test of the kerberised services
+
+Obtain a ticket on one machine (@samp{foo}) and use it to login with a
+kerberised service to a second machine (@samp{bar}).  The test should
+look like this if successful:
+
+@example
+@cartouche
+foo$ kinit nisse
+eBones International (foo.foo.se)
+Kerberos Initialization for "nisse"
+Password: <nisse's password>
+foo$ klist
+Ticket file:    /tmp/tkt4711
+Principal:      nisse@@FOO.SE
+
+Issued           Expires          Principal
+May 30 13:48:03  May 30 23:48:03  krbtgt.FOO.SE@@FOO.SE
+foo$ telnet bar
+Trying 17.17.17.17...
+Connected to bar.foo.se
+Escape character is '^]'.
+[ Trying mutual KERBEROS4 ... ]
+[ Kerberos V4 accepts you ]
+[ Kerberos V4 challenge successful ]
+bar$
+@end cartouche
+@end example
+
+You can also try with @code{rsh}, @code{rcp}, @code{rlogin},
+@code{rlogin -x}, and some other commands to see that everything is
+working all right.
+
+@node Install a slave kerberos server, Cross-realm functionality , Install the kerberised services, How to set up a realm
+@section Install a slave kerberos server
+
+It is desirable to have at least one backup (slave) server in case the
+master server fails. It is possible to have any number of such slave
+servers but more than three usually doesn't buy much more redundancy.
+
+First select a good server machine.  (@pxref{Choose a kerberos
+server}). 
+
+On the master, add a @samp{rcmd.kerberos} (note, it should be literally
+``kerberos'') principal (using @samp{ksrvutil get}). The
+@pindex kprop
+@code{kprop} program, running on the master, will use this when
+authenticating to the
+@pindex kpropd
+@code{kpropd} daemons running on the slave servers.  The @code{kpropd}
+on the slave will use its @samp{rcmd.hostname} key for authenticating
+the connection from the master.  Therefore, the slave needs to have this
+key in its srvtab, and it of course also needs to have enough of the
+configuration files to act as a server.  See @ref{Install the kerberised
+services} for information on how to do this.
+
+To summarize, the master should have a key for @samp{rcmd.kerberos} and
+the slave one for @samp{rcmd.hostname}.
+
+The slave will need the same master key as you used at the master.
+
+On your master server, create a file, e.g. @file{/var/kerberos/slaves},
+that contains the hostnames of your kerberos slave servers.
+
+Start @code{kpropd} with @samp{kpropd -i} on your slave servers.
+
+On your master server, create a dump of the database and then propagate
+it.
+
+@example
+foo# kdb_util slave_dump /var/kerberos/slave_dump
+foo# kprop
+@end example
+
+You should now have copies of the database on your slave servers. You
+can verify this by issuing @samp{kdb_util dump @var{file}} on your
+slave servers, and comparing with the original file on the master
+server. Note that the entries will not be in the same order.
+
+This procedure should be automated with a script run regularly by cron,
+for instance once an hour.
+
+Since the master and slave servers will use copies of the same
+database, they need to use the same master key.  Add the master key on
+the slave with @code{kstash}. (@pxref{Set up the server})
+
+To start the kerberos server on slaves, you first have to copy the
+master key from the master server. You can do this either by remembering
+the master password and issuing @samp{kstash}, or you can just copy the
+keyfile. Remember that if you copy the file, do so on a safe media, not
+over the network. Good means include floppy or paper. Paper is better,
+since it is easier to swallow afterwards.
+
+The kerberos server should be started with @samp{-s} on the slave
+servers. This enables sanity checks, for example checking the time since
+the last update from the master.
+
+All changes to the database are made by @code{kadmind} at the master,
+and then propagated to the slaves, so you should @strong{not} run
+@code{kadmind} on the slaves.
+
+Finally add the slave servers to
+@file{/etc/krb.conf}. The clients will ask the servers in the order
+specified by that file.
+
+Consider adding CNAMEs to your slave servers, see @ref{Install the
+configuration files}.
+
+@node Cross-realm functionality ,  , Install a slave kerberos server, How to set up a realm
+@section Cross-realm functionality
+
+Suppose you are residing in the realm @samp{MY.REALM}, how do you
+authenticate to a server in @samp{OTHER.REALM}? Having valid tickets in
+@samp{MY.REALM} allows you to communicate with kerberised services in that
+realm. However, the computer in the other realm does not have a secret
+key shared with the kerberos server in your realm.
+
+It is possible to add a shared key between two realms that trust each
+other. When a client program, such as @code{telnet}, finds that the
+other computer is in a different realm, it will try to get a ticket
+granting ticket for that other realm, but from the local kerberos
+server. With that ticket granting ticket, it will then obtain service
+tickets from the kerberos server in the other realm.
+
+To add this functionality you have to add a principal to each realm. The
+principals should be @samp{krbtgt.OTHER.REALM} in @samp{MY.REALM}, and
+@samp{krbtgt.MY.REALM} in @samp{OTHER.REALM}. The two different
+principals should have the same key (and key version number).  Remember
+to transfer this key in a safe manner. This is all that is required.
+
+@page
+
+@example
+@cartouche
+blubb$ klist
+Ticket file:    /tmp/tkt3008
+Principal:      joda@@NADA.KTH.SE
+
+  Issued           Expires          Principal
+Jun  7 02:26:23  Jun  7 12:26:23  krbtgt.NADA.KTH.SE@@NADA.KTH.SE
+blubb$ telnet agat.e.kth.se
+Trying 130.237.48.12...
+Connected to agat.e.kth.se.
+Escape character is '^]'.
+[ Trying mutual KERBEROS4 ... ]
+[ Kerberos V4 accepts you ]
+[ Kerberos V4 challenge successful ]
+Last login: Sun Jun  2 20:51:50 from emma.pdc.kth.se
+
+agat$ exit
+Connection closed by foreign host.
+blubb$ klist
+Ticket file:    /tmp/tkt3008
+Principal:      joda@@NADA.KTH.SE
+
+  Issued           Expires          Principal
+Jun  7 02:26:23  Jun  7 12:26:23  krbtgt.NADA.KTH.SE@@NADA.KTH.SE
+Jun  7 02:26:50  Jun  7 12:26:50  krbtgt.E.KTH.SE@@NADA.KTH.SE
+Jun  7 02:26:51  Jun  7 12:26:51  rcmd.agat@@E.KTH.SE
+@end cartouche
+@end example
diff --git a/crypto/kerberosIV/doc/whatis.texi b/crypto/kerberosIV/doc/whatis.texi
new file mode 100644
index 0000000..6721c23
--- /dev/null
+++ b/crypto/kerberosIV/doc/whatis.texi
@@ -0,0 +1,137 @@
+@node What is Kerberos?, Installing programs, Introduction, Top
+@chapter What is Kerberos?
+
+@quotation
+@flushleft
+        Now this Cerberus had three heads of dogs,
+        the tail of a dragon, and on his back the
+        heads of all sorts of snakes.
+        --- Pseudo-Apollodorus Library 2.5.12
+@end flushleft
+@end quotation
+
+Kerberos is a system for authenticating users and services on a network.
+It is built upon the assumption that the network is ``unsafe''.  For
+example, data sent over the network can be eavesdropped and altered, and
+addresses can also be faked.  Therefore they cannot be used for
+authentication purposes.
+@cindex authentication
+
+Kerberos is a trusted third-party service.  That means that there is a
+third party (the kerberos server) that is trusted by all the entities on
+the network (users and services, usually called @dfn{principals}).  All
+principals share a secret password (or key) with the kerberos server and
+this enables principals to verify that the messages from the kerberos
+server are authentic.  Thus trusting the kerberos server, users and
+services can authenticate each other.
+
+@section Basic mechanism
+
+@ifinfo
+@macro sub{arg}
+<\arg\>
+@end macro
+@end ifinfo
+
+@tex
+@def@xsub#1{$_{#1}$}
+@global@let@sub=@xsub
+@end tex
+
+In Kerberos, principals use @dfn{tickets} to prove that they are who
+they claim to be. In the following example, @var{A} is the initiator of
+the authentication exchange, usually a user, and @var{B} is the service
+that @var{A} wishes to use.
+
+To obtain a ticket for a specific service, @var{A} sends a ticket
+request to the kerberos server. The request basically contains @var{A}'s
+and @var{B}'s names. The kerberos server checks that both @var{A} and
+@var{B} are valid principals.
+
+Having verified the validity of the principals, it creates a packet
+containing @var{A}'s and @var{B}'s names, @var{A}'s network address
+(@var{A@sub{addr}}), the current time (@var{t@sub{issue}}), the lifetime
+of the ticket (@var{life}), and a secret @dfn{session key}
+@cindex session key
+(@var{K@sub{AB}}). This packet is encrypted with @var{B}'s secret key
+(@var{K@sub{B}}).  The actual ticket (@var{T@sub{AB}}) looks like this:
+(@{@var{A}, @var{B}, @var{A@sub{addr}}, @var{t@sub{issue}}, @var{life},
+@var{K@sub{AB}}@}@var{K@sub{B}}).
+
+The reply to @var{A} consists of the ticket (@var{T@sub{AB}}), @var{B}'s
+name, the current time, the lifetime of the ticket, and the session key, all
+encrypted in @var{A}'s secret key (@{@var{B}, @var{t@sub{issue}},
+@var{life}, @var{K@sub{AB}}, @var{T@sub{AB}}@}@var{K@sub{A}}). @var{A}
+decrypts the reply and retains it for later use.
+
+@sp 1
+
+Before sending a message to @var{B}, @var{A} creates an authenticator
+consisting of @var{A}'s name, @var{A}'s address, the current time, and a
+``checksum'' chosen by @var{A}, all encrypted with the secret session
+key (@{@var{A}, @var{A@sub{addr}}, @var{t@sub{current}},
+@var{checksum}@}@var{K@sub{AB}}). This is sent together with the ticket
+received from the kerberos server to @var{B}.  Upon reception, @var{B}
+decrypts the ticket using @var{B}'s secret key.  Since the ticket
+contains the session key that the authenticator was encrypted with,
+@var{B} can now also decrypt the authenticator. To verify that @var{A}
+really is @var{A}, @var{B} now has to compare the contents of the ticket
+with that of the authenticator. If everything matches, @var{B} now
+considers @var{A} as properly authenticated.
+
+@c (here we should have some more explanations)
+
+@section Different attacks
+
+@subheading Impersonating A
+
+An impostor, @var{C} could steal the authenticator and the ticket as it
+is transmitted across the network, and use them to impersonate
+@var{A}. The address in the ticket and the authenticator was added to
+make it more difficult to perform this attack.  To succeed @var{C} will
+have to either use the same machine as @var{A} or fake the source
+addresses of the packets. By including the time stamp in the
+authenticator, @var{C} does not have much time in which to mount the
+attack.
+
+@subheading Impersonating B
+
+@var{C} can masquerade @var{B}'s network address, and when @var{A} sends
+her credentials, @var{C} just pretend to verify them. @var{C} can't
+be sure that she is talking to @var{A}.
+
+@section Defense strategies
+
+It would be possible to add a @dfn{replay cache}
+@cindex replay cache
+to the server side.  The idea is to save the authenticators sent during
+the last few minutes, so that @var{B} can detect when someone is trying
+to retransmit an already used message. This is somewhat impractical
+(mostly regarding efficiency), and is not part of Kerberos 4; MIT
+Kerberos 5 contains it.
+
+To authenticate @var{B}, @var{A} might request that @var{B} sends
+something back that proves that @var{B} has access to the session
+key. An example of this is the checksum that @var{A} sent as part of the
+authenticator. One typical procedure is to add one to the checksum,
+encrypt it with the session key and send it back to @var{A}.  This is
+called @dfn{mutual authentication}.
+
+The session key can also be used to add cryptographic checksums to the
+messages sent between @var{A} and @var{B} (known as @dfn{message
+integrity}).  Encryption can also be added (@dfn{message
+confidentiality}). This is probably the best approach in all cases.
+@cindex integrity
+@cindex confidentiality
+
+@section Further reading
+
+The original paper on Kerberos from 1988 is @cite{Kerberos: An
+Authentication Service for Open Network Systems}, by Jennifer Steiner,
+Clifford Neuman and Jeffrey I. Schiller.
+
+A less technical description can be found in @cite{Designing an
+Authentication System: a Dialogue in Four Scenes} by Bill Bryant, also
+from 1988.
+
+These and several other documents can be found on our web-page.
diff --git a/crypto/kerberosIV/eBones-p9.README b/crypto/kerberosIV/eBones-p9.README
new file mode 100644
index 0000000..8442985
--- /dev/null
+++ b/crypto/kerberosIV/eBones-p9.README
@@ -0,0 +1,26 @@
+The file eBones-p9.patch.Z is the compressed patch for Bones (patchlevel 9)
+that puts back the calls to the DES encryption libraries.
+
+eBones-p9-des.tar.Z is a compressed tar file of MIT compatible
+des encryption routines.  Install these routines in src/lib/des.
+The des_quad_cksum is not compatible with the MIT version
+but I should fix that when I have access to ultrix 4
+* [It has now been fixed and is the same as MIT's]
+(it has a binary copy of libdes.a)).  There are two extra routines,
+des_enc_read and des_enc_write.  These routines are used in the
+kerberos rcp, rlogin and rlogind to encrypt all network traffic.
+
+eBones-p9.tar.Z is a compressed tar file of Bones (patchlevel 9)
+with the eBones-p9.patch applied and eBones-p9-des.tar.Z installed.
+
+When applying the patch to Bones, don't do a
+find src -name "*.orig" -exec /bin/rm {} \;
+There is a file called src/util/ss/ss.h.orig that is needed and
+the above find will remove it.
+
+The Imakefile in src/lib/des assumes you have gcc.  If you don't,
+you will have to change the Imakefile.  Compile this directory with
+the maximum optimization your compiler has available.
+
+These modifications have been successfully unpacked and compiled
+on a microvax 3600.
diff --git a/crypto/kerberosIV/etc/README b/crypto/kerberosIV/etc/README
new file mode 100644
index 0000000..68865ec
--- /dev/null
+++ b/crypto/kerberosIV/etc/README
@@ -0,0 +1,41 @@
+
+	How to update your files in the /etc directory!
+
+/etc/services (all machines)
+
+  The contents of services.append can probably just be appended to
+your local file. If you use NIS (YP) you need to do this on the NIS
+master. Delete and duplicate definitions to prevent inconsistencies.
+
+/etc/krb.conf (all machines)
+
+  Create a krb.conf file by substituting MY.REALM.NAME with your
+domain name. If you create a domain name alias (CNAME) kerberos.domain
+pointing to your master server, unconfigured clients will have a
+chance to find your realm.
+
+  It is no longer necessary to put each and every realm in
+krb.{conf,realms}. If the domain name matches your realm name and you
+have a CNAME kerberos.REALMNAME pointing at your kerberos server other
+sites will find your realm even if it is not listed in krb.conf.  
+*** Please add this CNAME to your local DNS ***
+
+/etc/krb.realms (all machines)
+
+  Substitue MY.REALM.NAME in krb.realms with your domain name.
+  Not strictly necessary when domain and realm names match.
+
+/etc/inetd.conf (all machines supporting incoming telnet, rsh etc.)
+
+  Comment out the lines starting with shell, login and telnet and
+append inetd.conf.changes. Be carefull to check that there are no
+additional old entries of kshell, ekshell, klogin and eklogin left.
+
+  The -v option to rshd and rlogin turns off that service and echo
+an informational message to the user.
+
+/etc/srvtab
+
+  With 'ksrvutil get' you can add entries to the Kerberos database and
+put the service keys into your srvtab file.
+
diff --git a/crypto/kerberosIV/etc/default.login b/crypto/kerberosIV/etc/default.login
new file mode 100644
index 0000000..f01b2ee
--- /dev/null
+++ b/crypto/kerberosIV/etc/default.login
@@ -0,0 +1,47 @@
+#
+# Sample /etc/default/login file, read by the login program
+#
+# For more info consult SysV login(1)
+#
+# Most things are environment variables.
+# HZ and TZ are set only if they are still uninitialized.
+
+# This really variable TZ
+#TIMEZONE=EST5EDT
+
+#HZ=100
+
+# File size limit, se ulimit(2).
+# Note that the limit must be specified in units of 512-byte blocks.
+#ULIMIT=0
+
+# If CONSOLE is set, root can only login on that device.
+# When not set root can log in on any device.
+#CONSOLE=/dev/console
+
+# PASSREQ determines if login requires a password.
+PASSREQ=YES
+
+# ALTSHELL, really set SHELL=/bin/bash or other shell
+# Extension: when ALTSHELL=YES, we set the SHELL variable even if it is /bin/sh
+ALTSHELL=YES
+
+# Default PATH
+#PATH=/usr/bin:
+
+# Default PATH for root user
+#SUPATH=/usr/sbin:/usr/bin
+
+# TIMEOUT sets the number of seconds (between 0 and 900) to wait before
+# abandoning a login session.
+# 
+#TIMEOUT=300
+
+# Use this for default umask(2) value
+#UMASK=022
+
+# Sleeptime between failed logins
+# SLEEPTIME
+
+# Maximum number of failed login attempts, well the user can always reconnect
+# MAXTRYS
diff --git a/crypto/kerberosIV/etc/fbtab b/crypto/kerberosIV/etc/fbtab
new file mode 100644
index 0000000..3e21376
--- /dev/null
+++ b/crypto/kerberosIV/etc/fbtab
@@ -0,0 +1,15 @@
+# Sample /etc/fbtab file read by the login program
+# This file can also be called /etc/logindevperm.
+
+# Use this to give away devices to the console user. The group of the
+# devices is set to the owner's group specified in /etc/passwd.
+#
+# First column specifies the console device.
+#
+# Second the mode bits of the given away devices
+#
+# Third is a : separated list of devices to give away
+
+# console       mode    devices
+/dev/console	0600	/dev/console:/dev/mouse
+/dev/console	0600	/dev/floppy
diff --git a/crypto/kerberosIV/etc/hosts.equiv b/crypto/kerberosIV/etc/hosts.equiv
new file mode 100644
index 0000000..2fbb50c
--- /dev/null
+++ b/crypto/kerberosIV/etc/hosts.equiv
@@ -0,0 +1 @@
+localhost
diff --git a/crypto/kerberosIV/etc/inetd.conf.changes b/crypto/kerberosIV/etc/inetd.conf.changes
new file mode 100644
index 0000000..c0a88ca
--- /dev/null
+++ b/crypto/kerberosIV/etc/inetd.conf.changes
@@ -0,0 +1,33 @@
+#
+# $Id: inetd.conf.changes,v 1.13 1997/09/03 15:48:23 bg Exp $
+#
+# Turn off vanilla rshd and rlogind with an informational message.
+# If you really want this security problem remove the '-v' option!
+shell	stream	tcp nowait root	/usr/athena/libexec/rshd rshd -l -L -v
+login	stream	tcp nowait root /usr/athena/libexec/rlogind rlogind -l -v
+#
+# Kerberos rsh
+kshell	stream	tcp nowait root	/usr/athena/libexec/rshd rshd -L -k
+ekshell	stream	tcp nowait root	/usr/athena/libexec/rshd rshd -L -k -x
+ekshell2 stream	tcp nowait root	/usr/athena/libexec/rshd rshd -L -k -x
+#
+# Kerberos rlogin
+klogin	stream	tcp nowait root	/usr/athena/libexec/rlogind rlogind -k
+eklogin	stream	tcp nowait root	/usr/athena/libexec/rlogind rlogind -k -x
+#
+# Kerberized telnet and ftp, consider adding '-a user' to
+# disallow cleartext passwords to both telnetd and ftpd.
+telnet	stream	tcp nowait root /usr/athena/libexec/telnetd telnetd -a none
+ftp	stream	tcp nowait root	/usr/athena/libexec/ftpd ftpd -l -a none
+#
+# Kerberized POP. Server principal is pop.hostname, *not* rcmd.hostname!
+#kpop	stream	tcp nowait root	/usr/athena/libexec/popper popper -k
+#
+# Old POP3 with passwords in clear (not recommended, uses cleartext passwords)
+#pop3	stream	tcp nowait root	/usr/athena/libexec/popper popper
+#
+# Kauthd, support for putting tickets on other machines in a secure fashion.
+kauth	stream	tcp nowait root	/usr/athena/libexec/kauthd kauthd
+#
+# Encrypted X connections
+kx	stream	tcp nowait root	/usr/athena/libexec/kxd kxd
diff --git a/crypto/kerberosIV/etc/inetd.conf.changes.in b/crypto/kerberosIV/etc/inetd.conf.changes.in
new file mode 100644
index 0000000..2ccb8f5
--- /dev/null
+++ b/crypto/kerberosIV/etc/inetd.conf.changes.in
@@ -0,0 +1,33 @@
+#
+# $Id: inetd.conf.changes.in,v 1.14 1999/11/10 14:21:07 joda Exp $
+#
+# Turn off vanilla rshd and rlogind with an informational message.
+# If you really want this security problem remove the '-v' option!
+shell	stream	tcp nowait root	@prefix@/libexec/rshd rshd -l -L -v
+login	stream	tcp nowait root @prefix@/libexec/rlogind rlogind -l -v
+#
+# Kerberos rsh
+kshell	stream	tcp nowait root	@prefix@/libexec/rshd rshd -L -k
+ekshell	stream	tcp nowait root	@prefix@/libexec/rshd rshd -L -k -x
+ekshell2 stream	tcp nowait root	@prefix@/libexec/rshd rshd -L -k -x
+#
+# Kerberos rlogin
+klogin	stream	tcp nowait root	@prefix@/libexec/rlogind rlogind -k
+eklogin	stream	tcp nowait root	@prefix@/libexec/rlogind rlogind -k -x
+#
+# Kerberized telnet and ftp, consider adding '-a user' to
+# disallow cleartext passwords to both telnetd and ftpd.
+telnet	stream	tcp nowait root @prefix@/libexec/telnetd telnetd -a none
+ftp	stream	tcp nowait root	@prefix@/libexec/ftpd ftpd -l -a none
+#
+# Kerberized POP. Server principal is pop.hostname, *not* rcmd.hostname!
+#kpop	stream	tcp nowait root	@prefix@/libexec/popper popper -k
+#
+# Old POP3 with passwords in clear (not recommended, uses cleartext passwords)
+#pop3	stream	tcp nowait root	@prefix@/libexec/popper popper
+#
+# Kauthd, support for putting tickets on other machines in a secure fashion.
+kauth	stream	tcp nowait root	@prefix@/libexec/kauthd kauthd
+#
+# Encrypted X connections
+kx	stream	tcp nowait root	@prefix@/libexec/kxd kxd
diff --git a/crypto/kerberosIV/etc/krb.conf b/crypto/kerberosIV/etc/krb.conf
new file mode 100644
index 0000000..9c694b5
--- /dev/null
+++ b/crypto/kerberosIV/etc/krb.conf
@@ -0,0 +1,55 @@
+MY.REALM.NAME
+MY.REALM.NAME	kerberos.MY.REALM.NAME admin server
+SICS.SE		kerberos.sics.se admin server
+NADA.KTH.SE	kerberos.nada.kth.se admin server
+NADA.KTH.SE	sysman.nada.kth.se
+NADA.KTH.SE	server.nada.kth.se
+ADMIN.KTH.SE	ulysses.admin.kth.se admin server
+ADMIN.KTH.SE	graziano.admin.kth.se
+ADMIN.KTH.SE	montano.admin.kth.se
+BION.KTH.SE     chaplin.bion.kth.se admin server
+DSV.SU.SE	ssi.dsv.su.se admin server
+DSV.SU.SE	vall.dsv.su.se
+E.KTH.SE	kerberos.e.kth.se admin server
+E.KTH.SE        kerberos-1.e.kth.se
+E.KTH.SE        kerberos-2.e.kth.se
+IT.KTH.SE	kerberos.it.kth.se
+IT.KTH.SE	kerberos-1.it.kth.se
+IT.KTH.SE	kerberos-2.it.kth.se
+MECH.KTH.SE	kerberos.mech.kth.se admin server
+KTH.SE		kth.se admin server
+ML.KVA.SE	gustava.ml.kva.se admin server
+PI.SE		liszt.adm.pi.se admin server
+STACKEN.KTH.SE	kerberos.stacken.kth.se admin server
+SUNET.SE	kerberos.sunet.se admin server
+CYGNUS.COM kerberos.cygnus.com admin server
+CYGNUS.COM kerberos-1.cygnus.com
+CYGNUS.COM dumb.cygnus.com
+DEVO.CYGNUS.COM dumber.cygnus.com admin server
+MIRKWOOD.CYGNUS.COM mirkwood.cygnus.com admin server
+KITHRUP.COM KITHRUP.COM admin server
+ATHENA.MIT.EDU kerberos.mit.edu admin server
+ATHENA.MIT.EDU kerberos-1.mit.edu
+ATHENA.MIT.EDU kerberos-2.mit.edu
+ATHENA.MIT.EDU kerberos-3.mit.edu
+LCS.MIT.EDU kerberos.lcs.mit.edu admin server
+SMS_TEST.MIT.EDU dodo.mit.edu admin server
+LS.MIT.EDU ls.mit.edu admin server
+IFS.UMICH.EDU kerberos.ifs.umich.edu
+CS.WASHINGTON.EDU hawk.cs.washington.edu
+CS.WASHINGTON.EDU aspen.cs.washington.edu
+CS.BERKELEY.EDU okeeffe.berkeley.edu
+SOUP.MIT.EDU soup.mit.edu admin server
+TELECOM.MIT.EDU bitsy.mit.edu
+MEDIA.MIT.EDU kerberos.media.mit.edu
+NEAR.NET kerberos.near.net
+CATS.UCSC.EDU mehitabel.ucsc.edu admin server
+CATS.UCSC.EDU ucsch.ucsc.edu
+WATCH.MIT.EDU kerberos.watch.mit.edu admin server
+TELEBIT.COM napa.telebit.com. admin server
+ARMADILLO.COM monad.armadillo.com admin server
+TOAD.COM toad.com admin server
+ZEN.ORG zen.org admin server
+LLOYD.COM harry.lloyd.com admin server
+EPRI.COM kerberos.epri.com admin server
+EPRI.COM kerberos-2.epri.com
diff --git a/crypto/kerberosIV/etc/krb.equiv b/crypto/kerberosIV/etc/krb.equiv
new file mode 100644
index 0000000..6205c1f
--- /dev/null
+++ b/crypto/kerberosIV/etc/krb.equiv
@@ -0,0 +1,14 @@
+# List of host with multiple adresses.
+#
+193.10.156.253	130.237.232.44	193.10.156.252	# scws scws-fddi scws-2.
+193.10.156.250  130.237.232.15  		# salmon-sp salmon.
+#
+# new krb.equiv syntax for all of SP.
+#
+193.10.156.0/24	193.10.157.0/24	\	# syk-X.pdc.kth.se syk-X-hps.pdc.kth.se
+130.237.232.31	130.237.232.32	\	# syk-0101-fddi syk-0201-fddi
+130.237.232.38	130.237.232.39	\	# syk-0115-fddi syk-0116-fddi
+130.237.232.33	130.237.232.34	\	# syk-0301-fddi syk-0401-fddi
+130.237.232.35	130.237.232.36	\	# syk-0501-fddi syk-0601-fddi
+130.237.232.37	130.237.230.66	\	# syk-0602-fddi syk-0602-fcs
+130.237.230.36				# syk-0606-hippi.
diff --git a/crypto/kerberosIV/etc/krb.realms b/crypto/kerberosIV/etc/krb.realms
new file mode 100644
index 0000000..7498bf0
--- /dev/null
+++ b/crypto/kerberosIV/etc/krb.realms
@@ -0,0 +1,54 @@
+.MY.REALM.NAME	MY.REALM.NAME
+sics.se		SICS.SE
+.sics.se	SICS.SE
+nada.kth.se	NADA.KTH.SE
+pdc.kth.se	NADA.KTH.SE
+.hydro.kth.se	NADA.KTH.SE
+.mech.kth.se	MECH.KTH.SE
+.nada.kth.se	NADA.KTH.SE
+.pdc.kth.se	NADA.KTH.SE
+.sans.kth.se	NADA.KTH.SE
+.admin.kth.se	ADMIN.KTH.SE
+.e.kth.se	E.KTH.SE
+.s3.kth.se	E.KTH.SE
+.radio.kth.se	E.KTH.SE
+.ttt.kth.se	E.KTH.SE
+.electrum.kth.se	IT.KTH.SE
+.math.kth.se	MATH.KTH.SE
+.it.kth.se	IT.KTH.SE
+.sth.sunet.se	SUNET.SE
+.pilsnet.sunet.se	SUNET.SE
+.sunet.se	SUNET.SE
+.ml.kva.se	ML.KVA.SE
+pi.se		PI.SE
+.pi.se		PI.SE
+.adm.pi.se	PI.SE
+.stacken.kth.se	STACKEN.KTH.SE
+kth.se		KTH.SE
+.kth.se		KTH.SE
+.bion.kth.se	BION.KTH.SE
+.dsv.su.se	DSV.SU.SE
+.MIT.EDU ATHENA.MIT.EDU
+.MIT.EDU. ATHENA.MIT.EDU
+MIT.EDU ATHENA.MIT.EDU
+DODO.MIT.EDU SMS_TEST.MIT.EDU
+.UCSC.EDU CATS.UCSC.EDU
+.UCSC.EDU. CATS.UCSC.EDU
+CYGNUS.COM CYGNUS.COM
+.CYGNUS.COM CYGNUS.COM
+MIRKWOOD.CYGNUS.COM MIRKWOOD.CYGNUS.COM
+KITHRUP.COM KITHRUP.COM
+.KITHRUP.COM KITHRUP.COM
+.berkeley.edu   EECS.BERKELEY.EDU
+.CS.berkeley.edu        EECS.BERKELEY.EDU
+.MIT.EDU        ATHENA.MIT.EDU
+.mit.edu        ATHENA.MIT.EDU
+.BSDI.COM       BSDI.COM
+ARMADILLO.COM	ARMADILLO.COM
+.ARMADILLO.COM	ARMADILLO.COM
+ZEN.ORG		ZEN.ORG
+.ZEN.ORG	ZEN.ORG
+toad.com	TOAD.COM
+.toad.com	TOAD.COM
+lloyd.com	LLOYD.COM
+.lloyd.com	LLOYD.COM
diff --git a/crypto/kerberosIV/etc/login.access b/crypto/kerberosIV/etc/login.access
new file mode 100644
index 0000000..f811616
--- /dev/null
+++ b/crypto/kerberosIV/etc/login.access
@@ -0,0 +1,54 @@
+# Sample /etc/login.access file read by the login program
+#
+# Login access control table.
+# 
+# When someone logs in, the table is scanned for the first entry that
+# matches the (user, host) combination, or, in case of non-networked
+# logins, the first entry that matches the (user, tty) combination.  The
+# permissions field of that table entry determines whether the login will 
+# be accepted or refused.
+# 
+# Format of the login access control table is three fields separated by a
+# ":" character:
+# 
+# 	permission : users : origins
+# 
+# The first field should be a "+" (access granted) or "-" (access denied)
+# character. 
+#
+# The second field should be a list of one or more login names, group
+# names, or ALL (always matches). A pattern of the form user@host is
+# matched when the login name matches the "user" part, and when the
+# "host" part matches the local machine name.
+#
+# The third field should be a list of one or more tty names (for
+# non-networked logins), host names, domain names (begin with "."), host
+# addresses, internet network numbers (end with "."), ALL (always
+# matches) or LOCAL (matches any string that does not contain a "."
+# character).
+#
+# If you run NIS you can use @netgroupname in host or user patterns; this
+# even works for @usergroup@@hostgroup patterns. Weird.
+#
+# The EXCEPT operator makes it possible to write very compact rules.
+#
+# The group file is searched only when a name does not match that of the
+# logged-in user. Only groups are matched in which users are explicitly
+# listed: the program does not look at a user's primary group id value.
+#
+##############################################################################
+# 
+# Disallow console logins to all but a few accounts.
+#
+-:ALL EXCEPT wheel shutdown sync:console
+#
+# Disallow non-local logins to privileged accounts (group wheel).
+#
+-:wheel:ALL EXCEPT LOCAL .win.tue.nl
+#
+# Some accounts are not allowed to login from anywhere:
+#
+-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
+#
+# All other accounts are allowed to login from anywhere.
+#
diff --git a/crypto/kerberosIV/etc/services.append b/crypto/kerberosIV/etc/services.append
new file mode 100644
index 0000000..3b3ec61
--- /dev/null
+++ b/crypto/kerberosIV/etc/services.append
@@ -0,0 +1,26 @@
+#
+# $Id: services.append,v 1.13 1999/07/06 13:08:02 assar Exp $
+#
+# Kerberos services
+#
+kerberos-sec	88/udp				# Kerberos secondary port UDP
+kerberos-sec	88/tcp				# Kerberos secondary port TCP
+kpasswd		464/udp				# password changing
+kpasswd		464/tdp				# password changing
+klogin		543/tcp				# Kerberos authenticated rlogin
+kshell		544/tcp		krcmd		# and remote shell
+ekshell		545/tcp		      # Kerberos encrypted remote shell -kfall
+ekshell2	2106/tcp	      # What U of Colorado @ Boulder uses?
+kerberos-adm	749/udp				# v5 kadmin
+kerberos-adm	749/tcp				# v5 kadmin
+kerberos-iv	750/udp		kerberos kdc	# Kerberos authentication--udp
+kerberos-iv	750/tcp		kerberos kdc	# Kerberos authentication--tcp
+kerberos_master 751/udp				# v4 kadmin
+kerberos_master 751/tcp				# v4 kadmin
+krb_prop	754/tcp		hprop		# Kerberos slave propagation
+kpop		1109/tcp			# Pop with Kerberos
+eklogin		2105/tcp			# Kerberos encrypted rlogin
+rkinit		2108/tcp			# Kerberos remote kinit
+kx		2111/tcp			# X over kerberos
+kip		2112/tcp			# IP over kerberos
+kauth		2120/tcp			# Remote kauth
diff --git a/crypto/kerberosIV/include/Makefile.in b/crypto/kerberosIV/include/Makefile.in
new file mode 100644
index 0000000..f321f16
--- /dev/null
+++ b/crypto/kerberosIV/include/Makefile.in
@@ -0,0 +1,167 @@
+# $Id: Makefile.in,v 1.59.2.1 1999/12/06 17:23:06 assar Exp $
+
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+SHELL		= /bin/sh
+
+CC		= @CC@
+LINK = @LINK@
+DEFS		= @DEFS@ -DHOST=\"@CANONICAL_HOST@\"
+CFLAGS		= @CFLAGS@ $(WFLAGS)
+WFLAGS		= @WFLAGS@
+LD_FLAGS	= @LD_FLAGS@
+
+INSTALL		= @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS	= @top_srcdir@/mkinstalldirs
+LN_S		= @LN_S@
+EXECSUFFIX	= @EXECSUFFIX@
+
+prefix		= @prefix@
+exec_prefix	= @exec_prefix@
+includedir	= @includedir@
+libdir		= @libdir@
+
+@SET_MAKE@
+
+.c.o:
+	$(CC) -c $(DEFS) -I. -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
+
+HEADERS = \
+	acl.h com_err.h com_right.h des.h kadm.h kafs.h kdc.h \
+	klog.h krb.h krb-protos.h krb-archaeology.h krb_db.h \
+	ktypes.h otp.h prot.h sl.h @EXTRA_HEADERS@
+
+LOCL_HEADERS = \
+	     base64.h roken-common.h protos.h resolve.h xdbm.h	\
+	     krb_log.h getarg.h parse_time.h @EXTRA_LOCL_HEADERS@
+
+CLEAN_FILES = roken.h krb_err.h kadm_err.h
+
+BITS_OBJECTS = bits.o
+
+SOURCES = bits.c
+
+SUBDIRS		= sys
+
+all: stamp-headers
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+Wall:
+	$(MAKE) CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(includedir)
+	for x in $(HEADERS); \
+		do $(INSTALL_DATA) $$x $(DESTDIR)$(includedir)/$$x; done
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+uninstall:
+	for x in $(HEADERS); do \
+	  rm -f $(DESTDIR)$(includedir)/$$x; \
+	done
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+clean:
+	rm -f $(HEADERS) $(LOCL_HEADERS) \
+		$(CLEAN_FILES) *.o bits stamp-headers
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+mostlyclean:	clean
+
+distclean:
+	$(MAKE) clean
+	rm -f config.h version.h version.h.in
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+	rm -f Makefile config.status *~
+
+realclean:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
+
+acl.h:
+	$(LN_S) $(srcdir)/../lib/acl/acl.h .
+
+com_err.h:
+	$(LN_S) $(srcdir)/../lib/com_err/com_err.h .
+com_right.h:
+	$(LN_S) $(srcdir)/../lib/com_err/com_right.h .
+
+des.h:
+	$(LN_S) $(srcdir)/../lib/des/des.h .
+
+kadm.h:
+	$(LN_S) $(srcdir)/../lib/kadm/kadm.h .
+
+kafs.h:
+	$(LN_S) $(srcdir)/../lib/kafs/kafs.h .
+
+kdc.h:
+	$(LN_S) $(srcdir)/../lib/kdb/kdc.h .
+
+klog.h:
+	$(LN_S) $(srcdir)/../lib/krb/klog.h .
+krb-archaeology.h:
+	$(LN_S) $(srcdir)/../lib/krb/krb-archaeology.h .
+krb-protos.h:
+	$(LN_S) $(srcdir)/../lib/krb/krb-protos.h .
+krb.h:
+	$(LN_S) $(srcdir)/../lib/krb/krb.h .
+prot.h:
+	$(LN_S) $(srcdir)/../lib/krb/prot.h .
+
+krb_db.h:
+	$(LN_S) $(srcdir)/../lib/kdb/krb_db.h .
+krb_log.h:
+	$(LN_S) $(srcdir)/../lib/krb/krb_log.h .
+
+otp.h:
+	$(LN_S) $(srcdir)/../lib/otp/otp.h .
+
+base64.h:
+	$(LN_S) $(srcdir)/../lib/roken/base64.h .
+err.h:
+	$(LN_S) $(srcdir)/../lib/roken/err.h .
+fnmatch.h:
+	$(LN_S) $(srcdir)/../lib/roken/fnmatch.h .
+getarg.h:
+	$(LN_S) $(srcdir)/../lib/roken/getarg.h .
+glob.h:
+	$(LN_S) $(srcdir)/../lib/roken/glob.h .
+parse_time.h:
+	$(LN_S) $(srcdir)/../lib/roken/parse_time.h .
+resolve.h:
+	$(LN_S) $(srcdir)/../lib/roken/resolve.h .
+roken-common.h:
+	$(LN_S) $(srcdir)/../lib/roken/roken-common.h .
+xdbm.h:
+	$(LN_S) $(srcdir)/../lib/roken/xdbm.h .
+
+sl.h:
+	$(LN_S) $(srcdir)/../lib/sl/sl.h .
+
+protos.h:
+	$(LN_S) $(srcdir)/protos.H protos.h
+
+netdb.h:
+	$(LN_S) $(srcdir)/netdb.x netdb.h
+
+bits$(EXECSUFFIX):	$(BITS_OBJECTS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(BITS_OBJECTS)
+
+bits.o: bits.c
+
+ktypes.h: bits$(EXECSUFFIX)
+	./bits$(EXECSUFFIX) $@
+
+stamp-headers: Makefile
+	$(MAKE) $(HEADERS) $(LOCL_HEADERS)
+	touch stamp-headers
+
+.PHONY: all Wall install uninstall clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/include/bits.c b/crypto/kerberosIV/include/bits.c
new file mode 100644
index 0000000..a2c40bc
--- /dev/null
+++ b/crypto/kerberosIV/include/bits.c
@@ -0,0 +1,208 @@
+/*
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: bits.c,v 1.6 1999/12/02 16:58:36 joda Exp $");
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <ctype.h>
+
+#ifndef HAVE_STRUPR
+static void
+strupr(char *s)
+{
+    unsigned char *p = (unsigned char *)s;
+    while(*p){
+	if(islower(*p))
+	    *p = toupper(*p);
+	p++;
+    }
+}
+#endif /* HAVE_STRUPR */
+
+#define BITSIZE(TYPE)						\
+{								\
+    int b = 0; TYPE x = 1, zero = 0; char *pre = "u_";		\
+    char tmp[128], tmp2[128];					\
+    while(x){ x <<= 1; b++; if(x < zero) pre=""; }		\
+    if(b >= len){						\
+        int tabs;						\
+	sprintf(tmp, "%sint%d_t" , pre, len);			\
+	sprintf(tmp2, "typedef %s %s;", #TYPE, tmp);		\
+	strupr(tmp);						\
+	tabs = 5 - strlen(tmp2) / 8;				\
+        fprintf(f, "%s", tmp2);					\
+	while(tabs-- > 0) fprintf(f, "\t");			\
+	fprintf(f, "/* %2d bits */\n", b);			\
+        return;                                                 \
+    }								\
+}
+
+#ifndef HAVE___ATTRIBUTE__
+#define __attribute__(x)
+#endif
+
+static void
+try_signed(FILE *f, int len)  __attribute__ ((unused));
+
+static void
+try_unsigned(FILE *f, int len) __attribute__ ((unused));
+
+static void
+try_signed(FILE *f, int len)
+{
+    BITSIZE(signed char);
+    BITSIZE(short);
+    BITSIZE(int);
+    BITSIZE(long);
+#ifdef HAVE_LONG_LONG
+    BITSIZE(long long);
+#endif
+    fprintf(f, "/* There is no %d bit type */\n", len);
+}
+
+static void
+try_unsigned(FILE *f, int len)
+{
+    BITSIZE(unsigned char);
+    BITSIZE(unsigned short);
+    BITSIZE(unsigned int);
+    BITSIZE(unsigned long);
+#ifdef HAVE_LONG_LONG
+    BITSIZE(unsigned long long);
+#endif
+    fprintf(f, "/* There is no %d bit type */\n", len);
+}
+
+static int
+print_bt(FILE *f, int flag)
+{
+    if(flag == 0){
+	fprintf(f, "/* For compatibility with various type definitions */\n");
+	fprintf(f, "#ifndef __BIT_TYPES_DEFINED__\n");
+	fprintf(f, "#define __BIT_TYPES_DEFINED__\n");
+	fprintf(f, "\n");
+    }
+    return 1;
+}
+
+int main(int argc, char **argv)
+{
+    FILE *f;
+    int flag;
+    char *fn, *hb;
+    
+    if(argc < 2){
+	fn = "bits.h";
+	hb = "__BITS_H__";
+	f = stdout;
+    } else {
+	char *p;
+	fn = argv[1];
+	hb = malloc(strlen(fn) + 5);
+	sprintf(hb, "__%s__", fn);
+	for(p = hb; *p; p++){
+	    if(!isalnum((unsigned char)*p))
+		*p = '_';
+	}
+	f = fopen(argv[1], "w");
+    }
+    fprintf(f, "/* %s -- this file was generated for %s by\n", fn, HOST);
+    fprintf(f, "   %*s    %s */\n\n", (int)strlen(fn), "", 
+	    "$Id: bits.c,v 1.6 1999/12/02 16:58:36 joda Exp $");
+    fprintf(f, "#ifndef %s\n", hb);
+    fprintf(f, "#define %s\n", hb);
+    fprintf(f, "\n");
+#ifdef HAVE_SYS_TYPES_H
+    fprintf(f, "#include <sys/types.h>\n");
+#endif
+#ifdef HAVE_INTTYPES_H
+    fprintf(f, "#include <inttypes.h>\n");
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+    fprintf(f, "#include <sys/bitypes.h>\n");
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+    fprintf(f, "#include <netinet/in6_machtypes.h>\n");
+#endif
+    fprintf(f, "\n");
+
+    flag = 0;
+#ifndef HAVE_INT8_T
+    flag = print_bt(f, flag);
+    try_signed (f, 8);
+#endif /* HAVE_INT8_T */
+#ifndef HAVE_INT16_T
+    flag = print_bt(f, flag);
+    try_signed (f, 16);
+#endif /* HAVE_INT16_T */
+#ifndef HAVE_INT32_T
+    flag = print_bt(f, flag);
+    try_signed (f, 32);
+#endif /* HAVE_INT32_T */
+#if 0
+#ifndef HAVE_INT64_T
+    flag = print_bt(f, flag);
+    try_signed (f, 64);
+#endif /* HAVE_INT64_T */
+#endif
+
+#ifndef HAVE_U_INT8_T
+    flag = print_bt(f, flag);
+    try_unsigned (f, 8);
+#endif /* HAVE_INT8_T */
+#ifndef HAVE_U_INT16_T
+    flag = print_bt(f, flag);
+    try_unsigned (f, 16);
+#endif /* HAVE_U_INT16_T */
+#ifndef HAVE_U_INT32_T
+    flag = print_bt(f, flag);
+    try_unsigned (f, 32);
+#endif /* HAVE_U_INT32_T */
+#if 0
+#ifndef HAVE_U_INT64_T
+    flag = print_bt(f, flag);
+    try_unsigned (f, 64);
+#endif /* HAVE_U_INT64_T */
+#endif
+
+    if(flag){
+	fprintf(f, "\n");
+	fprintf(f, "#endif /* __BIT_TYPES_DEFINED__ */\n\n");
+    }
+    fprintf(f, "#endif /* %s */\n", hb);
+    return 0;
+}
diff --git a/crypto/kerberosIV/include/config.h.in b/crypto/kerberosIV/include/config.h.in
new file mode 100644
index 0000000..3727ef1
--- /dev/null
+++ b/crypto/kerberosIV/include/config.h.in
@@ -0,0 +1,1274 @@
+/* include/config.h.in.  Generated automatically from configure.in by autoheader.  */
+
+/* Define if using alloca.c.  */
+#undef C_ALLOCA
+
+/* Define to empty if the keyword does not work.  */
+#undef const
+
+/* Define to one of _getb67, GETB67, getb67 for Cray-2 and Cray-YMP systems.
+   This function is required for alloca.c support on those systems.  */
+#undef CRAY_STACKSEG_END
+
+/* Define to `int' if <sys/types.h> doesn't define.  */
+#undef gid_t
+
+/* Define if you have alloca, as a function or macro.  */
+#undef HAVE_ALLOCA
+
+/* Define if you have <alloca.h> and it should be used (not on Ultrix).  */
+#undef HAVE_ALLOCA_H
+
+/* Define if you have a working `mmap' system call.  */
+#undef HAVE_MMAP
+
+/* Define if your struct stat has st_blksize.  */
+#undef HAVE_ST_BLKSIZE
+
+/* Define as __inline if that's what the C compiler calls it.  */
+#undef inline
+
+/* Define to `long' if <sys/types.h> doesn't define.  */
+#undef off_t
+
+/* Define to `int' if <sys/types.h> doesn't define.  */
+#undef pid_t
+
+/* Define if you need to in order for stat and other things to work.  */
+#undef _POSIX_SOURCE
+
+/* Define as the return type of signal handlers (int or void).  */
+#undef RETSIGTYPE
+
+/* Define to `unsigned' if <sys/types.h> doesn't define.  */
+#undef size_t
+
+/* If using the C implementation of alloca, define if you know the
+   direction of stack growth for your system; otherwise it will be
+   automatically deduced at run-time.
+ STACK_DIRECTION > 0 => grows toward higher addresses
+ STACK_DIRECTION < 0 => grows toward lower addresses
+ STACK_DIRECTION = 0 => direction of growth unknown
+ */
+#undef STACK_DIRECTION
+
+/* Define if you have the ANSI C header files.  */
+#undef STDC_HEADERS
+
+/* Define if `sys_siglist' is declared by <signal.h>.  */
+#undef SYS_SIGLIST_DECLARED
+
+/* Define if you can safely include both <sys/time.h> and <time.h>.  */
+#undef TIME_WITH_SYS_TIME
+
+/* Define to `int' if <sys/types.h> doesn't define.  */
+#undef uid_t
+
+/* Define if your processor stores words with the most significant
+   byte first (like Motorola and SPARC, unlike Intel and VAX).  */
+#undef WORDS_BIGENDIAN
+
+/* Define if the X Window System is missing or not being used.  */
+#undef X_DISPLAY_MISSING
+
+/* Define if you have the XauFileName function.  */
+#undef HAVE_XAUFILENAME
+
+/* Define if you have the XauReadAuth function.  */
+#undef HAVE_XAUREADAUTH
+
+/* Define if you have the XauWriteAuth function.  */
+#undef HAVE_XAUWRITEAUTH
+
+/* Define if you have the _getpty function.  */
+#undef HAVE__GETPTY
+
+/* Define if you have the _scrsize function.  */
+#undef HAVE__SCRSIZE
+
+/* Define if you have the _setsid function.  */
+#undef HAVE__SETSID
+
+/* Define if you have the _stricmp function.  */
+#undef HAVE__STRICMP
+
+/* Define if you have the asnprintf function.  */
+#undef HAVE_ASNPRINTF
+
+/* Define if you have the asprintf function.  */
+#undef HAVE_ASPRINTF
+
+/* Define if you have the atexit function.  */
+#undef HAVE_ATEXIT
+
+/* Define if you have the cap_set_proc function.  */
+#undef HAVE_CAP_SET_PROC
+
+/* Define if you have the cgetent function.  */
+#undef HAVE_CGETENT
+
+/* Define if you have the chown function.  */
+#undef HAVE_CHOWN
+
+/* Define if you have the chroot function.  */
+#undef HAVE_CHROOT
+
+/* Define if you have the copyhostent function.  */
+#undef HAVE_COPYHOSTENT
+
+/* Define if you have the crypt function.  */
+#undef HAVE_CRYPT
+
+/* Define if you have the daemon function.  */
+#undef HAVE_DAEMON
+
+/* Define if you have the dlopen function.  */
+#undef HAVE_DLOPEN
+
+/* Define if you have the dn_expand function.  */
+#undef HAVE_DN_EXPAND
+
+/* Define if you have the el_init function.  */
+#undef HAVE_EL_INIT
+
+/* Define if you have the err function.  */
+#undef HAVE_ERR
+
+/* Define if you have the errx function.  */
+#undef HAVE_ERRX
+
+/* Define if you have the fattach function.  */
+#undef HAVE_FATTACH
+
+/* Define if you have the fchmod function.  */
+#undef HAVE_FCHMOD
+
+/* Define if you have the fchown function.  */
+#undef HAVE_FCHOWN
+
+/* Define if you have the fcntl function.  */
+#undef HAVE_FCNTL
+
+/* Define if you have the flock function.  */
+#undef HAVE_FLOCK
+
+/* Define if you have the fnmatch function.  */
+#undef HAVE_FNMATCH
+
+/* Define if you have the forkpty function.  */
+#undef HAVE_FORKPTY
+
+/* Define if you have the freehostent function.  */
+#undef HAVE_FREEHOSTENT
+
+/* Define if you have the frevoke function.  */
+#undef HAVE_FREVOKE
+
+/* Define if you have the getattr function.  */
+#undef HAVE_GETATTR
+
+/* Define if you have the getcwd function.  */
+#undef HAVE_GETCWD
+
+/* Define if you have the getdtablesize function.  */
+#undef HAVE_GETDTABLESIZE
+
+/* Define if you have the getegid function.  */
+#undef HAVE_GETEGID
+
+/* Define if you have the geteuid function.  */
+#undef HAVE_GETEUID
+
+/* Define if you have the getgid function.  */
+#undef HAVE_GETGID
+
+/* Define if you have the gethostbyname function.  */
+#undef HAVE_GETHOSTBYNAME
+
+/* Define if you have the gethostname function.  */
+#undef HAVE_GETHOSTNAME
+
+/* Define if you have the getipnodebyaddr function.  */
+#undef HAVE_GETIPNODEBYADDR
+
+/* Define if you have the getipnodebyname function.  */
+#undef HAVE_GETIPNODEBYNAME
+
+/* Define if you have the getlogin function.  */
+#undef HAVE_GETLOGIN
+
+/* Define if you have the getmsg function.  */
+#undef HAVE_GETMSG
+
+/* Define if you have the getopt function.  */
+#undef HAVE_GETOPT
+
+/* Define if you have the getpagesize function.  */
+#undef HAVE_GETPAGESIZE
+
+/* Define if you have the getpriority function.  */
+#undef HAVE_GETPRIORITY
+
+/* Define if you have the getpwnam_r function.  */
+#undef HAVE_GETPWNAM_R
+
+/* Define if you have the getrlimit function.  */
+#undef HAVE_GETRLIMIT
+
+/* Define if you have the getservbyname function.  */
+#undef HAVE_GETSERVBYNAME
+
+/* Define if you have the getsockopt function.  */
+#undef HAVE_GETSOCKOPT
+
+/* Define if you have the getspnam function.  */
+#undef HAVE_GETSPNAM
+
+/* Define if you have the gettimeofday function.  */
+#undef HAVE_GETTIMEOFDAY
+
+/* Define if you have the gettosbyname function.  */
+#undef HAVE_GETTOSBYNAME
+
+/* Define if you have the getudbnam function.  */
+#undef HAVE_GETUDBNAM
+
+/* Define if you have the getuid function.  */
+#undef HAVE_GETUID
+
+/* Define if you have the getusershell function.  */
+#undef HAVE_GETUSERSHELL
+
+/* Define if you have the grantpt function.  */
+#undef HAVE_GRANTPT
+
+/* Define if you have the hstrerror function.  */
+#undef HAVE_HSTRERROR
+
+/* Define if you have the inet_aton function.  */
+#undef HAVE_INET_ATON
+
+/* Define if you have the inet_ntop function.  */
+#undef HAVE_INET_NTOP
+
+/* Define if you have the inet_pton function.  */
+#undef HAVE_INET_PTON
+
+/* Define if you have the initgroups function.  */
+#undef HAVE_INITGROUPS
+
+/* Define if you have the innetgr function.  */
+#undef HAVE_INNETGR
+
+/* Define if you have the iruserok function.  */
+#undef HAVE_IRUSEROK
+
+/* Define if you have the logout function.  */
+#undef HAVE_LOGOUT
+
+/* Define if you have the logwtmp function.  */
+#undef HAVE_LOGWTMP
+
+/* Define if you have the lstat function.  */
+#undef HAVE_LSTAT
+
+/* Define if you have the memmove function.  */
+#undef HAVE_MEMMOVE
+
+/* Define if you have the mkstemp function.  */
+#undef HAVE_MKSTEMP
+
+/* Define if you have the mktime function.  */
+#undef HAVE_MKTIME
+
+/* Define if you have the odm_initialize function.  */
+#undef HAVE_ODM_INITIALIZE
+
+/* Define if you have the on_exit function.  */
+#undef HAVE_ON_EXIT
+
+/* Define if you have the parsetos function.  */
+#undef HAVE_PARSETOS
+
+/* Define if you have the ptsname function.  */
+#undef HAVE_PTSNAME
+
+/* Define if you have the putenv function.  */
+#undef HAVE_PUTENV
+
+/* Define if you have the rand function.  */
+#undef HAVE_RAND
+
+/* Define if you have the random function.  */
+#undef HAVE_RANDOM
+
+/* Define if you have the rcmd function.  */
+#undef HAVE_RCMD
+
+/* Define if you have the readline function.  */
+#undef HAVE_READLINE
+
+/* Define if you have the readv function.  */
+#undef HAVE_READV
+
+/* Define if you have the recvmsg function.  */
+#undef HAVE_RECVMSG
+
+/* Define if you have the res_search function.  */
+#undef HAVE_RES_SEARCH
+
+/* Define if you have the revoke function.  */
+#undef HAVE_REVOKE
+
+/* Define if you have the sa_family_t function.  */
+#undef HAVE_SA_FAMILY_T
+
+/* Define if you have the sendmsg function.  */
+#undef HAVE_SENDMSG
+
+/* Define if you have the setegid function.  */
+#undef HAVE_SETEGID
+
+/* Define if you have the setenv function.  */
+#undef HAVE_SETENV
+
+/* Define if you have the seteuid function.  */
+#undef HAVE_SETEUID
+
+/* Define if you have the setitimer function.  */
+#undef HAVE_SETITIMER
+
+/* Define if you have the setlim function.  */
+#undef HAVE_SETLIM
+
+/* Define if you have the setlogin function.  */
+#undef HAVE_SETLOGIN
+
+/* Define if you have the setpcred function.  */
+#undef HAVE_SETPCRED
+
+/* Define if you have the setpgid function.  */
+#undef HAVE_SETPGID
+
+/* Define if you have the setpriority function.  */
+#undef HAVE_SETPRIORITY
+
+/* Define if you have the setproctitle function.  */
+#undef HAVE_SETPROCTITLE
+
+/* Define if you have the setregid function.  */
+#undef HAVE_SETREGID
+
+/* Define if you have the setresgid function.  */
+#undef HAVE_SETRESGID
+
+/* Define if you have the setresuid function.  */
+#undef HAVE_SETRESUID
+
+/* Define if you have the setreuid function.  */
+#undef HAVE_SETREUID
+
+/* Define if you have the setsid function.  */
+#undef HAVE_SETSID
+
+/* Define if you have the setsockopt function.  */
+#undef HAVE_SETSOCKOPT
+
+/* Define if you have the setutent function.  */
+#undef HAVE_SETUTENT
+
+/* Define if you have the sgi_getcapabilitybyname function.  */
+#undef HAVE_SGI_GETCAPABILITYBYNAME
+
+/* Define if you have the sigaction function.  */
+#undef HAVE_SIGACTION
+
+/* Define if you have the socket function.  */
+#undef HAVE_SOCKET
+
+/* Define if you have the strcasecmp function.  */
+#undef HAVE_STRCASECMP
+
+/* Define if you have the strdup function.  */
+#undef HAVE_STRDUP
+
+/* Define if you have the strerror function.  */
+#undef HAVE_STRERROR
+
+/* Define if you have the strftime function.  */
+#undef HAVE_STRFTIME
+
+/* Define if you have the strlcat function.  */
+#undef HAVE_STRLCAT
+
+/* Define if you have the strlcpy function.  */
+#undef HAVE_STRLCPY
+
+/* Define if you have the strlwr function.  */
+#undef HAVE_STRLWR
+
+/* Define if you have the strncasecmp function.  */
+#undef HAVE_STRNCASECMP
+
+/* Define if you have the strndup function.  */
+#undef HAVE_STRNDUP
+
+/* Define if you have the strnlen function.  */
+#undef HAVE_STRNLEN
+
+/* Define if you have the strptime function.  */
+#undef HAVE_STRPTIME
+
+/* Define if you have the strsep function.  */
+#undef HAVE_STRSEP
+
+/* Define if you have the strtok_r function.  */
+#undef HAVE_STRTOK_R
+
+/* Define if you have the struct_sockaddr_storage function.  */
+#undef HAVE_STRUCT_SOCKADDR_STORAGE
+
+/* Define if you have the strupr function.  */
+#undef HAVE_STRUPR
+
+/* Define if you have the swab function.  */
+#undef HAVE_SWAB
+
+/* Define if you have the sysconf function.  */
+#undef HAVE_SYSCONF
+
+/* Define if you have the sysctl function.  */
+#undef HAVE_SYSCTL
+
+/* Define if you have the syslog function.  */
+#undef HAVE_SYSLOG
+
+/* Define if you have the tgetent function.  */
+#undef HAVE_TGETENT
+
+/* Define if you have the ttyname function.  */
+#undef HAVE_TTYNAME
+
+/* Define if you have the ttyslot function.  */
+#undef HAVE_TTYSLOT
+
+/* Define if you have the ulimit function.  */
+#undef HAVE_ULIMIT
+
+/* Define if you have the uname function.  */
+#undef HAVE_UNAME
+
+/* Define if you have the unlockpt function.  */
+#undef HAVE_UNLOCKPT
+
+/* Define if you have the unsetenv function.  */
+#undef HAVE_UNSETENV
+
+/* Define if you have the vasnprintf function.  */
+#undef HAVE_VASNPRINTF
+
+/* Define if you have the vasprintf function.  */
+#undef HAVE_VASPRINTF
+
+/* Define if you have the verr function.  */
+#undef HAVE_VERR
+
+/* Define if you have the verrx function.  */
+#undef HAVE_VERRX
+
+/* Define if you have the vhangup function.  */
+#undef HAVE_VHANGUP
+
+/* Define if you have the vsnprintf function.  */
+#undef HAVE_VSNPRINTF
+
+/* Define if you have the vsyslog function.  */
+#undef HAVE_VSYSLOG
+
+/* Define if you have the vwarn function.  */
+#undef HAVE_VWARN
+
+/* Define if you have the vwarnx function.  */
+#undef HAVE_VWARNX
+
+/* Define if you have the warn function.  */
+#undef HAVE_WARN
+
+/* Define if you have the warnx function.  */
+#undef HAVE_WARNX
+
+/* Define if you have the writev function.  */
+#undef HAVE_WRITEV
+
+/* Define if you have the yp_get_default_domain function.  */
+#undef HAVE_YP_GET_DEFAULT_DOMAIN
+
+/* Define if you have the <arpa/ftp.h> header file.  */
+#undef HAVE_ARPA_FTP_H
+
+/* Define if you have the <arpa/inet.h> header file.  */
+#undef HAVE_ARPA_INET_H
+
+/* Define if you have the <arpa/nameser.h> header file.  */
+#undef HAVE_ARPA_NAMESER_H
+
+/* Define if you have the <arpa/telnet.h> header file.  */
+#undef HAVE_ARPA_TELNET_H
+
+/* Define if you have the <bsd/bsd.h> header file.  */
+#undef HAVE_BSD_BSD_H
+
+/* Define if you have the <bsdsetjmp.h> header file.  */
+#undef HAVE_BSDSETJMP_H
+
+/* Define if you have the <capability.h> header file.  */
+#undef HAVE_CAPABILITY_H
+
+/* Define if you have the <crypt.h> header file.  */
+#undef HAVE_CRYPT_H
+
+/* Define if you have the <curses.h> header file.  */
+#undef HAVE_CURSES_H
+
+/* Define if you have the <db.h> header file.  */
+#undef HAVE_DB_H
+
+/* Define if you have the <dbm.h> header file.  */
+#undef HAVE_DBM_H
+
+/* Define if you have the <dirent.h> header file.  */
+#undef HAVE_DIRENT_H
+
+/* Define if you have the <err.h> header file.  */
+#undef HAVE_ERR_H
+
+/* Define if you have the <errno.h> header file.  */
+#undef HAVE_ERRNO_H
+
+/* Define if you have the <fcntl.h> header file.  */
+#undef HAVE_FCNTL_H
+
+/* Define if you have the <fnmatch.h> header file.  */
+#undef HAVE_FNMATCH_H
+
+/* Define if you have the <grp.h> header file.  */
+#undef HAVE_GRP_H
+
+/* Define if you have the <inttypes.h> header file.  */
+#undef HAVE_INTTYPES_H
+
+/* Define if you have the <io.h> header file.  */
+#undef HAVE_IO_H
+
+/* Define if you have the <lastlog.h> header file.  */
+#undef HAVE_LASTLOG_H
+
+/* Define if you have the <libutil.h> header file.  */
+#undef HAVE_LIBUTIL_H
+
+/* Define if you have the <limits.h> header file.  */
+#undef HAVE_LIMITS_H
+
+/* Define if you have the <login.h> header file.  */
+#undef HAVE_LOGIN_H
+
+/* Define if you have the <maillock.h> header file.  */
+#undef HAVE_MAILLOCK_H
+
+/* Define if you have the <ndbm.h> header file.  */
+#undef HAVE_NDBM_H
+
+/* Define if you have the <net/if.h> header file.  */
+#undef HAVE_NET_IF_H
+
+/* Define if you have the <net/if_tun.h> header file.  */
+#undef HAVE_NET_IF_TUN_H
+
+/* Define if you have the <net/if_var.h> header file.  */
+#undef HAVE_NET_IF_VAR_H
+
+/* Define if you have the <netdb.h> header file.  */
+#undef HAVE_NETDB_H
+
+/* Define if you have the <netinet/in.h> header file.  */
+#undef HAVE_NETINET_IN_H
+
+/* Define if you have the <netinet/in6_machtypes.h> header file.  */
+#undef HAVE_NETINET_IN6_MACHTYPES_H
+
+/* Define if you have the <netinet/in_systm.h> header file.  */
+#undef HAVE_NETINET_IN_SYSTM_H
+
+/* Define if you have the <netinet/ip.h> header file.  */
+#undef HAVE_NETINET_IP_H
+
+/* Define if you have the <netinet/tcp.h> header file.  */
+#undef HAVE_NETINET_TCP_H
+
+/* Define if you have the <paths.h> header file.  */
+#undef HAVE_PATHS_H
+
+/* Define if you have the <pty.h> header file.  */
+#undef HAVE_PTY_H
+
+/* Define if you have the <pwd.h> header file.  */
+#undef HAVE_PWD_H
+
+/* Define if you have the <resolv.h> header file.  */
+#undef HAVE_RESOLV_H
+
+/* Define if you have the <rpcsvc/dbm.h> header file.  */
+#undef HAVE_RPCSVC_DBM_H
+
+/* Define if you have the <rpcsvc/ypclnt.h> header file.  */
+#undef HAVE_RPCSVC_YPCLNT_H
+
+/* Define if you have the <sac.h> header file.  */
+#undef HAVE_SAC_H
+
+/* Define if you have the <security/pam_modules.h> header file.  */
+#undef HAVE_SECURITY_PAM_MODULES_H
+
+/* Define if you have the <shadow.h> header file.  */
+#undef HAVE_SHADOW_H
+
+/* Define if you have the <siad.h> header file.  */
+#undef HAVE_SIAD_H
+
+/* Define if you have the <signal.h> header file.  */
+#undef HAVE_SIGNAL_H
+
+/* Define if you have the <standards.h> header file.  */
+#undef HAVE_STANDARDS_H
+
+/* Define if you have the <stropts.h> header file.  */
+#undef HAVE_STROPTS_H
+
+/* Define if you have the <sys/bitypes.h> header file.  */
+#undef HAVE_SYS_BITYPES_H
+
+/* Define if you have the <sys/capability.h> header file.  */
+#undef HAVE_SYS_CAPABILITY_H
+
+/* Define if you have the <sys/category.h> header file.  */
+#undef HAVE_SYS_CATEGORY_H
+
+/* Define if you have the <sys/file.h> header file.  */
+#undef HAVE_SYS_FILE_H
+
+/* Define if you have the <sys/filio.h> header file.  */
+#undef HAVE_SYS_FILIO_H
+
+/* Define if you have the <sys/ioccom.h> header file.  */
+#undef HAVE_SYS_IOCCOM_H
+
+/* Define if you have the <sys/ioctl.h> header file.  */
+#undef HAVE_SYS_IOCTL_H
+
+/* Define if you have the <sys/locking.h> header file.  */
+#undef HAVE_SYS_LOCKING_H
+
+/* Define if you have the <sys/mman.h> header file.  */
+#undef HAVE_SYS_MMAN_H
+
+/* Define if you have the <sys/param.h> header file.  */
+#undef HAVE_SYS_PARAM_H
+
+/* Define if you have the <sys/proc.h> header file.  */
+#undef HAVE_SYS_PROC_H
+
+/* Define if you have the <sys/pty.h> header file.  */
+#undef HAVE_SYS_PTY_H
+
+/* Define if you have the <sys/ptyio.h> header file.  */
+#undef HAVE_SYS_PTYIO_H
+
+/* Define if you have the <sys/ptyvar.h> header file.  */
+#undef HAVE_SYS_PTYVAR_H
+
+/* Define if you have the <sys/resource.h> header file.  */
+#undef HAVE_SYS_RESOURCE_H
+
+/* Define if you have the <sys/select.h> header file.  */
+#undef HAVE_SYS_SELECT_H
+
+/* Define if you have the <sys/socket.h> header file.  */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define if you have the <sys/sockio.h> header file.  */
+#undef HAVE_SYS_SOCKIO_H
+
+/* Define if you have the <sys/stat.h> header file.  */
+#undef HAVE_SYS_STAT_H
+
+/* Define if you have the <sys/str_tty.h> header file.  */
+#undef HAVE_SYS_STR_TTY_H
+
+/* Define if you have the <sys/stream.h> header file.  */
+#undef HAVE_SYS_STREAM_H
+
+/* Define if you have the <sys/stropts.h> header file.  */
+#undef HAVE_SYS_STROPTS_H
+
+/* Define if you have the <sys/strtty.h> header file.  */
+#undef HAVE_SYS_STRTTY_H
+
+/* Define if you have the <sys/syscall.h> header file.  */
+#undef HAVE_SYS_SYSCALL_H
+
+/* Define if you have the <sys/sysctl.h> header file.  */
+#undef HAVE_SYS_SYSCTL_H
+
+/* Define if you have the <sys/termio.h> header file.  */
+#undef HAVE_SYS_TERMIO_H
+
+/* Define if you have the <sys/time.h> header file.  */
+#undef HAVE_SYS_TIME_H
+
+/* Define if you have the <sys/timeb.h> header file.  */
+#undef HAVE_SYS_TIMEB_H
+
+/* Define if you have the <sys/times.h> header file.  */
+#undef HAVE_SYS_TIMES_H
+
+/* Define if you have the <sys/tty.h> header file.  */
+#undef HAVE_SYS_TTY_H
+
+/* Define if you have the <sys/types.h> header file.  */
+#undef HAVE_SYS_TYPES_H
+
+/* Define if you have the <sys/uio.h> header file.  */
+#undef HAVE_SYS_UIO_H
+
+/* Define if you have the <sys/un.h> header file.  */
+#undef HAVE_SYS_UN_H
+
+/* Define if you have the <sys/utsname.h> header file.  */
+#undef HAVE_SYS_UTSNAME_H
+
+/* Define if you have the <sys/wait.h> header file.  */
+#undef HAVE_SYS_WAIT_H
+
+/* Define if you have the <syslog.h> header file.  */
+#undef HAVE_SYSLOG_H
+
+/* Define if you have the <term.h> header file.  */
+#undef HAVE_TERM_H
+
+/* Define if you have the <termcap.h> header file.  */
+#undef HAVE_TERMCAP_H
+
+/* Define if you have the <termio.h> header file.  */
+#undef HAVE_TERMIO_H
+
+/* Define if you have the <termios.h> header file.  */
+#undef HAVE_TERMIOS_H
+
+/* Define if you have the <tmpdir.h> header file.  */
+#undef HAVE_TMPDIR_H
+
+/* Define if you have the <ttyent.h> header file.  */
+#undef HAVE_TTYENT_H
+
+/* Define if you have the <udb.h> header file.  */
+#undef HAVE_UDB_H
+
+/* Define if you have the <ulimit.h> header file.  */
+#undef HAVE_ULIMIT_H
+
+/* Define if you have the <unistd.h> header file.  */
+#undef HAVE_UNISTD_H
+
+/* Define if you have the <userpw.h> header file.  */
+#undef HAVE_USERPW_H
+
+/* Define if you have the <usersec.h> header file.  */
+#undef HAVE_USERSEC_H
+
+/* Define if you have the <util.h> header file.  */
+#undef HAVE_UTIL_H
+
+/* Define if you have the <utime.h> header file.  */
+#undef HAVE_UTIME_H
+
+/* Define if you have the <utmp.h> header file.  */
+#undef HAVE_UTMP_H
+
+/* Define if you have the <utmpx.h> header file.  */
+#undef HAVE_UTMPX_H
+
+/* Define if you have the <wait.h> header file.  */
+#undef HAVE_WAIT_H
+
+/* Define if you have the X11 library (-lX11).  */
+#undef HAVE_LIBX11
+
+/* Define if you have the Xau library (-lXau).  */
+#undef HAVE_LIBXAU
+
+/* Define if you have the c_r library (-lc_r).  */
+#undef HAVE_LIBC_R
+
+/* Define if you have the cfg library (-lcfg).  */
+#undef HAVE_LIBCFG
+
+/* Define if you have the crypt library (-lcrypt).  */
+#undef HAVE_LIBCRYPT
+
+/* Define if you have the curses library (-lcurses).  */
+#undef HAVE_LIBCURSES
+
+/* Define if you have the dl library (-ldl).  */
+#undef HAVE_LIBDL
+
+/* Define if you have the edit library (-ledit).  */
+#undef HAVE_LIBEDIT
+
+/* Define if you have the ncurses library (-lncurses).  */
+#undef HAVE_LIBNCURSES
+
+/* Define if you have the nsl library (-lnsl).  */
+#undef HAVE_LIBNSL
+
+/* Define if you have the odm library (-lodm).  */
+#undef HAVE_LIBODM
+
+/* Define if you have the readline library (-lreadline).  */
+#undef HAVE_LIBREADLINE
+
+/* Define if you have the resolv library (-lresolv).  */
+#undef HAVE_LIBRESOLV
+
+/* Define if you have the s library (-ls).  */
+#undef HAVE_LIBS
+
+/* Define if you have the socket library (-lsocket).  */
+#undef HAVE_LIBSOCKET
+
+/* Define if you have the syslog library (-lsyslog).  */
+#undef HAVE_LIBSYSLOG
+
+/* Define if you have the termcap library (-ltermcap).  */
+#undef HAVE_LIBTERMCAP
+
+/* Define if you have the util library (-lutil).  */
+#undef HAVE_LIBUTIL
+
+/* Name of package */
+#undef PACKAGE
+
+/* Version number of package */
+#undef VERSION
+
+/* Define to what version of SunOS you are running. */
+#undef SunOS
+
+/* Define if you have the socks package. */
+#undef SOCKS
+
+/* Define to enable old kdestroy behavior. */
+#undef LEGACY_KDESTROY
+
+/* Define if you want to match subdomains. */
+#undef MATCH_SUBDOMAINS
+
+/* Define this to be the directory where the 
+	dictionary for cracklib resides. */
+#undef DICTPATH
+
+/* Define this to the path of the mail spool directory. */
+#undef KRB4_MAILDIR
+
+/* Define this to the kerberos database directory. */
+#undef DB_DIR
+
+/* Define to enable new master key code. */
+#undef RANDOM_MKEY
+
+/* Define this to the location of the master key. */
+#undef MKEYFILE
+
+/* Define to enable basic OSF C2 support. */
+#undef HAVE_OSFC2
+
+/* Define if you don't want to use mmap. */
+#undef NO_MMAP
+
+/* Define if you don't wan't support for AFS. */
+#undef NO_AFS
+
+/* Set this to the type of des-quad-cheksum to use. */
+#undef DES_QUAD_DEFAULT
+
+/* Define if you have the readline package. */
+#undef READLINE
+
+/* Define if you have the hesiod package. */
+#undef HESIOD
+
+/* define if your compiler has __attribute__ */
+#undef HAVE___ATTRIBUTE__
+
+/* Huh? */
+#undef HAVE_STRANGE_INT8_T
+
+/* Define if NDBM really is DB (creates files ending in .db). */
+#undef HAVE_NEW_DB
+
+/* Define if you have NDBM (and not DBM) */
+#undef NDBM
+
+/* define if you have a working snprintf */
+#undef HAVE_SNPRINTF
+
+/* define if the system is missing a prototype for snprintf() */
+#undef NEED_SNPRINTF_PROTO
+
+/* define if you have a glob() that groks 
+	GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, and GLOB_TILDE */
+#undef HAVE_GLOB
+
+/* define if the system is missing a prototype for glob() */
+#undef NEED_GLOB_PROTO
+
+/* Define if getpwnam_r has POSIX flavour. */
+#undef POSIX_GETPWNAM_R
+
+/* Define if getlogin has POSIX flavour (and not BSD). */
+#undef POSIX_GETLOGIN
+
+/* define if the system is missing a prototype for hstrerror() */
+#undef NEED_HSTRERROR_PROTO
+
+/* define if the system is missing a prototype for gethostname() */
+#undef NEED_GETHOSTNAME_PROTO
+
+/* define if the system is missing a prototype for mkstemp() */
+#undef NEED_MKSTEMP_PROTO
+
+/* define if the system is missing a prototype for inet_aton() */
+#undef NEED_INET_ATON_PROTO
+
+/* Define if realloc(NULL, X) doesn't work. */
+#undef BROKEN_REALLOC
+
+/* Define if getcwd is broken (like in SunOS 4). */
+#undef BROKEN_GETCWD
+
+/* define if prototype of gethostbyname is compatible with
+	struct hostent *gethostbyname(const char *) */
+#undef GETHOSTBYNAME_PROTO_COMPATIBLE
+
+/* define if prototype of gethostbyaddr is compatible with
+	struct hostent *gethostbyaddr(const void *, size_t, int) */
+#undef GETHOSTBYADDR_PROTO_COMPATIBLE
+
+/* define if prototype of getservbyname is compatible with
+	struct servent *getservbyname(const char *, const char *) */
+#undef GETSERVBYNAME_PROTO_COMPATIBLE
+
+/* define if prototype of openlog is compatible with
+	void openlog(const char *, int, int) */
+#undef OPENLOG_PROTO_COMPATIBLE
+
+/* define if the system is missing a prototype for crypt() */
+#undef NEED_CRYPT_PROTO
+
+/* define if the system is missing a prototype for fclose() */
+#undef NEED_FCLOSE_PROTO
+
+/* define if the system is missing a prototype for strtok_r() */
+#undef NEED_STRTOK_R_PROTO
+
+/* define if the system is missing a prototype for strsep() */
+#undef NEED_STRSEP_PROTO
+
+/* define if the system is missing a prototype for getusershell() */
+#undef NEED_GETUSERSHELL_PROTO
+
+/* define if the system is missing a prototype for utime() */
+#undef NEED_UTIME_PROTO
+
+/* define if you have h_errno */
+#undef HAVE_H_ERRNO
+
+/* define if your system declares h_errno */
+#undef HAVE_H_ERRNO_DECLARATION
+
+/* define if you have h_errlist */
+#undef HAVE_H_ERRLIST
+
+/* define if your system declares h_errlist */
+#undef HAVE_H_ERRLIST_DECLARATION
+
+/* define if you have h_nerr */
+#undef HAVE_H_NERR
+
+/* define if your system declares h_nerr */
+#undef HAVE_H_NERR_DECLARATION
+
+/* define if you have __progname */
+#undef HAVE___PROGNAME
+
+/* define if your system declares __progname */
+#undef HAVE___PROGNAME_DECLARATION
+
+/* define if your system declares optarg */
+#undef HAVE_OPTARG_DECLARATION
+
+/* define if your system declares optind */
+#undef HAVE_OPTIND_DECLARATION
+
+/* define if your system declares opterr */
+#undef HAVE_OPTERR_DECLARATION
+
+/* define if your system declares optopt */
+#undef HAVE_OPTOPT_DECLARATION
+
+/* define if your system declares environ */
+#undef HAVE_ENVIRON_DECLARATION
+
+/* Define if RETSIGTYPE == void. */
+#undef VOID_RETSIGTYPE
+
+/* Define if struct utmp has field ut_addr. */
+#undef HAVE_STRUCT_UTMP_UT_ADDR
+
+/* Define if struct utmp has field ut_host. */
+#undef HAVE_STRUCT_UTMP_UT_HOST
+
+/* Define if struct utmp has field ut_id. */
+#undef HAVE_STRUCT_UTMP_UT_ID
+
+/* Define if struct utmp has field ut_pid. */
+#undef HAVE_STRUCT_UTMP_UT_PID
+
+/* Define if struct utmp has field ut_type. */
+#undef HAVE_STRUCT_UTMP_UT_TYPE
+
+/* Define if struct utmp has field ut_user. */
+#undef HAVE_STRUCT_UTMP_UT_USER
+
+/* Define if struct utmpx has field ut_exit. */
+#undef HAVE_STRUCT_UTMPX_UT_EXIT
+
+/* Define if struct utmpx has field ut_syslen. */
+#undef HAVE_STRUCT_UTMPX_UT_SYSLEN
+
+/* Define if struct tm has field tm_gmtoff. */
+#undef HAVE_STRUCT_TM_TM_GMTOFF
+
+/* Define if struct tm has field tm_zone. */
+#undef HAVE_STRUCT_TM_TM_ZONE
+
+/* define if you have timezone */
+#undef HAVE_TIMEZONE
+
+/* define if your system declares timezone */
+#undef HAVE_TIMEZONE_DECLARATION
+
+/* define if you have struct spwd */
+#undef HAVE_STRUCT_SPWD
+
+/* define if struct winsize is declared in sys/termios.h */
+#undef HAVE_STRUCT_WINSIZE
+
+/* define if struct winsize has ws_xpixel */
+#undef HAVE_WS_XPIXEL
+
+/* define if struct winsize has ws_ypixel */
+#undef HAVE_WS_YPIXEL
+
+/* Define this to what the type ssize_t should be. */
+#undef ssize_t
+
+/* Define if struct sockaddr has field sa_len. */
+#undef HAVE_STRUCT_SOCKADDR_SA_LEN
+
+/* Define if SIAENTITY has field ouid. */
+#undef HAVE_SIAENTITY_OUID
+
+/* Define if you have a working getmsg. */
+#undef HAVE_GETMSG
+
+/* Define if el_init takes four arguments. */
+#undef HAVE_FOUR_VALUED_EL_INIT
+
+/* Define if you have a readline function. */
+#undef HAVE_READLINE
+
+/* Define if you have working stream ptys. */
+#undef STREAMSPTY
+
+/* Define if /bin/ls has a `-A' flag. */
+#undef HAVE_LS_A
+
+
+#undef HAVE_INT8_T
+#undef HAVE_INT16_T
+#undef HAVE_INT32_T
+#undef HAVE_INT64_T
+#undef HAVE_U_INT8_T
+#undef HAVE_U_INT16_T
+#undef HAVE_U_INT32_T
+#undef HAVE_U_INT64_T
+
+/* This for compat with heimdal (or something) */
+#define KRB_PUT_INT(f, t, l, s) krb_put_int((f), (t), (l), (s))
+
+#define HAVE_KRB_ENABLE_DEBUG 1
+
+#define HAVE_KRB_DISABLE_DEBUG 1
+
+#define HAVE_KRB_GET_OUR_IP_FOR_REALM 1
+
+#define RCSID(msg) \
+static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
+
+/*
+ * Set ORGANIZATION to be the desired organization string printed
+ * by the 'kinit' program.  It may have spaces.
+ */
+#define ORGANIZATION "eBones International"
+
+#if 0
+#undef BINDIR 
+#undef LIBDIR
+#undef LIBEXECDIR
+#undef SBINDIR
+#endif
+
+#if 0
+#define KRB_CNF_FILES	{ "/etc/krb.conf",   "/etc/kerberosIV/krb.conf", 0}
+#define KRB_RLM_FILES	{ "/etc/krb.realms", "/etc/kerberosIV/krb.realms", 0}
+#define KRB_EQUIV	"/etc/krb.equiv"
+
+#define KEYFILE		"/etc/srvtab"
+
+#define KRBDIR		"/var/kerberos"
+#define DBM_FILE	KRBDIR "/principal"
+#define DEFAULT_ACL_DIR	KRBDIR
+
+#define KRBLOG		"/var/log/kerberos.log"	/* master server  */
+#define KRBSLAVELOG	"/var/log/kerberos_slave.log" /* slave server  */
+#define KADM_SYSLOG	"/var/log/admin_server.syslog"
+#define K_LOGFIL	"/var/log/kpropd.log"
+#endif
+
+/* Maximum values on all known systems */
+#define MaxHostNameLen (64+4)
+#define MaxPathLen (1024+4)
+
+/* ftp stuff -------------------------------------------------- */
+
+#define KERBEROS
+
+/* telnet stuff ----------------------------------------------- */
+
+/* define this for OTP support */
+#undef OTP
+
+/* define this if you have kerberos 4 */
+#undef KRB4
+
+/* define this if you want encryption */
+#undef ENCRYPTION
+
+/* define this if you want authentication */
+#undef AUTHENTICATION
+
+#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
+#define AUTHENTICATION 1
+#endif
+
+/* Set this if you want des encryption */
+#undef DES_ENCRYPTION
+
+/* Set this to the default system lead string for telnetd 
+ * can contain %-escapes: %s=sysname, %m=machine, %r=os-release
+ * %v=os-version, %t=tty, %h=hostname, %d=date and time
+ */
+#undef USE_IM
+
+/* define this if you want diagnostics in telnetd */
+#undef DIAGNOSTICS
+
+/* define this if you want support for broken ENV_{VALUE,VAR} systems  */
+#undef ENV_HACK
+
+/*  */
+#undef OLD_ENVIRON
+
+/* Used with login -p */
+#undef LOGIN_ARGS
+
+/* set this to a sensible login */
+#ifndef LOGIN_PATH
+#define LOGIN_PATH BINDIR "/login"
+#endif
+
+
+/* ------------------------------------------------------------ */
+
+#ifdef BROKEN_REALLOC
+#define realloc(X, Y) isoc_realloc((X), (Y))
+#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
+#endif
+
+#ifdef VOID_RETSIGTYPE
+#define SIGRETURN(x) return
+#else
+#define SIGRETURN(x) return (RETSIGTYPE)(x)
+#endif
+
+/* Temporary fixes for krb_{rd,mk}_safe */
+#define DES_QUAD_GUESS 0
+#define DES_QUAD_NEW 1
+#define DES_QUAD_OLD 2
+
+/*
+ * All these are system-specific defines that I would rather not have at all.
+ */
+
+/*
+ * AIX braindamage!
+ */
+#if _AIX
+#define _ALL_SOURCE
+/* XXX this is gross, but kills about a gazillion warnings */
+struct ether_addr;
+struct sockaddr;
+struct sockaddr_dl;
+struct sockaddr_in;
+#endif
+
+#if defined(__sgi) || defined(sgi)
+#if defined(__SYSTYPE_SVR4) || defined(_SYSTYPE_SVR4)
+#define IRIX 5
+#else
+#define IRIX 4
+#endif
+#endif
+
+/* IRIX 4 braindamage */
+#if IRIX == 4 && !defined(__STDC__)
+#define __STDC__ 0
+#endif
+
+/*
+ * Defining this enables lots of useful (and used) extensions on
+ * glibc-based systems such as Linux
+ */
+
+#define _GNU_SOURCE
+
+/* some strange OS/2 stuff.  From <d96-mst@nada.kth.se> */
+
+#ifdef __EMX__
+#define _EMX_TCPIP
+#define MAIL_USE_SYSTEM_LOCK
+#endif
+
+#ifdef ROKEN_RENAME
+#include "roken_rename.h"
+#endif
diff --git a/crypto/kerberosIV/include/netdb.x b/crypto/kerberosIV/include/netdb.x
new file mode 100644
index 0000000..7055918
--- /dev/null
+++ b/crypto/kerberosIV/include/netdb.x
@@ -0,0 +1,7 @@
+/* fix for broken ultrix netdb.h. */
+#ifndef __NETDB_H__
+#define __NETDB_H__
+
+#include "/usr/include/netdb.h"
+
+#endif /* __NETDB_H__ */
diff --git a/crypto/kerberosIV/include/protos.H b/crypto/kerberosIV/include/protos.H
new file mode 100644
index 0000000..faf911e
--- /dev/null
+++ b/crypto/kerberosIV/include/protos.H
@@ -0,0 +1,277 @@
+/* -*- C -*-
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Add here functions that don't have a prototype on your system.
+ *
+ * $Id: protos.H,v 1.46 1999/12/02 16:58:36 joda Exp $
+ */
+
+#ifdef NEED_CRYPT_PROTO
+char *crypt(const char*, const char*);
+#endif
+
+#ifdef NEED_STRTOK_R_PROTO
+char *strtok_r (char *s1, const char *s2, char **lasts);
+#endif
+
+#ifndef HAVE_OPTARG_DECLARATION
+extern char *optarg;
+#endif
+#ifndef HAVE_OPTERR_DECLARATION
+extern int opterr;
+#endif
+#ifndef HAVE_OPTIND_DECLARATION
+extern int optind;
+#endif
+#ifndef HAVE_OPTOPT_DECLARATION
+extern int optopt;
+#endif
+
+#if defined(__GNUC__) && SunOS == 4
+
+/* To get type fd_set */
+#include <sys/types.h>
+#include <sys/time.h>
+
+/* To get struct sockaddr, struct in_addr and struct hostent */
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+
+/* To get struct stat */
+#include <sys/stat.h>
+
+/* To get struct utimbuf */
+#include <utime.h>
+
+#if !defined(HAVE_ATEXIT) && defined(HAVE_ON_EXIT)
+#define atexit(X) on_exit(X, NULL)
+#define HAVE_ATEXIT 1
+#endif
+#ifdef NEED_UTIME_PROTO
+int utime(const char *, const struct utimbuf *);
+#endif
+int syscall(int, ...);
+pid_t getpid(void);
+int ftruncate(int, off_t);
+int fchmod(int, mode_t);
+int fchown(int fd, int owner, int group);
+int fsync(int);
+int seteuid(uid_t);
+int setreuid(int, int);
+int flock(int, int);
+int gettimeofday(struct timeval *tp, struct timezone *tzp);
+int lstat(const char *, struct stat *);
+int ioctl(int, int, void *); 
+int getpriority(int which, int who);
+int setpriority(int which, int who, int priority);
+int getdtablesize(void);
+int initgroups(const char *name, int basegid);
+long ulimit(int cmd, long newlimit);
+int vhangup(void);
+
+int sigblock(int);
+int sigsetmask(int);
+int setitimer(int which, struct itimerval *value, struct itimerval *ovalue);
+
+int munmap(caddr_t addr, int len);
+
+int socket(int, int, int);
+int setsockopt(int, int, int, void *, int);
+int bind(int, void *, int);
+int getsockname(int, struct sockaddr *, int *);
+int accept(int, struct sockaddr *, int *);
+int connect(int, struct sockaddr *, int);
+int listen(int, int);
+int recv(int s, void *buf, int len, int flags);
+int recvfrom(int, char *, int, int, void *, int *);
+int sendto(int, const char *, int, int, void *, int);
+int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
+int shutdown(int, int);
+int getpeername(int, struct sockaddr *, int *);
+int getsockopt(int, int, int, void *, int *);
+int send(int s, const void *msg, int len, int flags);
+struct strbuf;
+int getmsg(int fd, struct strbuf *ctlptr, struct strbuf *dataptr, int *flags);
+
+char *inet_ntoa(struct in_addr in);
+unsigned long inet_addr(const char *cp);
+int gethostname(char *, int);
+struct hostent *gethostbyname(const char *);
+int dn_expand(const u_char *msg,
+	      const u_char *eomorig,
+	      const u_char *comp_dn,
+	      char *exp_dn,
+	      int length);
+int res_search(const char *dname,
+	       int class,
+	       int type,
+	       u_char *answer,
+	       int anslen);
+
+int yp_get_default_domain (char **outdomain);
+int innetgr(const char *netgroup, const char *machine,
+	    const char *user, const char *domain);
+
+char *getwd(char *pathname);
+
+void bzero(char *b, int length);
+int strcasecmp(const char *, const char *);
+void swab(const char *, char *, int);
+int atoi(const char *str);
+char *mktemp(char *);
+void srandom(int seed);
+int random(void);
+
+int rcmd(char **, unsigned short, char *, char *, char *, int *);
+int rresvport(int *);
+int openlog(const char *ident, int logopt, int facility);
+int syslog(int priority, const char *message, ...);
+int ttyslot(void);
+
+char *getpass(const char *);
+
+char *getusershell(void);
+void setpwent();
+void endpwent();
+
+#include <stdio.h>
+int fclose(FILE *);
+
+#endif /* SunOS4 */
+
+#if SunOS == 5
+
+#include <sys/types.h>
+#include <sys/resource.h>
+
+char *getusershell(void);
+char *strtok_r(char *, const char *, char **);
+int getpriority (int which, id_t who);
+int setpriority (int which, id_t who, int prio);
+int getdtablesize (void);
+char *getusershell(void);
+void setusershell(void);
+void endusershell(void);
+
+#if defined(__GNUC__)
+
+int syscall(int, ...);
+int gethostname(char *, int);
+
+struct timeval;
+int gettimeofday(struct timeval *tp, void *);
+
+#endif
+#endif
+
+#if defined(__osf__) /* OSF/1 */
+
+#if 0
+/* To get type fd_set */
+#include <sys/types.h>
+#include <sys/time.h>
+
+int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
+int fsync(int fildes);
+int gethostname(char *address, int address_len);
+int setreuid(int ruid, int euid);
+int ioctl(int d, unsigned long request, void * arg);
+#endif
+int flock(int fildes, int operation);
+int syscall(int, ...);
+
+unsigned short htons(unsigned short hostshort);
+unsigned int   htonl(unsigned int hostint);
+unsigned short ntohs(unsigned short netshort);
+unsigned int   ntohl(unsigned int netint);
+
+char *mktemp(char *template);
+char *getusershell(void);
+
+int rcmd(char **, unsigned short, char *, char *, char *, int *);
+int rresvport (int *port);
+
+#endif /* OSF/1 */
+
+#if defined(__sgi)
+#include <sys/types.h>
+
+char *ptsname(int fd);
+struct spwd *getspuid(uid_t);
+#endif /* IRIX */
+
+#if defined(__GNUC__) && defined(_AIX) /* AIX */
+
+struct timeval;
+struct timezone;
+int gettimeofday (struct timeval *Tp, void *Tzp);
+
+#endif /* AIX */
+
+#if defined(__GNUC__) && defined(__hpux) /* HP-UX */
+
+int syscall(int, ...);
+
+int vhangup(void);
+
+char *ptsname(int fildes);
+
+void utmpname(const char *file);
+
+int innetgr(const char *netgroup, const char *machine,
+	    const char *user, const char *domain);
+
+int dn_comp(char *exp_dn, char *comp_dn, int length,
+	    char **dnptrs, char **lastdnptr);
+
+int res_query(char *dname, int class, int type,
+	      unsigned char *answer, int anslen);
+
+int dn_expand(char *msg, char *eomorig, char *comp_dn,
+	      char *exp_dn, int length);
+
+int res_search(char *dname, int class, int type,
+	       unsigned char *answer, int anslen);
+
+#endif /* HP-UX */
+
+#if defined(WIN32)	/* Visual C++ 4.0 (Windows95/NT) */
+
+int open(const char *, int, ...);
+int close(int);
+int	read(int, void *, unsigned int);
+int write(int, const void *, unsigned int);
+
+#endif /* WIN32 */
diff --git a/crypto/kerberosIV/include/sys/Makefile.in b/crypto/kerberosIV/include/sys/Makefile.in
new file mode 100644
index 0000000..cee60af
--- /dev/null
+++ b/crypto/kerberosIV/include/sys/Makefile.in
@@ -0,0 +1,48 @@
+# $Id: Makefile.in,v 1.22 1998/03/15 05:57:53 assar Exp $
+
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+SHELL		= /bin/sh
+
+LN_S		= @LN_S@
+INSTALL		= @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix		= @prefix@
+includedir	= @includedir@
+BROKEN_SOCKET_H	= @krb_cv_header_sys_socket_h_broken@
+
+@SET_MAKE@
+
+HEADERS = socket.h
+
+all: stamp-headers
+
+Wall:
+	$(MAKE) CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+install: all
+
+uninstall:
+
+clean:
+	rm -f $(HEADERS) stamp-headers
+
+mostlyclean:	clean
+distclean:	clean
+	rm -f Makefile config.status *~
+
+realclean:	clean
+
+socket.h:
+	if test "$(BROKEN_SOCKET_H)" = yes; then \
+	  $(LN_S) $(srcdir)/socket.x socket.h; \
+	fi || true
+
+stamp-headers:
+	$(MAKE) $(HEADERS)
+	touch stamp-headers
+
+.PHONY: all Wall install uninstall clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/include/sys/socket.x b/crypto/kerberosIV/include/sys/socket.x
new file mode 100644
index 0000000..d5678c8
--- /dev/null
+++ b/crypto/kerberosIV/include/sys/socket.x
@@ -0,0 +1,7 @@
+/* fix for broken ultrix sys/socket.h. */
+#ifndef __SOCKET_H__
+#define __SOCKET_H__
+
+#include "/usr/include/sys/socket.h"
+
+#endif /* __SOCKET_H__ */
diff --git a/crypto/kerberosIV/include/win32/config.h b/crypto/kerberosIV/include/win32/config.h
new file mode 100644
index 0000000..199961e
--- /dev/null
+++ b/crypto/kerberosIV/include/win32/config.h
@@ -0,0 +1,1185 @@
+/* include/config.h.in.  Generated automatically from configure.in by autoheader.  */
+
+/* Define if using alloca.c.  */
+#undef C_ALLOCA
+
+/* Define to empty if the keyword does not work.  */
+#undef const
+
+/* Define to one of _getb67, GETB67, getb67 for Cray-2 and Cray-YMP systems.
+   This function is required for alloca.c support on those systems.  */
+#undef CRAY_STACKSEG_END
+
+/* Define to `int' if <sys/types.h> doesn't define.  */
+#define gid_t int
+
+/* Define if you have alloca, as a function or macro.  */
+#undef HAVE_ALLOCA
+
+/* Define if you have <alloca.h> and it should be used (not on Ultrix).  */
+#undef HAVE_ALLOCA_H
+
+/* Define if you have a working `mmap' system call.  */
+#undef HAVE_MMAP
+
+/* Define if your struct stat has st_blksize.  */
+#undef HAVE_ST_BLKSIZE
+
+/* Define as __inline if that's what the C compiler calls it.  */
+#undef inline
+
+/* Define to `long' if <sys/types.h> doesn't define.  */
+#undef off_t
+
+/* Define to `int' if <sys/types.h> doesn't define.  */
+#undef pid_t
+
+/* Define if you need to in order for stat and other things to work.  */
+#undef _POSIX_SOURCE
+
+/* Define as the return type of signal handlers (int or void).  */
+#undef RETSIGTYPE
+
+/* Define to `unsigned' if <sys/types.h> doesn't define.  */
+#undef size_t
+
+/* If using the C implementation of alloca, define if you know the
+   direction of stack growth for your system; otherwise it will be
+   automatically deduced at run-time.
+ STACK_DIRECTION > 0 => grows toward higher addresses
+ STACK_DIRECTION < 0 => grows toward lower addresses
+ STACK_DIRECTION = 0 => direction of growth unknown
+ */
+#undef STACK_DIRECTION
+
+/* Define if you have the ANSI C header files.  */
+#define STDC_HEADERS 1
+
+/* Define if `sys_siglist' is declared by <signal.h>.  */
+#undef SYS_SIGLIST_DECLARED
+
+/* Define if you can safely include both <sys/time.h> and <time.h>.  */
+#undef TIME_WITH_SYS_TIME
+
+/* Define to `int' if <sys/types.h> doesn't define.  */
+#define uid_t int
+
+/* Define if your processor stores words with the most significant
+   byte first (like Motorola and SPARC, unlike Intel and VAX).  */
+#undef WORDS_BIGENDIAN
+
+/* Define if the X Window System is missing or not being used.  */
+#undef X_DISPLAY_MISSING
+
+/* Define if you have the _getpty function.  */
+#undef HAVE__GETPTY
+
+/* Define if you have the _scrsize function.  */
+#undef HAVE__SCRSIZE
+
+/* Define if you have the _setsid function.  */
+#undef HAVE__SETSID
+
+/* Define if you have the _stricmp function.  */
+#define HAVE__STRICMP 1
+
+/* Define if you have the asnprintf function.  */
+#undef HAVE_ASNPRINTF
+
+/* Define if you have the asprintf function.  */
+#undef HAVE_ASPRINTF
+
+/* Define if you have the atexit function.  */
+#undef HAVE_ATEXIT
+
+/* Define if you have the chown function.  */
+#undef HAVE_CHOWN
+
+/* Define if you have the chroot function.  */
+#undef HAVE_CHROOT
+
+/* Define if you have the crypt function.  */
+#undef HAVE_CRYPT
+
+/* Define if you have the daemon function.  */
+#undef HAVE_DAEMON
+
+/* Define if you have the dlopen function.  */
+#undef HAVE_DLOPEN
+
+/* Define if you have the dn_expand function.  */
+#undef HAVE_DN_EXPAND
+
+/* Define if you have the el_init function.  */
+#undef HAVE_EL_INIT
+
+/* Define if you have the err function.  */
+#undef HAVE_ERR
+
+/* Define if you have the errx function.  */
+#undef HAVE_ERRX
+
+/* Define if you have the fattach function.  */
+#undef HAVE_FATTACH
+
+/* Define if you have the fchmod function.  */
+#undef HAVE_FCHMOD
+
+/* Define if you have the fchown function.  */
+#undef HAVE_FCHOWN
+
+/* Define if you have the fcntl function.  */
+#undef HAVE_FCNTL
+
+/* Define if you have the flock function.  */
+#undef HAVE_FLOCK
+
+/* Define if you have the fnmatch function.  */
+#undef HAVE_FNMATCH
+
+/* Define if you have the forkpty function.  */
+#undef HAVE_FORKPTY
+
+/* Define if you have the frevoke function.  */
+#undef HAVE_FREVOKE
+
+/* Define if you have the getattr function.  */
+#undef HAVE_GETATTR
+
+/* Define if you have the getcwd function.  */
+#undef HAVE_GETCWD
+
+/* Define if you have the getdtablesize function.  */
+#undef HAVE_GETDTABLESIZE
+
+/* Define if you have the getegid function.  */
+#undef HAVE_GETEGID
+
+/* Define if you have the geteuid function.  */
+#undef HAVE_GETEUID
+
+/* Define if you have the getgid function.  */
+#undef HAVE_GETGID
+
+/* Define if you have the gethostbyname function.  */
+#define HAVE_GETHOSTBYNAME 1
+
+/* Define if you have the gethostname function.  */
+#define HAVE_GETHOSTNAME 1
+
+/* Define if you have the getlogin function.  */
+#undef HAVE_GETLOGIN
+
+/* Define if you have the getopt function.  */
+#undef HAVE_GETOPT
+
+/* Define if you have the getpagesize function.  */
+#undef HAVE_GETPAGESIZE
+
+/* Define if you have the getpriority function.  */
+#undef HAVE_GETPRIORITY
+
+/* Define if you have the getpwnam_r function.  */
+#undef HAVE_GETPWNAM_R
+
+/* Define if you have the getrlimit function.  */
+#undef HAVE_GETRLIMIT
+
+/* Define if you have the getservbyname function.  */
+#define HAVE_GETSERVBYNAME 1
+
+/* Define if you have the getsockopt function.  */
+#define HAVE_GETSOCKOPT 1
+
+/* Define if you have the getspnam function.  */
+#undef HAVE_GETSPNAM
+
+/* Define if you have the getspuid function.  */
+#undef HAVE_GETSPUID
+
+/* Define if you have the gettimeofday function.  */
+#undef HAVE_GETTIMEOFDAY
+
+/* Define if you have the gettosbyname function.  */
+#undef HAVE_GETTOSBYNAME
+
+/* Define if you have the getudbnam function.  */
+#undef HAVE_GETUDBNAM
+
+/* Define if you have the getuid function.  */
+#undef HAVE_GETUID
+
+/* Define if you have the getusershell function.  */
+#undef HAVE_GETUSERSHELL
+
+/* Define if you have the grantpt function.  */
+#undef HAVE_GRANTPT
+
+/* Define if you have the hstrerror function.  */
+#undef HAVE_HSTRERROR
+
+/* Define if you have the inet_aton function.  */
+#undef HAVE_INET_ATON
+
+/* Define if you have the initgroups function.  */
+#undef HAVE_INITGROUPS
+
+/* Define if you have the innetgr function.  */
+#undef HAVE_INNETGR
+
+/* Define if you have the iruserok function.  */
+#undef HAVE_IRUSEROK
+
+/* Define if you have the logout function.  */
+#undef HAVE_LOGOUT
+
+/* Define if you have the logwtmp function.  */
+#undef HAVE_LOGWTMP
+
+/* Define if you have the lstat function.  */
+#undef HAVE_LSTAT
+
+/* Define if you have the memmove function.  */
+#define HAVE_MEMMOVE 1
+
+/* Define if you have the mkstemp function.  */
+#undef HAVE_MKSTEMP
+
+/* Define if you have the mktime function.  */
+#define HAVE_MKTIME 1
+
+/* Define if you have the odm_initialize function.  */
+#undef HAVE_ODM_INITIALIZE
+
+/* Define if you have the on_exit function.  */
+#undef HAVE_ON_EXIT
+
+/* Define if you have the parsetos function.  */
+#undef HAVE_PARSETOS
+
+/* Define if you have the ptsname function.  */
+#undef HAVE_PTSNAME
+
+/* Define if you have the putenv function.  */
+#undef HAVE_PUTENV
+
+/* Define if you have the rand function.  */
+#define HAVE_RAND 1
+
+/* Define if you have the random function.  */
+#undef HAVE_RANDOM
+
+/* Define if you have the rcmd function.  */
+#undef HAVE_RCMD
+
+/* Define if you have the readline function.  */
+#undef HAVE_READLINE
+
+/* Define if you have the readv function.  */
+#undef HAVE_READV
+
+/* Define if you have the res_search function.  */
+#undef HAVE_RES_SEARCH
+
+/* Define if you have the revoke function.  */
+#undef HAVE_REVOKE
+
+/* Define if you have the setegid function.  */
+#undef HAVE_SETEGID
+
+/* Define if you have the setenv function.  */
+#undef HAVE_SETENV
+
+/* Define if you have the seteuid function.  */
+#undef HAVE_SETEUID
+
+/* Define if you have the setitimer function.  */
+#undef HAVE_SETITIMER
+
+/* Define if you have the setlim function.  */
+#undef HAVE_SETLIM
+
+/* Define if you have the setlogin function.  */
+#undef HAVE_SETLOGIN
+
+/* Define if you have the setpcred function.  */
+#undef HAVE_SETPCRED
+
+/* Define if you have the setpgid function.  */
+#undef HAVE_SETPGID
+
+/* Define if you have the setpriority function.  */
+#undef HAVE_SETPRIORITY
+
+/* Define if you have the setproctitle function.  */
+#undef HAVE_SETPROCTITLE
+
+/* Define if you have the setregid function.  */
+#undef HAVE_SETREGID
+
+/* Define if you have the setresgid function.  */
+#undef HAVE_SETRESGID
+
+/* Define if you have the setresuid function.  */
+#undef HAVE_SETRESUID
+
+/* Define if you have the setreuid function.  */
+#undef HAVE_SETREUID
+
+/* Define if you have the setsid function.  */
+#undef HAVE_SETSID
+
+/* Define if you have the setsockopt function.  */
+#define HAVE_SETSOCKOPT 1
+
+/* Define if you have the setutent function.  */
+#undef HAVE_SETUTENT
+
+/* Define if you have the sigaction function.  */
+#undef HAVE_SIGACTION
+
+/* Define if you have the socket function.  */
+#define HAVE_SOCKET 1
+
+/* Define if you have the strcasecmp function.  */
+#undef HAVE_STRCASECMP
+
+/* Define if you have the strdup function.  */
+#define HAVE_STRDUP 1
+
+/* Define if you have the strerror function.  */
+#undef HAVE_STRERROR
+
+/* Define if you have the strftime function.  */
+#define HAVE_STRFTIME 1
+
+/* Define if you have the strlwr function.  */
+#define HAVE_STRLWR 1
+
+/* Define if you have the strncasecmp function.  */
+#undef HAVE_STRNCASECMP
+
+/* Define if you have the strnlen function.  */
+#undef HAVE_STRNLEN
+
+/* Define if you have the strsep function.  */
+#undef HAVE_STRSEP
+
+/* Define if you have the strtok_r function.  */
+#undef HAVE_STRTOK_R
+
+/* Define if you have the strupr function.  */
+#define HAVE_STRUPR 1
+
+/* Define if you have the swab function.  */
+#define HAVE_SWAB 1
+
+/* Define if you have the sysconf function.  */
+#undef HAVE_SYSCONF
+
+/* Define if you have the sysctl function.  */
+#undef HAVE_SYSCTL
+
+/* Define if you have the syslog function.  */
+#undef HAVE_SYSLOG
+
+/* Define if you have the tgetent function.  */
+#undef HAVE_TGETENT
+
+/* Define if you have the ttyname function.  */
+#undef HAVE_TTYNAME
+
+/* Define if you have the ttyslot function.  */
+#undef HAVE_TTYSLOT
+
+/* Define if you have the ulimit function.  */
+#undef HAVE_ULIMIT
+
+/* Define if you have the uname function.  */
+#undef HAVE_UNAME
+
+/* Define if you have the unlockpt function.  */
+#undef HAVE_UNLOCKPT
+
+/* Define if you have the unsetenv function.  */
+#undef HAVE_UNSETENV
+
+/* Define if you have the vasnprintf function.  */
+#undef HAVE_VASNPRINTF
+
+/* Define if you have the vasprintf function.  */
+#undef HAVE_VASPRINTF
+
+/* Define if you have the verr function.  */
+#undef HAVE_VERR
+
+/* Define if you have the verrx function.  */
+#undef HAVE_VERRX
+
+/* Define if you have the vhangup function.  */
+#undef HAVE_VHANGUP
+
+/* Define if you have the vsnprintf function.  */
+#undef HAVE_VSNPRINTF
+
+/* Define if you have the vsyslog function.  */
+#undef HAVE_VSYSLOG
+
+/* Define if you have the vwarn function.  */
+#undef HAVE_VWARN
+
+/* Define if you have the vwarnx function.  */
+#undef HAVE_VWARNX
+
+/* Define if you have the warn function.  */
+#undef HAVE_WARN
+
+/* Define if you have the warnx function.  */
+#undef HAVE_WARNX
+
+/* Define if you have the writev function.  */
+#undef HAVE_WRITEV
+
+/* Define if you have the XauReadAuth function.  */
+#undef HAVE_XAUREADAUTH
+
+/* Define if you have the XauWriteAuth function.  */
+#undef HAVE_XAUWRITEAUTH
+
+/* Define if you have the yp_get_default_domain function.  */
+#undef HAVE_YP_GET_DEFAULT_DOMAIN
+
+/* Define if you have the <arpa/ftp.h> header file.  */
+#undef HAVE_ARPA_FTP_H
+
+/* Define if you have the <arpa/inet.h> header file.  */
+#undef HAVE_ARPA_INET_H
+
+/* Define if you have the <arpa/nameser.h> header file.  */
+#undef HAVE_ARPA_NAMESER_H
+
+/* Define if you have the <arpa/telnet.h> header file.  */
+#undef HAVE_ARPA_TELNET_H
+
+/* Define if you have the <bsd/bsd.h> header file.  */
+#undef HAVE_BSD_BSD_H
+
+/* Define if you have the <bsdsetjmp.h> header file.  */
+#undef HAVE_BSDSETJMP_H
+
+/* Define if you have the <crypt.h> header file.  */
+#undef HAVE_CRYPT_H
+
+/* Define if you have the <curses.h> header file.  */
+#undef HAVE_CURSES_H
+
+/* Define if you have the <dbm.h> header file.  */
+#undef HAVE_DBM_H
+
+/* Define if you have the <dirent.h> header file.  */
+#undef HAVE_DIRENT_H
+
+/* Define if you have the <err.h> header file.  */
+#undef HAVE_ERR_H
+
+/* Define if you have the <errno.h> header file.  */
+#undef HAVE_ERRNO_H
+
+/* Define if you have the <fcntl.h> header file.  */
+#define HAVE_FCNTL_H 1
+
+/* Define if you have the <fnmatch.h> header file.  */
+#undef HAVE_FNMATCH_H
+
+/* Define if you have the <grp.h> header file.  */
+#undef HAVE_GRP_H
+
+/* Define if you have the <inttypes.h> header file.  */
+#undef HAVE_INTTYPES_H
+
+/* Define if you have the <io.h> header file.  */
+#define HAVE_IO_H 1
+
+/* Define if you have the <lastlog.h> header file.  */
+#undef HAVE_LASTLOG_H
+
+/* Define if you have the <libutil.h> header file.  */
+#undef HAVE_LIBUTIL_H
+
+/* Define if you have the <limits.h> header file.  */
+#undef HAVE_LIMITS_H
+
+/* Define if you have the <login.h> header file.  */
+#undef HAVE_LOGIN_H
+
+/* Define if you have the <maillock.h> header file.  */
+#undef HAVE_MAILLOCK_H
+
+/* Define if you have the <ndbm.h> header file.  */
+#undef HAVE_NDBM_H
+
+/* Define if you have the <net/if.h> header file.  */
+#undef HAVE_NET_IF_H
+
+/* Define if you have the <net/if_tun.h> header file.  */
+#undef HAVE_NET_IF_TUN_H
+
+/* Define if you have the <net/if_var.h> header file.  */
+#undef HAVE_NET_IF_VAR_H
+
+/* Define if you have the <netdb.h> header file.  */
+#undef HAVE_NETDB_H
+
+/* Define if you have the <netinet/in.h> header file.  */
+#undef HAVE_NETINET_IN_H
+
+/* Define if you have the <netinet/in6_machtypes.h> header file.  */
+#undef HAVE_NETINET_IN6_MACHTYPES_H
+
+/* Define if you have the <netinet/in_systm.h> header file.  */
+#undef HAVE_NETINET_IN_SYSTM_H
+
+/* Define if you have the <netinet/ip.h> header file.  */
+#undef HAVE_NETINET_IP_H
+
+/* Define if you have the <netinet/tcp.h> header file.  */
+#undef HAVE_NETINET_TCP_H
+
+/* Define if you have the <paths.h> header file.  */
+#undef HAVE_PATHS_H
+
+/* Define if you have the <pty.h> header file.  */
+#undef HAVE_PTY_H
+
+/* Define if you have the <pwd.h> header file.  */
+#undef HAVE_PWD_H
+
+/* Define if you have the <resolv.h> header file.  */
+#undef HAVE_RESOLV_H
+
+/* Define if you have the <rpcsvc/dbm.h> header file.  */
+#undef HAVE_RPCSVC_DBM_H
+
+/* Define if you have the <rpcsvc/ypclnt.h> header file.  */
+#undef HAVE_RPCSVC_YPCLNT_H
+
+/* Define if you have the <sac.h> header file.  */
+#undef HAVE_SAC_H
+
+/* Define if you have the <security/pam_modules.h> header file.  */
+#undef HAVE_SECURITY_PAM_MODULES_H
+
+/* Define if you have the <shadow.h> header file.  */
+#undef HAVE_SHADOW_H
+
+/* Define if you have the <siad.h> header file.  */
+#undef HAVE_SIAD_H
+
+/* Define if you have the <signal.h> header file.  */
+#define HAVE_SIGNAL_H 1
+
+/* Define if you have the <stropts.h> header file.  */
+#undef HAVE_STROPTS_H
+
+/* Define if you have the <sys/bitypes.h> header file.  */
+#undef HAVE_SYS_BITYPES_H
+
+/* Define if you have the <sys/category.h> header file.  */
+#undef HAVE_SYS_CATEGORY_H
+
+/* Define if you have the <sys/file.h> header file.  */
+#undef HAVE_SYS_FILE_H
+
+/* Define if you have the <sys/filio.h> header file.  */
+#undef HAVE_SYS_FILIO_H
+
+/* Define if you have the <sys/ioccom.h> header file.  */
+#undef HAVE_SYS_IOCCOM_H
+
+/* Define if you have the <sys/ioctl.h> header file.  */
+#undef HAVE_SYS_IOCTL_H
+
+/* Define if you have the <sys/locking.h> header file.  */
+#define HAVE_SYS_LOCKING_H 1
+
+/* Define if you have the <sys/mman.h> header file.  */
+#undef HAVE_SYS_MMAN_H
+
+/* Define if you have the <sys/param.h> header file.  */
+#undef HAVE_SYS_PARAM_H
+
+/* Define if you have the <sys/proc.h> header file.  */
+#undef HAVE_SYS_PROC_H
+
+/* Define if you have the <sys/pty.h> header file.  */
+#undef HAVE_SYS_PTY_H
+
+/* Define if you have the <sys/ptyio.h> header file.  */
+#undef HAVE_SYS_PTYIO_H
+
+/* Define if you have the <sys/ptyvar.h> header file.  */
+#undef HAVE_SYS_PTYVAR_H
+
+/* Define if you have the <sys/resource.h> header file.  */
+#undef HAVE_SYS_RESOURCE_H
+
+/* Define if you have the <sys/select.h> header file.  */
+#undef HAVE_SYS_SELECT_H
+
+/* Define if you have the <sys/socket.h> header file.  */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define if you have the <sys/sockio.h> header file.  */
+#undef HAVE_SYS_SOCKIO_H
+
+/* Define if you have the <sys/stat.h> header file.  */
+#define HAVE_SYS_STAT_H 1
+
+/* Define if you have the <sys/str_tty.h> header file.  */
+#undef HAVE_SYS_STR_TTY_H
+
+/* Define if you have the <sys/stream.h> header file.  */
+#undef HAVE_SYS_STREAM_H
+
+/* Define if you have the <sys/stropts.h> header file.  */
+#undef HAVE_SYS_STROPTS_H
+
+/* Define if you have the <sys/strtty.h> header file.  */
+#undef HAVE_SYS_STRTTY_H
+
+/* Define if you have the <sys/syscall.h> header file.  */
+#undef HAVE_SYS_SYSCALL_H
+
+/* Define if you have the <sys/sysctl.h> header file.  */
+#undef HAVE_SYS_SYSCTL_H
+
+/* Define if you have the <sys/termio.h> header file.  */
+#undef HAVE_SYS_TERMIO_H
+
+/* Define if you have the <sys/time.h> header file.  */
+#undef HAVE_SYS_TIME_H
+
+/* Define if you have the <sys/timeb.h> header file.  */
+#define HAVE_SYS_TIMEB_H 1
+
+/* Define if you have the <sys/times.h> header file.  */
+#undef HAVE_SYS_TIMES_H
+
+/* Define if you have the <sys/tty.h> header file.  */
+#undef HAVE_SYS_TTY_H
+
+/* Define if you have the <sys/types.h> header file.  */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define if you have the <sys/uio.h> header file.  */
+#undef HAVE_SYS_UIO_H
+
+/* Define if you have the <sys/un.h> header file.  */
+#undef HAVE_SYS_UN_H
+
+/* Define if you have the <sys/utsname.h> header file.  */
+#undef HAVE_SYS_UTSNAME_H
+
+/* Define if you have the <sys/wait.h> header file.  */
+#undef HAVE_SYS_WAIT_H
+
+/* Define if you have the <syslog.h> header file.  */
+#undef HAVE_SYSLOG_H
+
+/* Define if you have the <term.h> header file.  */
+#undef HAVE_TERM_H
+
+/* Define if you have the <termcap.h> header file.  */
+#undef HAVE_TERMCAP_H
+
+/* Define if you have the <termio.h> header file.  */
+#undef HAVE_TERMIO_H
+
+/* Define if you have the <termios.h> header file.  */
+#undef HAVE_TERMIOS_H
+
+/* Define if you have the <tmpdir.h> header file.  */
+#undef HAVE_TMPDIR_H
+
+/* Define if you have the <ttyent.h> header file.  */
+#undef HAVE_TTYENT_H
+
+/* Define if you have the <udb.h> header file.  */
+#undef HAVE_UDB_H
+
+/* Define if you have the <ulimit.h> header file.  */
+#undef HAVE_ULIMIT_H
+
+/* Define if you have the <unistd.h> header file.  */
+#undef HAVE_UNISTD_H
+
+/* Define if you have the <userpw.h> header file.  */
+#undef HAVE_USERPW_H
+
+/* Define if you have the <usersec.h> header file.  */
+#undef HAVE_USERSEC_H
+
+/* Define if you have the <util.h> header file.  */
+#undef HAVE_UTIL_H
+
+/* Define if you have the <utime.h> header file.  */
+#undef HAVE_UTIME_H
+
+/* Define if you have the <utmp.h> header file.  */
+#undef HAVE_UTMP_H
+
+/* Define if you have the <utmpx.h> header file.  */
+#undef HAVE_UTMPX_H
+
+/* Define if you have the <wait.h> header file.  */
+#undef HAVE_WAIT_H
+
+/* Define if you have the c_r library (-lc_r).  */
+#undef HAVE_LIBC_R
+
+/* Define if you have the cfg library (-lcfg).  */
+#undef HAVE_LIBCFG
+
+/* Define if you have the crypt library (-lcrypt).  */
+#undef HAVE_LIBCRYPT
+
+/* Define if you have the curses library (-lcurses).  */
+#undef HAVE_LIBCURSES
+
+/* Define if you have the dl library (-ldl).  */
+#undef HAVE_LIBDL
+
+/* Define if you have the edit library (-ledit).  */
+#undef HAVE_LIBEDIT
+
+/* Define if you have the ncurses library (-lncurses).  */
+#undef HAVE_LIBNCURSES
+
+/* Define if you have the nsl library (-lnsl).  */
+#undef HAVE_LIBNSL
+
+/* Define if you have the odm library (-lodm).  */
+#undef HAVE_LIBODM
+
+/* Define if you have the readline library (-lreadline).  */
+#undef HAVE_LIBREADLINE
+
+/* Define if you have the resolv library (-lresolv).  */
+#undef HAVE_LIBRESOLV
+
+/* Define if you have the s library (-ls).  */
+#undef HAVE_LIBS
+
+/* Define if you have the socket library (-lsocket).  */
+#undef HAVE_LIBSOCKET
+
+/* Define if you have the syslog library (-lsyslog).  */
+#undef HAVE_LIBSYSLOG
+
+/* Define if you have the termcap library (-ltermcap).  */
+#undef HAVE_LIBTERMCAP
+
+/* Define if you have the util library (-lutil).  */
+#undef HAVE_LIBUTIL
+
+/* Define if you have the X11 library (-lX11).  */
+#undef HAVE_LIBX11
+
+/* Define if you have the Xau library (-lXau).  */
+#undef HAVE_LIBXAU
+
+/* Name of package */
+#undef PACKAGE
+
+/* Version number of package */
+#undef VERSION
+
+/* Define if you have the socks package */
+#undef SOCKS
+
+/* Define to enable old kdestroy behavior. */
+#undef LEGACY_KDESTROY
+
+/* Define if you want to match subdomains. */
+#undef MATCH_SUBDOMAINS
+
+/* Define this to be the directory where the 
+	dictionary for cracklib resides. */
+#undef DICTPATH
+
+/* Define this to the path of the mail spool directory. */
+#undef KRB4_MAILDIR
+
+/* Define this to the kerberos database directory. */
+#undef DB_DIR
+
+/* Define to enable new master key code. */
+#undef RANDOM_MKEY
+
+/* Define this to the location of the master key. */
+#undef MKEYFILE
+
+/* Define to enable basic OSF C2 support. */
+#undef HAVE_OSFC2
+
+/* Define if you don't want to use mmap. */
+#undef NO_MMAP
+
+/* Define if you don't wan't support for AFS. */
+#undef NO_AFS
+
+/* Set this to the type of des-quad-cheksum to use. */
+#define DES_QUAD_DEFAULT DES_QUAD_GUESS
+
+/* Define if you have the readline package */
+#undef READLINE
+
+/* Define if you have the hesiod package */
+#undef HESIOD
+
+/* define if your compiler has __attribute__ */
+#undef HAVE___ATTRIBUTE__
+
+/* Huh? */
+#undef HAVE_STRANGE_INT8_T
+
+/* Define if NDBM really is DB (creates files ending in .db). */
+#undef HAVE_NEW_DB
+
+/* Define if you have NDBM (and not DBM) */
+#undef NDBM
+
+/* define if you have a working snprintf */
+#undef HAVE_SNPRINTF
+
+/* define if the system is missing a prototype for snprintf() */
+#undef NEED_SNPRINTF_PROTO
+
+/* define if you have a glob() that groks 
+	GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, and GLOB_TILDE */
+#undef HAVE_GLOB
+
+/* define if the system is missing a prototype for glob() */
+#undef NEED_GLOB_PROTO
+
+/* Define if getpwnam_r has POSIX flavour. */
+#undef POSIX_GETPWNAM_R
+
+/* Define if getlogin has POSIX flavour (and not BSD). */
+#undef POSIX_GETLOGIN
+
+/* define if the system is missing a prototype for hstrerror() */
+#undef NEED_HSTRERROR_PROTO
+
+/* define if the system is missing a prototype for gethostname() */
+#undef NEED_GETHOSTNAME_PROTO
+
+/* define if the system is missing a prototype for mkstemp() */
+#undef NEED_MKSTEMP_PROTO
+
+/* define if the system is missing a prototype for inet_aton() */
+#undef NEED_INET_ATON_PROTO
+
+/* Define if realloc(NULL, X) doesn't work. */
+#undef BROKEN_REALLOC
+
+/* Define if getcwd is broken (like in SunOS 4). */
+#undef BROKEN_GETCWD
+
+/* define if prototype of gethostbyname is compatible with
+	struct hostent *gethostbyname(const char *) */
+#undef GETHOSTBYNAME_PROTO_COMPATIBLE
+
+/* define if prototype of gethostbyaddr is compatible with
+	struct hostent *gethostbyaddr(const void *, size_t, int) */
+#undef GETHOSTBYADDR_PROTO_COMPATIBLE
+
+/* define if prototype of getservbyname is compatible with
+	struct servent *getservbyname(const char *, const char *) */
+#undef GETSERVBYNAME_PROTO_COMPATIBLE
+
+/* define if prototype of openlog is compatible with
+	void openlog(const char *, int, int) */
+#undef OPENLOG_PROTO_COMPATIBLE
+
+/* define if the system is missing a prototype for crypt() */
+#undef NEED_CRYPT_PROTO
+
+/* define if the system is missing a prototype for fclose() */
+#undef NEED_FCLOSE_PROTO
+
+/* define if the system is missing a prototype for strtok_r() */
+#undef NEED_STRTOK_R_PROTO
+
+/* define if the system is missing a prototype for getusershell() */
+#undef NEED_GETUSERSHELL_PROTO
+
+/* define if the system is missing a prototype for utime() */
+#undef NEED_UTIME_PROTO
+
+/* define if you have h_errno */
+#define HAVE_H_ERRNO 1
+
+/* define if your system declares h_errno */
+#define HAVE_H_ERRNO_DECLARATION 1
+
+/* define if you have h_errlist */
+#undef HAVE_H_ERRLIST
+
+/* define if your system declares h_errlist */
+#undef HAVE_H_ERRLIST_DECLARATION
+
+/* define if you have h_nerr */
+#undef HAVE_H_NERR
+
+/* define if your system declares h_nerr */
+#undef HAVE_H_NERR_DECLARATION
+
+/* define if you have __progname */
+#undef HAVE___PROGNAME
+
+/* define if your system declares __progname */
+#undef HAVE___PROGNAME_DECLARATION
+
+/* define if your system declares optarg */
+#undef HAVE_OPTARG_DECLARATION
+
+/* define if your system declares optind */
+#undef HAVE_OPTIND_DECLARATION
+
+/* define if your system declares opterr */
+#undef HAVE_OPTERR_DECLARATION
+
+/* define if your system declares optopt */
+#undef HAVE_OPTOPT_DECLARATION
+
+/* define if your system declares environ */
+#undef HAVE_ENVIRON_DECLARATION
+
+/* Define if RETSIGTYPE == void. */
+#define VOID_RETSIGTYPE 1
+
+/* Define if struct utmp has field ut_addr. */
+#undef HAVE_STRUCT_UTMP_UT_ADDR
+
+/* Define if struct utmp has field ut_host. */
+#undef HAVE_STRUCT_UTMP_UT_HOST
+
+/* Define if struct utmp has field ut_id. */
+#undef HAVE_STRUCT_UTMP_UT_ID
+
+/* Define if struct utmp has field ut_pid. */
+#undef HAVE_STRUCT_UTMP_UT_PID
+
+/* Define if struct utmp has field ut_type. */
+#undef HAVE_STRUCT_UTMP_UT_TYPE
+
+/* Define if struct utmp has field ut_user. */
+#undef HAVE_STRUCT_UTMP_UT_USER
+
+/* Define if struct utmpx has field ut_exit. */
+#undef HAVE_STRUCT_UTMPX_UT_EXIT
+
+/* Define if struct utmpx has field ut_syslen. */
+#undef HAVE_STRUCT_UTMPX_UT_SYSLEN
+
+/* define if you have struct spwd */
+#undef HAVE_STRUCT_SPWD
+
+/* define if struct winsize is declared in sys/termios.h */
+#undef HAVE_STRUCT_WINSIZE
+
+/* define if struct winsize has ws_xpixel */
+#undef HAVE_WS_XPIXEL
+
+/* define if struct winsize has ws_ypixel */
+#undef HAVE_WS_YPIXEL
+
+/* Define this to what the type ssize_t should be. */
+#define ssize_t int
+
+/* Define if struct sockaddr has field sa_len. */
+#undef HAVE_STRUCT_SOCKADDR_SA_LEN
+
+/* Define if SIAENTITY has field ouid. */
+#undef HAVE_SIAENTITY_OUID
+
+/* Define if you have a working getmsg. */
+#undef HAVE_GETMSG
+
+/* Define if you have a readline function. */
+#undef HAVE_READLINE
+
+/* Define if you have working stream ptys. */
+#undef STREAMSPTY
+
+/* Define if /bin/ls has a `-A' flag. */
+#undef HAVE_LS_A
+
+
+#undef HAVE_INT8_T
+#undef HAVE_INT16_T
+#undef HAVE_INT32_T
+#undef HAVE_INT64_T
+#undef HAVE_U_INT8_T
+#undef HAVE_U_INT16_T
+#undef HAVE_U_INT32_T
+#undef HAVE_U_INT64_T
+
+/* This for compat with heimdal (or something) */
+#define KRB_PUT_INT(f, t, l, s) krb_put_int((f), (t), (l), (s))
+
+#define RCSID(msg) \
+static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
+
+/*
+ * Set ORGANIZATION to be the desired organization string printed
+ * by the 'kinit' program.  It may have spaces.
+ */
+#define ORGANIZATION "eBones International"
+
+#if 0
+#undef BINDIR 
+#undef LIBDIR
+#undef LIBEXECDIR
+#undef SBINDIR
+#endif
+
+#if 0
+#define KRB_CNF_FILES	{ "/etc/krb.conf",   "/etc/kerberosIV/krb.conf", 0}
+#define KRB_RLM_FILES	{ "/etc/krb.realms", "/etc/kerberosIV/krb.realms", 0}
+#define KRB_EQUIV	"/etc/krb.equiv"
+
+#define KEYFILE		"/etc/srvtab"
+
+#define KRBDIR		"/var/kerberos"
+#define DBM_FILE	KRBDIR "/principal"
+#define DEFAULT_ACL_DIR	KRBDIR
+
+#define KRBLOG		"/var/log/kerberos.log"	/* master server  */
+#define KRBSLAVELOG	"/var/log/kerberos_slave.log" /* slave server  */
+#define KADM_SYSLOG	"/var/log/admin_server.syslog"
+#define K_LOGFIL	"/var/log/kpropd.log"
+#endif
+
+/* Maximum values on all known systems */
+#define MaxHostNameLen (64+4)
+#define MaxPathLen (1024+4)
+
+/* ftp stuff -------------------------------------------------- */
+
+#define KERBEROS
+
+/* telnet stuff ----------------------------------------------- */
+
+/* define this for OTP support */
+#undef OTP
+
+/* define this if you have kerberos 4 */
+#define KRB4 1
+
+/* define this if you want encryption */
+#undef ENCRYPTION
+
+/* define this if you want authentication */
+#undef AUTHENTICATION
+
+#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
+#define AUTHENTICATION 1
+#endif
+
+/* Set this if you want des encryption */
+#undef DES_ENCRYPTION
+
+/* Set this to the default system lead string for telnetd 
+ * can contain %-escapes: %s=sysname, %m=machine, %r=os-release
+ * %v=os-version, %t=tty, %h=hostname, %d=date and time
+ */
+#undef USE_IM
+
+/* define this if you want diagnostics in telnetd */
+#undef DIAGNOSTICS
+
+/* define this if you want support for broken ENV_{VALUE,VAR} systems  */
+#undef ENV_HACK
+
+/*  */
+#undef OLD_ENVIRON
+
+/* Used with login -p */
+#undef LOGIN_ARGS
+
+/* set this to a sensible login */
+#ifndef LOGIN_PATH
+#define LOGIN_PATH BINDIR "/login"
+#endif
+
+
+/* ------------------------------------------------------------ */
+
+#ifdef BROKEN_REALLOC
+#define realloc(X, Y) isoc_realloc((X), (Y))
+#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
+#endif
+
+#ifdef VOID_RETSIGTYPE
+#define SIGRETURN(x) return
+#else
+#define SIGRETURN(x) return (RETSIGTYPE)(x)
+#endif
+
+/* Temporary fixes for krb_{rd,mk}_safe */
+#define DES_QUAD_GUESS 0
+#define DES_QUAD_NEW 1
+#define DES_QUAD_OLD 2
+
+/*
+ * All these are system-specific defines that I would rather not have at all.
+ */
+
+/*
+ * AIX braindamage!
+ */
+#if _AIX
+#define _ALL_SOURCE
+/* XXX this is gross, but kills about a gazillion warnings */
+struct ether_addr;
+struct sockaddr;
+struct sockaddr_dl;
+struct sockaddr_in;
+#endif
+
+/*
+ * SunOS braindamage! (Sun include files are generally braindead)
+ */
+#if (defined(sun) || defined(__sun))
+#if defined(__svr4__) || defined(__SVR4)
+#define SunOS 5
+#else
+#define SunOS 4
+#endif
+#endif
+
+#if defined(__sgi) || defined(sgi)
+#if defined(__SYSTYPE_SVR4) || defined(_SYSTYPE_SVR4)
+#define IRIX 5
+#else
+#define IRIX 4
+#endif
+#endif
+
+/* IRIX 4 braindamage */
+#if IRIX == 4 && !defined(__STDC__)
+#define __STDC__ 0
+#endif
+
+/* some strange OS/2 stuff.  From <d96-mst@nada.kth.se> */
+
+#ifdef __EMX__
+#define _EMX_TCPIP
+#define MAIL_USE_SYSTEM_LOCK
+#endif
+
+#ifdef ROKEN_RENAME
+#include "roken_rename.h"
+#endif
diff --git a/crypto/kerberosIV/include/win32/ktypes.h b/crypto/kerberosIV/include/win32/ktypes.h
new file mode 100644
index 0000000..3d4af11
--- /dev/null
+++ b/crypto/kerberosIV/include/win32/ktypes.h
@@ -0,0 +1,11 @@
+#ifndef __KTYPES_H__
+#define __KTYPES_H__
+
+typedef signed char int8_t;
+typedef unsigned char u_int8_t;
+typedef short int16_t;
+typedef unsigned short u_int16_t;
+typedef int int32_t;
+typedef unsigned int u_int32_t;
+
+#endif /*  __KTYPES_H__ */
diff --git a/crypto/kerberosIV/include/win32/roken.h b/crypto/kerberosIV/include/win32/roken.h
new file mode 100644
index 0000000..9a3117f
--- /dev/null
+++ b/crypto/kerberosIV/include/win32/roken.h
@@ -0,0 +1,214 @@
+/* This is (as usual) a generated file,
+   it is also machine dependent */
+
+#ifndef __ROKEN_H__
+#define __ROKEN_H__
+
+/* -*- C -*- */
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: roken.h,v 1.8 1999/12/02 16:58:36 joda Exp $ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <signal.h>
+#include <time.h>
+
+
+
+#define ROKEN_LIB_FUNCTION
+
+#include <roken-common.h>
+
+
+int putenv(const char *string);
+
+int setenv(const char *var, const char *val, int rewrite);
+
+void unsetenv(const char *name);
+
+char *getusershell(void);
+void endusershell(void);
+
+int snprintf (char *str, size_t sz, const char *format, ...)
+     __attribute__ ((format (printf, 3, 4)));
+
+int vsnprintf (char *str, size_t sz, const char *format, va_list ap)
+     __attribute__((format (printf, 3, 0)));
+
+int asprintf (char **ret, const char *format, ...)
+     __attribute__ ((format (printf, 2, 3)));
+
+int vasprintf (char **ret, const char *format, va_list ap)
+     __attribute__((format (printf, 2, 0)));
+
+int asnprintf (char **ret, size_t max_sz, const char *format, ...)
+     __attribute__ ((format (printf, 3, 4)));
+
+int vasnprintf (char **ret, size_t max_sz, const char *format, va_list ap)
+     __attribute__((format (printf, 3, 0)));
+
+char * strdup(const char *old);
+
+char * strlwr(char *);
+
+int strnlen(char*, int);
+
+char *strsep(char**, const char*);
+
+int strcasecmp(const char *s1, const char *s2);
+
+
+
+char * strupr(char *);
+
+size_t strlcpy (char *dst, const char *src, size_t dst_sz);
+
+size_t strlcat (char *dst, const char *src, size_t dst_sz);
+
+int getdtablesize(void);
+
+char *strerror(int eno);
+
+/* This causes a fatal error under Psoriasis */
+const char *hstrerror(int herr);
+
+extern int h_errno;
+
+int inet_aton(const char *cp, struct in_addr *adr);
+
+char* getcwd(char *path, size_t size);
+
+
+int seteuid(uid_t euid);
+
+int setegid(gid_t egid);
+
+int lstat(const char *path, struct stat *buf);
+
+int mkstemp(char *);
+
+int initgroups(const char *name, gid_t basegid);
+
+int fchown(int fd, uid_t owner, gid_t group);
+
+int daemon(int nochdir, int noclose);
+
+int innetgr(const char *netgroup, const char *machine, 
+	    const char *user, const char *domain);
+
+int chown(const char *path, uid_t owner, gid_t group);
+
+int rcmd(char **ahost, unsigned short inport, const char *locuser,
+	 const char *remuser, const char *cmd, int *fd2p);
+
+int innetgr(const char*, const char*, const char*, const char*);
+
+int iruserok(unsigned raddr, int superuser, const char *ruser,
+	     const char *luser);
+
+int gethostname(char *name, int namelen);
+
+ssize_t
+writev(int d, const struct iovec *iov, int iovcnt);
+
+ssize_t
+readv(int d, const struct iovec *iov, int iovcnt);
+
+int
+mkstemp(char *template);
+
+#define LOCK_SH   1		/* Shared lock */
+#define LOCK_EX   2		/* Exclusive lock */
+#define LOCK_NB   4		/* Don't block when locking */
+#define LOCK_UN   8		/* Unlock */
+
+int flock(int fd, int operation);
+
+time_t tm2time (struct tm tm, int local);
+
+int unix_verify_user(char *user, char *password);
+
+void inaddr2str(struct in_addr addr, char *s, size_t len);
+
+void mini_inetd (int port);
+
+int roken_concat (char *s, size_t len, ...);
+
+size_t roken_mconcat (char **s, size_t max_len, ...);
+
+int roken_vconcat (char *s, size_t len, va_list args);
+
+size_t roken_vmconcat (char **s, size_t max_len, va_list args);
+
+ssize_t net_write (int fd, const void *buf, size_t nbytes);
+
+ssize_t net_read (int fd, void *buf, size_t nbytes);
+
+int issuid(void);
+
+struct winsize {
+	unsigned short ws_row, ws_col;
+	unsigned short ws_xpixel, ws_ypixel;
+};
+
+int get_window_size(int fd, struct winsize *);
+
+void vsyslog(int pri, const char *fmt, va_list ap);
+
+extern char *optarg;
+extern int optind;
+extern int opterr;
+
+extern const char *__progname;
+
+extern char **environ;
+
+/*
+ * kludges and such
+ */
+
+int roken_gethostby_setup(const char*, const char*);
+struct hostent* roken_gethostbyname(const char*);
+struct hostent* roken_gethostbyaddr(const void*, size_t, int);
+
+#define roken_getservbyname(x,y) getservbyname((char *)x, (char *)y)
+
+#define roken_openlog(a,b,c) openlog((char *)a,b,c)
+
+void set_progname(char *argv0);
+
+#endif /* __ROKEN_H__ */
diff --git a/crypto/kerberosIV/include/win32/version.h b/crypto/kerberosIV/include/win32/version.h
new file mode 100644
index 0000000..07fe2eb
--- /dev/null
+++ b/crypto/kerberosIV/include/win32/version.h
@@ -0,0 +1,2 @@
+char *krb4_long_version = "krb4-0.9.7 on Windows NT";
+char *krb4_version = "0.9.7";
diff --git a/crypto/kerberosIV/include/win32/winconf.sh b/crypto/kerberosIV/include/win32/winconf.sh
new file mode 100644
index 0000000..a7d5f28
--- /dev/null
+++ b/crypto/kerberosIV/include/win32/winconf.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+# $Id: winconf.sh,v 1.1 1997/11/09 14:35:15 joda Exp $
+
+cat ../config.h.in | sed '
+s%#undef gid_t$%#define gid_t int%
+s%#undef STDC_HEADERS$%#define STDC_HEADERS 1%
+s%#undef uid_t$%#define uid_t int%
+s%#undef ssize_t$%#define ssize_t int%
+s%#undef VOID_RETSIGTYPE$%#define VOID_RETSIGTYPE 1%
+s%#undef HAVE_H_ERRNO$%#define HAVE_H_ERRNO 1%
+s%#undef HAVE_H_ERRNO_DECLARATION$%#define HAVE_H_ERRNO_DECLARATION 1%
+s%#undef HAVE__STRICMP$%#define HAVE__STRICMP 1%
+s%#undef HAVE_GETHOSTBYNAME$%#define HAVE_GETHOSTBYNAME 1%
+s%#undef HAVE_GETHOSTNAME$%#define HAVE_GETHOSTNAME 1%
+s%#undef HAVE_GETSERVBYNAME$%#define HAVE_GETSERVBYNAME 1%
+s%#undef HAVE_GETSOCKOPT$%#define HAVE_GETSOCKOPT 1%
+s%#undef HAVE_MEMMOVE$%#define HAVE_MEMMOVE 1%
+s%#undef HAVE_MKTIME$%#define HAVE_MKTIME 1%
+s%#undef HAVE_RAND$%#define HAVE_RAND 1%
+s%#undef HAVE_SETSOCKOPT$%#define HAVE_SETSOCKOPT 1%
+s%#undef HAVE_SOCKET$%#define HAVE_SOCKET 1%
+s%#undef HAVE_STRDUP$%#define HAVE_STRDUP 1%
+s%#undef HAVE_STRFTIME$%#define HAVE_STRFTIME 1%
+s%#undef HAVE_STRLWR$%#define HAVE_STRLWR 1%
+s%#undef HAVE_STRUPR$%#define HAVE_STRUPR 1%
+s%#undef HAVE_SWAB$%#define HAVE_SWAB 1%
+s%#undef HAVE_FCNTL_H$%#define HAVE_FCNTL_H 1%
+s%#undef HAVE_IO_H$%#define HAVE_IO_H 1%
+s%#undef HAVE_SIGNAL_H$%#define HAVE_SIGNAL_H 1%
+s%#undef HAVE_SYS_LOCKING_H$%#define HAVE_SYS_LOCKING_H 1%
+s%#undef HAVE_SYS_STAT_H$%#define HAVE_SYS_STAT_H 1%
+s%#undef HAVE_SYS_TIMEB_H$%#define HAVE_SYS_TIMEB_H 1%
+s%#undef HAVE_SYS_TYPES_H$%#define HAVE_SYS_TYPES_H 1%
+s%#undef HAVE_WINSOCK_H$%#define HAVE_WINSOCK_H 1%
+s%#undef KRB4$%#define KRB4 1%
+s%#undef DES_QUAD_DEFAULT$%#define DES_QUAD_DEFAULT DES_QUAD_GUESS%' > config.h
diff --git a/crypto/kerberosIV/install-sh b/crypto/kerberosIV/install-sh
new file mode 100644
index 0000000..ebc6691
--- /dev/null
+++ b/crypto/kerberosIV/install-sh
@@ -0,0 +1,250 @@
+#! /bin/sh
+#
+# install - install a program, script, or datafile
+# This comes from X11R5 (mit/util/scripts/install.sh).
+#
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission.  M.I.T. makes no representations about the
+# suitability of this software for any purpose.  It is provided "as is"
+# without express or implied warranty.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.  It can only install one file at a time, a restriction
+# shared with many OS's install programs.
+
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+mkdirprog="${MKDIRPROG-mkdir}"
+
+transformbasename=""
+transform_arg=""
+instcmd="$mvprog"
+chmodcmd="$chmodprog 0755"
+chowncmd=""
+chgrpcmd=""
+stripcmd=""
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=""
+dst=""
+dir_arg=""
+
+while [ x"$1" != x ]; do
+    case $1 in
+	-c) instcmd="$cpprog"
+	    shift
+	    continue;;
+
+	-d) dir_arg=true
+	    shift
+	    continue;;
+
+	-m) chmodcmd="$chmodprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-o) chowncmd="$chownprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-g) chgrpcmd="$chgrpprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-s) stripcmd="$stripprog"
+	    shift
+	    continue;;
+
+	-t=*) transformarg=`echo $1 | sed 's/-t=//'`
+	    shift
+	    continue;;
+
+	-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
+	    shift
+	    continue;;
+
+	*)  if [ x"$src" = x ]
+	    then
+		src=$1
+	    else
+		# this colon is to work around a 386BSD /bin/sh bug
+		:
+		dst=$1
+	    fi
+	    shift
+	    continue;;
+    esac
+done
+
+if [ x"$src" = x ]
+then
+	echo "install:	no input file specified"
+	exit 1
+else
+	true
+fi
+
+if [ x"$dir_arg" != x ]; then
+	dst=$src
+	src=""
+	
+	if [ -d $dst ]; then
+		instcmd=:
+	else
+		instcmd=mkdir
+	fi
+else
+
+# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
+# might cause directories to be created, which would be especially bad 
+# if $src (and thus $dsttmp) contains '*'.
+
+	if [ -f $src -o -d $src ]
+	then
+		true
+	else
+		echo "install:  $src does not exist"
+		exit 1
+	fi
+	
+	if [ x"$dst" = x ]
+	then
+		echo "install:	no destination specified"
+		exit 1
+	else
+		true
+	fi
+
+# If destination is a directory, append the input filename; if your system
+# does not like double slashes in filenames, you may need to add some logic
+
+	if [ -d $dst ]
+	then
+		dst="$dst"/`basename $src`
+	else
+		true
+	fi
+fi
+
+## this sed command emulates the dirname command
+dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
+
+# Make sure that the destination directory exists.
+#  this part is taken from Noah Friedman's mkinstalldirs script
+
+# Skip lots of stat calls in the usual case.
+if [ ! -d "$dstdir" ]; then
+defaultIFS='	
+'
+IFS="${IFS-${defaultIFS}}"
+
+oIFS="${IFS}"
+# Some sh's can't handle IFS=/ for some reason.
+IFS='%'
+set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
+IFS="${oIFS}"
+
+pathcomp=''
+
+while [ $# -ne 0 ] ; do
+	pathcomp="${pathcomp}${1}"
+	shift
+
+	if [ ! -d "${pathcomp}" ] ;
+        then
+		$mkdirprog "${pathcomp}"
+	else
+		true
+	fi
+
+	pathcomp="${pathcomp}/"
+done
+fi
+
+if [ x"$dir_arg" != x ]
+then
+	$doit $instcmd $dst &&
+
+	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
+	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
+	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
+	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
+else
+
+# If we're going to rename the final executable, determine the name now.
+
+	if [ x"$transformarg" = x ] 
+	then
+		dstfile=`basename $dst`
+	else
+		dstfile=`basename $dst $transformbasename | 
+			sed $transformarg`$transformbasename
+	fi
+
+# don't allow the sed command to completely eliminate the filename
+
+	if [ x"$dstfile" = x ] 
+	then
+		dstfile=`basename $dst`
+	else
+		true
+	fi
+
+# Make a temp file name in the proper directory.
+
+	dsttmp=$dstdir/#inst.$$#
+
+# Move or copy the file name to the temp name
+
+	$doit $instcmd $src $dsttmp &&
+
+	trap "rm -f ${dsttmp}" 0 &&
+
+# and set any options; do chmod last to preserve setuid bits
+
+# If any of these fail, we abort the whole thing.  If we want to
+# ignore errors from any of these, just make sure not to ignore
+# errors from the above "$doit $instcmd $src $dsttmp" command.
+
+	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
+	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
+	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
+	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
+
+# Now rename the file to the real destination.
+
+	$doit $rmcmd -f $dstdir/$dstfile &&
+	$doit $mvcmd $dsttmp $dstdir/$dstfile 
+
+fi &&
+
+
+exit 0
diff --git a/crypto/kerberosIV/kadmin/Design.txt b/crypto/kerberosIV/kadmin/Design.txt
new file mode 100644
index 0000000..7763a04
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/Design.txt
@@ -0,0 +1,23 @@
+// This file attempts to present the internal functioning of the new kerberos
+// admin server and interface..
+
+//
+// The calling side
+//
+
+// Outer interface (programmers interface)
+kadm_mod_entry(vals *old_dat, vals *new_dat) returns (vals *cur_dat)
+    // sends a command telling the server to change all entries which match
+    //   old_dat to entries matching new_dat
+    // returns in cur_dat the actual current values of the modified records
+    // implemented with calls to _vals_to_stream, _send_out, _take_in, and
+    //   _stream_to_vals, _interpret_ret
+
+// Inner calls
+_vals_to_stream (vals *, unsigned char *)
+    // converts a vals structure to a byte stream for transmission over the net
+
+_stream_to_vals (unsigned char *, vals *)
+    // converts a byte stream recieved into a vals structure
+
+
diff --git a/crypto/kerberosIV/kadmin/Makefile.in b/crypto/kerberosIV/kadmin/Makefile.in
new file mode 100644
index 0000000..0227ad6
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/Makefile.in
@@ -0,0 +1,125 @@
+# $Id: Makefile.in,v 1.47 1999/03/10 19:01:13 joda Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+top_builddir=..
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+LN_S = @LN_S@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+
+LIB_tgetent = @LIB_tgetent@
+LIB_readline = @LIB_readline@
+LIB_DBM = @LIB_DBM@
+LIBS = @LIBS@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+CRACKLIB = @CRACKLIB@
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+bindir = @bindir@
+sbindir = @sbindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROG_BIN	= kpasswd$(EXECSUFFIX) \
+		  kadmin$(EXECSUFFIX)
+PROG_SBIN	= ksrvutil$(EXECSUFFIX)
+PROG_LIBEXEC	= kadmind$(EXECSUFFIX)
+PROGS = $(PROG_BIN) $(PROG_SBIN) $(PROG_LIBEXEC)
+
+SOURCES = kpasswd.c kadmin.c kadm_server.c kadm_funcs.c pw_check.c \
+          admin_server.c kadm_ser_wrap.c ksrvutil.c ksrvutil_get.c \
+	  new_pwd.c random_password.c
+
+OBJECTS = kpasswd.o kadmin.o kadm_server.o kadm_funcs.o \
+          admin_server.o kadm_ser_wrap.o ksrvutil.o ksrvutil_get.o \
+	  new_pwd.o random_password.o
+
+all: $(PROGS)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
+	for x in $(PROG_BIN); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+	$(MKINSTALLDIRS) $(DESTDIR)$(sbindir)
+	for x in $(PROG_SBIN); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(sbindir)/`echo $$x | sed '$(transform)'`; \
+	done
+	$(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
+	for x in $(PROG_LIBEXEC); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
+	@rm -f $(prefix)/sbin/kadmin
+
+uninstall:
+	for x in $(PROG_BIN); do \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+	for x in $(PROG_SBIN); do \
+	  rm -f $(DESTDIR)$(sbindir)/`echo $$x | sed '$(transform)'`; \
+	done
+	for x in $(PROG_LIBEXEC); do \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+KLIB=-L../lib/kadm -lkadm -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/com_err -lcom_err
+LIBROKEN=-L../lib/roken -lroken
+
+kpasswd$(EXECSUFFIX): kpasswd.o new_pwd.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kpasswd.o new_pwd.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+kadmin_OBJECTS = kadmin.o new_pwd.o random_password.o
+
+kadmin$(EXECSUFFIX): $(kadmin_OBJECTS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(kadmin_OBJECTS) $(KLIB) -L../lib/sl -lsl $(LIBROKEN) $(LIBS) $(LIB_readline) $(LIBROKEN)
+
+KADMIND_OBJECTS=kadm_server.o kadm_funcs.o admin_server.o kadm_ser_wrap.o pw_check.o
+
+kadmind$(EXECSUFFIX): $(KADMIND_OBJECTS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(KADMIND_OBJECTS) -L../lib/kdb -lkdb -L../lib/acl -lacl $(KLIB) $(CRACKLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS)
+
+ksrvutil$(EXECSUFFIX): ksrvutil.o ksrvutil_get.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ ksrvutil.o ksrvutil_get.o $(KLIB) $(LIBROKEN) $(LIBS)
+
+$(OBJECTS): ../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/kadmin/admin_server.c b/crypto/kerberosIV/kadmin/admin_server.c
new file mode 100644
index 0000000..c1f2a8e
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/admin_server.c
@@ -0,0 +1,460 @@
+/*
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+/*
+ * Top-level loop of the kerberos Administration server
+ */
+
+/*
+  admin_server.c
+  this holds the main loop and initialization and cleanup code for the server
+*/
+
+#include "kadm_locl.h"
+
+RCSID("$Id: admin_server.c,v 1.49 1999/11/13 06:32:19 assar Exp $");
+
+/* Almost all procs and such need this, so it is global */
+admin_params prm;		/* The command line parameters struct */
+
+/* GLOBAL */
+char *acldir = DEFAULT_ACL_DIR;
+static char krbrlm[REALM_SZ];
+
+static unsigned pidarraysize = 0;
+static int *pidarray = NULL;
+
+static int exit_now = 0;
+
+static
+RETSIGTYPE
+doexit(int sig)
+{
+    exit_now = 1;
+    SIGRETURN(0);
+}
+   
+static
+RETSIGTYPE
+do_child(int sig)
+{
+    int pid;
+    int i, j;
+
+    int status;
+
+    pid = wait(&status);
+
+    /* Reinstall signal handlers for SysV. Must be done *after* wait */
+    signal(SIGCHLD, do_child);
+
+    for (i = 0; i < pidarraysize; i++)
+	if (pidarray[i] == pid) {
+	    /* found it */
+	    for (j = i; j < pidarraysize-1; j++)
+		/* copy others down */
+		pidarray[j] = pidarray[j+1];
+	    pidarraysize--;
+	    if ((WIFEXITED(status) && WEXITSTATUS(status) != 0)
+		|| WIFSIGNALED(status))
+	      krb_log("child %d: termsig %d, retcode %d", pid,
+		  WTERMSIG(status), WEXITSTATUS(status));
+	    SIGRETURN(0);
+	}
+    krb_log("child %d not in list: termsig %d, retcode %d", pid,
+	WTERMSIG(status), WEXITSTATUS(status));
+    SIGRETURN(0);
+}
+
+static void
+kill_children(void)
+{
+    int i;
+
+    for (i = 0; i < pidarraysize; i++) {
+	kill(pidarray[i], SIGINT);
+	krb_log("killing child %d", pidarray[i]);
+    }
+}
+
+/* close the system log file */
+static void
+close_syslog(void)
+{
+   krb_log("Shutting down admin server");
+}
+
+static void
+byebye(void)			/* say goodnight gracie */
+{
+   printf("Admin Server (kadm server) has completed operation.\n");
+}
+
+static void
+clear_secrets(void)
+{
+    memset(server_parm.master_key, 0, sizeof(server_parm.master_key));
+    memset(server_parm.master_key_schedule, 0,
+	  sizeof(server_parm.master_key_schedule));
+    server_parm.master_key_version = 0L;
+}
+
+#ifdef DEBUG
+#define cleanexit(code) {kerb_fini(); return;}
+#endif
+
+#ifndef DEBUG
+static void
+cleanexit(int val)
+{
+    kerb_fini();
+    clear_secrets();
+    exit(val);
+}
+#endif
+
+static void
+process_client(int fd, struct sockaddr_in *who)
+{
+    u_char *dat;
+    int dat_len;
+    u_short dlen;
+    int retval;
+    Principal service;
+    des_cblock skey;
+    int more;
+    int status;
+
+#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
+    {
+	int on = 1;
+	    
+	if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE,
+		       (void *)&on, sizeof(on)) < 0)
+	    krb_log("setsockopt keepalive: %d",errno);
+    }
+#endif
+
+    server_parm.recv_addr = *who;
+
+    if (kerb_init()) {			/* Open as client */
+	krb_log("can't open krb db");
+	cleanexit(1);
+    }
+    /* need to set service key to changepw.KRB_MASTER */
+
+    status = kerb_get_principal(server_parm.sname, server_parm.sinst, &service,
+				1, &more);
+    if (status == -1) {
+      /* db locked */
+      char *pdat;
+      
+      dat_len = KADM_VERSIZE + 4;
+      dat = (u_char *) malloc(dat_len);
+      if (dat == NULL) {
+	  krb_log("malloc failed");
+	  cleanexit(4);
+      }
+      pdat = (char *) dat;
+      memcpy(pdat, KADM_ULOSE, KADM_VERSIZE);
+      krb_put_int (KADM_DB_INUSE, pdat + KADM_VERSIZE, 4, 4);
+      goto out;
+    } else if (!status) {
+      krb_log("no service %s.%s",server_parm.sname, server_parm.sinst);
+      cleanexit(2);
+    }
+
+    copy_to_key(&service.key_low, &service.key_high, skey);
+    memset(&service, 0, sizeof(service));
+    kdb_encrypt_key (&skey, &skey, &server_parm.master_key,
+		     server_parm.master_key_schedule, DES_DECRYPT);
+    krb_set_key(skey, 0); /* if error, will show up when
+					    rd_req fails */
+    memset(skey, 0, sizeof(skey));
+
+    while (1) {
+	void *errpkt;
+
+	errpkt = malloc(KADM_VERSIZE + 4);
+	if (errpkt == NULL) {
+	    krb_log("malloc: no memory");
+	    close(fd);
+	    cleanexit(4);
+	}
+
+	if ((retval = krb_net_read(fd, &dlen, sizeof(u_short))) !=
+	    sizeof(u_short)) {
+	    if (retval < 0)
+		krb_log("dlen read: %s",error_message(errno));
+	    else if (retval)
+		krb_log("short dlen read: %d",retval);
+	    close(fd);
+	    cleanexit(retval ? 3 : 0);
+	}
+	if (exit_now) {
+	    cleanexit(0);
+	}
+	dat_len = ntohs(dlen);
+	dat = (u_char *) malloc(dat_len);
+	if (dat == NULL) {
+	    krb_log("malloc: No memory");
+	    close(fd);
+	    cleanexit(4);
+	}
+	if ((retval = krb_net_read(fd, dat, dat_len)) != dat_len) {
+	    if (retval < 0)
+		krb_log("data read: %s",error_message(errno));
+	    else
+		krb_log("short read: %d vs. %d", dat_len, retval);
+	    close(fd);
+	    cleanexit(5);
+	}
+    	if (exit_now) {
+	    cleanexit(0);
+	}
+	if ((retval = kadm_ser_in(&dat, &dat_len, errpkt)) != KADM_SUCCESS)
+	    krb_log("processing request: %s", error_message(retval));
+    
+	/* kadm_ser_in did the processing and returned stuff in
+	   dat & dat_len , return the appropriate data */
+    
+    out:
+	dlen = htons(dat_len);
+    
+	if (krb_net_write(fd, &dlen, sizeof(u_short)) < 0) {
+	    krb_log("writing dlen to client: %s",error_message(errno));
+	    close(fd);
+	    cleanexit(6);
+	}
+    
+	if (krb_net_write(fd, dat, dat_len) < 0) {
+	    krb_log("writing to client: %s", error_message(errno));
+	    close(fd);
+	    cleanexit(7);
+	}
+	free(dat);
+    }
+    /*NOTREACHED*/
+}
+
+/*
+kadm_listen
+listen on the admin servers port for a request
+*/
+static int
+kadm_listen(void)
+{
+    int found;
+    int admin_fd;
+    int peer_fd;
+    fd_set mask, readfds;
+    struct sockaddr_in peer;
+    int addrlen;
+    int pid;
+
+    signal(SIGINT, doexit);
+    signal(SIGTERM, doexit);
+    signal(SIGHUP, doexit);
+    signal(SIGQUIT, doexit);
+    signal(SIGPIPE, SIG_IGN); /* get errors on write() */
+    signal(SIGALRM, doexit);
+    signal(SIGCHLD, do_child);
+    if (setsid() < 0)
+        krb_log("setsid() failed");
+
+    if ((admin_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+	return KADM_NO_SOCK;
+#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
+    {
+      int one=1;
+      setsockopt(admin_fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one,
+		 sizeof(one));
+    }
+#endif
+    if (bind(admin_fd, (struct sockaddr *)&server_parm.admin_addr,
+	     sizeof(struct sockaddr_in)) < 0)
+	return KADM_NO_BIND;
+    listen(admin_fd, 1);
+    FD_ZERO(&mask);
+    FD_SET(admin_fd, &mask);
+
+    for (;;) {				/* loop nearly forever */
+	if (exit_now) {
+	    clear_secrets();
+	    kill_children();
+	    return(0);
+	}
+	readfds = mask;
+	if ((found = select(admin_fd+1, &readfds, 0,
+			    0, (struct timeval *)0)) == 0)
+	    continue;			/* no things read */
+	if (found < 0) {
+	    if (errno != EINTR)
+		krb_log("select: %s",error_message(errno));
+	    continue;
+	}      
+	if (FD_ISSET(admin_fd, &readfds)) {
+	    /* accept the conn */
+	    addrlen = sizeof(peer);
+	    if ((peer_fd = accept(admin_fd, (struct sockaddr *)&peer,
+				  &addrlen)) < 0) {
+		krb_log("accept: %s",error_message(errno));
+		continue;
+	    }
+#ifndef DEBUG
+	    /* if you want a sep daemon for each server */
+	    if ((pid = fork())) {
+		void *tmp;
+
+		/* parent */
+		if (pid < 0) {
+		    krb_log("fork: %s",error_message(errno));
+		    close(peer_fd);
+		    continue;
+		}
+		/* fork succeded: keep tabs on child */
+		close(peer_fd);
+		tmp = realloc(pidarray,
+			      (pidarraysize + 1) * sizeof(*pidarray));
+		if(tmp == NULL) {
+		    krb_log ("malloc: no memory. pid %u on its own",
+			     (unsigned)pid);
+		} else {
+		    pidarray = tmp;
+		    pidarray[pidarraysize++] = pid;
+		}
+	    } else {
+		/* child */
+		close(admin_fd);
+#endif /* DEBUG */
+		/*
+		 * If we are multihomed we need to figure out which
+		 * local address that is used this time since it is
+		 * used in "direction" comparison.
+		 */
+		getsockname(peer_fd,
+			    (struct sockaddr *)&server_parm.admin_addr,
+			    &addrlen);
+		/* do stuff */
+		process_client (peer_fd, &peer);
+#ifndef DEBUG
+	    }
+#endif
+	} else {
+	    krb_log("something else woke me up!");
+	    return(0);
+	}
+    }
+    /*NOTREACHED*/
+}
+
+/*
+** Main does the logical thing, it sets up the database and RPC interface,
+**  as well as handling the creation and maintenance of the syslog file...
+*/
+int
+main(int argc, char **argv)		/* admin_server main routine */
+{
+    int errval;
+    int c;
+    struct in_addr i_addr;
+
+    set_progname (argv[0]);
+
+    umask(077);		/* Create protected files */
+
+    i_addr.s_addr = INADDR_ANY;
+    /* initialize the admin_params structure */
+    prm.sysfile = KADM_SYSLOG;		/* default file name */
+    prm.inter = 0;
+
+    memset(krbrlm, 0, sizeof(krbrlm));
+
+    while ((c = getopt(argc, argv, "f:hmnd:a:r:i:")) != -1)
+	switch(c) {
+	case 'f':			/* Syslog file name change */
+	    prm.sysfile = optarg;
+	    break;
+	case 'n':
+	    prm.inter = 0;
+	    break;
+	case 'm':
+	    prm.inter = 1;
+	    break;
+	case 'a':			/* new acl directory */
+	    acldir = optarg;
+	    break;
+	case 'd':
+	    /* put code to deal with alt database place */
+	    if ((errval = kerb_db_set_name(optarg)))
+		errx (1, "opening database %s: %s",
+		      optarg, error_message(errval));
+	    break;
+	case 'r':
+	    strlcpy (krbrlm, optarg, sizeof(krbrlm));
+	    break;
+	case 'i':
+	    /* Only listen on this address */
+	    if(inet_aton (optarg, &i_addr) == 0) {
+		fprintf (stderr, "Bad address: %s\n", optarg);
+		exit (1);
+	    }
+	    break;
+	case 'h':			/* get help on using admin_server */
+	default:
+	    errx(1, "Usage: kadmind [-h] [-n] [-m] [-r realm] [-d dbname] [-f filename] [-a acldir] [-i address_to_listen_on]");
+	}
+
+    if (krbrlm[0] == 0)
+	if (krb_get_lrealm(krbrlm, 1) != KSUCCESS)
+	    errx (1, "Unable to get local realm.  Fix krb.conf or use -r.");
+
+    printf("KADM Server %s initializing\n",KADM_VERSTR);
+    printf("Please do not use 'kill -9' to kill this job, use a\n");
+    printf("regular kill instead\n\n");
+
+    kset_logfile(prm.sysfile);
+    krb_log("Admin server starting");
+
+    kerb_db_set_lockmode(KERB_DBL_NONBLOCKING);
+    errval = kerb_init();		/* Open the Kerberos database */
+    if (errval) {
+	warnx ("error: kerb_init() failed");
+	close_syslog();
+	byebye();
+    }
+    /* set up the server_parm struct */
+    if ((errval = kadm_ser_init(prm.inter, krbrlm, i_addr))==KADM_SUCCESS) {
+	kerb_fini();			/* Close the Kerberos database--
+					   will re-open later */
+	errval = kadm_listen();		/* listen for calls to server from
+					   clients */
+    }
+    if (errval != KADM_SUCCESS) {
+	warnx("error:  %s",error_message(errval));
+	kerb_fini();			/* Close if error */
+    }
+    close_syslog();			/* Close syslog file, print
+					   closing note */
+    byebye();				/* Say bye bye on the terminal
+					   in use */
+    exit(1);
+}					/* procedure main */
diff --git a/crypto/kerberosIV/kadmin/kadm_funcs.c b/crypto/kerberosIV/kadmin/kadm_funcs.c
new file mode 100644
index 0000000..8ae8a41
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/kadm_funcs.c
@@ -0,0 +1,437 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+*/
+
+/*
+ * Kerberos administration server-side database manipulation routines
+ */
+
+/*
+ * kadm_funcs.c
+ * the actual database manipulation code
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: kadm_funcs.c,v 1.18 1999/09/16 20:41:40 assar Exp $");
+
+static int
+check_access(char *pname, char *pinst, char *prealm, enum acl_types acltype)
+{
+    char checkname[MAX_K_NAME_SZ];
+    char filename[MaxPathLen];
+
+    snprintf(checkname, sizeof(checkname), "%s.%s@%s", pname, pinst, prealm);
+    
+    switch (acltype) {
+    case ADDACL:
+	snprintf(filename, sizeof(filename), "%s%s", acldir, ADD_ACL_FILE);
+	break;
+    case GETACL:
+	snprintf(filename, sizeof(filename), "%s%s", acldir, GET_ACL_FILE);
+	break;
+    case MODACL:
+	snprintf(filename, sizeof(filename), "%s%s", acldir, MOD_ACL_FILE);
+	break;
+    case DELACL:
+	snprintf(filename, sizeof(filename), "%s%s", acldir, DEL_ACL_FILE);
+	break;
+    default:
+	krb_log("WARNING in check_access: default case in switch");
+	return 0;
+    }
+    return(acl_check(filename, checkname));
+}
+
+static int
+wildcard(char *str)
+{
+    if (!strcmp(str, WILDCARD_STR))
+	return(1);
+    return(0);
+}
+
+static int
+fail(int code, char *oper, char *princ)
+{
+    krb_log("ERROR: %s: %s (%s)", oper, princ, error_message(code));
+    return code;
+}
+
+#define failadd(code) { fail(code, "ADD", victim); return code; }
+#define faildelete(code) { fail(code, "DELETE", victim); return code; }
+#define failget(code) { fail(code, "GET", victim); return code; }
+#define failmod(code) { fail(code, "MOD", victim); return code; }
+#define failchange(code) { fail(code, "CHANGE", admin); return code; }
+
+int
+kadm_add_entry (char *rname, char *rinstance, char *rrealm, 
+		Kadm_vals *valsin, Kadm_vals *valsout)
+{
+    long numfound;		/* check how many we get written */
+    int more;			/* pointer to more grabbed records */
+    Principal data_i, data_o;		/* temporary principal */
+    u_char flags[4];
+    des_cblock newpw;
+    Principal default_princ;
+  
+    char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ];
+
+    strlcpy(admin,
+		    krb_unparse_name_long(rname, rinstance, rrealm),
+		    sizeof(admin));
+    strlcpy(victim,
+		    krb_unparse_name_long(valsin->name,
+					  valsin->instance,
+					  NULL),
+		    sizeof(victim));
+
+    krb_log("ADD: %s by %s", victim, admin);
+
+    if (!check_access(rname, rinstance, rrealm, ADDACL)) {
+	krb_log("WARNING: ADD: %s permission denied", admin);
+	return KADM_UNAUTH;
+    }
+  
+    /* Need to check here for "legal" name and instance */
+    if (wildcard(valsin->name) || wildcard(valsin->instance)) {
+	failadd(KADM_ILL_WILDCARD);
+    }
+
+    numfound = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
+				  &default_princ, 1, &more);
+    if (numfound == -1) {
+	failadd(KADM_DB_INUSE);
+    } else if (numfound != 1) {
+	failadd(KADM_UK_RERROR);
+    }
+
+    kadm_vals_to_prin(valsin->fields, &data_i, valsin);
+    strlcpy(data_i.name, valsin->name, ANAME_SZ);
+    strlcpy(data_i.instance, valsin->instance, INST_SZ);
+
+    if (!IS_FIELD(KADM_EXPDATE,valsin->fields))
+	data_i.exp_date = default_princ.exp_date;
+    if (!IS_FIELD(KADM_ATTR,valsin->fields))
+	data_i.attributes = default_princ.attributes;
+    if (!IS_FIELD(KADM_MAXLIFE,valsin->fields))
+	data_i.max_life = default_princ.max_life; 
+
+    memset(&default_princ, 0, sizeof(default_princ));
+
+    /* convert to host order */
+    data_i.key_low = ntohl(data_i.key_low);
+    data_i.key_high = ntohl(data_i.key_high);
+
+
+    copy_to_key(&data_i.key_low, &data_i.key_high, newpw);
+
+    /* encrypt new key in master key */
+    kdb_encrypt_key (&newpw, &newpw, &server_parm.master_key,
+		     server_parm.master_key_schedule, DES_ENCRYPT);
+    copy_from_key(newpw, &data_i.key_low, &data_i.key_high);
+    memset(newpw, 0, sizeof(newpw));
+
+    data_o = data_i;
+    numfound = kerb_get_principal(valsin->name, valsin->instance, 
+				  &data_o, 1, &more);
+    if (numfound == -1) {
+	failadd(KADM_DB_INUSE);
+    } else if (numfound) {
+	failadd(KADM_INUSE);
+    } else {
+	data_i.key_version++;
+	data_i.kdc_key_ver = server_parm.master_key_version;
+	strlcpy(data_i.mod_name, rname, sizeof(data_i.mod_name));
+	strlcpy(data_i.mod_instance, rinstance,
+			sizeof(data_i.mod_instance));
+
+	numfound = kerb_put_principal(&data_i, 1);
+	if (numfound == -1) {
+	    failadd(KADM_DB_INUSE);
+	} else if (numfound) {
+	    failadd(KADM_UK_SERROR);
+	} else {
+	    numfound = kerb_get_principal(valsin->name, valsin->instance, 
+					  &data_o, 1, &more);
+	    if ((numfound!=1) || (more!=0)) {
+		failadd(KADM_UK_RERROR);
+	    }
+	    memset(flags, 0, sizeof(flags));
+	    SET_FIELD(KADM_NAME,flags);
+	    SET_FIELD(KADM_INST,flags);
+	    SET_FIELD(KADM_EXPDATE,flags);
+	    SET_FIELD(KADM_ATTR,flags);
+	    SET_FIELD(KADM_MAXLIFE,flags);
+	    kadm_prin_to_vals(flags, valsout, &data_o);
+	    krb_log("ADD: %s added", victim);
+	    return KADM_DATA;		/* Set all the appropriate fields */
+	}
+    }
+}
+
+int
+kadm_delete_entry (char *rname, char *rinstance, char *rrealm, 
+		   Kadm_vals *valsin)
+{
+    int ret;
+
+    char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ];
+    
+    strlcpy(admin,
+		    krb_unparse_name_long(rname, rinstance, rrealm),
+		    sizeof(admin));
+    strlcpy(victim,
+		    krb_unparse_name_long(valsin->name,
+					  valsin->instance,
+					  NULL),
+		    sizeof(victim));
+
+    krb_log("DELETE: %s by %s", victim, admin);
+
+    if (!check_access(rname, rinstance, rrealm, DELACL)) {
+	krb_log("WARNING: DELETE: %s permission denied", admin);
+	return KADM_UNAUTH;
+    }
+    
+    /* Need to check here for "legal" name and instance */
+    if (wildcard(valsin->name) || wildcard(valsin->instance)) {
+	faildelete(KADM_ILL_WILDCARD);
+    }
+  
+#define EQ(V,N,I) (strcmp((V)->name, (N)) == 0 && strcmp((V)->instance, (I)) == 0)
+
+    if(EQ(valsin, PWSERV_NAME, KRB_MASTER) ||
+       EQ(valsin, "K", "M") ||
+       EQ(valsin, "default", "") ||
+       EQ(valsin, KRB_TICKET_GRANTING_TICKET, server_parm.krbrlm)){
+	krb_log("WARNING: DELETE: %s is immutable", victim);
+	return KADM_IMMUTABLE; /* XXX */
+    }
+    
+    ret = kerb_delete_principal(valsin->name, valsin->instance);
+    if(ret == -1)
+	return KADM_DB_INUSE; /* XXX */
+    krb_log("DELETE: %s removed.", victim);
+    return KADM_SUCCESS;
+}
+
+
+int
+kadm_get_entry (char *rname, char *rinstance, char *rrealm, 
+		Kadm_vals *valsin, u_char *flags, Kadm_vals *valsout)
+{
+    long numfound;		/* check how many were returned */
+    int more;			/* To point to more name.instances */
+    Principal data_o;		/* Data object to hold Principal */
+    
+    char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ];
+    
+    strlcpy(admin,
+		    krb_unparse_name_long(rname, rinstance, rrealm),
+		    sizeof(admin));
+    strlcpy(victim,
+		    krb_unparse_name_long(valsin->name,
+					  valsin->instance,
+					  NULL),
+		    sizeof(victim));
+    
+    krb_log("GET: %s by %s", victim, admin);
+
+    if (!check_access(rname, rinstance, rrealm, GETACL)) {
+	krb_log("WARNING: GET: %s permission denied", admin);
+	return KADM_UNAUTH;
+    }
+  
+    if (wildcard(valsin->name) || wildcard(valsin->instance)) {
+	failget(KADM_ILL_WILDCARD);
+    }
+
+    /* Look up the record in the database */
+    numfound = kerb_get_principal(valsin->name, valsin->instance, 
+				  &data_o, 1, &more);
+    if (numfound == -1) {
+	failget(KADM_DB_INUSE);
+    }  else if (numfound) {	/* We got the record, let's return it */
+	kadm_prin_to_vals(flags, valsout, &data_o);
+	krb_log("GET: %s retrieved", victim);
+	return KADM_DATA; /* Set all the appropriate fields */
+    } else {
+	failget(KADM_NOENTRY);	/* Else whimper and moan */
+    }
+}
+
+int
+kadm_mod_entry (char *rname, char *rinstance, char *rrealm, 
+		Kadm_vals *valsin, Kadm_vals *valsin2, Kadm_vals *valsout)
+{
+    long numfound;
+    int more;
+    Principal data_o, temp_key;
+    u_char fields[4];
+    des_cblock newpw;
+
+    char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ];
+    
+    strlcpy(admin,
+		    krb_unparse_name_long(rname, rinstance, rrealm),
+		    sizeof(admin));
+    strlcpy(victim,
+		    krb_unparse_name_long(valsin->name,
+					  valsin->instance,
+					  NULL),
+		    sizeof(victim));
+    
+    krb_log("MOD: %s by %s", victim, admin);
+
+    if (wildcard(valsin->name) || wildcard(valsin->instance)) {
+	failmod(KADM_ILL_WILDCARD);
+    }
+  
+    if (!check_access(rname, rinstance, rrealm, MODACL)) {
+	krb_log("WARNING: MOD: %s permission denied", admin);
+	return KADM_UNAUTH;
+    }
+    
+    numfound = kerb_get_principal(valsin->name, valsin->instance, 
+				  &data_o, 1, &more);
+    if (numfound == -1) {
+	failmod(KADM_DB_INUSE);
+    } else if (numfound) {
+	kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2);
+	strlcpy(data_o.name, valsin->name, ANAME_SZ);
+	strlcpy(data_o.instance, valsin->instance, INST_SZ);
+	if (IS_FIELD(KADM_EXPDATE,valsin2->fields))
+	    data_o.exp_date = temp_key.exp_date;
+	if (IS_FIELD(KADM_ATTR,valsin2->fields))
+	    data_o.attributes = temp_key.attributes;
+	if (IS_FIELD(KADM_MAXLIFE,valsin2->fields))
+	    data_o.max_life = temp_key.max_life; 
+	if (IS_FIELD(KADM_DESKEY,valsin2->fields)) {
+	    data_o.key_version++;
+	    data_o.kdc_key_ver = server_parm.master_key_version;
+
+
+	    /* convert to host order */
+	    temp_key.key_low = ntohl(temp_key.key_low);
+	    temp_key.key_high = ntohl(temp_key.key_high);
+
+
+	    copy_to_key(&temp_key.key_low, &temp_key.key_high, newpw);
+
+	    /* encrypt new key in master key */
+	    kdb_encrypt_key (&newpw, &newpw, &server_parm.master_key,
+			     server_parm.master_key_schedule, DES_ENCRYPT);
+	    copy_from_key(newpw, &data_o.key_low, &data_o.key_high);
+	    memset(newpw, 0, sizeof(newpw));
+	}
+	memset(&temp_key, 0, sizeof(temp_key));
+
+	strlcpy(data_o.mod_name, rname, sizeof(data_o.mod_name));
+	strlcpy(data_o.mod_instance, rinstance,
+			sizeof(data_o.mod_instance));
+	more = kerb_put_principal(&data_o, 1);
+
+	memset(&data_o, 0, sizeof(data_o));
+
+	if (more == -1) {
+	    failmod(KADM_DB_INUSE);
+	} else if (more) {
+	    failmod(KADM_UK_SERROR);
+	} else {
+	    numfound = kerb_get_principal(valsin->name, valsin->instance, 
+					  &data_o, 1, &more);
+	    if ((more!=0)||(numfound!=1)) {
+		failmod(KADM_UK_RERROR);
+	    }
+	    memset(fields, 0, sizeof(fields));
+	    SET_FIELD(KADM_NAME,fields);
+	    SET_FIELD(KADM_INST,fields);
+	    SET_FIELD(KADM_EXPDATE,fields);
+	    SET_FIELD(KADM_ATTR,fields);
+	    SET_FIELD(KADM_MAXLIFE,fields);
+	    kadm_prin_to_vals(fields, valsout, &data_o);
+	    krb_log("MOD: %s modified", victim);
+	    return KADM_DATA;		/* Set all the appropriate fields */
+	}
+    }
+    else {
+	failmod(KADM_NOENTRY);
+    }
+}
+
+int
+kadm_change (char *rname, char *rinstance, char *rrealm, unsigned char *newpw)
+{
+    long numfound;
+    int more;
+    Principal data_o;
+    des_cblock local_pw;
+
+    char admin[MAX_K_NAME_SZ];
+    
+    strlcpy(admin,
+		    krb_unparse_name_long(rname, rinstance, rrealm),
+		    sizeof(admin));
+    
+    krb_log("CHANGE: %s", admin);
+
+    if (strcmp(server_parm.krbrlm, rrealm)) {
+	krb_log("ERROR: CHANGE: request from wrong realm %s", rrealm);
+	return(KADM_WRONG_REALM);
+    }
+
+    if (wildcard(rname) || wildcard(rinstance)) {
+	failchange(KADM_ILL_WILDCARD);
+    }
+
+    memcpy(local_pw, newpw, sizeof(local_pw));
+  
+    /* encrypt new key in master key */
+    kdb_encrypt_key (&local_pw, &local_pw, &server_parm.master_key,
+		     server_parm.master_key_schedule, DES_ENCRYPT);
+
+    numfound = kerb_get_principal(rname, rinstance, 
+				  &data_o, 1, &more);
+    if (numfound == -1) {
+	failchange(KADM_DB_INUSE);
+    } else if (numfound) {
+	copy_from_key(local_pw, &data_o.key_low, &data_o.key_high);
+	data_o.key_version++;
+	data_o.kdc_key_ver = server_parm.master_key_version;
+	strlcpy(data_o.mod_name, rname, sizeof(data_o.mod_name));
+	strlcpy(data_o.mod_instance, rinstance,
+			sizeof(data_o.mod_instance));
+	more = kerb_put_principal(&data_o, 1);
+	memset(local_pw, 0, sizeof(local_pw));
+	memset(&data_o, 0, sizeof(data_o));
+	if (more == -1) {
+	    failchange(KADM_DB_INUSE);
+	} else if (more) {
+	    failchange(KADM_UK_SERROR);
+	} else {
+	    krb_log("CHANGE: %s's password changed", admin);
+	    return KADM_SUCCESS;
+	}
+    }
+    else {
+	failchange(KADM_NOENTRY);
+    }
+}
diff --git a/crypto/kerberosIV/kadmin/kadm_locl.h b/crypto/kerberosIV/kadmin/kadm_locl.h
new file mode 100644
index 0000000..960c564
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/kadm_locl.h
@@ -0,0 +1,154 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kadm_locl.h,v 1.31 1999/12/02 16:58:36 joda Exp $ */
+
+#include "config.h"
+#include "protos.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#include <errno.h>
+#include <signal.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif /* HAVE_SYS_RESOURCE_H */
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+
+#include <err.h>
+
+#ifdef SOCKS
+#include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
+#endif
+
+#include <roken.h>
+
+#include <com_err.h>
+#include <sl.h>
+
+#include <des.h>
+#include <krb.h>
+#include <krb_err.h>
+#include <krb_db.h>
+#include <kadm.h>
+#include <kadm_err.h>
+#include <acl.h>
+
+#include <krb_log.h>
+
+#include "kadm_server.h"
+#include "pw_check.h"
+
+/* from libacl */
+/* int acl_check(char *acl, char *principal); */
+
+/* GLOBALS */
+extern char *acldir;
+extern Kadm_Server server_parm;
+
+/* Utils */
+int kadm_change (char *, char *, char *, des_cblock);
+int kadm_add_entry (char *, char *, char *, Kadm_vals *, Kadm_vals *);
+int kadm_mod_entry (char *, char *, char *, Kadm_vals *, Kadm_vals *, Kadm_vals *);
+int kadm_get_entry (char *, char *, char *, Kadm_vals *, u_char *, Kadm_vals *);
+int kadm_delete_entry (char *, char *, char *, Kadm_vals *);
+int kadm_ser_cpw (u_char *, int, AUTH_DAT *, u_char **, int *);
+int kadm_ser_add (u_char *, int, AUTH_DAT *, u_char **, int *);
+int kadm_ser_mod (u_char *, int, AUTH_DAT *, u_char **, int *);
+int kadm_ser_get (u_char *, int, AUTH_DAT *, u_char **, int *);
+int kadm_ser_delete (u_char *, int, AUTH_DAT *, u_char **, int *);
+int kadm_ser_init (int inter, char realm[], struct in_addr);
+int kadm_ser_in (u_char **, int *, u_char *);
+
+int get_pw_new_pwd  (char *pword, int pwlen, krb_principal *pr, int print_realm);
+
+/* cracklib */
+char *FascistCheck (char *password, char *path, char **strings);
+
+void
+random_password(char *pw, size_t len, u_int32_t *low, u_int32_t *high);
diff --git a/crypto/kerberosIV/kadmin/kadm_ser_wrap.c b/crypto/kerberosIV/kadmin/kadm_ser_wrap.c
new file mode 100644
index 0000000..196a89c
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/kadm_ser_wrap.c
@@ -0,0 +1,225 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+/*
+ * Kerberos administration server-side support functions
+ */
+
+/* 
+kadm_ser_wrap.c
+unwraps wrapped packets and calls the appropriate server subroutine
+*/
+
+#include "kadm_locl.h"
+
+RCSID("$Id: kadm_ser_wrap.c,v 1.25 1999/09/16 20:41:41 assar Exp $");
+
+/* GLOBAL */
+Kadm_Server server_parm;
+
+/* 
+kadm_ser_init
+set up the server_parm structure
+*/
+int
+kadm_ser_init(int inter,	/* interactive or from file */
+	      char *realm,
+	      struct in_addr addr)
+{
+  struct hostent *hp;
+  char hostname[MaxHostNameLen];
+
+  init_kadm_err_tbl();
+  init_krb_err_tbl();
+  if (gethostname(hostname, sizeof(hostname)))
+      return KADM_NO_HOSTNAME;
+
+  strlcpy(server_parm.sname,
+		  PWSERV_NAME,
+		  sizeof(server_parm.sname));
+  strlcpy(server_parm.sinst,
+		  KRB_MASTER,
+		  sizeof(server_parm.sinst));
+  strlcpy(server_parm.krbrlm,
+		  realm,
+		  sizeof(server_parm.krbrlm));
+
+  server_parm.admin_fd = -1;
+  /* setting up the addrs */
+  memset(&server_parm.admin_addr,0, sizeof(server_parm.admin_addr));
+
+  server_parm.admin_addr.sin_port = k_getportbyname (KADM_SNAME,
+						     "tcp",
+						     htons(751));
+  server_parm.admin_addr.sin_family = AF_INET;
+  if ((hp = gethostbyname(hostname)) == NULL)
+      return KADM_NO_HOSTNAME;
+  server_parm.admin_addr.sin_addr = addr;
+				/* setting up the database */
+  if (kdb_get_master_key((inter==1), &server_parm.master_key,
+			 server_parm.master_key_schedule) != 0)
+    return KADM_NO_MAST;
+  if ((server_parm.master_key_version =
+       kdb_verify_master_key(&server_parm.master_key,
+			     server_parm.master_key_schedule,stderr))<0)
+      return KADM_NO_VERI;
+  return KADM_SUCCESS;
+}
+
+/*
+ *
+ */
+
+static void
+errpkt(u_char *errdat, u_char **dat, int *dat_len, int code)
+{
+    free(*dat);			/* free up req */
+    *dat_len = KADM_VERSIZE + 4;
+    memcpy(errdat, KADM_ULOSE, KADM_VERSIZE);
+    krb_put_int (code, errdat + KADM_VERSIZE, 4, 4);
+    *dat = errdat;
+}
+
+/*
+kadm_ser_in
+unwrap the data stored in dat, process, and return it.
+*/
+int
+kadm_ser_in(u_char **dat, int *dat_len, u_char *errdat)
+{
+    u_char *in_st;			/* pointer into the sent packet */
+    int in_len,retc;			/* where in packet we are, for
+					   returns */
+    u_int32_t r_len;			/* length of the actual packet */
+    KTEXT_ST authent;			/* the authenticator */
+    AUTH_DAT ad;			/* who is this, klink */
+    u_int32_t ncksum;			/* checksum of encrypted data */
+    des_key_schedule sess_sched;	/* our schedule */
+    MSG_DAT msg_st;
+    u_char *retdat, *tmpdat;
+    int retval, retlen;
+
+    if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) {
+	errpkt(errdat, dat, dat_len, KADM_BAD_VER);
+	return KADM_BAD_VER;
+    }
+    in_len = KADM_VERSIZE;
+    /* get the length */
+    if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0)
+	return KADM_LENGTH_ERROR;
+    in_len += retc;
+    authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_int32_t);
+    memcpy(authent.dat, (char *)(*dat) + in_len, authent.length);
+    authent.mbz = 0;
+    /* service key should be set before here */
+    if ((retc = krb_rd_req(&authent, server_parm.sname, server_parm.sinst,
+			  server_parm.recv_addr.sin_addr.s_addr, &ad, NULL)))
+    {
+	errpkt(errdat, dat, dat_len, retc + krb_err_base);
+	return retc + krb_err_base;
+    }
+
+#define clr_cli_secrets() {memset(sess_sched, 0, sizeof(sess_sched)); memset(ad.session, 0,sizeof(ad.session));}
+
+    in_st = *dat + *dat_len - r_len;
+#ifdef NOENCRYPTION
+    ncksum = 0;
+#else
+    ncksum = des_quad_cksum((des_cblock *)in_st, (des_cblock *)0, (long) r_len, 0, &ad.session);
+#endif
+    if (ncksum!=ad.checksum) {		/* yow, are we correct yet */
+	clr_cli_secrets();
+	errpkt(errdat, dat, dat_len, KADM_BAD_CHK);
+	return KADM_BAD_CHK;
+    }
+#ifdef NOENCRYPTION
+    memset(sess_sched, 0, sizeof(sess_sched));
+#else
+    des_key_sched(&ad.session, sess_sched);
+#endif
+    if ((retc = (int) krb_rd_priv(in_st, r_len, sess_sched, &ad.session, 
+				 &server_parm.recv_addr,
+				 &server_parm.admin_addr, &msg_st))) {
+	clr_cli_secrets();
+	errpkt(errdat, dat, dat_len, retc + krb_err_base);
+	return retc + krb_err_base;
+    }
+    switch (msg_st.app_data[0]) {
+    case CHANGE_PW:
+	retval = kadm_ser_cpw(msg_st.app_data+1,(int) msg_st.app_length - 1,
+			      &ad, &retdat, &retlen);
+	break;
+    case ADD_ENT:
+	retval = kadm_ser_add(msg_st.app_data+1,(int) msg_st.app_length - 1,
+			      &ad, &retdat, &retlen);
+	break;
+    case GET_ENT:
+	retval = kadm_ser_get(msg_st.app_data+1,(int) msg_st.app_length - 1,
+			      &ad, &retdat, &retlen);
+	break;
+    case MOD_ENT:
+	retval = kadm_ser_mod(msg_st.app_data+1,(int) msg_st.app_length - 1,
+			      &ad, &retdat, &retlen);
+	break;
+    case DEL_ENT:
+	retval = kadm_ser_delete(msg_st.app_data + 1, msg_st.app_length - 1, 
+				 &ad, &retdat, &retlen);
+	break;
+    default:
+	clr_cli_secrets();
+	errpkt(errdat, dat, dat_len, KADM_NO_OPCODE);
+	return KADM_NO_OPCODE;
+    }
+    /* Now seal the response back into a priv msg */
+    tmpdat = (u_char *) malloc(retlen + KADM_VERSIZE + 4);
+    if (tmpdat == NULL) {
+	clr_cli_secrets();
+	errpkt(errdat, dat, dat_len, KADM_NOMEM);
+	return KADM_NOMEM;
+    }
+    free(*dat);
+    memcpy(tmpdat, KADM_VERSTR, KADM_VERSIZE);
+    krb_put_int(retval, tmpdat + KADM_VERSIZE, 4, 4);
+    if (retlen) {
+        memcpy(tmpdat + KADM_VERSIZE + 4, retdat, retlen);
+	free(retdat);
+    }
+    /* slop for mk_priv stuff */
+    *dat = (u_char *) malloc(retlen + KADM_VERSIZE +
+			     sizeof(u_int32_t) + 200);
+    if (*dat == NULL) {
+	clr_cli_secrets();
+	errpkt(errdat, dat, dat_len, KADM_NOMEM);
+	return KADM_NOMEM;
+    }
+    if ((*dat_len = krb_mk_priv(tmpdat, *dat,
+				(u_int32_t) (retlen + KADM_VERSIZE +
+					  sizeof(u_int32_t)),
+				sess_sched,
+				&ad.session, &server_parm.admin_addr,
+				&server_parm.recv_addr)) < 0) {
+	clr_cli_secrets();
+	errpkt(errdat, dat, dat_len, KADM_NO_ENCRYPT);
+	return KADM_NO_ENCRYPT;
+    }
+    clr_cli_secrets();
+    return KADM_SUCCESS;
+}
diff --git a/crypto/kerberosIV/kadmin/kadm_server.c b/crypto/kerberosIV/kadmin/kadm_server.c
new file mode 100644
index 0000000..1006f20
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/kadm_server.c
@@ -0,0 +1,198 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+/*
+ * Kerberos administration server-side subroutines
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: kadm_server.c,v 1.9 1997/05/02 10:29:08 joda Exp $");
+
+/* 
+kadm_ser_cpw - the server side of the change_password routine
+  recieves    : KTEXT, {key}
+  returns     : CKSUM, RETCODE
+  acl         : caller can change only own password
+
+Replaces the password (i.e. des key) of the caller with that specified in key.
+Returns no actual data from the master server, since this is called by a user
+*/
+int
+kadm_ser_cpw(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
+{
+    u_int32_t keylow, keyhigh;
+    des_cblock newkey;
+    int status;
+    int stvlen=0;
+    char *pw_msg;
+    char pword[MAX_KPW_LEN];
+    char *strings[4];
+
+    /* take key off the stream, and change the database */
+
+    if ((status = stv_long(dat, &keyhigh, 0, len)) < 0)
+	return(KADM_LENGTH_ERROR);
+    stvlen=status;
+    if ((status = stv_long(dat, &keylow, stvlen, len)) < 0)
+	return(KADM_LENGTH_ERROR);
+    stvlen+=status;
+
+    if((status = stv_string(dat, pword, stvlen, sizeof(pword), len))<0)
+      pword[0]=0;
+
+    keylow = ntohl(keylow);
+    keyhigh = ntohl(keyhigh);
+    memcpy(((char *)newkey) + 4, &keyhigh, 4);
+    memcpy(newkey, &keylow, 4);
+
+    strings[0] = ad->pname;
+    strings[1] = ad->pinst;
+    strings[2] = ad->prealm;
+    strings[3] = NULL;
+    status = kadm_pw_check(pword, &newkey, &pw_msg, strings);
+    
+    memset(pword, 0, sizeof(pword));
+    memset(dat, 0, len);
+
+    if(status != KADM_SUCCESS){
+      *datout=malloc(0);
+      *outlen=vts_string(pw_msg, datout, 0);
+      return status;
+    }
+    *datout=0;
+    *outlen=0;
+
+    return(kadm_change(ad->pname, ad->pinst, ad->prealm, newkey));
+}
+
+
+/*
+kadm_ser_add - the server side of the add_entry routine
+  recieves    : KTEXT, {values}
+  returns     : CKSUM, RETCODE, {values}
+  acl         : su, sms (as alloc)
+
+Adds and entry containing values to the database
+returns the values of the entry, so if you leave certain fields blank you will
+   be able to determine the default values they are set to
+*/
+int
+kadm_ser_add(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
+{
+  Kadm_vals values, retvals;
+  long status;
+
+  if ((status = stream_to_vals(dat, &values, len)) < 0)
+      return(KADM_LENGTH_ERROR);
+  if ((status = kadm_add_entry(ad->pname, ad->pinst, ad->prealm,
+			      &values, &retvals)) == KADM_DATA) {
+      *outlen = vals_to_stream(&retvals,datout);
+      return KADM_SUCCESS;
+  } else {
+      *outlen = 0;
+      return status;
+  }
+}
+
+/*
+kadm_ser_mod - the server side of the mod_entry routine
+  recieves    : KTEXT, {values, values}
+  returns     : CKSUM, RETCODE, {values}
+  acl         : su, sms (as register or dealloc)
+
+Modifies all entries corresponding to the first values so they match the
+   second values.
+returns the values for the changed entries
+*/
+int
+kadm_ser_mod(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
+{
+  Kadm_vals vals1, vals2, retvals;
+  int wh;
+  long status;
+
+  if ((wh = stream_to_vals(dat, &vals1, len)) < 0)
+      return KADM_LENGTH_ERROR;
+  if ((status = stream_to_vals(dat+wh,&vals2, len-wh)) < 0)
+      return KADM_LENGTH_ERROR;
+  if ((status = kadm_mod_entry(ad->pname, ad->pinst, ad->prealm, &vals1,
+			       &vals2, &retvals)) == KADM_DATA) {
+      *outlen = vals_to_stream(&retvals,datout);
+      return KADM_SUCCESS;
+  } else {
+      *outlen = 0;
+      return status;
+  }
+}
+
+int
+kadm_ser_delete(u_char *dat, int len, AUTH_DAT *ad, 
+		u_char **datout, int *outlen)
+{
+    Kadm_vals values;
+    int wh;
+    int status;
+    
+    if((wh = stream_to_vals(dat, &values, len)) < 0)
+	return KADM_LENGTH_ERROR;
+    if(wh != len)
+	return KADM_LENGTH_ERROR;
+    status = kadm_delete_entry(ad->pname, ad->pinst, ad->prealm, 
+			       &values);
+    *outlen = 0;
+    return status;
+}
+
+/*
+kadm_ser_get
+  recieves   : KTEXT, {values, flags}
+  returns    : CKSUM, RETCODE, {count, values, values, values}
+  acl        : su
+
+gets the fields requested by flags from all entries matching values
+returns this data for each matching recipient, after a count of how many such
+  matches there were
+*/
+int
+kadm_ser_get(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
+{
+  Kadm_vals values, retvals;
+  u_char fl[FLDSZ];
+  int loop,wh;
+  long status;
+
+  if ((wh = stream_to_vals(dat, &values, len)) < 0)
+      return KADM_LENGTH_ERROR;
+  if (wh + FLDSZ > len)
+      return KADM_LENGTH_ERROR;
+  for (loop=FLDSZ-1; loop>=0; loop--)
+    fl[loop] = dat[wh++];
+  if ((status = kadm_get_entry(ad->pname, ad->pinst, ad->prealm,
+			      &values, fl, &retvals)) == KADM_DATA) {
+      *outlen = vals_to_stream(&retvals,datout);
+      return KADM_SUCCESS;
+  } else {
+      *outlen = 0;
+      return status;
+  }
+}
+
diff --git a/crypto/kerberosIV/kadmin/kadm_server.h b/crypto/kerberosIV/kadmin/kadm_server.h
new file mode 100644
index 0000000..c730574
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/kadm_server.h
@@ -0,0 +1,66 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+/* $Id: kadm_server.h,v 1.10 1997/05/11 04:08:26 assar Exp $ */
+
+/*
+ * Definitions for Kerberos administration server & client
+ */
+
+#ifndef KADM_SERVER_DEFS
+#define KADM_SERVER_DEFS
+
+/*
+ * kadm_server.h
+ * Header file for the fourth attempt at an admin server
+ * Doug Church, December 28, 1989, MIT Project Athena
+ *    ps. Yes that means this code belongs to athena etc...
+ *        as part of our ongoing attempt to copyright all greek names
+ */
+
+typedef struct {
+  struct sockaddr_in admin_addr;
+  struct sockaddr_in recv_addr;
+  int recv_addr_len;
+  int admin_fd;			/* our link to clients */
+  char sname[ANAME_SZ];
+  char sinst[INST_SZ];
+  char krbrlm[REALM_SZ];
+  des_cblock master_key;
+  des_cblock session_key;
+  des_key_schedule master_key_schedule;
+  long master_key_version;
+} Kadm_Server;
+
+/* the default syslog file */
+#ifndef KADM_SYSLOG
+#define KADM_SYSLOG  "/var/log/admin_server.syslog"
+#endif /* KADM_SYSLOG */
+
+#ifndef DEFAULT_ACL_DIR
+#define DEFAULT_ACL_DIR	"/var/kerberos"
+#endif /* DEFAULT_ACL_DIR */
+#define	ADD_ACL_FILE	"/admin_acl.add"
+#define	GET_ACL_FILE	"/admin_acl.get"
+#define	MOD_ACL_FILE	"/admin_acl.mod"
+#define	DEL_ACL_FILE	"/admin_acl.del"
+
+#endif /* KADM_SERVER_DEFS */
diff --git a/crypto/kerberosIV/kadmin/kadmin.c b/crypto/kerberosIV/kadmin/kadmin.c
new file mode 100644
index 0000000..76abda5
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/kadmin.c
@@ -0,0 +1,1145 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+/*
+ * Kerberos database administrator's tool.  
+ * 
+ * The default behavior of kadmin is if the -m option is given 
+ * on the commandline, multiple requests are allowed to be given
+ * with one entry of the admin password (until the tickets expire).
+ */
+
+#include "kadm_locl.h"
+#include "getarg.h"
+#include "parse_time.h"
+
+RCSID("$Id: kadmin.c,v 1.62 1999/11/02 17:02:14 bg Exp $");
+
+static int change_password(int argc, char **argv);
+static int change_key(int argc, char **argv);
+static int change_admin_password(int argc, char **argv);
+static int add_new_key(int argc, char **argv);
+static int del_entry(int argc, char **argv);
+static int get_entry(int argc, char **argv);
+static int mod_entry(int argc, char **argv);
+static int help(int argc, char **argv);
+static int clean_up_cmd(int argc, char **argv);
+static int quit_cmd(int argc, char **argv);
+static int set_timeout_cmd(int argc, char **argv);
+
+static int set_timeout(const char *);
+
+static SL_cmd cmds[] = {
+  {"change_password", change_password, "Change a user's password"},
+  {"cpw"},
+  {"passwd"},
+  {"change_key", change_key, "Change a user's password as a DES binary key"},
+  {"ckey"},
+  {"change_admin_password", change_admin_password,
+   "Change your admin password"},
+  {"cap"},
+  {"add_new_key", add_new_key, "Add new user to kerberos database"},
+  {"ank"},
+  {"del_entry", del_entry, "Delete entry from database"},
+  {"del"},
+  {"delete"},
+  {"get_entry", get_entry, "Get entry from kerberos database"},
+  {"mod_entry", mod_entry, "Modify entry in kerberos database"},
+  {"destroy_tickets", clean_up_cmd, "Destroy admin tickets"},
+  {"set_timeout", set_timeout_cmd, "Set ticket timeout"},
+  {"timeout" },
+  {"exit", quit_cmd, "Exit program"},
+  {"quit"},
+  {"help", help, "Help"},
+  {"?"},
+  {NULL}
+};
+
+#define BAD_PW 1
+#define GOOD_PW 0
+#define FUDGE_VALUE 15		/* for ticket expiration time */
+#define PE_NO 0
+#define PE_YES 1
+#define PE_UNSURE 2
+
+/* for get_password, whether it should do the swapping...necessary for
+   using vals structure, unnecessary for change_pw requests */
+#define DONTSWAP 0
+#define SWAP 1
+
+static krb_principal pr;
+static char default_realm[REALM_SZ]; /* default kerberos realm */
+static char krbrlm[REALM_SZ];	/* current realm being administered */
+
+#ifdef NOENCRYPTION
+#define read_long_pw_string placebo_read_pw_string
+#else
+#define read_long_pw_string des_read_pw_string
+#endif
+
+static void
+get_maxlife(Kadm_vals *vals)
+{
+    char buff[BUFSIZ];
+    time_t life;
+    int l;
+
+    do {
+	printf("Maximum ticket lifetime?  (%d)  [%s]  ",
+ 	     vals->max_life, krb_life_to_atime(vals->max_life));
+	fflush(stdout);
+	if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') {
+	    clearerr(stdin);
+	    return;
+	}
+	life = krb_atime_to_life(buff);
+    } while (life <= 0);
+
+    l = strlen(buff);
+    if (buff[l-2] == 'm')
+	life = krb_time_to_life(0L, life*60);
+    if (buff[l-2] == 'h')
+	life = krb_time_to_life(0L, life*60*60);
+
+    vals->max_life = life;
+    SET_FIELD(KADM_MAXLIFE,vals->fields);
+}
+
+static void
+get_attr(Kadm_vals *vals)
+{
+    char buff[BUFSIZ], *out;
+    int attr;
+
+    do {
+	printf("Attributes?  [0x%.2x]  ", vals->attributes);
+	fflush(stdout);
+	if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') {
+	    clearerr(stdin);
+	    return;
+	}
+        attr = strtol(buff, &out, 0);
+	if (attr == 0 && out == buff)
+	  attr = -1;
+    } while (attr < 0 || attr > 0xffff);
+
+    vals->attributes = attr;
+    SET_FIELD(KADM_ATTR,vals->fields);
+}
+
+static time_t
+parse_expdate(const char *str)
+{
+    struct tm edate;
+
+    memset(&edate, 0, sizeof(edate));
+    if (sscanf(str, "%d-%d-%d",
+	       &edate.tm_year, &edate.tm_mon, &edate.tm_mday) == 3) {
+	edate.tm_mon--;     /* January is 0, not 1 */
+	edate.tm_hour = 23; /* nearly midnight at the end of the */
+	edate.tm_min = 59;  /* specified day */
+    }
+    if(krb_check_tm (edate))
+	return -1;
+    edate.tm_year -= 1900;
+    return tm2time (edate, 1);
+}
+
+static void
+get_expdate(Kadm_vals *vals)
+{
+    char buff[BUFSIZ];
+    time_t t;
+
+    do {
+	strftime(buff, sizeof(buff), "%Y-%m-%d", k_localtime(&vals->exp_date));
+        printf("Expiration date (enter yyyy-mm-dd) ?  [%s]  ", buff);
+        fflush(stdout);
+        if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') {
+            clearerr(stdin);
+            return;
+        }
+	t = parse_expdate(buff);
+    }while(t < 0);
+    vals->exp_date = t;
+    SET_FIELD(KADM_EXPDATE,vals->fields);
+}
+
+static int
+princ_exists(char *name, char *instance, char *realm)
+{
+    int status;
+
+    int old = krb_use_admin_server(1);
+    status = krb_get_pw_in_tkt(name, instance, realm,
+			       KRB_TICKET_GRANTING_TICKET,
+			       realm, 1, "");
+    krb_use_admin_server(old);
+
+    if ((status == KSUCCESS) || (status == INTK_BADPW))
+	return(PE_YES);
+    else if (status == KDC_PR_UNKNOWN)
+	return(PE_NO);
+    else
+	return(PE_UNSURE);
+}
+
+static void
+passwd_to_lowhigh(u_int32_t *low, u_int32_t *high, char *password, int byteswap)
+{
+    des_cblock newkey;
+
+    if (strlen(password) == 0) {
+    	printf("Using random password.\n");
+#ifdef NOENCRYPTION
+	memset(newkey, 0, sizeof(newkey));
+#else
+	des_new_random_key(&newkey);
+#endif
+    } else {
+#ifdef NOENCRYPTION
+      memset(newkey, 0, sizeof(newkey));
+#else
+      des_string_to_key(password, &newkey);
+#endif
+    }
+
+    memcpy(low, newkey, 4);
+    memcpy(high, ((char *)newkey) + 4, 4);
+
+    memset(newkey, 0, sizeof(newkey));
+
+#ifdef NOENCRYPTION
+    *low = 1;
+#endif
+
+    if (byteswap != DONTSWAP) {
+	*low = htonl(*low);
+	*high = htonl(*high);
+    }
+}
+
+static int
+get_password(u_int32_t *low, u_int32_t *high, char *prompt, int byteswap)
+{
+    char new_passwd[MAX_KPW_LEN];	/* new password */
+
+    if (read_long_pw_string(new_passwd, sizeof(new_passwd)-1, prompt, 1))
+    	return(BAD_PW);
+    passwd_to_lowhigh (low, high, new_passwd, byteswap);
+    memset (new_passwd, 0, sizeof(new_passwd));
+    return(GOOD_PW);
+}
+
+static int
+get_admin_password(void)
+{
+    int status;
+    char admin_passwd[MAX_KPW_LEN];	/* Admin's password */
+    int ticket_life = 1;	/* minimum ticket lifetime */
+    CREDENTIALS c;
+
+    alarm(0);
+    /* If admin tickets exist and are valid, just exit. */
+    memset(&c, 0, sizeof(c));
+    if (krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c) == KSUCCESS)
+	/* 
+	 * If time is less than lifetime - FUDGE_VALUE after issue date,
+	 * tickets will probably last long enough for the next 
+	 * transaction.
+	 */
+	if (time(0) < (c.issue_date + (5 * 60 * c.lifetime) - FUDGE_VALUE))
+	    return(KADM_SUCCESS);
+    ticket_life = DEFAULT_TKT_LIFE;
+    
+    if (princ_exists(pr.name, pr.instance, pr.realm) != PE_NO) {
+        char prompt[256];
+	snprintf(prompt, sizeof(prompt), "%s's Password: ", 
+		 krb_unparse_name(&pr));
+	if (read_long_pw_string(admin_passwd,
+				sizeof(admin_passwd)-1,
+				prompt, 0)) {
+	    warnx ("Error reading admin password.");
+	    goto bad;
+	}
+	status = krb_get_pw_in_tkt(pr.name, pr.instance, pr.realm,
+				   PWSERV_NAME, KADM_SINST,
+				   ticket_life, admin_passwd);
+	memset(admin_passwd, 0, sizeof(admin_passwd));
+	
+	/* Initialize non shared random sequence from session key. */
+	memset(&c, 0, sizeof(c));
+	krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c);
+	des_init_random_number_generator(&c.session);
+    }
+    else
+	status = KDC_PR_UNKNOWN;
+
+    switch(status) {
+    case GT_PW_OK:
+	return(GOOD_PW);
+    case KDC_PR_UNKNOWN:
+	printf("Principal %s does not exist.\n", krb_unparse_name(&pr));
+	goto bad;
+    case GT_PW_BADPW:
+	printf("Incorrect admin password.\n");
+	goto bad;
+    default:
+	com_err("kadmin", status+krb_err_base,
+		"while getting password tickets");
+	goto bad;
+    }
+    
+ bad:
+    memset(admin_passwd, 0, sizeof(admin_passwd));
+    dest_tkt();
+    return(BAD_PW);
+}
+
+static char *principal;
+static char *username;
+static char *realm;
+static char *timeout;
+static int tflag; /* use existing tickets */
+static int mflag; /* compatibility */
+static int version_flag;
+static int help_flag;
+
+static time_t destroy_timeout = 5 * 60;
+
+struct getargs args[] = {
+    { NULL,	'p',	arg_string, &principal, 
+      "principal to authenticate as"},
+    { NULL,	'u',	arg_string, &username, 
+      "username, other than default" },
+    { NULL,	'r',	arg_string, &realm, "local realm" },
+    { NULL,	'm',	arg_flag, &mflag, "disable ticket timeout" },
+    { NULL,	'T',	arg_string, &timeout, "default ticket timeout" },
+    { NULL,	't',	arg_flag, &tflag, "use existing tickets" },
+    { "version",0,	arg_flag, &version_flag },
+    { "help",	'h',	arg_flag, &help_flag },
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static int
+clean_up()
+{
+    if(!tflag)
+	return dest_tkt() == KSUCCESS;
+    return 0; 
+}
+
+static int
+clean_up_cmd (int argc, char **argv)
+{
+    clean_up();
+    return 0;
+}
+
+static int
+quit_cmd (int argc, char **argv)
+{
+    return 1;
+}
+
+static void 
+usage(int code)
+{
+    arg_printusage(args, num_args, NULL, "[command]");
+    exit(code);
+}
+
+static int
+do_init(int argc, char **argv)
+{
+    int optind = 0;
+    int ret;
+
+    set_progname (argv[0]);
+    
+    if(getarg(args, num_args, argc, argv, &optind) < 0)
+	usage(1);
+    if(help_flag)
+	usage(0);
+    if(version_flag) {
+	print_version(NULL);
+	exit(0);
+    }
+
+    memset(&pr, 0, sizeof(pr));
+    ret = krb_get_default_principal(pr.name, pr.instance, default_realm);
+    if(ret < 0)
+	errx(1, "Can't figure out default principal");
+    if(pr.instance[0] == '\0')
+	strlcpy(pr.instance, "admin", sizeof(pr.instance));
+    if(principal) {
+	if(username)
+	    warnx("Ignoring username when principal is given");
+	ret = krb_parse_name(principal, &pr);
+	if(ret)
+	    errx(1, "%s: %s", principal, krb_get_err_text(ret));
+	if(pr.realm[0] != '\0')
+	    strlcpy(default_realm, pr.realm, sizeof(default_realm));
+    } else if(username) {
+	strlcpy(pr.name, username, sizeof(pr.name));
+	strlcpy(pr.instance, "admin", sizeof(pr.instance));
+    } 
+    
+    if(realm)
+	strlcpy(default_realm, realm, sizeof(default_realm));
+    
+    strlcpy(krbrlm, default_realm, sizeof(krbrlm));
+
+    if(pr.realm[0] == '\0')
+	strlcpy(pr.realm, krbrlm, sizeof(pr.realm));
+
+    if (kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm) != KADM_SUCCESS)
+	*krbrlm = '\0';
+    
+    if(timeout) {
+	if(set_timeout(timeout) == -1)
+	    warnx("bad timespecification `%s'", timeout);
+    } else if(mflag)
+	destroy_timeout = 0;
+
+    if (tflag)
+	destroy_timeout = 0; /* disable timeout */
+    else{
+	char tktstring[128];
+	snprintf(tktstring, sizeof(tktstring), "%s_adm_%d",
+		 TKT_ROOT, (int)getpid());
+	krb_set_tkt_string(tktstring);
+    }
+    return optind;
+}
+
+static void
+sigalrm(int sig)
+{
+    if(clean_up())
+	printf("\nTickets destroyed.\n");
+}
+
+int
+main(int argc, char **argv)
+{
+    int optind = do_init(argc, argv);
+    if(argc > optind)
+	sl_command(cmds, argc - optind, argv + optind);
+    else {
+	void *data = NULL;
+	signal(SIGALRM, sigalrm);
+	while(sl_command_loop(cmds, "kadmin: ", &data) == 0)
+	    alarm(destroy_timeout);
+    }
+    clean_up();
+    exit(0);
+}
+
+static int
+setvals(Kadm_vals *vals, char *string)
+{
+    char realm[REALM_SZ];
+    int status = KADM_SUCCESS;
+
+    memset(vals, 0, sizeof(*vals));
+    memset(realm, 0, sizeof(realm));
+
+    SET_FIELD(KADM_NAME,vals->fields);
+    SET_FIELD(KADM_INST,vals->fields);
+    if ((status = kname_parse(vals->name, vals->instance, realm, string))) {
+	printf("kerberos error: %s\n", krb_get_err_text(status));
+	return status;
+    }
+    if (!realm[0])
+	strlcpy(realm, default_realm, sizeof(realm));
+    if (strcmp(realm, krbrlm)) {
+	strlcpy(krbrlm, realm, sizeof(krbrlm));
+	if ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm)) 
+	    != KADM_SUCCESS)
+	    printf("kadm error for realm %s: %s\n", 
+		   krbrlm, error_message(status));
+    }
+    if (status) 
+	return 1;
+    else
+	return KADM_SUCCESS;
+}    
+
+static int 
+set_timeout(const char *timespec)
+{
+    int t = parse_time(timespec, "s");
+    if(t == -1)
+	return -1;
+    destroy_timeout = t;
+    return 0;
+}
+
+static int
+set_timeout_cmd(int argc, char **argv)
+{
+    char ts[128];
+    if (argc > 2) {
+	printf("Usage: set_timeout [timeout]\n");
+	return 0;
+    }
+    if(argc == 2) {
+	if(set_timeout(argv[1]) == -1){
+	    printf("Bad time specification `%s'\n", argv[1]);
+	    return 0;
+	}
+    }
+    if(destroy_timeout == 0)
+	printf("Timeout disabled.\n");
+    else{
+	unparse_time(destroy_timeout, ts, sizeof(ts));
+	printf("Timeout after %s.\n", ts);
+    }
+    return 0;
+}
+
+static int 
+change_password(int argc, char **argv)
+{
+    Kadm_vals old, new;
+    int status;
+    char pw_prompt[BUFSIZ];
+
+    char pw[32];
+    int generate_password = 0;
+    int i;
+    int optind = 0;
+    char *user = NULL;
+
+    struct getargs cpw_args[] = {
+	{ "random", 'r', arg_flag, NULL, "generate random password" },
+    };
+    i = 0;
+    cpw_args[i++].value = &generate_password;
+
+    if(getarg(cpw_args, sizeof(cpw_args) / sizeof(cpw_args[0]), 
+	      argc, argv, &optind)){
+	arg_printusage(cpw_args, 
+		       sizeof(cpw_args) / sizeof(cpw_args[0]), 
+		       "cpw",
+		       "principal");
+	return 0;
+    }
+
+    argc -= optind;
+    argv += optind;
+
+    if (argc != 1) {
+	printf("Usage: change_password [options] principal\n");
+	return 0;
+    }
+
+    user = argv[0];
+
+    if (setvals(&old, user) != KADM_SUCCESS)
+	return 0;
+
+    new = old;
+
+    SET_FIELD(KADM_DESKEY,new.fields);
+
+    if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) {
+	/* get the admin's password */
+        if (get_admin_password() != GOOD_PW)
+	    return 0;
+
+
+	if (generate_password) {
+	    random_password(pw, sizeof(pw), &new.key_low, &new.key_high);
+	} else {
+	    /* get the new password */
+	    snprintf(pw_prompt, sizeof(pw_prompt), 
+		     "New password for %s:", user);
+	
+	    if (get_password(&new.key_low, &new.key_high,
+			     pw_prompt, SWAP) != GOOD_PW) {
+		printf("Error reading password; password unchanged\n");
+		return 0;
+	    }
+	}
+
+	status = kadm_mod(&old, &new);
+	if (status == KADM_SUCCESS) {
+	    printf("Password changed for %s.\n", user);
+	    if (generate_password)
+		printf("Password is: %s\n", pw);
+	} else {
+	    printf("kadmin: %s\nwhile changing password for %s",
+		   error_message(status), user);
+	}
+
+	memset(pw, 0, sizeof(pw));
+	memset(&new, 0, sizeof(new));
+    } else 
+	printf("kadmin: Principal %s does not exist.\n",
+	       krb_unparse_name_long (old.name, old.instance, krbrlm));
+    return 0;
+}
+
+static int
+getkey(unsigned char *k)
+{
+    int i, c;
+    for (i = 0; i < 8; i++)
+	{
+	    c = getchar();
+	    if (c == EOF)
+		return 0;
+	    else if (c == '\\')
+		{
+		    int oct = -1;
+		    scanf("%03o", &oct);
+		    if (oct < 0 || oct > 255)
+			return 0;
+		    k[i] = oct;
+		}
+	    else if (!isalpha(c))
+		return 0;
+	    else
+		k[i] = c;
+	}
+    c = getchar();
+    if (c != '\n')
+	return 0;
+    return 1;			/* Success */
+}
+
+static void
+printkey(unsigned char *tkey)
+{
+    int j;
+    for(j = 0; j < 8; j++)
+	if(tkey[j] != '\\' && isalpha(tkey[j]) != 0)
+	    printf("%c", tkey[j]);
+	else
+	    printf("\\%03o",(unsigned char)tkey[j]);
+    printf("\n");
+}
+
+static int 
+change_key(int argc, char **argv)
+{
+    Kadm_vals old, new;
+    unsigned char newkey[8];
+    int status;
+
+    if (argc != 2) {
+	printf("Usage: change_key principal-name\n");
+	return 0;
+    }
+
+    if (setvals(&old, argv[1]) != KADM_SUCCESS)
+	return 0;
+
+    new = old;
+
+    SET_FIELD(KADM_DESKEY,new.fields);
+
+    if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) {
+	/* get the admin's password */
+        if (get_admin_password() != GOOD_PW)
+	    return 0;
+
+	/* get the new password */
+	printf("New DES key for %s: ", argv[1]);
+	
+	if (getkey(newkey)) {
+	    memcpy(&new.key_low, newkey, 4);
+	    memcpy(&new.key_high, ((char *)newkey) + 4, 4);
+	    printf("Entered key for %s: ", argv[1]);
+	    printkey(newkey);
+	    memset(newkey, 0, sizeof(newkey));
+
+	    status = kadm_mod(&old, &new);
+	    if (status == KADM_SUCCESS) {
+		printf("Key changed for %s.\n", argv[1]);
+	    } else {
+		printf("kadmin: %s\nwhile changing key for %s",
+		       error_message(status), argv[1]);
+	    }
+	} else
+	    printf("Error reading key; key unchanged\n");
+	memset(&new, 0, sizeof(new));
+    }
+    else 
+	printf("kadmin: Principal %s does not exist.\n",
+	       krb_unparse_name_long (old.name, old.instance, krbrlm));
+    return 0;
+}
+
+static int 
+change_admin_password(int argc, char **argv)
+{
+    des_cblock newkey;
+    int status;
+    char pword[MAX_KPW_LEN];
+    char *pw_msg;
+
+    alarm(0);
+    if (argc != 1) {
+	printf("Usage: change_admin_password\n");
+	return 0;
+    }
+    if (get_pw_new_pwd(pword, sizeof(pword), &pr, 1) == 0) {
+	 des_string_to_key(pword, &newkey);
+	 status = kadm_change_pw_plain(newkey, pword, &pw_msg);
+	 if(status == KADM_INSECURE_PW)
+	      printf("Insecure password: %s\n", pw_msg);
+	 else if (status == KADM_SUCCESS)
+	      printf("Admin password changed\n");
+	 else
+	      printf("kadm error: %s\n",error_message(status));
+	 memset(newkey, 0, sizeof(newkey));
+	 memset(pword, 0, sizeof(pword));
+    }
+    return 0;
+}
+
+void random_password(char*, size_t, u_int32_t*, u_int32_t*);
+
+static int 
+add_new_key(int argc, char **argv)
+{
+    int i;
+    char pw_prompt[BUFSIZ];
+    int status;
+    int generate_password = 0;
+    char *password = NULL;
+
+    char *expiration_string = NULL;
+    time_t default_expiration = 0;
+    int expiration_set = 0;
+
+    char *life_string = NULL;
+    time_t default_life = 0;
+    int life_set = 0;
+
+    int attributes = -1;
+    int default_attributes = 0;
+    int attributes_set = 0;
+
+    int optind = 0;
+
+    /* XXX remember to update value assignments below */
+    struct getargs add_args[] = {
+	{ "random", 'r', arg_flag, NULL, "generate random password" },
+	{ "password", 'p', arg_string, NULL },
+	{ "life", 'l', arg_string, NULL, "max ticket life" },
+	{ "expiration", 'e', arg_string, NULL, "principal expiration" },
+	{ "attributes", 'a', arg_integer, NULL }
+    };
+    i = 0;
+    add_args[i++].value = &generate_password;
+    add_args[i++].value = &password;
+    add_args[i++].value = &life_string;
+    add_args[i++].value = &expiration_string;
+    add_args[i++].value = &attributes;
+
+
+    if(getarg(add_args, sizeof(add_args) / sizeof(add_args[0]), 
+	      argc, argv, &optind)){
+	arg_printusage(add_args, 
+		       sizeof(add_args) / sizeof(add_args[0]), 
+		       "add",
+		       "principal ...");
+	return 0;
+    }
+
+    if(expiration_string) {
+	default_expiration = parse_expdate(expiration_string);
+	if(default_expiration < 0)
+	    warnx("Unknown expiration date `%s'", expiration_string);
+	else
+	    expiration_set = 1;
+    }
+    if(life_string) {
+	time_t t = parse_time(life_string, "hour");
+	if(t == -1) 
+	    warnx("Unknown lifetime `%s'", life_string);
+	else {
+	    default_life = krb_time_to_life(0, t);
+	    life_set = 1;
+	}
+    }
+    if(attributes != -1) {
+	default_attributes = attributes;
+	attributes_set = 1;
+    }
+
+
+    {
+	char default_name[ANAME_SZ + INST_SZ + 1];
+	char old_default[INST_SZ + 1] = "";
+	Kadm_vals new, default_vals;
+	char pw[32];
+	u_char fields[4];
+
+	for(i = optind; i < argc; i++) {
+	    if (setvals(&new, argv[i]) != KADM_SUCCESS)
+		return 0;
+	    SET_FIELD(KADM_EXPDATE, new.fields);
+	    SET_FIELD(KADM_ATTR, new.fields);
+	    SET_FIELD(KADM_MAXLIFE, new.fields);
+	    SET_FIELD(KADM_DESKEY, new.fields);
+
+	    if (princ_exists(new.name, new.instance, krbrlm) == PE_YES) {
+		printf("kadmin: Principal %s already exists.\n", argv[i]);
+		continue;
+	    }
+	    /* get the admin's password */
+	    if (get_admin_password() != GOOD_PW)
+		return 0;
+	
+	    snprintf (default_name, sizeof(default_name), 
+		      "default.%s", new.instance);
+	    if(strcmp(old_default, default_name) != 0) {
+		memset(fields, 0, sizeof(fields));
+		SET_FIELD(KADM_NAME, fields);
+		SET_FIELD(KADM_INST, fields);
+		SET_FIELD(KADM_EXPDATE, fields);
+		SET_FIELD(KADM_ATTR, fields);
+		SET_FIELD(KADM_MAXLIFE, fields);
+		if (setvals(&default_vals, default_name) != KADM_SUCCESS)
+		    return 0;
+	
+		if (kadm_get(&default_vals, fields) != KADM_SUCCESS) {
+		    /* no such entry, try just `default' */
+		    if (setvals(&default_vals, "default") != KADM_SUCCESS)
+			continue;
+		    if ((status = kadm_get(&default_vals, fields)) != KADM_SUCCESS) {
+			warnx ("kadm error: %s", error_message(status));
+			break; /* no point in continuing */
+		    }
+		}
+
+		if (default_vals.max_life == 255) /* Defaults not set! */ {
+		    /* This is the default maximum lifetime for new principals. */
+		    if (strcmp(new.instance, "admin") == 0)
+			default_vals.max_life = 1 + (CLOCK_SKEW/(5*60)); /* 5+5 minutes */
+		    else if (strcmp(new.instance, "root") == 0)
+			default_vals.max_life = 96;    /* 8 hours */
+		    else if (krb_life_to_time(0, 162) >= 24*60*60)
+			default_vals.max_life = 162;     /* ca 100 hours */
+		    else
+			default_vals.max_life = 255;     /* ca 21 hours (maximum) */
+		
+		    /* Also fix expiration date. */
+		    {
+			time_t now;
+			struct tm tm;
+
+			now = time(0);
+			tm = *gmtime(&now);
+			if (strcmp(new.name, "rcmd") == 0 ||
+			    strcmp(new.name, "ftp")  == 0 ||
+			    strcmp(new.name, "pop")  == 0)
+			    tm.tm_year += 5;
+			else
+			    tm.tm_year += 2;
+			default_vals.exp_date = mktime(&tm);
+		    }		
+		    default_vals.attributes = default_vals.attributes;
+		}
+		if(!life_set)
+		    default_life = default_vals.max_life;
+		if(!expiration_set)
+		    default_expiration = default_vals.exp_date;
+		if(!attributes_set)
+		    default_attributes = default_vals.attributes;
+	    }
+
+	    new.max_life = default_life;
+	    new.exp_date = default_expiration;
+	    new.attributes = default_attributes;
+	    if(!life_set)
+		get_maxlife(&new);
+	    if(!attributes_set)
+		get_attr(&new);
+	    if(!expiration_set)
+		get_expdate(&new);
+
+	    if(generate_password) {
+		random_password(pw, sizeof(pw), &new.key_low, &new.key_high);
+	    } else if (password == NULL) {
+		/* get the new password */
+		snprintf(pw_prompt, sizeof(pw_prompt), "Password for %s:", 
+			 argv[i]);
+	
+		if (get_password(&new.key_low, &new.key_high,
+				 pw_prompt, SWAP) != GOOD_PW) {
+		    printf("Error reading password: %s not added\n", argv[i]);
+		    memset(&new, 0, sizeof(new));
+		    return 0;
+		}
+	    } else {
+		passwd_to_lowhigh (&new.key_low, &new.key_high, password, SWAP);
+		memset (password, 0, strlen(password));
+	    }
+
+	    status = kadm_add(&new);
+	    if (status == KADM_SUCCESS) {
+		printf("%s added to database", argv[i]);
+		if (generate_password)
+		    printf (" with password `%s'", pw);
+		printf (".\n");
+	    } else 
+		printf("kadm error: %s\n",error_message(status));
+		
+	    memset(pw, 0, sizeof(pw));
+	    memset(&new, 0, sizeof(new));
+	}
+    }
+    
+    return 0;
+}
+
+static int 
+del_entry(int argc, char **argv)
+{
+    int status;
+    Kadm_vals vals;
+    int i;
+
+    if (argc < 2) {
+	printf("Usage: delete principal...\n");
+	return 0;
+    }
+
+    for(i = 1; i < argc; i++) {
+	if (setvals(&vals, argv[i]) != KADM_SUCCESS)
+	    return 0;
+	
+	if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) {
+	    /* get the admin's password */
+	    if (get_admin_password() != GOOD_PW)
+		return 0;
+	    
+	    if ((status = kadm_del(&vals)) == KADM_SUCCESS)
+		printf("%s removed from database.\n", argv[i]);
+	    else 
+		printf("kadm error: %s\n",error_message(status));
+	}
+	else
+	    printf("kadmin: Principal %s does not exist.\n",
+		   krb_unparse_name_long (vals.name, vals.instance, krbrlm));
+    }
+    return 0;
+}
+
+static int 
+get_entry(int argc, char **argv)
+{
+    int status;
+    u_char fields[4];
+    Kadm_vals vals;
+
+    if (argc != 2) {
+	printf("Usage: get_entry username\n");
+	return 0;
+    }
+
+    memset(fields, 0, sizeof(fields));
+
+    SET_FIELD(KADM_NAME,fields);
+    SET_FIELD(KADM_INST,fields);
+    SET_FIELD(KADM_EXPDATE,fields);
+    SET_FIELD(KADM_ATTR,fields);
+    SET_FIELD(KADM_MAXLIFE,fields);
+#if 0
+    SET_FIELD(KADM_DESKEY,fields); 
+#endif
+#ifdef EXTENDED_KADM
+    SET_FIELD(KADM_MODDATE, fields);
+    SET_FIELD(KADM_MODNAME, fields);
+    SET_FIELD(KADM_MODINST, fields);
+    SET_FIELD(KADM_KVNO, fields);
+#endif
+
+    if (setvals(&vals, argv[1]) != KADM_SUCCESS)
+	return 0;
+
+
+    if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) {
+	/* get the admin's password */
+	if (get_admin_password() != GOOD_PW)
+	    return 0;
+	
+	if ((status = kadm_get(&vals, fields)) == KADM_SUCCESS)
+	    prin_vals(&vals);
+	else
+	    printf("kadm error: %s\n",error_message(status));
+    }
+    else
+	printf("kadmin: Principal %s does not exist.\n",
+	       krb_unparse_name_long (vals.name, vals.instance, krbrlm));
+    return 0;
+}
+
+static int 
+mod_entry(int argc, char **argv)
+{
+    int status;
+    u_char fields[4];
+    Kadm_vals ovals, nvals;
+    int i;
+
+    char *expiration_string = NULL;
+    time_t default_expiration = 0;
+    int expiration_set = 0;
+
+    char *life_string = NULL;
+    time_t default_life = 0;
+    int life_set = 0;
+
+    int attributes = -1;
+    int default_attributes = 0;
+    int attributes_set = 0;
+
+    int optind = 0;
+
+    /* XXX remember to update value assignments below */
+    struct getargs mod_args[] = {
+	{ "life", 'l', arg_string, NULL, "max ticket life" },
+	{ "expiration", 'e', arg_string, NULL, "principal expiration" },
+	{ "attributes", 'a', arg_integer, NULL }
+    };
+    i = 0;
+    mod_args[i++].value = &life_string;
+    mod_args[i++].value = &expiration_string;
+    mod_args[i++].value = &attributes;
+
+
+    if(getarg(mod_args, sizeof(mod_args) / sizeof(mod_args[0]), 
+	      argc, argv, &optind)){
+	arg_printusage(mod_args, 
+		       sizeof(mod_args) / sizeof(mod_args[0]), 
+		       "mod",
+		       "principal ...");
+	return 0;
+    }
+
+    if(expiration_string) {
+	default_expiration = parse_expdate(expiration_string);
+	if(default_expiration < 0)
+	    warnx("Unknown expiration date `%s'", expiration_string);
+	else
+	    expiration_set = 1;
+    }
+    if(life_string) {
+	time_t t = parse_time(life_string, "hour");
+	if(t == -1) 
+	    warnx("Unknown lifetime `%s'", life_string);
+	else {
+	    default_life = krb_time_to_life(0, t);
+	    life_set = 1;
+	}
+    }
+    if(attributes != -1) {
+	default_attributes = attributes;
+	attributes_set = 1;
+    }
+
+
+    for(i = optind; i < argc; i++) {
+
+	memset(fields, 0, sizeof(fields));
+
+	SET_FIELD(KADM_NAME,fields);
+	SET_FIELD(KADM_INST,fields);
+	SET_FIELD(KADM_EXPDATE,fields);
+	SET_FIELD(KADM_ATTR,fields);
+	SET_FIELD(KADM_MAXLIFE,fields);
+
+	if (setvals(&ovals, argv[i]) != KADM_SUCCESS)
+	    return 0;
+
+	nvals = ovals;
+
+	if (princ_exists(ovals.name, ovals.instance, krbrlm) == PE_NO) {
+	    printf("kadmin: Principal %s does not exist.\n",
+		   krb_unparse_name_long (ovals.name, ovals.instance, krbrlm));
+	    return 0;
+	}
+
+	/* get the admin's password */
+	if (get_admin_password() != GOOD_PW)
+	    return 0;
+	
+	if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) {
+	    printf("[ unable to retrieve current settings: %s ]\n",
+		   error_message(status));
+	    nvals.max_life = DEFAULT_TKT_LIFE;
+	    nvals.exp_date = 0;
+	    nvals.attributes = 0;
+	} else {
+	    nvals.max_life = ovals.max_life;
+	    nvals.exp_date = ovals.exp_date;
+	    nvals.attributes = ovals.attributes;
+    }
+
+	if(life_set) {
+	    nvals.max_life = default_life;
+	    SET_FIELD(KADM_MAXLIFE, nvals.fields);
+	} else
+	    get_maxlife(&nvals);
+	if(attributes_set) {
+	    nvals.attributes = default_attributes;
+	    SET_FIELD(KADM_ATTR, nvals.fields);
+	} else
+	    get_attr(&nvals);
+	if(expiration_set) {
+	    nvals.exp_date = default_expiration;
+	    SET_FIELD(KADM_EXPDATE, nvals.fields);
+	} else
+	    get_expdate(&nvals);
+    
+	if (IS_FIELD(KADM_MAXLIFE, nvals.fields) ||
+	    IS_FIELD(KADM_ATTR, nvals.fields) ||
+	    IS_FIELD(KADM_EXPDATE, nvals.fields)) {
+	    if ((status = kadm_mod(&ovals, &nvals)) != KADM_SUCCESS) {
+		printf("kadm error: %s\n",error_message(status));
+		goto out;
+	    }
+	    if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) {
+		printf("kadm error: %s\n",error_message(status));
+		goto out;
+	    }
+	}
+	prin_vals(&ovals);
+    }
+    
+out:
+    return 0;
+}
+
+static int
+help(int argc, char **argv)
+{
+    sl_help (cmds, argc, argv);
+    return 0;
+}
diff --git a/crypto/kerberosIV/kadmin/kpasswd.c b/crypto/kerberosIV/kadmin/kpasswd.c
new file mode 100644
index 0000000..d0d35be
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/kpasswd.c
@@ -0,0 +1,177 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+/*
+ * change your password with kerberos
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: kpasswd.c,v 1.29 1999/11/13 06:33:20 assar Exp $");
+
+static void
+usage(int value)
+{
+    fprintf(stderr, "Usage: ");
+    fprintf(stderr, "kpasswd [-h ] [-n user] [-i instance] [-r realm] ");
+    fprintf(stderr, "[-u fullname]\n");
+    exit(value);
+}
+
+int
+main(int argc, char **argv)
+{
+    krb_principal principal;
+    krb_principal default_principal;
+    int realm_given = 0;	/* True if realm was give on cmdline */
+    int use_default = 1;	/* True if we should use default name */
+    int status;			/* return code */
+    char pword[MAX_KPW_LEN];
+    int c;
+    char tktstring[MaxPathLen];
+    
+    set_progname (argv[0]);
+
+    memset (&principal, 0, sizeof(principal));
+    memset (&default_principal, 0, sizeof(default_principal));
+    
+    krb_get_default_principal (default_principal.name,
+			       default_principal.instance,
+			       default_principal.realm);
+
+    while ((c = getopt(argc, argv, "u:n:i:r:h")) != -1) {
+	switch (c) {
+	case 'u':
+	    status = krb_parse_name (optarg, &principal);
+	    if (status != KSUCCESS)
+		errx (2, "%s", krb_get_err_text(status));
+	    if (principal.realm[0])
+		realm_given++;
+	    else if (krb_get_lrealm(principal.realm, 1) != KSUCCESS)
+		errx (1, "Could not find default realm!");
+	    break;
+	case 'n':
+	    if (k_isname(optarg))
+		strlcpy(principal.name,
+				optarg,
+				sizeof(principal.name));
+	    else {
+		warnx("Bad name: %s", optarg);
+		usage(1);
+	    }
+	    break;
+	case 'i':
+	    if (k_isinst(optarg))
+		strlcpy(principal.instance,
+				optarg,
+				sizeof(principal.instance));
+	    else {
+		warnx("Bad instance: %s", optarg);
+		usage(1);
+	    }
+	    break;
+	case 'r':
+	    if (k_isrealm(optarg)) {
+		strlcpy(principal.realm,
+				optarg,
+				sizeof(principal.realm));
+		realm_given++; 
+	    } else {
+		warnx("Bad realm: %s", optarg);
+		usage(1);
+	    }
+	    break;
+	case 'h':
+	    usage(0);
+	    break;
+	default:
+	    usage(1);
+	    break;
+	}
+	use_default = 0;
+    }
+    if (optind < argc) {
+	use_default = 0;
+	status = krb_parse_name (argv[optind], &principal);
+	if(status != KSUCCESS)
+	    errx (1, "%s", krb_get_err_text (status));
+    }
+
+    if (use_default) {
+	strlcpy(principal.name,
+			default_principal.name,
+			sizeof(principal.name));
+	strlcpy(principal.instance,
+			default_principal.instance,
+			sizeof(principal.instance));
+	strlcpy(principal.realm,
+			default_principal.realm,
+			sizeof(principal.realm));
+    } else {
+	if (!principal.name[0])
+	    strlcpy(principal.name,
+			    default_principal.name,
+			    sizeof(principal.name));
+	if (!principal.realm[0])
+	    strlcpy(principal.realm,
+			    default_principal.realm,
+			    sizeof(principal.realm));
+    }
+
+    snprintf(tktstring, sizeof(tktstring), "%s_cpw_%u",
+	     TKT_ROOT, (unsigned)getpid());
+    krb_set_tkt_string(tktstring);
+    
+    if (get_pw_new_pwd(pword, sizeof(pword), &principal,
+		       realm_given)) {
+	dest_tkt ();
+	exit(1);
+    }
+    
+    status = kadm_init_link (PWSERV_NAME, KRB_MASTER, principal.realm);
+    if (status != KADM_SUCCESS) 
+	com_err(argv[0], status, "while initializing");
+    else {
+	des_cblock newkey;
+	char *pw_msg; /* message from server */
+
+	des_string_to_key(pword, &newkey);
+	status = kadm_change_pw_plain((unsigned char*)&newkey, pword, &pw_msg);
+	memset(newkey, 0, sizeof(newkey));
+      
+	if (status == KADM_INSECURE_PW)
+	    warnx ("Insecure password: %s", pw_msg);
+	else if (status != KADM_SUCCESS)
+	    com_err(argv[0], status, " attempting to change password.");
+    }
+    memset(pword, 0, sizeof(pword));
+
+    if (status != KADM_SUCCESS)
+	fprintf(stderr,"Password NOT changed.\n");
+    else
+	printf("Password changed.\n");
+
+    dest_tkt();
+    if (status)
+	return 2;
+    else 
+	return 0;
+}
diff --git a/crypto/kerberosIV/kadmin/kpasswd_standalone.c b/crypto/kerberosIV/kadmin/kpasswd_standalone.c
new file mode 100644
index 0000000..443daa8
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/kpasswd_standalone.c
@@ -0,0 +1,228 @@
+/*
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * Copyright.MIT.
+ *
+ * change your password with kerberos
+ */
+
+#ifndef	lint
+#if 0
+static char rcsid_kpasswd_c[] =
+    "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kpasswd.c,v 4.3 89/09/26 09:33:02 jtkohl Exp ";
+#endif
+static const char rcsid[] =
+	"$Id$";
+#endif	lint
+
+/*
+ * kpasswd
+ * change your password with kerberos
+ */
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <netinet/in.h>
+#include <com_err.h>
+#include <err.h>
+#include <krb.h>
+#include <string.h>
+#include <pwd.h>
+#include <unistd.h>
+#include "kadm.h"
+
+#include "extern.h"
+
+extern void krb_set_tkt_string();
+static void go_home(char *, int);
+
+
+int krb_passwd(char *uname, char *iflag, char *rflag, char *uflag)
+{
+    char name[ANAME_SZ];	/* name of user */
+    char inst[INST_SZ];		/* instance of user */
+    char realm[REALM_SZ];	/* realm of user */
+    char default_name[ANAME_SZ];
+    char default_inst[INST_SZ];
+    char default_realm[REALM_SZ];
+    int realm_given = 0;	/* True if realm was give on cmdline */
+    int use_default = 1;	/* True if we should use default name */
+    struct passwd *pw;
+    int status;			/* return code */
+    des_cblock new_key;
+    extern char *optarg;
+    extern int optind;
+    char tktstring[MAXPATHLEN];
+
+    void get_pw_new_key();
+
+#ifdef NOENCRYPTION
+#define read_long_pw_string placebo_read_pw_string
+#else
+#define read_long_pw_string des_read_pw_string
+#endif
+    int read_long_pw_string();
+
+    bzero(name, sizeof(name));
+    bzero(inst, sizeof(inst));
+    bzero(realm, sizeof(realm));
+
+    if (krb_get_tf_fullname(TKT_FILE, default_name, default_inst,
+			    default_realm) != KSUCCESS) {
+	pw = getpwuid((int) getuid());
+	if (pw) {
+		strcpy(default_name, pw->pw_name);
+	} else {
+	    /* seems like a null name is kinda silly */
+		strcpy(default_name, "");
+	}
+	strcpy(default_inst, "");
+	if (krb_get_lrealm(default_realm, 1) != KSUCCESS)
+	    strcpy(default_realm, KRB_REALM);
+    }
+
+    if(uflag) {
+	    if ((status = kname_parse(name, inst, realm, uflag))) {
+		    errx(2, "Kerberos error: %s", krb_err_txt[status]);
+	    }
+	    if (realm[0])
+		realm_given++;
+	    else
+		if (krb_get_lrealm(realm, 1) != KSUCCESS)
+		    strcpy(realm, KRB_REALM);
+    }
+
+    if(uname) {
+	    if (k_isname(uname)) {
+		    strncpy(name, uname, sizeof(name) - 1);
+	    } else {
+		    errx(1, "bad name: %s", uname);
+	    }
+    }
+
+    if(iflag) {
+	    if (k_isinst(iflag)) {
+		    strncpy(inst, iflag, sizeof(inst) - 1);
+	    } else {
+		    errx(1, "bad instance: %s", iflag);
+	    }
+    }
+
+    if(rflag) {
+	    if (k_isrealm(rflag)) {
+		    strncpy(realm, rflag, sizeof(realm) - 1);
+		    realm_given++;
+	    } else {
+		    errx(1, "bad realm: %s", rflag);
+	    }
+    }
+
+    if(uname || iflag || rflag || uflag) use_default = 0;
+
+    if (use_default) {
+	strcpy(name, default_name);
+	strcpy(inst, default_inst);
+	strcpy(realm, default_realm);
+    } else {
+	if (!name[0])
+	    strcpy(name, default_name);
+	if (!realm[0])
+	    strcpy(realm, default_realm);
+    }
+
+    (void) sprintf(tktstring, "/tmp/tkt_cpw_%d",getpid());
+    krb_set_tkt_string(tktstring);
+
+    get_pw_new_key(new_key, name, inst, realm, realm_given);
+
+    if ((status = kadm_init_link("changepw", KRB_MASTER, realm))
+	!= KADM_SUCCESS)
+	com_err("kpasswd", status, "while initializing");
+    else if ((status = kadm_change_pw(new_key)) != KADM_SUCCESS)
+	com_err("kpasswd", status, " attempting to change password.");
+
+    if (status != KADM_SUCCESS)
+	fprintf(stderr,"Password NOT changed.\n");
+    else
+	printf("Password changed.\n");
+
+    (void) dest_tkt();
+    if (status)
+	exit(2);
+    else
+	exit(0);
+}
+
+void get_pw_new_key(new_key, name, inst, realm, print_realm)
+  des_cblock new_key;
+  char *name;
+  char *inst;
+  char *realm;
+  int print_realm;		/* True if realm was give on cmdline */
+{
+    char ppromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */
+    char pword[MAX_KPW_LEN];	               /* storage for the password */
+    char npromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */
+
+    char local_realm[REALM_SZ];
+    int status;
+
+    /*
+     * We don't care about failure; this is to determine whether or
+     * not to print the realm in the prompt for a new password.
+     */
+    (void) krb_get_lrealm(local_realm, 1);
+
+    if (strcmp(local_realm, realm))
+	print_realm++;
+
+    (void) sprintf(ppromp,"Old password for %s%s%s%s%s:",
+		   name, *inst ? "." : "", inst,
+		   print_realm ? "@" : "", print_realm ? realm : "");
+    if (read_long_pw_string(pword, sizeof(pword)-1, ppromp, 0)) {
+	fprintf(stderr, "Error reading old password.\n");
+	exit(1);
+    }
+
+    if ((status = krb_get_pw_in_tkt(name, inst, realm, PWSERV_NAME,
+				    KADM_SINST, 1, pword)) != KSUCCESS) {
+	if (status == INTK_BADPW) {
+	    printf("Incorrect old password.\n");
+	    exit(0);
+	}
+	else {
+	    fprintf(stderr, "Kerberos error: %s\n", krb_err_txt[status]);
+	    exit(1);
+	}
+    }
+    bzero(pword, sizeof(pword));
+    do {
+	(void) sprintf(npromp,"New Password for %s%s%s%s%s:",
+		       name, *inst ? "." : "", inst,
+		       print_realm ? "@" : "", print_realm ? realm : "");
+	if (read_long_pw_string(pword, sizeof(pword)-1, npromp, 1))
+	    go_home("Error reading new password, password unchanged.\n",0);
+	if (strlen(pword) == 0)
+	    printf("Null passwords are not allowed; try again.\n");
+    } while (strlen(pword) == 0);
+
+#ifdef NOENCRYPTION
+    bzero((char *) new_key, sizeof(des_cblock));
+    new_key[0] = (unsigned char) 1;
+#else
+    (void) des_string_to_key(pword, (des_cblock *)new_key);
+#endif
+    bzero(pword, sizeof(pword));
+}
+
+static void
+go_home(str,x)
+  char *str;
+  int x;
+{
+    fprintf(stderr, str, x);
+    (void) dest_tkt();
+    exit(1);
+}
diff --git a/crypto/kerberosIV/kadmin/ksrvutil.c b/crypto/kerberosIV/kadmin/ksrvutil.c
new file mode 100644
index 0000000..38722a0
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/ksrvutil.c
@@ -0,0 +1,638 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+/*
+ * list and update contents of srvtab files
+ */
+
+/*
+ * ksrvutil
+ * list and update the contents of srvtab files
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: ksrvutil.c,v 1.50 1999/11/13 06:33:59 assar Exp $");
+
+#include "ksrvutil.h"
+
+#ifdef NOENCRYPTION
+#define read_long_pw_string placebo_read_pw_string
+#else /* NOENCRYPTION */
+#define read_long_pw_string des_read_pw_string
+#endif /* NOENCRYPTION */
+
+#define SRVTAB_MODE 0600	/* rw------- */
+#define PAD "  "
+#define VNO_HEADER "Version"
+#define VNO_FORMAT "%4d   "
+#define KEY_HEADER "       Key       " /* 17 characters long */
+#define PRINC_HEADER "  Principal\n"
+#define PRINC_FORMAT "%s"
+
+char u_name[ANAME_SZ];
+char u_inst[INST_SZ];
+char u_realm[REALM_SZ];
+
+int destroyp = FALSE;		/* Should the ticket file be destroyed? */
+
+static unsigned short
+get_mode(char *filename)
+{
+    struct stat statbuf;
+    unsigned short mode;
+
+    memset(&statbuf, 0, sizeof(statbuf));
+    
+    if (stat(filename, &statbuf) < 0) 
+	mode = SRVTAB_MODE;
+    else
+	mode = statbuf.st_mode;
+
+    return(mode);
+}
+
+static void
+copy_keyfile(char *keyfile, char *backup_keyfile)
+{
+    int keyfile_fd;
+    int backup_keyfile_fd;
+    int keyfile_mode;
+    char buf[BUFSIZ];		/* for copying keyfiles */
+    int rcount;			/* for copying keyfiles */
+    int try_again;
+    
+    memset(buf, 0, sizeof(buf));
+    
+    do {
+	try_again = FALSE;
+	if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) {
+	    if (errno != ENOENT)
+	      err (1, "open %s", keyfile);
+	    else {
+		try_again = TRUE;
+		if ((keyfile_fd = 
+		     open(keyfile, 
+			  O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0)
+		  err(1, "create %s", keyfile);
+		else
+		    if (close(keyfile_fd) < 0)
+		      err (1, "close %s", keyfile);
+	    }
+	}
+    } while(try_again);
+
+    keyfile_mode = get_mode(keyfile);
+
+    if ((backup_keyfile_fd = 
+	 open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT, 
+	      keyfile_mode)) < 0)
+	err (1, "open %s", backup_keyfile);
+    do {
+	if ((rcount = read(keyfile_fd, buf, sizeof(buf))) < 0)
+	    err (1, "read %s", keyfile);
+	if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount))
+	    err (1, "write %s", backup_keyfile);
+    } while (rcount);
+    if (close(backup_keyfile_fd) < 0)
+	err(1, "close %s", backup_keyfile);
+    if (close(keyfile_fd) < 0)
+	err(1, "close %s", keyfile);
+}
+
+void
+leave(char *str, int x)
+{
+    if (str)
+	fprintf(stderr, "%s\n", str);
+    if (destroyp)
+	 dest_tkt();
+    exit(x);
+}
+
+void
+safe_read_stdin(char *prompt, char *buf, size_t size)
+{
+    printf("%s", prompt);
+    fflush(stdout);
+    memset(buf, 0, size);
+    if (read(0, buf, size - 1) < 0) {
+	warn("read stdin");
+	leave(NULL, 1);
+    }
+    buf[strlen(buf)-1] = 0;
+}
+
+void
+safe_write(char *filename, int fd, void *buf, size_t len)
+{
+    if (write(fd, buf, len) != len) {
+	warn("write %s", filename);
+	close(fd);
+	leave("In progress srvtab in this file.", 1);
+    }
+}
+
+static int
+yes_no(char *string, int dflt)
+{
+  char ynbuf[5];
+  
+  printf("%s (y,n) [%c]", string, dflt?'y':'n');
+  for (;;) {
+    safe_read_stdin("", ynbuf, sizeof(ynbuf));
+    
+    if ((ynbuf[0] == 'n') || (ynbuf[0] == 'N'))
+      return(0);
+    else if ((ynbuf[0] == 'y') || (ynbuf[0] == 'Y'))
+      return(1);
+    else if(ynbuf[0] == 0)
+      return dflt;
+    else {
+      printf("Please enter 'y' or 'n': ");
+      fflush(stdout);
+    }
+  }
+}
+
+int yn(char *string)
+{
+  return yes_no(string, 1);
+}
+
+int ny(char *string)
+{
+  return yes_no(string, 0);
+}
+
+static void
+append_srvtab(char *filename, int fd, char *sname, char *sinst, char *srealm,
+	      unsigned char key_vno, unsigned char *key)
+{
+  /* Add one to append null */
+    safe_write(filename, fd, sname, strlen(sname) + 1);
+    safe_write(filename, fd, sinst, strlen(sinst) + 1);
+    safe_write(filename, fd, srealm, strlen(srealm) + 1);
+    safe_write(filename, fd, &key_vno, 1);
+    safe_write(filename, fd, key, sizeof(des_cblock));
+    fsync(fd);
+}    
+
+static void
+print_key(unsigned char *key)
+{
+    int i;
+
+    for (i = 0; i < 4; i++)
+	printf("%02x", key[i]);
+    printf(" ");
+    for (i = 4; i < 8; i++)
+	printf("%02x", key[i]);
+}
+
+static void
+print_name(char *name, char *inst, char *realm)
+{
+    printf("%s", krb_unparse_name_long(name, inst, realm));
+}
+
+static int
+get_svc_new_key(des_cblock *new_key, char *sname, char *sinst,
+		char *srealm, char *keyfile)
+{
+    int status = KADM_SUCCESS;
+
+    if (((status = krb_get_svc_in_tkt(sname, sinst, srealm, PWSERV_NAME,
+				      KADM_SINST, 1, keyfile)) == KSUCCESS) &&
+	((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, srealm)) == 
+	 KADM_SUCCESS)) {
+#ifdef NOENCRYPTION
+	memset(new_key, 0, sizeof(des_cblock));
+	(*new_key)[0] = (unsigned char) 1;
+#else /* NOENCRYPTION */
+	des_new_random_key(new_key);
+#endif /* NOENCRYPTION */
+	return(KADM_SUCCESS);
+    }
+    
+    return(status);
+}
+
+static void
+get_key_from_password(des_cblock (*key), char *cellname)
+{
+    char password[MAX_KPW_LEN];	/* storage for the password */
+
+    if (read_long_pw_string(password, sizeof(password)-1, "Password: ", 1))
+	leave("Error reading password.", 1);
+
+#ifdef NOENCRYPTION
+    memset(key, 0, sizeof(des_cblock));
+    (*key)[0] = (unsigned char) 1;
+#else /* NOENCRYPTION */
+    if (strlen(cellname) == 0)
+      des_string_to_key(password, key);
+    else
+      afs_string_to_key(password, cellname, key);
+#endif /* NOENCRYPTION */
+    memset(password, 0, sizeof(password));
+}    
+
+static void
+usage(void)
+{
+    fprintf(stderr, "Usage: ksrvutil [-f keyfile] [-i] [-k] ");
+    fprintf(stderr, "[-p principal] [-r realm] [-u]");
+    fprintf(stderr, "[-c AFS cellname] ");
+    fprintf(stderr, "{list | change | add | get | delete}\n");
+    fprintf(stderr, "   -i causes the program to ask for "
+	    "confirmation before changing keys.\n");
+    fprintf(stderr, "   -k causes the key to printed for list or change.\n");
+    fprintf(stderr, "   -u creates one keyfile for each principal "
+	    "(only used with `get')\n");
+    exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+    char sname[ANAME_SZ];	/* name of service */
+    char sinst[INST_SZ];	/* instance of service */
+    char srealm[REALM_SZ];	/* realm of service */
+    unsigned char key_vno;	/* key version number */
+    int status;			/* general purpose error status */
+    des_cblock new_key;
+    des_cblock old_key;
+    char change_tkt[MaxPathLen]; /* Ticket to use for key change */
+    char keyfile[MaxPathLen];	/* Original keyfile */
+    char work_keyfile[MaxPathLen]; /* Working copy of keyfile */
+    char backup_keyfile[MaxPathLen]; /* Backup copy of keyfile */
+    unsigned short keyfile_mode; /* Protections on keyfile */
+    int work_keyfile_fd = -1;	/* Initialize so that */
+    int backup_keyfile_fd = -1;	/* compiler doesn't complain */
+    char local_realm[REALM_SZ];	/* local kerberos realm */
+    char cellname[1024];         /* AFS cell name */
+    int c;
+    int interactive = FALSE;
+    int list = FALSE;
+    int change = FALSE;
+    int unique_filename = FALSE;
+    int add = FALSE;
+    int delete = FALSE;
+    int get = FALSE;
+    int key = FALSE;		/* do we show keys? */
+    int arg_entered = FALSE;
+    int change_this_key = FALSE;
+    char databuf[BUFSIZ];
+    int first_printed = FALSE;	/* have we printed the first item? */
+    
+    memset(sname, 0, sizeof(sname));
+    memset(sinst, 0, sizeof(sinst));
+    memset(srealm, 0, sizeof(srealm));
+    	  
+    memset(change_tkt, 0, sizeof(change_tkt));
+    memset(keyfile, 0, sizeof(keyfile));
+    memset(work_keyfile, 0, sizeof(work_keyfile));
+    memset(backup_keyfile, 0, sizeof(backup_keyfile));
+    memset(local_realm, 0, sizeof(local_realm));
+    memset(cellname, 0, sizeof(cellname));
+    
+    set_progname (argv[0]);
+
+    if (krb_get_default_principal(u_name, u_inst, u_realm) < 0)
+	errx (1, "could not get default principal");
+
+    /* This is used only as a default for adding keys */
+    if (krb_get_lrealm(local_realm, 1) != KSUCCESS)
+	strlcpy(local_realm,
+			KRB_REALM,
+			sizeof(local_realm));
+    
+    while((c = getopt(argc, argv, "ikc:f:p:r:u")) != -1) {
+	switch (c) {
+	case 'i':
+	    interactive++;
+	    break;
+	case 'k':
+	    key++;
+	    break;
+	case 'c':
+	    strlcpy(cellname, optarg, sizeof(cellname));
+	    break;
+	case 'f':
+	    strlcpy(keyfile, optarg, sizeof(keyfile));
+	    break;
+	case 'p':
+	    if((status = kname_parse (u_name, u_inst, u_realm, optarg)) !=
+	       KSUCCESS)
+		errx (1, "principal %s: %s", optarg,
+		      krb_get_err_text(status));
+	    break;
+	case 'r':
+	    strlcpy(u_realm, optarg, sizeof(u_realm));
+	    break;
+	case 'u':
+	    unique_filename = 1;
+	    break;
+	case '?':
+	    usage();
+	}
+    }
+    if (optind >= argc)
+	usage();
+    if (*u_realm == '\0')
+	 strlcpy (u_realm, local_realm, sizeof(u_realm));
+    if (strcmp(argv[optind], "list") == 0) {
+	if (arg_entered)
+	    usage();
+	else {
+	    arg_entered++;
+	    list++;
+	}
+    }
+    else if (strcmp(argv[optind], "change") == 0) {
+	if (arg_entered)
+	    usage();
+	else {
+	    arg_entered++;
+	    change++;
+	}
+    }
+    else if (strcmp(argv[optind], "add") == 0) {
+	if (arg_entered)
+	    usage();
+	else {
+	    arg_entered++;
+	    add++;
+	}
+    }
+    else if (strcmp(argv[optind], "get") == 0) {
+	if (arg_entered)
+	    usage();
+	else {
+	    arg_entered++;
+	    get++;
+	}
+    }
+    else if (strcmp(argv[optind], "delete") == 0) {
+	if (arg_entered)
+	    usage();
+	else {
+	    arg_entered++;
+	    delete++;
+	}
+    }
+    else
+	usage();
+    ++optind;
+    
+    if (!arg_entered)
+	usage();
+
+    if(unique_filename && !get)
+	warnx("`-u' flag is only used with `get'");
+
+    if (!keyfile[0])
+	strlcpy(keyfile, KEYFILE, sizeof(keyfile));
+
+    strlcpy(work_keyfile, keyfile, sizeof(work_keyfile));
+    strlcpy(backup_keyfile, keyfile, sizeof(backup_keyfile));
+    
+    if (change || add || (get && !unique_filename) || delete) {
+	snprintf(work_keyfile, sizeof(work_keyfile), "%s.work", keyfile);
+	snprintf(backup_keyfile, sizeof(backup_keyfile), "%s.old", keyfile);
+	copy_keyfile(keyfile, backup_keyfile);
+    }
+    
+    if (add || (get && !unique_filename))
+	copy_keyfile(backup_keyfile, work_keyfile);
+
+    keyfile_mode = get_mode(keyfile);
+
+    if (change || list || delete)
+	if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0)
+	    err (1, "open %s", backup_keyfile);
+
+    if (change || delete) {
+	if ((work_keyfile_fd = 
+	     open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC, 
+		  SRVTAB_MODE)) < 0)
+	    err (1, "creat %s", work_keyfile);
+    }
+    else if (add) {
+	if ((work_keyfile_fd =
+	     open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0)
+	    err (1, "open with append %s", work_keyfile );
+    }
+    else if (get && !unique_filename) {
+	if ((work_keyfile_fd =
+	     open(work_keyfile, O_RDWR | O_CREAT, SRVTAB_MODE)) < 0)
+	    err (1, "open for writing %s", work_keyfile);
+    }
+    
+    if (change || list || delete) {
+	while ((getst(backup_keyfile_fd, sname, SNAME_SZ) > 0) &&
+	       (getst(backup_keyfile_fd, sinst, INST_SZ) > 0) &&
+	       (getst(backup_keyfile_fd, srealm, REALM_SZ) > 0) &&
+	       (read(backup_keyfile_fd, &key_vno, 1) > 0) &&
+	       (read(backup_keyfile_fd, old_key, sizeof(old_key)) > 0)) {
+	    if (list) {
+		if (!first_printed) {
+		    printf(VNO_HEADER);
+		    printf(PAD);
+		    if (key) {
+			printf(KEY_HEADER);
+			printf(PAD);
+		    }
+		    printf(PRINC_HEADER);
+		    first_printed = 1;
+		}
+		printf(VNO_FORMAT, key_vno);
+		printf(PAD);
+		if (key) {
+		    print_key(old_key);
+		    printf(PAD);
+		}
+		print_name(sname, sinst, srealm);
+		printf("\n");
+	    }
+	    else if (change) {
+		snprintf(change_tkt, sizeof(change_tkt), "%s_ksrvutil.%u",
+			 TKT_ROOT, (unsigned)getpid());
+		krb_set_tkt_string(change_tkt);
+		destroyp = TRUE;
+
+		printf("\nPrincipal: ");
+		print_name(sname, sinst, srealm);
+		printf("; version %d\n", key_vno);
+		if (interactive)
+		    change_this_key = yn("Change this key?");
+		else
+		    change_this_key = 1;
+		
+		if (change_this_key)
+		    printf("Changing to version %d.\n", key_vno + 1);
+		else if (change)
+		    printf("Not changing this key.\n");
+		
+		if (change_this_key) {
+		    /*
+		     * This is not a good choice of seed when/if the
+		     * key has been compromised so we also use a
+		     * random sequence number!
+		     */
+		    des_init_random_number_generator(&old_key);
+		    {
+		        des_cblock seqnum;
+			des_generate_random_block(&seqnum);
+			des_set_sequence_number((unsigned char *)&seqnum);
+		    }
+		    /* 
+		     * Pick a new key and determine whether or not
+		     * it is safe to change
+		     */
+		    if ((status = 
+			 get_svc_new_key(&new_key, sname, sinst, 
+					 srealm, keyfile)) == KADM_SUCCESS)
+			key_vno++;
+		    else {
+		        memcpy(new_key, old_key, sizeof(new_key));
+			warnx ("Key NOT changed: %s\n",
+			       krb_get_err_text(status));
+			change_this_key = FALSE;
+		    }
+		}
+		else 
+		    memcpy(new_key, old_key, sizeof(new_key));
+		append_srvtab(work_keyfile, work_keyfile_fd, 
+			      sname, sinst, srealm, key_vno, new_key);
+		if (key && change_this_key) {
+		    printf("Old key: ");
+		    print_key(old_key);
+		    printf("; new key: ");
+		    print_key(new_key);
+		    printf("\n");
+		}
+		if (change_this_key) {
+		    if ((status = kadm_change_pw(new_key)) == KADM_SUCCESS) {
+			printf("Key changed.\n");
+			dest_tkt();
+		    }
+		    else {
+			com_err(__progname, status, 
+				" attempting to change password.");
+			dest_tkt();
+			/* XXX This knows the format of a keyfile */
+			if (lseek(work_keyfile_fd, -9, SEEK_CUR) >= 0) {
+			    key_vno--;
+			    safe_write(work_keyfile,
+				       work_keyfile_fd, &key_vno, 1);
+			    safe_write(work_keyfile, work_keyfile_fd,
+				       old_key, sizeof(des_cblock));
+			    fsync(work_keyfile_fd);
+			    fprintf(stderr,"Key NOT changed.\n");
+			} else {
+			    warn ("Unable to revert keyfile");
+			    leave("", 1);
+			}
+		    }
+		}
+	    } else if(delete) {
+		int delete_this_key;
+		printf("\nPrincipal: ");
+		print_name(sname, sinst, srealm);
+		printf("; version %d\n", key_vno);
+		delete_this_key = yn("Delete this key?");
+		
+		if (delete_this_key)
+		    printf("Deleting this key.\n");
+		
+		if (!delete_this_key) {
+		    append_srvtab(work_keyfile, work_keyfile_fd, 
+				  sname, sinst, srealm, key_vno, old_key);
+		}
+	    }
+	    memset(old_key, 0, sizeof(des_cblock));
+	    memset(new_key, 0, sizeof(des_cblock));
+	}
+    }
+    else if (add) {
+	do {
+	    do {
+		char *p;
+
+		safe_read_stdin("Name: ", databuf, sizeof(databuf));
+		p = strchr(databuf, '.');
+		if (p != NULL) {
+		    *p++ = '\0';
+		    strlcpy (sname, databuf, sizeof(sname));
+		    strlcpy (sinst, p, sizeof(sinst));
+		} else {
+		    strlcpy (sname, databuf, sizeof(sname));
+		    safe_read_stdin("Instance: ", databuf, sizeof(databuf));
+		    strlcpy (sinst, databuf, sizeof(databuf));
+		}
+
+		safe_read_stdin("Realm: ", databuf, sizeof(databuf));
+		if (databuf[0] != '\0')
+		    strlcpy (srealm, databuf, sizeof(srealm));
+		else
+		    strlcpy (srealm, local_realm, sizeof(srealm));
+
+		safe_read_stdin("Version number: ", databuf, sizeof(databuf));
+		key_vno = atoi(databuf);
+		if (!srealm[0])
+		    strlcpy(srealm, local_realm, sizeof(srealm));
+		printf("New principal: ");
+		print_name(sname, sinst, srealm);
+		printf("; version %d\n", key_vno);
+	    } while (!yn("Is this correct?"));
+	    get_key_from_password(&new_key, cellname);
+	    if (key) {
+		printf("Key: ");
+		print_key(new_key);
+		printf("\n");
+	    }
+	    append_srvtab(work_keyfile, work_keyfile_fd, 
+			  sname, sinst, srealm, key_vno, new_key);
+	    printf("Key successfully added.\n");
+	} while (yn("Would you like to add another key?"));
+    }
+    else if (get) {
+        ksrvutil_get(unique_filename, work_keyfile_fd, work_keyfile,
+		     argc - optind, argv + optind);
+    }
+
+    if (change || list || delete) 
+	if (close(backup_keyfile_fd) < 0)
+	    warn ("close %s", backup_keyfile);
+    
+    if (change || add || (get && !unique_filename) || delete) {
+	if (close(work_keyfile_fd) < 0)
+	    err (1, "close %s", work_keyfile);
+	if (rename(work_keyfile, keyfile) < 0)
+	    err (1, "rename(%s, %s)", work_keyfile, keyfile);
+	chmod(backup_keyfile, keyfile_mode);
+	chmod(keyfile, keyfile_mode);
+	printf("Old keyfile in %s.\n", backup_keyfile);
+    }
+    return 0;
+}
diff --git a/crypto/kerberosIV/kadmin/ksrvutil.h b/crypto/kerberosIV/kadmin/ksrvutil.h
new file mode 100644
index 0000000..2b562ac
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/ksrvutil.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan 
+ * (Royal Institute of Technology, Stockholm, Sweden).  
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: ksrvutil.h,v 1.10 1999/12/02 16:58:36 joda Exp $
+ *
+ */
+
+extern char u_name[], u_inst[], u_realm[];
+extern int destroyp;
+
+void leave(char *str, int x);
+void safe_read_stdin(char *prompt, char *buf, size_t size);
+void safe_write(char *filename, int fd, void *buf, size_t len);
+
+int yn(char *string);
+int ny(char *string);
+
+void ksrvutil_get(int unique_filename, int fd, 
+		  char *filename, int argc, char **argv);
diff --git a/crypto/kerberosIV/kadmin/ksrvutil_get.c b/crypto/kerberosIV/kadmin/ksrvutil_get.c
new file mode 100644
index 0000000..a08b10d
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/ksrvutil_get.c
@@ -0,0 +1,434 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm_locl.h"
+#include "ksrvutil.h"
+
+RCSID("$Id: ksrvutil_get.c,v 1.43 1999/12/02 16:58:36 joda Exp $");
+
+#define BAD_PW 1
+#define GOOD_PW 0
+#define FUDGE_VALUE 15		/* for ticket expiration time */
+#define PE_NO 0
+#define PE_YES 1
+#define PE_UNSURE 2
+
+static char tktstring[MaxPathLen];
+
+static int
+princ_exists(char *name, char *instance, char *realm)
+{
+    int status;
+
+    status = krb_get_pw_in_tkt(name, instance, realm,
+			       KRB_TICKET_GRANTING_TICKET,
+			       realm, 1, "");
+
+    if ((status == KSUCCESS) || (status == INTK_BADPW))
+	return(PE_YES);
+    else if (status == KDC_PR_UNKNOWN)
+	return(PE_NO);
+    else
+	return(PE_UNSURE);
+}
+
+static int
+get_admin_password(char *myname, char *myinst, char *myrealm)
+{
+  int status;
+  char admin_passwd[MAX_KPW_LEN];	/* Admin's password */
+  int ticket_life = 1;	/* minimum ticket lifetime */
+  char buf[1024];
+  CREDENTIALS c;
+
+  if (princ_exists(myname, myinst, myrealm) != PE_NO) {
+    snprintf(buf, sizeof(buf), "Password for %s: ",
+	    krb_unparse_name_long (myname, myinst, myrealm));
+    if (des_read_pw_string(admin_passwd, sizeof(admin_passwd)-1,
+			    buf, 0)) {
+      fprintf(stderr, "Error reading admin password.\n");
+      goto bad;
+    }
+    status = krb_get_pw_in_tkt(myname, myinst, myrealm, PWSERV_NAME, 
+			       KADM_SINST, ticket_life, admin_passwd);
+    memset(admin_passwd, 0, sizeof(admin_passwd));
+    
+    /* Initialize non shared random sequence from session key. */
+    memset(&c, 0, sizeof(c));
+    krb_get_cred(PWSERV_NAME, KADM_SINST, myrealm, &c);
+    des_init_random_number_generator(&c.session);
+  } else
+    status = KDC_PR_UNKNOWN;
+  
+  switch(status) {
+  case GT_PW_OK:
+    return(GOOD_PW);
+  case KDC_PR_UNKNOWN:
+    printf("Principal %s does not exist.\n",
+	   krb_unparse_name_long(myname, myinst, myrealm));
+    goto bad;
+  case GT_PW_BADPW:
+    printf("Incorrect admin password.\n");
+    goto bad;
+  default:
+    com_err("kadmin", status+krb_err_base,
+	    "while getting password tickets");
+    goto bad;
+  }
+  
+bad:
+  memset(admin_passwd, 0, sizeof(admin_passwd));
+  dest_tkt();
+  return(BAD_PW);
+}
+
+static void
+srvtab_put_key (int fd, char *filename, char *name, char *inst, char *realm,
+		int8_t kvno, des_cblock key)
+{
+  char sname[ANAME_SZ];		/* name of service */
+  char sinst[INST_SZ];		/* instance of service */
+  char srealm[REALM_SZ];	/* realm of service */
+  int8_t skvno;
+  des_cblock skey;
+
+  lseek(fd, 0, SEEK_SET);
+
+  while(getst(fd, sname,  SNAME_SZ) > 0 &&
+	getst(fd, sinst,  INST_SZ) > 0  &&
+	getst(fd, srealm, REALM_SZ) > 0 &&
+	read(fd, &skvno,  sizeof(skvno)) > 0 &&
+	read(fd, skey,    sizeof(skey)) > 0) {
+    if(strcmp(name,  sname)  == 0 &&
+       strcmp(inst,  sinst)  == 0 &&
+       strcmp(realm, srealm) == 0) {
+      lseek(fd, lseek(fd,0,SEEK_CUR)-(sizeof(skvno) + sizeof(skey)), SEEK_SET);
+      safe_write(filename, fd, &kvno, sizeof(kvno));
+      safe_write(filename, fd, key,   sizeof(des_cblock));
+      return;
+    }
+  }
+  safe_write(filename, fd, name,  strlen(name) + 1);
+  safe_write(filename, fd, inst,  strlen(inst) + 1);
+  safe_write(filename, fd, realm, strlen(realm) + 1);
+  safe_write(filename, fd, &kvno, sizeof(kvno));
+  safe_write(filename, fd, key,   sizeof(des_cblock));
+}
+
+/* 
+ * node list of services 
+ */
+
+struct srv_ent{
+  char name[SNAME_SZ];
+  char inst[INST_SZ];
+  char realm[REALM_SZ];
+  struct srv_ent *next;
+};
+
+static int
+key_to_key(const char *user,
+	   char *instance,
+	   const char *realm,
+	   const void *arg,
+	   des_cblock *key)
+{
+  memcpy(key, arg, sizeof(des_cblock));
+  return 0;
+}
+
+static void
+get_srvtab_ent(int unique_filename, int fd, char *filename, 
+	       char *name, char *inst, char *realm)
+{
+    char chname[128];
+    des_cblock newkey;
+    char old_tktfile[MaxPathLen], new_tktfile[MaxPathLen];
+    char garbage_name[ANAME_SZ];
+    char garbage_inst[ANAME_SZ];
+    CREDENTIALS c;
+    u_int8_t kvno;
+    Kadm_vals values;
+    int ret;
+
+    strlcpy(chname, krb_get_phost(inst), sizeof(chname));
+    if(strcmp(inst, chname))
+	fprintf(stderr, 
+		"Warning: Are you sure `%s' should not be `%s'?\n",
+		inst, chname);
+    
+    memset(&values, 0, sizeof(values));
+    strlcpy(values.name, name, sizeof(values.name));
+    strlcpy(values.instance, inst, sizeof(values.instance));
+    des_new_random_key(&newkey);
+    values.key_low = (newkey[0] << 24) | (newkey[1] << 16)
+	| (newkey[2] << 8) | (newkey[3] << 0);
+    values.key_high = (newkey[4] << 24) | (newkey[5] << 16)
+	| (newkey[6] << 8) | (newkey[7] << 0);
+
+    SET_FIELD(KADM_NAME,values.fields);
+    SET_FIELD(KADM_INST,values.fields);
+    SET_FIELD(KADM_DESKEY,values.fields);
+
+    ret = kadm_mod(&values, &values);
+    if(ret == KADM_NOENTRY)
+	ret = kadm_add(&values);
+    if (ret != KSUCCESS) {
+	warnx ("Couldn't get srvtab entry for %s.%s: %s",
+	       name, inst, error_message(ret));
+	return;
+    }
+  
+    values.key_low = values.key_high = 0;
+
+    /* get the key version number */
+    { 
+	int old = krb_use_admin_server(1);
+
+	strlcpy(old_tktfile, tkt_string(), sizeof(old_tktfile));
+	snprintf(new_tktfile, sizeof(new_tktfile), "%s_ksrvutil-get.%u",
+		 TKT_ROOT, (unsigned)getpid());
+	krb_set_tkt_string(new_tktfile);
+      
+	ret = krb_get_in_tkt(name, inst, realm, name, inst,
+			     1, key_to_key, NULL, &newkey);
+	krb_use_admin_server(old);
+ 	if (ret) {
+	    warnx ("getting tickets for %s: %s", 
+		   krb_unparse_name_long(name, inst, realm),
+		   krb_get_err_text(ret));
+	    return;
+  	}
+    }
+      
+    if (ret == KSUCCESS &&
+	(ret = tf_init(tkt_string(), R_TKT_FIL)) == KSUCCESS &&
+	(ret = tf_get_pname(garbage_name)) == KSUCCESS &&
+	(ret = tf_get_pinst(garbage_inst)) == KSUCCESS &&
+	(ret = tf_get_cred(&c)) == KSUCCESS)
+	kvno = c.kvno;
+    else {
+	warnx ("Could not find the cred in the ticket file: %s",
+	       krb_get_err_text(ret));
+	return;
+    }
+
+    tf_close();
+    krb_set_tkt_string(old_tktfile);
+    unlink(new_tktfile);
+    
+    if(ret != KSUCCESS) {
+	memset(&newkey, 0, sizeof(newkey));
+	warnx ("Could not get a ticket for %s: %s\n",
+	       krb_unparse_name_long(name, inst, realm),
+	       krb_get_err_text(ret));
+	return;
+    }
+
+    /* Write the new key & c:o to the srvtab file */
+
+    if(unique_filename){
+	char *fn;
+	asprintf(&fn, "%s-%s", filename, 
+		 krb_unparse_name_long(name, inst, realm));
+	if(fn == NULL){
+	    warnx("Out of memory");
+	    leave(NULL, 1);
+	}
+	fd = open(fn, O_RDWR | O_CREAT | O_TRUNC, 0600); /* XXX flags, mode? */
+	if(fd < 0){
+	    warn("%s", fn);
+	    leave(NULL, 1);
+	}
+	srvtab_put_key (fd, fn, name, inst, realm, kvno, newkey);
+	close(fd);
+	fprintf (stderr, "Created %s\n", fn);
+	free(fn);
+    }else{
+	srvtab_put_key (fd, filename, name, inst, realm, kvno, newkey);
+	fprintf (stderr, "Added %s\n", 
+		 krb_unparse_name_long (name, inst, realm));
+    }
+    memset(&newkey, 0, sizeof(newkey));
+}
+
+static void
+ksrvutil_kadm(int unique_filename, int fd, char *filename, struct srv_ent *p)
+{
+  int ret;
+  CREDENTIALS c;
+  
+  ret = kadm_init_link(PWSERV_NAME, KADM_SINST, u_realm);
+  if (ret != KADM_SUCCESS) {
+    warnx("Couldn't initialize kadmin link: %s", error_message(ret));
+    leave(NULL, 1);
+  }
+  
+  ret = krb_get_cred (PWSERV_NAME, KADM_SINST, u_realm, &c);
+  if (ret == KSUCCESS)
+    des_init_random_number_generator (&c.session);
+  else {
+    umask(077);
+       
+    /*
+     *  create ticket file and get admin tickets
+     */
+    snprintf(tktstring, sizeof(tktstring), "%s_ksrvutil_%d",
+	     TKT_ROOT, (int)getpid());
+    krb_set_tkt_string(tktstring);
+    destroyp = TRUE;
+       
+    ret = get_admin_password(u_name, u_inst, u_realm);
+    if (ret) {
+      warnx("Couldn't get admin password.");
+      leave(NULL, 1);
+    }
+  }  
+  for(;p;){
+    get_srvtab_ent(unique_filename, fd, filename, p->name, p->inst, p->realm);
+    p=p->next;
+  }
+  unlink(tktstring);
+}
+
+static void
+parseinput (char *result, size_t sz, char *val, char *def)
+{
+  char *lim;
+  int inq;
+
+  if (val[0] == '\0') {
+    strlcpy (result, def, sz);
+    return;
+  }
+  lim = result + sz - 1;
+  inq = 0;
+  while(*val && result < lim) {
+    switch(*val) {
+    case '\'' :
+      inq = !inq;
+      ++val;
+      break;
+    case '\\' :
+      if(!inq)
+	val++;
+    default:
+      *result++ = *val++;
+      break;
+    }
+  }
+  *result = '\0';
+}
+
+void
+ksrvutil_get(int unique_filename, int fd, char *filename, int argc, char **argv)
+{
+  char sname[ANAME_SZ];		/* name of service */
+  char sinst[INST_SZ];		/* instance of service */
+  char srealm[REALM_SZ];	/* realm of service */
+  char databuf[BUFSIZ];
+  char local_hostname[100];
+  char prompt[100];
+  struct srv_ent *head=NULL;
+  int i;
+
+  gethostname(local_hostname, sizeof(local_hostname));
+  strlcpy(local_hostname,
+		  krb_get_phost(local_hostname),
+		  sizeof(local_hostname));
+
+  if (argc)
+    for(i=0; i < argc; ++i) {
+      struct srv_ent *p=malloc(sizeof(*p));
+
+      if(p == NULL) {
+	warnx ("out of memory in malloc");
+	leave(NULL,1);
+      }
+      p->next = head;
+      strlcpy (p->realm, u_realm, sizeof(p->realm));
+      if (kname_parse (p->name, p->inst, p->realm, argv[i]) !=
+	  KSUCCESS) {
+	warnx ("parse error on '%s'\n", argv[i]);
+	free(p);
+	continue;
+      }
+      if (p->name[0] == '\0')
+	strlcpy(p->name, "rcmd", sizeof(p->name));
+      if (p->inst[0] == '\0')
+	strlcpy(p->inst, local_hostname, sizeof(p->inst));
+      if (p->realm[0] == '\0')
+	strlcpy(p->realm, u_realm, sizeof(p->realm));
+      head = p;
+    }
+
+  else
+    do{
+      safe_read_stdin("Name [rcmd]: ", databuf, sizeof(databuf));
+      parseinput (sname, sizeof(sname), databuf, "rcmd");
+    
+      snprintf(prompt, sizeof(prompt), "Instance [%s]: ", local_hostname);
+      safe_read_stdin(prompt, databuf, sizeof(databuf));
+      parseinput (sinst, sizeof(sinst), databuf, local_hostname);
+    
+      snprintf(prompt, sizeof(prompt), "Realm [%s]: ", u_realm);
+      safe_read_stdin(prompt, databuf, sizeof(databuf));
+      parseinput (srealm, sizeof(srealm), databuf, u_realm);
+
+      if(yn("Is this correct?")){
+	struct srv_ent *p=(struct srv_ent*)malloc(sizeof(struct srv_ent));
+	if (p == NULL) {
+	    warnx ("out of memory in malloc");
+	    leave(NULL,1);
+	}
+	p->next=head;
+	head=p;
+	strlcpy(p->name, sname, sizeof(p->name));
+	strlcpy(p->inst, sinst, sizeof(p->inst));
+	strlcpy(p->realm, srealm, sizeof(p->realm));
+      }
+    }while(ny("Add more keys?"));
+  
+  
+  ksrvutil_kadm(unique_filename, fd, filename, head);
+
+  {
+    struct srv_ent *p=head, *q;
+    while(p){
+      q=p;
+      p=p->next;
+      free(q);
+    }
+  }
+
+}
diff --git a/crypto/kerberosIV/kadmin/new_pwd.c b/crypto/kerberosIV/kadmin/new_pwd.c
new file mode 100644
index 0000000..cfeb095
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/new_pwd.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: new_pwd.c,v 1.14 1999/12/02 16:58:36 joda Exp $");
+
+#ifdef NOENCRYPTION
+#define read_long_pw_string placebo_read_pw_string
+#else
+#define read_long_pw_string des_read_pw_string
+#endif
+
+static char *
+check_pw (char *pword)
+{
+    int ret = kadm_check_pw(pword);
+    switch(ret) {
+    case 0:
+	return NULL;
+    case KADM_PASS_Q_NULL:
+	return "Null passwords are not allowed - "
+	    "Please enter a longer password.";
+    case KADM_PASS_Q_TOOSHORT:
+	return "Password is to short - Please enter a longer password.";
+    case KADM_PASS_Q_CLASS:
+	/* XXX */
+	return "Please don't use an all-lower case password.\n"
+	    "\tUnusual capitalization, delimiter characters or "
+	    "digits are suggested.";
+    }
+    return "Password is insecure"; /* XXX this shouldn't happen */
+}
+
+int
+get_pw_new_pwd(char *pword, int pwlen, krb_principal *pr, int print_realm)
+{
+    char ppromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */
+    char npromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */
+    
+    char p[MAX_K_NAME_SZ];
+    
+    char local_realm[REALM_SZ];
+    int status;
+    char *expl;
+    
+    /*
+     * We don't care about failure; this is to determine whether or
+     * not to print the realm in the prompt for a new password. 
+     */
+    krb_get_lrealm(local_realm, 1);
+    
+    if (strcmp(local_realm, pr->realm))
+	print_realm++;
+    
+    {
+	char *q;
+	krb_unparse_name_r(pr, p);
+	if(print_realm == 0 && (q = strrchr(p, '@')))
+	    *q = 0;
+    }
+
+    snprintf(ppromp, sizeof(ppromp), "Old password for %s:", p);
+    if (read_long_pw_string(pword, pwlen-1, ppromp, 0)) {
+	fprintf(stderr, "Error reading old password.\n");
+	return -1;
+    }
+
+    status = krb_get_pw_in_tkt(pr->name, pr->instance, pr->realm, 
+			       PWSERV_NAME, KADM_SINST, 1, pword);
+    if (status != KSUCCESS) {
+	if (status == INTK_BADPW) {
+	    printf("Incorrect old password.\n");
+	    return -1;
+	}
+	else {
+	    fprintf(stderr, "Kerberos error: %s\n", krb_get_err_text(status));
+	    return -1;
+	}
+    }
+    memset(pword, 0, pwlen);
+    
+    do {
+	char verify[MAX_KPW_LEN];
+
+	snprintf(npromp, sizeof(npromp), "New Password for %s:",p);
+	if (read_long_pw_string(pword, pwlen-1, npromp, 0)) {
+	    fprintf(stderr,
+		    "Error reading new password, password unchanged.\n");
+	    return -1;
+        }
+	expl = check_pw (pword);
+	if (expl) {
+	    printf("\n\t%s\n\n", expl);
+	    continue;
+	}
+	/* Now we got an ok password, verify it. */
+	snprintf(npromp, sizeof(npromp), "Verifying New Password for %s:", p);
+	if (read_long_pw_string(verify, MAX_KPW_LEN-1, npromp, 0)) {
+	    fprintf(stderr,
+		    "Error reading new password, password unchanged.\n");
+	    return -1;
+        }
+	if (strcmp(pword, verify) != 0) {
+	    printf("Verify failure - try again\n");
+	    expl = "";		/* continue */
+	}
+    } while (expl);
+    return 0;
+}
diff --git a/crypto/kerberosIV/kadmin/pw_check.c b/crypto/kerberosIV/kadmin/pw_check.c
new file mode 100644
index 0000000..448ad37
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/pw_check.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: pw_check.c,v 1.14 1999/12/02 16:58:36 joda Exp $");
+
+/*
+ * kadm_pw_check
+ *
+ * pw		: new password or "" if none passed
+ * newkey	: key for pw as passed from client
+ * strings	: interesting strings to check for
+ *
+ * returns NULL if pw is ok, else an explanatory string
+ */
+int
+kadm_pw_check(char *pw, des_cblock *newkey, char **pw_msg, 
+	      char **strings)
+{
+  des_cblock pwkey;
+  int status=KADM_SUCCESS;
+  
+  if (pw == NULL || *pw == '\0')
+    return status;		/* XXX - Change this later */
+
+#ifndef NO_PW_CHECK
+  *pw_msg = NULL;
+  des_string_to_key(pw, &pwkey); /* Check AFS string to key also! */
+  if (memcmp(pwkey, *newkey, sizeof(pwkey)) != 0)
+    {
+      /* no password or bad key */
+      status=KADM_PW_MISMATCH;
+      *pw_msg = "Password doesn't match supplied DES key";
+    }
+  else if (strlen(pw) < MIN_KPW_LEN)
+    {
+      status = KADM_INSECURE_PW;
+      *pw_msg="Password is too short";
+    }
+  
+#ifdef DICTPATH
+  *pw_msg = FascistCheck(pw, DICTPATH, strings);
+  if (*pw_msg)
+    return KADM_INSECURE_PW;
+#endif
+
+  memset(pwkey, 0, sizeof(pwkey));
+#endif
+
+  return status;
+}
diff --git a/crypto/kerberosIV/kadmin/pw_check.h b/crypto/kerberosIV/kadmin/pw_check.h
new file mode 100644
index 0000000..8b717f8
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/pw_check.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: pw_check.h,v 1.7 1999/12/02 16:58:36 joda Exp $ 
+ */
+
+int kadm_pw_check(char *pw, des_cblock *newkey, 
+		  char **pw_msg, char **strings);
+
diff --git a/crypto/kerberosIV/kadmin/random_password.c b/crypto/kerberosIV/kadmin/random_password.c
new file mode 100644
index 0000000..ec8309e
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/random_password.c
@@ -0,0 +1,160 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: random_password.c,v 1.4 1999/12/02 16:58:36 joda Exp $");
+
+/* This file defines some a function that generates a random password,
+   that can be used when creating a large amount of principals (such
+   as for a batch of students). Since this is a political matter, you
+   should think about how secure generated passwords has to be.
+   
+   Both methods defined here will give you at least 55 bits of
+   entropy.
+   */
+
+/* If you want OTP-style passwords, define OTP_STYLE */
+
+#ifdef OTP_STYLE
+#include <otp.h>
+#else
+static void generate_password(char **pw, int num_classes, ...);
+#endif
+
+void
+random_password(char *pw, size_t len, u_int32_t *low, u_int32_t *high)
+{
+    des_cblock newkey;
+#ifdef OTP_STYLE
+    des_new_random_key(&newkey);
+    otp_print_stddict (newkey, pw, len);
+    strlwr(pw);
+#else
+    char *pass;
+    generate_password(&pass, 3, 
+		      "abcdefghijklmnopqrstuvwxyz", 7, 
+		      "ABCDEFGHIJKLMNOPQRSTUVWXYZ", 2, 
+		      "@$%&*()-+=:,/<>1234567890", 1);
+    strlcpy(pw, pass, len);
+    memset(pass, 0, strlen(pass));
+    free(pass);
+#endif
+    des_string_to_key(pw, &newkey);
+    memcpy(low, newkey, 4);
+    memcpy(high, ((char *)newkey) + 4, 4);
+    memset(newkey, 0, sizeof(newkey));
+
+    *low = htonl(*low);
+    *high = htonl(*high);
+}
+
+/* some helper functions */
+
+#ifndef OTP_STYLE
+/* return a random value in range 0-127 */
+static int
+RND(des_cblock *key, int *left)
+{
+    if(*left == 0){
+	des_new_random_key(key);
+	*left = 8;
+    }
+    (*left)--;
+    return ((unsigned char*)key)[*left];
+}
+
+/* This a helper function that generates a random password with a
+   number of characters from a set of character classes.
+
+   If there are n classes, and the size of each class is Pi, and the
+   number of characters from each class is Ni, the number of possible
+   passwords are (given that the character classes are disjoint):
+
+     n             n
+   -----        /  ----  \
+   |   |  Ni    |  \     |
+   |   | Pi     |   \  Ni| !
+   |   | ---- * |   /    |
+   |   | Ni!    |  /___  |
+    i=1          \  i=1  /
+   
+    Since it uses the RND function above, neither the size of each
+    class, nor the total length of the generated password should be
+    larger than 127 (without fixing RND).
+   
+   */
+static void
+generate_password(char **pw, int num_classes, ...)
+{
+    struct {
+	const char *str;
+	int len;
+	int freq;
+    } *classes;
+    va_list ap;
+    int len, i;
+    des_cblock rbuf; /* random buffer */
+    int rleft = 0;
+
+    classes = malloc(num_classes * sizeof(*classes));
+    va_start(ap, num_classes);
+    len = 0;
+    for(i = 0; i < num_classes; i++){
+	classes[i].str = va_arg(ap, const char*);
+	classes[i].len = strlen(classes[i].str);
+	classes[i].freq = va_arg(ap, int);
+	len += classes[i].freq;
+    }
+    va_end(ap);
+    *pw = malloc(len + 1);
+    if(*pw == NULL)
+	return;
+    for(i = 0; i < len; i++) {
+	int j;
+	int x = RND(&rbuf, &rleft) % (len - i);
+	int t = 0;
+	for(j = 0; j < num_classes; j++) {
+	    if(x < t + classes[j].freq) {
+		(*pw)[i] = classes[j].str[RND(&rbuf, &rleft) % classes[j].len];
+		classes[j].freq--;
+		break;
+	    }
+	    t += classes[j].freq;
+	}
+    }
+    (*pw)[len] = '\0';
+    memset(rbuf, 0, sizeof(rbuf));
+    free(classes);
+}
+#endif
diff --git a/crypto/kerberosIV/kuser/Makefile.in b/crypto/kerberosIV/kuser/Makefile.in
new file mode 100644
index 0000000..9047bdd
--- /dev/null
+++ b/crypto/kerberosIV/kuser/Makefile.in
@@ -0,0 +1,90 @@
+# $Id: Makefile.in,v 1.30 1999/03/10 19:01:14 joda Exp $
+
+SHELL	= /bin/sh
+
+srcdir	= @srcdir@
+VPATH	= @srcdir@
+
+top_builddir	= ..
+
+CC		= @CC@
+LINK		= @LINK@
+AR		= ar
+RANLIB		= @RANLIB@
+DEFS		= @DEFS@
+CFLAGS		= @CFLAGS@ $(WFLAGS)
+WFLAGS		= @WFLAGS@
+LD_FLAGS	= @LD_FLAGS@
+INSTALL		= @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+LIBS		= @LIBS@
+KRB_KAFS_LIB	= @KRB_KAFS_LIB@
+MKINSTALLDIRS	= @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+libdir = @libdir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROGS = kinit$(EXECSUFFIX) \
+	kdestroy$(EXECSUFFIX) \
+	klist$(EXECSUFFIX)
+
+SOURCES = kinit.c kdestroy.c klist.c
+
+OBJECTS = kinit.o kdestroy.o klist.o
+
+all: $(PROGS)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
+	for x in $(PROGS); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(PROGS); do \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+KLIB=-L../lib/krb -lkrb -L../lib/des -ldes
+LIBROKEN=-L../lib/roken -lroken
+
+kinit$(EXECSUFFIX): kinit.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kinit.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+kdestroy$(EXECSUFFIX): kdestroy.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdestroy.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+klist$(EXECSUFFIX): klist.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ klist.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+# su move to appl/bsd
+
+$(OBJECTS): ../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/kuser/kdestroy.c b/crypto/kerberosIV/kuser/kdestroy.c
new file mode 100644
index 0000000..93e3a66
--- /dev/null
+++ b/crypto/kerberosIV/kuser/kdestroy.c
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "kuser_locl.h"
+#include <kafs.h>
+#include <getarg.h>
+
+RCSID("$Id: kdestroy.c,v 1.17 1999/12/02 16:58:36 joda Exp $");
+
+#ifdef LEGACY_KDESTROY
+int ticket_flag = 1;
+int unlog_flag  = 0;
+#else
+int ticket_flag = -1;
+int unlog_flag  = -1;
+#endif
+int quiet_flag;
+int help_flag;
+int version_flag;
+
+struct getargs args[] = {
+    { "quiet", 		'q',	arg_flag, 	&quiet_flag, 
+      "don't print any messages" },
+    { NULL, 		'f',	arg_flag, 	&quiet_flag },
+    { "tickets",	't',	arg_flag,       &ticket_flag,
+    "destroy tickets" },
+    { "unlog",          'u',    arg_flag,       &unlog_flag,
+      "destroy AFS tokens" },
+    { "version", 	0,	arg_flag,	&version_flag },
+    { "help",		'h',	arg_flag,	&help_flag }
+};
+
+int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int code)
+{
+    arg_printusage(args, num_args, NULL, "");
+    exit(code);
+}
+
+int
+main(int argc, char **argv)
+{
+    int optind = 0;
+    int ret = RET_TKFIL;
+
+    set_progname(argv[0]);
+    if(getarg(args, num_args, argc, argv, &optind))
+	usage(1);
+
+    if(help_flag)
+	usage(0);
+
+    if(version_flag) {
+	print_version(NULL);
+	exit(0);
+    }
+    
+    if (unlog_flag == -1 && ticket_flag == -1)
+        unlog_flag = ticket_flag = 1;
+
+    if (ticket_flag)
+        ret = dest_tkt();
+
+    if (unlog_flag && k_hasafs())
+	k_unlog();
+
+    if (!quiet_flag) {
+	if (ret == KSUCCESS)
+	    printf("Tickets destroyed.\n");
+	else if (ret == RET_TKFIL)
+	    printf("No tickets to destroy.\n");
+	else {
+	    printf("Tickets NOT destroyed.\n");
+	}
+    }
+
+    if (ret == KSUCCESS || ret == RET_TKFIL)
+	return 0;
+    else
+	return 1;
+}
diff --git a/crypto/kerberosIV/kuser/kinit.c b/crypto/kerberosIV/kuser/kinit.c
new file mode 100644
index 0000000..96c0e4f
--- /dev/null
+++ b/crypto/kerberosIV/kuser/kinit.c
@@ -0,0 +1,159 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>. 
+ *
+ * Routine to initialize user to Kerberos.  Prompts optionally for
+ * user, instance and realm.  Authenticates user and gets a ticket
+ * for the Kerberos ticket-granting service for future use. 
+ *
+ * Options are: 
+ *
+ *   -i[instance]
+ *   -r[realm]
+ *   -v[erbose]
+ *   -l[ifetime]
+ *   -p
+ *
+ * $FreeBSD$
+ */
+
+#include "kuser_locl.h"
+
+RCSID("$Id: kinit.c,v 1.17 1997/12/12 04:48:44 assar Exp $");
+
+#define	LIFE	DEFAULT_TKT_LIFE /* lifetime of ticket in 5-minute units */
+#define CHPASSLIFE 2
+
+static void
+get_input(char *s, int size, FILE *stream)
+{
+    char *p;
+
+    if (fgets(s, size, stream) == NULL)
+	exit(1);
+    if ( (p = strchr(s, '\n')) != NULL)
+	*p = '\0';
+}
+
+
+static void
+usage(void)
+{
+    fprintf(stderr, "Usage: %s [-irvlp] [name]\n", __progname);
+    exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+    char    aname[ANAME_SZ];
+    char    inst[INST_SZ];
+    char    realm[REALM_SZ];
+    char    buf[MaxHostNameLen];
+    char    name[MAX_K_NAME_SZ];
+    char   *username = NULL;
+    int     iflag, rflag, vflag, lflag, pflag, lifetime, k_errno;
+    int	    i;
+
+    set_progname (argv[0]);
+
+    *inst = *realm = '\0';
+    iflag = rflag = vflag = lflag = pflag = 0;
+    lifetime = LIFE;
+
+    while (--argc) {
+	if ((*++argv)[0] != '-') {
+	    if (username)
+		usage();
+	    username = *argv;
+	    continue;
+	}
+	for (i = 1; (*argv)[i] != '\0'; i++)
+	    switch ((*argv)[i]) {
+	    case 'i':		/* Instance */
+		++iflag;
+		continue;
+	    case 'r':		/* Realm */
+		++rflag;
+		continue;
+	    case 'v':		/* Verbose */
+		++vflag;
+		continue;
+	    case 'l':
+		++lflag;
+		continue;
+	    case 'p':
+		++pflag;	/* chpass-tickets */
+		lifetime = CHPASSLIFE;
+		break;
+	    default:
+		usage();
+	    }
+    }
+    if (username &&
+	(k_errno = kname_parse(aname, inst, realm, username)) != KSUCCESS) {
+	warnx("%s", krb_get_err_text(k_errno));
+	iflag = rflag = 1;
+	username = NULL;
+    }
+    if (gethostname(buf, MaxHostNameLen)) 
+	err(1, "gethostname failed");
+    printf("%s (%s)\n", ORGANIZATION, buf);
+    if (username) {
+	printf("Kerberos Initialization for \"%s", aname);
+	if (*inst)
+	    printf(".%s", inst);
+	if (*realm)
+	    printf("@%s", realm);
+	printf("\"\n");
+    } else {
+	printf("Kerberos Initialization\n");
+	printf("Kerberos name: ");
+	get_input(name, sizeof(name), stdin);
+	if (!*name)
+	    return 0;
+	if ((k_errno = kname_parse(aname, inst, realm, name)) != KSUCCESS )
+	    errx(1, "%s", krb_get_err_text(k_errno));
+    }
+    /* optional instance */
+    if (iflag) {
+	printf("Kerberos instance: ");
+	get_input(inst, sizeof(inst), stdin);
+	if (!k_isinst(inst))
+	    errx(1, "bad Kerberos instance format");
+    }
+    if (rflag) {
+	printf("Kerberos realm: ");
+	get_input(realm, sizeof(realm), stdin);
+	if (!k_isrealm(realm))
+	    errx(1, "bad Kerberos realm format");
+    }
+    if (lflag) {
+	 printf("Kerberos ticket lifetime (minutes): ");
+	 get_input(buf, sizeof(buf), stdin);
+	 lifetime = atoi(buf);
+	 if (lifetime < 5)
+	      lifetime = 1;
+	 else
+	      lifetime = krb_time_to_life(0, lifetime*60);
+	 /* This should be changed if the maximum ticket lifetime */
+	 /* changes */
+	 if (lifetime > 255)
+	      lifetime = 255;
+    }
+    if (!*realm && krb_get_lrealm(realm, 1))
+	errx(1, "krb_get_lrealm failed");
+    k_errno = krb_get_pw_in_tkt(aname, inst, realm,
+				pflag ? PWSERV_NAME : 
+				KRB_TICKET_GRANTING_TICKET,
+				pflag ? KADM_SINST  : realm,
+				lifetime, 0);
+    if (vflag) {
+	printf("Kerberos realm %s:\n", realm);
+	printf("%s\n", krb_get_err_text(k_errno));
+    } else if (k_errno)
+	errx(1, "%s", krb_get_err_text(k_errno));
+    exit(0);
+}
diff --git a/crypto/kerberosIV/kuser/klist.c b/crypto/kerberosIV/kuser/klist.c
new file mode 100644
index 0000000..007c5f0
--- /dev/null
+++ b/crypto/kerberosIV/kuser/klist.c
@@ -0,0 +1,395 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>. 
+ *
+ * Lists your current Kerberos tickets.
+ * Written by Bill Sommerfeld, MIT Project Athena.
+ */
+
+#include "kuser_locl.h"
+
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+
+#ifdef HAVE_SYS_IOCCOM_H
+#include <sys/ioccom.h>
+#endif
+
+#include <kafs.h>
+
+#include <parse_time.h>
+
+RCSID("$Id: klist.c,v 1.44.2.2 1999/12/07 00:20:43 assar Exp $");
+
+static int option_verbose = 0;
+
+static char *
+short_date(int32_t dp)
+{
+    char *cp;
+    time_t t = (time_t)dp;
+
+    if (t == (time_t)(-1L)) return "***  Never  *** ";
+    cp = ctime(&t) + 4;
+    cp[15] = '\0';
+    return (cp);
+}
+
+/* prints the approximate kdc time differential as something human
+   readable */
+
+static void
+print_time_diff(void)
+{
+    int d = abs(krb_get_kdc_time_diff());
+    char buf[80];
+
+    if ((option_verbose && d > 0) || d > 60) {
+	unparse_time_approx (d, buf, sizeof(buf));
+	printf ("Time diff:\t%s\n", buf);
+    }
+}
+
+static
+int
+display_tktfile(char *file, int tgt_test, int long_form)
+{
+    krb_principal pr;
+    char    buf1[20], buf2[20];
+    int     k_errno;
+    CREDENTIALS c;
+    int     header = 1;
+
+    if ((file == NULL) && ((file = getenv("KRBTKFILE")) == NULL))
+	file = TKT_FILE;
+
+    if (long_form)
+	printf("Ticket file:	%s\n", file);
+
+    /* 
+     * Since krb_get_tf_realm will return a ticket_file error, 
+     * we will call tf_init and tf_close first to filter out
+     * things like no ticket file.  Otherwise, the error that 
+     * the user would see would be 
+     * klist: can't find realm of ticket file: No ticket file (tf_util)
+     * instead of
+     * klist: No ticket file (tf_util)
+     */
+
+    /* Open ticket file */
+    if ((k_errno = tf_init(file, R_TKT_FIL))) {
+	if (!tgt_test)
+	    warnx("%s", krb_get_err_text(k_errno));
+	return 1;
+    }
+    /* Close ticket file */
+    tf_close();
+
+    /* 
+     * We must find the realm of the ticket file here before calling
+     * tf_init because since the realm of the ticket file is not
+     * really stored in the principal section of the file, the
+     * routine we use must itself call tf_init and tf_close.
+     */
+    if ((k_errno = krb_get_tf_realm(file, pr.realm)) != KSUCCESS) {
+	if (!tgt_test)
+	    warnx("can't find realm of ticket file: %s", 
+		  krb_get_err_text(k_errno));
+	return 1;
+    }
+
+    /* Open ticket file */
+    if ((k_errno = tf_init(file, R_TKT_FIL))) {
+	if (!tgt_test)
+	    warnx("%s", krb_get_err_text(k_errno));
+	return 1;
+    }
+    /* Get principal name and instance */
+    if ((k_errno = tf_get_pname(pr.name)) ||
+	(k_errno = tf_get_pinst(pr.instance))) {
+	if (!tgt_test)
+	    warnx("%s", krb_get_err_text(k_errno));
+	return 1;
+    }
+
+    /* 
+     * You may think that this is the obvious place to get the
+     * realm of the ticket file, but it can't be done here as the
+     * routine to do this must open the ticket file.  This is why 
+     * it was done before tf_init.
+     */
+       
+    if (!tgt_test && long_form) {
+	printf("Principal:\t%s\n", krb_unparse_name(&pr));
+	print_time_diff();
+	printf("\n");
+    }
+    while ((k_errno = tf_get_cred(&c)) == KSUCCESS) {
+	if (!tgt_test && long_form && header) {
+	    printf("%-15s  %-15s  %s%s\n",
+		   "  Issued", "  Expires", "  Principal", 
+		   option_verbose ? " (kvno)" : "");
+	    header = 0;
+	}
+	if (tgt_test) {
+	    c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
+	    if (!strcmp(c.service, KRB_TICKET_GRANTING_TICKET) &&
+		!strcmp(c.instance, pr.realm)) {
+		if (time(0) < c.issue_date)
+		    return 0;		/* tgt hasn't expired */
+		else
+		    return 1;		/* has expired */
+	    }
+	    continue;			/* not a tgt */
+	}
+	if (long_form) {
+	    struct timeval tv;
+	    strlcpy(buf1,
+		    short_date(c.issue_date),
+		    sizeof(buf1));
+	    c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
+	    krb_kdctimeofday(&tv);
+	    if (option_verbose || tv.tv_sec < (unsigned long) c.issue_date)
+	        strlcpy(buf2,
+			short_date(c.issue_date),
+			sizeof(buf2));
+	    else
+	        strlcpy(buf2,
+			">>> Expired <<<",
+			sizeof(buf2));
+	    printf("%s  %s  ", buf1, buf2);
+	}
+	printf("%s", krb_unparse_name_long(c.service, c.instance, c.realm));
+	if(long_form && option_verbose)
+	    printf(" (%d)", c.kvno);
+	printf("\n");
+    }
+    if (tgt_test)
+	return 1;			/* no tgt found */
+    if (header && long_form && k_errno == EOF) {
+	printf("No tickets in file.\n");
+    }
+    tf_close();
+ 
+    if (long_form && krb_get_config_bool("nat_in_use")) {
+	char realm[REALM_SZ];
+	struct in_addr addr;
+ 
+	printf("-----\nNAT addresses\n");
+ 
+	/* Open ticket file (again) */
+	if ((k_errno = tf_init(file, R_TKT_FIL))) {
+	    if (!tgt_test)
+		warnx("%s", krb_get_err_text(k_errno));
+	    return 1;
+	}
+ 
+	/* Get principal name and instance */
+	if ((k_errno = tf_get_pname(pr.name)) ||
+	    (k_errno = tf_get_pinst(pr.instance))) {
+	    if (!tgt_test)
+		warnx("%s", krb_get_err_text(k_errno));
+	    return 1;
+	}
+ 
+	while ((k_errno = tf_get_cred_addr(realm, sizeof(realm),
+					   &addr)) == KSUCCESS) {
+	    printf("%s: %s\n", realm, inet_ntoa(addr));
+	}
+	tf_close();
+    }
+ 
+    return 0;
+}
+
+/* adapted from getst() in librkb */
+/*
+ * ok_getst() takes a file descriptor, a string and a count.  It reads
+ * from the file until either it has read "count" characters, or until
+ * it reads a null byte.  When finished, what has been read exists in
+ * the given string "s".  If "count" characters were actually read, the
+ * last is changed to a null, so the returned string is always null-
+ * terminated.  ok_getst() returns the number of characters read, including
+ * the null terminator.
+ *
+ * If there is a read error, it returns -1 (like the read(2) system call)
+ */
+
+static int
+ok_getst(int fd, char *s, int n)
+{
+    int count = n;
+    int err;
+    while ((err = read(fd, s, 1)) > 0 && --count)
+        if (*s++ == '\0')
+            return (n - count);
+    if (err < 0)
+	return(-1);
+    *s = '\0';
+    return (n - count);
+}
+
+static void
+display_tokens(void)
+{
+    u_int32_t i;
+    unsigned char t[128];
+    struct ViceIoctl parms;
+
+    parms.in = (void *)&i;
+    parms.in_size = sizeof(i);
+    parms.out = (void *)t;
+    parms.out_size = sizeof(t);
+
+    for (i = 0; k_pioctl(NULL, VIOCGETTOK, &parms, 0) == 0; i++) {
+        int32_t size_secret_tok, size_public_tok;
+        const char *cell;
+	struct ClearToken ct;
+	const unsigned char *r = t;
+	struct timeval tv;
+	char buf1[20], buf2[20];
+
+	memcpy(&size_secret_tok, r, sizeof(size_secret_tok));
+	/* dont bother about the secret token */
+	r += size_secret_tok + sizeof(size_secret_tok);
+	memcpy(&size_public_tok, r, sizeof(size_public_tok));
+	r += sizeof(size_public_tok);
+	memcpy(&ct, r, size_public_tok);
+	r += size_public_tok;
+	/* there is a int32_t with length of cellname, but we dont read it */
+	r += sizeof(int32_t);
+	cell = (const char *)r;
+
+	krb_kdctimeofday (&tv);
+	strlcpy (buf1, short_date(ct.BeginTimestamp), sizeof(buf1));
+	if (option_verbose || tv.tv_sec < ct.EndTimestamp)
+	    strlcpy (buf2, short_date(ct.EndTimestamp), sizeof(buf2));
+	else
+	    strlcpy (buf2, ">>> Expired <<<", sizeof(buf2));
+
+	printf("%s  %s  ", buf1, buf2);
+
+	if ((ct.EndTimestamp - ct.BeginTimestamp) & 1)
+	  printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell);
+	else
+	  printf("Tokens for %s", cell);
+	if (option_verbose)
+	    printf(" (%d)", ct.AuthHandle);
+	putchar('\n');
+    }
+}
+
+static void
+display_srvtab(char *file)
+{
+    int stab;
+    char serv[SNAME_SZ];
+    char inst[INST_SZ];
+    char rlm[REALM_SZ];
+    unsigned char key[8];
+    unsigned char vno;
+    int count;
+
+    printf("Server key file:   %s\n", file);
+	
+    if ((stab = open(file, O_RDONLY, 0400)) < 0) {
+	perror(file);
+	exit(1);
+    }
+    printf("%-15s %-15s %-10s %s\n","Service","Instance","Realm",
+	   "Key Version");
+    printf("------------------------------------------------------\n");
+
+    /* argh. getst doesn't return error codes, it silently fails */
+    while (((count = ok_getst(stab, serv, SNAME_SZ)) > 0)
+	   && ((count = ok_getst(stab, inst, INST_SZ)) > 0)
+	   && ((count = ok_getst(stab, rlm, REALM_SZ)) > 0)) {
+	if (((count = read(stab,  &vno,1)) != 1) ||
+	     ((count = read(stab, key,8)) != 8)) {
+	    if (count < 0)
+		err(1, "reading from key file");
+	    else
+		errx(1, "key file truncated");
+	}
+	printf("%-15s %-15s %-15s %d\n",serv,inst,rlm,vno);
+    }
+    if (count < 0)
+	warn(file);
+    close(stab);
+}
+
+static void
+usage(void)
+{
+    fprintf(stderr,
+	    "Usage: %s [ -v | -s | -t ] [ -f filename ] [-tokens] [-srvtab ]\n",
+	    __progname);
+    exit(1);
+}
+
+/* ARGSUSED */
+int
+main(int argc, char **argv)
+{
+    int     long_form = 1;
+    int     tgt_test = 0;
+    int     do_srvtab = 0;
+    int     do_tokens = 0;
+    char   *tkt_file = NULL;
+    int     eval;
+
+    set_progname(argv[0]);
+
+    while (*(++argv)) {
+	if (!strcmp(*argv, "-v")) {
+	    option_verbose = 1;
+	    continue;
+	}
+	if (!strcmp(*argv, "-s")) {
+	    long_form = 0;
+	    continue;
+	}
+	if (!strcmp(*argv, "-t")) {
+	    tgt_test = 1;
+	    long_form = 0;
+	    continue;
+	}
+	if (strcmp(*argv, "-tokens") == 0
+	    || strcmp(*argv, "-T") == 0) {
+	    do_tokens = k_hasafs();
+	    continue;
+	}
+	if (!strcmp(*argv, "-l")) {	/* now default */
+	    continue;
+	}
+	if (!strncmp(*argv, "-f", 2)) {
+	    if (*(++argv)) {
+		tkt_file = *argv;
+		continue;
+	    } else
+		usage();
+	}
+	if (!strcmp(*argv, "-srvtab")) {
+		if (tkt_file == NULL)	/* if no other file spec'ed,
+					   set file to default srvtab */
+		    tkt_file = (char *)KEYFILE;
+		do_srvtab = 1;
+		continue;
+	}
+	usage();
+    }
+
+    eval = 0;
+    if (do_srvtab)
+	display_srvtab(tkt_file);
+    else
+	eval = display_tktfile(tkt_file, tgt_test, long_form);
+    if (long_form && do_tokens){
+	printf("\nAFS tokens:\n");
+	display_tokens();
+    }
+    exit(eval);
+}
diff --git a/crypto/kerberosIV/kuser/kuser_locl.h b/crypto/kerberosIV/kuser/kuser_locl.h
new file mode 100644
index 0000000..970ad6b
--- /dev/null
+++ b/crypto/kerberosIV/kuser/kuser_locl.h
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kuser_locl.h,v 1.11 1999/12/02 16:58:37 joda Exp $ */
+
+#include "config.h"
+#include "protos.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <time.h>
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <roken.h>
+
+#include <err.h>
+
+#include <krb.h>
+#include <krb_db.h>
+#include <kadm.h>
+#include <prot.h>
diff --git a/crypto/kerberosIV/lib/Makefile.in b/crypto/kerberosIV/lib/Makefile.in
new file mode 100644
index 0000000..44a8918
--- /dev/null
+++ b/crypto/kerberosIV/lib/Makefile.in
@@ -0,0 +1,48 @@
+#
+# $Id: Makefile.in,v 1.27 1998/04/05 10:27:59 assar Exp $
+#
+
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+SHELL		= /bin/sh
+
+@SET_MAKE@
+
+SUBDIRS		= roken com_err des krb kdb kadm acl kafs auth editline sl @LIB_SUBDIRS@
+
+all:
+		for i in $(SUBDIRS); \
+		do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+Wall:
+		make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+install:
+		for i in $(SUBDIRS); \
+		do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+uninstall:
+		for i in $(SUBDIRS); \
+		do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+check:		all
+		for i in $(SUBDIRS); \
+		do (cd $$i && $(MAKE) $(MFLAGS) check); done
+
+clean:
+		for i in $(SUBDIRS); \
+		do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+mostlyclean:	clean
+
+distclean:
+		for i in $(SUBDIRS); \
+		do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+		rm -f Makefile config.status *~
+
+realclean:
+		for i in $(SUBDIRS); \
+		do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/acl/Makefile.in b/crypto/kerberosIV/lib/acl/Makefile.in
new file mode 100644
index 0000000..2a78190
--- /dev/null
+++ b/crypto/kerberosIV/lib/acl/Makefile.in
@@ -0,0 +1,86 @@
+#
+# $Id: Makefile.in,v 1.29 1999/03/10 19:01:14 joda Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+LN_S = @LN_S@
+RANLIB = @RANLIB@
+DEFS = @DEFS@ -DROKEN_RENAME
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+PICFLAGS = # @PICFLAGS@
+
+LIBNAME = $(LIBPREFIX)acl
+#LIBEXT = @LIBEXT@ Always build archive library!
+LIBEXT = a
+LIBPREFIX = @LIBPREFIX@
+SHLIBEXT = @SHLIBEXT@
+LDSHARED = @LDSHARED@
+LIB = $(LIBNAME).$(LIBEXT)
+
+SOURCES = acl_files.c
+
+OBJECTS = acl_files.o
+
+all: $(LIB)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) -I. $(CFLAGS) $(PICFLAGS) $(CPPFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB)
+
+uninstall:
+	rm -f $(DESTDIR)$(libdir)/$(LIB)
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f $(LIB) *.o *.a
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~ roken_rename.h
+
+realclean: distclean
+	rm -f TAGS
+
+$(LIBNAME).a: $(OBJECTS)
+	rm -f $@
+	$(AR) cr $@ $(OBJECTS)
+	-$(RANLIB) $@
+
+$(LIBNAME).$(SHLIBEXT): $(OBJECTS)
+	rm -f $@
+	$(LDSHARED) -o $@ $(OBJECTS)
+
+$(OBJECTS): ../../include/config.h roken_rename.h
+
+roken_rename.h:
+	$(LN_S) $(srcdir)/../krb/roken_rename.h .
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/acl/acl.h b/crypto/kerberosIV/lib/acl/acl.h
new file mode 100644
index 0000000..a92bbdd
--- /dev/null
+++ b/crypto/kerberosIV/lib/acl/acl.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: acl.h,v 1.7 1999/12/02 16:58:37 joda Exp $ */
+
+#ifndef __ACL_H
+#define __ACL_H
+
+void acl_canonicalize_principal __P((char *principal, char *canon));
+int acl_initialize __P((char *acl_file, int perm));
+int acl_exact_match __P((char *acl, char *principal));
+int acl_check __P((char *acl, char *principal));
+int acl_add __P((char *acl, char *principal));
+int acl_delete __P((char *acl, char *principal));
+
+#endif /* __ACL_H */
diff --git a/crypto/kerberosIV/lib/acl/acl_files.c b/crypto/kerberosIV/lib/acl/acl_files.c
new file mode 100644
index 0000000..5501075
--- /dev/null
+++ b/crypto/kerberosIV/lib/acl/acl_files.c
@@ -0,0 +1,510 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "config.h"
+#include "protos.h"
+
+RCSID("$Id: acl_files.c,v 1.14 1999/09/16 20:41:43 assar Exp $");
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <time.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#include <errno.h>
+#include <ctype.h>
+
+#include <roken.h>
+
+#include <krb.h>
+#include <acl.h>
+
+/*** Routines for manipulating access control list files ***/
+
+/* "aname.inst@realm" */
+#define MAX_PRINCIPAL_SIZE  (ANAME_SZ + INST_SZ + REALM_SZ + 3)
+#define INST_SEP '.'
+#define REALM_SEP '@'
+
+#define LINESIZE 2048		/* Maximum line length in an acl file */
+
+#define NEW_FILE "%s.~NEWACL~"	/* Format for name of altered acl file */
+#define WAIT_TIME 300		/* Maximum time allowed write acl file */
+
+#define CACHED_ACLS 8		/* How many acls to cache */
+				/* Each acl costs 1 open file descriptor */
+#define ACL_LEN 16		/* Twice a reasonable acl length */
+
+#define COR(a,b) ((a!=NULL)?(a):(b))
+
+/*
+ * Canonicalize a principal name.
+ * If instance is missing, it becomes ""
+ * If realm is missing, it becomes the local realm
+ * Canonicalized form is put in canon, which must be big enough to
+ * hold MAX_PRINCIPAL_SIZE characters
+ *
+ */
+
+void
+acl_canonicalize_principal(char *principal, char *canon)
+{
+    krb_principal princ;
+    int ret;
+    ret = krb_parse_name(principal, &princ);
+    if(ret) { /* ? */
+	*canon = '\0';
+	return;
+    }
+    if(princ.realm[0] == '\0')
+	krb_get_lrealm(princ.realm, 1);
+    krb_unparse_name_r(&princ, canon);
+}
+	    
+/* Get a lock to modify acl_file */
+/* Return new FILE pointer */
+/* or NULL if file cannot be modified */
+/* REQUIRES WRITE PERMISSION TO CONTAINING DIRECTORY */
+static
+FILE *acl_lock_file(char *acl_file)
+{
+    struct stat s;
+    char new[LINESIZE];
+    int nfd;
+    FILE *nf;
+    int mode;
+
+    if(stat(acl_file, &s) < 0) return(NULL);
+    mode = s.st_mode;
+    snprintf(new, sizeof(new), NEW_FILE, acl_file);
+    for(;;) {
+	/* Open the new file */
+	if((nfd = open(new, O_WRONLY|O_CREAT|O_EXCL, mode)) < 0) {
+	    if(errno == EEXIST) {
+		/* Maybe somebody got here already, maybe it's just old */
+		if(stat(new, &s) < 0) return(NULL);
+		if(time(0) - s.st_ctime > WAIT_TIME) {
+		    /* File is stale, kill it */
+		    unlink(new);
+		    continue;
+		} else {
+		    /* Wait and try again */
+		    sleep(1);
+		    continue;
+		}
+	    } else {
+		/* Some other error, we lose */
+		return(NULL);
+	    }
+	}
+
+	/* If we got to here, the lock file is ours and ok */
+	/* Reopen it under stdio */
+	if((nf = fdopen(nfd, "w")) == NULL) {
+	    /* Oops, clean up */
+	    unlink(new);
+	}
+	return(nf);
+    }
+}
+
+/* Abort changes to acl_file written onto FILE *f */
+/* Returns 0 if successful, < 0 otherwise */
+/* Closes f */
+static int
+acl_abort(char *acl_file, FILE *f)
+{
+    char new[LINESIZE];
+    int ret;
+    struct stat s;
+
+    /* make sure we aren't nuking someone else's file */
+    if(fstat(fileno(f), &s) < 0
+       || s.st_nlink == 0) {
+	   fclose(f);
+	   return(-1);
+       } else {
+	   snprintf(new, sizeof(new), NEW_FILE, acl_file);
+	   ret = unlink(new);
+	   fclose(f);
+	   return(ret);
+       }
+}
+
+/* Commit changes to acl_file written onto FILE *f */
+/* Returns zero if successful */
+/* Returns > 0 if lock was broken */
+/* Returns < 0 if some other error occurs */
+/* Closes f */
+static int
+acl_commit(char *acl_file, FILE *f)
+{
+    char new[LINESIZE];
+    int ret;
+    struct stat s;
+
+    snprintf(new, sizeof(new), NEW_FILE, acl_file);
+    if(fflush(f) < 0
+       || fstat(fileno(f), &s) < 0
+       || s.st_nlink == 0) {
+	acl_abort(acl_file, f);
+	return(-1);
+    }
+
+    ret = rename(new, acl_file);
+    fclose(f);
+    return(ret);
+}
+
+/* Initialize an acl_file */
+/* Creates the file with permissions perm if it does not exist */
+/* Erases it if it does */
+/* Returns return value of acl_commit */
+int
+acl_initialize(char *acl_file, int perm)
+{
+    FILE *new;
+    int fd;
+
+    /* Check if the file exists already */
+    if((new = acl_lock_file(acl_file)) != NULL) {
+	return(acl_commit(acl_file, new));
+    } else {
+	/* File must be readable and writable by owner */
+	if((fd = open(acl_file, O_CREAT|O_EXCL, perm|0600)) < 0) {
+	    return(-1);
+	} else {
+	    close(fd);
+	    return(0);
+	}
+    }
+}
+
+/* Eliminate all whitespace character in buf */
+/* Modifies its argument */
+static void
+nuke_whitespace(char *buf)
+{
+    unsigned char *pin, *pout;
+
+    for(pin = pout = (unsigned char *)buf; *pin != '\0'; pin++)
+	if(!isspace(*pin))
+	    *pout++ = *pin;
+    *pout = '\0';		/* Terminate the string */
+}
+
+/* Hash table stuff */
+
+struct hashtbl {
+    int size;			/* Max number of entries */
+    int entries;		/* Actual number of entries */
+    char **tbl;			/* Pointer to start of table */
+};
+
+/* Make an empty hash table of size s */
+static struct hashtbl *
+make_hash(int size)
+{
+    struct hashtbl *h;
+
+    if(size < 1) size = 1;
+    h = (struct hashtbl *) malloc(sizeof(struct hashtbl));
+    if (h == NULL)
+	return NULL;
+    h->size = size;
+    h->entries = 0;
+    h->tbl = (char **) calloc(size, sizeof(char *));
+    if (h->tbl == NULL) {
+	free (h);
+	return NULL;
+    }
+    return(h);
+}
+
+/* Destroy a hash table */
+static void
+destroy_hash(struct hashtbl *h)
+{
+    int i;
+
+    for(i = 0; i < h->size; i++) {
+	if(h->tbl[i] != NULL) free(h->tbl[i]);
+    }
+    free(h->tbl);
+    free(h);
+}
+
+/* Compute hash value for a string */
+static unsigned int
+hashval(char *s)
+{
+    unsigned hv;
+
+    for(hv = 0; *s != '\0'; s++) {
+	hv ^= ((hv << 3) ^ *s);
+    }
+    return(hv);
+}
+
+/* Add an element to a hash table */
+static void
+add_hash(struct hashtbl *h, char *el)
+{
+    unsigned hv;
+    char *s;
+    char **old;
+    int i;
+
+    /* Make space if it isn't there already */
+    if(h->entries + 1 > (h->size >> 1)) {
+	old = h->tbl;
+	h->tbl = (char **) calloc(h->size << 1, sizeof(char *));
+	for(i = 0; i < h->size; i++) {
+	    if(old[i] != NULL) {
+		hv = hashval(old[i]) % (h->size << 1);
+		while(h->tbl[hv] != NULL) hv = (hv+1) % (h->size << 1);
+		h->tbl[hv] = old[i];
+	    }
+	}
+	h->size = h->size << 1;
+	free(old);
+    }
+
+    hv = hashval(el) % h->size;
+    while(h->tbl[hv] != NULL && strcmp(h->tbl[hv], el)) hv = (hv+1) % h->size;
+    s = strdup(el);
+    if (s != NULL) {
+	h->tbl[hv] = s;
+	h->entries++;
+    }
+}
+
+/* Returns nonzero if el is in h */
+static int
+check_hash(struct hashtbl *h, char *el)
+{
+    unsigned hv;
+
+    for(hv = hashval(el) % h->size;
+	h->tbl[hv] != NULL;
+	hv = (hv + 1) % h->size) {
+	    if(!strcmp(h->tbl[hv], el)) return(1);
+	}
+    return(0);
+}
+
+struct acl {
+    char filename[LINESIZE];	/* Name of acl file */
+    int fd;			/* File descriptor for acl file */
+    struct stat status;		/* File status at last read */
+    struct hashtbl *acl;	/* Acl entries */
+};
+
+static struct acl acl_cache[CACHED_ACLS];
+
+static int acl_cache_count = 0;
+static int acl_cache_next = 0;
+
+/* Returns < 0 if unsuccessful in loading acl */
+/* Returns index into acl_cache otherwise */
+/* Note that if acl is already loaded, this is just a lookup */
+static int
+acl_load(char *name)
+{
+    int i;
+    FILE *f;
+    struct stat s;
+    char buf[MAX_PRINCIPAL_SIZE];
+    char canon[MAX_PRINCIPAL_SIZE];
+
+    /* See if it's there already */
+    for(i = 0; i < acl_cache_count; i++) {
+	if(!strcmp(acl_cache[i].filename, name)
+	   && acl_cache[i].fd >= 0) goto got_it;
+    }
+
+    /* It isn't, load it in */
+    /* maybe there's still room */
+    if(acl_cache_count < CACHED_ACLS) {
+	i = acl_cache_count++;
+    } else {
+	/* No room, clean one out */
+	i = acl_cache_next;
+	acl_cache_next = (acl_cache_next + 1) % CACHED_ACLS;
+	close(acl_cache[i].fd);
+	if(acl_cache[i].acl) {
+	    destroy_hash(acl_cache[i].acl);
+	    acl_cache[i].acl = (struct hashtbl *) 0;
+	}
+    }
+
+    /* Set up the acl */
+    strlcpy(acl_cache[i].filename, name, LINESIZE);
+    if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1);
+    /* Force reload */
+    acl_cache[i].acl = (struct hashtbl *) 0;
+
+ got_it:
+    /*
+     * See if the stat matches
+     *
+     * Use stat(), not fstat(), as the file may have been re-created by
+     * acl_add or acl_delete.  If this happens, the old inode will have
+     * no changes in the mod-time and the following test will fail.
+     */
+    if(stat(acl_cache[i].filename, &s) < 0) return(-1);
+    if(acl_cache[i].acl == (struct hashtbl *) 0
+       || s.st_nlink != acl_cache[i].status.st_nlink
+       || s.st_mtime != acl_cache[i].status.st_mtime
+       || s.st_ctime != acl_cache[i].status.st_ctime) {
+	   /* Gotta reload */
+	   if(acl_cache[i].fd >= 0) close(acl_cache[i].fd);
+	   if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1);
+	   if((f = fdopen(acl_cache[i].fd, "r")) == NULL) return(-1);
+	   if(acl_cache[i].acl) destroy_hash(acl_cache[i].acl);
+	   acl_cache[i].acl = make_hash(ACL_LEN);
+	   while(fgets(buf, sizeof(buf), f) != NULL) {
+	       nuke_whitespace(buf);
+	       acl_canonicalize_principal(buf, canon);
+	       add_hash(acl_cache[i].acl, canon);
+	   }
+	   fclose(f);
+	   acl_cache[i].status = s;
+       }
+    return(i);
+}
+
+/* Returns nonzero if it can be determined that acl contains principal */
+/* Principal is not canonicalized, and no wildcarding is done */
+int
+acl_exact_match(char *acl, char *principal)
+{
+    int idx;
+
+    return((idx = acl_load(acl)) >= 0
+	   && check_hash(acl_cache[idx].acl, principal));
+}
+
+/* Returns nonzero if it can be determined that acl contains principal */
+/* Recognizes wildcards in acl of the form
+   name.*@realm, *.*@realm, and *.*@* */
+int
+acl_check(char *acl, char *principal)
+{
+    char buf[MAX_PRINCIPAL_SIZE];
+    char canon[MAX_PRINCIPAL_SIZE];
+    char *realm;
+
+    acl_canonicalize_principal(principal, canon);
+
+    /* Is it there? */
+    if(acl_exact_match(acl, canon)) return(1);
+
+    /* Try the wildcards */
+    realm = strchr(canon, REALM_SEP);
+    *strchr(canon, INST_SEP) = '\0';	/* Chuck the instance */
+
+    snprintf(buf, sizeof(buf), "%s.*%s", canon, realm);
+    if(acl_exact_match(acl, buf)) return(1);
+
+    snprintf(buf, sizeof(buf), "*.*%s", realm);
+    if(acl_exact_match(acl, buf) || acl_exact_match(acl, "*.*@*")) return(1);
+       
+    return(0);
+}
+
+/* Adds principal to acl */
+/* Wildcards are interpreted literally */
+int
+acl_add(char *acl, char *principal)
+{
+    int idx;
+    int i;
+    FILE *new;
+    char canon[MAX_PRINCIPAL_SIZE];
+
+    acl_canonicalize_principal(principal, canon);
+
+    if((new = acl_lock_file(acl)) == NULL) return(-1);
+    if((acl_exact_match(acl, canon))
+       || (idx = acl_load(acl)) < 0) {
+	   acl_abort(acl, new);
+	   return(-1);
+       }
+    /* It isn't there yet, copy the file and put it in */
+    for(i = 0; i < acl_cache[idx].acl->size; i++) {
+	if(acl_cache[idx].acl->tbl[i] != NULL) {
+	    if(fputs(acl_cache[idx].acl->tbl[i], new) == EOF
+	       || putc('\n', new) != '\n') {
+		   acl_abort(acl, new);
+		   return(-1);
+	       }
+	}
+    }
+    fputs(canon, new);
+    putc('\n', new);
+    return(acl_commit(acl, new));
+}
+
+/* Removes principal from acl */
+/* Wildcards are interpreted literally */
+int
+acl_delete(char *acl, char *principal)
+{
+    int idx;
+    int i;
+    FILE *new;
+    char canon[MAX_PRINCIPAL_SIZE];
+
+    acl_canonicalize_principal(principal, canon);
+
+    if((new = acl_lock_file(acl)) == NULL) return(-1);
+    if((!acl_exact_match(acl, canon))
+       || (idx = acl_load(acl)) < 0) {
+	   acl_abort(acl, new);
+	   return(-1);
+       }
+    /* It isn't there yet, copy the file and put it in */
+    for(i = 0; i < acl_cache[idx].acl->size; i++) {
+	if(acl_cache[idx].acl->tbl[i] != NULL
+	   && strcmp(acl_cache[idx].acl->tbl[i], canon)) {
+	       fputs(acl_cache[idx].acl->tbl[i], new);
+	       putc('\n', new);
+	}
+    }
+    return(acl_commit(acl, new));
+}
diff --git a/crypto/kerberosIV/lib/acl/acl_files.doc b/crypto/kerberosIV/lib/acl/acl_files.doc
new file mode 100644
index 0000000..78c448a
--- /dev/null
+++ b/crypto/kerberosIV/lib/acl/acl_files.doc
@@ -0,0 +1,107 @@
+PROTOTYPE ACL LIBRARY
+
+Introduction
+	
+An access control list (ACL) is a list of principals, where each
+principal is is represented by a text string which cannot contain
+whitespace.  The library allows application programs to refer to named
+access control lists to test membership and to atomically add and
+delete principals using a natural and intuitive interface.  At
+present, the names of access control lists are required to be Unix
+filenames, and refer to human-readable Unix files; in the future, when
+a networked ACL server is implemented, the names may refer to a
+different namespace specific to the ACL service.
+
+
+Usage
+
+cc <files> -lacl -lkrb.
+
+
+
+Principal Names
+
+Principal names have the form
+
+<name>[.<instance>][@<realm>]
+
+e.g.
+
+asp
+asp.root
+asp@ATHENA.MIT.EDU
+asp.@ATHENA.MIT.EDU
+asp.root@ATHENA.MIT.EDU
+
+It is possible for principals to be underspecified.  If instance is
+missing, it is assumed to be "".  If realm is missing, it is assumed
+to be local_realm.  The canonical form contains all of name, instance,
+and realm; the acl_add and acl_delete routines will always
+leave the file in that form.  Note that the canonical form of
+asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU.
+
+
+Routines
+
+acl_canonicalize_principal(principal, buf)
+char *principal;
+char *buf;  	/*RETVAL*/
+
+Store the canonical form of principal in buf.  Buf must contain enough
+space to store a principal, given the limits on the sizes of name,
+instance, and realm specified in /usr/include/krb.h.
+
+acl_check(acl, principal)
+char *acl;
+char *principal;
+
+Returns nonzero if principal appears in acl.  Returns 0 if principal
+does not appear in acl, or if an error occurs.  Canonicalizes
+principal before checking, and allows the ACL to contain wildcards.
+
+acl_exact_match(acl, principal)
+char *acl;
+char *principal;
+
+Like acl_check, but does no canonicalization or wildcarding.
+
+acl_add(acl, principal)
+char *acl;
+char *principal;
+
+Atomically adds principal to acl.  Returns 0 if successful, nonzero
+otherwise.  It is considered a failure if principal is already in acl.
+This routine will canonicalize principal, but will treat wildcards
+literally.
+
+acl_delete(acl, principal)
+char *acl;
+char *principal;
+
+Atomically deletes principal from acl.  Returns 0 if successful,
+nonzero otherwise.  It is consider a failure if principal is not
+already in acl.  This routine will canonicalize principal, but will
+treat wildcards literally.
+
+acl_initialize(acl, mode)
+char *acl;
+int mode;
+
+Initialize acl.  If acl file does not exist, creates it with mode
+mode.  If acl exists, removes all members.  Returns 0 if successful,
+nonzero otherwise.  WARNING: Mode argument is likely to change with
+the eventual introduction of an ACL service.  
+
+
+Known problems
+
+In the presence of concurrency, there is a very small chance that
+acl_add or acl_delete could report success even though it would have
+had no effect.  This is a necessary side effect of using lock files
+for concurrency control rather than flock(2), which is not supported
+by NFS.
+
+The current implementation caches ACLs in memory in a hash-table
+format for increased efficiency in checking membership; one effect of
+the caching scheme is that one file descriptor will be kept open for
+each ACL cached, up to a maximum of 8.
diff --git a/crypto/kerberosIV/lib/auth/ChangeLog b/crypto/kerberosIV/lib/auth/ChangeLog
new file mode 100644
index 0000000..f9c948c
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/ChangeLog
@@ -0,0 +1,65 @@
+1999-11-15  Assar Westerlund  <assar@sics.se>
+
+	* */lib/Makefile.in: set LIBNAME.  From Enrico Scholz
+ 	<Enrico.Scholz@informatik.tu-chemnitz.de>
+
+1999-10-17  Assar Westerlund  <assar@sics.se>
+
+	* afskauthlib/verify.c (verify_krb5): need realm for v5 -> v4
+
+1999-10-03  Assar Westerlund  <assar@sics.se>
+
+	* afskauthlib/verify.c (verify_krb5): update to new
+ 	krb524_convert_creds_kdc
+
+1999-09-28  Assar Westerlund  <assar@sics.se>
+
+	* sia/sia.c (doauth): use krb5_get_local_realms and
+ 	krb5_verify_user_lrealm
+
+	* afskauthlib/verify.c (verify_krb5): remove krb5_kuserok.  use
+ 	krb5_verify_user_lrealm
+
+1999-08-11  Johan Danielsson  <joda@pdc.kth.se>
+
+	* afskauthlib/verify.c: make this compile w/o krb4
+
+1999-08-04  Assar Westerlund  <assar@sics.se>
+
+	* afskauthlib/verify.c: incorporate patches from Miroslav Ruda
+ 	<ruda@ics.muni.cz>
+
+Thu Apr  8 14:35:34 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* sia/sia.c: remove definition of KRB_VERIFY_USER (moved to
+ 	config.h)
+
+	* sia/Makefile.am: make it build w/o krb4
+
+	* afskauthlib/verify.c: add krb5 support
+
+	* afskauthlib/Makefile.am: build afskauthlib.so
+
+Wed Apr  7 14:06:22 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* sia/sia.c: make it compile w/o krb4
+
+	* sia/Makefile.am: make it compile w/o krb4
+
+Thu Apr  1 18:09:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* sia/sia_locl.h: POSIX_GETPWNAM_R is defined in config.h
+
+Sun Mar 21 14:08:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* sia/Makefile.in: add posix_getpw.c
+	  
+	* sia/Makefile.am: makefile for sia
+	  
+	* sia/posix_getpw.c: move from sia.c
+	  
+	* sia/sia_locl.h: merge with krb5 version
+	  
+	* sia/sia.c: merge with krb5 version
+	  
+	* sia/sia5.c: remove unused variables
diff --git a/crypto/kerberosIV/lib/auth/Makefile.am b/crypto/kerberosIV/lib/auth/Makefile.am
new file mode 100644
index 0000000..0310dc3
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/Makefile.am
@@ -0,0 +1,6 @@
+# $Id: Makefile.am,v 1.2 1999/03/21 17:11:08 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+SUBDIRS = @LIB_AUTH_SUBDIRS@
+DIST_SUBDIRS = afskauthlib pam sia
diff --git a/crypto/kerberosIV/lib/auth/Makefile.in b/crypto/kerberosIV/lib/auth/Makefile.in
new file mode 100644
index 0000000..53fde5f
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/Makefile.in
@@ -0,0 +1,55 @@
+#
+# $Id: Makefile.in,v 1.12 1998/03/15 05:58:10 assar Exp $
+#
+
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+SHELL		= /bin/sh
+
+@SET_MAKE@
+
+SUBDIRS		= @LIB_AUTH_SUBDIRS@
+
+all:
+		SUBDIRS='$(SUBDIRS)'; \
+		for i in $$SUBDIRS; \
+		do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+Wall:
+		make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+install:
+		SUBDIRS=$(SUBDIRS); \
+		for i in $$SUBDIRS; \
+		do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+uninstall:
+		SUBDIRS=$(SUBDIRS); \
+		for i in $$SUBDIRS; \
+		do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+check:
+		SUBDIRS=$(SUBDIRS); \
+		for i in $$SUBDIRS; \
+		do (cd $$i && $(MAKE) $(MFLAGS) check); done
+
+clean:
+		SUBDIRS=$(SUBDIRS); \
+		for i in $$SUBDIRS; \
+		do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+mostlyclean:	clean
+
+distclean:
+		SUBDIRS=$(SUBDIRS); \
+		for i in $$SUBDIRS; \
+		do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+		rm -f Makefile *~
+
+realclean:
+		SUBDIRS=$(SUBDIRS); \
+		for i in $$SUBDIRS; \
+		do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/auth/afskauthlib/Makefile.am b/crypto/kerberosIV/lib/auth/afskauthlib/Makefile.am
new file mode 100644
index 0000000..7dd6d52
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/afskauthlib/Makefile.am
@@ -0,0 +1,38 @@
+# $Id: Makefile.am,v 1.3 1999/04/08 12:35:33 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4)
+
+DEFS = @DEFS@
+
+foodir = $(libdir)
+foo_DATA = afskauthlib.so
+
+SUFFIXES += .c .o
+
+SRCS = verify.c
+OBJS = verify.o
+
+CLEANFILES = $(foo_DATA) $(OBJS) so_locations
+
+afskauthlib.so: $(OBJS)
+	$(LD) -shared -o $@ $(LDFLAGS) $(OBJS) $(L)
+
+.c.o:
+	$(COMPILE) -c $<
+
+if KRB4
+KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a
+endif
+
+L = \
+	$(KAFS)	\
+	$(top_builddir)/lib/krb5/.libs/libkrb5.a	\
+	$(top_builddir)/lib/asn1/.libs/libasn1.a	\
+	$(LIB_krb4)					\
+	$(top_builddir)/lib/des/.libs/libdes.a		\
+	$(top_builddir)/lib/roken/.libs/libroken.a	\
+	-lc
+
+$(OBJS): $(top_builddir)/include/config.h
diff --git a/crypto/kerberosIV/lib/auth/afskauthlib/Makefile.in b/crypto/kerberosIV/lib/auth/afskauthlib/Makefile.in
new file mode 100644
index 0000000..2eb2576
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/afskauthlib/Makefile.in
@@ -0,0 +1,87 @@
+#
+# $Id: Makefile.in,v 1.25 1999/11/15 10:20:46 assar Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+LN_S = @LN_S@
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+@lib_deps_yes@LIB_DEPS = -L../../kafs -lkafs			\
+@lib_deps_yes@	   -L../../krb -lkrb			\
+@lib_deps_yes@	   -L../../des -ldes			\
+@lib_deps_yes@	   -L../../roken -lroken		\
+@lib_deps_yes@	   -lc
+@lib_deps_no@LIB_DEPS =
+
+PICFLAGS = @REAL_PICFLAGS@
+LDSHARED = @LDSHARED@
+SHLIBEXT = @REAL_SHLIBEXT@
+LD_FLAGS = @REAL_LD_FLAGS@
+ 
+LIBNAME = afskauthlib
+LIB = $(LIBNAME).$(SHLIBEXT)
+
+SOURCES = verify.c
+
+OBJECTS = verify.o
+
+all: $(LIB)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	-if test "$(LIB)" != ""; then \
+	 $(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
+	fi
+
+uninstall:
+	-if test "$(LIB)" != ""; then \
+	 rm -f $(DESTDIR)$(libdir)/$(LIB) ; \
+	fi
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f $(LIB) *.o
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+$(OBJECTS): ../../../include/config.h
+
+$(LIB): $(OBJECTS)
+	rm -f $@
+	$(LDSHARED) $(CFLAGS) -o $@ $(OBJECTS) $(LD_FLAGS) $(LIB_DEPS)
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/auth/afskauthlib/README b/crypto/kerberosIV/lib/auth/afskauthlib/README
new file mode 100644
index 0000000..6052a26
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/afskauthlib/README
@@ -0,0 +1,25 @@
+
+IRIX
+----
+
+The IRIX support is a module that is compatible with Transarc's
+`afskauthlib.so'.  It should work with all programs that use this
+library, this should include `login' and `xdm'.
+
+The interface is not very documented but it seems that you have to copy
+`libkafs.so', `libkrb.so', and `libdes.so' to `/usr/lib', or build your
+`afskauthlib.so' statically.
+
+The `afskauthlib.so' itself is able to reside in `/usr/vice/etc',
+`/usr/afsws/lib', or the current directory (wherever that is).
+
+IRIX 6.4 and newer seems to have all programs (including `xdm' and
+`login') in the N32 object format, whereas in older versions they were
+O32. For it to work, the `afskauthlib.so' library has to be in the same
+object format as the program that tries to load it. This might require
+that you have to configure and build for O32 in addition to the default
+N32.
+
+Appart from this it should "just work", there are no configuration
+files.
+
diff --git a/crypto/kerberosIV/lib/auth/afskauthlib/verify.c b/crypto/kerberosIV/lib/auth/afskauthlib/verify.c
new file mode 100644
index 0000000..1c23119
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/afskauthlib/verify.c
@@ -0,0 +1,288 @@
+/*
+ * Copyright (c) 1995-1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: verify.c,v 1.20 1999/12/02 16:58:37 joda Exp $");
+#endif
+#include <unistd.h>
+#include <sys/types.h>
+#include <pwd.h>
+#ifdef KRB5
+#include <krb5.h>
+#endif
+#ifdef KRB4
+#include <krb.h>
+#include <kafs.h>
+#endif
+#include <roken.h>
+
+#ifdef KRB5
+static char krb5ccname[128];
+#endif
+#ifdef KRB4
+static char krbtkfile[128];
+#endif
+
+/* 
+   In some cases is afs_gettktstring called twice (once before
+   afs_verify and once after afs_verify).
+   In some cases (rlogin with access allowed via .rhosts) 
+   afs_verify is not called!
+   So we can't rely on correct value in krbtkfile in some
+   cases!
+*/
+
+static int correct_tkfilename=0;
+static int pag_set=0;
+
+#ifdef KRB4
+static void
+set_krbtkfile(uid_t uid)
+{
+    snprintf (krbtkfile, sizeof(krbtkfile), "%s%d", TKT_ROOT, (unsigned)uid);
+    krb_set_tkt_string (krbtkfile);
+    correct_tkfilename = 1;
+}
+#endif
+
+/* XXX this has to be the default cache name, since the KRB5CCNAME
+ * environment variable isn't exported by login/xdm
+ */
+
+#ifdef KRB5
+static void
+set_krb5ccname(uid_t uid)
+{
+    snprintf (krb5ccname, sizeof(krb5ccname), "FILE:/tmp/krb5cc_%d", uid);
+#ifdef KRB4
+    snprintf (krbtkfile, sizeof(krbtkfile), "%s%d", TKT_ROOT, (unsigned)uid);
+#endif
+    correct_tkfilename = 1;
+}
+#endif
+
+static void
+set_spec_krbtkfile(void)
+{
+    int fd;
+#ifdef KRB4
+    snprintf (krbtkfile, sizeof(krbtkfile), "%s_XXXXXX", TKT_ROOT);
+    fd = mkstemp(krbtkfile);
+    close(fd);
+    unlink(krbtkfile); 
+    krb_set_tkt_string (krbtkfile);
+#endif
+#ifdef KRB5
+    snprintf(krb5ccname, sizeof(krb5ccname),"FILE:/tmp/krb5cc_XXXXXX");
+    fd=mkstemp(krb5ccname+5);
+    close(fd);
+    unlink(krb5ccname+5);
+#endif
+}
+
+#ifdef KRB5
+static int
+verify_krb5(struct passwd *pwd,
+	    char *password,
+	    int32_t *exp,
+	    int quiet)
+{
+    krb5_context context;
+    krb5_error_code ret;
+    krb5_ccache ccache;
+    krb5_principal principal;
+    
+    krb5_init_context(&context);
+
+    ret = krb5_parse_name (context, pwd->pw_name, &principal);
+    if (ret) {
+	syslog(LOG_AUTH|LOG_DEBUG, "krb5_parse_name: %s", 
+	       krb5_get_err_text(context, ret));
+	goto out;
+    }
+
+    set_krb5ccname(pwd->pw_uid);
+    ret = krb5_cc_resolve(context, krb5ccname, &ccache);
+    if(ret) {
+	syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_resolve: %s", 
+	       krb5_get_err_text(context, ret));
+	goto out;
+    }
+
+    ret = krb5_verify_user_lrealm(context,
+				  principal,
+				  ccache,
+				  password,
+				  TRUE,
+				  NULL);
+    if(ret) {
+	syslog(LOG_AUTH|LOG_DEBUG, "krb5_verify_user: %s", 
+	       krb5_get_err_text(context, ret));
+	goto out;
+    }
+
+    if(chown(krb5_cc_get_name(context, ccache), pwd->pw_uid, pwd->pw_gid)) {
+	syslog(LOG_AUTH|LOG_DEBUG, "chown: %s", 
+	       krb5_get_err_text(context, errno));
+	goto out;
+    }
+
+#ifdef KRB4
+    if (krb5_config_get_bool(context, NULL,
+			     "libdefaults",
+			     "krb4_get_tickets",
+			     NULL)) {
+	CREDENTIALS c;
+	krb5_creds mcred, cred;
+        krb5_realm realm;
+
+        krb5_get_default_realm(context, &realm);
+	krb5_make_principal(context, &mcred.server, realm,
+			    "krbtgt",
+			    realm,
+			    NULL);
+	free (realm);
+	ret = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred);
+	if(ret == 0) {
+	    ret = krb524_convert_creds_kdc(context, ccache, &cred, &c);
+	    if(ret)
+		krb5_warn(context, ret, "converting creds");
+	    else {
+		set_krbtkfile(pwd->pw_uid);
+		tf_setup(&c, c.pname, c.pinst); 
+	    }
+	    memset(&c, 0, sizeof(c));
+	    krb5_free_creds_contents(context, &cred);
+	} else
+	    syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_retrieve_cred: %s", 
+		   krb5_get_err_text(context, ret));
+	    
+	krb5_free_principal(context, mcred.server);
+    }
+    if (!pag_set && k_hasafs()) {
+	k_setpag();
+	pag_set = 1;
+	krb5_afslog_uid_home(context, ccache, NULL, NULL, 
+			     pwd->pw_uid, pwd->pw_dir);
+    }
+#endif
+out:
+    if(ret && !quiet)
+	printf ("%s\n", krb5_get_err_text (context, ret));
+    return ret;
+}
+#endif
+
+#ifdef KRB4
+static int
+verify_krb4(struct passwd *pwd,
+	    char *password,
+	    int32_t *exp,
+	    int quiet)
+{
+    int ret = 1;
+    char lrealm[REALM_SZ];
+    
+    if (krb_get_lrealm (lrealm, 1) != KFAILURE) {
+	set_krbtkfile(pwd->pw_uid);
+	ret = krb_verify_user (pwd->pw_name, "", lrealm, password,
+			       KRB_VERIFY_SECURE, NULL);
+	if (ret == KSUCCESS) {
+	    if (!pag_set && k_hasafs()) {
+		k_setpag ();
+		pag_set = 1;
+		krb_afslog_uid_home (0, 0, pwd->pw_uid, pwd->pw_dir);
+	    }
+	} else if (!quiet)
+	    printf ("%s\n", krb_get_err_text (ret));
+    }
+    return ret;
+}
+#endif
+
+int
+afs_verify(char *name,
+	   char *password,
+	   int32_t *exp,
+	   int quiet)
+{
+    int ret = 1;
+    struct passwd *pwd = k_getpwnam (name);
+
+    if(pwd == NULL)
+	return 1;
+    if (ret)
+	ret = unix_verify_user (name, password);
+#ifdef KRB5
+    if (ret)
+	ret = verify_krb5(pwd, password, exp, quiet);
+#endif
+#ifdef KRB4
+    if(ret)
+	ret = verify_krb4(pwd, password, exp, quiet);
+#endif
+    return ret;
+}
+
+char *
+afs_gettktstring (void)
+{
+    char *ptr;
+    struct passwd *pwd;
+
+    if (!correct_tkfilename) {
+	ptr = getenv("LOGNAME"); 
+	if (ptr != NULL && ((pwd = getpwnam(ptr)) != NULL)) {
+	    set_krb5ccname(pwd->pw_uid);
+#ifdef KRB4
+	    set_krbtkfile(pwd->pw_uid);
+	    if (!pag_set && k_hasafs()) {
+                k_setpag();
+                pag_set=1;
+	    }
+#endif
+	} else {
+	    set_spec_krbtkfile();
+	}
+    }
+#ifdef KRB5
+    setenv("KRB5CCNAME",krb5ccname,1);
+#endif
+#ifdef KRB4
+    setenv("KRBTKFILE",krbtkfile,1);
+    return krbtkfile;
+#else
+    return "";
+#endif
+}
diff --git a/crypto/kerberosIV/lib/auth/pam/Makefile.am b/crypto/kerberosIV/lib/auth/pam/Makefile.am
new file mode 100644
index 0000000..abde2d9
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/pam/Makefile.am
@@ -0,0 +1,3 @@
+# $Id: Makefile.am,v 1.2 1999/04/01 14:57:04 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
diff --git a/crypto/kerberosIV/lib/auth/pam/Makefile.in b/crypto/kerberosIV/lib/auth/pam/Makefile.in
new file mode 100644
index 0000000..b012fcd
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/pam/Makefile.in
@@ -0,0 +1,88 @@
+#
+# $Id: Makefile.in,v 1.25 1999/11/15 10:20:48 assar Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+PICFLAGS = @REAL_PICFLAGS@
+LDSHARED = @LDSHARED@
+SHLIBEXT = @REAL_SHLIBEXT@
+LD_FLAGS = @REAL_LD_FLAGS@
+
+LIB_res_search = @LIB_res_search@
+LIB_dn_expand = @LIB_dn_expand@
+ 
+@lib_deps_yes@LIB_DEPS = -L../../kafs -L../../krb -L../../des \
+@lib_deps_yes@	   -lkafs -lkrb -ldes \
+@lib_deps_yes@     $(LIB_res_search) $(LIB_dn_expand) -lpam -lc
+@lib_deps_no@LIB_DEPS =
+
+LIBNAME = pam_krb4
+LIB = $(LIBNAME).$(SHLIBEXT)
+
+SOURCES = pam.c
+
+OBJECTS = pam.o
+
+all: $(LIB)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	-if test "$(LIB)" != ""; then \
+	  $(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
+	fi
+
+uninstall:
+	-if test "$(LIB)" != ""; then \
+	  rm -f $(DESTDIR)$(libdir)/$(LIB) ; \
+	fi
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f $(LIB) *.o
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+$(OBJECTS): ../../../include/config.h
+
+$(LIB): $(OBJECTS)
+	rm -f $@
+	$(LDSHARED) -o $@ $(OBJECTS) $(LD_FLAGS) $(LIB_DEPS)
+#	$(LINK) -shared -Wl,-x -o $(LIB) $(OBJECTS)  ../../kafs/libkafs.a ../../krb/libkrb.a ../../des/libdes.a
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/auth/pam/README b/crypto/kerberosIV/lib/auth/pam/README
new file mode 100644
index 0000000..2c45a53
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/pam/README
@@ -0,0 +1,25 @@
+
+PAM
+---
+
+The PAM module was written more out of curiosity that anything else. It
+has not been updated for quite a while, but it seems to mostly work on
+both Linux and Solaris.
+
+To use this module you should:
+
+   * Make sure `pam_krb4.so' is available in `/usr/athena/lib'. You
+     might actually want it on local disk, so `/lib/security' might be a
+     better place if `/usr/athena' is not local.
+
+   * Look at `pam.conf.add' for examples of what to add to
+     `/etc/pam.conf'.
+
+There is currently no support for changing kerberos passwords. Use
+kpasswd instead.
+
+See also Derrick J Brashear's `<shadow@dementia.org>' Kerberos PAM
+module at
+<ftp://ftp.dementia.org/pub/pam>. It has a lot more features, and it is
+also more in line with other PAM modules.
+
diff --git a/crypto/kerberosIV/lib/auth/pam/pam.c b/crypto/kerberosIV/lib/auth/pam/pam.c
new file mode 100644
index 0000000..d919bf8
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/pam/pam.c
@@ -0,0 +1,243 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* This code is extremely ugly, and would probably be better off
+   beeing completely rewritten */
+
+
+#ifdef HAVE_CONFIG_H
+#include<config.h>
+RCSID("$Id: pam.c,v 1.22 1999/12/02 16:58:37 joda Exp $");
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <pwd.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+#define PAM_SM_AUTH
+#define PAM_SM_SESSION
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+
+#include <netinet/in.h>
+#include <krb.h>
+#include <kafs.h>
+
+static int
+cleanup(pam_handle_t *pamh, void *data, int error_code)
+{
+    if(error_code != PAM_SUCCESS)
+	dest_tkt();
+    free(data);
+    return PAM_SUCCESS;
+}
+
+static int
+doit(pam_handle_t *pamh, char *name, char *inst, char *pwd, char *tkt)
+{
+    char realm[REALM_SZ];
+    int ret;
+
+    pam_set_data(pamh, "KRBTKFILE", strdup(tkt), cleanup);
+    krb_set_tkt_string(tkt);
+	
+    krb_get_lrealm(realm, 1);
+    ret = krb_verify_user(name, inst, realm, pwd, KRB_VERIFY_SECURE, NULL);
+    memset(pwd, 0, strlen(pwd));
+    switch(ret){
+    case KSUCCESS:
+	return PAM_SUCCESS;
+    case KDC_PR_UNKNOWN:
+	return PAM_USER_UNKNOWN;
+    case SKDC_CANT:
+    case SKDC_RETRY:
+    case RD_AP_TIME:
+	return PAM_AUTHINFO_UNAVAIL;
+    default:
+	return PAM_AUTH_ERR;
+    }
+}
+
+static int
+auth_login(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
+{
+    int ret;
+    struct pam_message msg, *pmsg;
+    struct pam_response *resp;
+    char prompt[128];
+
+    pmsg = &msg;
+    msg.msg_style = PAM_PROMPT_ECHO_OFF;
+    snprintf(prompt, sizeof(prompt), "%s's Password: ", user);
+    msg.msg = prompt;
+
+    ret = conv->conv(1, (const struct pam_message**)&pmsg, 
+		     &resp, conv->appdata_ptr);
+    if(ret != PAM_SUCCESS)
+	return ret;
+    
+    {
+	char tkt[1024];
+	struct passwd *pw = getpwnam(user);
+
+	if(pw){
+	    snprintf(tkt, sizeof(tkt),
+		     "%s%u", TKT_ROOT, (unsigned)pw->pw_uid);
+	    ret = doit(pamh, user, "", resp->resp, tkt);
+	    if(ret == PAM_SUCCESS)
+		chown(tkt, pw->pw_uid, pw->pw_gid);
+	}else
+	    ret = PAM_USER_UNKNOWN;
+	memset(resp->resp, 0, strlen(resp->resp));
+	free(resp->resp);
+	free(resp);
+    }
+    return ret;
+}
+
+static int
+auth_su(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
+{
+    int ret;
+    struct passwd *pw;
+    struct pam_message msg, *pmsg;
+    struct pam_response *resp;
+    char prompt[128];
+    krb_principal pr;
+    
+    pr.realm[0] = 0;
+    ret = pam_get_user(pamh, &user, "login: ");
+    if(ret != PAM_SUCCESS)
+	return ret;
+    
+    pw = getpwuid(getuid());
+    if(strcmp(user, "root") == 0){
+	strlcpy(pr.name, pw->pw_name, sizeof(pr.name));
+	strlcpy(pr.instance, "root", sizeof(pr.instance));
+    }else{
+	strlcpy(pr.name, user, sizeof(pr.name));
+	pr.instance[0] = 0;
+    }
+    pmsg = &msg;
+    msg.msg_style = PAM_PROMPT_ECHO_OFF;
+    snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&pr));
+    msg.msg = prompt;
+
+    ret = conv->conv(1, (const struct pam_message**)&pmsg, 
+		     &resp, conv->appdata_ptr);
+    if(ret != PAM_SUCCESS)
+	return ret;
+    
+    {
+	char tkt[1024];
+
+	snprintf(tkt, sizeof(tkt),"%s_%s_to_%s",
+		 TKT_ROOT, pw->pw_name, user);
+	ret = doit(pamh, pr.name, pr.instance, resp->resp, tkt);
+	if(ret == PAM_SUCCESS)
+	    chown(tkt, pw->pw_uid, pw->pw_gid);
+	memset(resp->resp, 0, strlen(resp->resp));
+	free(resp->resp);
+	free(resp);
+    }
+    return ret;
+}
+
+int
+pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+    char *user;
+    int ret;
+    struct pam_conv *conv;
+    ret = pam_get_user(pamh, &user, "login: ");
+    if(ret != PAM_SUCCESS)
+	return ret;
+
+    ret = pam_get_item(pamh, PAM_CONV, (void*)&conv);
+    if(ret != PAM_SUCCESS)
+	return ret;
+
+    
+    if(getuid() != geteuid())
+	return auth_su(pamh, flags, user, conv);
+    else
+	return auth_login(pamh, flags, user, conv);
+}
+
+int 
+pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+    return PAM_SUCCESS;
+}
+
+
+int
+pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+    char *tkt, *var;
+    void *user;
+    const char *homedir = NULL;
+
+    if(pam_get_item (pamh, PAM_USER, &user) == PAM_SUCCESS) {
+	struct passwd *pwd;
+
+	pwd = getpwnam ((char *)user);
+	if (pwd != NULL)
+	    homedir = pwd->pw_dir;
+    }
+
+    pam_get_data(pamh, "KRBTKFILE", (const void**)&tkt);
+    var = malloc(strlen("KRBTKFILE=") + strlen(tkt) + 1);
+    strcpy(var, "KRBTKFILE=");
+    strcat(var, tkt);
+    putenv(var);
+    pam_putenv(pamh, var);
+    if(k_hasafs()){
+	k_setpag();
+	krb_afslog_home(0, 0, homedir);
+    }
+    return PAM_SUCCESS;
+}
+
+
+int
+pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+    dest_tkt();
+    if(k_hasafs())
+	k_unlog();
+    return PAM_SUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/auth/pam/pam.conf.add b/crypto/kerberosIV/lib/auth/pam/pam.conf.add
new file mode 100644
index 0000000..42497d2
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/pam/pam.conf.add
@@ -0,0 +1,76 @@
+To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch:
+
+--- /etc/pam.conf.DIST	Mon Jul 20 15:37:46 1998
++++ /etc/pam.conf	Tue Nov 30 18:47:22 1999
+@@ -4,12 +4,14 @@
+ #
+ # Authentication management
+ #
++login	auth sufficient	/usr/athena/lib/pam_krb4.so
+ login	auth required 	/usr/lib/security/pam_unix.so.1 
+ login	auth required 	/usr/lib/security/pam_dial_auth.so.1 
+ #
+ rlogin  auth sufficient /usr/lib/security/pam_rhosts_auth.so.1
+ rlogin	auth required 	/usr/lib/security/pam_unix.so.1
+ #
++dtlogin	auth sufficient	/usr/athena/lib/pam_krb4.so
+ dtlogin	auth required 	/usr/lib/security/pam_unix.so.1 
+ #
+ rsh	auth required	/usr/lib/security/pam_rhosts_auth.so.1
+@@ -24,6 +26,8 @@
+ #
+ # Session management
+ #
++dtlogin	session	required	/usr/athena/lib/pam_krb4.so
++login	session	required	/usr/athena/lib/pam_krb4.so
+ other	session required	/usr/lib/security/pam_unix.so.1 
+ #
+ # Password management
+---------------------------------------------------------------------------
+To enable PAM in /bin/login and xdm under Red Hat 6.1 apply these patches:
+
+--- /etc/pam.d/login~   Thu Jul  8 00:14:02 1999
++++ /etc/pam.d/login    Mon Aug 30 14:33:12 1999
+@@ -1,9 +1,12 @@
+ #%PAM-1.0
++# Updated to work with kerberos
++auth       sufficient   /lib/security/pam_krb4.so
+ auth       required    /lib/security/pam_securetty.so
+ auth       required    /lib/security/pam_pwdb.so shadow nullok
+ auth       required    /lib/security/pam_nologin.so
+ account    required    /lib/security/pam_pwdb.so
+ password   required    /lib/security/pam_cracklib.so
+ password   required    /lib/security/pam_pwdb.so nullok use_authtok shadow
++session    required     /lib/security/pam_krb4.so
+ session    required    /lib/security/pam_pwdb.so
+ session    optional    /lib/security/pam_console.so
+--- /etc/pam.d/xdm~     Mon Jun 14 17:39:05 1999
++++ /etc/pam.d/xdm      Mon Aug 30 14:54:51 1999
+@@ -1,8 +1,10 @@
+ #%PAM-1.0
++auth       sufficient   /lib/security/pam_krb4.so
+ auth       required    /lib/security/pam_pwdb.so shadow nullok
+ auth       required    /lib/security/pam_nologin.so
+ account    required    /lib/security/pam_pwdb.so
+ password   required    /lib/security/pam_cracklib.so
+ password   required    /lib/security/pam_pwdb.so shadow nullok use_authtok
++session    required     /lib/security/pam_krb4.so
+ session    required    /lib/security/pam_pwdb.so
+ session    optional     /lib/security/pam_console.so
+--------------------------------------------------------------------------
+
+This stuff may work under some other system.
+
+# To get this to work, you will have to add entries to /etc/pam.conf
+#
+# To make login kerberos-aware, you might change pam.conf to look
+# like:
+
+# login authorization
+login   auth       sufficient   /lib/security/pam_krb4.so
+login   auth       required     /lib/security/pam_securetty.so
+login   auth       required     /lib/security/pam_unix_auth.so
+login   account    required     /lib/security/pam_unix_acct.so
+login   password   required     /lib/security/pam_unix_passwd.so
+login   session    required     /lib/security/pam_krb4.so
+login   session    required     /lib/security/pam_unix_session.so
diff --git a/crypto/kerberosIV/lib/auth/sia/Makefile.am b/crypto/kerberosIV/lib/auth/sia/Makefile.am
new file mode 100644
index 0000000..5a58cb7
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/Makefile.am
@@ -0,0 +1,48 @@
+# $Id: Makefile.am,v 1.4 1999/04/08 12:36:40 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4)
+
+WFLAGS += $(WFLAGS_NOIMPLICITINT)
+
+DEFS = @DEFS@
+
+## this is horribly ugly, but automake/libtool doesn't allow us to
+## unconditionally build shared libraries, and it does not allow us to
+## link with non-installed libraries
+
+if KRB4
+KAFS=$(top_builddir)/lib/kafs/.libs/libkafs.a
+endif
+
+L = \
+	$(KAFS)						\
+	$(top_builddir)/lib/krb5/.libs/libkrb5.a	\
+	$(top_builddir)/lib/asn1/.libs/libasn1.a	\
+	$(LIB_krb4)					\
+	$(top_builddir)/lib/des/.libs/libdes.a		\
+	$(top_builddir)/lib/com_err/.libs/libcom_err.a	\
+	$(top_builddir)/lib/roken/.libs/libroken.a	\
+	$(LIB_getpwnam_r)				\
+	-lc
+
+EXTRA_DIST = sia.c krb5_matrix.conf krb5+c2_matrix.conf security.patch
+
+foodir = $(libdir)
+foo_DATA = libsia_krb5.so
+
+LDFLAGS = -rpath $(libdir) -hidden -exported_symbol siad_\* 
+
+OBJS = sia.o posix_getpw.o
+
+libsia_krb5.so: $(OBJS)
+	ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L)
+	ostrip -x -z $@
+
+CLEANFILES = libsia_krb5.so $(OBJS) so_locations
+
+SUFFIXES += .c .o
+
+.c.o:
+	$(COMPILE) -c $<
diff --git a/crypto/kerberosIV/lib/auth/sia/Makefile.in b/crypto/kerberosIV/lib/auth/sia/Makefile.in
new file mode 100644
index 0000000..69858bd
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/Makefile.in
@@ -0,0 +1,90 @@
+#
+# $Id: Makefile.in,v 1.30 1999/11/15 10:20:50 assar Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+PICFLAGS = @REAL_PICFLAGS@
+SHARED = @SHARED@
+LDSHARED = @LDSHARED@
+SHLIBEXT = @REAL_SHLIBEXT@
+LD_FLAGS = @REAL_LD_FLAGS@
+ 
+@lib_deps_yes@LIB_DEPS = -L../../kafs -lkafs		\
+@lib_deps_yes@	   -L../../kadm -lkadm			\
+@lib_deps_yes@	   -L../../krb -lkrb			\
+@lib_deps_yes@	   -L../../des -ldes			\
+@lib_deps_yes@	   -L../../com_err -lcom_err		\
+@lib_deps_yes@	   -L../../roken -lroken		\
+@lib_deps_yes@	   @LIB_getpwnam_r@			\
+@lib_deps_yes@	   -lc
+@lib_deps_no@LIB_DEPS =
+
+LIBNAME = libsia_krb4
+LIB = $(LIBNAME).$(SHLIBEXT)
+
+SOURCES = sia.c posix_getpw.c
+
+OBJECTS = sia.o posix_getpw.o
+
+all: $(LIB)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	-if test "$(LIB)" != ""; then \
+	  $(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
+	fi
+
+uninstall:
+	-if test "$(LIB)" != ""; then \
+	  rm -f $(DESTDIR)$(libdir)/$(LIB) ; \
+	fi
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f $(LIB) *.o
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+$(OBJECTS): ../../../include/config.h
+
+$(LIB): $(OBJECTS)
+	rm -f $@
+	$(LDSHARED) -shared -o $@ -rpath $(libdir) -hidden -exported_symbol siad_\* $(OBJECTS) $(LIB_DEPS)
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/auth/sia/README b/crypto/kerberosIV/lib/auth/sia/README
new file mode 100644
index 0000000..6595734
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/README
@@ -0,0 +1,87 @@
+
+Digital SIA
+-----------
+
+To install the SIA module you will have to do the following:
+
+   * Make sure `libsia_krb4.so' is available in `/usr/athena/lib'. If
+     `/usr/athena' is not on local disk, you might want to put it in
+     `/usr/shlib' or someplace else. If you do, you'll have to edit
+     `krb4_matrix.conf' to reflect the new location (you will also have
+     to do this if you installed in some other directory than
+     `/usr/athena'). If you built with shared libraries, you will have
+     to copy the shared `libkrb.so', `libdes.so', `libkadm.so', and
+     `libkafs.so' to a place where the loader can find them (such as
+     `/usr/shlib').
+
+   * Copy (your possibly edited) `krb4_matrix.conf' to `/etc/sia'.
+
+   * Apply `security.patch' to `/sbin/init.d/security'.
+
+   * Turn on KRB4 security by issuing `rcmgr set SECURITY KRB4' and
+     `rcmgr set KRB4_MATRIX_CONF krb4_matrix.conf'.
+
+   * Digital thinks you should reboot your machine, but that really
+     shouldn't be necessary.  It's usually sufficient just to run
+     `/sbin/init.d/security start' (and restart any applications that
+     use SIA, like `xdm'.)
+
+Users with local passwords (like `root') should be able to login safely.
+
+When using Digital's xdm the `KRBTKFILE' environment variable isn't
+passed along as it should (since xdm zaps the environment). Instead you
+have to set `KRBTKFILE' to the correct value in
+`/usr/lib/X11/xdm/Xsession'. Add a line similar to
+     KRBTKFILE=/tmp/tkt`id -u`_`ps -o ppid= -p $$`; export KRBTKFILE
+If you use CDE, `dtlogin' allows you to specify which additional
+environment variables it should export. To add `KRBTKFILE' to this
+list, edit `/usr/dt/config/Xconfig', and look for the definition of
+`exportList'. You want to add something like:
+     Dtlogin.exportList:     KRBTKFILE
+
+Notes to users with Enhanced security
+.....................................
+
+Digital's `ENHANCED' (C2) security, and Kerberos solves two different
+problems. C2 deals with local security, adds better control of who can
+do what, auditing, and similar things. Kerberos deals with network
+security.
+
+To make C2 security work with Kerberos you will have to do the
+following.
+
+   * Replace all occurencies of `krb4_matrix.conf' with
+     `krb4+c2_matrix.conf' in the directions above.
+
+   * You must enable "vouching" in the `default' database.  This will
+     make the OSFC2 module trust other SIA modules, so you can login
+     without giving your C2 password. To do this use `edauth' to edit
+     the default entry `/usr/tcb/bin/edauth -dd default', and add a
+     `d_accept_alternate_vouching' capability, if not already present.
+
+   * For each user that does _not_ have a local C2 password, you should
+     set the password expiration field to zero. You can do this for each
+     user, or in the `default' table. To do this use `edauth' to set
+     (or change) the `u_exp' capability to `u_exp#0'.
+
+   * You also need to be aware that the shipped `login', `rcp', and
+     `rshd', doesn't do any particular C2 magic (such as checking to
+     various forms of disabled accounts), so if you rely on those
+     features, you shouldn't use those programs. If you configure with
+     `--enable-osfc2', these programs will, however, set the login UID.
+     Still: use at your own risk.
+
+At present `su' does not accept the vouching flag, so it will not work
+as expected.
+
+Also, kerberised ftp will not work with C2 passwords. You can solve this
+by using both Digital's ftpd and our on different ports.
+
+*Remember*, if you do these changes you will get a system that most
+certainly does _not_ fulfill the requirements of a C2 system. If C2 is
+what you want, for instance if someone else is forcing you to use it,
+you're out of luck.  If you use enhanced security because you want a
+system that is more secure than it would otherwise be, you probably got
+an even more secure system. Passwords will not be sent in the clear,
+for instance.
+
diff --git a/crypto/kerberosIV/lib/auth/sia/krb4+c2_matrix.conf b/crypto/kerberosIV/lib/auth/sia/krb4+c2_matrix.conf
new file mode 100644
index 0000000..4b90e02
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/krb4+c2_matrix.conf
@@ -0,0 +1,58 @@
+# Copyright (c) 1998 Kungliga Tekniska H�gskolan
+# (Royal Institute of Technology, Stockholm, Sweden). 
+# All rights reserved. 
+#
+# Redistribution and use in source and binary forms, with or without 
+# modification, are permitted provided that the following conditions 
+# are met: 
+#
+# 1. Redistributions of source code must retain the above copyright 
+#    notice, this list of conditions and the following disclaimer. 
+#
+# 2. Redistributions in binary form must reproduce the above copyright 
+#    notice, this list of conditions and the following disclaimer in the 
+#    documentation and/or other materials provided with the distribution. 
+#
+# 3. Neither the name of the Institute nor the names of its contributors 
+#    may be used to endorse or promote products derived from this software 
+#    without specific prior written permission. 
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+# SUCH DAMAGE. 
+
+# $Id: krb4+c2_matrix.conf,v 1.4 1999/12/02 16:58:37 joda Exp $
+
+# sia matrix configuration file (Kerberos 4 + C2)
+
+siad_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_chk_invoker=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_authent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_estab=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_launch=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_suauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_reauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_finger=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_password=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_shell=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_getpwent=(BSD,libc.so)
+siad_getpwuid=(BSD,libc.so)
+siad_getpwnam=(BSD,libc.so)
+siad_setpwent=(BSD,libc.so)
+siad_endpwent=(BSD,libc.so)
+siad_getgrent=(BSD,libc.so)
+siad_getgrgid=(BSD,libc.so)
+siad_getgrnam=(BSD,libc.so)
+siad_setgrent=(BSD,libc.so)
+siad_endgrent=(BSD,libc.so)
+siad_ses_release=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chk_user=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
diff --git a/crypto/kerberosIV/lib/auth/sia/krb4_matrix.conf b/crypto/kerberosIV/lib/auth/sia/krb4_matrix.conf
new file mode 100644
index 0000000..4f55a81
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/krb4_matrix.conf
@@ -0,0 +1,59 @@
+# Copyright (c) 1998 Kungliga Tekniska H�gskolan
+# (Royal Institute of Technology, Stockholm, Sweden). 
+# All rights reserved. 
+#
+# Redistribution and use in source and binary forms, with or without 
+# modification, are permitted provided that the following conditions 
+# are met: 
+#
+# 1. Redistributions of source code must retain the above copyright 
+#    notice, this list of conditions and the following disclaimer. 
+#
+# 2. Redistributions in binary form must reproduce the above copyright 
+#    notice, this list of conditions and the following disclaimer in the 
+#    documentation and/or other materials provided with the distribution. 
+#
+# 3. Neither the name of the Institute nor the names of its contributors 
+#    may be used to endorse or promote products derived from this software 
+#    without specific prior written permission. 
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+# SUCH DAMAGE. 
+
+# $Id: krb4_matrix.conf,v 1.6 1999/12/02 16:58:37 joda Exp $
+
+# sia matrix configuration file (Kerberos 4 + BSD)
+
+siad_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) 
+siad_chk_invoker=(BSD,libc.so)
+siad_ses_init=(KRB4,/usr/athena/lib/libsia_krb4.so)
+siad_ses_authent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_ses_estab=(BSD,libc.so)
+siad_ses_launch=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_ses_suauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_ses_reauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_chg_finger=(BSD,libc.so)
+siad_chg_password=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_chg_shell=(BSD,libc.so)
+siad_getpwent=(BSD,libc.so)
+siad_getpwuid=(BSD,libc.so)
+siad_getpwnam=(BSD,libc.so)
+siad_setpwent=(BSD,libc.so)
+siad_endpwent=(BSD,libc.so)
+siad_getgrent=(BSD,libc.so)
+siad_getgrgid=(BSD,libc.so)
+siad_getgrnam=(BSD,libc.so)
+siad_setgrent=(BSD,libc.so)
+siad_endgrent=(BSD,libc.so)
+siad_ses_release=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_chk_user=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+
diff --git a/crypto/kerberosIV/lib/auth/sia/krb5+c2_matrix.conf b/crypto/kerberosIV/lib/auth/sia/krb5+c2_matrix.conf
new file mode 100644
index 0000000..c2952e2
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/krb5+c2_matrix.conf
@@ -0,0 +1,27 @@
+# $Id: krb5+c2_matrix.conf,v 1.2 1998/11/26 20:58:18 assar Exp $
+
+# sia matrix configuration file (Kerberos 5 + C2)
+
+siad_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so)
+siad_chk_invoker=(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_authent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_estab=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_launch=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_suauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_reauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_finger=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_password=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_shell=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_getpwent=(BSD,libc.so)
+siad_getpwuid=(BSD,libc.so)
+siad_getpwnam=(BSD,libc.so)
+siad_setpwent=(BSD,libc.so)
+siad_endpwent=(BSD,libc.so)
+siad_getgrent=(BSD,libc.so)
+siad_getgrgid=(BSD,libc.so)
+siad_getgrnam=(BSD,libc.so)
+siad_setgrent=(BSD,libc.so)
+siad_endgrent=(BSD,libc.so)
+siad_ses_release=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chk_user=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
diff --git a/crypto/kerberosIV/lib/auth/sia/krb5_matrix.conf b/crypto/kerberosIV/lib/auth/sia/krb5_matrix.conf
new file mode 100644
index 0000000..e49366a
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/krb5_matrix.conf
@@ -0,0 +1,27 @@
+# $Id: krb5_matrix.conf,v 1.1 1997/05/15 18:34:18 joda Exp $
+
+# sia matrix configuration file (Kerberos 5 + BSD)
+
+siad_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so) 
+siad_chk_invoker=(BSD,libc.so)
+siad_ses_init=(KRB5,/usr/athena/lib/libsia_krb5.so)
+siad_ses_authent=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so)
+siad_ses_estab=(BSD,libc.so)
+siad_ses_launch=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so)
+siad_ses_suauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so)
+siad_ses_reauthent=(BSD,libc.so)
+siad_chg_finger=(BSD,libc.so)
+siad_chg_password=(BSD,libc.so)
+siad_chg_shell=(BSD,libc.so)
+siad_getpwent=(BSD,libc.so)
+siad_getpwuid=(BSD,libc.so)
+siad_getpwnam=(BSD,libc.so)
+siad_setpwent=(BSD,libc.so)
+siad_endpwent=(BSD,libc.so)
+siad_getgrent=(BSD,libc.so)
+siad_getgrgid=(BSD,libc.so)
+siad_getgrnam=(BSD,libc.so)
+siad_setgrent=(BSD,libc.so)
+siad_endgrent=(BSD,libc.so)
+siad_ses_release=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so)
+siad_chk_user=(BSD,libc.so)
diff --git a/crypto/kerberosIV/lib/auth/sia/posix_getpw.c b/crypto/kerberosIV/lib/auth/sia/posix_getpw.c
new file mode 100644
index 0000000..c5961dc
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/posix_getpw.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "sia_locl.h"
+
+RCSID("$Id: posix_getpw.c,v 1.1 1999/03/21 17:07:02 joda Exp $");
+
+#ifndef POSIX_GETPWNAM_R
+/* 
+ * These functions translate from the old Digital UNIX 3.x interface
+ * to POSIX.1c.
+ */
+
+int
+posix_getpwnam_r(const char *name, struct passwd *pwd, 
+		 char *buffer, int len, struct passwd **result)
+{
+    int ret = getpwnam_r(name, pwd, buffer, len);
+    if(ret == 0)
+	*result = pwd;
+    else{
+	*result = NULL;
+	ret = _Geterrno();
+	if(ret == 0){
+	    ret = ERANGE;
+	    _Seterrno(ret);
+	}
+    }
+    return ret;
+}
+
+int
+posix_getpwuid_r(uid_t uid, struct passwd *pwd, 
+		 char *buffer, int len, struct passwd **result)
+{
+    int ret = getpwuid_r(uid, pwd, buffer, len);
+    if(ret == 0)
+	*result = pwd;
+    else{
+	*result = NULL;
+	ret = _Geterrno();
+	if(ret == 0){
+	    ret = ERANGE;
+	    _Seterrno(ret);
+	}
+    }
+    return ret;
+}
+#endif /* POSIX_GETPWNAM_R */
diff --git a/crypto/kerberosIV/lib/auth/sia/security.patch b/crypto/kerberosIV/lib/auth/sia/security.patch
new file mode 100644
index 0000000..c407876
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/security.patch
@@ -0,0 +1,11 @@
+--- /sbin/init.d/security~      Tue Aug 20 22:44:09 1996
++++ /sbin/init.d/security       Fri Nov  1 14:52:56 1996
+@@ -49,7 +49,7 @@
+                    SECURITY=BASE
+                fi
+                ;;
+-       BASE)
++       BASE|KRB4)
+                ;;
+        *)
+                echo "security configuration set to default (BASE)."
diff --git a/crypto/kerberosIV/lib/auth/sia/sia.c b/crypto/kerberosIV/lib/auth/sia/sia.c
new file mode 100644
index 0000000..73cd53e
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/sia.c
@@ -0,0 +1,672 @@
+/*
+ * Copyright (c) 1995-1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "sia_locl.h"
+
+RCSID("$Id: sia.c,v 1.32 1999/10/03 15:49:36 joda Exp $");
+
+int 
+siad_init(void)
+{
+    return SIADSUCCESS;
+}
+
+int 
+siad_chk_invoker(void)
+{
+    SIA_DEBUG(("DEBUG", "siad_chk_invoker"));
+    return SIADFAIL;
+}
+
+int 
+siad_ses_init(SIAENTITY *entity, int pkgind)
+{
+    struct state *s = malloc(sizeof(*s));
+    SIA_DEBUG(("DEBUG", "siad_ses_init"));
+    if(s == NULL)
+	return SIADFAIL;
+    memset(s, 0, sizeof(*s));
+#ifdef SIA_KRB5
+    krb5_init_context(&s->context);
+#endif
+    entity->mech[pkgind] = (int*)s;
+    return SIADSUCCESS;
+}
+
+static int
+setup_name(SIAENTITY *e, prompt_t *p)
+{
+    SIA_DEBUG(("DEBUG", "setup_name"));
+    e->name = malloc(SIANAMEMIN + 1);
+    if(e->name == NULL){
+	SIA_DEBUG(("DEBUG", "failed to malloc %u bytes", SIANAMEMIN+1));
+	return SIADFAIL;
+    }
+    p->prompt = (unsigned char*)"login: ";
+    p->result = (unsigned char*)e->name;
+    p->min_result_length = 1;
+    p->max_result_length = SIANAMEMIN;
+    p->control_flags = 0;
+    return SIADSUCCESS;
+}
+
+static int
+setup_password(SIAENTITY *e, prompt_t *p)
+{
+    SIA_DEBUG(("DEBUG", "setup_password"));
+    e->password = malloc(SIAMXPASSWORD + 1);
+    if(e->password == NULL){
+	SIA_DEBUG(("DEBUG", "failed to malloc %u bytes", SIAMXPASSWORD+1));
+	return SIADFAIL;
+    }
+    p->prompt = (unsigned char*)"Password: ";
+    p->result = (unsigned char*)e->password;
+    p->min_result_length = 0;
+    p->max_result_length = SIAMXPASSWORD;
+    p->control_flags = SIARESINVIS;
+    return SIADSUCCESS;
+}
+
+
+static int
+doauth(SIAENTITY *entity, int pkgind, char *name)
+{
+    struct passwd pw, *pwd;
+    char pwbuf[1024];
+    struct state *s = (struct state*)entity->mech[pkgind];
+#ifdef SIA_KRB5
+    krb5_realm *realms, *r;
+    krb5_principal principal;
+    krb5_ccache ccache;
+    krb5_error_code ret;
+#endif
+#ifdef SIA_KRB4
+    char realm[REALM_SZ];
+    char *toname, *toinst;
+    int ret;
+    struct passwd fpw, *fpwd;
+    char fpwbuf[1024];
+    int secure;
+#endif
+	
+    if(getpwnam_r(name, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0){
+	SIA_DEBUG(("DEBUG", "failed to getpwnam(%s)", name));
+	return SIADFAIL;
+    }
+
+#ifdef SIA_KRB5
+    ret = krb5_get_default_realms(s->context, &realms);
+
+    for (r = realms; *r != NULL; ++r) {
+	krb5_make_principal (s->context, &principal, *r, entity->name, NULL);
+
+	if(krb5_kuserok(s->context, principal, entity->name))
+	    break;
+    }
+    krb5_free_host_realm (s->context, realms);
+    if (*r == NULL)
+	return SIADFAIL;
+
+    sprintf(s->ticket, "FILE:/tmp/krb5_cc%d_%d", pwd->pw_uid, getpid());
+    ret = krb5_cc_resolve(s->context, s->ticket, &ccache);
+    if(ret)
+	return SIADFAIL;
+#endif
+	
+#ifdef SIA_KRB4
+    snprintf(s->ticket, sizeof(s->ticket),
+	     TKT_ROOT "%u_%u", (unsigned)pwd->pw_uid, (unsigned)getpid());
+    krb_get_lrealm(realm, 1);
+    toname = name;
+    toinst = "";
+    if(entity->authtype == SIA_A_SUAUTH){
+	uid_t ouid;
+#ifdef HAVE_SIAENTITY_OUID
+	ouid = entity->ouid;
+#else
+	ouid = getuid();
+#endif
+	if(getpwuid_r(ouid, &fpw, fpwbuf, sizeof(fpwbuf), &fpwd) != 0){
+	    SIA_DEBUG(("DEBUG", "failed to getpwuid(%u)", ouid));
+	    return SIADFAIL;
+	}
+	snprintf(s->ticket, sizeof(s->ticket), TKT_ROOT "_%s_to_%s_%d", 
+		 fpwd->pw_name, pwd->pw_name, getpid());
+	if(strcmp(pwd->pw_name, "root") == 0){
+	    toname = fpwd->pw_name;
+	    toinst = pwd->pw_name;
+	}
+    }
+    if(entity->authtype == SIA_A_REAUTH) 
+	snprintf(s->ticket, sizeof(s->ticket), "%s", tkt_string());
+    
+    krb_set_tkt_string(s->ticket);
+	
+    setuid(0); /* XXX fix for fix in tf_util.c */
+    if(krb_kuserok(toname, toinst, realm, name)){
+	SIA_DEBUG(("DEBUG", "%s.%s@%s is not allowed to login as %s", 
+		   toname, toinst, realm, name));
+	return SIADFAIL;
+    }
+#endif
+#ifdef SIA_KRB5
+    ret = krb5_verify_user_lrealm(s->context, principal, ccache,
+				  entity->password, 1, NULL);
+    if(ret){
+	/* if this is most likely a local user (such as
+	   root), just silently return failure when the
+	   principal doesn't exist */
+	if(ret != KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN && 
+	   ret != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
+	    SIALOG("WARNING", "krb5_verify_user(%s): %s", 
+		   entity->name, error_message(ret));
+	return SIADFAIL;
+    }
+#endif
+#ifdef SIA_KRB4
+    if (getuid () == 0)
+	secure = KRB_VERIFY_SECURE;
+    else
+	secure = KRB_VERIFY_NOT_SECURE;
+	
+    ret = krb_verify_user(toname, toinst, realm,
+			  entity->password, secure, NULL);
+    if(ret){
+	SIA_DEBUG(("DEBUG", "krb_verify_user: %s", krb_get_err_text(ret)));
+	if(ret != KDC_PR_UNKNOWN)
+	    /* since this is most likely a local user (such as
+	       root), just silently return failure when the
+	       principal doesn't exist */
+	    SIALOG("WARNING", "krb_verify_user(%s.%s): %s", 
+		   toname, toinst, krb_get_err_text(ret));
+	return SIADFAIL;
+    }
+#endif
+    if(sia_make_entity_pwd(pwd, entity) == SIAFAIL)
+	return SIADFAIL;
+    s->valid = 1;
+    return SIADSUCCESS;
+}
+
+
+static int 
+common_auth(sia_collect_func_t *collect, 
+	    SIAENTITY *entity, 
+	    int siastat,
+	    int pkgind)
+{
+    prompt_t prompts[2], *pr;
+    char *name;
+
+    SIA_DEBUG(("DEBUG", "common_auth"));
+    if((siastat == SIADSUCCESS) && (geteuid() == 0))
+	return SIADSUCCESS;
+    if(entity == NULL) {
+	SIA_DEBUG(("DEBUG", "entity == NULL"));
+	return SIADFAIL | SIADSTOP;
+    }
+    name = entity->name;
+    if(entity->acctname)
+	name = entity->acctname;
+    
+    if((collect != NULL) && entity->colinput) {
+	int num;
+	pr = prompts;
+	if(name == NULL){
+	    if(setup_name(entity, pr) != SIADSUCCESS)
+		return SIADFAIL;
+	    pr++;
+	}
+	if(entity->password == NULL){
+	    if(setup_password(entity, pr) != SIADSUCCESS)
+		return SIADFAIL;
+	    pr++;
+	}
+	num = pr - prompts;
+	if(num == 1){
+	    if((*collect)(240, SIAONELINER, (unsigned char*)"", num, 
+			  prompts) != SIACOLSUCCESS){
+		SIA_DEBUG(("DEBUG", "collect failed"));
+		return SIADFAIL | SIADSTOP;
+	    }
+	} else if(num > 0){
+	    if((*collect)(0, SIAFORM, (unsigned char*)"", num, 
+			  prompts) != SIACOLSUCCESS){
+		SIA_DEBUG(("DEBUG", "collect failed"));
+		return SIADFAIL | SIADSTOP;
+	    }
+	}
+    }
+    if(name == NULL)
+	name = entity->name;
+    if(name == NULL || name[0] == '\0'){
+	SIA_DEBUG(("DEBUG", "name is null"));
+	return SIADFAIL;
+    }
+
+    if(entity->password == NULL || strlen(entity->password) > SIAMXPASSWORD){
+	SIA_DEBUG(("DEBUG", "entity->password is null"));
+	return SIADFAIL;
+    }
+    
+    return doauth(entity, pkgind, name);
+}
+
+
+int 
+siad_ses_authent(sia_collect_func_t *collect, 
+		 SIAENTITY *entity, 
+		 int siastat,
+		 int pkgind)
+{
+    SIA_DEBUG(("DEBUG", "siad_ses_authent"));
+    return common_auth(collect, entity, siastat, pkgind);
+}
+
+int 
+siad_ses_estab(sia_collect_func_t *collect, 
+	       SIAENTITY *entity, int pkgind)
+{
+    SIA_DEBUG(("DEBUG", "siad_ses_estab"));
+    return SIADFAIL;
+}
+
+int 
+siad_ses_launch(sia_collect_func_t *collect,
+		SIAENTITY *entity,
+		int pkgind)
+{
+    static char env[MaxPathLen];
+    struct state *s = (struct state*)entity->mech[pkgind];
+    SIA_DEBUG(("DEBUG", "siad_ses_launch"));
+    if(s->valid){
+#ifdef SIA_KRB5
+	chown(s->ticket + sizeof("FILE:") - 1, 
+	      entity->pwd->pw_uid, 
+	      entity->pwd->pw_gid);
+	snprintf(env, sizeof(env), "KRB5CCNAME=%s", s->ticket);
+#endif
+#ifdef SIA_KRB4
+	chown(s->ticket, entity->pwd->pw_uid, entity->pwd->pw_gid);
+	snprintf(env, sizeof(env), "KRBTKFILE=%s", s->ticket);
+#endif
+	putenv(env);
+    }
+#ifdef KRB4
+    if (k_hasafs()) {
+	char cell[64];
+	k_setpag();
+	if(k_afs_cell_of_file(entity->pwd->pw_dir, cell, sizeof(cell)) == 0)
+	    krb_afslog(cell, 0);
+	krb_afslog_home(0, 0, entity->pwd->pw_dir);
+    }
+#endif
+    return SIADSUCCESS;
+}
+
+int 
+siad_ses_release(SIAENTITY *entity, int pkgind)
+{
+    SIA_DEBUG(("DEBUG", "siad_ses_release"));
+    if(entity->mech[pkgind]){
+#ifdef SIA_KRB5
+	struct state *s = (struct state*)entity->mech[pkgind];
+	krb5_free_context(s->context);
+#endif
+	free(entity->mech[pkgind]);
+    }
+    return SIADSUCCESS;
+}
+
+int 
+siad_ses_suauthent(sia_collect_func_t *collect,
+		   SIAENTITY *entity,
+		   int siastat,
+		   int pkgind)
+{
+    SIA_DEBUG(("DEBUG", "siad_ses_suauth"));
+    if(geteuid() != 0)
+	return SIADFAIL;
+    if(entity->name == NULL)
+	return SIADFAIL;
+    if(entity->name[0] == '\0') {
+	free(entity->name);
+	entity->name = strdup("root");
+	if (entity->name == NULL)
+	    return SIADFAIL;
+    }
+    return common_auth(collect, entity, siastat, pkgind);
+}
+
+int
+siad_ses_reauthent (sia_collect_func_t *collect,
+		    SIAENTITY *entity,
+		    int siastat,
+		    int pkgind)
+{
+    int ret;
+    SIA_DEBUG(("DEBUG", "siad_ses_reauthent"));
+    if(entity == NULL || entity->name == NULL)
+	return SIADFAIL;
+    ret = common_auth(collect, entity, siastat, pkgind);
+    if((ret & SIADSUCCESS)){
+	/* launch isn't (always?) called when doing reauth, so we must
+           duplicate some code here... */
+	struct state *s = (struct state*)entity->mech[pkgind];
+	chown(s->ticket, entity->pwd->pw_uid, entity->pwd->pw_gid);
+#ifdef KRB4
+	if(k_hasafs()) {
+	    char cell[64];
+	    if(k_afs_cell_of_file(entity->pwd->pw_dir, 
+				  cell, sizeof(cell)) == 0)
+		krb_afslog(cell, 0);
+	    krb_afslog_home(0, 0, entity->pwd->pw_dir);
+	}
+#endif
+    }
+    return ret;
+}
+
+int
+siad_chg_finger (sia_collect_func_t *collect,
+		     const char *username, 
+		     int argc, 
+		     char *argv[])
+{
+    SIA_DEBUG(("DEBUG", "siad_chg_finger"));
+    return SIADFAIL;
+}
+
+#ifdef SIA_KRB5
+int
+siad_chg_password (sia_collect_func_t *collect,
+		     const char *username, 
+		     int argc, 
+		     char *argv[])
+{
+    return SIADFAIL;
+}
+#endif
+
+#ifdef SIA_KRB4
+static void
+sia_message(sia_collect_func_t *collect, int rendition, 
+	    const char *title, const char *message)
+{
+    prompt_t prompt;
+    prompt.prompt = (unsigned char*)message;
+    (*collect)(0, rendition, (unsigned char*)title, 1, &prompt);
+}
+
+static int
+init_change(sia_collect_func_t *collect, krb_principal *princ)
+{
+    prompt_t prompt;
+    char old_pw[MAX_KPW_LEN+1];
+    char *msg;
+    char tktstring[128];
+    int ret;
+    
+    SIA_DEBUG(("DEBUG", "init_change"));
+    prompt.prompt = (unsigned char*)"Old password: ";
+    prompt.result = (unsigned char*)old_pw;
+    prompt.min_result_length = 0;
+    prompt.max_result_length = sizeof(old_pw) - 1;
+    prompt.control_flags = SIARESINVIS;
+    asprintf(&msg, "Changing password for %s", krb_unparse_name(princ));
+    if(msg == NULL){
+	SIA_DEBUG(("DEBUG", "out of memory"));
+	return SIADFAIL;
+    }
+    ret = (*collect)(60, SIAONELINER, (unsigned char*)msg, 1, &prompt);
+    free(msg);
+    SIA_DEBUG(("DEBUG", "ret = %d", ret));
+    if(ret != SIACOLSUCCESS)
+	return SIADFAIL;
+    snprintf(tktstring, sizeof(tktstring), 
+	     TKT_ROOT "_cpw_%u", (unsigned)getpid());
+    krb_set_tkt_string(tktstring);
+    
+    ret = krb_get_pw_in_tkt(princ->name, princ->instance, princ->realm, 
+			    PWSERV_NAME, KADM_SINST, 1, old_pw);
+    if (ret != KSUCCESS) {
+	SIA_DEBUG(("DEBUG", "krb_get_pw_in_tkt: %s", krb_get_err_text(ret)));
+	if (ret == INTK_BADPW)
+	    sia_message(collect, SIAWARNING, "", "Incorrect old password.");
+	else
+	    sia_message(collect, SIAWARNING, "", "Kerberos error.");
+	memset(old_pw, 0, sizeof(old_pw));
+	return SIADFAIL;
+    }
+    if(chown(tktstring, getuid(), -1) < 0){
+	dest_tkt();
+	return SIADFAIL;
+    }
+    memset(old_pw, 0, sizeof(old_pw));
+    return SIADSUCCESS;
+}
+
+int
+siad_chg_password (sia_collect_func_t *collect,
+		   const char *username, 
+		   int argc, 
+		   char *argv[])
+{
+    prompt_t prompts[2];
+    krb_principal princ;
+    int ret;
+    char new_pw1[MAX_KPW_LEN+1];
+    char new_pw2[MAX_KPW_LEN+1];
+    static struct et_list *et_list;
+
+    set_progname(argv[0]);
+
+    SIA_DEBUG(("DEBUG", "siad_chg_password"));
+    if(collect == NULL)
+	return SIADFAIL;
+
+    if(username == NULL)
+	username = getlogin();
+
+    ret = krb_parse_name(username, &princ);
+    if(ret)
+	return SIADFAIL;
+    if(princ.realm[0] == '\0')
+	krb_get_lrealm(princ.realm, 1);
+
+    if(et_list == NULL) {
+	initialize_kadm_error_table_r(&et_list);
+	initialize_krb_error_table_r(&et_list);
+    }
+
+    ret = init_change(collect, &princ);
+    if(ret != SIADSUCCESS)
+	return ret;
+
+again:
+    prompts[0].prompt = (unsigned char*)"New password: ";
+    prompts[0].result = (unsigned char*)new_pw1;
+    prompts[0].min_result_length = MIN_KPW_LEN;
+    prompts[0].max_result_length = sizeof(new_pw1) - 1;
+    prompts[0].control_flags = SIARESINVIS;
+    prompts[1].prompt = (unsigned char*)"Verify new password: ";
+    prompts[1].result = (unsigned char*)new_pw2;
+    prompts[1].min_result_length = MIN_KPW_LEN;
+    prompts[1].max_result_length = sizeof(new_pw2) - 1;
+    prompts[1].control_flags = SIARESINVIS;
+    if((*collect)(120, SIAFORM, (unsigned char*)"", 2, prompts) != 
+       SIACOLSUCCESS) {
+	dest_tkt();
+	return SIADFAIL;
+    }
+    if(strcmp(new_pw1, new_pw2) != 0){
+	sia_message(collect, SIAWARNING, "", "Password mismatch.");
+	goto again;
+    }
+    ret = kadm_check_pw(new_pw1);
+    if(ret) {
+	sia_message(collect, SIAWARNING, "", com_right(et_list, ret));
+	goto again;
+    }
+    
+    memset(new_pw2, 0, sizeof(new_pw2));
+    ret = kadm_init_link (PWSERV_NAME, KRB_MASTER, princ.realm);
+    if (ret != KADM_SUCCESS)
+	sia_message(collect, SIAWARNING, "Error initing kadmin connection", 
+		    com_right(et_list, ret));
+    else {
+	des_cblock newkey;
+	char *pw_msg; /* message from server */
+
+	des_string_to_key(new_pw1, &newkey);
+	ret = kadm_change_pw_plain((unsigned char*)&newkey, new_pw1, &pw_msg);
+	memset(newkey, 0, sizeof(newkey));
+      
+	if (ret == KADM_INSECURE_PW)
+	    sia_message(collect, SIAWARNING, "Insecure password", pw_msg);
+	else if (ret != KADM_SUCCESS)
+	    sia_message(collect, SIAWARNING, "Error changing password", 
+			com_right(et_list, ret));
+    }
+    memset(new_pw1, 0, sizeof(new_pw1));
+
+    if (ret != KADM_SUCCESS)
+	sia_message(collect, SIAWARNING, "", "Password NOT changed.");
+    else
+	sia_message(collect, SIAINFO, "", "Password changed.");
+    
+    dest_tkt();
+    if(ret)
+	return SIADFAIL;
+    return SIADSUCCESS;
+}
+#endif
+
+int
+siad_chg_shell (sia_collect_func_t *collect,
+		     const char *username, 
+		     int argc, 
+		     char *argv[])
+{
+    return SIADFAIL;
+}
+
+int
+siad_getpwent(struct passwd *result, 
+	      char *buf, 
+	      int bufsize, 
+	      struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_getpwuid (uid_t uid, 
+	       struct passwd *result, 
+	       char *buf, 
+	       int bufsize, 
+	       struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_getpwnam (const char *name, 
+	       struct passwd *result, 
+	       char *buf, 
+	       int bufsize, 
+	       struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_setpwent (struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_endpwent (struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_getgrent(struct group *result, 
+	      char *buf, 
+	      int bufsize, 
+	      struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_getgrgid (gid_t gid, 
+	       struct group *result, 
+	       char *buf, 
+	       int bufsize, 
+	       struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_getgrnam (const char *name, 
+	       struct group *result, 
+	       char *buf, 
+	       int bufsize, 
+	       struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_setgrent (struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_endgrent (struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_chk_user (const char *logname, int checkflag)
+{
+    if(checkflag != CHGPASSWD)
+	return SIADFAIL;
+    return SIADSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/auth/sia/sia_locl.h b/crypto/kerberosIV/lib/auth/sia/sia_locl.h
new file mode 100644
index 0000000..0f3f74d
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/sia_locl.h
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+/* $Id: sia_locl.h,v 1.2 1999/04/01 16:09:22 joda Exp $ */
+
+#ifndef __sia_locl_h__
+#define __sia_locl_h__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
+#include <siad.h>
+#include <pwd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+#ifdef KRB5
+#define SIA_KRB5
+#elif defined(KRB4)
+#define SIA_KRB4
+#endif
+
+#ifdef SIA_KRB5
+#include <krb5.h>
+#include <com_err.h>
+#endif
+#ifdef SIA_KRB4
+#include <krb.h>
+#include <krb_err.h>
+#include <kadm.h>
+#include <kadm_err.h>
+#endif
+#ifdef KRB4
+#include <kafs.h>
+#endif
+
+#include <roken.h>
+
+#ifndef POSIX_GETPWNAM_R
+
+#define getpwnam_r posix_getpwnam_r
+#define getpwuid_r posix_getpwuid_r
+
+#endif /* POSIX_GETPWNAM_R */
+
+#ifndef DEBUG
+#define SIA_DEBUG(X)
+#else
+#define SIA_DEBUG(X) SIALOG X
+#endif
+
+struct state{
+#ifdef SIA_KRB5
+    krb5_context context;
+    krb5_auth_context auth_context;
+#endif
+    char ticket[MaxPathLen];
+    int valid;
+};
+
+#endif /* __sia_locl_h__ */
diff --git a/crypto/kerberosIV/lib/kadm/Makefile.in b/crypto/kerberosIV/lib/kadm/Makefile.in
new file mode 100644
index 0000000..ba97c5d
--- /dev/null
+++ b/crypto/kerberosIV/lib/kadm/Makefile.in
@@ -0,0 +1,125 @@
+#
+# $Id: Makefile.in,v 1.47 1998/10/13 16:50:44 joda Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+LN_S = @LN_S@
+DEFS = @DEFS@ -DROKEN_RENAME
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+COMPILE_ET = ../com_err/compile_et
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+top_builddir = ../..
+
+includedir = @includedir@
+
+incdir = $(includedir)
+inc_DATA = kadm_err.h
+idir = $(top_builddir)/include
+
+PICFLAGS = @PICFLAGS@
+
+@lib_deps_yes@LIB_DEPS = -L../krb -lkrb \
+@lib_deps_yes@	   -L../des -ldes \
+@lib_deps_yes@	   -lc
+@lib_deps_no@LIB_DEPS = 
+
+build_symlink_command   = @build_symlink_command@
+install_symlink_command = @install_symlink_command@
+
+LIBNAME = $(LIBPREFIX)kadm
+LIBEXT = @LIBEXT@
+LIBPREFIX = @LIBPREFIX@
+EXECSUFFIX = @EXECSUFFIX@
+SHLIBEXT = @SHLIBEXT@
+LDSHARED = @LDSHARED@
+LIB = $(LIBNAME).$(LIBEXT)
+
+SOURCES = kadm_cli_wrap.c kadm_err.c kadm_stream.c kadm_supp.c check_password.c
+
+OBJECTS = kadm_cli_wrap.o kadm_err.o kadm_stream.o kadm_supp.o check_password.o
+
+all: $(LIB) all-local
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I. -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB)
+	@install_symlink_command@
+	$(MKINSTALLDIRS) $(DESTDIR)$(includedir)
+	@for i in $(inc_DATA); do \
+	echo "  $(INSTALL_DATA) $$i $(DESTDIR)$(incdir)/$$i";\
+	$(INSTALL_DATA) $$i $(DESTDIR)$(incdir)/$$i; done
+
+uninstall:
+	rm -f $(DESTDIR)$(libdir)/$(LIB)
+	@for i in $(inc_DATA); do \
+	echo "  rm -f $(DESTDIR)$(incdir)/$$i";\
+	rm -f $(DESTDIR)$(incdir)/$$i; done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f $(LIB) *.o *.a *.so *.so.* so_locations kadm_err.c kadm_err.h
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~ roken_rename.h
+
+realclean: distclean
+	rm -f TAGS
+
+$(LIBNAME).a: $(OBJECTS)
+	rm -f $@
+	$(AR) cr $@ $(OBJECTS)
+	-$(RANLIB) $@
+
+$(LIBNAME).$(SHLIBEXT): $(OBJECTS)
+	rm -f $@
+	$(LDSHARED) -o $@ $(OBJECTS) $(LIB_DEPS)
+	@build_symlink_command@
+
+kadm_err.c kadm_err.h: $(srcdir)/kadm_err.et
+	$(COMPILE_ET) $(srcdir)/kadm_err.et
+
+$(OBJECTS): ../../include/config.h roken_rename.h
+$(OBJECTS): kadm_err.h kadm_locl.h
+
+roken_rename.h:
+	$(LN_S) $(srcdir)/../krb/roken_rename.h .
+
+all-local: $(inc_DATA)
+	@for i in $(inc_DATA); do \
+		if cmp -s  $$i $(idir)/$$i 2> /dev/null ; then :; else\
+			echo " $(INSTALL_DATA) $$i $(idir)/$$i"; \
+			$(INSTALL_DATA) $$i $(idir)/$$i; \
+		fi ; \
+	done
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean all-local
diff --git a/crypto/kerberosIV/lib/kadm/check_password.c b/crypto/kerberosIV/lib/kadm/check_password.c
new file mode 100644
index 0000000..ba6ba48
--- /dev/null
+++ b/crypto/kerberosIV/lib/kadm/check_password.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "kadm_locl.h"
+RCSID("$Id: check_password.c,v 1.3 1999/12/02 16:58:39 joda Exp $");
+
+/* This is a client side password check. Should perhaps be merged with
+   kadmind version that lives in pw_check.c */
+
+int
+kadm_check_pw (const char *password)
+{
+    const char *t;
+    if (strlen(password) == 0)
+	return KADM_PASS_Q_NULL;
+    if (strlen(password) < MIN_KPW_LEN)
+	return KADM_PASS_Q_TOOSHORT;
+    
+    /* Don't allow all lower case passwords regardless of length */
+    for (t = password; *t && islower((unsigned char)*t); t++)
+	;
+    if (*t == '\0')
+	return KADM_PASS_Q_CLASS;
+    return 0;
+}
diff --git a/crypto/kerberosIV/lib/kadm/kadm.h b/crypto/kerberosIV/lib/kadm/kadm.h
new file mode 100644
index 0000000..fd3d75b
--- /dev/null
+++ b/crypto/kerberosIV/lib/kadm/kadm.h
@@ -0,0 +1,156 @@
+/*
+ * $Id: kadm.h,v 1.17 1998/10/23 14:25:55 joda Exp $
+ *
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Definitions for Kerberos administration server & client
+ */
+
+#ifndef KADM_DEFS
+#define KADM_DEFS
+
+/*
+ * kadm.h
+ * Header file for the fourth attempt at an admin server
+ * Doug Church, December 28, 1989, MIT Project Athena
+ */
+
+#include <krb_db.h>
+
+/* The global structures for the client and server */
+typedef struct {
+  struct sockaddr_in admin_addr;
+  struct sockaddr_in my_addr;
+  int my_addr_len;
+  int admin_fd;			/* file descriptor for link to admin server */
+  char sname[ANAME_SZ];		/* the service name */
+  char sinst[INST_SZ];		/* the services instance */
+  char krbrlm[REALM_SZ];
+} Kadm_Client;
+
+typedef struct {		/* status of the server, i.e the parameters */
+   int inter;			/* Space for command line flags */
+   char *sysfile;		/* filename of server */
+} admin_params;			/* Well... it's the admin's parameters */
+
+/* Largest password length to be supported */
+#define MAX_KPW_LEN	128
+/* Minimum allowed password length */
+#define MIN_KPW_LEN	6
+
+/* Largest packet the admin server will ever allow itself to return */
+#define KADM_RET_MAX 2048
+
+/* That's right, versions are 8 byte strings */
+#define KADM_VERSTR	"KADM0.0A"
+#define KADM_ULOSE	"KYOULOSE"	/* sent back when server can't
+					   decrypt client's msg */
+#define KADM_VERSIZE strlen(KADM_VERSTR)
+
+/* the lookups for the server instances */
+#define PWSERV_NAME  "changepw"
+#define KADM_SNAME   "kerberos_master"
+#define KADM_PORT    751
+#define KADM_SINST   "kerberos"
+
+/* Attributes fields constants and macros */
+#define ALLOC        2
+#define RESERVED     3
+#define DEALLOC      4
+#define DEACTIVATED  5
+#define ACTIVE       6
+
+/* Kadm_vals structure for passing db fields into the server routines */
+#define FLDSZ        4
+
+/* XXX enable new extended kadm fields */
+#define EXTENDED_KADM 1
+
+typedef struct {
+    u_int8_t	fields[FLDSZ];     /* The active fields in this struct */
+    char	name[ANAME_SZ];
+    char	instance[INST_SZ];
+    u_int32_t	key_low;
+    u_int32_t	key_high;
+    u_int32_t	exp_date;
+    u_int16_t	attributes;
+    u_int8_t	max_life;
+#ifdef EXTENDED_KADM
+    u_int32_t	mod_date;
+    char	mod_name[ANAME_SZ];
+    char	mod_instance[INST_SZ];
+    u_int8_t	key_version;
+#endif
+} Kadm_vals;                    /* The basic values structure in Kadm */
+
+/* Need to define fields types here */
+#define KADM_NAME       31
+#define KADM_INST       30
+#define KADM_EXPDATE    29
+#define KADM_ATTR       28
+#define KADM_MAXLIFE    27
+#define KADM_DESKEY     26
+
+#ifdef EXTENDED_KADM
+#define KADM_MODDATE	25
+#define KADM_MODNAME	24
+#define KADM_MODINST	23
+#define KADM_KVNO	22
+#endif
+
+/* To set a field entry f in a fields structure d */
+#define SET_FIELD(f,d)  (d[3-(f/8)]|=(1<<(f%8)))
+
+/* To set a field entry f in a fields structure d */
+#define CLEAR_FIELD(f,d)  (d[3-(f/8)]&=(~(1<<(f%8))))
+
+/* Is field f in fields structure d */
+#define IS_FIELD(f,d)   (d[3-(f/8)]&(1<<(f%8)))
+
+/* Various return codes */
+#define KADM_SUCCESS    0
+
+#define WILDCARD_STR "*"
+
+enum acl_types {
+ADDACL,
+GETACL,
+MODACL,
+STABACL, /* not used */
+DELACL
+};
+
+/* Various opcodes for the admin server's functions */
+#define CHANGE_PW    2
+#define ADD_ENT      3
+#define MOD_ENT      4
+#define GET_ENT      5
+#define CHECK_PW     6 /* not used */
+#define CHG_STAB     7 /* not used */
+#define DEL_ENT	     8
+
+void prin_vals __P((Kadm_vals *));
+int stv_long __P((u_char *, u_int32_t *, int, int));
+int vts_long __P((u_int32_t, u_char **, int));
+int vts_string __P((char *, u_char **, int));
+int stv_string __P((u_char *, char *, int, int, int));
+
+int stream_to_vals __P((u_char *, Kadm_vals *, int));
+int vals_to_stream __P((Kadm_vals *, u_char **));
+
+int kadm_init_link __P((char *, char *, char *));
+int kadm_change_pw __P((unsigned char *));
+int kadm_change_pw_plain __P((unsigned char *, char *, char**));
+int kadm_change_pw2 __P((unsigned char *, char *, char**));
+int kadm_mod __P((Kadm_vals *, Kadm_vals *));
+int kadm_get __P((Kadm_vals *, u_char *));
+int kadm_add __P((Kadm_vals *));
+int kadm_del __P((Kadm_vals *));
+void kadm_vals_to_prin __P((u_char *, Principal *, Kadm_vals *));
+void kadm_prin_to_vals __P((u_char *, Kadm_vals *, Principal *));
+int kadm_check_pw __P((const char*));
+
+#endif /* KADM_DEFS */
diff --git a/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c b/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c
new file mode 100644
index 0000000..8403014
--- /dev/null
+++ b/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c
@@ -0,0 +1,625 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+/*
+ * Kerberos administration server client-side routines
+ */
+
+/*
+ * kadm_cli_wrap.c the client side wrapping of the calls to the admin server 
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: kadm_cli_wrap.c,v 1.27 1999/09/16 20:41:46 assar Exp $");
+
+static Kadm_Client client_parm;
+
+/* Macros for use in returning data... used in kadm_cli_send */
+#define RET_N_FREE(r) {clear_secrets(); free(act_st); free(priv_pak); return r;}
+
+/* Keys for use in the transactions */
+static des_cblock sess_key;	       /* to be filled in by kadm_cli_keyd */
+static des_key_schedule sess_sched;
+
+static void
+clear_secrets(void)
+{
+	memset(sess_key, 0, sizeof(sess_key));
+	memset(sess_sched, 0, sizeof(sess_sched));
+}
+
+static RETSIGTYPE (*opipe)();
+
+static void
+kadm_cli_disconn(void)
+{
+    close(client_parm.admin_fd);
+    signal(SIGPIPE, opipe);
+}
+
+/*
+ * kadm_init_link
+ *	receives    : name, inst, realm
+ *
+ * initializes client parm, the Kadm_Client structure which holds the 
+ * data about the connection between the server and client, the services 
+ * used, the locations and other fun things 
+ */
+
+int
+kadm_init_link(char *n, char *i, char *r)
+{
+	struct hostent *hop;	       /* host we will talk to */
+	char adm_hostname[MaxHostNameLen];
+
+	init_kadm_err_tbl();
+	init_krb_err_tbl();
+	strlcpy(client_parm.sname, n, ANAME_SZ);
+	strlcpy(client_parm.sinst, i, INST_SZ);
+	strlcpy(client_parm.krbrlm, r, REALM_SZ);
+	client_parm.admin_fd = -1;
+
+	/* set up the admin_addr - fetch name of admin host */
+	if (krb_get_admhst(adm_hostname, client_parm.krbrlm, 1) != KSUCCESS)
+		return KADM_NO_HOST;
+	if ((hop = gethostbyname(adm_hostname)) == NULL)
+		return KADM_UNK_HOST;
+	memset(&client_parm.admin_addr, 0, sizeof(client_parm.admin_addr));
+	client_parm.admin_addr.sin_port = 
+	  k_getportbyname(KADM_SNAME, "tcp", htons(KADM_PORT));
+	client_parm.admin_addr.sin_family = hop->h_addrtype;
+	memcpy(&client_parm.admin_addr.sin_addr, hop->h_addr,
+	       sizeof(client_parm.admin_addr.sin_addr));
+
+	return KADM_SUCCESS;
+}
+
+static int
+kadm_cli_conn(void)
+{					/* this connects and sets my_addr */
+    client_parm.admin_fd =
+	socket(client_parm.admin_addr.sin_family, SOCK_STREAM, 0);
+
+    if (client_parm.admin_fd < 0)
+	return KADM_NO_SOCK;		/* couldn't create the socket */
+    if (connect(client_parm.admin_fd,
+		(struct sockaddr *) & client_parm.admin_addr,
+		sizeof(client_parm.admin_addr))) {
+	close(client_parm.admin_fd);
+	client_parm.admin_fd = -1;
+	return KADM_NO_CONN;		/* couldn't get the connect */
+    }
+    opipe = signal(SIGPIPE, SIG_IGN);
+    client_parm.my_addr_len = sizeof(client_parm.my_addr);
+    if (getsockname(client_parm.admin_fd,
+		    (struct sockaddr *) & client_parm.my_addr,
+		    &client_parm.my_addr_len) < 0) {
+	close(client_parm.admin_fd);
+	client_parm.admin_fd = -1;
+	signal(SIGPIPE, opipe);
+	return KADM_NO_HERE;		/* couldn't find out who we are */
+    }
+#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
+    {
+	int on = 1;
+
+	if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE,
+		       (void *)&on,
+		       sizeof(on)) < 0) {
+	    close(client_parm.admin_fd);
+	    client_parm.admin_fd = -1;
+	    signal(SIGPIPE, opipe);
+	    return KADM_NO_CONN;		/* XXX */
+	}
+    }
+#endif
+    return KADM_SUCCESS;
+}
+
+/* takes in the sess_key and key_schedule and sets them appropriately */
+static int
+kadm_cli_keyd(des_cblock (*s_k), /* session key */
+	      struct des_ks_struct *s_s) /* session key schedule */
+{
+	CREDENTIALS cred;	       /* to get key data */
+	int stat;
+
+	/* want .sname and .sinst here.... */
+	if ((stat = krb_get_cred(client_parm.sname, client_parm.sinst,
+				 client_parm.krbrlm, &cred)))
+		return stat + krb_err_base;
+	memcpy(s_k, cred.session, sizeof(des_cblock));
+	memset(cred.session, 0, sizeof(des_cblock));
+#ifdef NOENCRYPTION
+	memset(s_s, 0, sizeof(des_key_schedule));
+#else
+	if ((stat = des_key_sched(s_k,s_s)))
+		return stat+krb_err_base;
+#endif
+	return KADM_SUCCESS;
+}				       /* This code "works" */
+
+static int
+kadm_cli_out(u_char *dat, int dat_len, u_char **ret_dat, int *ret_siz)
+{
+	u_int16_t dlen;
+	int retval;
+	char tmp[4];
+
+	dlen = (u_int16_t) dat_len;
+
+	if (dat_len != (int)dlen)
+		return (KADM_NO_ROOM);
+
+	tmp[0] = (dlen >> 8) & 0xff;
+	tmp[1] = dlen & 0xff;
+	if (krb_net_write(client_parm.admin_fd, tmp, 2) != 2)
+	    return (errno);	       /* XXX */
+
+	if (krb_net_write(client_parm.admin_fd, dat, dat_len) < 0)
+		return (errno);	       /* XXX */
+
+	
+	if ((retval = krb_net_read(client_parm.admin_fd, tmp, 2)) != 2){
+	    if (retval < 0)
+		return(errno);		/* XXX */
+	    else
+		return(EPIPE);		/* short read ! */
+	}
+	dlen = (tmp[0] << 8) | tmp[1];
+
+	*ret_dat = malloc(dlen);
+	if (*ret_dat == NULL)
+	    return(KADM_NOMEM);
+
+	if ((retval = krb_net_read(client_parm.admin_fd,  *ret_dat,
+				   dlen) != dlen)) {
+	    if (retval < 0)
+		return(errno);		/* XXX */
+	    else
+		return(EPIPE);		/* short read ! */
+	}
+	*ret_siz = (int) dlen;
+	return KADM_SUCCESS;
+}
+
+/*
+ * kadm_cli_send
+ *	recieves   : opcode, packet, packet length, serv_name, serv_inst
+ *	returns    : return code from the packet build, the server, or
+ *			 something else 
+ *
+ * It assembles a packet as follows:
+ *	 8 bytes    : VERSION STRING
+ *	 4 bytes    : LENGTH OF MESSAGE DATA and OPCODE
+ *		    : KTEXT
+ *		    : OPCODE       \
+ *		    : DATA          > Encrypted (with make priv)
+ *		    : ......       / 
+ *
+ * If it builds the packet and it is small enough, then it attempts to open the
+ * connection to the admin server.  If the connection is succesfully open
+ * then it sends the data and waits for a reply. 
+ */
+static int
+kadm_cli_send(u_char *st_dat,	/* the actual data */
+	      int st_siz,	/* length of said data */
+	      u_char **ret_dat,	/* to give return info */
+	      int *ret_siz)	/* length of returned info */
+{
+	int act_len, retdat;	/* current offset into packet, return
+				 * data */
+	KTEXT_ST authent;	/* the authenticator we will build */
+	u_char *act_st;		/* the pointer to the complete packet */
+	u_char *priv_pak;	/* private version of the packet */
+	int priv_len;		/* length of private packet */
+	u_int32_t cksum;	/* checksum of the packet */
+	MSG_DAT mdat;
+	u_char *return_dat;
+	int tmp;
+	void *tmp_ptr;
+
+	act_st = malloc(KADM_VERSIZE); /* verstr stored first */
+	if (act_st == NULL) {
+	    clear_secrets ();
+	    return KADM_NOMEM;
+	}
+	memcpy(act_st, KADM_VERSTR, KADM_VERSIZE);
+	act_len = KADM_VERSIZE;
+
+	if ((retdat = kadm_cli_keyd(&sess_key, sess_sched)) != KADM_SUCCESS) {
+		free(act_st);
+		clear_secrets();
+		return retdat;	       /* couldnt get key working */
+	}
+	priv_pak = malloc(st_siz + 200);
+	/* 200 bytes for extra info case */
+	if (priv_pak == NULL) {
+	    free(act_st);
+	    clear_secrets ();
+	    return KADM_NOMEM;
+	}
+	priv_len = krb_mk_priv(st_dat, priv_pak, st_siz,
+			       sess_sched, &sess_key, &client_parm.my_addr,
+			       &client_parm.admin_addr);
+
+	if (priv_len < 0)
+		RET_N_FREE(KADM_NO_ENCRYPT);	/* whoops... we got a lose
+						 * here */
+	/* here is the length of priv data.  receiver calcs
+	 size of authenticator by subtracting vno size, priv size, and
+	 sizeof(u_int32_t) (for the size indication) from total size */
+
+	tmp = vts_long(priv_len, &act_st, act_len);
+	if (tmp < 0)
+	    RET_N_FREE(KADM_NOMEM);
+	act_len += tmp;
+#ifdef NOENCRYPTION
+	cksum = 0;
+#else
+	cksum = des_quad_cksum((des_cblock *)priv_pak,
+			       (des_cblock *)0, priv_len, 0,
+			       &sess_key);
+#endif
+	
+	retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst,
+			    client_parm.krbrlm, cksum);
+
+	if (retdat) {
+	    /* authenticator? */
+	    RET_N_FREE(retdat + krb_err_base);
+	}
+
+	tmp_ptr = realloc(act_st,
+			  act_len + authent.length + priv_len);
+	if (tmp_ptr == NULL) {
+	    clear_secrets();
+	    free (priv_pak);
+	    free (act_st);
+	    return KADM_NOMEM;
+	}
+	act_st = tmp_ptr;
+	memcpy(act_st + act_len, authent.dat, authent.length);
+	memcpy(act_st + act_len + authent.length, priv_pak, priv_len);
+	free(priv_pak);
+	retdat = kadm_cli_out(act_st,
+			      act_len + authent.length + priv_len,
+			      ret_dat, ret_siz);
+	free(act_st);
+	if (retdat != KADM_SUCCESS) {
+	    clear_secrets();
+	    return retdat;
+	}
+#define RET_N_FREE2(r) {free(*ret_dat); clear_secrets(); return(r);}
+
+	/* first see if it's a YOULOUSE */
+	if ((*ret_siz >= KADM_VERSIZE) &&
+	    !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE)) {
+	    unsigned char *p;
+	    /* it's a youlose packet */
+	    if (*ret_siz < KADM_VERSIZE + 4)
+		RET_N_FREE2(KADM_BAD_VER);
+	    p = (*ret_dat)+KADM_VERSIZE;
+	    retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+	    RET_N_FREE2(retdat);
+	}
+	/* need to decode the ret_dat */
+	retdat = krb_rd_priv(*ret_dat, (u_int32_t)*ret_siz, sess_sched,
+			     &sess_key, &client_parm.admin_addr,
+			     &client_parm.my_addr, &mdat);
+	if (retdat)
+	    RET_N_FREE2(retdat+krb_err_base);
+	if (mdat.app_length < KADM_VERSIZE + 4)
+	    /* too short! */
+	    RET_N_FREE2(KADM_BAD_VER);
+	if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE))
+	    /* bad version */
+	    RET_N_FREE2(KADM_BAD_VER);
+	{
+	    unsigned char *p = mdat.app_data+KADM_VERSIZE;
+	    retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+	}
+	{
+	  int s = mdat.app_length - KADM_VERSIZE - 4;
+
+	  if(s <= 0)
+	      s=1;
+	  return_dat = malloc(s);
+	  if (return_dat == NULL)
+	      RET_N_FREE2(KADM_NOMEM);
+	}
+	memcpy(return_dat,
+	       (char *) mdat.app_data + KADM_VERSIZE + 4,
+	       mdat.app_length - KADM_VERSIZE - 4);
+	free(*ret_dat);
+	clear_secrets();
+	*ret_dat = return_dat;
+	*ret_siz = mdat.app_length - KADM_VERSIZE - 4;
+	return retdat;
+}
+
+
+
+/* 
+ * kadm_change_pw_plain
+ *
+ * see kadm_change_pw
+ *
+ */
+int kadm_change_pw_plain(unsigned char *newkey, char *password, char **pw_msg)
+{
+	int stsize, retc;	       /* stream size and return code */
+	u_char *send_st;	       /* send stream */
+	u_char *ret_st;
+	int ret_sz;
+	int status;
+	static char msg[128];
+
+	/* possible problem with vts_long on a non-multiple of four boundary */
+
+	stsize = 0;		       /* start of our output packet */
+	send_st = malloc(9);
+	if (send_st == NULL)
+	    return KADM_NOMEM;
+	send_st[stsize++] = (u_char) CHANGE_PW;
+	memcpy(send_st + stsize + 4, newkey, 4); /* yes, this is backwards */
+	memcpy(send_st + stsize, newkey + 4, 4);
+	stsize += 8;
+
+	/* change key to stream */
+
+	if(password && *password) {
+	    int tmp = vts_string(password, &send_st, stsize);
+
+	    if (tmp < 0) {
+		free(send_st);
+		return KADM_NOMEM;
+	    }
+	    stsize += tmp;
+	}
+
+	if ((retc = kadm_cli_conn()) != KADM_SUCCESS) {
+	    free(send_st);
+	    return(retc);
+	}
+	retc = kadm_cli_send(send_st, stsize, &ret_st, &ret_sz);
+	free(send_st);
+	
+	if(retc != KADM_SUCCESS){
+	  status = stv_string(ret_st, msg, 0, sizeof(msg), ret_sz);
+	  if(status<0)
+	    msg[0]=0;
+	  *pw_msg=msg;
+	}
+
+	if (ret_st)
+	    free(ret_st);
+	
+	kadm_cli_disconn();
+	return(retc);
+}
+
+/*
+ * This function is here for compatibility with CNS
+ */
+
+int kadm_change_pw2(unsigned char *newkey, char *password, char **pw_msg)
+{
+    return kadm_change_pw_plain (newkey, password, pw_msg);
+}
+
+
+/*
+ * kadm_change_pw
+ * recieves    : key 
+ *
+ * Replaces the password (i.e. des key) of the caller with that specified in
+ * key. Returns no actual data from the master server, since this is called
+ * by a user 
+ */
+
+int kadm_change_pw(unsigned char *newkey)
+{
+  char *pw_msg;
+  return kadm_change_pw_plain(newkey, "", &pw_msg);
+}
+
+/*
+ * kadm_add
+ * 	receives    : vals
+ * 	returns     : vals 
+ *
+ * Adds and entry containing values to the database returns the values of the
+ * entry, so if you leave certain fields blank you will be able to determine
+ * the default values they are set to 
+ */
+int
+kadm_add(Kadm_vals *vals)
+{
+	u_char *st, *st2;	       /* st will hold the stream of values */
+	int st_len;		       /* st2 the final stream with opcode */
+	int retc;		       /* return code from call */
+	u_char *ret_st;
+	int ret_sz;
+
+	st_len = vals_to_stream(vals, &st);
+	st2 = malloc(1 + st_len);
+	if (st2 == NULL) {
+	    free(st);
+	    return KADM_NOMEM;
+	}
+	*st2 = (u_char) ADD_ENT;       /* here's the opcode */
+	memcpy((char *) st2 + 1, st, st_len);	/* append st on */
+	free(st);
+
+	if ((retc = kadm_cli_conn()) != KADM_SUCCESS) {
+	    free(st2);
+	    return(retc);
+	}
+	retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz);
+	free(st2);
+	if (retc == KADM_SUCCESS) {
+	    /* ret_st has vals */
+	    if (stream_to_vals(ret_st, vals, ret_sz) < 0)
+		retc = KADM_LENGTH_ERROR;
+	    free(ret_st);
+	}
+	kadm_cli_disconn();
+	return(retc);
+}
+
+/*
+ * kadm_mod
+ * 	receives    : KTEXT, {values, values}
+ *	returns     : CKSUM,  RETCODE, {values} 
+ *	acl         : su, sms (as register or dealloc) 
+ *
+ * Modifies all entries corresponding to the first values so they match the
+ * second values. returns the values for the changed entries in vals2
+ */
+int
+kadm_mod(Kadm_vals *vals1, Kadm_vals *vals2)
+{
+	u_char *st, *st2;	       /* st will hold the stream of values */
+	int st_len, nlen;	       /* st2 the final stream with opcode */
+	u_char *ret_st;
+	int ret_sz;
+	void *tmp_ptr;
+
+	/* nlen is the length of second vals */
+	int retc;		       /* return code from call */
+
+	st_len = vals_to_stream(vals1, &st);
+	st2 = malloc(1 + st_len);
+	if (st2 == NULL) {
+	    free(st);
+	    return KADM_NOMEM;
+	}
+	*st2 = (u_char) MOD_ENT;       /* here's the opcode */
+	memcpy((char *)st2 + 1, st, st_len++); /* append st on */
+	free(st);
+	nlen = vals_to_stream(vals2, &st);
+	tmp_ptr = realloc(st2, st_len + nlen);
+	if (tmp_ptr == NULL) {
+	    free(st);
+	    free(st2);
+	    return KADM_NOMEM;
+	}
+	st2 = tmp_ptr;
+	memcpy((char *) st2 + st_len, st, nlen); /* append st on */
+	free(st);
+
+	if ((retc = kadm_cli_conn()) != KADM_SUCCESS) {
+	    free(st2);
+	    return(retc);
+	}
+
+	retc = kadm_cli_send(st2, st_len + nlen, &ret_st, &ret_sz);
+	free(st2);
+	if (retc == KADM_SUCCESS) {
+	    /* ret_st has vals */
+	    if (stream_to_vals(ret_st, vals2, ret_sz) < 0)
+		retc = KADM_LENGTH_ERROR;
+	    free(ret_st);
+	}
+	kadm_cli_disconn();
+	return(retc);
+}
+
+
+int
+kadm_del(Kadm_vals *vals)
+{
+    unsigned char *st, *st2;	       /* st will hold the stream of values */
+    int st_len;		       /* st2 the final stream with opcode */
+    int retc;		       /* return code from call */
+    u_char *ret_st;
+    int ret_sz;
+    
+    st_len = vals_to_stream(vals, &st);
+    st2 = malloc(st_len + 1);
+    if (st2 == NULL) {
+	free(st);
+	return KADM_NOMEM;
+    }
+    *st2 = DEL_ENT;       /* here's the opcode */
+    memcpy(st2 + 1, st, st_len);	/* append st on */
+    free (st);
+
+    if ((retc = kadm_cli_conn()) != KADM_SUCCESS) {
+	free(st2);
+	return(retc);
+    }
+    retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz);
+    free(st2);
+    kadm_cli_disconn();
+    return(retc);
+}
+
+
+/*
+ * kadm_get
+ * 	receives   : KTEXT, {values, flags} 
+ *	returns    : CKSUM, RETCODE, {count, values, values, values}
+ *	acl        : su 
+ *
+ * gets the fields requested by flags from all entries matching values returns
+ * this data for each matching recipient, after a count of how many such
+ * matches there were 
+ */
+int
+kadm_get(Kadm_vals *vals, u_char *fl)
+{
+	int loop;		       /* for copying the fields data */
+	u_char *st, *st2;	       /* st will hold the stream of values */
+	int st_len;		       /* st2 the final stream with opcode */
+	int retc;		       /* return code from call */
+	u_char *ret_st;
+	int ret_sz;
+
+	st_len = vals_to_stream(vals, &st);
+	st2 = malloc(1 + st_len + FLDSZ);
+	if (st2 == NULL) {
+	    free(st);
+	    return KADM_NOMEM;
+	}
+	*st2 = (u_char) GET_ENT;       /* here's the opcode */
+	memcpy((char *)st2 + 1, st, st_len); /* append st on */
+	free(st);
+	for (loop = FLDSZ - 1; loop >= 0; loop--)
+		*(st2 + st_len + FLDSZ - loop) = fl[loop]; /* append the flags */
+
+	if ((retc = kadm_cli_conn()) != KADM_SUCCESS) {
+	    free(st2);
+	    return(retc);
+	}
+	retc = kadm_cli_send(st2, st_len + 1 + FLDSZ,  &ret_st, &ret_sz);
+	free(st2);
+	if (retc == KADM_SUCCESS) {
+	    /* ret_st has vals */
+	    if (stream_to_vals(ret_st, vals, ret_sz) < 0)
+		retc = KADM_LENGTH_ERROR;
+	    free(ret_st);
+	}
+	kadm_cli_disconn();
+	return(retc);
+}
diff --git a/crypto/kerberosIV/lib/kadm/kadm_err.et b/crypto/kerberosIV/lib/kadm/kadm_err.et
new file mode 100644
index 0000000..097e87c
--- /dev/null
+++ b/crypto/kerberosIV/lib/kadm/kadm_err.et
@@ -0,0 +1,67 @@
+# $Id: kadm_err.et,v 1.5 1998/01/16 23:11:27 joda Exp $
+#
+# Copyright 1988 by the Massachusetts Institute of Technology.
+#
+# For copying and distribution information, please see the file
+# <mit-copyright.h>.
+#
+# Kerberos administration server error table
+#
+# $FreeBSD$
+#
+	et	kadm
+
+# KADM_SUCCESS, as all success codes should be, is zero
+
+ec KADM_RCSID,		"$Id: kadm_err.et,v 1.5 1998/01/16 23:11:27 joda Exp $"
+# /* Building and unbuilding the packet errors */
+ec KADM_NO_REALM,	"Cannot fetch local realm"
+ec KADM_NO_CRED,	"Unable to fetch credentials"
+ec KADM_BAD_KEY,	"Bad key supplied"
+ec KADM_NO_ENCRYPT,	"Can't encrypt data"
+ec KADM_NO_AUTH,	"Cannot encode/decode authentication info"
+ec KADM_WRONG_REALM,	"Principal attemping change is in wrong realm"
+ec KADM_NO_ROOM,	"Packet is too large"
+ec KADM_BAD_VER,	"Version number is incorrect"
+ec KADM_BAD_CHK,	"Checksum does not match"
+ec KADM_NO_READ,	"Unsealing private data failed"
+ec KADM_NO_OPCODE,	"Unsupported operation"
+ec KADM_NO_HOST,	"Could not find administrating host"
+ec KADM_UNK_HOST,	"Administrating host name is unknown"
+ec KADM_NO_SERV,	"Could not find service name in services database"
+ec KADM_NO_SOCK,	"Could not create socket"
+ec KADM_NO_CONN,	"Could not connect to server"
+ec KADM_NO_HERE,	"Could not fetch local socket address"
+ec KADM_NO_MAST,	"Could not fetch master key"
+ec KADM_NO_VERI,	"Could not verify master key"
+
+# /* From the server side routines */
+ec KADM_INUSE,		"Entry already exists in database"
+ec KADM_UK_SERROR,	"Database store error"
+ec KADM_UK_RERROR,	"Database read error"
+ec KADM_UNAUTH,		"Insufficient access to perform requested operation"
+# KADM_DATA isn't really an error, but...
+ec KADM_DATA,		"Data is available for return to client"
+ec KADM_NOENTRY,	"No such entry in the database"
+
+ec KADM_NOMEM,		"Memory exhausted"
+ec KADM_NO_HOSTNAME,	"Could not fetch system hostname"
+ec KADM_NO_BIND,	"Could not bind port"
+ec KADM_LENGTH_ERROR,	"Length mismatch problem"
+ec KADM_ILL_WILDCARD,	"Illegal use of wildcard"
+
+ec KADM_DB_INUSE,	"Database is locked or in use--try again later"
+
+ec KADM_INSECURE_PW,    "Insecure password rejected"
+ec KADM_PW_MISMATCH,    "Cleartext password and DES key did not match"
+
+ec KADM_NOT_SERV_PRINC, "Invalid principal for change srvtab request"
+ec KADM_IMMUTABLE,	"Attempt do delete immutable principal"
+# password quality basically stolen from OV libkadm5
+index 64
+prefix KADM_PASS_Q
+ec NULL,		"Null passwords are not allowed"
+ec TOOSHORT,		"Password is too short"
+ec CLASS,		"Too few character classes in password"
+ec DICT,		"Password is in the password dictionary"
+end
diff --git a/crypto/kerberosIV/lib/kadm/kadm_locl.h b/crypto/kerberosIV/lib/kadm/kadm_locl.h
new file mode 100644
index 0000000..709a224
--- /dev/null
+++ b/crypto/kerberosIV/lib/kadm/kadm_locl.h
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kadm_locl.h,v 1.12 1999/12/02 16:58:39 joda Exp $ */
+
+#include "config.h"
+#include "protos.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <signal.h>
+#include <time.h>
+#include <errno.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
+#endif
+
+#include <roken.h>
+
+#include <des.h>
+#include <krb.h>
+#include <krb_err.h>
+#include <krb_db.h>
+#include <kadm.h>
+#include <kadm_err.h>
+
+int vts_long __P((u_int32_t, u_char **, int));
+int vals_to_stream __P((Kadm_vals *, u_char **));
+int stream_to_vals __P((u_char *, Kadm_vals *, int));
+
+int kadm_init_link __P((char n[], char i[], char r[]));
+int kadm_change_pw __P((des_cblock));
+int kadm_add __P((Kadm_vals *));
+int kadm_mod __P((Kadm_vals *, Kadm_vals *));
+int kadm_get __P((Kadm_vals *, u_char fl[4]));
+
+
diff --git a/crypto/kerberosIV/lib/kadm/kadm_stream.c b/crypto/kerberosIV/lib/kadm/kadm_stream.c
new file mode 100644
index 0000000..d890164
--- /dev/null
+++ b/crypto/kerberosIV/lib/kadm/kadm_stream.c
@@ -0,0 +1,353 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+/*
+ * Stream conversion functions for Kerberos administration server
+ */
+
+/*
+  kadm_stream.c
+  this holds the stream support routines for the kerberos administration server
+
+    vals_to_stream: converts a vals struct to a stream for transmission
+       internals build_field_header, vts_[string, char, long, short]
+    stream_to_vals: converts a stream to a vals struct
+       internals check_field_header, stv_[string, char, long, short]
+    error: prints out a kadm error message, returns
+    fatal: prints out a kadm fatal error message, exits
+*/
+
+#include "kadm_locl.h"
+
+RCSID("$Id: kadm_stream.c,v 1.13 1998/10/22 15:38:01 joda Exp $");
+
+static int
+build_field_header(u_char *cont, /* container for fields data */
+		   u_char **st)	/* stream */
+{
+  *st = malloc (4);
+  if (*st == NULL)
+      return -1;
+  memcpy(*st, cont, 4);
+  return 4;			/* return pointer to current stream location */
+}
+
+static int
+check_field_header(u_char *st,	/* stream */
+		   u_char *cont, /* container for fields data */
+		   int maxlen)
+{
+  if (4 > maxlen)
+      return(-1);
+  memcpy(cont, st, 4);
+  return 4;			/* return pointer to current stream location */
+}
+
+int
+vts_string(char *dat,		/* a string to put on the stream */
+	   u_char **st,		/* base pointer to the stream */
+	   int loc)		/* offset into the stream for current data */
+{
+  void *tmp;
+
+  tmp = realloc(*st, loc + strlen(dat) + 1);
+  if(tmp == NULL)
+    return -1;
+  memcpy((char *)tmp + loc, dat, strlen(dat)+1);
+  *st = tmp;
+  return strlen(dat)+1;
+}
+
+
+static int
+vts_short(u_int16_t dat,	/* the attributes field */
+	  u_char **st,		/* a base pointer to the stream */
+	  int loc)		/* offset into the stream for current data */
+{
+    unsigned char *p;
+
+    p = realloc(*st, loc + 2);
+    if(p == NULL)
+	return -1;
+    p[loc] = (dat >> 8) & 0xff;
+    p[loc+1] = dat & 0xff;
+    *st = p;
+    return 2;
+}
+
+static int
+vts_char(u_char dat,		/* the attributes field */
+	 u_char **st,		/* a base pointer to the stream */
+	 int loc)		/* offset into the stream for current data */
+{
+    unsigned char *p;
+
+    p = realloc(*st, loc + 1);
+
+    if(p == NULL)
+	return -1;
+    p[loc] = dat;
+    *st = p;
+    return 1;
+}
+
+int
+vts_long(u_int32_t dat,		/* the attributes field */
+	 u_char **st,		/* a base pointer to the stream */
+	 int loc)		/* offset into the stream for current data */
+{
+    unsigned char *p;
+
+    p = realloc(*st, loc + 4);
+    if(p == NULL)
+	return -1;
+    p[loc] = (dat >> 24) & 0xff;
+    p[loc+1] = (dat >> 16) & 0xff;
+    p[loc+2] = (dat >> 8) & 0xff;
+    p[loc+3] = dat & 0xff;
+    *st = p;
+    return 4;
+}
+    
+int
+stv_string(u_char *st,		/* base pointer to the stream */
+	   char *dat,		/* a string to read from the stream */
+	   int loc,		/* offset into the stream for current data */
+	   int stlen,		/* max length of string to copy in */
+	   int maxlen)		/* max length of input stream */
+{
+  int maxcount;				/* max count of chars to copy */
+  int len;
+
+  maxcount = min(maxlen - loc, stlen);
+
+  if(maxcount <= 0)
+      return -1;
+
+  len = strnlen ((char *)st + loc, maxlen - loc);
+
+  if (len >= stlen)
+      return -1;
+
+  memcpy(dat, st + loc, len);
+  dat[len] = '\0';
+  return len + 1;
+}
+
+static int
+stv_short(u_char *st,		/* a base pointer to the stream */
+	  u_int16_t *dat,	/* the attributes field */
+	  int loc,		/* offset into the stream for current data */
+	  int maxlen)
+{
+  if (maxlen - loc < 2)
+      return -1;
+  
+  *dat = (st[loc] << 8) | st[loc + 1];
+  return 2;
+}
+
+int
+stv_long(u_char *st,		/* a base pointer to the stream */
+	 u_int32_t *dat,	/* the attributes field */
+	 int loc,		/* offset into the stream for current data */
+	 int maxlen)		/* maximum length of st */
+{
+  if (maxlen - loc < 4)
+      return -1;
+  
+  *dat = (st[loc] << 24) | (st[loc+1] << 16) | (st[loc+2] << 8) | st[loc+3];
+  return 4;
+}
+    
+static int
+stv_char(u_char *st,		/* a base pointer to the stream */
+	 u_char *dat,		/* the attributes field */
+	 int loc,		/* offset into the stream for current data */
+	 int maxlen)
+{
+  if (maxlen - loc < 1)
+      return -1;
+  
+  *dat = st[loc];
+  return 1;
+}
+
+/* 
+vals_to_stream
+  recieves    : kadm_vals *, u_char *
+  returns     : a realloced and filled in u_char *
+     
+this function creates a byte-stream representation of the kadm_vals structure
+*/
+int
+vals_to_stream(Kadm_vals *dt_in, u_char **dt_out)
+{
+  int vsloop, stsize;		/* loop counter, stream size */
+
+  stsize = build_field_header(dt_in->fields, dt_out);
+  if (stsize < 0)
+      return stsize;
+  for (vsloop=31; vsloop>=0; vsloop--)
+    if (IS_FIELD(vsloop,dt_in->fields)) {
+      int tmp = 0;
+
+      switch (vsloop) {
+      case KADM_NAME:
+	  tmp = vts_string(dt_in->name, dt_out, stsize);
+	  break;
+      case KADM_INST:
+	  tmp = vts_string(dt_in->instance, dt_out, stsize);
+	  break;
+      case KADM_EXPDATE:
+	  tmp = vts_long(dt_in->exp_date, dt_out, stsize);
+	  break;
+      case KADM_ATTR:
+	  tmp = vts_short(dt_in->attributes, dt_out, stsize);
+	  break;
+      case KADM_MAXLIFE:
+	  tmp = vts_char(dt_in->max_life, dt_out, stsize);
+	  break;
+      case KADM_DESKEY: 
+	  tmp = vts_long(dt_in->key_high, dt_out, stsize);
+	  if(tmp > 0)
+	      tmp += vts_long(dt_in->key_low, dt_out, stsize + tmp);
+	  break;
+#ifdef EXTENDED_KADM
+      case KADM_MODDATE:
+	  tmp = vts_long(dt_in->mod_date, dt_out, stsize);
+	  break;
+      case KADM_MODNAME:
+	  tmp = vts_string(dt_in->mod_name, dt_out, stsize);
+	  break;
+      case KADM_MODINST:
+	  tmp = vts_string(dt_in->mod_instance, dt_out, stsize);
+	  break;
+      case KADM_KVNO:
+	  tmp = vts_char(dt_in->key_version, dt_out, stsize);
+	  break;
+#endif
+      default:
+	  break;
+      }
+      if (tmp < 0) {
+	  free(*dt_out);
+	  return tmp;
+      }
+      stsize += tmp;
+    }
+  return(stsize);
+}  
+
+/* 
+stream_to_vals
+  recieves    : u_char *, kadm_vals *
+  returns     : a kadm_vals filled in according to u_char *
+     
+this decodes a byte stream represntation of a vals struct into kadm_vals
+*/
+int
+stream_to_vals(u_char *dt_in,
+	       Kadm_vals *dt_out,
+	       int maxlen)	/* max length to use */
+{
+    int vsloop, stsize;		/* loop counter, stream size */
+    int status;
+
+    memset(dt_out, 0, sizeof(*dt_out));
+
+    stsize = check_field_header(dt_in, dt_out->fields, maxlen);
+    if (stsize < 0)
+	return(-1);
+    for (vsloop=31; vsloop>=0; vsloop--)
+	if (IS_FIELD(vsloop,dt_out->fields))
+	    switch (vsloop) {
+	    case KADM_NAME:
+		if ((status = stv_string(dt_in, dt_out->name, stsize,
+					 sizeof(dt_out->name), maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+	    case KADM_INST:
+		if ((status = stv_string(dt_in, dt_out->instance, stsize,
+					 sizeof(dt_out->instance), maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+	    case KADM_EXPDATE:
+		if ((status = stv_long(dt_in, &dt_out->exp_date, stsize,
+				       maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+	    case KADM_ATTR:
+		if ((status = stv_short(dt_in, &dt_out->attributes, stsize,
+					maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+	    case KADM_MAXLIFE:
+		if ((status = stv_char(dt_in, &dt_out->max_life, stsize,
+				       maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+	    case KADM_DESKEY:
+		if ((status = stv_long(dt_in, &dt_out->key_high, stsize,
+				       maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		if ((status = stv_long(dt_in, &dt_out->key_low, stsize,
+				       maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+#ifdef EXTENDED_KADM
+	    case KADM_MODDATE:
+		if ((status = stv_long(dt_in, &dt_out->mod_date, stsize,
+				       maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+	    case KADM_MODNAME:
+		if ((status = stv_string(dt_in, dt_out->mod_name, stsize,
+					 sizeof(dt_out->mod_name), maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+	    case KADM_MODINST:
+		if ((status = stv_string(dt_in, dt_out->mod_instance, stsize,
+					 sizeof(dt_out->mod_instance), maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+	    case KADM_KVNO:
+		if ((status = stv_char(dt_in, &dt_out->key_version, stsize,
+				       maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+#endif
+	    default:
+		break;
+	    }
+    return stsize;
+}  
diff --git a/crypto/kerberosIV/lib/kadm/kadm_supp.c b/crypto/kerberosIV/lib/kadm/kadm_supp.c
new file mode 100644
index 0000000..2a19cae
--- /dev/null
+++ b/crypto/kerberosIV/lib/kadm/kadm_supp.c
@@ -0,0 +1,188 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+/*
+ * Support functions for Kerberos administration server & clients
+ */
+
+/*
+  kadm_supp.c
+  this holds the support routines for the kerberos administration server
+
+    error: prints out a kadm error message, returns
+    fatal: prints out a kadm fatal error message, exits
+    prin_vals: prints out data associated with a Principal in the vals
+           structure
+*/
+
+#include "kadm_locl.h"
+    
+RCSID("$Id: kadm_supp.c,v 1.14 1999/09/16 20:41:46 assar Exp $");
+
+static void
+time2str(char *buf, size_t len, time_t t)
+{
+    strftime(buf, len, "%Y-%m-%d %H:%M:%S", localtime(&t));
+}
+
+/*
+prin_vals:
+  recieves    : a vals structure
+*/
+void
+prin_vals(Kadm_vals *vals)
+{
+    char date[32];
+    if(IS_FIELD(KADM_NAME, vals->fields) && IS_FIELD(KADM_INST, vals->fields))
+	printf("%20s: %s\n", "Principal", 
+	       krb_unparse_name_long(vals->name, vals->instance, NULL));
+    else {
+	printf("Dump of funny entry:\n");
+	if(IS_FIELD(KADM_NAME, vals->fields))
+	    printf("%20s: %s\n", "Name", vals->name);
+	if(IS_FIELD(KADM_INST, vals->fields))
+	    printf("%20s: %s\n", "Instance", vals->instance);
+    }
+    if(IS_FIELD(KADM_MAXLIFE, vals->fields))
+	printf("%20s: %d (%s)\n", "Max ticket life", 
+	       vals->max_life, 
+	       krb_life_to_atime(vals->max_life));
+    if(IS_FIELD(KADM_EXPDATE, vals->fields)) {
+	time2str(date, sizeof(date), vals->exp_date);
+	printf("%20s: %s\n", "Expiration date", date);
+    }
+    if(IS_FIELD(KADM_ATTR, vals->fields))
+	printf("%20s: %d\n", "Attributes",
+	       vals->attributes);
+    if(IS_FIELD(KADM_DESKEY, vals->fields))
+	printf("%20s: %#lx %#lx\n", "Key",
+	       (unsigned long)vals->key_low,
+	       (unsigned long)vals->key_high);
+
+#ifdef EXTENDED_KADM
+    if (IS_FIELD(KADM_MODDATE,vals->fields)) {
+	time2str(date, sizeof(date), vals->mod_date);
+	printf("%20s: %s\n", "Modification date", date);
+    }
+    if (IS_FIELD(KADM_MODNAME,vals->fields) && 
+	IS_FIELD(KADM_MODINST,vals->fields))
+	printf("%20s: %s\n", "Modifier", 
+	       krb_unparse_name_long(vals->mod_name, vals->mod_instance, NULL));
+    if (IS_FIELD(KADM_KVNO,vals->fields))
+	printf("%20s: %d\n", "Key version", vals->key_version);
+#endif
+
+#if 0
+    printf("Info in Database for %s.%s:\n", vals->name, vals->instance);
+    printf("   Max Life: %d (%s)   Exp Date: %s\n",
+	   vals->max_life,
+	   krb_life_to_atime(vals->max_life), 
+	   asctime(k_localtime(&vals->exp_date)));
+    printf("   Attribs: %.2x  key: %#lx %#lx\n",
+	   vals->attributes,
+	   (unsigned long)vals->key_low,
+	   (unsigned long)vals->key_high);
+#endif
+}
+
+/* kadm_prin_to_vals takes a fields arguments, a Kadm_vals and a Principal,
+   it copies the fields in Principal specified by fields into Kadm_vals, 
+   i.e from old to new */
+
+void
+kadm_prin_to_vals(u_char *fields, Kadm_vals *new, Principal *old)
+{
+    memset(new, 0, sizeof(*new));
+    if (IS_FIELD(KADM_NAME,fields)) {
+	strlcpy(new->name, old->name, ANAME_SZ); 
+	SET_FIELD(KADM_NAME, new->fields);
+    }
+    if (IS_FIELD(KADM_INST,fields)) {
+	strlcpy(new->instance, old->instance, INST_SZ); 
+	SET_FIELD(KADM_INST, new->fields);
+    }      
+    if (IS_FIELD(KADM_EXPDATE,fields)) {
+	new->exp_date   = old->exp_date; 
+	SET_FIELD(KADM_EXPDATE, new->fields);
+    }      
+    if (IS_FIELD(KADM_ATTR,fields)) {
+	new->attributes = old->attributes; 
+	SET_FIELD(KADM_ATTR, new->fields);
+    }      
+    if (IS_FIELD(KADM_MAXLIFE,fields)) {
+	new->max_life   = old->max_life; 
+	SET_FIELD(KADM_MAXLIFE, new->fields);
+    }      
+    if (IS_FIELD(KADM_DESKEY,fields)) {
+	new->key_low    = old->key_low; 
+	new->key_high   = old->key_high; 
+	SET_FIELD(KADM_DESKEY, new->fields);
+    }
+#ifdef EXTENDED_KADM
+    if (IS_FIELD(KADM_MODDATE,fields)) {
+	new->mod_date = old->mod_date;
+	SET_FIELD(KADM_MODDATE, new->fields);
+    }
+    if (IS_FIELD(KADM_MODNAME,fields)) {
+	strlcpy(new->mod_name, old->mod_name, ANAME_SZ);
+	SET_FIELD(KADM_MODNAME, new->fields);
+    }
+    if (IS_FIELD(KADM_MODINST,fields)) {
+	strlcpy(new->mod_instance, old->mod_instance, ANAME_SZ);
+	SET_FIELD(KADM_MODINST, new->fields);
+    }
+    if (IS_FIELD(KADM_KVNO,fields)) {
+	new->key_version = old->key_version;
+	SET_FIELD(KADM_KVNO, new->fields);
+    }
+#endif
+}
+
+void
+kadm_vals_to_prin(u_char *fields, Principal *new, Kadm_vals *old)
+{
+
+    memset(new, 0, sizeof(*new));
+    if (IS_FIELD(KADM_NAME,fields))
+	strlcpy(new->name, old->name, ANAME_SZ); 
+    if (IS_FIELD(KADM_INST,fields))
+	strlcpy(new->instance, old->instance, INST_SZ); 
+    if (IS_FIELD(KADM_EXPDATE,fields))
+	new->exp_date   = old->exp_date; 
+    if (IS_FIELD(KADM_ATTR,fields))
+	new->attributes = old->attributes; 
+    if (IS_FIELD(KADM_MAXLIFE,fields))
+	new->max_life   = old->max_life; 
+    if (IS_FIELD(KADM_DESKEY,fields)) {
+	new->key_low    = old->key_low; 
+	new->key_high   = old->key_high; 
+    }
+#ifdef EXTENDED_KADM
+    if (IS_FIELD(KADM_MODDATE,fields))
+	new->mod_date = old->mod_date;
+    if (IS_FIELD(KADM_MODNAME,fields))
+	strlcpy(new->mod_name, old->mod_name, ANAME_SZ);
+    if (IS_FIELD(KADM_MODINST,fields))
+	strlcpy(new->mod_instance, old->mod_instance, ANAME_SZ);
+    if (IS_FIELD(KADM_KVNO,fields))
+	new->key_version = old->key_version;
+#endif
+}
diff --git a/crypto/kerberosIV/lib/kafs/ChangeLog b/crypto/kerberosIV/lib/kafs/ChangeLog
new file mode 100644
index 0000000..c9cd032
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/ChangeLog
@@ -0,0 +1,165 @@
+1999-11-22  Assar Westerlund  <assar@sics.se>
+
+	* afskrb5.c (afslog_uid_int): handle d->realm == NULL
+	
+1999-11-17  Assar Westerlund  <assar@sics.se>
+
+	* afskrb5.c (afslog_uid_int): don't look at the local realm at
+ 	all.  just use the realm from the ticket file.
+
+1999-10-20  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: set version to 1:1:1
+
+	* afskrb5.c (get_cred): always request a DES key
+
+Mon Oct 18 17:40:21 1999  Bjoern Groenvall  <bg@mummel.sics.se>
+
+	* common.c (find_cells): Trim trailing whitespace from
+ 	cellname. Lines starting with # are regarded as comments.
+
+Fri Oct  8 18:17:22 1999  Bjoern Groenvall  <bg@mummel.sics.se>
+
+	* afskrb.c, common.c : Change code to make a clear distinction
+ 	between hinted realm and ticket realm.
+
+	* kafs_locl.h: Added argument realm_hint.
+
+	* common.c (_kafs_get_cred): Change code to acquire the ``best''
+ 	possible ticket. Use cross-cell authentication only as method of
+ 	last resort.
+
+	* afskrb.c (afslog_uid_int): Add realm_hint argument and extract
+ 	realm from ticket file.
+
+	* afskrb5.c (afslog_uid_int): Added argument realm_hint.
+
+1999-10-03  Assar Westerlund  <assar@sics.se>
+
+	* afskrb5.c (get_cred): update to new krb524_convert_creds_kdc
+
+1999-08-12  Johan Danielsson  <joda@pdc.kth.se>
+
+	* Makefile.am: ignore the comlicated aix construct if !krb4
+
+1999-07-26  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: set version to 1:0:1
+
+1999-07-22  Assar Westerlund  <assar@sics.se>
+
+	* afssysdefs.h: define AFS_SYSCALL to 73 for Solaris 2.7
+
+1999-07-07  Assar Westerlund  <assar@sics.se>
+
+	* afskrb5.c (krb5_realm_of_cell): new function
+
+	* afskrb.c (krb_realm_of_cell): new function
+	(afslog_uid_int): call krb_get_lrealm correctly
+
+1999-06-15  Assar Westerlund  <assar@sics.se>
+
+	* common.c (realm_of_cell): rename to _kafs_realm_of_cell and
+ 	un-staticize
+
+Fri Mar 19 14:52:29 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: add version-info
+
+Thu Mar 18 11:24:02 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: include Makefile.am.common
+
+Sat Feb 27 19:46:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: remove EXTRA_DATA (as of autoconf 2.13/automake
+ 	1.4)
+
+Thu Feb 11 22:57:37 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: set AIX_SRC also if !AIX
+
+Tue Dec  1 14:45:15 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: fix AIX linkage
+
+Sun Nov 22 10:40:44 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (WFLAGS): set
+
+Sat Nov 21 16:55:19 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* afskrb5.c: add homedir support
+
+Sun Sep  6 20:16:27 1998  Assar Westerlund  <assar@sics.se>
+
+	* add new functionality for specifying the homedir to krb_afslog
+ 	et al
+
+Thu Jul 16 01:27:19 1998  Assar Westerlund  <assar@sics.se>
+
+	* afssys.c: reorganize order of definitions.
+	(try_one, try_two): conditionalize
+
+Thu Jul  9 18:31:52 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* common.c (realm_of_cell): make the dns fallback work
+
+Wed Jul  8 01:39:44 1998  Assar Westerlund  <assar@sics.se>
+
+	* afssys.c (map_syscall_name_to_number): new function for finding
+ 	the number of a syscall given the name on solaris
+	(k_hasafs): try using map_syscall_name_to_number
+
+Tue Jun 30 17:19:00 1998  Assar Westerlund  <assar@sics.se>
+
+	* afssys.c: rewrite and add support for environment variable
+ 	AFS_SYSCALL
+
+	* Makefile.in (distclean): don't remove roken_rename.h
+
+Fri May 29 19:03:20 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (roken_rename.h): remove dependency
+
+Mon May 25 05:25:54 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (clean): try to remove shared library debris
+
+Sun Apr 19 09:58:40 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: add symlink magic for linux
+
+Sat Apr  4 15:08:48 1998  Assar Westerlund  <assar@sics.se>
+
+	* kafs.h: add arla paths
+
+	* common.c (_kafs_afslog_all_local_cells): Try _PATH_ARLA_*
+	(_realm_of_cell): Try _PATH_ARLA_CELLSERVDB
+
+Thu Feb 19 14:50:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* common.c: Don't store expired tokens (this broke when using
+ 	pag-less rsh-sessions, and `non-standard' ticket files).
+
+Thu Feb 12 11:20:15 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* Makefile.in: Install/uninstall one library at a time.
+
+Thu Feb 12 05:38:58 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (install): one library at a time.
+
+Mon Feb  9 23:40:32 1998  Assar Westerlund  <assar@sics.se>
+
+	* common.c (find_cells): ignore empty lines
+
+Tue Jan  6 04:25:58 1998  Assar Westerlund  <assar@sics.se>
+
+	* afssysdefs.h (AFS_SYSCALL): add FreeBSD
+
+Fri Jan  2 17:08:24 1998  Assar Westerlund  <assar@sics.se>
+
+	* kafs.h: new VICEIOCTL's.  From <rb@stacken.kth.se>
+
+	* afssysdefs.h: Add OpenBSD
diff --git a/crypto/kerberosIV/lib/kafs/Makefile.am b/crypto/kerberosIV/lib/kafs/Makefile.am
new file mode 100644
index 0000000..2333221
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/Makefile.am
@@ -0,0 +1,70 @@
+# $Id: Makefile.am,v 1.17 1999/10/19 23:54:05 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4) $(AFS_EXTRA_DEFS)
+
+if KRB4
+AFSLIBS = libkafs.la
+
+if AIX
+AFSL_EXP = $(srcdir)/afsl.exp
+
+if AIX4
+AFS_EXTRA_LD = -bnoentry
+else
+AFS_EXTRA_LD = -e _nostart
+endif
+
+if AIX_DYNAMIC_AFS
+if HAVE_DLOPEN
+AIX_SRC = 
+else
+AIX_SRC = dlfcn.c
+endif
+AFS_EXTRA_LIBS = afslib.so
+AFS_EXTRA_DEFS =
+else
+AIX_SRC = afslib.c
+AFS_EXTRA_LIBS = 
+AFS_EXTRA_DEFS = -DSTATIC_AFS
+endif
+
+else
+AFSL_EXP =
+AIX_SRC =
+endif # AIX
+
+else
+AFSLIBS = 
+endif # KRB4
+
+
+lib_LTLIBRARIES = $(AFSLIBS)
+libkafs_la_LDFLAGS = -version-info 1:1:1
+foodir = $(libdir)
+foo_DATA = $(AFS_EXTRA_LIBS)
+# EXTRA_DATA = afslib.so
+
+CLEANFILES= $(AFS_EXTRA_LIBS)
+
+include_HEADERS = kafs.h
+
+if KRB5
+afskrb5_c = afskrb5.c
+endif
+
+libkafs_la_SOURCES = afssys.c afskrb.c $(afskrb5_c) common.c $(AIX_SRC) kafs_locl.h afssysdefs.h
+#afslib_so_SOURCES = afslib.c
+
+EXTRA_libkafs_la_SOURCES = afskrb5.c dlfcn.c afslib.c dlfcn.h
+
+EXTRA_DIST = README.dlfcn afsl.exp afslib.exp
+
+
+# AIX: this almost works with gcc, but somehow it fails to use the
+# correct ld, use ld instead
+afslib.so: afslib.o
+	ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp $(AFS_EXTRA_LD) afslib.o -lc
+
+$(OBJECTS): ../../include/config.h
diff --git a/crypto/kerberosIV/lib/kafs/Makefile.in b/crypto/kerberosIV/lib/kafs/Makefile.in
new file mode 100644
index 0000000..cefca29
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/Makefile.in
@@ -0,0 +1,117 @@
+#
+# $Id: Makefile.in,v 1.50 1999/09/16 20:41:46 assar Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+LN_S = @LN_S@
+DEFS = @DEFS@ -DROKEN_RENAME -DLIBDIR='"$(libdir)"' @AFS_EXTRA_DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+PICFLAGS = @PICFLAGS@
+ 
+LIB_DEPS = @lib_deps_yes@ -lc
+build_symlink_command   = @build_symlink_command@
+install_symlink_command = @install_symlink_command@
+
+LIBNAME = $(LIBPREFIX)kafs
+LIBEXT = @LIBEXT@
+SHLIBEXT = @SHLIBEXT@
+LIBPREFIX = @LIBPREFIX@
+LDSHARED = @LDSHARED@
+AFS_EXTRA_OBJS	= @AFS_EXTRA_OBJS@
+AFS_EXTRA_LIBS	= @AFS_EXTRA_LIBS@
+LIB = $(LIBNAME).$(LIBEXT) $(AFS_EXTRA_LIBS)
+
+SOURCES = afssys.c afskrb.c common.c afslib.c
+
+EXTRA_SOURCE = issuid.c strlcpy.c strlcat.c
+
+EXTRA_OBJECT = issuid.o strlcpy.o strlcat.o
+
+OBJECTS = afssys.o afskrb.o common.o $(EXTRA_OBJECT) $(AFS_EXTRA_OBJS)
+
+all: $(LIB)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) -I. $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	@for i in $(LIB); do \
+	echo "$(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i" ;\
+	$(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i ; done
+	@install_symlink_command@
+
+uninstall:
+	@for i in $(LIB); do \
+	echo "rm -f $(DESTDIR)$(libdir)/$$i" ;\
+	rm -f $(DESTDIR)$(libdir)/$$i ; done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f $(LIB) *.o *.a *.so *.so.* so_locations $(EXTRA_SOURCE)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~ roken_rename.h
+
+realclean: distclean
+	rm -f TAGS
+
+$(LIBNAME).a: $(OBJECTS)
+	rm -f $@
+	$(AR) cr $@ $(OBJECTS)
+	-$(RANLIB) $@
+
+
+$(LIBNAME).$(SHLIBEXT): $(OBJECTS)
+	rm -f $@
+	$(LDSHARED) -o $@ $(OBJECTS) $(LIB_DEPS)
+	@build_symlink_command@
+
+# AIX: this almost works with gcc, but somehow it fails to use the
+# correct ld, use ld instead
+afslib.so: afslib.o
+	ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp @AFS_EXTRA_LD@ afslib.o -lc
+
+$(OBJECTS): ../../include/config.h roken_rename.h
+
+roken_rename.h:
+	$(LN_S) $(srcdir)/../krb/roken_rename.h .
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
+
+issuid.c:
+	$(LN_S) $(srcdir)/../roken/issuid.c .
+
+strlcat.c:
+	$(LN_S) $(srcdir)/../roken/strlcat.c .
+
+strlcpy.c:
+	$(LN_S) $(srcdir)/../roken/strlcpy.c .
+
diff --git a/crypto/kerberosIV/lib/kafs/README.dlfcn b/crypto/kerberosIV/lib/kafs/README.dlfcn
new file mode 100644
index 0000000..cee1b75
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/README.dlfcn
@@ -0,0 +1,246 @@
+Copyright (c) 1992,1993,1995,1996, Jens-Uwe Mager, Helios Software GmbH
+Not derived from licensed software.
+
+Permission is granted to freely use, copy, modify, and redistribute
+this software, provided that the author is not construed to be liable
+for any results of using the software, alterations are clearly marked
+as such, and this notice is not modified.
+
+libdl.a
+-------
+
+This is an emulation library to emulate the SunOS/System V.4 functions
+to access the runtime linker. The functions are emulated by using the
+AIX load() function and by reading the .loader section of the loaded
+module to find the exports. The to be loaded module should be linked as
+follows (if using AIX 3):
+
+	cc -o module.so -bM:SRE -bE:module.exp -e _nostart $(OBJS)
+
+For AIX 4:
+
+	cc -o module.so -bM:SRE -bE:module.exp -bnoentry $(OBJS)
+
+If you want to reference symbols from the main part of the program in a
+loaded module, you will have to link against the export file of the
+main part:
+
+	cc -o main -bE:main.exp $(MAIN_OBJS)
+	cc -o module.so -bM:SRE -bI:main.exp -bE:module.exp -bnoentry $(OBJS)
+
+Note that you explicitely have to specify what functions are supposed
+to be accessible from your loaded modules, this is different from
+SunOS/System V.4 where any global is automatically exported. If you
+want to export all globals, the following script might be of help:
+
+#!/bin/sh
+/usr/ucb/nm -g $* | awk '$2 == "B" || $2 == "D" { print $3 }'
+
+The module export file contains the symbols to be exported. Because
+this library uses the loader section, the final module.so file can be
+stripped. C++ users should build their shared objects using the script
+makeC++SharedLib (part of the IBM C++ compiler), this will make sure
+that constructors and destructors for static and global objects will be
+called upon loading and unloading the module. GNU C++ users should use
+the -shared option to g++ to link the shared object:
+
+	g++ -o module.so -shared $(OBJS)
+
+If the shared object does have permissions for anybody, the shared
+object will be loaded into the shared library segment and it will stay
+there even if the main application terminates. If you rebuild your
+shared object after a bugfix and you want to make sure that you really
+get the newest version you will have to use the "slibclean" command
+before starting the application again to garbage collect the shared
+library segment. If the performance utilities (bosperf) are installed
+you can use the following command to see what shared objects are
+loaded:
+
+/usr/lpp/bosperf/genkld | sort | uniq
+
+For easier debugging you can avoid loading the shared object into the
+shared library segment alltogether by removing permissions for others
+from the module.so file:
+
+chmod o-rwx module.so
+
+This will ensure you get a fresh copy of the shared object for every
+dlopen() call which is loaded into the application's data segment.
+
+Usage
+-----
+
+void *dlopen(const char *path, int mode);
+
+This routine loads the module pointed to by path and reads its export
+table. If the path does not contain a '/' character, dlopen will search
+for the module using the LIBPATH environment variable. It returns an
+opaque handle to the module or NULL on error. The mode parameter can be
+either RTLD_LAZY (for lazy function binding) or RTLD_NOW for immediate
+function binding. The AIX implementation currently does treat RTLD_NOW
+the same as RTLD_LAZY. The flag RTLD_GLOBAL might be or'ed into the
+mode parameter to allow loaded modules to bind to global variables or
+functions in other loaded modules loaded by dlopen(). If RTLD_GLOBAL is
+not specified, only globals from the main part of the executable or
+shared libraries are used to look for undefined symbols in loaded
+modules.
+
+
+void *dlsym(void *handle, const char *symbol);
+
+This routine searches for the symbol in the module referred to by
+handle and returns its address. If the symbol could not be found, the
+function returns NULL. The return value must be casted to a proper
+function pointer before it can be used. SunOS/System V.4 allows handle
+to be a NULL pointer to refer to the module the call is made from, this
+is not implemented.
+
+int dlclose(void *handle);
+
+This routine unloads the module referred to by the handle and disposes
+of any local storage. this function returns -1 on failure. Any function
+pointers obtained through dlsym() should be considered invalid after
+closing a module.
+
+As AIX caches shared objects in the shared library segment, function
+pointers obtained through dlsym() might still work even though the
+module has been unloaded. This can introduce subtle bugs that will
+segment fault later if AIX garbage collects or immediatly on
+SunOS/System V.4 as the text segment is unmapped.
+
+char *dlerror(void);
+
+This routine can be used to retrieve a text message describing the most
+recent error that occured on on of the above routines. This function
+returns NULL if there is no error information.
+
+Initialization and termination handlers
+---------------------------------------
+
+The emulation provides for an initialization and a termination
+handler.  The dlfcn.h file contains a structure declaration named
+dl_info with following members:
+
+	void (*init)(void);
+	void (*fini)(void);
+
+The init function is called upon first referencing the library. The
+fini function is called at dlclose() time or when the process exits.
+The module should declare a variable named dl_info that contains this
+structure which must be exported.  These functions correspond to the
+documented _init() and _fini() functions of SunOS 4.x, but these are
+appearently not implemented in SunOS.  When using SunOS 5.0, these
+correspond to #pragma init and #pragma fini respectively. At the same
+time any static or global C++ object's constructors or destructors will
+be called.
+
+BUGS
+----
+
+Please note that there is currently a problem with implicitely loaded
+shared C++ libaries: if you refer to a shared C++ library from a loaded
+module that is not yet used by the main program, the dlopen() emulator
+does not notice this and does not call the static constructors for the
+implicitely loaded library. This can be easily demonstrated by
+referencing the C++ standard streams from a loaded module if the main
+program is a plain C program.
+
+Jens-Uwe Mager
+
+HELIOS Software GmbH
+Lavesstr. 80
+30159 Hannover
+Germany
+
+Phone:		+49 511 36482-0
+FAX:		+49 511 36482-69
+AppleLink:	helios.de/jum
+Internet:	jum@helios.de
+
+Revison History
+---------------
+
+SCCS/s.dlfcn.h:
+
+D 1.4 95/04/25 09:36:52 jum 4 3	00018/00004/00028
+MRs:
+COMMENTS:
+added RTLD_GLOBAL, include and C++ guards
+
+D 1.3 92/12/27 20:58:32 jum 3 2	00001/00001/00031
+MRs:
+COMMENTS:
+we always have prototypes on RS/6000
+
+D 1.2 92/08/16 17:45:11 jum 2 1	00009/00000/00023
+MRs:
+COMMENTS:
+added dl_info structure to implement initialize and terminate functions
+
+D 1.1 92/08/02 18:08:45 jum 1 0	00023/00000/00000
+MRs:
+COMMENTS:
+Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum
+
+SCCS/s.dlfcn.c:
+
+D 1.11 96/04/10 20:12:51 jum 13 12	00037/00000/00533
+MRs:
+COMMENTS:
+Integrated the changes from John W. Eaton <jwe@bevo.che.wisc.edu> to initialize
+g++ generated shared objects.
+
+D 1.10 96/02/15 17:42:44 jum 12 10	00012/00007/00521
+MRs:
+COMMENTS:
+the C++ constructor and destructor chains are now called properly for either
+xlC 2 or xlC 3 (CSet++).
+
+D 1.9 95/09/22 11:09:38 markus 10 9	00001/00008/00527
+MRs:
+COMMENTS:
+Fix version number
+
+D 1.8 95/09/22 10:14:34 markus 9 8	00008/00001/00527
+MRs:
+COMMENTS:
+Added version number for dl lib
+
+D 1.7 95/08/14 19:08:38 jum 8 6	00026/00004/00502
+MRs:
+COMMENTS:
+Integrated the fixes from Kirk Benell (kirk@rsinc.com) to allow loading of
+shared objects generated under AIX 4. Fixed bug that symbols with exactly
+8 characters would use garbage characters from the following symbol value.
+
+D 1.6 95/04/25 09:38:03 jum 6 5	00046/00006/00460
+MRs:
+COMMENTS:
+added handling of C++ static constructors and destructors, added RTLD_GLOBAL to bind against other loaded modules
+
+D 1.5 93/02/14 20:14:17 jum 5 4	00002/00000/00464
+MRs:
+COMMENTS:
+added path to dlopen error message to make clear where there error occured.
+
+D 1.4 93/01/03 19:13:56 jum 4 3	00061/00005/00403
+MRs:
+COMMENTS:
+to allow calling symbols in the main module call load with L_NOAUTODEFER and 
+do a loadbind later with the main module.
+
+D 1.3 92/12/27 20:59:55 jum 3 2	00066/00008/00342
+MRs:
+COMMENTS:
+added search by L_GETINFO if module got loaded by LIBPATH
+
+D 1.2 92/08/16 17:45:43 jum 2 1	00074/00006/00276
+MRs:
+COMMENTS:
+implemented initialize and terminate functions, added reference counting to avoid multiple loads of the same library
+
+D 1.1 92/08/02 18:08:45 jum 1 0	00282/00000/00000
+MRs:
+COMMENTS:
+Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum
+
diff --git a/crypto/kerberosIV/lib/kafs/afskrb.c b/crypto/kerberosIV/lib/kafs/afskrb.c
new file mode 100644
index 0000000..805750d
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/afskrb.c
@@ -0,0 +1,139 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: afskrb.c,v 1.13 1999/12/02 16:58:39 joda Exp $");
+
+struct krb_kafs_data {
+    const char *realm;
+};
+
+static int
+get_cred(kafs_data *data, const char *name, const char *inst, 
+	 const char *realm, CREDENTIALS *c)
+{
+    KTEXT_ST tkt;
+    int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c);
+    
+    if (ret) {
+	ret = krb_mk_req(&tkt, (char*)name, (char*)inst, (char*)realm, 0);
+	if (ret == KSUCCESS)
+	    ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c);
+    }
+    return ret;
+}
+
+static int
+afslog_uid_int(kafs_data *data,
+	       const char *cell,
+	       const char *realm_hint,
+	       uid_t uid,
+	       const char *homedir)
+{
+    int ret;
+    CREDENTIALS c;
+    char realm[REALM_SZ];
+    
+    if (cell == 0 || cell[0] == 0)
+	return _kafs_afslog_all_local_cells (data, uid, homedir);
+
+    /* Extract realm from ticket file. */
+    {
+        char name[ANAME_SZ], inst[INST_SZ];
+
+	ret = krb_get_default_principal(name, inst, realm);
+	if (ret != KSUCCESS)
+	    return ret;
+    }
+
+    ret = _kafs_get_cred(data, cell, realm_hint, realm, &c);
+    
+    if (ret == 0)
+	ret = kafs_settoken(cell, uid, &c);
+    return ret;
+}
+
+static char *
+get_realm(kafs_data *data, const char *host)
+{
+    char *r = krb_realmofhost(host);
+    if(r != NULL)
+	return strdup(r);
+    else
+	return NULL;
+}
+
+int
+krb_afslog_uid_home(const char *cell, const char *realm_hint, uid_t uid,
+		    const char *homedir)
+{
+    kafs_data kd;
+
+    kd.afslog_uid = afslog_uid_int;
+    kd.get_cred = get_cred;
+    kd.get_realm = get_realm;
+    kd.data = 0;
+    return afslog_uid_int(&kd, cell, realm_hint, uid, homedir);
+}
+
+int
+krb_afslog_uid(const char *cell, const char *realm_hint, uid_t uid)
+{
+    return krb_afslog_uid_home(cell, realm_hint, uid, NULL);
+}
+
+int
+krb_afslog(const char *cell, const char *realm_hint)
+{
+    return krb_afslog_uid(cell, realm_hint, getuid());
+}
+
+int
+krb_afslog_home(const char *cell, const char *realm_hint, const char *homedir)
+{
+    return krb_afslog_uid_home(cell, realm_hint, getuid(), homedir);
+}
+
+/*
+ *
+ */
+
+int
+krb_realm_of_cell(const char *cell, char **realm)
+{
+    kafs_data kd;
+
+    kd.get_realm = get_realm;
+    return _kafs_realm_of_cell(&kd, cell, realm);
+}
diff --git a/crypto/kerberosIV/lib/kafs/afskrb5.c b/crypto/kerberosIV/lib/kafs/afskrb5.c
new file mode 100644
index 0000000..4c35ea7
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/afskrb5.c
@@ -0,0 +1,179 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: afskrb5.c,v 1.13 1999/12/02 16:58:39 joda Exp $");
+
+struct krb5_kafs_data {
+    krb5_context context;
+    krb5_ccache id;
+    krb5_const_realm realm;
+};
+
+static int
+get_cred(kafs_data *data, const char *name, const char *inst, 
+	 const char *realm, CREDENTIALS *c)
+{
+    krb5_error_code ret;
+    krb5_creds in_creds, *out_creds;
+    struct krb5_kafs_data *d = data->data;
+
+    memset(&in_creds, 0, sizeof(in_creds));
+    ret = krb5_425_conv_principal(d->context, name, inst, realm, 
+				  &in_creds.server);
+    if(ret)
+	return ret;
+    ret = krb5_cc_get_principal(d->context, d->id, &in_creds.client);
+    if(ret){
+	krb5_free_principal(d->context, in_creds.server);
+	return ret;
+    }
+    in_creds.session.keytype = KEYTYPE_DES;
+    ret = krb5_get_credentials(d->context, 0, d->id, &in_creds, &out_creds);
+    krb5_free_principal(d->context, in_creds.server);
+    krb5_free_principal(d->context, in_creds.client);
+    if(ret)
+	return ret;
+    ret = krb524_convert_creds_kdc(d->context, d->id, out_creds, c);
+    krb5_free_creds(d->context, out_creds);
+    return ret;
+}
+
+static krb5_error_code
+afslog_uid_int(kafs_data *data, const char *cell, const char *rh, uid_t uid,
+	       const char *homedir)
+{
+    krb5_error_code ret;
+    CREDENTIALS c;
+    krb5_principal princ;
+    krb5_realm *trealm; /* ticket realm */
+    struct krb5_kafs_data *d = data->data;
+    
+    if (cell == 0 || cell[0] == 0)
+	return _kafs_afslog_all_local_cells (data, uid, homedir);
+
+    ret = krb5_cc_get_principal (d->context, d->id, &princ);
+    if (ret)
+	return ret;
+
+    trealm = krb5_princ_realm (d->context, princ);
+
+    if (d->realm != NULL && strcmp (d->realm, *trealm) == 0) {
+	trealm = NULL;
+	krb5_free_principal (d->context, princ);
+    }
+
+    ret = _kafs_get_cred(data, cell, d->realm, *trealm, &c);
+    if(trealm)
+	krb5_free_principal (d->context, princ);
+    
+    if(ret == 0)
+	ret = kafs_settoken(cell, uid, &c);
+    return ret;
+}
+
+static char *
+get_realm(kafs_data *data, const char *host)
+{
+    struct krb5_kafs_data *d = data->data;
+    krb5_realm *realms;
+    char *r;
+    if(krb5_get_host_realm(d->context, host, &realms))
+	return NULL;
+    r = strdup(realms[0]);
+    krb5_free_host_realm(d->context, realms);
+    return r;
+}
+
+krb5_error_code
+krb5_afslog_uid_home(krb5_context context,
+		     krb5_ccache id,
+		     const char *cell,
+		     krb5_const_realm realm,
+		     uid_t uid,
+		     const char *homedir)
+{
+    kafs_data kd;
+    struct krb5_kafs_data d;
+    kd.afslog_uid = afslog_uid_int;
+    kd.get_cred = get_cred;
+    kd.get_realm = get_realm;
+    kd.data = &d;
+    d.context = context;
+    d.id = id;
+    d.realm = realm;
+    return afslog_uid_int(&kd, cell, 0, uid, homedir);
+}
+
+krb5_error_code
+krb5_afslog_uid(krb5_context context,
+		krb5_ccache id,
+		const char *cell,
+		krb5_const_realm realm,
+		uid_t uid)
+{
+    return krb5_afslog_uid_home (context, id, cell, realm, uid, NULL);
+}
+
+krb5_error_code
+krb5_afslog(krb5_context context,
+	    krb5_ccache id, 
+	    const char *cell,
+	    krb5_const_realm realm)
+{
+    return krb5_afslog_uid (context, id, cell, realm, getuid());
+}
+
+krb5_error_code
+krb5_afslog_home(krb5_context context,
+		 krb5_ccache id, 
+		 const char *cell,
+		 krb5_const_realm realm,
+		 const char *homedir)
+{
+    return krb5_afslog_uid_home (context, id, cell, realm, getuid(), homedir);
+}
+
+/*
+ *
+ */
+
+krb5_error_code
+krb5_realm_of_cell(const char *cell, char **realm)
+{
+    kafs_data kd;
+
+    kd.get_realm = get_realm;
+    return _kafs_realm_of_cell(&kd, cell, realm);
+}
diff --git a/crypto/kerberosIV/lib/kafs/afsl.exp b/crypto/kerberosIV/lib/kafs/afsl.exp
new file mode 100644
index 0000000..4d2b00e
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/afsl.exp
@@ -0,0 +1,6 @@
+#!/unix
+
+* This mumbo jumbo creates entry points to syscalls in _AIX
+
+lpioctl	syscall
+lsetpag	syscall
diff --git a/crypto/kerberosIV/lib/kafs/afslib.c b/crypto/kerberosIV/lib/kafs/afslib.c
new file mode 100644
index 0000000..ae3b5a5
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/afslib.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* 
+ * This file is only used with AIX 
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: afslib.c,v 1.6 1999/12/02 16:58:40 joda Exp $");
+
+int
+aix_pioctl(char *a_path,
+	   int o_opcode,
+	   struct ViceIoctl *a_paramsP,
+	   int a_followSymlinks)
+{
+    return lpioctl(a_path, o_opcode, a_paramsP, a_followSymlinks);
+}
+
+int
+aix_setpag(void)
+{
+    return lsetpag();
+}
diff --git a/crypto/kerberosIV/lib/kafs/afslib.exp b/crypto/kerberosIV/lib/kafs/afslib.exp
new file mode 100644
index 0000000..f288717
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/afslib.exp
@@ -0,0 +1,3 @@
+#!
+aix_pioctl
+aix_setpag
diff --git a/crypto/kerberosIV/lib/kafs/afssys.c b/crypto/kerberosIV/lib/kafs/afssys.c
new file mode 100644
index 0000000..d49a65a
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/afssys.c
@@ -0,0 +1,395 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: afssys.c,v 1.65 1999/12/02 16:58:40 joda Exp $");
+
+int _kafs_debug; /* this should be done in a better way */
+
+#define NO_ENTRY_POINT		0
+#define SINGLE_ENTRY_POINT	1
+#define MULTIPLE_ENTRY_POINT	2
+#define SINGLE_ENTRY_POINT2	3
+#define SINGLE_ENTRY_POINT3	4
+#define AIX_ENTRY_POINTS	5
+#define UNKNOWN_ENTRY_POINT	6
+static int afs_entry_point = UNKNOWN_ENTRY_POINT;
+static int afs_syscalls[2];
+
+/* Magic to get AIX syscalls to work */
+#ifdef _AIX
+
+static int (*Pioctl)(char*, int, struct ViceIoctl*, int);
+static int (*Setpag)(void);
+
+#include "dlfcn.h"
+
+/*
+ *
+ */
+
+static int
+try_aix(void)
+{
+#ifdef STATIC_AFS_SYSCALLS
+    Pioctl = aix_pioctl;
+    Setpag = aix_setpag;
+#else
+    void *ptr;
+    char path[MaxPathLen], *p;
+    /*
+     * If we are root or running setuid don't trust AFSLIBPATH!
+     */
+    if (getuid() != 0 && !issuid() && (p = getenv("AFSLIBPATH")) != NULL)
+	strlcpy(path, p, sizeof(path));
+    else
+	snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR);
+	
+    ptr = dlopen(path, RTLD_NOW);
+    if(ptr == NULL) {
+	if(_kafs_debug) {
+	    if(errno == ENOEXEC && (p = dlerror()) != NULL)
+		fprintf(stderr, "dlopen(%s): %s\n", path, p);
+	    else if (errno != ENOENT)
+		fprintf(stderr, "dlopen(%s): %s\n", path, strerror(errno));
+	}
+	return 1;
+    }
+    Setpag = (int (*)(void))dlsym(ptr, "aix_setpag");
+    Pioctl = (int (*)(char*, int, 
+		      struct ViceIoctl*, int))dlsym(ptr, "aix_pioctl");
+#endif
+    afs_entry_point = AIX_ENTRY_POINTS;
+    return 0;
+}
+#endif /* _AIX */
+
+/* 
+ * This probably only works under Solaris and could get confused if
+ * there's a /etc/name_to_sysnum file.  
+ */
+
+#define _PATH_ETC_NAME_TO_SYSNUM "/etc/name_to_sysnum"
+
+static int
+map_syscall_name_to_number (const char *str, int *res)
+{
+    FILE *f;
+    char buf[256];
+    size_t str_len = strlen (str);
+
+    f = fopen (_PATH_ETC_NAME_TO_SYSNUM, "r");
+    if (f == NULL)
+	return -1;
+    while (fgets (buf, sizeof(buf), f) != NULL) {
+	if (strncmp (str, buf, str_len) == 0) {
+	    char *begptr = buf + str_len;
+	    char *endptr;
+	    long val = strtol (begptr, &endptr, 0);
+
+	    if (val != 0 && endptr != begptr) {
+		fclose (f);
+		*res = val;
+		return 0;
+	    }
+	}
+    }
+    fclose (f);
+    return -1;
+}
+
+int
+k_pioctl(char *a_path,
+	 int o_opcode,
+	 struct ViceIoctl *a_paramsP,
+	 int a_followSymlinks)
+{
+#ifndef NO_AFS
+    switch(afs_entry_point){
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+    case SINGLE_ENTRY_POINT:
+    case SINGLE_ENTRY_POINT2:
+    case SINGLE_ENTRY_POINT3:
+	return syscall(afs_syscalls[0], AFSCALL_PIOCTL,
+		       a_path, o_opcode, a_paramsP, a_followSymlinks);
+#endif
+#if defined(AFS_PIOCTL)
+    case MULTIPLE_ENTRY_POINT:
+	return syscall(afs_syscalls[0],
+		       a_path, o_opcode, a_paramsP, a_followSymlinks);
+#endif
+#ifdef _AIX
+    case AIX_ENTRY_POINTS:
+	return Pioctl(a_path, o_opcode, a_paramsP, a_followSymlinks);
+#endif
+    }
+    
+    errno = ENOSYS;
+#ifdef SIGSYS
+    kill(getpid(), SIGSYS);	/* You loose! */
+#endif
+#endif /* NO_AFS */
+    return -1;
+}
+
+int
+k_afs_cell_of_file(const char *path, char *cell, int len)
+{
+    struct ViceIoctl parms;
+    parms.in = NULL;
+    parms.in_size = 0;
+    parms.out = cell;
+    parms.out_size = len;
+    return k_pioctl((char*)path, VIOC_FILE_CELL_NAME, &parms, 1);
+}
+
+int
+k_unlog(void)
+{
+    struct ViceIoctl parms;
+    memset(&parms, 0, sizeof(parms));
+    return k_pioctl(0, VIOCUNLOG, &parms, 0);
+}
+
+int
+k_setpag(void)
+{
+#ifndef NO_AFS
+    switch(afs_entry_point){
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+    case SINGLE_ENTRY_POINT:
+    case SINGLE_ENTRY_POINT2:
+    case SINGLE_ENTRY_POINT3:
+	return syscall(afs_syscalls[0], AFSCALL_SETPAG);
+#endif
+#if defined(AFS_PIOCTL)
+    case MULTIPLE_ENTRY_POINT:
+	return syscall(afs_syscalls[1]);
+#endif
+#ifdef _AIX
+    case AIX_ENTRY_POINTS:
+	return Setpag();
+#endif
+    }
+    
+    errno = ENOSYS;
+#ifdef SIGSYS
+    kill(getpid(), SIGSYS);	/* You loose! */
+#endif
+#endif /* NO_AFS */
+    return -1;
+}
+
+static jmp_buf catch_SIGSYS;
+
+#ifdef SIGSYS
+
+static RETSIGTYPE
+SIGSYS_handler(int sig)
+{
+    errno = 0;
+    signal(SIGSYS, SIGSYS_handler); /* Need to reinstall handler on SYSV */
+    longjmp(catch_SIGSYS, 1);
+}
+
+#endif
+
+/*
+ * Try to see if `syscall' is a pioctl.  Return 0 iff succesful.
+ */
+
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+static int
+try_one (int syscall_num)
+{
+    struct ViceIoctl parms;
+    memset(&parms, 0, sizeof(parms));
+
+    if (setjmp(catch_SIGSYS) == 0) {
+	syscall(syscall_num, AFSCALL_PIOCTL,
+		0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+	if (errno == EINVAL) {
+	    afs_entry_point = SINGLE_ENTRY_POINT;
+	    afs_syscalls[0] = syscall_num;
+	    return 0;
+	}
+    }
+    return 1;
+}
+#endif
+
+/*
+ * Try to see if `syscall_pioctl' is a pioctl syscall.  Return 0 iff
+ * succesful.
+ *
+ */
+
+#ifdef AFS_PIOCTL
+static int
+try_two (int syscall_pioctl, int syscall_setpag)
+{
+    struct ViceIoctl parms;
+    memset(&parms, 0, sizeof(parms));
+
+    if (setjmp(catch_SIGSYS) == 0) {
+	syscall(syscall_pioctl,
+		0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+	if (errno == EINVAL) {
+	    afs_entry_point = MULTIPLE_ENTRY_POINT;
+	    afs_syscalls[0] = syscall_pioctl;
+	    afs_syscalls[1] = syscall_setpag;
+	    return 0;
+	}
+    }
+    return 1;
+}
+#endif
+
+int
+k_hasafs(void)
+{
+#if !defined(NO_AFS) && defined(SIGSYS)
+    RETSIGTYPE (*saved_func)();
+#endif
+    int saved_errno;
+    char *env = getenv ("AFS_SYSCALL");
+  
+    /*
+     * Already checked presence of AFS syscalls?
+     */
+    if (afs_entry_point != UNKNOWN_ENTRY_POINT)
+	return afs_entry_point != NO_ENTRY_POINT;
+
+    /*
+     * Probe kernel for AFS specific syscalls,
+     * they (currently) come in two flavors.
+     * If the syscall is absent we recive a SIGSYS.
+     */
+    afs_entry_point = NO_ENTRY_POINT;
+  
+    saved_errno = errno;
+#ifndef NO_AFS
+#ifdef SIGSYS
+    saved_func = signal(SIGSYS, SIGSYS_handler);
+#endif
+
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+    {
+	int tmp;
+
+	if (env != NULL) {
+	    if (sscanf (env, "%d", &tmp) == 1) {
+		if (try_one (tmp) == 0)
+		    goto done;
+	    } else {
+		char *end = NULL;
+		char *p;
+		char *s = strdup (env);
+
+		if (s != NULL) {
+		    for (p = strtok_r (s, ",", &end);
+			 p != NULL;
+			 p = strtok_r (NULL, ",", &end)) {
+			if (map_syscall_name_to_number (p, &tmp) == 0)
+			    if (try_one (tmp) == 0) {
+				free (s);
+				goto done;
+			    }
+		    }
+		    free (s);
+		}
+	    }
+	}
+    }
+#endif /* AFS_SYSCALL || AFS_SYSCALL2 || AFS_SYSCALL3 */
+
+#ifdef AFS_SYSCALL
+    if (try_one (AFS_SYSCALL) == 0)
+	goto done;
+#endif /* AFS_SYSCALL */
+
+#ifdef AFS_PIOCTL
+    {
+	int tmp[2];
+
+	if (env != NULL && sscanf (env, "%d%d", &tmp[0], &tmp[1]) == 2)
+	    if (try_two (tmp[0], tmp[1]) == 2)
+		goto done;
+    }
+#endif /* AFS_PIOCTL */
+
+#ifdef AFS_PIOCTL
+    if (try_two (AFS_PIOCTL, AFS_SETPAG) == 0)
+	goto done;
+#endif /* AFS_PIOCTL */
+
+#ifdef AFS_SYSCALL2
+    if (try_one (AFS_SYSCALL2) == 0)
+	goto done;
+#endif /* AFS_SYSCALL2 */
+
+#ifdef AFS_SYSCALL3
+    if (try_one (AFS_SYSCALL3) == 0)
+	goto done;
+#endif /* AFS_SYSCALL3 */
+
+#ifdef _AIX
+#if 0
+    if (env != NULL) {
+	char *pos = NULL;
+	char *pioctl_name;
+	char *setpag_name;
+
+	pioctl_name = strtok_r (env, ", \t", &pos);
+	if (pioctl_name != NULL) {
+	    setpag_name = strtok_r (NULL, ", \t", &pos);
+	    if (setpag_name != NULL)
+		if (try_aix (pioctl_name, setpag_name) == 0)
+		    goto done;
+	}
+    }
+#endif
+
+    if(try_aix() == 0)
+	goto done;
+#endif
+
+done:
+#ifdef SIGSYS
+    signal(SIGSYS, saved_func);
+#endif
+#endif /* NO_AFS */
+    errno = saved_errno;
+    return afs_entry_point != NO_ENTRY_POINT;
+}
diff --git a/crypto/kerberosIV/lib/kafs/afssysdefs.h b/crypto/kerberosIV/lib/kafs/afssysdefs.h
new file mode 100644
index 0000000..574b33f
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/afssysdefs.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: afssysdefs.h,v 1.21 1999/12/02 16:58:40 joda Exp $ */
+
+/*
+ * This section is for machines using single entry point AFS syscalls!
+ * and/or
+ * This section is for machines using multiple entry point AFS syscalls!
+ *
+ * SunOS 4 is an example of single entry point and sgi of multiple
+ * entry point syscalls.
+ */
+
+#if SunOS == 40
+#define AFS_SYSCALL	31
+#endif
+
+#if SunOS >= 50 && SunOS < 57
+#define AFS_SYSCALL	105
+#endif
+
+#if SunOS == 57
+#define AFS_SYSCALL	73
+#endif
+
+#if defined(__hpux)
+#define AFS_SYSCALL	50
+#define AFS_SYSCALL2	49
+#define AFS_SYSCALL3	48
+#endif
+
+#if defined(_AIX)
+/* _AIX is too weird */
+#endif
+
+#if defined(__sgi)
+#define AFS_PIOCTL      (64+1000)
+#define AFS_SETPAG      (65+1000)
+#endif
+
+#if defined(__osf__)
+#define AFS_SYSCALL	232
+#define AFS_SYSCALL2	258
+#endif
+
+#if defined(__ultrix)
+#define AFS_SYSCALL	31
+#endif
+
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
+#define AFS_SYSCALL 210
+#endif
+
+#ifdef SYS_afs_syscall
+#define AFS_SYSCALL3	SYS_afs_syscall
+#endif
diff --git a/crypto/kerberosIV/lib/kafs/common.c b/crypto/kerberosIV/lib/kafs/common.c
new file mode 100644
index 0000000..207b9b6
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/common.c
@@ -0,0 +1,396 @@
+/*
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: common.c,v 1.19 1999/12/02 16:58:40 joda Exp $");
+
+#define AUTH_SUPERUSER "afs"
+
+/*
+ * Here only ASCII characters are relevant.
+ */
+
+#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z')
+
+#define ToAsciiUpper(c) ((c) - 'a' + 'A')
+
+static void
+foldup(char *a, const char *b)
+{
+  for (; *b; a++, b++)
+    if (IsAsciiLower(*b))
+      *a = ToAsciiUpper(*b);
+    else
+      *a = *b;
+  *a = '\0';
+}
+
+int
+kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c)
+{
+    struct ViceIoctl parms;
+    struct ClearToken ct;
+    int32_t sizeof_x;
+    char buf[2048], *t;
+    int ret;
+    
+    /*
+     * Build a struct ClearToken
+     */
+    ct.AuthHandle = c->kvno;
+    memcpy (ct.HandShakeKey, c->session, sizeof(c->session));
+    ct.ViceId = uid;
+    ct.BeginTimestamp = c->issue_date;
+    ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime);
+    if(ct.EndTimestamp < time(NULL))
+	return 0; /* don't store tokens that has expired (and possibly
+		     overwriting valid tokens)*/
+
+#define ODD(x) ((x) & 1)
+    /* According to Transarc conventions ViceId is valid iff
+     * (EndTimestamp - BeginTimestamp) is odd. By decrementing EndTime
+     * the transformations:
+     *
+     * (issue_date, life) -> (StartTime, EndTime) -> (issue_date, life)
+     * preserves the original values.
+     */
+    if (uid != 0)		/* valid ViceId */
+      {
+	if (!ODD(ct.EndTimestamp - ct.BeginTimestamp))
+	  ct.EndTimestamp--;
+      }
+    else			/* not valid ViceId */
+      {
+	if (ODD(ct.EndTimestamp - ct.BeginTimestamp))
+	  ct.EndTimestamp--;
+      }
+
+    t = buf;
+    /*
+     * length of secret token followed by secret token
+     */
+    sizeof_x = c->ticket_st.length;
+    memcpy(t, &sizeof_x, sizeof(sizeof_x));
+    t += sizeof(sizeof_x);
+    memcpy(t, c->ticket_st.dat, sizeof_x);
+    t += sizeof_x;
+    /*
+     * length of clear token followed by clear token
+     */
+    sizeof_x = sizeof(ct);
+    memcpy(t, &sizeof_x, sizeof(sizeof_x));
+    t += sizeof(sizeof_x);
+    memcpy(t, &ct, sizeof_x);
+    t += sizeof_x;
+
+    /*
+     * do *not* mark as primary cell
+     */
+    sizeof_x = 0;
+    memcpy(t, &sizeof_x, sizeof(sizeof_x));
+    t += sizeof(sizeof_x);
+    /*
+     * follow with cell name
+     */
+    sizeof_x = strlen(cell) + 1;
+    memcpy(t, cell, sizeof_x);
+    t += sizeof_x;
+
+    /*
+     * Build argument block
+     */
+    parms.in = buf;
+    parms.in_size = t - buf;
+    parms.out = 0;
+    parms.out_size = 0;
+    ret = k_pioctl(0, VIOCSETTOK, &parms, 0);
+    return ret;
+}
+
+/* Try to get a db-server for an AFS cell from a AFSDB record */
+
+static int
+dns_find_cell(const char *cell, char *dbserver, size_t len)
+{
+    struct dns_reply *r;
+    int ok = -1;
+    r = dns_lookup(cell, "afsdb");
+    if(r){
+	struct resource_record *rr = r->head;
+	while(rr){
+	    if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){
+		strlcpy(dbserver,
+				rr->u.afsdb->domain,
+				len);
+		ok = 0;
+		break;
+	    }
+	    rr = rr->next;
+	}
+	dns_free_data(r);
+    }
+    return ok;
+}
+
+
+/*
+ * Try to find the cells we should try to klog to in "file".
+ */
+static void
+find_cells(char *file, char ***cells, int *index)
+{
+    FILE *f;
+    char cell[64];
+    int i;
+    int ind = *index;
+
+    f = fopen(file, "r");
+    if (f == NULL)
+	return;
+    while (fgets(cell, sizeof(cell), f)) {
+	char *t;
+	t = cell + strlen(cell);
+	for (; t >= cell; t--)
+	  if (*t == '\n' || *t == '\t' || *t == ' ')
+	    *t = 0;
+	if (cell[0] == '\0' || cell[0] == '#')
+	    continue;
+	for(i = 0; i < ind; i++)
+	    if(strcmp((*cells)[i], cell) == 0)
+		break;
+	if(i == ind){
+	    char **tmp;
+
+	    tmp = realloc(*cells, (ind + 1) * sizeof(**cells));
+	    if (tmp == NULL)
+		break;
+	    *cells = tmp;
+	    (*cells)[ind] = strdup(cell);
+	    if ((*cells)[ind] == NULL)
+		break;
+	    ++ind;
+	}
+    }
+    fclose(f);
+    *index = ind;
+}
+
+/*
+ * Get tokens for all cells[]
+ */
+static int
+afslog_cells(kafs_data *data, char **cells, int max, uid_t uid,
+	     const char *homedir)
+{
+    int ret = 0;
+    int i;
+    for (i = 0; i < max; i++) {
+        int er = (*data->afslog_uid)(data, cells[i], 0, uid, homedir);
+	if (er)
+	    ret = er;
+    }
+    return ret;
+}
+
+int
+_kafs_afslog_all_local_cells(kafs_data *data, uid_t uid, const char *homedir)
+{
+    int ret;
+    char **cells = NULL;
+    int index = 0;
+
+    if (homedir == NULL)
+	homedir = getenv("HOME");
+    if (homedir != NULL) {
+	char home[MaxPathLen];
+	snprintf(home, sizeof(home), "%s/.TheseCells", homedir);
+	find_cells(home, &cells, &index);
+    }
+    find_cells(_PATH_THESECELLS, &cells, &index);
+    find_cells(_PATH_THISCELL, &cells, &index);
+    find_cells(_PATH_ARLA_THESECELLS, &cells, &index);
+    find_cells(_PATH_ARLA_THISCELL, &cells, &index);
+    
+    ret = afslog_cells(data, cells, index, uid, homedir);
+    while(index > 0)
+	free(cells[--index]);
+    free(cells);
+    return ret;
+}
+
+
+/* Find the realm associated with cell. Do this by opening
+   /usr/vice/etc/CellServDB and getting the realm-of-host for the
+   first VL-server for the cell.
+
+   This does not work when the VL-server is living in one realm, but
+   the cell it is serving is living in another realm.
+
+   Return 0 on success, -1 otherwise.
+   */
+
+int
+_kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm)
+{
+    FILE *F;
+    char buf[1024];
+    char *p;
+    int ret = -1;
+
+    if ((F = fopen(_PATH_CELLSERVDB, "r"))
+	|| (F = fopen(_PATH_ARLA_CELLSERVDB, "r"))) {
+	while (fgets(buf, sizeof(buf), F)) {
+	    if (buf[0] != '>')
+		continue; /* Not a cell name line, try next line */
+	    if (strncmp(buf + 1, cell, strlen(cell)) == 0) {
+		/*
+		 * We found the cell name we're looking for.
+		 * Read next line on the form ip-address '#' hostname
+		 */
+		if (fgets(buf, sizeof(buf), F) == NULL)
+		    break;	/* Read failed, give up */
+		p = strchr(buf, '#');
+		if (p == NULL)
+		    break;	/* No '#', give up */
+		p++;
+		if (buf[strlen(buf) - 1] == '\n')
+		    buf[strlen(buf) - 1] = '\0';
+		*realm = (*data->get_realm)(data, p);
+		if (*realm && **realm != '\0')
+		    ret = 0;
+		break;		/* Won't try any more */
+	    }
+	}
+	fclose(F);
+    }
+    if (*realm == NULL && dns_find_cell(cell, buf, sizeof(buf)) == 0) {
+	*realm = strdup(krb_realmofhost(buf));
+	if(*realm != NULL)
+	    ret = 0;
+    }
+    return ret;
+}
+
+int
+_kafs_get_cred(kafs_data *data,
+	      const char *cell, 
+	      const char *realm_hint,
+	      const char *realm,
+	      CREDENTIALS *c)
+{
+    int ret = -1;
+    char *vl_realm;
+    char CELL[64];
+
+    /* We're about to find the the realm that holds the key for afs in
+     * the specified cell. The problem is that null-instance
+     * afs-principals are common and that hitting the wrong realm might
+     * yield the wrong afs key. The following assumptions were made.
+     *
+     * Any realm passed to us is preferred.
+     *
+     * If there is a realm with the same name as the cell, it is most
+     * likely the correct realm to talk to.
+     *
+     * In most (maybe even all) cases the database servers of the cell
+     * will live in the realm we are looking for.
+     *
+     * Try the local realm, but if the previous cases fail, this is
+     * really a long shot.
+     *
+     */
+  
+    /* comments on the ordering of these tests */
+
+    /* If the user passes a realm, she probably knows something we don't
+     * know and we should try afs@realm_hint (otherwise we're talking with a
+     * blondino and she might as well have it.)
+     */
+  
+    if (realm_hint) {
+	ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, realm_hint, c);
+	if (ret == 0) return 0;
+	ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", realm_hint, c);
+	if (ret == 0) return 0;
+    }
+
+    foldup(CELL, cell);
+
+    /*
+     * If cell == realm we don't need no cross-cell authentication.
+     * Try afs@REALM.
+     */
+    if (strcmp(CELL, realm) == 0) {
+        ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", realm, c);
+	if (ret == 0) return 0;
+	/* Try afs.cell@REALM below. */
+    }
+
+    /*
+     * If the AFS servers have a file /usr/afs/etc/krb.conf containing
+     * REALM we still don't have to resort to cross-cell authentication.
+     * Try afs.cell@REALM.
+     */
+    ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, realm, c);
+    if (ret == 0) return 0;
+
+    /*
+     * We failed to get ``first class tickets'' for afs,
+     * fall back to cross-cell authentication.
+     * Try afs@CELL.
+     * Try afs.cell@CELL.
+     */
+    ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", CELL, c);
+    if (ret == 0) return 0;
+    ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, CELL, c);
+    if (ret == 0) return 0;
+
+    /*
+     * Perhaps the cell doesn't correspond to any realm?
+     * Use realm of first volume location DB server.
+     * Try afs.cell@VL_REALM.
+     * Try afs@VL_REALM???
+     */
+    if (_kafs_realm_of_cell(data, cell, &vl_realm) == 0
+	&& strcmp(vl_realm, realm) != 0
+	&& strcmp(vl_realm, CELL) != 0) {
+	ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, vl_realm, c);
+	if (ret)
+	    ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", vl_realm, c);
+	free(vl_realm);
+	if (ret == 0) return 0;
+    }
+
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/kafs/dlfcn.c b/crypto/kerberosIV/lib/kafs/dlfcn.c
new file mode 100644
index 0000000..e664fe3
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/dlfcn.c
@@ -0,0 +1,581 @@
+/*
+ * @(#)dlfcn.c	1.11 revision of 96/04/10  20:12:51
+ * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH
+ * 30159 Hannover, Germany
+ */
+
+/*
+ * Changes marked with `--jwe' were made on April 7 1996 by John W. Eaton
+ * <jwe@bevo.che.wisc.edu> to support g++ and/or use with Octave.
+ */
+
+/*
+ * This makes my life easier with Octave.  --jwe
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/ldr.h>
+#include <a.out.h>
+#include <ldfcn.h>
+#include "dlfcn.h"
+
+/*
+ * We simulate dlopen() et al. through a call to load. Because AIX has
+ * no call to find an exported symbol we read the loader section of the
+ * loaded module and build a list of exported symbols and their virtual
+ * address.
+ */
+
+typedef struct {
+	char		*name;		/* the symbols's name */
+	void		*addr;		/* its relocated virtual address */
+} Export, *ExportPtr;
+
+/*
+ * xlC uses the following structure to list its constructors and
+ * destructors. This is gleaned from the output of munch.
+ */
+typedef struct {
+	void (*init)(void);		/* call static constructors */
+	void (*term)(void);		/* call static destructors */
+} Cdtor, *CdtorPtr;
+
+typedef void (*GccCDtorPtr)(void);
+
+/*
+ * The void * handle returned from dlopen is actually a ModulePtr.
+ */
+typedef struct Module {
+	struct Module	*next;
+	char		*name;		/* module name for refcounting */
+	int		refCnt;		/* the number of references */
+	void		*entry;		/* entry point from load */
+	struct dl_info	*info;		/* optional init/terminate functions */
+	CdtorPtr	cdtors;		/* optional C++ constructors */
+	GccCDtorPtr	gcc_ctor;	/* g++ constructors  --jwe */
+	GccCDtorPtr	gcc_dtor;	/* g++ destructors  --jwe */
+	int		nExports;	/* the number of exports found */
+	ExportPtr	exports;	/* the array of exports */
+} Module, *ModulePtr;
+
+/*
+ * We keep a list of all loaded modules to be able to call the fini
+ * handlers and destructors at atexit() time.
+ */
+static ModulePtr modList;
+
+/*
+ * The last error from one of the dl* routines is kept in static
+ * variables here. Each error is returned only once to the caller.
+ */
+static char errbuf[BUFSIZ];
+static int errvalid;
+
+/*
+ * The `fixed' gcc header files on AIX 3.2.5 provide a prototype for
+ * strdup().  --jwe
+ */
+#ifndef HAVE_STRDUP
+extern char *strdup(const char *);
+#endif
+static void caterr(char *);
+static int readExports(ModulePtr);
+static void terminate(void);
+static void *findMain(void);
+
+void *dlopen(const char *path, int mode)
+{
+	ModulePtr mp;
+	static void *mainModule;
+
+	/*
+	 * Upon the first call register a terminate handler that will
+	 * close all libraries. Also get a reference to the main module
+	 * for use with loadbind.
+	 */
+	if (!mainModule) {
+		if ((mainModule = findMain()) == NULL)
+			return NULL;
+		atexit(terminate);
+	}
+	/*
+	 * Scan the list of modules if we have the module already loaded.
+	 */
+	for (mp = modList; mp; mp = mp->next)
+		if (strcmp(mp->name, path) == 0) {
+			mp->refCnt++;
+			return mp;
+		}
+	if ((mp = (ModulePtr)calloc(1, sizeof(*mp))) == NULL) {
+		errvalid++;
+		snprintf (errbuf, "calloc: %s", strerror(errno));
+		return NULL;
+	}
+	if ((mp->name = strdup(path)) == NULL) {
+		errvalid++;
+		snprintf (errbuf, "strdup: %s", strerror(errno));
+		free(mp);
+		return NULL;
+	}
+	/*
+	 * load should be declared load(const char *...). Thus we
+	 * cast the path to a normal char *. Ugly.
+	 */
+	if ((mp->entry = (void *)load((char *)path, L_NOAUTODEFER, NULL)) == NULL) {
+		free(mp->name);
+		free(mp);
+		errvalid++;
+		snprintf (errbuf, sizeof(errbuf),
+			  "dlopen: %s: ", path);
+		/*
+		 * If AIX says the file is not executable, the error
+		 * can be further described by querying the loader about
+		 * the last error.
+		 */
+		if (errno == ENOEXEC) {
+			char *tmp[BUFSIZ/sizeof(char *)];
+			if (loadquery(L_GETMESSAGES, tmp, sizeof(tmp)) == -1)
+				strlcpy(errbuf,
+						strerror(errno),
+						sizeof(errbuf));
+			else {
+				char **p;
+				for (p = tmp; *p; p++)
+					caterr(*p);
+			}
+		} else
+			strlcat(errbuf,
+					strerror(errno),
+					sizeof(errbuf));
+		return NULL;
+	}
+	mp->refCnt = 1;
+	mp->next = modList;
+	modList = mp;
+	if (loadbind(0, mainModule, mp->entry) == -1) {
+		dlclose(mp);
+		errvalid++;
+		snprintf (errbuf, sizeof(errbuf),
+			  "loadbind: %s", strerror(errno));
+		return NULL;
+	}
+	/*
+	 * If the user wants global binding, loadbind against all other
+	 * loaded modules.
+	 */
+	if (mode & RTLD_GLOBAL) {
+		ModulePtr mp1;
+		for (mp1 = mp->next; mp1; mp1 = mp1->next)
+			if (loadbind(0, mp1->entry, mp->entry) == -1) {
+				dlclose(mp);
+				errvalid++;
+				snprintf (errbuf, sizeof(errbuf),
+					  "loadbind: %s",
+					  strerror(errno));
+				return NULL;
+			}
+	}
+	if (readExports(mp) == -1) {
+		dlclose(mp);
+		return NULL;
+	}
+	/*
+	 * If there is a dl_info structure, call the init function.
+	 */
+	if (mp->info = (struct dl_info *)dlsym(mp, "dl_info")) {
+		if (mp->info->init)
+			(*mp->info->init)();
+	} else
+		errvalid = 0;
+	/*
+	 * If the shared object was compiled using xlC we will need
+	 * to call static constructors (and later on dlclose destructors).
+	 */
+	if (mp->cdtors = (CdtorPtr)dlsym(mp, "__cdtors")) {
+		CdtorPtr cp = mp->cdtors;
+		while (cp->init || cp->term) {
+			if (cp->init && cp->init != (void (*)(void))0xffffffff)
+				(*cp->init)();
+			cp++;
+		}
+	/*
+	 * If the shared object was compiled using g++, we will need
+	 * to call global constructors using the _GLOBAL__DI function,
+	 * and later, global destructors using the _GLOBAL_DD
+	 * funciton.  --jwe
+	 */
+	} else if (mp->gcc_ctor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DI")) {
+		(*mp->gcc_ctor)();
+		mp->gcc_dtor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DD"); 
+	} else
+		errvalid = 0;
+	return mp;
+}
+
+/*
+ * Attempt to decipher an AIX loader error message and append it
+ * to our static error message buffer.
+ */
+static void caterr(char *s)
+{
+	char *p = s;
+
+	while (*p >= '0' && *p <= '9')
+		p++;
+	switch(atoi(s)) {
+	case L_ERROR_TOOMANY:
+		strlcat(errbuf, "to many errors", sizeof(errbuf));
+		break;
+	case L_ERROR_NOLIB:
+		strlcat(errbuf, "can't load library", sizeof(errbuf));
+		strlcat(errbuf, p, sizeof(errbuf));
+		break;
+	case L_ERROR_UNDEF:
+		strlcat(errbuf, "can't find symbol", sizeof(errbuf));
+		strlcat(errbuf, p, sizeof(errbuf));
+		break;
+	case L_ERROR_RLDBAD:
+		strlcat(errbuf, "bad RLD", sizeof(errbuf));
+		strlcat(errbuf, p, sizeof(errbuf));
+		break;
+	case L_ERROR_FORMAT:
+		strlcat(errbuf, "bad exec format in", sizeof(errbuf));
+		strlcat(errbuf, p, sizeof(errbuf));
+		break;
+	case L_ERROR_ERRNO:
+		strlcat(errbuf, strerror(atoi(++p)), sizeof(errbuf));
+		break;
+	default:
+		strlcat(errbuf, s, sizeof(errbuf));
+		break;
+	}
+}
+
+void *dlsym(void *handle, const char *symbol)
+{
+	ModulePtr mp = (ModulePtr)handle;
+	ExportPtr ep;
+	int i;
+
+	/*
+	 * Could speed up the search, but I assume that one assigns
+	 * the result to function pointers anyways.
+	 */
+	for (ep = mp->exports, i = mp->nExports; i; i--, ep++)
+		if (strcmp(ep->name, symbol) == 0)
+			return ep->addr;
+	errvalid++;
+	snprintf (errbuf, sizeof(errbuf),
+		  "dlsym: undefined symbol %s", symbol);		  
+	return NULL;
+}
+
+char *dlerror(void)
+{
+	if (errvalid) {
+		errvalid = 0;
+		return errbuf;
+	}
+	return NULL;
+}
+
+int dlclose(void *handle)
+{
+	ModulePtr mp = (ModulePtr)handle;
+	int result;
+	ModulePtr mp1;
+
+	if (--mp->refCnt > 0)
+		return 0;
+	if (mp->info && mp->info->fini)
+		(*mp->info->fini)();
+	if (mp->cdtors) {
+		CdtorPtr cp = mp->cdtors;
+		while (cp->init || cp->term) {
+			if (cp->term && cp->init != (void (*)(void))0xffffffff)
+				(*cp->term)();
+			cp++;
+		}
+	/*
+	 * If the function to handle global destructors for g++
+	 * exists, call it.  --jwe
+	 */
+	} else if (mp->gcc_dtor) {
+	        (*mp->gcc_dtor)();
+	}
+	result = unload(mp->entry);
+	if (result == -1) {
+		errvalid++;
+		snprintf (errbuf, sizeof(errbuf),
+			  "%s", strerror(errno));
+	}
+	if (mp->exports) {
+		ExportPtr ep;
+		int i;
+		for (ep = mp->exports, i = mp->nExports; i; i--, ep++)
+			if (ep->name)
+				free(ep->name);
+		free(mp->exports);
+	}
+	if (mp == modList)
+		modList = mp->next;
+	else {
+		for (mp1 = modList; mp1; mp1 = mp1->next)
+			if (mp1->next == mp) {
+				mp1->next = mp->next;
+				break;
+			}
+	}
+	free(mp->name);
+	free(mp);
+	return result;
+}
+
+static void terminate(void)
+{
+	while (modList)
+		dlclose(modList);
+}
+
+/*
+ * Build the export table from the XCOFF .loader section.
+ */
+static int readExports(ModulePtr mp)
+{
+	LDFILE *ldp = NULL;
+	SCNHDR sh, shdata;
+	LDHDR *lhp;
+	char *ldbuf;
+	LDSYM *ls;
+	int i;
+	ExportPtr ep;
+
+	if ((ldp = ldopen(mp->name, ldp)) == NULL) {
+		struct ld_info *lp;
+		char *buf;
+		int size = 4*1024;
+		if (errno != ENOENT) {
+			errvalid++;
+			snprintf(errbuf, sizeof(errbuf),
+				 "readExports: %s",
+				 strerror(errno));
+			return -1;
+		}
+		/*
+		 * The module might be loaded due to the LIBPATH
+		 * environment variable. Search for the loaded
+		 * module using L_GETINFO.
+		 */
+		if ((buf = malloc(size)) == NULL) {
+			errvalid++;
+			snprintf(errbuf, sizeof(errbuf),
+				 "readExports: %s",
+				 strerror(errno));
+			return -1;
+		}
+		while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) {
+			free(buf);
+			size += 4*1024;
+			if ((buf = malloc(size)) == NULL) {
+				errvalid++;
+				snprintf(errbuf, sizeof(errbuf),
+					 "readExports: %s",
+					 strerror(errno));
+				return -1;
+			}
+		}
+		if (i == -1) {
+			errvalid++;
+			snprintf(errbuf, sizeof(errbuf),
+				 "readExports: %s",
+				 strerror(errno));
+			free(buf);
+			return -1;
+		}
+		/*
+		 * Traverse the list of loaded modules. The entry point
+		 * returned by load() does actually point to the data
+		 * segment origin.
+		 */
+		lp = (struct ld_info *)buf;
+		while (lp) {
+			if (lp->ldinfo_dataorg == mp->entry) {
+				ldp = ldopen(lp->ldinfo_filename, ldp);
+				break;
+			}
+			if (lp->ldinfo_next == 0)
+				lp = NULL;
+			else
+				lp = (struct ld_info *)((char *)lp + lp->ldinfo_next);
+		}
+		free(buf);
+		if (!ldp) {
+			errvalid++;
+			snprintf (errbuf, sizeof(errbuf),
+				  "readExports: %s", strerror(errno));
+			return -1;
+		}
+	}
+	if (TYPE(ldp) != U802TOCMAGIC) {
+		errvalid++;
+		snprintf(errbuf, sizeof(errbuf), "readExports: bad magic");
+		while(ldclose(ldp) == FAILURE)
+			;
+		return -1;
+	}
+	/*
+	 * Get the padding for the data section. This is needed for
+	 * AIX 4.1 compilers. This is used when building the final
+	 * function pointer to the exported symbol.
+	 */
+	if (ldnshread(ldp, _DATA, &shdata) != SUCCESS) {
+		errvalid++;
+		snprintf(errbuf, sizeof(errbuf),
+			 "readExports: cannot read data section header");
+		while(ldclose(ldp) == FAILURE)
+			;
+		return -1;
+	}
+	if (ldnshread(ldp, _LOADER, &sh) != SUCCESS) {
+		errvalid++;
+		snprintf(errbuf, sizeof(errbuf),
+			 "readExports: cannot read loader section header");
+		while(ldclose(ldp) == FAILURE)
+			;
+		return -1;
+	}
+	/*
+	 * We read the complete loader section in one chunk, this makes
+	 * finding long symbol names residing in the string table easier.
+	 */
+	if ((ldbuf = (char *)malloc(sh.s_size)) == NULL) {
+		errvalid++;
+		snprintf (errbuf, sizeof(errbuf),
+			  "readExports: %s", strerror(errno));
+		while(ldclose(ldp) == FAILURE)
+			;
+		return -1;
+	}
+	if (FSEEK(ldp, sh.s_scnptr, BEGINNING) != OKFSEEK) {
+		errvalid++;
+		snprintf(errbuf, sizeof(errbuf),
+			 "readExports: cannot seek to loader section");
+		free(ldbuf);
+		while(ldclose(ldp) == FAILURE)
+			;
+		return -1;
+	}
+	if (FREAD(ldbuf, sh.s_size, 1, ldp) != 1) {
+		errvalid++;
+		snprintf(errbuf, sizeof(errbuf),
+			 "readExports: cannot read loader section");
+		free(ldbuf);
+		while(ldclose(ldp) == FAILURE)
+			;
+		return -1;
+	}
+	lhp = (LDHDR *)ldbuf;
+	ls = (LDSYM *)(ldbuf+LDHDRSZ);
+	/*
+	 * Count the number of exports to include in our export table.
+	 */
+	for (i = lhp->l_nsyms; i; i--, ls++) {
+		if (!LDR_EXPORT(*ls))
+			continue;
+		mp->nExports++;
+	}
+	if ((mp->exports = (ExportPtr)calloc(mp->nExports, sizeof(*mp->exports))) == NULL) {
+		errvalid++;
+		snprintf (errbuf, sizeof(errbuf),
+			  "readExports: %s", strerror(errno));
+		free(ldbuf);
+		while(ldclose(ldp) == FAILURE)
+			;
+		return -1;
+	}
+	/*
+	 * Fill in the export table. All entries are relative to
+	 * the entry point we got from load.
+	 */
+	ep = mp->exports;
+	ls = (LDSYM *)(ldbuf+LDHDRSZ);
+	for (i = lhp->l_nsyms; i; i--, ls++) {
+		char *symname;
+		char tmpsym[SYMNMLEN+1];
+		if (!LDR_EXPORT(*ls))
+			continue;
+		if (ls->l_zeroes == 0)
+			symname = ls->l_offset+lhp->l_stoff+ldbuf;
+		else {
+			/*
+			 * The l_name member is not zero terminated, we
+			 * must copy the first SYMNMLEN chars and make
+			 * sure we have a zero byte at the end.
+			 */
+		        strlcpy (tmpsym, ls->l_name,
+					 SYMNMLEN + 1);
+			symname = tmpsym;
+		}
+		ep->name = strdup(symname);
+		ep->addr = (void *)((unsigned long)mp->entry +
+					ls->l_value - shdata.s_vaddr);
+		ep++;
+	}
+	free(ldbuf);
+	while(ldclose(ldp) == FAILURE)
+		;
+	return 0;
+}
+
+/*
+ * Find the main modules entry point. This is used as export pointer
+ * for loadbind() to be able to resolve references to the main part.
+ */
+static void * findMain(void)
+{
+	struct ld_info *lp;
+	char *buf;
+	int size = 4*1024;
+	int i;
+	void *ret;
+
+	if ((buf = malloc(size)) == NULL) {
+		errvalid++;
+		snprintf (errbuf, sizeof(errbuf),
+			  "findMail: %s", strerror(errno));
+		return NULL;
+	}
+	while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) {
+		free(buf);
+		size += 4*1024;
+		if ((buf = malloc(size)) == NULL) {
+			errvalid++;
+			snprintf (errbuf, sizeof(errbuf),
+				  "findMail: %s", strerror(errno));
+			return NULL;
+		}
+	}
+	if (i == -1) {
+		errvalid++;
+		snprintf (errbuf, sizeof(errbuf),
+			  "findMail: %s", strerror(errno));
+		free(buf);
+		return NULL;
+	}
+	/*
+	 * The first entry is the main module. The entry point
+	 * returned by load() does actually point to the data
+	 * segment origin.
+	 */
+	lp = (struct ld_info *)buf;
+	ret = lp->ldinfo_dataorg;
+	free(buf);
+	return ret;
+}
diff --git a/crypto/kerberosIV/lib/kafs/dlfcn.h b/crypto/kerberosIV/lib/kafs/dlfcn.h
new file mode 100644
index 0000000..5671e9c
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/dlfcn.h
@@ -0,0 +1,46 @@
+/*
+ * @(#)dlfcn.h	1.4 revision of 95/04/25  09:36:52
+ * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH
+ * 30159 Hannover, Germany
+ */
+
+#ifndef __dlfcn_h__
+#define __dlfcn_h__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Mode flags for the dlopen routine.
+ */
+#define RTLD_LAZY	1	/* lazy function call binding */
+#define RTLD_NOW	2	/* immediate function call binding */
+#define RTLD_GLOBAL	0x100	/* allow symbols to be global */
+
+/*
+ * To be able to intialize, a library may provide a dl_info structure
+ * that contains functions to be called to initialize and terminate.
+ */
+struct dl_info {
+	void (*init)(void);
+	void (*fini)(void);
+};
+
+#if __STDC__ || defined(_IBMR2)
+void *dlopen(const char *path, int mode);
+void *dlsym(void *handle, const char *symbol);
+char *dlerror(void);
+int dlclose(void *handle);
+#else
+void *dlopen();
+void *dlsym();
+char *dlerror();
+int dlclose();
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __dlfcn_h__ */
diff --git a/crypto/kerberosIV/lib/kafs/kafs.h b/crypto/kerberosIV/lib/kafs/kafs.h
new file mode 100644
index 0000000..cb4b000
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/kafs.h
@@ -0,0 +1,192 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kafs.h,v 1.32 1999/12/02 16:58:40 joda Exp $ */
+/* $FreeBSD$ */
+
+#ifndef __KAFS_H
+#define __KAFS_H
+
+/* XXX must include krb5.h or krb.h */
+
+/* sys/ioctl.h must be included manually before kafs.h */
+
+/*
+ */
+#define AFSCALL_PIOCTL 20
+#define AFSCALL_SETPAG 21
+
+#ifndef _VICEIOCTL
+#define _VICEIOCTL(id)  ((unsigned int ) _IOW('V', id, struct ViceIoctl))
+#endif /* _VICEIOCTL */
+
+#define VIOCSETAL		_VICEIOCTL(1)
+#define VIOCGETAL		_VICEIOCTL(2)
+#define VIOCSETTOK		_VICEIOCTL(3)
+#define VIOCGETVOLSTAT		_VICEIOCTL(4)
+#define VIOCSETVOLSTAT		_VICEIOCTL(5)
+#define VIOCFLUSH		_VICEIOCTL(6)
+#define VIOCGETTOK		_VICEIOCTL(8)
+#define VIOCUNLOG		_VICEIOCTL(9)
+#define VIOCCKSERV		_VICEIOCTL(10)
+#define VIOCCKBACK		_VICEIOCTL(11)
+#define VIOCCKCONN		_VICEIOCTL(12)
+#define VIOCWHEREIS		_VICEIOCTL(14)
+#define VIOCACCESS		_VICEIOCTL(20)
+#define VIOCUNPAG		_VICEIOCTL(21)
+#define VIOCGETFID		_VICEIOCTL(22)
+#define VIOCSETCACHESIZE	_VICEIOCTL(24)
+#define VIOCFLUSHCB		_VICEIOCTL(25)
+#define VIOCNEWCELL		_VICEIOCTL(26)
+#define VIOCGETCELL		_VICEIOCTL(27)
+#define VIOC_AFS_DELETE_MT_PT	_VICEIOCTL(28)
+#define VIOC_AFS_STAT_MT_PT	_VICEIOCTL(29)
+#define VIOC_FILE_CELL_NAME	_VICEIOCTL(30)
+#define VIOC_GET_WS_CELL	_VICEIOCTL(31)
+#define VIOC_AFS_MARINER_HOST	_VICEIOCTL(32)
+#define VIOC_GET_PRIMARY_CELL	_VICEIOCTL(33)
+#define VIOC_VENUSLOG		_VICEIOCTL(34)
+#define VIOC_GETCELLSTATUS	_VICEIOCTL(35)
+#define VIOC_SETCELLSTATUS	_VICEIOCTL(36)
+#define VIOC_FLUSHVOLUME	_VICEIOCTL(37)
+#define VIOC_AFS_SYSNAME	_VICEIOCTL(38)
+#define VIOC_EXPORTAFS		_VICEIOCTL(39)
+#define VIOCGETCACHEPARAMS	_VICEIOCTL(40)
+#define VIOC_GCPAGS		_VICEIOCTL(48) 
+
+struct ViceIoctl {
+  caddr_t in, out;
+  short in_size;
+  short out_size;
+};
+
+struct ClearToken {
+  int32_t AuthHandle;
+  char HandShakeKey[8];
+  int32_t ViceId;
+  int32_t BeginTimestamp;
+  int32_t EndTimestamp;
+};
+
+#ifdef __STDC__
+#ifndef __P
+#define __P(x) x
+#endif
+#else
+#ifndef __P
+#define __P(x) ()
+#endif
+#endif
+
+/* Use k_hasafs() to probe if the machine supports AFS syscalls.
+   The other functions will generate a SIGSYS if AFS is not supported */
+
+int k_hasafs __P((void));
+
+int krb_afslog __P((const char *cell, const char *realm));
+int krb_afslog_uid __P((const char *cell, const char *realm, uid_t uid));
+int krb_afslog_home __P((const char *cell, const char *realm,
+			 const char *homedir));
+int krb_afslog_uid_home __P((const char *cell, const char *realm, uid_t uid,
+			     const char *homedir));
+
+int krb_realm_of_cell __P((const char *cell, char **realm));
+
+/* compat */
+#define k_afsklog krb_afslog
+#define k_afsklog_uid krb_afslog_uid
+
+int k_pioctl __P((char *a_path,
+		  int o_opcode,
+		  struct ViceIoctl *a_paramsP,
+		  int a_followSymlinks));
+int k_unlog __P((void));
+int k_setpag __P((void));
+int k_afs_cell_of_file __P((const char *path, char *cell, int len));
+
+
+
+/* XXX */
+#ifdef KFAILURE
+#define KRB_H_INCLUDED
+#endif
+
+#ifdef KRB5_RECVAUTH_IGNORE_VERSION
+#define KRB5_H_INCLUDED
+#endif
+
+#ifdef KRB_H_INCLUDED
+int kafs_settoken __P((const char*, uid_t, CREDENTIALS*));
+#endif
+
+#ifdef KRB5_H_INCLUDED
+krb5_error_code krb5_afslog_uid __P((krb5_context context,
+				     krb5_ccache id,
+				     const char *cell,
+				     krb5_const_realm realm,
+				     uid_t uid));
+krb5_error_code krb5_afslog __P((krb5_context context,
+				 krb5_ccache id, 
+				 const char *cell,
+				 krb5_const_realm realm));
+krb5_error_code krb5_afslog_uid_home __P((krb5_context context,
+					  krb5_ccache id,
+					  const char *cell,
+					  krb5_const_realm realm,
+					  uid_t uid,
+					  const char *homedir));
+
+krb5_error_code krb5_afslog_home __P((krb5_context context,
+				      krb5_ccache id,
+				      const char *cell,
+				      krb5_const_realm realm,
+				      const char *homedir));
+
+krb5_error_code krb5_realm_of_cell __P((const char *cell, char **realm));
+
+#endif
+
+
+#define _PATH_VICE		"/usr/vice/etc/"
+#define _PATH_THISCELL 		_PATH_VICE "ThisCell"
+#define _PATH_CELLSERVDB 	_PATH_VICE "CellServDB"
+#define _PATH_THESECELLS	_PATH_VICE "TheseCells"
+
+#define _PATH_ARLA_VICE		"/usr/arla/etc/"
+#define _PATH_ARLA_THISCELL	_PATH_ARLA_VICE "ThisCell"
+#define _PATH_ARLA_CELLSERVDB 	_PATH_ARLA_VICE "CellServDB"
+#define _PATH_ARLA_THESECELLS	_PATH_ARLA_VICE "TheseCells"
+
+extern int _kafs_debug;
+
+#endif /* __KAFS_H */
diff --git a/crypto/kerberosIV/lib/kafs/kafs_locl.h b/crypto/kerberosIV/lib/kafs/kafs_locl.h
new file mode 100644
index 0000000..ac1c2f6
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/kafs_locl.h
@@ -0,0 +1,135 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kafs_locl.h,v 1.15 1999/12/02 16:58:40 joda Exp $ */
+
+#ifndef __KAFS_LOCL_H__
+#define __KAFS_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <setjmp.h>
+#include <errno.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif
+
+#ifdef HAVE_SYS_SYSCALL_H
+#include <sys/syscall.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+#include <roken.h>
+
+#ifdef KRB5
+#include <krb5.h>
+#endif
+#ifdef KRB4
+#include <krb.h>
+#endif
+#include <kafs.h>
+
+#include <resolve.h>
+
+#include "afssysdefs.h"
+
+struct kafs_data;
+typedef int (*afslog_uid_func_t)(struct kafs_data *,
+				 const char *cell,
+				 const char *realm_hint,
+				 uid_t,
+				 const char *homedir);
+
+typedef int (*get_cred_func_t)(struct kafs_data*, const char*, const char*, 
+				    const char*, CREDENTIALS*);
+
+typedef char* (*get_realm_func_t)(struct kafs_data*, const char*);
+
+typedef struct kafs_data {
+    afslog_uid_func_t afslog_uid;
+    get_cred_func_t get_cred;
+    get_realm_func_t get_realm;
+    void *data;
+} kafs_data;
+
+int _kafs_afslog_all_local_cells(kafs_data*, uid_t, const char*);
+
+int _kafs_get_cred(kafs_data*, const char*, const char*, const char *, 
+		  CREDENTIALS*);
+
+int
+_kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm);
+
+#ifdef _AIX
+int aix_pioctl(char*, int, struct ViceIoctl*, int);
+int aix_setpag(void);
+#endif
+
+#endif /* __KAFS_LOCL_H__ */
diff --git a/crypto/kerberosIV/lib/kclient/KClient.c b/crypto/kerberosIV/lib/kclient/KClient.c
new file mode 100644
index 0000000..6d4ed60
--- /dev/null
+++ b/crypto/kerberosIV/lib/kclient/KClient.c
@@ -0,0 +1,440 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* KClient.c - KClient glue to krb4.dll
+ * Author: J�rgen Karlsson - d93-jka@nada.kth.se
+ * Date: June 1996
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: KClient.c,v 1.14 1999/12/02 16:58:40 joda Exp $");
+#endif
+
+#ifdef WIN32	/* Visual C++ 4.0 (Windows95/NT) */
+#include <Windows.h>
+#endif /* WIN32 */
+
+//#include <string.h>
+#include <winsock.h>
+#include "passwd_dlg.h"
+#include "KClient.h"
+#include "krb.h"
+
+char guser[64];
+
+void
+msg(char *text)
+{
+    HWND wnd = GetActiveWindow();
+    MessageBox(wnd, text, "KClient message", MB_OK|MB_APPLMODAL);
+}
+ 
+BOOL
+SendTicketForService(LPSTR service, LPSTR version, int fd)
+{
+    KTEXT_ST ticket;
+    MSG_DAT mdat;
+    CREDENTIALS cred;
+    des_key_schedule schedule;
+    char name[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ];
+    int ret;
+    static KClientSessionInfo foo;
+    KClientKey key;
+
+    kname_parse(name, inst, realm, service);
+    strlcpy(foo.realm, realm, sizeof(foo.realm));
+
+    if(KClientStatus(&foo) == KClientNotLoggedIn)
+	KClientLogin(&foo, &key);
+
+    ret = krb_sendauth (0, fd, &ticket,
+			name, inst, realm, 17, &mdat,
+			&cred, &schedule, NULL, NULL, version);
+    if(ret)
+	return FALSE;
+    return TRUE;
+}
+
+BOOL WINAPI
+DllMain(HANDLE hInst, ULONG reason, LPVOID lpReserved)
+{
+    WORD wVersionRequested;
+    WSADATA wsaData;
+    int err;
+
+    switch(reason){
+    case DLL_PROCESS_ATTACH:
+	wVersionRequested = MAKEWORD(1, 1);
+
+	err = WSAStartup(wVersionRequested, &wsaData);
+
+	if (err != 0)
+	{
+	    /* Tell the user that we couldn't find a useable */
+	    /* winsock.dll.     */
+	    msg("Cannot find winsock.dll");
+	    return FALSE;
+	}
+	break;
+    case DLL_PROCESS_DETACH:
+	WSACleanup();
+    }
+
+    return TRUE;
+}
+
+Kerr
+KClientMessage(char *text, Kerr error)
+{
+    msg(text);
+    return error;
+}
+
+/* KClientInitSession
+ * You need to call this routine before calling most other routines.
+ * It initializes a KClientSessionInfo structure.
+ * The local and remote addresses are for use in KClientEncrypt,
+ * KClientDecrypt, KClientMakeSendAuth and KClientVerifySendAuth.
+ * If you don't use any of these routines it's perfectly OK to do the following...
+ * err = KClientInitSession(session,0,0,0,0);
+ */
+Kerr
+KClientInitSession(KClientSessionInfo *session,
+		   unsigned long lAddr,
+		   unsigned short lPort,
+		   unsigned long fAddr,
+		   unsigned short fPort)
+{
+    session->lAddr = lAddr;
+    session->lPort = lPort;
+    session->fAddr = fAddr;
+    session->fPort = fPort;
+    if(tf_get_pname(session->user) != KSUCCESS)
+	*(session->user) = '\0';
+    if(tf_get_pinst(session->inst) != KSUCCESS)
+	*(session->inst) = '\0';
+    krb_get_lrealm (session->realm, 1);
+    if(*(session->user))
+	strlcpy(guser, session->user, sizeof(guser));
+    else
+	*guser ='\0';
+    
+    return 0;
+}
+
+
+/* KClientGetTicketForService
+ * This routine gets an authenticator to be passed to a service.
+ * If the user isn't already logged in the user is prompted for a password.
+ */
+Kerr
+KClientGetTicketForService(KClientSessionInfo *session,
+			   char *service,
+			   void *buf,
+			   unsigned long *buflen)
+{
+    CREDENTIALS c;
+    KClientKey k;
+    KTEXT_ST ticket;
+    char serv[255], inst[255], realm[255];
+    Kerr err;
+
+    //	KClientSetUserName(session->user);
+    err = kname_parse(serv,inst,realm,service);
+    if(*realm)
+	strlcpy(session->realm, realm, sizeof(session->realm));
+    else
+	strlcpy(realm, session->realm, sizeof(realm));
+    if(KClientStatus(session) == KClientNotLoggedIn)
+	if((err = KClientLogin(session, &k)) != KSUCCESS)
+	    return err;
+
+    if((err = krb_mk_req(&ticket, serv, inst, realm, 0)) != KSUCCESS)
+	return KClientMessage(KClientErrorText(err,0),err);
+    if((err = krb_get_cred(serv, inst, realm, &c)) != KSUCCESS)
+	return KClientMessage(KClientErrorText(err,0),err);
+
+    if(*buflen >= ticket.length)
+    {
+	*buflen = ticket.length + sizeof(unsigned long);
+	CopyMemory(buf, &ticket, *buflen);
+	CopyMemory(session->key, c.session, sizeof(session->key));
+    }
+    else
+	err = -1;
+    return err;
+}
+
+
+/* KClientLogin
+ * This routine "logs in" by getting a ticket granting ticket from kerberos.
+ * It returns the user's private key which can be used to automate login at
+ * a later time with KClientKeyLogin.
+ */
+
+Kerr
+KClientLogin(KClientSessionInfo *session,
+	     KClientKey *privateKey)
+{
+    CREDENTIALS c;
+    Kerr err;
+    char passwd[100];
+	
+    if((err = pwd_dialog(guser, passwd)))
+	return err;
+    if(KClientStatus(session) == KClientNotLoggedIn)
+    {
+
+	if((err = krb_get_pw_in_tkt(guser, session->inst, session->realm,
+				    "krbtgt", session->realm,
+				    DEFAULT_TKT_LIFE, passwd)) != KSUCCESS)
+	    return KClientMessage(KClientErrorText(err,0),err);
+    }
+    if((err = krb_get_cred("krbtgt", session->realm,
+			   session->realm, &c)) == KSUCCESS)
+	CopyMemory(privateKey, c.session, sizeof(*privateKey));
+    return err;
+}
+
+
+/* KClientPasswordLogin
+ * This routine is similiar to KClientLogin but instead of prompting the user
+ * for a password it uses the password supplied to establish login.
+ */
+Kerr
+KClientPasswordLogin(KClientSessionInfo *session,
+		     char *password,
+		     KClientKey *privateKey)
+{
+    return krb_get_pw_in_tkt(guser, session->inst, session->realm,
+			     "krbtgt",
+			     session->realm,
+			     DEFAULT_TKT_LIFE,
+			     password);
+}
+
+
+static key_proc_t
+key_proc(void *arg)
+{
+	return arg;
+}
+
+/* KClientKeyLogin
+ * This routine is similiar to KClientLogin but instead of prompting the user
+ * for a password it uses the private key supplied to establish login.
+ */
+Kerr
+KClientKeyLogin(KClientSessionInfo *session,
+		KClientKey *privateKey)
+{
+    return krb_get_in_tkt(guser, session->inst, session->realm,
+			  "krbtgt",
+			  session->realm,
+			  DEFAULT_TKT_LIFE,
+			  key_proc,
+			  0,
+			  privateKey);
+}
+
+/* KClientLogout
+ * This routine destroys all credentials stored in the credential cache
+ * effectively logging the user out.
+ */
+Kerr
+KClientLogout(void)
+{
+    return 0;
+}
+
+
+/* KClientStatus
+ * This routine returns the user's login status which can be
+ * KClientLoggedIn or KClientNotLoggedIn.
+ */
+short
+KClientStatus(KClientSessionInfo *session)
+{
+    CREDENTIALS c;
+    if(krb_get_cred("krbtgt",
+		    session->realm,
+		    session->realm, &c) == KSUCCESS)
+	return KClientLoggedIn;
+    else
+	return KClientNotLoggedIn;
+}
+
+
+/* KClientGetUserName
+ * This routine returns the name the user supplied in the login dialog.
+ * No name is returned if the user is not logged in.
+ */
+Kerr
+KClientGetUserName(char *user)
+{
+    strcpy(user, guser);
+    return 0;
+}
+
+
+/* KClientSetUserName
+ * This routine sets the name that will come up in the login dialog
+ * the next time the user is prompted for a password.
+ */
+Kerr
+KClientSetUserName(char *user)
+{
+    strlcpy(guser, user, sizeof(guser));
+    return 0;
+}
+
+
+/* KClientCacheInitialTicket
+ * This routine is used to obtain a ticket for the password changing service.
+ */
+Kerr
+KClientCacheInitialTicket(KClientSessionInfo *session,
+			  char *service)
+{
+    return 0;
+}
+
+
+/* KClientGetSessionKey
+ * This routine can be used to obtain the session key which is stored
+ * in the KClientSessionInfo record. The session key has no usefullness
+ * with any KClient calls but it can be used to with the MIT kerberos API.
+ */
+Kerr
+KClientGetSessionKey(KClientSessionInfo *session,
+		     KClientKey *sessionKey)
+{
+    CopyMemory(sessionKey, session->key, sizeof(*sessionKey));
+    return 0;
+}
+
+
+/* KClientMakeSendAuth
+ * This routine is used to create an authenticator that is the same as those
+ * created by the kerberos routine SendAuth.
+ */
+Kerr
+KClientMakeSendAuth(KClientSessionInfo *session,
+		    char *service,
+		    void *buf,
+		    unsigned long *buflen,
+		    long checksum,
+		    char *applicationVersion)
+{
+    return 0;
+}
+
+
+/* KClientVerifySendAuth
+ * This routine is used to verify a response made by a server doing RecvAuth.
+ * The two routines KClientMakeSendAuth and KClientVerifySendAuth together
+ * provide the functionality of SendAuth minus the transmission of authenticators
+ * between client->server->client.
+ */
+Kerr
+KClientVerifySendAuth(KClientSessionInfo *session,
+		      void *buf,
+		      unsigned long *buflen)
+{
+    return 0;
+}
+
+
+/* KClientEncrypt
+ * This routine encrypts a series a bytes for transmission to the remote host.
+ * For this to work properly you must be logged in and you must have specified
+ * the remote and local addresses in KClientInitSession. The unencrypted
+ * message pointed to by buf and of length buflen is returned encrypted
+ * in encryptBuf of length encryptLength.
+ * The encrypted buffer must be at least 26 bytes longer the buf.
+ */
+Kerr
+KClientEncrypt(KClientSessionInfo *session,
+	       void *buf,
+	       unsigned long buflen,
+	       void *encryptBuf,
+	       unsigned long *encryptLength)
+{
+    int num = 64;
+    des_cfb64_encrypt(buf, encryptBuf, buflen,
+		      (struct des_ks_struct*) session->key,
+		      0, &num, 1);
+    return 0;
+}
+
+
+/* KClientDecrypt
+ * This routine decrypts a series of bytes received from the remote host.
+
+ * NOTE: this routine will not reverse a KClientEncrypt call.
+ * It can only decrypt messages sent from the remote host.
+
+ * Instead of copying the decrypted message to an out buffer,
+ * the message is decrypted in place and you are returned
+ * an offset into the buffer where the decrypted message begins.
+ */
+Kerr
+KClientDecrypt(KClientSessionInfo *session,
+	       void *buf,
+	       unsigned long buflen,
+	       unsigned long *decryptOffset,
+	       unsigned long *decryptLength)
+{
+    int num;
+    des_cfb64_encrypt(buf, buf, buflen,
+		      (struct des_ks_struct*)session->key, 0, &num, 0);
+    *decryptOffset = 0;
+    *decryptLength = buflen;
+    return 0;
+}
+
+
+/* KClientErrorText
+ * This routine returns a text description of errors returned by any of
+ * the calls in this library.
+ */
+char *
+KClientErrorText(Kerr err,
+		 char *text)
+{
+    char *t = krb_get_err_text(err);
+    if(text)
+	strcpy(text, t);
+    return t;
+}
diff --git a/crypto/kerberosIV/lib/kclient/KClient.def b/crypto/kerberosIV/lib/kclient/KClient.def
new file mode 100644
index 0000000..9b55b2c
--- /dev/null
+++ b/crypto/kerberosIV/lib/kclient/KClient.def
@@ -0,0 +1,19 @@
+LIBRARY kclnt32
+EXPORTS
+	KClientInitSession
+	KClientGetTicketForService
+	KClientLogin
+	KClientPasswordLogin
+	KClientKeyLogin
+	KClientLogout
+	KClientStatus
+	KClientGetUserName
+	KClientSetUserName
+	KClientCacheInitialTicket
+	KClientGetSessionKey
+	KClientMakeSendAuth
+	KClientVerifySendAuth
+	KClientEncrypt
+	KClientDecrypt
+	KClientErrorText
+	SendTicketForService
diff --git a/crypto/kerberosIV/lib/kclient/KClient.dsp b/crypto/kerberosIV/lib/kclient/KClient.dsp
new file mode 100644
index 0000000..de4dde2
--- /dev/null
+++ b/crypto/kerberosIV/lib/kclient/KClient.dsp
@@ -0,0 +1,127 @@
+# Microsoft Developer Studio Project File - Name="kclient" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 5.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=kclient - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE 
+!MESSAGE NMAKE /f "KClient.mak".
+!MESSAGE 
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "KClient.mak" CFG="kclient - Win32 Release"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "kclient - Win32 Release" (based on\
+ "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "kclient - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE 
+
+# Begin Project
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "kclient - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir ".\Release"
+# PROP BASE Intermediate_Dir ".\Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir ".\Release"
+# PROP Intermediate_Dir ".\Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c
+# ADD CPP /nologo /MT /W3 /GX /O2 /I "." /I "..\krb" /I "..\..\include" /I "..\..\include\win32" /I "..\des" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386
+# ADD LINK32 ..\krb\Release\krb.lib ..\des\Release\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /base:"0x1320000" /subsystem:windows /dll /machine:I386 /out:".\Release/kclnt32.dll"
+
+!ELSEIF  "$(CFG)" == "kclient - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir ".\Debug"
+# PROP BASE Intermediate_Dir ".\Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir ".\Debug"
+# PROP Intermediate_Dir ".\Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /Zi /Od /I "." /I "..\krb" /I "..\..\include" /I "..\..\include\win32" /I "..\des" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386
+# ADD LINK32 ..\krb\Debug\krb.lib ..\des\Debug\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /base:"0x1320000" /subsystem:windows /dll /debug /machine:I386 /out:".\Debug/kclnt32.dll"
+
+!ENDIF 
+
+# Begin Target
+
+# Name "kclient - Win32 Release"
+# Name "kclient - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;hpj;bat;for;f90"
+# Begin Source File
+
+SOURCE=.\KClient.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\KClient.def
+# End Source File
+# Begin Source File
+
+SOURCE=.\passwd_dialog.rc
+# End Source File
+# Begin Source File
+
+SOURCE=.\passwd_dlg.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl;fi;fd"
+# Begin Source File
+
+SOURCE=.\KClient.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\passwd_dlg.h
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;cnt;rtf;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project
diff --git a/crypto/kerberosIV/lib/kclient/KClient.h b/crypto/kerberosIV/lib/kclient/KClient.h
new file mode 100644
index 0000000..d8916c5
--- /dev/null
+++ b/crypto/kerberosIV/lib/kclient/KClient.h
@@ -0,0 +1,160 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* KClient.h - KClient glue to krb4.dll
+ * Author: J�rgen Karlsson - d93-jka@nada.kth.se
+ * Date: June 1996
+ */
+
+/* $Id: KClient.h,v 1.8 1999/12/02 16:58:40 joda Exp $ */
+
+#ifndef	KCLIENT_H
+#define	KCLIENT_H
+
+#ifdef MacOS
+#include <Types.h>
+typedef OSerr Kerr;
+#endif /* MacOS */
+
+#ifdef WIN32	/* Visual C++ 4.0 (Windows95/NT) */
+typedef int Kerr;
+#endif /* WIN32 */
+
+enum { KClientLoggedIn, KClientNotLoggedIn };
+
+struct _KClientKey
+{
+    unsigned char keyBytes[8];
+};
+typedef struct _KClientKey KClientKey;
+
+struct _KClientSessionInfo
+{
+    unsigned long lAddr;
+    unsigned short lPort;
+    unsigned long fAddr;
+    unsigned short fPort;
+    char user[32];
+    char inst[32];
+    char realm[32];
+    char key[8];
+};
+typedef struct _KClientSessionInfo KClientSessionInfo;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+Kerr KClientMessage(char *text, Kerr error);
+
+/* KClientInitSession */
+Kerr KClientInitSession(KClientSessionInfo *session,
+			unsigned long lAddr,
+			unsigned short lPort,
+			unsigned long fAddr,
+			unsigned short fPort);
+
+/* KClientGetTicketForService */
+Kerr KClientGetTicketForService(KClientSessionInfo *session,
+				char *service,
+				void *buf,
+				unsigned long *buflen);
+
+
+/* KClientLogin	*/
+Kerr KClientLogin(KClientSessionInfo *session,
+		  KClientKey *privateKey );
+
+/* KClientPasswordLogin */
+Kerr KClientPasswordLogin(KClientSessionInfo *session,
+			  char *password,
+			  KClientKey *privateKey);
+
+/* KClientKeyLogin */
+Kerr KClientKeyLogin(KClientSessionInfo *session, KClientKey *privateKey);
+
+/* KClientLogout */
+Kerr KClientLogout(void);
+
+/* KClientStatus */
+short KClientStatus(KClientSessionInfo *session);
+
+/* KClientGetUserName */
+Kerr KClientGetUserName(char *user);
+
+/* KClientSetUserName */
+Kerr KClientSetUserName(char *user);
+
+/* KClientCacheInitialTicket */
+Kerr KClientCacheInitialTicket(KClientSessionInfo *session,
+			       char *service);
+
+/* KClientGetSessionKey */
+Kerr KClientGetSessionKey(KClientSessionInfo *session,
+			  KClientKey *sessionKey);
+
+/* KClientMakeSendAuth */
+Kerr KClientMakeSendAuth(KClientSessionInfo *session,
+			 char *service,
+			 void *buf,
+			 unsigned long *buflen,
+			 long checksum,
+			 char *applicationVersion);
+
+/* KClientVerifySendAuth */
+Kerr KClientVerifySendAuth(KClientSessionInfo *session,
+			   void *buf,
+			   unsigned long *buflen);
+
+/* KClientEncrypt */
+Kerr KClientEncrypt(KClientSessionInfo *session,
+		    void *buf,
+		    unsigned long buflen,
+		    void *encryptBuf,
+		    unsigned long *encryptLength);
+
+/* KClientDecrypt */
+Kerr KClientDecrypt(KClientSessionInfo *session,
+		    void *buf,
+		    unsigned long buflen,
+		    unsigned long *decryptOffset,
+		    unsigned long *decryptLength);
+
+/* KClientErrorText */
+char *KClientErrorText(Kerr err, char *text);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* KCLIENT_H */
diff --git a/crypto/kerberosIV/lib/kclient/KClient.mak b/crypto/kerberosIV/lib/kclient/KClient.mak
new file mode 100644
index 0000000..40d4ab8
--- /dev/null
+++ b/crypto/kerberosIV/lib/kclient/KClient.mak
@@ -0,0 +1,297 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on KClient.dsp
+!IF "$(CFG)" == ""
+CFG=kclient - Win32 Release
+!MESSAGE No configuration specified. Defaulting to kclient - Win32 Release.
+!ENDIF 
+
+!IF "$(CFG)" != "kclient - Win32 Release" && "$(CFG)" !=\
+ "kclient - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line.  For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "KClient.mak" CFG="kclient - Win32 Release"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "kclient - Win32 Release" (based on\
+ "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "kclient - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE 
+!ERROR An invalid configuration is specified.
+!ENDIF 
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE 
+NULL=nul
+!ENDIF 
+
+!IF  "$(CFG)" == "kclient - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+# Begin Custom Macros
+OutDir=.\.\Release
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0" 
+
+ALL : "$(OUTDIR)\kclnt32.dll"
+
+!ELSE 
+
+ALL : "krb - Win32 Release" "$(OUTDIR)\kclnt32.dll"
+
+!ENDIF 
+
+!IF "$(RECURSE)" == "1" 
+CLEAN :"krb - Win32 ReleaseCLEAN" 
+!ELSE 
+CLEAN : 
+!ENDIF 
+	-@erase "$(INTDIR)\KClient.obj"
+	-@erase "$(INTDIR)\passwd_dialog.res"
+	-@erase "$(INTDIR)\passwd_dlg.obj"
+	-@erase "$(INTDIR)\vc50.idb"
+	-@erase "$(OUTDIR)\kclnt32.dll"
+	-@erase "$(OUTDIR)\kclnt32.exp"
+	-@erase "$(OUTDIR)\kclnt32.lib"
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "." /I "..\krb" /I "..\..\include" /I\
+ "..\..\include\win32" /I "..\des" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D\
+ "HAVE_CONFIG_H" /Fp"$(INTDIR)\KClient.pch" /YX /Fo"$(INTDIR)\\"\
+ /Fd"$(INTDIR)\\" /FD /c 
+CPP_OBJS=.\Release/
+CPP_SBRS=.
+
+.c{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+MTL=midl.exe
+MTL_PROJ=/nologo /D "NDEBUG" /mktyplib203 /win32 
+RSC=rc.exe
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\passwd_dialog.res" /d "NDEBUG" 
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\KClient.bsc" 
+BSC32_SBRS= \
+	
+LINK32=link.exe
+LINK32_FLAGS=..\krb\Release\krb.lib ..\des\Release\des.lib wsock32.lib\
+ kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\
+ shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /base:"0x1320000"\
+ /subsystem:windows /dll /incremental:no /pdb:"$(OUTDIR)\kclnt32.pdb"\
+ /machine:I386 /def:".\KClient.def" /out:"$(OUTDIR)\kclnt32.dll"\
+ /implib:"$(OUTDIR)\kclnt32.lib" 
+DEF_FILE= \
+	".\KClient.def"
+LINK32_OBJS= \
+	"$(INTDIR)\KClient.obj" \
+	"$(INTDIR)\passwd_dialog.res" \
+	"$(INTDIR)\passwd_dlg.obj" \
+	"..\krb\Release\krb.lib"
+
+"$(OUTDIR)\kclnt32.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+
+!ELSEIF  "$(CFG)" == "kclient - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\.\Debug
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0" 
+
+ALL : "$(OUTDIR)\kclnt32.dll"
+
+!ELSE 
+
+ALL : "krb - Win32 Debug" "$(OUTDIR)\kclnt32.dll"
+
+!ENDIF 
+
+!IF "$(RECURSE)" == "1" 
+CLEAN :"krb - Win32 DebugCLEAN" 
+!ELSE 
+CLEAN : 
+!ENDIF 
+	-@erase "$(INTDIR)\KClient.obj"
+	-@erase "$(INTDIR)\passwd_dialog.res"
+	-@erase "$(INTDIR)\passwd_dlg.obj"
+	-@erase "$(INTDIR)\vc50.idb"
+	-@erase "$(INTDIR)\vc50.pdb"
+	-@erase "$(OUTDIR)\kclnt32.dll"
+	-@erase "$(OUTDIR)\kclnt32.exp"
+	-@erase "$(OUTDIR)\kclnt32.ilk"
+	-@erase "$(OUTDIR)\kclnt32.lib"
+	-@erase "$(OUTDIR)\kclnt32.pdb"
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /Zi /Od /I "." /I "..\krb" /I "..\..\include"\
+ /I "..\..\include\win32" /I "..\des" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D\
+ "HAVE_CONFIG_H" /Fp"$(INTDIR)\KClient.pch" /YX /Fo"$(INTDIR)\\"\
+ /Fd"$(INTDIR)\\" /FD /c 
+CPP_OBJS=.\Debug/
+CPP_SBRS=.
+
+.c{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+MTL=midl.exe
+MTL_PROJ=/nologo /D "_DEBUG" /mktyplib203 /win32 
+RSC=rc.exe
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\passwd_dialog.res" /d "_DEBUG" 
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\KClient.bsc" 
+BSC32_SBRS= \
+	
+LINK32=link.exe
+LINK32_FLAGS=..\krb\Debug\krb.lib ..\des\Debug\des.lib wsock32.lib kernel32.lib\
+ user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib\
+ ole32.lib oleaut32.lib uuid.lib /nologo /base:"0x1320000" /subsystem:windows\
+ /dll /incremental:yes /pdb:"$(OUTDIR)\kclnt32.pdb" /debug /machine:I386\
+ /def:".\KClient.def" /out:"$(OUTDIR)\kclnt32.dll"\
+ /implib:"$(OUTDIR)\kclnt32.lib" 
+DEF_FILE= \
+	".\KClient.def"
+LINK32_OBJS= \
+	"$(INTDIR)\KClient.obj" \
+	"$(INTDIR)\passwd_dialog.res" \
+	"$(INTDIR)\passwd_dlg.obj" \
+	"..\krb\Debug\krb.lib"
+
+"$(OUTDIR)\kclnt32.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+
+!ENDIF 
+
+
+!IF "$(CFG)" == "kclient - Win32 Release" || "$(CFG)" ==\
+ "kclient - Win32 Debug"
+SOURCE=.\KClient.c
+DEP_CPP_KCLIE=\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\des\des.h"\
+	"..\krb\krb-protos.h"\
+	"..\krb\krb.h"\
+	".\KClient.h"\
+	".\passwd_dlg.h"\
+
+
+"$(INTDIR)\KClient.obj" : $(SOURCE) $(DEP_CPP_KCLIE) "$(INTDIR)"
+
+
+SOURCE=.\passwd_dialog.rc
+
+"$(INTDIR)\passwd_dialog.res" : $(SOURCE) "$(INTDIR)"
+	$(RSC) $(RSC_PROJ) $(SOURCE)
+
+
+SOURCE=.\passwd_dlg.c
+DEP_CPP_PASSW=\
+	"..\..\include\win32\config.h"\
+	".\passwd_dlg.h"\
+	
+
+"$(INTDIR)\passwd_dlg.obj" : $(SOURCE) $(DEP_CPP_PASSW) "$(INTDIR)"
+
+
+!IF  "$(CFG)" == "kclient - Win32 Release"
+	
+"krb - Win32 Release" : 
+   cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\krb"
+   $(MAKE) /$(MAKEFLAGS) /F ".\krb.mak" CFG="krb - Win32 Release" 
+   cd "..\kclient"
+
+"krb - Win32 ReleaseCLEAN" : 
+   cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\krb"
+   $(MAKE) /$(MAKEFLAGS) CLEAN /F ".\krb.mak" CFG="krb - Win32 Release"\
+ RECURSE=1 
+   cd "..\kclient"
+
+!ELSEIF  "$(CFG)" == "kclient - Win32 Debug"
+
+"krb - Win32 Debug" : 
+   cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\krb"
+   $(MAKE) /$(MAKEFLAGS) /F ".\krb.mak" CFG="krb - Win32 Debug" 
+   cd "..\kclient"
+
+"krb - Win32 DebugCLEAN" : 
+   cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\krb"
+   $(MAKE) /$(MAKEFLAGS) CLEAN /F ".\krb.mak" CFG="krb - Win32 Debug" RECURSE=1\
+
+   cd "..\kclient"
+
+!ENDIF 
+
+
+!ENDIF 
+
diff --git a/crypto/kerberosIV/lib/kclient/passwd_dialog.rc b/crypto/kerberosIV/lib/kclient/passwd_dialog.rc
new file mode 100644
index 0000000..6478e5f
--- /dev/null
+++ b/crypto/kerberosIV/lib/kclient/passwd_dialog.rc
@@ -0,0 +1,143 @@
+//Microsoft Developer Studio generated resource script.
+//
+#include "resource.h"
+
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 2 resource.
+//
+#include "afxres.h"
+
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+/////////////////////////////////////////////////////////////////////////////
+// Swedish resources
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_SVE)
+#ifdef _WIN32
+LANGUAGE LANG_SWEDISH, SUBLANG_DEFAULT
+#pragma code_page(1252)
+#endif //_WIN32
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Dialog
+//
+
+IDD_DIALOG1 DIALOG DISCARDABLE  0, 0, 186, 95
+STYLE DS_ABSALIGN | DS_MODALFRAME | DS_CENTER | WS_POPUP | WS_CAPTION
+CAPTION "User data"
+FONT 8, "MS Sans Serif"
+BEGIN
+    EDITTEXT        IDC_EDIT1,71,19,40,14,ES_AUTOHSCROLL
+    EDITTEXT        IDC_EDIT2,71,36,40,14,ES_PASSWORD | ES_AUTOHSCROLL
+    DEFPUSHBUTTON   "OK",IDOK,31,74,50,14
+    PUSHBUTTON      "Cancel",IDCANCEL,105,74,50,14
+    LTEXT           "User name:",IDC_STATIC,27,23,37,8,NOT WS_GROUP
+    LTEXT           "Password:",IDC_STATIC,27,39,34,8,NOT WS_GROUP
+END
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// DESIGNINFO
+//
+
+#ifdef APSTUDIO_INVOKED
+GUIDELINES DESIGNINFO DISCARDABLE 
+BEGIN
+    IDD_DIALOG1, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 179
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 88
+    END
+END
+#endif    // APSTUDIO_INVOKED
+
+
+#ifdef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// TEXTINCLUDE
+//
+
+1 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "resource.h\0"
+END
+
+2 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "#include ""afxres.h""\r\n"
+    "\0"
+END
+
+3 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "\r\n"
+    "\0"
+END
+
+#endif    // APSTUDIO_INVOKED
+
+
+#ifndef _MAC
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION 1,0,0,1
+ PRODUCTVERSION 1,0,0,1
+ FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+ FILEFLAGS 0x1L
+#else
+ FILEFLAGS 0x0L
+#endif
+ FILEOS 0x40004L
+ FILETYPE 0x2L
+ FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904b0"
+        BEGIN
+            VALUE "CompanyName", "Royal Institute of Technology (KTH)\0"
+            VALUE "FileDescription", "kclient\0"
+            VALUE "FileVersion", "4, 0, 9, 9\0"
+            VALUE "InternalName", "kclient\0"
+            VALUE "LegalCopyright", "Copyright � 1996 - 1998  Royal Institute of Technology (KTH)\0"
+            VALUE "OriginalFilename", "kclnt32.dll\0"
+            VALUE "ProductName", "KTH Kerberos\0"
+            VALUE "ProductVersion", "4,0,9,9\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
+
+#endif    // !_MAC
+
+#endif    // Swedish resources
+/////////////////////////////////////////////////////////////////////////////
+
+
+
+#ifndef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 3 resource.
+//
+
+
+/////////////////////////////////////////////////////////////////////////////
+#endif    // not APSTUDIO_INVOKED
+
diff --git a/crypto/kerberosIV/lib/kclient/passwd_dialog.res b/crypto/kerberosIV/lib/kclient/passwd_dialog.res
new file mode 100644
index 0000000..fc4556f
--- /dev/null
+++ b/crypto/kerberosIV/lib/kclient/passwd_dialog.res
diff --git a/crypto/kerberosIV/lib/kclient/passwd_dlg.c b/crypto/kerberosIV/lib/kclient/passwd_dlg.c
new file mode 100644
index 0000000..fb2f468
--- /dev/null
+++ b/crypto/kerberosIV/lib/kclient/passwd_dlg.c
@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* passwd_dlg.c - Dialog boxes for Windows95/NT
+ * Author:	J�rgen Karlsson - d93-jka@nada.kth.se
+ * Date:	June 1996
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: passwd_dlg.c,v 1.11 1999/12/02 16:58:40 joda Exp $");
+#endif
+
+#ifdef WIN32	/* Visual C++ 4.0 (Windows95/NT) */
+#include <Windows.h>
+#include "passwd_dlg.h"
+#include "Resource.h"
+#define passwdBufSZ 64
+#define usr_nameSZ 64
+
+static char user_name[usr_nameSZ];
+static char passwd[passwdBufSZ];
+
+BOOL CALLBACK
+pwd_dialog_proc(HWND hwndDlg,
+		UINT uMsg,
+		WPARAM wParam,
+		LPARAM lParam)
+{
+    switch(uMsg)
+    {
+    case WM_INITDIALOG:
+	SetDlgItemText(hwndDlg, IDC_EDIT1, user_name);
+	return TRUE;
+	break;
+
+    case WM_COMMAND: 
+	switch(wParam)
+	{
+	case IDOK:
+	    if(!GetDlgItemText(hwndDlg,IDC_EDIT1, user_name, usr_nameSZ))
+		EndDialog(hwndDlg, IDCANCEL);
+	    if(!GetDlgItemText(hwndDlg,IDC_EDIT2, passwd, passwdBufSZ))
+		EndDialog(hwndDlg, IDCANCEL);
+	case IDCANCEL:
+	    EndDialog(hwndDlg, wParam);
+	    return TRUE;
+	}
+	break;
+    }
+    return FALSE;
+}
+
+
+/* return 0 if ok, 1 otherwise */
+int
+pwd_dialog(char *user, size_t user_sz,
+	   char *password, size_t password_sz)
+{
+    int i;
+    HWND wnd = GetActiveWindow();
+    HANDLE hInst = GetModuleHandle("kclnt32");
+
+    strlcpy(user_name, user, sizeof(user_name));
+    switch(DialogBox(hInst,MAKEINTRESOURCE(IDD_DIALOG1),wnd,pwd_dialog_proc))
+    {
+    case IDOK:
+	strlcpy(user, user_name, user_sz);
+	strlcpy(password, passwd, password_sz);
+	memset (passwd, 0, sizeof(passwd));
+	return 0;
+    case IDCANCEL:
+    default:
+	memset (passwd, 0, sizeof(passwd));
+	return 1;
+    }
+}
+
+#endif /* WIN32 */
diff --git a/crypto/kerberosIV/lib/kclient/passwd_dlg.h b/crypto/kerberosIV/lib/kclient/passwd_dlg.h
new file mode 100644
index 0000000..543a560
--- /dev/null
+++ b/crypto/kerberosIV/lib/kclient/passwd_dlg.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* passwd_dlg.h - Dialog boxes for Windows95/NT
+ * Author:	J�rgen Karlsson - d93-jka@nada.kth.se
+ * Date:	June 1996
+ */
+
+/* $Id: passwd_dlg.h,v 1.7 1999/12/02 16:58:40 joda Exp $ */
+
+#ifndef PASSWD_DLG_H
+#define PASSWD_DLG_H
+
+int pwd_dialog(char *user, size_t user_sz,
+	       char *password, size_t password_sz);
+
+#endif /* PASSWD_DLG_H */
diff --git a/crypto/kerberosIV/lib/kclient/resource.h b/crypto/kerberosIV/lib/kclient/resource.h
new file mode 100644
index 0000000..76a6eb5
--- /dev/null
+++ b/crypto/kerberosIV/lib/kclient/resource.h
@@ -0,0 +1,18 @@
+//{{NO_DEPENDENCIES}}
+// Microsoft Developer Studio generated include file.
+// Used by passwd_dialog.rc
+//
+#define IDD_DIALOG1                     101
+#define IDC_EDIT1                       1000
+#define IDC_EDIT2                       1001
+
+// Next default values for new objects
+// 
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_NEXT_RESOURCE_VALUE        103
+#define _APS_NEXT_COMMAND_VALUE         40001
+#define _APS_NEXT_CONTROL_VALUE         1002
+#define _APS_NEXT_SYMED_VALUE           101
+#endif
+#endif
diff --git a/crypto/kerberosIV/lib/kdb/Makefile.in b/crypto/kerberosIV/lib/kdb/Makefile.in
new file mode 100644
index 0000000..ac90e05
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/Makefile.in
@@ -0,0 +1,94 @@
+#
+# $Id: Makefile.in,v 1.40 1999/03/10 19:01:15 joda Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+LN_S = @LN_S@
+DEFS = @DEFS@ -DROKEN_RENAME
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+PICFLAGS = @PICFLAGS@
+ 
+LIB_DBM  = @LIB_DBM@
+LIB_DEPS = @lib_deps_yes@ $(LIB_DBM) -lc
+build_symlink_command   = @build_symlink_command@
+install_symlink_command = @install_symlink_command@
+
+LIBNAME = $(LIBPREFIX)kdb
+LIBEXT = @LIBEXT@
+SHLIBEXT = @SHLIBEXT@
+LIBPREFIX = @LIBPREFIX@
+LDSHARED = @LDSHARED@
+LIB = $(LIBNAME).$(LIBEXT)
+
+SOURCES = krb_cache.c krb_kdb_utils.c copykey.c krb_lib.c \
+	krb_dbm.c print_princ.c
+
+OBJECTS = krb_cache.o krb_kdb_utils.o copykey.o krb_lib.o \
+	krb_dbm.o print_princ.o
+
+all: $(LIB)
+
+Wall:
+		make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) -I. $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB)
+	@install_symlink_command@
+
+uninstall:
+	rm -f $(DESTDIR)$(libdir)/$(LIB)
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f $(LIB) *.o *.a *.so *.so.* so_locations
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~ roken_rename.h
+
+realclean: distclean
+	rm -f TAGS
+
+$(LIBNAME).a: $(OBJECTS)
+	rm -f $@
+	$(AR) cr $@ $(OBJECTS)
+	-$(RANLIB) $@
+
+$(LIBNAME).$(SHLIBEXT): $(OBJECTS)
+	rm -f $@
+	$(LDSHARED) -o $@ $(OBJECTS) $(LIB_DEPS)
+	@build_symlink_command@
+
+$(OBJECTS): ../../include/config.h roken_rename.h
+
+roken_rename.h:
+	$(LN_S) $(srcdir)/../krb/roken_rename.h .
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/kdb/copykey.c b/crypto/kerberosIV/lib/kdb/copykey.c
new file mode 100644
index 0000000..72b2b69
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/copykey.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdb_locl.h"
+
+RCSID("$Id: copykey.c,v 1.11 1999/12/02 16:58:40 joda Exp $");
+
+void
+copy_from_key(des_cblock in, u_int32_t *lo, u_int32_t *hi)
+{
+    memcpy(lo, ((char *) in) + 0, 4);
+    memcpy(hi, ((char *) in) + 4, 4);
+}
+
+void
+copy_to_key(u_int32_t *lo, u_int32_t *hi, des_cblock out)
+{
+    memcpy(((char *)out) + 0, lo, 4);
+    memcpy(((char *)out) + 4, hi, 4);
+}
diff --git a/crypto/kerberosIV/lib/kdb/kdb_locl.h b/crypto/kerberosIV/lib/kdb/kdb_locl.h
new file mode 100644
index 0000000..2478f64
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/kdb_locl.h
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kdb_locl.h,v 1.10 1999/12/02 16:58:40 joda Exp $ */
+
+#ifndef __kdb_locl_h
+#define __kdb_locl_h
+
+#include "config.h"
+#include "protos.h"
+
+#include "base64.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <unistd.h>
+#include <errno.h>
+
+#include <sys/types.h>
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <utime.h>
+#include <sys/file.h>
+#include <roken.h>
+
+#include <krb.h>
+#include <krb_db.h>
+
+/* --- */
+
+/* Globals! */
+
+/* Utils */
+
+int kerb_db_set_lockmode __P((int));
+void kerb_db_fini __P((void));
+int kerb_db_init __P((void));
+int kerb_db_get_principal __P((char *name, char *, Principal *, unsigned int, int *));
+int kerb_db_get_dba __P((char *, char *, Dba *, unsigned int, int *));
+
+void delta_stat __P((DB_stat *, DB_stat *, DB_stat *));
+
+int kerb_cache_init __P((void));
+int kerb_cache_get_principal __P((char *name, char *, Principal *, unsigned int));
+int kerb_cache_put_principal __P((Principal *, unsigned int));
+int kerb_cache_get_dba __P((char *, char *, Dba *, unsigned int));
+int kerb_cache_put_dba __P((Dba *, unsigned int));
+
+void krb_print_principal __P((Principal *));
+
+#endif /*  __kdb_locl_h */
diff --git a/crypto/kerberosIV/lib/kdb/kdc.h b/crypto/kerberosIV/lib/kdb/kdc.h
new file mode 100644
index 0000000..968775d
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/kdc.h
@@ -0,0 +1,35 @@
+/*
+ * $Id: kdc.h,v 1.8 1997/04/01 03:59:05 assar Exp $
+ * $FreeBSD$
+ *
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>. 
+ *
+ * Include file for the Kerberos Key Distribution Center. 
+ */
+
+#ifndef KDC_DEFS
+#define KDC_DEFS
+
+/* Don't depend on this! */
+#ifndef MKEYFILE
+#if 1
+#define MKEYFILE	"/etc/kerberosIV/master-key"
+#else
+#define MKEYFILE	"/.k"
+#endif
+#endif
+#ifndef K_LOGFIL
+#define K_LOGFIL	"/var/log/kpropd.log"
+#endif
+
+#define ONE_MINUTE	60
+#define FIVE_MINUTES	(5 * ONE_MINUTE)
+#define ONE_HOUR	(60 * ONE_MINUTE)
+#define ONE_DAY		(24 * ONE_HOUR)
+#define THREE_DAYS	(3 * ONE_DAY)
+
+#endif /* KDC_DEFS */
+
diff --git a/crypto/kerberosIV/lib/kdb/krb_cache.c b/crypto/kerberosIV/lib/kdb/krb_cache.c
new file mode 100644
index 0000000..bd8da50
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/krb_cache.c
@@ -0,0 +1,183 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+/*
+ * This is where a cache would be implemented, if it were necessary.
+ */
+
+#include "kdb_locl.h"
+
+RCSID("$Id: krb_cache.c,v 1.7 1998/06/09 19:25:14 joda Exp $");
+
+#ifdef DEBUG
+extern int debug;
+extern long kerb_debug;
+#endif
+static int init = 0;
+
+/*
+ * initialization routine for cache 
+ */
+
+int
+kerb_cache_init(void)
+{
+    init = 1;
+    return (0);
+}
+
+/*
+ * look up a principal in the cache returns number of principals found 
+ */
+
+int
+kerb_cache_get_principal(char *serv, /* could have wild card */
+			 char *inst, /* could have wild card */
+			 Principal *principal,
+			 unsigned int max) /* max number of name structs to return */
+{
+    int     found = 0;
+
+    if (!init)
+	kerb_cache_init();
+#ifdef DEBUG
+    if (kerb_debug & 2)
+	fprintf(stderr, "cache_get_principal for %s %s max = %d\n",
+	    serv, inst, max);
+#endif /* DEBUG */
+    
+#ifdef DEBUG
+    if (kerb_debug & 2) {
+	if (found) {
+	    fprintf(stderr, "cache get %s %s found %s %s sid = %d\n",
+		serv, inst, principal->name, principal->instance);
+	} else {
+	    fprintf(stderr, "cache %s %s not found\n", serv,
+		inst);
+	}
+    }
+#endif
+    return (found);
+}
+
+/*
+ * insert/replace a principal in the cache returns number of principals
+ * inserted 
+ */
+
+int
+kerb_cache_put_principal(Principal *principal,
+			 unsigned int max)
+                     		/* max number of principal structs to
+				 * insert */
+{
+    u_long  i;
+    int     count = 0;
+
+    if (!init)
+	kerb_cache_init();
+
+#ifdef DEBUG
+    if (kerb_debug & 2) {
+	fprintf(stderr, "kerb_cache_put_principal  max = %d",
+	    max);
+    }
+#endif
+    
+    for (i = 0; i < max; i++) {
+#ifdef DEBUG
+	if (kerb_debug & 2)
+	    fprintf(stderr, "\n %s %s",
+		    principal->name, principal->instance);
+#endif	
+	/* DO IT */
+	count++;
+	principal++;
+    }
+    return count;
+}
+
+/*
+ * look up a dba in the cache returns number of dbas found 
+ */
+
+int
+kerb_cache_get_dba(char *serv,	/* could have wild card */
+		   char *inst,	/* could have wild card */
+		   Dba *dba,
+		   unsigned int max) /* max number of name structs to return */
+{
+    int     found = 0;
+
+    if (!init)
+	kerb_cache_init();
+
+#ifdef DEBUG
+    if (kerb_debug & 2)
+	fprintf(stderr, "cache_get_dba for %s %s max = %d\n",
+	    serv, inst, max);
+#endif
+
+#ifdef DEBUG
+    if (kerb_debug & 2) {
+	if (found) {
+	    fprintf(stderr, "cache get %s %s found %s %s sid = %d\n",
+		serv, inst, dba->name, dba->instance);
+	} else {
+	    fprintf(stderr, "cache %s %s not found\n", serv, inst);
+	}
+    }
+#endif
+    return (found);
+}
+
+/*
+ * insert/replace a dba in the cache returns number of dbas inserted 
+ */
+
+int
+kerb_cache_put_dba(Dba *dba,
+		   unsigned int max)
+                     		/* max number of dba structs to insert */
+{
+    u_long  i;
+    int     count = 0;
+
+    if (!init)
+	kerb_cache_init();
+#ifdef DEBUG
+    if (kerb_debug & 2) {
+	fprintf(stderr, "kerb_cache_put_dba  max = %d", max);
+    }
+#endif
+    for (i = 0; i < max; i++) {
+#ifdef DEBUG
+	if (kerb_debug & 2)
+	    fprintf(stderr, "\n %s %s",
+		    dba->name, dba->instance);
+#endif	
+	/* DO IT */
+	count++;
+	dba++;
+    }
+    return count;
+}
+
diff --git a/crypto/kerberosIV/lib/kdb/krb_db.h b/crypto/kerberosIV/lib/kdb/krb_db.h
new file mode 100644
index 0000000..d0fc260
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/krb_db.h
@@ -0,0 +1,138 @@
+/*
+ * $Id: krb_db.h,v 1.15 1996/12/17 20:34:32 assar Exp $ 
+ * $FreeBSD$ 
+ *
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>. 
+ *
+ * spm		Project Athena  8/85 
+ *
+ * This file defines data structures for the kerberos
+ * authentication/authorization database. 
+ *
+ * They MUST correspond to those defined in *.rel 
+ */
+
+#ifndef KRB_DB_DEFS
+#define KRB_DB_DEFS
+
+#include <stdio.h>
+
+#define KERB_M_NAME		"K"	/* Kerberos */
+#define KERB_M_INST		"M"	/* Master */
+#define KERB_DEFAULT_NAME	"default"
+#define KERB_DEFAULT_INST	""
+#ifndef DB_DIR
+#define DB_DIR			"/var/db/kerberos"
+#endif
+#ifndef DBM_FILE
+#define	DBM_FILE		DB_DIR "/principal"
+#endif
+
+/* this also defines the number of queue headers */
+#define KERB_DB_HASH_MODULO 64
+
+
+/* Arguments to kerb_dbl_lock() */
+
+#define KERB_DBL_EXCLUSIVE 1
+#define KERB_DBL_SHARED 0
+
+/* arguments to kerb_db_set_lockmode() */
+
+#define KERB_DBL_BLOCKING 0
+#define KERB_DBL_NONBLOCKING 1
+
+/* arguments to kdb_get_master_key */
+
+#define KDB_GET_PROMPT 1
+#define KDB_GET_TWICE  2
+
+/* Principal defines the structure of a principal's name */
+
+typedef struct {
+    char    name[ANAME_SZ];
+    char    instance[INST_SZ];
+
+    u_int32_t key_low;
+    u_int32_t key_high;
+    u_int32_t exp_date;
+    char    exp_date_txt[DATE_SZ];
+    u_int32_t mod_date;
+    char    mod_date_txt[DATE_SZ];
+    u_int16_t attributes;
+    u_int8_t max_life;
+    u_int8_t kdc_key_ver;
+    u_int8_t key_version;
+
+    char    mod_name[ANAME_SZ];
+    char    mod_instance[INST_SZ];
+    char   *old;		/* cast to (Principal *); not in db,
+				 * ptr to old vals */
+} Principal;
+
+typedef struct {
+    int32_t    cpu;
+    int32_t    elapsed;
+    int32_t    dio;
+    int32_t    pfault;
+    int32_t    t_stamp;
+    int32_t    n_retrieve;
+    int32_t    n_replace;
+    int32_t    n_append;
+    int32_t    n_get_stat;
+    int32_t    n_put_stat;
+} DB_stat;
+
+/* Dba defines the structure of a database administrator */
+
+typedef struct {
+    char    name[ANAME_SZ];
+    char    instance[INST_SZ];
+    u_int16_t attributes;
+    u_int32_t exp_date;
+    char    exp_date_txt[DATE_SZ];
+    char   *old;	/*
+			 * cast to (Dba *); not in db, ptr to
+			 * old vals
+			 */
+} Dba;
+
+typedef int (*k_iter_proc_t)(void*, Principal*);
+
+void copy_from_key __P((des_cblock in, u_int32_t *lo, u_int32_t *hi));
+void copy_to_key __P((u_int32_t *lo, u_int32_t *hi, des_cblock out));
+
+void kdb_encrypt_key __P((des_cblock *, des_cblock *, des_cblock *,
+			  des_key_schedule, int));
+int kdb_get_master_key __P((int prompt, des_cblock *master_key,
+			    des_key_schedule master_key_sched));
+int kdb_get_new_master_key __P((des_cblock *, des_key_schedule, int));
+int kdb_kstash __P((des_cblock *, char *));
+int kdb_new_get_master_key __P((des_cblock *, des_key_schedule));
+int kdb_new_get_new_master_key __P((des_cblock *key, des_key_schedule schedule, int verify));
+long kdb_verify_master_key __P((des_cblock *, des_key_schedule, FILE *));
+long *kerb_db_begin_update __P((void));
+int kerb_db_create __P((char *db_name));
+int kerb_db_delete_principal (char *name, char *inst);
+void kerb_db_end_update __P((long *db));
+int kerb_db_get_dba __P((char *, char *, Dba *, unsigned, int *));
+void kerb_db_get_stat __P((DB_stat *));
+int kerb_db_iterate __P((k_iter_proc_t, void*));
+int kerb_db_put_principal __P((Principal *, unsigned int));
+void kerb_db_put_stat __P((DB_stat *));
+int kerb_db_rename __P((char *, char *));
+int kerb_db_set_lockmode __P((int));
+int kerb_db_set_name __P((char *));
+int kerb_db_update __P((long *db, Principal *principal, unsigned int max));
+int kerb_delete_principal __P((char *name, char *inst));
+void kerb_fini __P((void));
+int kerb_get_dba __P((char *, char *, Dba *, unsigned int, int *));
+time_t kerb_get_db_age __P((void));
+int kerb_get_principal __P((char *, char *, Principal *, unsigned int, int *));
+int kerb_init __P((void));
+int kerb_put_principal __P((Principal *, unsigned int));
+
+#endif /* KRB_DB_DEFS */
diff --git a/crypto/kerberosIV/lib/kdb/krb_dbm.c b/crypto/kerberosIV/lib/kdb/krb_dbm.c
new file mode 100644
index 0000000..7265e20
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/krb_dbm.c
@@ -0,0 +1,768 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "kdb_locl.h"
+
+RCSID("$Id: krb_dbm.c,v 1.37 1999/09/16 20:41:49 assar Exp $");
+
+#include <xdbm.h>
+
+#define KERB_DB_MAX_RETRY 5
+
+#ifdef DEBUG
+extern int debug;
+extern long kerb_debug;
+extern char *progname;
+#endif
+
+static int init = 0;
+static char default_db_name[] = DBM_FILE;
+static char *current_db_name = default_db_name;
+
+static struct timeval timestamp;/* current time of request */
+static int non_blocking = 0;
+
+/*
+ * This module contains all of the code which directly interfaces to
+ * the underlying representation of the Kerberos database; this
+ * implementation uses a DBM or NDBM indexed "file" (actually
+ * implemented as two separate files) to store the relations, plus a
+ * third file as a semaphore to allow the database to be replaced out
+ * from underneath the KDC server.
+ */
+
+/*
+ * Locking:
+ * 
+ * There are two distinct locking protocols used.  One is designed to
+ * lock against processes (the admin_server, for one) which make
+ * incremental changes to the database; the other is designed to lock
+ * against utilities (kdb_util, kpropd) which replace the entire
+ * database in one fell swoop.
+ *
+ * The first locking protocol is implemented using flock() in the 
+ * krb_dbl_lock() and krb_dbl_unlock routines.
+ *
+ * The second locking protocol is necessary because DBM "files" are
+ * actually implemented as two separate files, and it is impossible to
+ * atomically rename two files simultaneously.  It assumes that the
+ * database is replaced only very infrequently in comparison to the time
+ * needed to do a database read operation.
+ *
+ * A third file is used as a "version" semaphore; the modification
+ * time of this file is the "version number" of the database.
+ * At the start of a read operation, the reader checks the version
+ * number; at the end of the read operation, it checks again.  If the
+ * version number changed, or if the semaphore was nonexistant at
+ * either time, the reader sleeps for a second to let things
+ * stabilize, and then tries again; if it does not succeed after
+ * KERB_DB_MAX_RETRY attempts, it gives up.
+ * 
+ * On update, the semaphore file is deleted (if it exists) before any
+ * update takes place; at the end of the update, it is replaced, with
+ * a version number strictly greater than the version number which
+ * existed at the start of the update.
+ * 
+ * If the system crashes in the middle of an update, the semaphore
+ * file is not automatically created on reboot; this is a feature, not
+ * a bug, since the database may be inconsistant.  Note that the
+ * absence of a semaphore file does not prevent another _update_ from
+ * taking place later.  Database replacements take place automatically
+ * only on slave servers; a crash in the middle of an update will be
+ * fixed by the next slave propagation.  A crash in the middle of an
+ * update on the master would be somewhat more serious, but this would
+ * likely be noticed by an administrator, who could fix the problem and
+ * retry the operation.
+ */
+
+
+/*
+ * Utility routine: generate name of database file.
+ */
+
+static char *
+gen_dbsuffix(char *db_name, char *sfx)
+{
+    char *dbsuffix;
+    
+    if (sfx == NULL)
+	sfx = ".ok";
+
+    asprintf (&dbsuffix, "%s%s", db_name, sfx);
+    if (dbsuffix == NULL) {
+	fprintf (stderr, "gen_dbsuffix: out of memory\n");
+	exit(1);
+    }
+    return dbsuffix;
+}
+
+static void
+decode_princ_key(datum *key, char *name, char *instance)
+{
+    strlcpy (name, key->dptr, ANAME_SZ);
+    strlcpy (instance, (char *)key->dptr + ANAME_SZ, INST_SZ);
+}
+
+static void
+encode_princ_contents(datum *contents, Principal *principal)
+{
+    contents->dsize = sizeof(*principal);
+    contents->dptr = (char *) principal;
+}
+
+static void
+decode_princ_contents (datum *contents, Principal *principal)
+{
+    memcpy(principal, contents->dptr, sizeof(*principal));
+}
+
+static void
+encode_princ_key (datum *key, char *name, char *instance)
+{
+    static char keystring[ANAME_SZ + INST_SZ];
+
+    memset(keystring, 0, ANAME_SZ + INST_SZ);
+    strncpy(keystring, name, ANAME_SZ);
+    strncpy(&keystring[ANAME_SZ], instance, INST_SZ);
+    key->dptr = keystring;
+    key->dsize = ANAME_SZ + INST_SZ;
+}
+
+static int dblfd = -1;		/* db LOCK fd */
+static int mylock = 0;
+static int inited = 0;
+
+static int
+kerb_dbl_init(void)
+{
+    if (!inited) {
+	char *filename = gen_dbsuffix (current_db_name, ".ok");
+	if ((dblfd = open(filename, O_RDWR)) < 0) {
+	    fprintf(stderr, "kerb_dbl_init: couldn't open %s\n", filename);
+	    fflush(stderr);
+	    perror("open");
+	    exit(1);
+	}
+	free(filename);
+	inited++;
+    }
+    return (0);
+}
+
+static void
+kerb_dbl_fini(void)
+{
+    close(dblfd);
+    dblfd = -1;
+    inited = 0;
+    mylock = 0;
+}
+
+static int
+kerb_dbl_lock(int mode)
+{
+    int flock_mode;
+    
+    if (!inited)
+	kerb_dbl_init();
+    if (mylock) {		/* Detect lock call when lock already
+				 * locked */
+	fprintf(stderr, "Kerberos locking error (mylock)\n");
+	fflush(stderr);
+	exit(1);
+    }
+    switch (mode) {
+    case KERB_DBL_EXCLUSIVE:
+	flock_mode = LOCK_EX;
+	break;
+    case KERB_DBL_SHARED:
+	flock_mode = LOCK_SH;
+	break;
+    default:
+	fprintf(stderr, "invalid lock mode %d\n", mode);
+	abort();
+    }
+    if (non_blocking)
+	flock_mode |= LOCK_NB;
+    
+    if (flock(dblfd, flock_mode) < 0) 
+	return errno;
+    mylock++;
+    return 0;
+}
+
+static void
+kerb_dbl_unlock(void)
+{
+    if (!mylock) {		/* lock already unlocked */
+	fprintf(stderr, "Kerberos database lock not locked when unlocking.\n");
+	fflush(stderr);
+	exit(1);
+    }
+    if (flock(dblfd, LOCK_UN) < 0) {
+	fprintf(stderr, "Kerberos database lock error. (unlocking)\n");
+	fflush(stderr);
+	perror("flock");
+	exit(1);
+    }
+    mylock = 0;
+}
+
+int
+kerb_db_set_lockmode(int mode)
+{
+    int old = non_blocking;
+    non_blocking = mode;
+    return old;
+}
+
+/*
+ * initialization for data base routines.
+ */
+
+int
+kerb_db_init(void)
+{
+    init = 1;
+    return (0);
+}
+
+/*
+ * gracefully shut down database--must be called by ANY program that does
+ * a kerb_db_init 
+ */
+
+void
+kerb_db_fini(void)
+{
+}
+
+/*
+ * Set the "name" of the current database to some alternate value.
+ *
+ * Passing a null pointer as "name" will set back to the default.
+ * If the alternate database doesn't exist, nothing is changed.
+ */
+
+int
+kerb_db_set_name(char *name)
+{
+    DBM *db;
+
+    if (name == NULL)
+	name = default_db_name;
+    db = dbm_open(name, 0, 0);
+    if (db == NULL)
+	return errno;
+    dbm_close(db);
+    kerb_dbl_fini();
+    current_db_name = name;
+    return 0;
+}
+
+/*
+ * Return the last modification time of the database.
+ */
+
+time_t
+kerb_get_db_age(void)
+{
+    struct stat st;
+    char *okname;
+    time_t age;
+    
+    okname = gen_dbsuffix(current_db_name, ".ok");
+
+    if (stat (okname, &st) < 0)
+	age = 0;
+    else
+	age = st.st_mtime;
+
+    free (okname);
+    return age;
+}
+
+/*
+ * Remove the semaphore file; indicates that database is currently
+ * under renovation.
+ *
+ * This is only for use when moving the database out from underneath
+ * the server (for example, during slave updates).
+ */
+
+static time_t
+kerb_start_update(char *db_name)
+{
+    char *okname = gen_dbsuffix(db_name, ".ok");
+    time_t age = kerb_get_db_age();
+    
+    if (unlink(okname) < 0
+	&& errno != ENOENT) {
+	    age = -1;
+    }
+    free (okname);
+    return age;
+}
+
+static int
+kerb_end_update(char *db_name, time_t age)
+{
+    int fd;
+    int retval = 0;
+    char *new_okname = gen_dbsuffix(db_name, ".ok#");
+    char *okname = gen_dbsuffix(db_name, ".ok");
+    
+    fd = open (new_okname, O_CREAT|O_RDWR|O_TRUNC, 0600);
+    if (fd < 0)
+	retval = errno;
+    else {
+	struct stat st;
+	struct utimbuf tv;
+	/* make sure that semaphore is "after" previous value. */
+	if (fstat (fd, &st) == 0
+	    && st.st_mtime <= age) {
+	    tv.actime = st.st_atime;
+	    tv.modtime = age;
+	    /* set times.. */
+	    utime (new_okname, &tv);
+	    fsync(fd);
+	}
+	close(fd);
+	if (rename (new_okname, okname) < 0)
+	    retval = errno;
+    }
+
+    free (new_okname);
+    free (okname);
+
+    return retval;
+}
+
+static time_t
+kerb_start_read(void)
+{
+    return kerb_get_db_age();
+}
+
+static int
+kerb_end_read(time_t age)
+{
+    if (kerb_get_db_age() != age || age == -1) {
+	return -1;
+    }
+    return 0;
+}
+
+/*
+ * Create the database, assuming it's not there.
+ */
+int
+kerb_db_create(char *db_name)
+{
+    char *okname = gen_dbsuffix(db_name, ".ok");
+    int fd;
+    int ret = 0;
+#ifdef NDBM
+    DBM *db;
+
+    db = dbm_open(db_name, O_RDWR|O_CREAT|O_EXCL, 0600);
+    if (db == NULL)
+	ret = errno;
+    else
+	dbm_close(db);
+#else
+    char *dirname = gen_dbsuffix(db_name, ".dir");
+    char *pagname = gen_dbsuffix(db_name, ".pag");
+
+    fd = open(dirname, O_RDWR|O_CREAT|O_EXCL, 0600);
+    if (fd < 0)
+	ret = errno;
+    else {
+	close(fd);
+	fd = open (pagname, O_RDWR|O_CREAT|O_EXCL, 0600);
+	if (fd < 0)
+	    ret = errno;
+	else
+	    close(fd);
+    }
+    if (dbminit(db_name) < 0)
+	ret = errno;
+#endif
+    if (ret == 0) {
+	fd = open (okname, O_CREAT|O_RDWR|O_TRUNC, 0600);
+	if (fd < 0)
+	    ret = errno;
+	close(fd);
+    }
+    return ret;
+}
+
+/*
+ * "Atomically" rename the database in a way that locks out read
+ * access in the middle of the rename.
+ *
+ * Not perfect; if we crash in the middle of an update, we don't
+ * necessarily know to complete the transaction the rename, but...
+ */
+
+int
+kerb_db_rename(char *from, char *to)
+{
+#ifdef HAVE_NEW_DB
+    char *fromdb = gen_dbsuffix (from, ".db");
+    char *todb = gen_dbsuffix (to, ".db");
+#else
+    char *fromdir = gen_dbsuffix (from, ".dir");
+    char *todir = gen_dbsuffix (to, ".dir");
+    char *frompag = gen_dbsuffix (from , ".pag");
+    char *topag = gen_dbsuffix (to, ".pag");
+#endif
+    char *fromok = gen_dbsuffix(from, ".ok");
+    long trans = kerb_start_update(to);
+    int ok = 0;
+    
+#ifdef HAVE_NEW_DB
+    if (rename (fromdb, todb) == 0) {
+	unlink (fromok);
+	ok = 1;
+    }
+    free (fromdb);
+    free (todb);
+#else
+    if ((rename (fromdir, todir) == 0)
+	&& (rename (frompag, topag) == 0)) {
+	unlink (fromok);
+	ok = 1;
+    }
+    free (fromdir);
+    free (todir);
+    free (frompag);
+    free (topag);
+#endif
+    free (fromok);
+    if (ok)
+	return kerb_end_update(to, trans);
+    else
+	return -1;
+}
+
+int
+kerb_db_delete_principal (char *name, char *inst)
+{
+    DBM *db;
+    int try;
+    int done = 0;
+    int code;
+    datum key;
+    
+    if(!init)
+	kerb_db_init();
+    
+    for(try = 0; try < KERB_DB_MAX_RETRY; try++){
+	if((code = kerb_dbl_lock(KERB_DBL_EXCLUSIVE)) != 0)
+	    return -1;
+	
+	db = dbm_open(current_db_name, O_RDWR, 0600);
+	if(db == NULL)
+	    return -1;
+	encode_princ_key(&key, name, inst);
+	if(dbm_delete(db, key) == 0)
+	    done = 1;
+	
+	dbm_close(db);
+	kerb_dbl_unlock();
+	if(done)
+	    break;
+	if(!non_blocking)
+	    sleep(1);
+    }
+    if(!done)
+	return -1;
+    return 0;
+}
+
+
+/*
+ * look up a principal in the data base returns number of principals
+ * found , and whether there were more than requested. 
+ */
+
+int
+kerb_db_get_principal (char *name, char *inst, Principal *principal, 
+		       unsigned int max, int *more)
+{
+    int     found = 0, code;
+    int     wildp, wildi;
+    datum   key, contents;
+    char    testname[ANAME_SZ], testinst[INST_SZ];
+    u_long trans;
+    int try;
+    DBM    *db;
+
+    if (!init)
+	kerb_db_init();		/* initialize database routines */
+
+    for (try = 0; try < KERB_DB_MAX_RETRY; try++) {
+	trans = kerb_start_read();
+
+	if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
+	    return -1;
+
+	db = dbm_open(current_db_name, O_RDONLY, 0600);
+	if (db == NULL)
+	    return -1;
+
+	*more = 0;
+
+#ifdef DEBUG
+	if (kerb_debug & 2)
+	    fprintf(stderr,
+		    "%s: db_get_principal for %s %s max = %d",
+		    progname, name, inst, max);
+#endif
+
+	wildp = !strcmp(name, "*");
+	wildi = !strcmp(inst, "*");
+
+	if (!wildi && !wildp) {	/* nothing's wild */
+	    encode_princ_key(&key, name, inst);
+	    contents = dbm_fetch(db, key);
+	    if (contents.dptr == NULL) {
+		found = 0;
+		goto done;
+	    }
+	    decode_princ_contents(&contents, principal);
+#ifdef DEBUG
+	    if (kerb_debug & 1) {
+		fprintf(stderr, "\t found %s %s p_n length %d t_n length %d\n",
+			principal->name, principal->instance,
+			strlen(principal->name),
+			strlen(principal->instance));
+	    }
+#endif
+	    found = 1;
+	    goto done;
+	}
+	/* process wild cards by looping through entire database */
+
+	for (key = dbm_firstkey(db); key.dptr != NULL;
+	     key = dbm_next(db, key)) {
+	    decode_princ_key(&key, testname, testinst);
+	    if ((wildp || !strcmp(testname, name)) &&
+		(wildi || !strcmp(testinst, inst))) { /* have a match */
+		if (found >= max) {
+		    *more = 1;
+		    goto done;
+		} else {
+		    found++;
+		    contents = dbm_fetch(db, key);
+		    decode_princ_contents(&contents, principal);
+#ifdef DEBUG
+		    if (kerb_debug & 1) {
+			fprintf(stderr,
+				"\tfound %s %s p_n length %d t_n length %d\n",
+				principal->name, principal->instance,
+				strlen(principal->name),
+				strlen(principal->instance));
+		    }
+#endif
+		    principal++; /* point to next */
+		}
+	    }
+	}
+
+    done:
+	kerb_dbl_unlock();	/* unlock read lock */
+	dbm_close(db);
+	if (kerb_end_read(trans) == 0)
+	    break;
+	found = -1;
+	if (!non_blocking)
+	    sleep(1);
+    }
+    return (found);
+}
+
+/* Use long * rather than DBM * so that the database structure is private */
+
+long *
+kerb_db_begin_update(void)
+{
+    int code;
+
+    gettimeofday(&timestamp, NULL);
+
+    if (!init)
+	kerb_db_init();
+
+    if ((code = kerb_dbl_lock(KERB_DBL_EXCLUSIVE)) != 0)
+	return 0;
+
+    return (long *) dbm_open(current_db_name, O_RDWR, 0600);
+}
+
+void
+kerb_db_end_update(long *db)
+{
+    dbm_close((DBM *)db);
+    kerb_dbl_unlock();		/* unlock database */
+}
+
+int
+kerb_db_update(long *db, Principal *principal, unsigned int max)
+{
+    int     found = 0;
+    u_long  i;
+    datum   key, contents;
+
+#ifdef DEBUG
+    if (kerb_debug & 2)
+	fprintf(stderr, "%s: kerb_db_put_principal  max = %d",
+	    progname, max);
+#endif
+
+    /* for each one, stuff temps, and do replace/append */
+    for (i = 0; i < max; i++) {
+	encode_princ_contents(&contents, principal);
+	encode_princ_key(&key, principal->name, principal->instance);
+	if(dbm_store((DBM *)db, key, contents, DBM_REPLACE) < 0)
+	    return found; /* XXX some better mechanism to report
+			     failure should exist */
+#ifdef DEBUG
+	if (kerb_debug & 1) {
+	    fprintf(stderr, "\n put %s %s\n",
+		principal->name, principal->instance);
+	}
+#endif
+	found++;
+	principal++;		/* bump to next struct			   */
+    }
+    return found;
+}
+
+/*
+ * Update a name in the data base.  Returns number of names
+ * successfully updated.
+ */
+
+int
+kerb_db_put_principal(Principal *principal,
+		      unsigned max)
+
+{
+    int found;
+    long    *db;
+
+    db = kerb_db_begin_update();
+    if (db == 0)
+	return -1;
+
+    found = kerb_db_update(db, principal, max);
+
+    kerb_db_end_update(db);
+    return (found);
+}
+
+void
+kerb_db_get_stat(DB_stat *s)
+{
+    gettimeofday(&timestamp, NULL);
+
+    s->cpu = 0;
+    s->elapsed = 0;
+    s->dio = 0;
+    s->pfault = 0;
+    s->t_stamp = timestamp.tv_sec;
+    s->n_retrieve = 0;
+    s->n_replace = 0;
+    s->n_append = 0;
+    s->n_get_stat = 0;
+    s->n_put_stat = 0;
+    /* update local copy too */
+}
+
+void
+kerb_db_put_stat(DB_stat *s)
+{
+}
+
+void
+delta_stat(DB_stat *a, DB_stat *b, DB_stat *c)
+{
+    /* c = a - b then b = a for the next time */
+
+    c->cpu = a->cpu - b->cpu;
+    c->elapsed = a->elapsed - b->elapsed;
+    c->dio = a->dio - b->dio;
+    c->pfault = a->pfault - b->pfault;
+    c->t_stamp = a->t_stamp - b->t_stamp;
+    c->n_retrieve = a->n_retrieve - b->n_retrieve;
+    c->n_replace = a->n_replace - b->n_replace;
+    c->n_append = a->n_append - b->n_append;
+    c->n_get_stat = a->n_get_stat - b->n_get_stat;
+    c->n_put_stat = a->n_put_stat - b->n_put_stat;
+
+    memcpy(b, a, sizeof(DB_stat));
+}
+
+/*
+ * look up a dba in the data base returns number of dbas found , and
+ * whether there were more than requested. 
+ */
+
+int
+kerb_db_get_dba(char *dba_name,	/* could have wild card */
+		char *dba_inst,	/* could have wild card */
+		Dba *dba,
+		unsigned max,	/* max number of name structs to return */
+		int *more)	/* where there more than 'max' tuples? */
+{
+    *more = 0;
+    return (0);
+}
+
+int
+kerb_db_iterate (k_iter_proc_t func, void *arg)
+{
+    datum key, contents;
+    Principal *principal;
+    int code;
+    DBM *db;
+    
+    kerb_db_init();		/* initialize and open the database */
+    if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
+	return code;
+
+    db = dbm_open(current_db_name, O_RDONLY, 0600);
+    if (db == NULL)
+	return errno;
+
+    for (key = dbm_firstkey (db); key.dptr != NULL; key = dbm_next(db, key)) {
+	contents = dbm_fetch (db, key);
+	/* XXX may not be properly aligned */
+	principal = (Principal *) contents.dptr;
+	if ((code = (*func)(arg, principal)) != 0)
+	    return code;
+    }
+    dbm_close(db);
+    kerb_dbl_unlock();
+    return 0;
+}
diff --git a/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c b/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c
new file mode 100644
index 0000000..af941dc
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c
@@ -0,0 +1,267 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+/*
+ * Utility routines for Kerberos programs which directly access
+ * the database.  This code was duplicated in too many places
+ * before I gathered it here.
+ *
+ * Jon Rochlis, MIT Telecom, March 1988
+ */
+
+#include "kdb_locl.h"
+
+#include <kdc.h>
+
+RCSID("$Id: krb_kdb_utils.c,v 1.25 1999/03/13 21:24:21 assar Exp $");
+
+/* always try /.k for backwards compatibility */
+static char *master_key_files[] = { MKEYFILE, "/.k", NULL };
+
+#ifdef HAVE_STRERROR
+#define k_strerror(e) strerror(e)
+#else
+static
+char *
+k_strerror(int eno)
+{
+  extern int sys_nerr;
+  extern char *sys_errlist[];
+
+  static char emsg[128];
+
+  if (eno < 0 || eno >= sys_nerr)
+    snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno);
+  else
+    return sys_errlist[eno];
+
+  return emsg;
+}
+#endif
+
+int
+kdb_new_get_master_key(des_cblock *key, des_key_schedule schedule)
+{
+  int kfile = -1;
+  int i;
+  char buf[1024];
+
+  char **mkey;
+
+  for(mkey = master_key_files; *mkey; mkey++){
+      kfile = open(*mkey, O_RDONLY);
+      if(kfile < 0 && errno != ENOENT)
+	  fprintf(stderr, "Failed to open master key file \"%s\": %s\n", 
+		  *mkey,
+		  k_strerror(errno));
+      if(kfile >= 0)
+	  break;
+  }
+  if(*mkey){
+      int bytes;
+      bytes = read(kfile, (char*)key, sizeof(des_cblock));
+      close(kfile);
+      if(bytes == sizeof(des_cblock)){
+	  des_key_sched(key, schedule);
+	  return 0;
+      }
+      fprintf(stderr, "Could only read %d bytes from master key file %s\n", 
+	      bytes, *mkey);
+  }else{
+      fprintf(stderr, "No master key file found.\n");
+  }
+
+  
+  i=0;
+  while(i < 3){
+      if(des_read_pw_string(buf, sizeof(buf), "Enter master password: ", 0))
+	  break;
+
+      /* buffer now contains either an old format master key password or a
+       * new format base64 encoded master key
+       */
+      
+      /* try to verify as old password */
+      des_string_to_key(buf, key);
+      des_key_sched(key, schedule);
+      
+      if(kdb_verify_master_key(key, schedule, NULL) != -1){
+	  memset(buf, 0, sizeof(buf));
+	  return 0;
+      }
+      
+      /* failed test, so must be base64 encoded */
+      
+      if(base64_decode(buf, key) == 8){
+	  des_key_sched(key, schedule);
+	  if(kdb_verify_master_key(key, schedule, NULL) != -1){
+	      memset(buf, 0, sizeof(buf));
+	      return 0;
+	  }
+      }
+      
+      memset(buf, 0, sizeof(buf));
+      fprintf(stderr, "Failed to verify master key.\n");
+      i++;
+  }
+  
+  /* life sucks */
+  fprintf(stderr, "You loose.\n");
+  exit(1);
+}
+
+int
+kdb_new_get_new_master_key(des_cblock *key,
+			   des_key_schedule schedule, 
+			   int verify)
+{
+#ifndef RANDOM_MKEY
+  des_read_password(key, "\nEnter Kerberos master password: ", verify);
+  printf ("\n");
+#else
+  char buf[1024];
+  des_generate_random_block (key);
+  des_key_sched(key, schedule);
+  
+  des_read_pw_string(buf, sizeof(buf), "Enter master key seed: ", 0);
+  des_cbc_cksum((des_cblock*)buf, key, sizeof(buf), schedule, key);
+  memset(buf, 0, sizeof(buf));
+#endif
+  des_key_sched(key, schedule);
+  return 0;
+}
+
+int
+kdb_get_master_key(int prompt,
+		   des_cblock *master_key, 
+		   des_key_schedule master_key_sched)
+{
+  int ask = (prompt == KDB_GET_TWICE);
+#ifndef RANDOM_MKEY
+  ask |= (prompt == KDB_GET_PROMPT);
+#endif
+  
+  if(ask)
+    kdb_new_get_new_master_key(master_key, master_key_sched, 
+			       prompt == KDB_GET_TWICE);
+  else
+    kdb_new_get_master_key(master_key, master_key_sched);
+  return 0;
+}
+
+int
+kdb_kstash(des_cblock *master_key, char *file)
+{
+  int kfile;
+
+  kfile = open(file, O_TRUNC | O_RDWR | O_CREAT, 0600);
+  if (kfile < 0) {
+    return -1;
+  }
+  if (write(kfile, master_key, sizeof(des_cblock)) != sizeof(des_cblock)) {
+    close(kfile);
+    return -1;
+  }
+  close(kfile);
+  return 0;
+}
+
+/* The old algorithm used the key schedule as the initial vector which
+   was byte order depedent ... */
+
+void
+kdb_encrypt_key (des_cblock (*in), des_cblock (*out),
+		 des_cblock (*master_key),
+		 des_key_schedule master_key_sched, int e_d_flag)
+{
+
+#ifdef NOENCRYPTION
+  memcpy(out, in, sizeof(des_cblock));
+#else
+  des_pcbc_encrypt(in,out,(long)sizeof(des_cblock),master_key_sched,master_key,
+		   e_d_flag);
+#endif
+}
+
+/* The caller is reasponsible for cleaning up the master key and sched,
+   even if we can't verify the master key */
+
+/* Returns master key version if successful, otherwise -1 */
+
+long 
+kdb_verify_master_key (des_cblock *master_key,
+		       des_key_schedule master_key_sched,
+		       FILE *out) /* NULL -> no output */
+{
+  des_cblock key_from_db;
+  Principal principal_data[1];
+  int n, more = 0;
+  long master_key_version;
+
+  /* lookup the master key version */
+  n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
+			 1 /* only one please */, &more);
+  if ((n != 1) || more) {
+    if (out != NULL) 
+      fprintf(out,
+	      "verify_master_key: %s, %d found.\n",
+	      "Kerberos error on master key version lookup",
+	      n);
+    return (-1);
+  }
+
+  master_key_version = (long) principal_data[0].key_version;
+
+  /* set up the master key */
+  if (out != NULL)  /* should we punt this? */
+    fprintf(out, "Current Kerberos master key version is %d.\n",
+	    principal_data[0].kdc_key_ver);
+
+  /*
+   * now use the master key to decrypt the key in the db, had better
+   * be the same! 
+   */
+  copy_to_key(&principal_data[0].key_low,
+	      &principal_data[0].key_high,
+	      key_from_db);
+  kdb_encrypt_key (&key_from_db, &key_from_db, 
+		   master_key, master_key_sched, DES_DECRYPT);
+
+  /* the decrypted database key had better equal the master key */
+  n = memcmp(master_key, key_from_db, sizeof(master_key));
+  /* this used to zero the master key here! */
+  memset(key_from_db, 0, sizeof(key_from_db));
+  memset(principal_data, 0, sizeof (principal_data));
+
+  if (n && (out != NULL)) {
+    fprintf(out, "\n\07\07verify_master_key: Invalid master key; ");
+    fprintf(out, "does not match database.\n");
+  }
+  if(n)
+    return (-1);
+
+  if (out != (FILE *) NULL) {
+    fprintf(out, "\nMaster key entered.  BEWARE!\07\07\n");
+    fflush(out);
+  }
+
+  return (master_key_version);
+}
diff --git a/crypto/kerberosIV/lib/kdb/krb_lib.c b/crypto/kerberosIV/lib/kdb/krb_lib.c
new file mode 100644
index 0000000..59949f9
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/krb_lib.c
@@ -0,0 +1,252 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "kdb_locl.h"
+
+RCSID("$Id: krb_lib.c,v 1.13 1998/11/22 09:41:43 assar Exp $");
+
+#ifdef DEBUG
+extern int debug;
+extern char *progname;
+long    kerb_debug;
+#endif
+
+static int init = 0;
+
+/*
+ * initialization routine for data base 
+ */
+
+int
+kerb_init(void)
+{
+#ifdef DEBUG
+    if (!init) {
+	char *dbg = getenv("KERB_DBG");
+	if (dbg)
+	    sscanf(dbg, "%d", &kerb_debug);
+	init = 1;
+    }
+#endif
+    kerb_db_init();
+
+#ifdef CACHE
+    kerb_cache_init();
+#endif
+
+    /* successful init, return 0, else errcode */
+    return (0);
+}
+
+/*
+ * finalization routine for database -- NOTE: MUST be called by any
+ * program using kerb_init.  ALSO will have to be modified to finalize
+ * caches, if they're ever really implemented. 
+ */
+
+void
+kerb_fini(void)
+{
+    kerb_db_fini();
+}
+
+
+int
+kerb_delete_principal(char *name, char *inst)
+{
+    int ret;
+    
+    if (!init)
+	kerb_init();
+
+    ret = kerb_db_delete_principal(name, inst);
+#ifdef CACHE
+    if(ret == 0){
+	kerb_cache_delete_principal(name, inst);
+    }
+#endif
+    return ret;
+}
+
+
+/*
+ * look up a principal in the cache or data base returns number of
+ * principals found 
+ */
+
+int
+kerb_get_principal(char *name,	/* could have wild card */
+		   char *inst,	/* could have wild card */
+		   Principal *principal,
+		   unsigned int max, /* max number of name structs to return */
+		   int *more)	/* more tuples than room for */
+{
+    int     found = 0;
+#ifdef CACHE
+    static int wild = 0;
+#endif
+    if (!init)
+	kerb_init();
+
+#ifdef DEBUG
+    if (kerb_debug & 1)
+	fprintf(stderr, "\n%s: kerb_get_principal for %s %s max = %d\n",
+	    progname, name, inst, max);
+#endif
+    
+    /*
+     * if this is a request including a wild card, have to go to db
+     * since the cache may not be exhaustive. 
+     */
+
+    /* clear the principal area */
+    memset(principal, 0, max * sizeof(Principal));
+
+#ifdef CACHE
+    /*
+     * so check to see if the name contains a wildcard "*" or "?", not
+     * preceeded by a backslash. 
+     */
+    wild = 0;
+    if (index(name, '*') || index(name, '?') ||
+	index(inst, '*') || index(inst, '?'))
+	wild = 1;
+
+    if (!wild) {
+	/* try the cache first */
+	found = kerb_cache_get_principal(name, inst, principal, max, more);
+	if (found)
+	    return (found);
+    }
+#endif
+    /* If we didn't try cache, or it wasn't there, try db */
+    found = kerb_db_get_principal(name, inst, principal, max, more);
+    /* try to insert principal(s) into cache if it was found */
+#ifdef CACHE
+    if (found > 0) {
+	kerb_cache_put_principal(principal, found);
+    }
+#endif
+    return (found);
+}
+
+/* principals */
+int
+kerb_put_principal(Principal *principal,
+		   unsigned int n)                         
+                   		/* number of principal structs to write */
+{
+    /* set mod date */
+    principal->mod_date = time((time_t *)0);
+    /* and mod date string */
+
+    strftime(principal->mod_date_txt, 
+	     sizeof(principal->mod_date_txt), 
+	     "%Y-%m-%d", k_localtime(&principal->mod_date));
+    strftime(principal->exp_date_txt, 
+	     sizeof(principal->exp_date_txt), 
+	     "%Y-%m-%d", k_localtime(&principal->exp_date));
+#ifdef DEBUG
+    if (kerb_debug & 1) {
+	int i;
+	fprintf(stderr, "\nkerb_put_principal...");
+	for (i = 0; i < n; i++) {
+	    krb_print_principal(&principal[i]);
+	}
+    }
+#endif
+    /* write database */
+    if (kerb_db_put_principal(principal, n) < 0) {
+#ifdef DEBUG
+	if (kerb_debug & 1)
+	    fprintf(stderr, "\n%s: kerb_db_put_principal err", progname);
+	/* watch out for cache */
+#endif
+	return -1;
+    }
+#ifdef CACHE
+    /* write cache */
+    if (!kerb_cache_put_principal(principal, n)) {
+#ifdef DEBUG
+	if (kerb_debug & 1)
+	    fprintf(stderr, "\n%s: kerb_cache_put_principal err", progname);
+#endif
+	return -1;
+    }
+#endif
+    return 0;
+}
+
+int
+kerb_get_dba(char *name,	/* could have wild card */
+	     char *inst,	/* could have wild card */
+	     Dba *dba,
+	     unsigned int max,	/* max number of name structs to return */
+	     int *more)		/* more tuples than room for */
+{
+    int     found = 0;
+#ifdef CACHE
+    static int wild = 0;
+#endif
+    if (!init)
+	kerb_init();
+
+#ifdef DEBUG
+    if (kerb_debug & 1)
+	fprintf(stderr, "\n%s: kerb_get_dba for %s %s max = %d\n",
+	    progname, name, inst, max);
+#endif
+    /*
+     * if this is a request including a wild card, have to go to db
+     * since the cache may not be exhaustive. 
+     */
+
+    /* clear the dba area */
+    memset(dba, 0, max * sizeof(Dba));
+
+#ifdef CACHE
+    /*
+     * so check to see if the name contains a wildcard "*" or "?", not
+     * preceeded by a backslash. 
+     */
+
+    wild = 0;
+    if (index(name, '*') || index(name, '?') ||
+	index(inst, '*') || index(inst, '?'))
+	wild = 1;
+
+    if (!wild) {
+	/* try the cache first */
+	found = kerb_cache_get_dba(name, inst, dba, max, more);
+	if (found)
+	    return (found);
+    }
+#endif
+    /* If we didn't try cache, or it wasn't there, try db */
+    found = kerb_db_get_dba(name, inst, dba, max, more);
+#ifdef CACHE
+    /* try to insert dba(s) into cache if it was found */
+    if (found) {
+	kerb_cache_put_dba(dba, found);
+    }
+#endif
+    return (found);
+}
diff --git a/crypto/kerberosIV/lib/kdb/print_princ.c b/crypto/kerberosIV/lib/kdb/print_princ.c
new file mode 100644
index 0000000..786c5a9
--- /dev/null
+++ b/crypto/kerberosIV/lib/kdb/print_princ.c
@@ -0,0 +1,48 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "kdb_locl.h"
+
+RCSID("$Id: print_princ.c,v 1.5 1997/05/07 01:37:13 assar Exp $");
+
+void
+krb_print_principal(Principal *a_n)
+{
+    struct tm *time_p;
+
+    /* run-time database does not contain string versions */
+    time_p = k_localtime(&(a_n->exp_date));
+
+    fprintf(stderr,
+    "\n%s %s expires %4d-%2d-%2d %2d:%2d, max_life %d*5 = %d min  attr 0x%02x",
+    a_n->name, a_n->instance,
+    time_p->tm_year + 1900,
+    time_p->tm_mon + 1, time_p->tm_mday,
+    time_p->tm_hour, time_p->tm_min,
+    a_n->max_life, 5 * a_n->max_life, a_n->attributes);
+
+    fprintf(stderr,
+    "\n\tkey_ver %d  k_low 0x%08lx  k_high 0x%08lx  akv %d  exists %ld\n",
+    a_n->key_version, (long)a_n->key_low, (long)a_n->key_high,
+    a_n->kdc_key_ver, (long)a_n->old);
+
+    fflush(stderr);
+}
diff --git a/crypto/kerberosIV/lib/krb/Makefile.in b/crypto/kerberosIV/lib/krb/Makefile.in
new file mode 100644
index 0000000..301a9af
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/Makefile.in
@@ -0,0 +1,367 @@
+#
+# $Id: Makefile.in,v 1.113 1999/11/25 05:26:26 assar Exp $
+#
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+LN_S = @LN_S@
+DEFS = @DEFS@ -DROKEN_RENAME
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+EXECSUFFIX=@EXECSUFFIX@
+
+INSTALL = @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+top_builddir = ../..
+
+COMPILE_ET = ../com_err/compile_et
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+includedir = @includedir@
+
+incdir = $(includedir)
+inc_DATA = krb_err.h
+idir = $(top_builddir)/include
+
+PICFLAGS = @PICFLAGS@
+
+# Under SunOS-5.x it is necessary to link with -ldes to be binary compatible.
+
+LIBDES=`test -r /usr/lib/libkrb.so.1 && echo "@LD_FLAGS@ -L../des -ldes"; true`
+
+LIB_DEPS = @lib_deps_yes@ `echo @LIB_res_search@ @LIB_dn_expand@ | sort | uniq` $(LIBDES) -lc
+build_symlink_command   = @build_symlink_command@
+install_symlink_command = @install_symlink_command@
+ 
+PROGS = sizetest$(EXECSUFFIX)
+LIBNAME = $(LIBPREFIX)krb
+LIBEXT = @LIBEXT@
+SHLIBEXT = @SHLIBEXT@
+LIBPREFIX = @LIBPREFIX@
+LDSHARED = @LDSHARED@
+LIB = $(LIBNAME).$(LIBEXT)
+
+SOURCES = \
+	check_time.c \
+	cr_err_reply.c \
+	create_auth_reply.c \
+	create_ciph.c \
+	create_death_packet.c \
+	create_ticket.c \
+	debug_decl.c \
+	decomp_ticket.c \
+	defaults.c \
+	dest_tkt.c \
+	encrypt_ktext.c \
+	extra.c \
+	get_ad_tkt.c \
+	getfile.c \
+	get_cred.c \
+	get_default_principal.c \
+	get_host.c \
+	get_in_tkt.c \
+	get_krbrlm.c \
+	get_svc_in_tkt.c \
+	get_tf_fullname.c \
+	get_tf_realm.c \
+	getaddrs.c \
+	getrealm.c \
+	getst.c \
+	k_getport.c \
+	k_getsockinst.c \
+	k_localtime.c \
+	kdc_reply.c \
+	kntoln.c \
+	krb_check_auth.c \
+	krb_equiv.c \
+	krb_err.c \
+	krb_err_txt.c \
+	krb_get_in_tkt.c \
+	kuserok.c \
+	lifetime.c \
+	logging.c \
+	lsb_addr_comp.c \
+	mk_auth.c \
+	mk_err.c \
+	mk_priv.c \
+	mk_req.c \
+	mk_safe.c \
+	month_sname.c \
+	name2name.c \
+	krb_net_read.c \
+	krb_net_write.c \
+	one.c \
+	parse_name.c \
+	rd_err.c \
+	rd_priv.c \
+	rd_req.c \
+	rd_safe.c \
+	read_service_key.c \
+	realm_parse.c \
+	recvauth.c \
+	rw.c \
+	save_credentials.c \
+	send_to_kdc.c \
+	sendauth.c \
+	solaris_compat.c \
+	stime.c \
+	str2key.c \
+	tf_util.c \
+	time.c \
+	tkt_string.c \
+	unparse_name.c \
+	verify_user.c \
+	krb_ip_realm.c
+
+# these files reside in ../roken or ../com_err/
+EXTRA_SOURCE = \
+	base64.c \
+	concat.c \
+	flock.c \
+	gethostname.c \
+	gettimeofday.c \
+	getuid.c \
+	resolve.c \
+	snprintf.c \
+	strcasecmp.c \
+	strlcat.c \
+	strlcpy.c \
+	strdup.c \
+	strncasecmp.c \
+	strnlen.c \
+	strtok_r.c \
+	swab.c
+
+SHLIB_EXTRA_SOURCE = \
+	com_err.c \
+	error.c
+  
+OBJECTS = \
+	check_time.o \
+	cr_err_reply.o \
+	create_auth_reply.o \
+	create_ciph.o \
+	create_death_packet.o \
+	create_ticket.o \
+	debug_decl.o \
+	decomp_ticket.o \
+	defaults.o \
+	dest_tkt.o \
+	encrypt_ktext.o \
+	extra.o \
+	get_ad_tkt.o \
+	getfile.o \
+	get_cred.o \
+	get_default_principal.o \
+	get_host.o \
+	get_in_tkt.o \
+	get_krbrlm.o \
+	get_svc_in_tkt.o \
+	get_tf_fullname.o \
+	get_tf_realm.o \
+	getaddrs.o \
+	getrealm.o \
+	getst.o \
+	k_getport.o \
+	k_getsockinst.o \
+	k_localtime.o \
+	kdc_reply.o \
+	kntoln.o \
+	krb_check_auth.o \
+	krb_equiv.o \
+	krb_err.o \
+	krb_err_txt.o \
+	krb_get_in_tkt.o \
+	kuserok.o \
+	lifetime.o \
+	logging.o \
+	lsb_addr_comp.o \
+	mk_auth.o \
+	mk_err.o \
+	mk_priv.o \
+	mk_req.o \
+	mk_safe.o \
+	month_sname.o \
+	name2name.o \
+	krb_net_read.o \
+	krb_net_write.o \
+	one.o \
+	parse_name.o \
+	rd_err.o \
+	rd_priv.o \
+	rd_req.o \
+	rd_safe.o \
+	read_service_key.o \
+	realm_parse.o \
+	recvauth.o \
+	rw.o \
+	save_credentials.o \
+	send_to_kdc.o \
+	sendauth.o \
+	solaris_compat.o \
+	stime.o \
+	str2key.o \
+	tf_util.o \
+	time.o \
+	tkt_string.o \
+	unparse_name.o \
+	verify_user.o \
+	krb_ip_realm.o \
+	$(LIBADD)
+
+LIBADD = \
+	base64.o \
+	concat.o \
+	flock.o \
+	gethostname.o \
+	gettimeofday.o \
+	getuid.o \
+	net_read.o \
+	net_write.o \
+	resolve.o \
+	snprintf.o \
+	strcasecmp.o \
+	strlcat.o \
+	strlcpy.o \
+	strdup.o \
+	strncasecmp.o \
+	strnlen.o \
+	strtok_r.o \
+	swab.o
+
+SHLIB_LIBADD = \
+	com_err.o \
+	error.o
+
+all: $(LIB) $(PROGS) all-local
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I. -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB)
+	@install_symlink_command@
+	$(MKINSTALLDIRS) $(DESTDIR)$(includedir)
+	@for i in $(inc_DATA); do \
+	echo "  $(INSTALL_DATA) $$i $(DESTDIR)$(incdir)/$$i";\
+	$(INSTALL_DATA) $$i $(DESTDIR)$(incdir)/$$i; done
+
+uninstall:
+	rm -f $(DESTDIR)$(libdir)/$(LIB)
+	@for i in $(inc_DATA); do \
+	echo "  rm -f $(DESTDIR)$(incdir)/$$i";\
+	rm -f $(DESTDIR)$(incdir)/$$i; done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+sizetest.o: sizetest.c
+	$(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $<
+
+sizetest$(EXECSUFFIX): sizetest.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ sizetest.o
+
+check: sizetest$(EXECSUFFIX)
+	./sizetest$(EXECSUFFIX)
+
+clean:
+	rm -f $(LIB) *.o *.a *.so *.so.* so_locations \
+	 krb_err.c krb_err.h $(PROGS)  $(EXTRA_SOURCE) $(SHLIB_EXTRA_SOURCE)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+$(LIBNAME).a: $(OBJECTS)
+	rm -f $@
+	$(AR) cr $@ $(OBJECTS)
+	-$(RANLIB) $@
+
+$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(SHLIB_LIBADD)
+	rm -f $@
+	$(LDSHARED) -o $@ $(OBJECTS) $(SHLIB_LIBADD) $(LIB_DEPS)
+	@build_symlink_command@
+
+krb_err.c krb_err.h: krb_err.et
+	$(COMPILE_ET) $(srcdir)/krb_err.et
+
+# this doesn't work with parallel makes
+#$(EXTRA_SOURCE):
+#	for i in $(EXTRA_SOURCE); do \
+#	  test -f $$i || $(LN_S) $(srcdir)/../roken/$$i .; \
+#	done
+
+base64.c:
+	$(LN_S) $(srcdir)/../roken/base64.c .
+concat.c:
+	$(LN_S) $(srcdir)/../roken/concat.c .
+flock.c:
+	$(LN_S) $(srcdir)/../roken/flock.c .
+gethostname.c:
+	$(LN_S) $(srcdir)/../roken/gethostname.c .
+gettimeofday.c:
+	$(LN_S) $(srcdir)/../roken/gettimeofday.c .
+getuid.c:
+	$(LN_S) $(srcdir)/../roken/getuid.c .
+snprintf.c:
+	$(LN_S) $(srcdir)/../roken/snprintf.c .
+strcasecmp.c:
+	$(LN_S) $(srcdir)/../roken/strcasecmp.c .
+strlcat.c:
+	$(LN_S) $(srcdir)/../roken/strlcat.c .
+strlcpy.c:
+	$(LN_S) $(srcdir)/../roken/strlcpy.c .
+strncasecmp.c:
+	$(LN_S) $(srcdir)/../roken/strncasecmp.c .
+strnlen.c:
+	$(LN_S) $(srcdir)/../roken/strnlen.c .
+strdup.c:
+	$(LN_S) $(srcdir)/../roken/strdup.c .
+strtok_r.c:
+	$(LN_S) $(srcdir)/../roken/strtok_r.c .
+swab.c:
+	$(LN_S) $(srcdir)/../roken/swab.c .
+resolve.c:
+	$(LN_S) $(srcdir)/../roken/resolve.c .
+net_read.c:
+	$(LN_S) $(srcdir)/../roken/net_read.c .
+net_write.c:
+	$(LN_S) $(srcdir)/../roken/net_write.c .
+com_err.c:
+	$(LN_S) $(srcdir)/../com_err/com_err.c .
+error.c:
+	$(LN_S) $(srcdir)/../com_err/error.c .
+
+
+$(OBJECTS): ../../include/config.h
+$(OBJECTS): krb_locl.h krb.h
+rw.o: ../../include/version.h
+
+all-local: $(inc_DATA)
+	@for i in $(inc_DATA); do \
+		if cmp -s  $$i $(idir)/$$i 2> /dev/null ; then :; else\
+			echo " $(INSTALL_DATA) $$i $(idir)/$$i"; \
+			$(INSTALL_DATA) $$i $(idir)/$$i; \
+		fi ; \
+	done
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean all-local
diff --git a/crypto/kerberosIV/lib/krb/check_time.c b/crypto/kerberosIV/lib/krb/check_time.c
new file mode 100644
index 0000000..be028fa
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/check_time.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: check_time.c,v 1.5 1999/12/02 16:58:40 joda Exp $");
+
+int
+krb_check_tm (struct tm tm)
+{
+     return  tm.tm_mon < 0
+	  || tm.tm_mon > 11
+	  || tm.tm_hour < 0
+	  || tm.tm_hour > 23
+	  || tm.tm_min < 0
+	  || tm.tm_min > 59
+	  || tm.tm_sec < 0
+	  || tm.tm_sec > 59
+	  || tm.tm_year < 1901
+	  || tm.tm_year > 2038;
+}
diff --git a/crypto/kerberosIV/lib/krb/cr_err_reply.c b/crypto/kerberosIV/lib/krb/cr_err_reply.c
new file mode 100644
index 0000000..3308529
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/cr_err_reply.c
@@ -0,0 +1,122 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: cr_err_reply.c,v 1.11 1999/12/02 16:58:41 joda Exp $");
+
+/*
+ * This routine is used by the Kerberos authentication server to
+ * create an error reply packet to send back to its client.
+ *
+ * It takes a pointer to the packet to be built, the name, instance,
+ * and realm of the principal, the client's timestamp, an error code
+ * and an error string as arguments.  Its return value is undefined.
+ *
+ * The packet is built in the following format:
+ * 
+ * type			variable	   data
+ *			or constant
+ * ----			-----------	   ----
+ *
+ * unsigned char	req_ack_vno	   protocol version number
+ * 
+ * unsigned char	AUTH_MSG_ERR_REPLY protocol message type
+ * 
+ * [least significant	HOST_BYTE_ORDER	   sender's (server's) byte
+ * bit of above field]			   order
+ * 
+ * string		pname		   principal's name
+ * 
+ * string		pinst		   principal's instance
+ * 
+ * string		prealm		   principal's realm
+ * 
+ * unsigned long	time_ws		   client's timestamp
+ * 
+ * unsigned long	e		   error code
+ * 
+ * string		e_string	   error text
+ */
+
+int
+cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm, 
+	     u_int32_t time_ws, u_int32_t e, char *e_string)
+{
+    unsigned char *p = pkt->dat;
+    int tmp;
+    size_t rem = sizeof(pkt->dat);
+
+    tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1);
+    if (tmp < 0)
+	return -1;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(AUTH_MSG_ERR_REPLY, p, rem, 1);
+    if (tmp < 0)
+	return -1;
+    p += tmp;
+    rem -= tmp;
+
+    if (pname == NULL) pname = "";
+    if (pinst == NULL) pinst = "";
+    if (prealm == NULL) prealm = "";
+
+    tmp = krb_put_nir(pname, pinst, prealm, p, rem);
+    if (tmp < 0)
+	return -1;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(time_ws, p, rem, 4);
+    if (tmp < 0)
+	return -1;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(e, p, rem, 4);
+    if (tmp < 0)
+	return -1;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_string(e_string, p, rem);
+    if (tmp < 0)
+	return -1;
+    p += tmp;
+    rem -= tmp;
+
+    pkt->length = p - pkt->dat;
+    return 0;
+}
diff --git a/crypto/kerberosIV/lib/krb/create_auth_reply.c b/crypto/kerberosIV/lib/krb/create_auth_reply.c
new file mode 100644
index 0000000..7f6cf46
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/create_auth_reply.c
@@ -0,0 +1,159 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: create_auth_reply.c,v 1.15 1999/12/02 16:58:41 joda Exp $");
+
+/*
+ * This routine is called by the Kerberos authentication server
+ * to create a reply to an authentication request.  The routine
+ * takes the user's name, instance, and realm, the client's
+ * timestamp, the number of tickets, the user's key version
+ * number and the ciphertext containing the tickets themselves.
+ * It constructs a packet and returns a pointer to it.
+ *
+ * Notes: The packet returned by this routine is static.  Thus, if you
+ * intend to keep the result beyond the next call to this routine, you
+ * must copy it elsewhere.
+ *
+ * The packet is built in the following format:
+ * 
+ * 			variable
+ * type			or constant	   data
+ * ----			-----------	   ----
+ * 
+ * unsigned char	KRB_PROT_VERSION   protocol version number
+ * 
+ * unsigned char	AUTH_MSG_KDC_REPLY protocol message type
+ * 
+ * [least significant	HOST_BYTE_ORDER	   sender's (server's) byte
+ *  bit of above field]			   order
+ * 
+ * string		pname		   principal's name
+ * 
+ * string		pinst		   principal's instance
+ * 
+ * string		prealm		   principal's realm
+ * 
+ * unsigned long	time_ws		   client's timestamp
+ * 
+ * unsigned char	n		   number of tickets
+ * 
+ * unsigned long	x_date		   expiration date
+ * 
+ * unsigned char	kvno		   master key version
+ * 
+ * short		w_1		   cipher length
+ * 
+ * ---			cipher->dat	   cipher data
+ */
+
+KTEXT
+create_auth_reply(char *pname,	/* Principal's name */
+		  char *pinst,	/* Principal's instance */
+		  char *prealm,	/* Principal's authentication domain */
+		  int32_t time_ws, /* Workstation time */
+		  int n,	/* Number of tickets */
+		  u_int32_t x_date, /* Principal's expiration date */
+		  int kvno,	/* Principal's key version number */
+		  KTEXT cipher)	/* Cipher text with tickets and session keys */
+{
+    static  KTEXT_ST pkt_st;
+    KTEXT pkt = &pkt_st;
+    
+    unsigned char *p = pkt->dat;
+    int tmp;
+    size_t rem = sizeof(pkt->dat);
+
+    if(n != 0)
+	return NULL;
+    
+    tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(AUTH_MSG_KDC_REPLY, p, rem, 1);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_nir(pname, pinst, prealm, p, rem);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(time_ws, p, rem, 4);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
+    
+    tmp = krb_put_int(n, p, rem, 1);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
+    
+    tmp = krb_put_int(x_date, p, rem, 4);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
+    
+    tmp = krb_put_int(kvno, p, rem, 1);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
+    
+    tmp = krb_put_int(cipher->length, p, rem, 2);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
+    
+    if (rem < cipher->length)
+	return NULL;
+    memcpy(p, cipher->dat, cipher->length);
+    p += cipher->length;
+    rem -= cipher->length;
+
+    pkt->length = p - pkt->dat;
+
+    return pkt;
+}
diff --git a/crypto/kerberosIV/lib/krb/create_ciph.c b/crypto/kerberosIV/lib/krb/create_ciph.c
new file mode 100644
index 0000000..f73e8d7
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/create_ciph.c
@@ -0,0 +1,142 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: create_ciph.c,v 1.13 1999/12/02 16:58:41 joda Exp $");
+
+/*
+ * This routine is used by the authentication server to create
+ * a packet for its client, containing a ticket for the requested
+ * service (given in "tkt"), and some information about the ticket,
+ *
+ * Returns KSUCCESS no matter what.
+ *
+ * The length of the cipher is stored in c->length; the format of
+ * c->dat is as follows:
+ *
+ * 			variable
+ * type			or constant	   data
+ * ----			-----------	   ----
+ * 
+ * 
+ * 8 bytes		session		session key for client, service
+ * 
+ * string		service		service name
+ * 
+ * string		instance	service instance
+ * 
+ * string		realm		KDC realm
+ * 
+ * unsigned char	life		ticket lifetime
+ * 
+ * unsigned char	kvno		service key version number
+ * 
+ * unsigned char	tkt->length	length of following ticket
+ * 
+ * data			tkt->dat	ticket for service
+ * 
+ * 4 bytes		kdc_time	KDC's timestamp
+ *
+ * <=7 bytes		null		   null pad to 8 byte multiple
+ *
+ */
+
+int
+create_ciph(KTEXT c,		/* Text block to hold ciphertext */
+	    unsigned char *session, /* Session key to send to user */
+	    char *service,	/* Service name on ticket */
+	    char *instance,	/* Instance name on ticket */
+	    char *realm,	/* Realm of this KDC */
+	    u_int32_t life,	/* Lifetime of the ticket */
+	    int kvno,		/* Key version number for service */
+	    KTEXT tkt,		/* The ticket for the service */
+	    u_int32_t kdc_time,	/* KDC time */
+	    des_cblock *key)	/* Key to encrypt ciphertext with */
+
+{
+    unsigned char *p = c->dat;
+    size_t rem = sizeof(c->dat);
+    int tmp;
+
+    memset(c, 0, sizeof(KTEXT_ST));
+
+    if (rem < 8)
+	return KFAILURE;
+    memcpy(p, session, 8);
+    p += 8;
+    rem -= 8;
+    
+    tmp = krb_put_nir(service, instance, realm, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    
+    tmp = krb_put_int(life, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(kvno, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(tkt->length, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    if (rem < tkt->length)
+	return KFAILURE;
+    memcpy(p, tkt->dat, tkt->length);
+    p += tkt->length;
+    rem -= tkt->length;
+
+    tmp = krb_put_int(kdc_time, p, rem, 4);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    /* multiple of eight bytes */
+    c->length = (p - c->dat + 7) & ~7;
+
+    encrypt_ktext(c, key, DES_ENCRYPT);
+    return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/create_death_packet.c b/crypto/kerberosIV/lib/krb/create_death_packet.c
new file mode 100644
index 0000000..15e0267
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/create_death_packet.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: create_death_packet.c,v 1.10 1999/12/02 16:58:41 joda Exp $");
+
+/*
+ * This routine creates a packet to type AUTH_MSG_DIE which is sent to
+ * the Kerberos server to make it shut down.  It is used only in the
+ * development environment.
+ *
+ * It takes a string "a_name" which is sent in the packet.  A pointer
+ * to the packet is returned.
+ *
+ * The format of the killer packet is:
+ *
+ * type			variable		data
+ *			or constant
+ * ----			-----------		----
+ *
+ * unsigned char	KRB_PROT_VERSION	protocol version number
+ * 
+ * unsigned char	AUTH_MSG_DIE		message type
+ * 
+ * [least significant	HOST_BYTE_ORDER		byte order of sender
+ *  bit of above field]
+ * 
+ * string		a_name			presumably, name of
+ * 						principal sending killer
+ * 						packet
+ */
+
+#ifdef DEBUG
+KTEXT
+krb_create_death_packet(char *a_name)
+{
+    static KTEXT_ST pkt_st;
+    KTEXT pkt = &pkt_st;
+
+    unsigned char *p = pkt->dat;
+    int tmp;
+    int rem = sizeof(pkt->dat);
+
+    pkt->length = 0;
+
+    tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(AUTH_MSG_DIE, p, rem, 1);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_string(a_name, p, rem);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
+
+    pkt->length = p - pkt->dat;
+    return pkt;
+}
+#endif /* DEBUG */
diff --git a/crypto/kerberosIV/lib/krb/create_ticket.c b/crypto/kerberosIV/lib/krb/create_ticket.c
new file mode 100644
index 0000000..32cb0a0
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/create_ticket.c
@@ -0,0 +1,160 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: create_ticket.c,v 1.14 1999/12/02 16:58:41 joda Exp $");
+
+/*
+ * Create ticket takes as arguments information that should be in a
+ * ticket, and the KTEXT object in which the ticket should be
+ * constructed.  It then constructs a ticket and returns, leaving the
+ * newly created ticket in tkt.
+ * The length of the ticket is a multiple of
+ * eight bytes and is in tkt->length.
+ *
+ * If the ticket is too long, the ticket will contain nulls.
+ *
+ * The corresponding routine to extract information from a ticket it
+ * decomp_ticket.  When changes are made to this routine, the
+ * corresponding changes should also be made to that file.
+ *
+ * The packet is built in the following format:
+ * 
+ * 			variable
+ * type			or constant	   data
+ * ----			-----------	   ----
+ *
+ * tkt->length		length of ticket (multiple of 8 bytes)
+ * 
+ * tkt->dat:
+ * 
+ * unsigned char	flags		   namely, HOST_BYTE_ORDER
+ * 
+ * string		pname		   client's name
+ * 
+ * string		pinstance	   client's instance
+ * 
+ * string		prealm		   client's realm
+ * 
+ * 4 bytes		paddress	   client's address
+ * 
+ * 8 bytes		session		   session key
+ * 
+ * 1 byte		life		   ticket lifetime
+ * 
+ * 4 bytes		time_sec	   KDC timestamp
+ * 
+ * string		sname		   service's name
+ * 
+ * string		sinstance	   service's instance
+ * 
+ * <=7 bytes		null		   null pad to 8 byte multiple
+ *
+ */
+
+int
+krb_create_ticket(KTEXT tkt,	/* Gets filled in by the ticket */
+		  unsigned char flags, /* Various Kerberos flags */
+		  char *pname,	/* Principal's name */
+		  char *pinstance, /* Principal's instance */
+		  char *prealm, /* Principal's authentication domain */
+		  int32_t paddress, /* Net address of requesting entity */
+		  void *session, /* Session key inserted in ticket */
+		  int16_t life,	/* Lifetime of the ticket */
+		  int32_t time_sec, /* Issue time and date */
+		  char *sname,	/* Service Name */
+		  char *sinstance, /* Instance Name */
+		  des_cblock *key) /* Service's secret key */
+{
+    unsigned char *p = tkt->dat;
+    int tmp;
+    size_t rem = sizeof(tkt->dat);
+
+    memset(tkt, 0, sizeof(KTEXT_ST));
+
+    tmp = krb_put_int(flags, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_nir(pname, pinstance, prealm, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+    
+    tmp = krb_put_address(paddress, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+    
+    if (rem < 8)
+	return KFAILURE;
+    memcpy(p, session, 8);
+    p += 8;
+    rem -= 8;
+
+    tmp = krb_put_int(life, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(time_sec, p, rem, 4);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_nir(sname, sinstance, NULL, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    /* multiple of eight bytes */
+    tkt->length = (p - tkt->dat + 7) & ~7;
+
+    /* Check length of ticket */
+    if (tkt->length > (sizeof(KTEXT_ST) - 7)) {
+        memset(tkt->dat, 0, tkt->length);
+        tkt->length = 0;
+        return KFAILURE /* XXX */;
+    }
+
+    encrypt_ktext(tkt, key, DES_ENCRYPT);
+    return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/debug_decl.c b/crypto/kerberosIV/lib/krb/debug_decl.c
new file mode 100644
index 0000000..5cbab77
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/debug_decl.c
@@ -0,0 +1,44 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: debug_decl.c,v 1.10 1999/06/16 15:10:38 joda Exp $");
+
+/* Declare global debugging variables. */
+
+int krb_ap_req_debug = 0;
+int krb_debug = 0;
+int krb_dns_debug = 0;
+
+int
+krb_enable_debug(void)
+{
+    krb_ap_req_debug = krb_debug = krb_dns_debug = 1;
+    return 0;
+}
+
+int
+krb_disable_debug(void)
+{
+    krb_ap_req_debug = krb_debug = krb_dns_debug = 0;
+    return 0;
+}
diff --git a/crypto/kerberosIV/lib/krb/decomp_ticket.c b/crypto/kerberosIV/lib/krb/decomp_ticket.c
new file mode 100644
index 0000000..12bdf44
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/decomp_ticket.c
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: decomp_ticket.c,v 1.20 1999/12/02 16:58:41 joda Exp $");
+
+/*
+ * This routine takes a ticket and pointers to the variables that
+ * should be filled in based on the information in the ticket.  It
+ * fills in values for its arguments.
+ *
+ * The routine returns KFAILURE if any of the "pname", "pinstance",
+ * or "prealm" fields is too big, otherwise it returns KSUCCESS.
+ *
+ * The corresponding routine to generate tickets is create_ticket.
+ * When changes are made to this routine, the corresponding changes
+ * should also be made to that file.
+ *
+ * See create_ticket.c for the format of the ticket packet.
+ */
+
+int
+decomp_ticket(KTEXT tkt,	/* The ticket to be decoded */
+	      unsigned char *flags, /* Kerberos ticket flags */
+	      char *pname,	/* Authentication name */
+	      char *pinstance,	/* Principal's instance */
+	      char *prealm,	/* Principal's authentication domain */
+	      u_int32_t *paddress,/* Net address of entity requesting ticket */
+	      unsigned char *session, /* Session key inserted in ticket */
+	      int *life,	/* Lifetime of the ticket */
+	      u_int32_t *time_sec, /* Issue time and date */
+	      char *sname,	/* Service name */
+	      char *sinstance,	/* Service instance */
+	      des_cblock *key,	/* Service's secret key (to decrypt the ticket) */
+	      des_key_schedule schedule) /* The precomputed key schedule */
+
+{
+    unsigned char *p = tkt->dat;
+    
+    int little_endian;
+
+    des_pcbc_encrypt((des_cblock *)tkt->dat, (des_cblock *)tkt->dat,
+		     tkt->length, schedule, key, DES_DECRYPT);
+
+    tkt->mbz = 0;
+
+    *flags = *p++;
+
+    little_endian = *flags & 1;
+
+    if(strlen((char*)p) > ANAME_SZ)
+	return KFAILURE;
+    p += krb_get_string(p, pname, ANAME_SZ);
+
+    if(strlen((char*)p) > INST_SZ)
+	return KFAILURE;
+    p += krb_get_string(p, pinstance, INST_SZ);
+
+    if(strlen((char*)p) > REALM_SZ)
+	return KFAILURE;
+    p += krb_get_string(p, prealm, REALM_SZ);
+
+    if (*prealm == '\0')
+	krb_get_lrealm (prealm, 1);
+
+    if(tkt->length - (p - tkt->dat) < 8 + 1 + 4)
+	return KFAILURE;
+    p += krb_get_address(p, paddress);
+
+    memcpy(session, p, 8);
+    p += 8;
+
+    *life = *p++;
+    
+    p += krb_get_int(p, time_sec, 4, little_endian);
+
+    if(strlen((char*)p) > SNAME_SZ)
+	return KFAILURE;
+    p += krb_get_string(p, sname, SNAME_SZ);
+
+    if(strlen((char*)p) > INST_SZ)
+	return KFAILURE;
+    p += krb_get_string(p, sinstance, INST_SZ);
+
+    return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/defaults.c b/crypto/kerberosIV/lib/krb/defaults.c
new file mode 100644
index 0000000..e4fe027
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/defaults.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: defaults.c,v 1.3 1999/12/02 16:58:41 joda Exp $");
+
+const
+char *
+krb_get_default_tkt_root(void)
+{
+  const char *t = krb_get_config_string("krb_default_tkt_root");
+  if (t)
+    return t;
+  else
+    return "/tmp/tkt";
+}
+
+const
+char *
+krb_get_default_keyfile(void)
+{
+  const char *t = krb_get_config_string("krb_default_keyfile");
+  if (t)
+    return t;
+  else
+    return "/etc/srvtab";
+}
diff --git a/crypto/kerberosIV/lib/krb/dest_tkt.c b/crypto/kerberosIV/lib/krb/dest_tkt.c
new file mode 100644
index 0000000..0487e6b
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/dest_tkt.c
@@ -0,0 +1,82 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: dest_tkt.c,v 1.11 1997/05/19 03:03:40 assar Exp $");
+
+/*
+ * dest_tkt() is used to destroy the ticket store upon logout.
+ * If the ticket file does not exist, dest_tkt() returns RET_TKFIL.
+ * Otherwise the function returns RET_OK on success, KFAILURE on
+ * failure.
+ *
+ * The ticket file (TKT_FILE) is defined in "krb.h".
+ */
+
+int
+dest_tkt(void)
+{
+    char *file = TKT_FILE;
+    int i,fd;
+    struct stat statb;
+    char buf[BUFSIZ];
+
+    errno = 0;
+    if (
+#ifdef HAVE_LSTAT
+    lstat
+#else
+    stat
+#endif
+    (file, &statb) < 0)      
+	goto out;
+
+    if (!(statb.st_mode & S_IFREG)
+#ifdef notdef
+	|| statb.st_mode & 077
+#endif
+	)
+	goto out;
+
+    if ((fd = open(file, O_RDWR, 0)) < 0)
+	goto out;
+
+    memset(buf, 0, BUFSIZ);
+
+    for (i = 0; i < statb.st_size; i += sizeof(buf))
+	if (write(fd, buf, sizeof(buf)) != sizeof(buf)) {
+	    fsync(fd);
+	    close(fd);
+	    goto out;
+	}
+	
+
+    fsync(fd);
+    close(fd);
+    
+    unlink(file);
+
+out:
+    if (errno == ENOENT) return RET_TKFIL;
+    else if (errno != 0) return KFAILURE;
+    return(KSUCCESS);
+}
diff --git a/crypto/kerberosIV/lib/krb/dllmain.c b/crypto/kerberosIV/lib/krb/dllmain.c
new file mode 100644
index 0000000..4e22e9a
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/dllmain.c
@@ -0,0 +1,139 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* dllmain.c - main function to krb4.dll
+ * Author:	J Karlsson <d93-jka@nada.kth.se>
+ * Date:	June 1996
+ */
+
+#include "krb_locl.h"
+#include "ticket_memory.h"
+#include <Windows.h>
+
+RCSID("$Id: dllmain.c,v 1.9 1999/12/02 16:58:41 joda Exp $");
+
+void
+msg(char *text, int error)
+{
+    char *buf;
+
+    asprintf (&buf, "%s\nAn error of type: %d", text, error);
+
+    MessageBox(GetActiveWindow(),
+	       buf ? buf : "Out of memory!",
+	       "kerberos message",
+	       MB_OK|MB_APPLMODAL);
+    free (buf);
+}
+
+void
+PostUpdateMessage(void)
+{
+	HWND		hWnd;
+	static UINT km_message;
+	
+    if(km_message == 0)
+        km_message = RegisterWindowMessage("krb4-update-cache");
+
+	hWnd = FindWindow("KrbManagerWndClass", NULL);
+	if (hWnd == NULL)
+		hWnd = HWND_BROADCAST;
+	PostMessage(hWnd, km_message, 0, 0);
+}
+
+
+BOOL WINAPI
+DllMain (HANDLE hInst, 
+	 ULONG reason,
+	 LPVOID lpReserved)
+{
+    WORD wVersionRequested; 
+    WSADATA wsaData; 
+    PROCESS_INFORMATION p;	
+    int err; 
+
+    switch(reason){
+    case DLL_PROCESS_ATTACH:
+	wVersionRequested = MAKEWORD(1, 1); 
+	err = WSAStartup(wVersionRequested, &wsaData); 
+	if (err != 0) 
+	{
+	    /* Tell the user that we couldn't find a useable */ 
+	    /* winsock.dll.     */ 
+	    msg("Cannot find winsock.dll", err);
+	    return FALSE;
+	}
+	if(newTktMem(0) != KSUCCESS)
+	{
+	    /* Tell the user that we couldn't alloc shared memory. */ 
+	    msg("Cannot allocate shared ticket memory", GetLastError());
+	    return FALSE;
+	}
+	if(GetLastError() != ERROR_ALREADY_EXISTS)
+	{
+	    STARTUPINFO s = {
+		sizeof(s),
+		NULL,
+		NULL,
+		NULL,
+		0,0,
+		0,0,
+		0,0,
+		0,
+		STARTF_USESHOWWINDOW,
+		SW_SHOWMINNOACTIVE,
+		0, NULL,
+		NULL, NULL, NULL
+	    };
+
+	    if(!CreateProcess(0,"krbmanager",
+			      0,0,FALSE,0,0,
+			      0,&s, &p)) {
+#if 0
+		msg("Unable to create Kerberos manager process.\n"
+		    "Make sure krbmanager.exe is in your PATH.",
+		    GetLastError());
+		return FALSE;
+#endif
+	    }
+	}
+	break;
+    case DLL_PROCESS_DETACH:
+	/* should this really be done here? */
+	freeTktMem(0);
+	WSACleanup();
+	break;
+    }
+
+    return TRUE;
+}
diff --git a/crypto/kerberosIV/lib/krb/encrypt_ktext.c b/crypto/kerberosIV/lib/krb/encrypt_ktext.c
new file mode 100644
index 0000000..dc5c60d
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/encrypt_ktext.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: encrypt_ktext.c,v 1.5 1999/12/02 16:58:41 joda Exp $");
+
+void
+encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt)
+{
+    des_key_schedule schedule;
+    des_set_key(key, schedule);
+    des_pcbc_encrypt((des_cblock*)cip->dat, (des_cblock*)cip->dat, 
+		     cip->length, schedule, key, encrypt);
+    memset(schedule, 0, sizeof(des_key_schedule));
+}
diff --git a/crypto/kerberosIV/lib/krb/extra.c b/crypto/kerberosIV/lib/krb/extra.c
new file mode 100644
index 0000000..c90767e
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/extra.c
@@ -0,0 +1,202 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: extra.c,v 1.7 1999/12/02 16:58:41 joda Exp $");
+
+struct value {
+    char *variable;
+    char *value;
+    struct value *next;
+};
+
+static struct value *_extra_values;
+
+static int _krb_extra_read = 0;
+
+static int
+define_variable(const char *variable, const char *value)
+{
+    struct value *e;
+    e = malloc(sizeof(*e));
+    if(e == NULL)
+	return ENOMEM;
+    e->variable = strdup(variable);
+    if(e->variable == NULL) {
+	free(e);
+	return ENOMEM;
+    }
+    e->value = strdup(value);
+    if(e->value == NULL) {
+	free(e->variable);
+	free(e);
+	return ENOMEM;
+    }
+    e->next = _extra_values;
+    _extra_values = e;
+    return 0;
+}
+
+#ifndef WIN32
+
+struct obsolete {
+    const char *from;
+    const char *to;
+} obsolete [] = {
+    { "KDC_TIMESYNC", "kdc_timesync" },
+    { "KRB_REVERSE_DIRECTION", "reverse_lsb_test"},
+    { "krb4_proxy", "krb4_proxy"},
+    { NULL, NULL }
+};
+    
+static void
+check_obsolete(void)
+{
+    struct obsolete *r;
+    for(r = obsolete; r->from; r++) {
+	if(getenv(r->from)) {
+	    krb_warning("The environment variable `%s' is obsolete;\n"
+			"set `%s' in your `krb.extra' file instead\n", 
+			r->from, r->to);
+	    define_variable(r->to, getenv(r->from));
+	}
+    }
+}
+
+static int
+read_extra_file(void)
+{
+    int i = 0;
+    char file[128];
+    char line[1024];
+    if(_krb_extra_read)
+	return 0;
+    _krb_extra_read = 1;
+    check_obsolete();
+    while(krb_get_krbextra(i++, file, sizeof(file)) == 0) {
+	FILE *f = fopen(file, "r");
+	if(f == NULL)
+	    continue;
+	while(fgets(line, sizeof(line), f)) {
+	    char *var, *tmp, *val;
+
+	    /* skip initial whitespace */
+	    var = line + strspn(line, " \t");
+	    /* skip non-whitespace */
+	    tmp = var + strcspn(var, " \t=");
+	    /* skip whitespace */
+	    val = tmp + strspn(tmp, " \t=");
+	    *tmp = '\0';
+	    tmp = val + strcspn(val, " \t\n");
+	    *tmp = '\0';
+	    if(*var == '\0' || *var == '#' || *val == '\0')
+		continue;
+	    if(krb_debug)
+		krb_warning("%s: setting `%s' to `%s'\n", file, var, val);
+	    define_variable(var, val);
+	}
+	fclose(f);
+	return 0;
+    }
+    return ENOENT;
+}
+
+#else /* WIN32 */
+
+static int
+read_extra_file(void)
+{
+    char name[1024], data[1024];
+    DWORD name_sz, data_sz;
+    DWORD type;
+    int num = 0;
+    HKEY reg_key;
+
+    if(_krb_extra_read)
+	return 0;
+    _krb_extra_read = 1;
+
+    if(RegCreateKey(HKEY_CURRENT_USER, "krb4", &reg_key) != 0)
+	return -1;
+	
+
+    while(1) {
+	name_sz = sizeof(name);
+	data_sz = sizeof(data);
+	if(RegEnumValue(reg_key,
+			num++,
+			name,
+			&name_sz,
+			NULL,
+			&type,
+			data,
+			&data_sz) != 0)
+	    break;
+	if(type == REG_SZ)
+	    define_variable(name, data);
+    }
+    RegCloseKey(reg_key);
+    return 0;
+}
+
+#endif
+
+static const char*
+find_variable(const char *variable)
+{
+    struct value *e;
+    for(e = _extra_values; e; e = e->next) {
+	if(strcasecmp(variable, e->variable) == 0)
+	    return e->value;
+    }
+    return NULL;
+}
+
+const char *
+krb_get_config_string(const char *variable)
+{
+    read_extra_file();
+    return find_variable(variable);
+}
+
+int
+krb_get_config_bool(const char *variable)
+{
+    const char *value = krb_get_config_string(variable);
+    if(value == NULL)
+	return 0;
+    return strcasecmp(value, "yes") == 0 || 
+	strcasecmp(value, "true") == 0 ||
+	atoi(value);
+}
diff --git a/crypto/kerberosIV/lib/krb/get_ad_tkt.c b/crypto/kerberosIV/lib/krb/get_ad_tkt.c
new file mode 100644
index 0000000..56d7d56
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_ad_tkt.c
@@ -0,0 +1,203 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_ad_tkt.c,v 1.22 1999/12/02 16:58:41 joda Exp $");
+
+/*
+ * get_ad_tkt obtains a new service ticket from Kerberos, using
+ * the ticket-granting ticket which must be in the ticket file.
+ * It is typically called by krb_mk_req() when the client side
+ * of an application is creating authentication information to be
+ * sent to the server side.
+ *
+ * get_ad_tkt takes four arguments: three pointers to strings which
+ * contain the name, instance, and realm of the service for which the
+ * ticket is to be obtained; and an integer indicating the desired
+ * lifetime of the ticket.
+ *
+ * It returns an error status if the ticket couldn't be obtained,
+ * or AD_OK if all went well.  The ticket is stored in the ticket
+ * cache.
+ *
+ * The request sent to the Kerberos ticket-granting service looks
+ * like this:
+ *
+ * pkt->dat
+ *
+ * TEXT			original contents of	authenticator+ticket
+ *			pkt->dat		built in krb_mk_req call
+ * 
+ * 4 bytes		time_ws			always 0 (?)
+ * char			lifetime		lifetime argument passed
+ * string		service			service name argument
+ * string		sinstance		service instance arg.
+ *
+ * See "prot.h" for the reply packet layout and definitions of the
+ * extraction macros like pkt_version(), pkt_msg_type(), etc.
+ */
+
+int
+get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime)
+{
+    static KTEXT_ST pkt_st;
+    KTEXT pkt = & pkt_st;	/* Packet to KDC */
+    static KTEXT_ST rpkt_st;
+    KTEXT rpkt = &rpkt_st;	/* Returned packet */
+
+    CREDENTIALS cr;
+    char lrealm[REALM_SZ];
+    u_int32_t time_ws = 0;
+    int kerror;
+    unsigned char *p;
+    size_t rem;
+    int tmp;
+
+    /*
+     * First check if we have a "real" TGT for the corresponding
+     * realm, if we don't, use ordinary inter-realm authentication.
+     */
+
+    kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, &cr);
+    if (kerror == KSUCCESS) {
+      strlcpy(lrealm, realm, REALM_SZ);
+    } else
+      kerror = krb_get_tf_realm(TKT_FILE, lrealm);
+    
+    if (kerror != KSUCCESS)
+	return(kerror);
+
+    /*
+     * Look for the session key (and other stuff we don't need)
+     * in the ticket file for krbtgt.realm@lrealm where "realm" 
+     * is the service's realm (passed in "realm" argument) and 
+     * lrealm is the realm of our initial ticket.  If we don't 
+     * have this, we will try to get it.
+     */
+    
+    if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET,
+			       realm, lrealm, &cr)) != KSUCCESS) {
+	/*
+	 * If realm == lrealm, we have no hope, so let's not even try.
+	 */
+	if ((strncmp(realm, lrealm, REALM_SZ)) == 0)
+	    return(AD_NOTGT);
+	else{
+	    if ((kerror = 
+		 get_ad_tkt(KRB_TICKET_GRANTING_TICKET,
+			    realm, lrealm, lifetime)) != KSUCCESS) {
+		if (kerror == KDC_PR_UNKNOWN)
+		  return(AD_INTR_RLM_NOTGT);
+		else
+		  return(kerror);
+	    }
+	    if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET,
+				       realm, lrealm, &cr)) != KSUCCESS)
+		return(kerror);
+	}
+    }
+    
+    /*
+     * Make up a request packet to the "krbtgt.realm@lrealm".
+     * Start by calling krb_mk_req() which puts ticket+authenticator
+     * into "pkt".  Then tack other stuff on the end.
+     */
+    
+    kerror = krb_mk_req(pkt,
+			KRB_TICKET_GRANTING_TICKET,
+			realm,lrealm,0L);
+
+    if (kerror)
+	return(AD_NOTGT);
+
+    p = pkt->dat + pkt->length;
+    rem = sizeof(pkt->dat) - pkt->length;
+
+    tmp = krb_put_int(time_ws, p, rem, 4);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(lifetime, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_nir(service, sinstance, NULL, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+    
+    pkt->length = p - pkt->dat;
+    rpkt->length = 0;
+    
+    /* Send the request to the local ticket-granting server */
+    if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror);
+
+    /* check packet version of the returned packet */
+
+    {
+	KTEXT_ST cip;
+	CREDENTIALS cred;
+	struct timeval tv;
+
+	kerror = kdc_reply_cipher(rpkt, &cip);
+	if(kerror != KSUCCESS)
+	    return kerror;
+	
+	encrypt_ktext(&cip, &cr.session, DES_DECRYPT);
+
+	kerror = kdc_reply_cred(&cip, &cred);
+	if(kerror != KSUCCESS)
+	    return kerror;
+
+	if (strcmp(cred.service, service) || strcmp(cred.instance, sinstance) ||
+	    strcmp(cred.realm, realm))	/* not what we asked for */
+	    return INTK_ERR;	/* we need a better code here XXX */
+	
+	krb_kdctimeofday(&tv);
+	if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) {
+	    return RD_AP_TIME; /* XXX should probably be better code */
+	}
+	
+
+	kerror = save_credentials(cred.service, cred.instance, cred.realm, 
+				  cred.session, cred.lifetime, cred.kvno, 
+				  &cred.ticket_st, tv.tv_sec);
+	return kerror;
+    }
+}
diff --git a/crypto/kerberosIV/lib/krb/get_cred.c b/crypto/kerberosIV/lib/krb/get_cred.c
new file mode 100644
index 0000000..085184b
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_cred.c
@@ -0,0 +1,70 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_cred.c,v 1.7 1997/12/15 17:12:55 assar Exp $");
+
+/*
+ * krb_get_cred takes a service name, instance, and realm, and a
+ * structure of type CREDENTIALS to be filled in with ticket
+ * information.  It then searches the ticket file for the appropriate
+ * ticket and fills in the structure with the corresponding
+ * information from the file.  If successful, it returns KSUCCESS.
+ * On failure it returns a Kerberos error code.
+ */
+
+int
+krb_get_cred(char *service,	/* Service name */
+	     char *instance,	/* Instance */
+	     char *realm,	/* Auth domain */
+	     CREDENTIALS *c)	/* Credentials struct */
+{
+    int tf_status;              /* return value of tf function calls */
+    CREDENTIALS cr;
+
+    if (c == NULL)
+        c = &cr;
+
+    /* Open ticket file and lock it for shared reading */
+    if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS)
+	return(tf_status);
+
+    /* Copy principal's name and instance into the CREDENTIALS struc c */
+
+    if ( (tf_status = tf_get_pname(c->pname)) != KSUCCESS ||
+    	 (tf_status = tf_get_pinst(c->pinst)) != KSUCCESS )
+	return (tf_status);
+
+    /* Search for requested service credentials and copy into c */
+       
+    while ((tf_status = tf_get_cred(c)) == KSUCCESS) {
+	if ((strcmp(c->service,service) == 0) &&
+           (strcmp(c->instance,instance) == 0) &&
+           (strcmp(c->realm,realm) == 0))
+		   break;
+    }
+    tf_close();
+
+    if (tf_status == EOF)
+	return (GC_NOTKT);
+    return(tf_status);
+}
diff --git a/crypto/kerberosIV/lib/krb/get_default_principal.c b/crypto/kerberosIV/lib/krb/get_default_principal.c
new file mode 100644
index 0000000..47ad6b3
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_default_principal.c
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_default_principal.c,v 1.14 1999/12/02 16:58:41 joda Exp $");
+
+int
+krb_get_default_principal(char *name, char *instance, char *realm)
+{
+  char *file;
+  int ret;
+  char *p;
+
+  if ((file = getenv("KRBTKFILE")) == NULL)
+      file = TKT_FILE;  
+  
+  ret = krb_get_tf_fullname(file, name, instance, realm);
+  if(ret == KSUCCESS)
+      return 0;
+
+  p = getenv("KRB4PRINCIPAL");
+  if(p && kname_parse(name, instance, realm, p) == KSUCCESS)
+      return 1;
+
+#ifdef HAVE_PWD_H
+  {
+    struct passwd *pw;
+    pw = getpwuid(getuid());
+    if(pw == NULL){
+      return -1;
+    }
+
+    strlcpy (name, pw->pw_name, ANAME_SZ);
+    strlcpy (instance, "", INST_SZ);
+    krb_get_lrealm(realm, 1);
+
+    if(strcmp(name, "root") == 0) {
+      p = NULL;
+#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
+      p = getlogin();
+#endif
+      if(p == NULL)
+	p = getenv("USER");
+      if(p == NULL)
+	p = getenv("LOGNAME");
+      if(p){
+	  strlcpy (name, p, ANAME_SZ);
+	  strlcpy (instance, "root", INST_SZ);
+      }
+    }
+    return 1;
+  }
+#else
+  return -1;
+#endif
+}
diff --git a/crypto/kerberosIV/lib/krb/get_host.c b/crypto/kerberosIV/lib/krb/get_host.c
new file mode 100644
index 0000000..0eb2224
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_host.c
@@ -0,0 +1,387 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_host.c,v 1.48 1999/12/02 16:58:41 joda Exp $");
+
+static struct host_list {
+    struct krb_host *this;
+    struct host_list *next;
+} *hosts;
+
+static int krb_port = 0;
+
+static void
+free_hosts(struct host_list *h)
+{
+    struct host_list *t;
+    while(h){
+	if(h->this->realm)
+	    free(h->this->realm);
+	if(h->this->host)
+	    free(h->this->host);
+	t = h;
+	h = h->next;
+	free(t);
+    }
+}
+
+static int
+parse_address(char *address, enum krb_host_proto *proto,
+	      char **host, int *port)
+{
+    char *p, *q;
+    int default_port = krb_port;
+    *proto = PROTO_UDP;
+    if(strncmp(address, "http://", 7) == 0){
+	p = address + 7;
+	*proto = PROTO_HTTP;
+	default_port = 80;
+    }else{
+	p = strchr(address, '/');
+	if(p){
+	    char prot[32];
+	    strlcpy (prot, address,
+			     min(p - address + 1, sizeof(prot)));
+	    if(strcasecmp(prot, "udp") == 0) 
+		*proto = PROTO_UDP;
+	    else if(strcasecmp(prot, "tcp") == 0)
+		*proto = PROTO_TCP;
+	    else if(strcasecmp(prot, "http") == 0) {
+		*proto = PROTO_HTTP;
+		default_port = 80;
+	    } else
+		krb_warning("Unknown protocol `%s', Using default `udp'.\n", 
+			    prot);
+	    p++;
+	}else
+	    p = address;
+    }
+    q = strchr(p, ':');
+    if(q) {
+	*host = malloc(q - p + 1);
+	if (*host == NULL)
+	    return -1;
+	strlcpy (*host, p, q - p + 1);
+	q++;
+	{
+	    struct servent *sp = getservbyname(q, NULL);
+	    if(sp)
+		*port = ntohs(sp->s_port);
+	    else
+		if(sscanf(q, "%d", port) != 1){
+		    krb_warning("Bad port specification `%s', using port %d.", 
+				q, krb_port);
+		    *port = krb_port;
+		}
+	}
+    } else {
+	*port = default_port;
+	q = strchr(p, '/');
+	if (q) {
+	    *host = malloc(q - p + 1);
+	    if (*host == NULL)
+		return -1;
+	    strlcpy (*host, p, q - p + 1);
+	} else {
+	    *host = strdup(p);
+	    if(*host == NULL)
+		return -1;
+	}
+    }
+    return 0;
+}
+
+static int
+add_host(const char *realm, char *address, int admin, int validate)
+{
+    struct krb_host *host;
+    struct host_list *p, **last = &hosts;
+
+    host = (struct krb_host*)malloc(sizeof(struct krb_host));
+    if (host == NULL)
+	return 1;
+    if(parse_address(address, &host->proto, &host->host, &host->port) < 0) {
+	free(host);
+	return 1;
+    }
+    if (validate) {
+	if (krb_dns_debug)
+	    krb_warning("Getting host entry for %s...", host->host);
+	if (gethostbyname(host->host) == NULL) {
+	    if (krb_dns_debug)
+		krb_warning("Didn't get it.\n");
+	    free(host->host);
+	    free(host);
+	    return 1;
+	}
+	else if (krb_dns_debug)
+	    krb_warning("Got it.\n");
+    }
+    host->admin = admin;
+    for(p = hosts; p; p = p->next){
+	if(strcmp(realm, p->this->realm) == 0 &&
+	   strcmp(host->host, p->this->host) == 0 && 
+	   host->proto == p->this->proto &&
+	   host->port == p->this->port){
+	    free(host->host);
+	    free(host);
+	    return 1;
+	}
+	last = &p->next;
+    }
+    host->realm = strdup(realm);
+    if (host->realm == NULL) {
+	free(host->host);
+	free(host);
+	return 1;
+    }
+    p = (struct host_list*)malloc(sizeof(struct host_list));
+    if (p == NULL) {
+	free(host->realm);
+	free(host->host);
+	free(host);
+	return 1;
+    }
+    p->this = host;
+    p->next = NULL;
+    *last = p;
+    return 0;
+}
+
+static int
+read_file(const char *filename, const char *r)
+{
+    char line[1024];
+    int nhosts = 0;
+    FILE *f = fopen(filename, "r");
+
+    if(f == NULL)
+	return -1;
+    while(fgets(line, sizeof(line), f) != NULL) {
+	char *realm, *address, *admin;
+	char *save;
+	
+	realm = strtok_r (line, " \t\n\r", &save);
+	if (realm == NULL)
+	    continue;
+	if (strcmp(realm, r))
+	    continue;
+	address = strtok_r (NULL, " \t\n\r", &save);
+	if (address == NULL)
+	    continue;
+	admin = strtok_r (NULL, " \t\n\r", &save);
+	if (add_host(realm,
+		     address,
+		     admin != NULL && strcasecmp(admin, "admin") == 0,
+		     0) == 0)
+	    ++nhosts;
+    }
+    fclose(f);
+    return nhosts;
+}
+
+#if 0
+static int
+read_cellservdb (const char *filename, const char *realm)
+{
+    char line[1024];
+    FILE *f = fopen (filename, "r");
+    int nhosts = 0;
+
+    if (f == NULL)
+	return -1;
+    while (fgets (line, sizeof(line), f) != NULL) {
+	if (line[0] == '>'
+	    && strncasecmp (line + 1, realm, strlen(realm)) == 0) {
+	    while (fgets (line, sizeof(line), f) != NULL && *line != '>') {
+		char *hash;
+
+		if (line [strlen(line) - 1] == '\n')
+		    line [strlen(line) - 1] = '\0';
+
+		hash = strchr (line, '#');
+
+		if (hash != NULL
+		    && add_host (realm, hash + 1, 0, 0) == 0)
+		    ++nhosts;
+	    }
+	    break;
+	}
+    }
+    fclose (f);
+    return nhosts;
+}
+#endif
+
+static int
+init_hosts(char *realm)
+{
+    int i, j, ret = 0;
+    char file[MaxPathLen];
+    
+    /*
+     * proto should really be NULL, but there are libraries out there
+     * that don't like that so we use "udp" instead.
+     */
+
+    krb_port = ntohs(k_getportbyname (KRB_SERVICE, "udp", htons(KRB_PORT)));
+    for(i = 0; krb_get_krbconf(i, file, sizeof(file)) == 0; i++) {
+      j = read_file(file, realm);
+      if (j > 0) ret += j;
+    }
+    return ret;
+}
+
+static void
+srv_find_realm(char *realm, char *proto, char *service)
+{
+    char *domain;
+    struct dns_reply *r;
+    struct resource_record *rr;
+    
+    roken_mconcat(&domain, 1024, service, ".", proto, ".", realm, ".", NULL);
+    
+    if(domain == NULL)
+	return;
+    
+    r = dns_lookup(domain, "srv");
+    if(r == NULL)
+	r = dns_lookup(domain, "txt");
+    if(r == NULL){
+	free(domain);
+	return;
+    }
+    for(rr = r->head; rr; rr = rr->next){
+	if(rr->type == T_SRV){
+	    char buf[1024];
+
+	    if (snprintf (buf,
+			  sizeof(buf),
+			  "%s/%s:%u",
+			  proto,
+			  rr->u.srv->target,
+			  rr->u.srv->port) < sizeof(buf))
+		add_host(realm, buf, 0, 0);
+	}else if(rr->type == T_TXT)
+	    add_host(realm, rr->u.txt, 0, 0);
+    }
+    dns_free_data(r);
+    free(domain);
+}
+
+struct krb_host*
+krb_get_host(int nth, const char *realm, int admin)
+{
+    struct host_list *p;
+    static char orealm[REALM_SZ];
+
+    if(orealm[0] == 0 || strcmp(realm, orealm)){
+	/* quick optimization */
+	if(realm && realm[0]){
+	    strlcpy (orealm, realm, sizeof(orealm));
+	}else{
+	    int ret = krb_get_lrealm(orealm, 1);
+	    if(ret != KSUCCESS)
+		return NULL;
+	}
+	
+	if(hosts){
+	    free_hosts(hosts);
+	    hosts = NULL;
+	}
+	
+	if (init_hosts(orealm) < nth) {
+	  srv_find_realm(orealm, "udp", KRB_SERVICE);
+	  srv_find_realm(orealm, "tcp", KRB_SERVICE);
+	  srv_find_realm(orealm, "http", KRB_SERVICE);
+	
+	  {
+	    char *host;
+	    int i = 0;
+
+	    asprintf(&host, "kerberos.%s.", orealm);
+	    if (host == NULL) {
+		free_hosts(hosts);
+		hosts = NULL;
+		return NULL;
+	    }
+	    add_host(orealm, host, 1, 1);
+	    do {
+		i++;
+		free(host);
+		asprintf(&host, "kerberos-%d.%s.", i, orealm);
+	    } while(host != NULL
+		   && i < 100000
+		   && add_host(orealm, host, 0, 1) == 0);
+	    free(host);
+	  }
+	}
+#if 0
+	read_cellservdb ("/usr/vice/etc/CellServDB", orealm);
+	read_cellservdb ("/usr/arla/etc/CellServDB", orealm);
+#endif
+    }
+    
+    for(p = hosts; p; p = p->next){
+	if(strcmp(orealm, p->this->realm) == 0 &&
+	   (!admin || p->this->admin)) {
+	    if(nth == 1)
+		return p->this;
+	    else
+		nth--;
+	}
+    }
+    return NULL;
+}
+
+int
+krb_get_krbhst(char *host, char *realm, int nth)
+{
+    struct krb_host *p = krb_get_host(nth, realm, 0);
+    if(p == NULL)
+	return KFAILURE;
+    strlcpy (host, p->host, MaxHostNameLen);
+    return KSUCCESS;
+}
+
+int
+krb_get_admhst(char *host, char *realm, int nth)
+{
+    struct krb_host *p = krb_get_host(nth, realm, 1);
+    if(p == NULL)
+	return KFAILURE;
+    strlcpy (host, p->host, MaxHostNameLen);
+    return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/get_in_tkt.c b/crypto/kerberosIV/lib/krb/get_in_tkt.c
new file mode 100644
index 0000000..9b40508
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_in_tkt.c
@@ -0,0 +1,188 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_in_tkt.c,v 1.24 1999/11/25 05:22:43 assar Exp $");
+
+/*
+ * This file contains three routines: passwd_to_key() and
+ * passwd_to_afskey() converts a password into a DES key, using the
+ * normal strinttokey and the AFS one, respectively, and
+ * krb_get_pw_in_tkt() gets an initial ticket for a user.  
+ */
+
+/*
+ * passwd_to_key() and passwd_to_afskey: given a password, return a DES key.
+ */
+
+int
+passwd_to_key(const char *user,
+	      const char *instance,
+	      const char *realm,
+	      const void *passwd,
+	      des_cblock *key)
+{
+#ifndef NOENCRYPTION
+    des_string_to_key((char *)passwd, key);
+#endif
+    return 0;
+}
+
+int
+passwd_to_5key(const char *user,
+	       const char *instance,
+	       const char *realm,
+	       const void *passwd, 
+	       des_cblock *key)
+{
+    char *p;
+    size_t len;
+    len = roken_mconcat (&p, 512, passwd, realm, user, instance, NULL);
+    if(len == 0)
+	return  -1;
+    des_string_to_key(p, key);
+    memset(p, 0, len);
+    free(p);
+    return 0;
+}
+
+
+int
+passwd_to_afskey(const char *user,
+		 const char *instance,
+		 const char *realm,
+		 const void *passwd,
+		 des_cblock *key)
+{
+#ifndef NOENCRYPTION
+    afs_string_to_key(passwd, realm, key);
+#endif
+    return (0);
+}
+
+/*
+ * krb_get_pw_in_tkt() takes the name of the server for which the initial
+ * ticket is to be obtained, the name of the principal the ticket is
+ * for, the desired lifetime of the ticket, and the user's password.
+ * It passes its arguments on to krb_get_in_tkt(), which contacts
+ * Kerberos to get the ticket, decrypts it using the password provided,
+ * and stores it away for future use.
+ *
+ * krb_get_pw_in_tkt() passes two additional arguments to krb_get_in_tkt():
+ * the name of a routine (passwd_to_key()) to be used to get the
+ * password in case the "password" argument is null and NULL for the
+ * decryption procedure indicating that krb_get_in_tkt should use the 
+ * default method of decrypting the response from the KDC.
+ *
+ * The result of the call to krb_get_in_tkt() is returned.
+ */
+
+typedef int (*const_key_proc_t) __P((const char *name,
+				     const char *instance, /* IN parameter */
+				     const char *realm,
+				     const void *password,
+				     des_cblock *key));
+
+int
+krb_get_pw_in_tkt2(const char *user,
+		   const char *instance,
+		   const char *realm,
+		   const char *service,
+		   const char *sinstance,
+		   int life,
+		   const char *password,
+		   des_cblock *key)
+{
+    char pword[100];		/* storage for the password */
+    int code;
+
+    /* Only request password once! */
+    if (!password) {
+        if (des_read_pw_string(pword, sizeof(pword)-1, "Password: ", 0)){
+	    memset(pword, 0, sizeof(pword));
+	    return INTK_BADPW;
+	}
+        password = pword;
+    }
+
+    {
+	KTEXT_ST as_rep;
+	CREDENTIALS cred;
+	int ret = 0;
+	const_key_proc_t key_procs[] = { passwd_to_key,
+					 passwd_to_afskey, 
+					 passwd_to_5key,
+					 NULL };
+	const_key_proc_t *kp;
+	
+	code = krb_mk_as_req(user, instance, realm,
+			     service, sinstance, life, &as_rep);
+	if(code)
+	    return code;
+	for(kp = key_procs; *kp; kp++){
+	    KTEXT_ST tmp;
+	    memcpy(&tmp, &as_rep, sizeof(as_rep));
+	    code = krb_decode_as_rep(user,
+				     (char *)instance, /* const_key_proc_t */
+				     realm,
+				     service,
+				     sinstance, 
+				     (key_proc_t)*kp, /* const_key_proc_t */
+				     NULL,
+				     password,
+				     &tmp,
+				     &cred);
+	    if(code == 0){
+		if(key)
+		    (**kp)(user, instance, realm, password, key);
+		break;
+	    }
+	    if(code != INTK_BADPW)
+		ret = code; /* this is probably a better code than
+			       what code gets after this loop */
+	}
+	if(code)
+	    return ret ? ret : code;
+
+	code = tf_setup(&cred, user, instance);
+	if (code == KSUCCESS) {
+	  if (krb_get_config_bool("nat_in_use"))
+	    krb_add_our_ip_for_realm(user, instance, realm, password);
+	}
+    }
+    if (password == pword)
+        memset(pword, 0, sizeof(pword));
+    return(code);
+}
+
+int
+krb_get_pw_in_tkt(const char *user,
+		  const char *instance,
+		  const char *realm,
+		  const char *service,
+		  const char *sinstance,
+		  int life,
+		  const char *password)
+{
+    return krb_get_pw_in_tkt2(user, instance, realm, 
+			      service, sinstance, life, password, NULL);
+}
diff --git a/crypto/kerberosIV/lib/krb/get_krbrlm.c b/crypto/kerberosIV/lib/krb/get_krbrlm.c
new file mode 100644
index 0000000..a6b0ba9
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_krbrlm.c
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_krbrlm.c,v 1.25 1999/12/02 16:58:41 joda Exp $");
+
+/*
+ * krb_get_lrealm takes a pointer to a string, and a number, n.  It fills
+ * in the string, r, with the name of the nth realm specified on the
+ * first line of the kerberos config file (KRB_CONF, defined in "krb.h").
+ * It returns 0 (KSUCCESS) on success, and KFAILURE on failure.  If the
+ * config file does not exist, and if n=1, a successful return will occur
+ * with r = KRB_REALM (also defined in "krb.h").
+ *
+ * For the format of the KRB_CONF file, see comments describing the routine
+ * krb_get_krbhst().
+ */
+
+static int
+krb_get_lrealm_f(char *r, int n, const char *fname)
+{
+    char buf[1024];
+    char *p;
+    int nchar;
+    FILE *f;
+    int ret = KFAILURE;
+
+    if (n < 0)
+        return KFAILURE;
+    if(n == 0)
+	n = 1;
+
+    f = fopen(fname, "r");
+    if (f == 0)
+        return KFAILURE;
+
+    for (; n > 0; n--)
+        if (fgets(buf, sizeof(buf), f) == 0)
+            goto done;
+
+    /* We now have the n:th line, remove initial white space. */
+    p = buf + strspn(buf, " \t");
+
+    /* Collect realmname. */
+    nchar    = strcspn(p, " \t\n");
+    if (nchar == 0 || nchar > REALM_SZ)
+        goto done;		/* No realmname */
+    strncpy(r, p, nchar);
+    r[nchar] = 0;
+
+    /* Does more junk follow? */
+    p += nchar;
+    nchar = strspn(p, " \t\n");
+    if (p[nchar] == 0)
+        ret = KSUCCESS;		/* This was a realm name only line. */
+
+  done:
+    fclose(f);
+    return ret;
+}
+
+static const char *no_default_realm = "NO.DEFAULT.REALM";
+
+int
+krb_get_lrealm(char *r, int n)
+{
+    int i;
+    char file[MaxPathLen];
+
+    for (i = 0; krb_get_krbconf(i, file, sizeof(file)) == 0; i++)
+	if (krb_get_lrealm_f(r, n, file) == KSUCCESS)
+	    return KSUCCESS;
+
+    /* When nothing else works try default realm */
+    if (n == 1) {
+      char *t = krb_get_default_realm();
+
+      if (strcmp(t, no_default_realm) == 0)
+	return KFAILURE;	/* Can't figure out default realm */
+
+      strcpy(r, t);
+      return KSUCCESS;
+    }
+    else
+	return(KFAILURE);
+}
+
+/* Returns local realm if that can be figured out else NO.DEFAULT.REALM */
+char *
+krb_get_default_realm(void)
+{
+    static char local_realm[REALM_SZ]; /* Local kerberos realm */
+    
+    if (local_realm[0] == 0) {
+	char *t, hostname[MaxHostNameLen];
+
+	strlcpy(local_realm, no_default_realm, 
+			sizeof(local_realm)); /* Provide default */
+
+	gethostname(hostname, sizeof(hostname));
+	t = krb_realmofhost(hostname);
+	if (t && strcmp(t, no_default_realm) != 0)
+	    strlcpy(local_realm, t, sizeof(local_realm));
+    }
+    return local_realm;
+}
diff --git a/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c b/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c
new file mode 100644
index 0000000..daf7ae1
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c
@@ -0,0 +1,79 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_svc_in_tkt.c,v 1.9 1999/06/29 21:18:04 bg Exp $");
+
+/*
+ * This file contains two routines: srvtab_to_key(), which gets
+ * a server's key from a srvtab file, and krb_get_svc_in_tkt() which
+ * gets an initial ticket for a server.
+ */
+
+/*
+ * srvtab_to_key(): given a "srvtab" file (where the keys for the
+ * service on a host are stored), return the private key of the
+ * given service (user.instance@realm).
+ *
+ * srvtab_to_key() passes its arguments on to read_service_key(),
+ * plus one additional argument, the key version number.
+ * (Currently, the key version number is always 0; this value
+ * is treated as a wildcard by read_service_key().)
+ *
+ * If the "srvtab" argument is null, KEYFILE (defined in "krb.h")
+ * is passed in its place.
+ *
+ * It returns the return value of the read_service_key() call.
+ * The service key is placed in "key".
+ */
+
+int 
+srvtab_to_key(const char *user,
+	      char *instance,
+	      const char *realm,
+	      const void *srvtab,
+	      des_cblock *key)
+{
+    if (!srvtab)
+        srvtab = KEYFILE;
+
+    return(read_service_key(user, instance, realm, 0, (char *)srvtab,
+                            (char *)key));
+}
+
+/*
+ * krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(),
+ * plus two additional arguments: a pointer to the srvtab_to_key()
+ * function to be used to get the key from the key file and a NULL
+ * for the decryption procedure indicating that krb_get_in_tkt should 
+ * use the default method of decrypting the response from the KDC.
+ *
+ * It returns the return value of the krb_get_in_tkt() call.
+ */
+
+int
+krb_get_svc_in_tkt(char *user, char *instance, char *realm, char *service,
+		   char *sinstance, int life, char *srvtab)
+{
+    return(krb_get_in_tkt(user, instance, realm, service, sinstance,
+                          life, srvtab_to_key, NULL, srvtab));
+}
diff --git a/crypto/kerberosIV/lib/krb/get_tf_fullname.c b/crypto/kerberosIV/lib/krb/get_tf_fullname.c
new file mode 100644
index 0000000..75688b0
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_tf_fullname.c
@@ -0,0 +1,70 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_tf_fullname.c,v 1.8 1999/09/16 20:41:51 assar Exp $");
+
+/*
+ * This file contains a routine to extract the fullname of a user
+ * from the ticket file.
+ */
+
+/*
+ * krb_get_tf_fullname() takes four arguments: the name of the 
+ * ticket file, and variables for name, instance, and realm to be
+ * returned in.  Since the realm of a ticket file is not really fully 
+ * supported, the realm used will be that of the the first ticket in 
+ * the file as this is the one that was obtained with a password by
+ * krb_get_in_tkt().
+ */
+
+int
+krb_get_tf_fullname(char *ticket_file, char *name, char *instance, char *realm)
+{
+    int tf_status;
+    CREDENTIALS c;
+
+    if ((tf_status = tf_init(ticket_file, R_TKT_FIL)) != KSUCCESS)
+	return(tf_status);
+
+    if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) ||
+	((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS))
+	return (tf_status);
+    
+    if (name)
+	strlcpy (name, c.pname, ANAME_SZ);
+    if (instance)
+	strlcpy (instance, c.pinst, INST_SZ);
+    if ((tf_status = tf_get_cred(&c)) == KSUCCESS) {
+	if (realm)
+	    strlcpy (realm, c.realm, REALM_SZ);
+    }
+    else {
+	if (tf_status == EOF)
+	    return(KFAILURE);
+	else
+	    return(tf_status);
+    }    
+    tf_close();
+    
+    return(tf_status);
+}
diff --git a/crypto/kerberosIV/lib/krb/get_tf_realm.c b/crypto/kerberosIV/lib/krb/get_tf_realm.c
new file mode 100644
index 0000000..1a3c7d1
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/get_tf_realm.c
@@ -0,0 +1,41 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: get_tf_realm.c,v 1.5 1997/03/23 03:53:10 joda Exp $");
+
+/*
+ * This file contains a routine to extract the realm of a kerberos
+ * ticket file.
+ */
+
+/*
+ * krb_get_tf_realm() takes two arguments: the name of a ticket 
+ * and a variable to store the name of the realm in.
+ * 
+ */
+
+int
+krb_get_tf_realm(char *ticket_file, char *realm)
+{
+    return(krb_get_tf_fullname(ticket_file, 0, 0, realm));
+}
diff --git a/crypto/kerberosIV/lib/krb/getaddrs.c b/crypto/kerberosIV/lib/krb/getaddrs.c
new file mode 100644
index 0000000..d157690
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/getaddrs.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: getaddrs.c,v 1.28 1999/12/02 16:58:42 joda Exp $");
+
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_NET_IF_H
+#ifdef __osf__
+struct rtentry;
+struct mbuf;
+#endif
+#ifdef _AIX
+#undef __P /* XXX hack for AIX 4.3 */
+#endif
+#include <net/if.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKIO_H
+#include <sys/sockio.h>
+#endif /* HAVE_SYS_SOCKIO_H */
+
+/*
+ * Return number and list of all local adresses.
+ */
+
+int
+k_get_all_addrs (struct in_addr **l)
+{
+#if !defined(SIOCGIFCONF) || !defined(SIOCGIFFLAGS) || !defined(SIOCGIFADDR)
+     char name[MaxHostNameLen];
+     struct hostent *he;
+
+     if (gethostname(name, sizeof(name)) < 0)
+	  return -1;
+     he = gethostbyname (name);
+     if (he == NULL)
+	  return -1;
+     *l = malloc(sizeof(**l));
+     if (*l == NULL)
+	  return -1;
+     memcpy (*l, he->h_addr_list[0], sizeof(*l));
+     return 1;
+#else
+     int fd;
+     char *inbuf = NULL;
+     size_t in_len = 8192;
+     struct ifreq ifreq;
+     struct ifconf ifconf;
+     int num, j;
+     char *p;
+     size_t sz;
+
+     *l = NULL;
+     fd = socket(AF_INET, SOCK_DGRAM, 0);
+     if (fd < 0)
+	  return -1;
+
+     for(;;) {
+	 void *tmp;
+
+	 tmp = realloc (inbuf, in_len);
+	 if (tmp == NULL)
+	     goto fail;
+	 inbuf = tmp;
+
+	 ifconf.ifc_len = in_len;
+	 ifconf.ifc_buf = inbuf;
+
+	 if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0)
+	     goto fail;
+	 if(ifconf.ifc_len + sizeof(ifreq) < in_len)
+	     break;
+	 in_len *= 2;
+     }
+     num = ifconf.ifc_len / sizeof(struct ifreq);
+     *l = malloc(num * sizeof(struct in_addr));
+     if(*l == NULL)
+	 goto fail;
+
+     j = 0;
+     ifreq.ifr_name[0] = '\0';
+     for (p = ifconf.ifc_buf; p < ifconf.ifc_buf + ifconf.ifc_len; p += sz) {
+          struct ifreq *ifr = (struct ifreq *)p;
+	  sz = sizeof(*ifr);
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+	  sz = max(sz, sizeof(ifr->ifr_name) + ifr->ifr_addr.sa_len);
+#endif
+
+	  if(strncmp(ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name))) {
+	      if(ioctl(fd, SIOCGIFFLAGS, ifr) < 0)
+		  continue;
+	      if (ifr->ifr_flags & IFF_UP) {
+		  if(ioctl(fd, SIOCGIFADDR, ifr) < 0) 
+		      continue;
+		  (*l)[j++] = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr;
+	       }
+	      ifreq = *ifr;
+	  }
+     }
+     if (j != num) {
+	 void *tmp;
+	 tmp = realloc (*l, j * sizeof(struct in_addr));
+	 if(tmp == NULL)
+	     goto fail;
+	 *l = tmp;
+     }
+     close (fd);
+     free(inbuf);
+     return j;
+fail:
+     close(fd);
+     free(inbuf);
+     free(*l);
+     return -1;
+#endif /* SIOCGIFCONF */
+}
diff --git a/crypto/kerberosIV/lib/krb/getfile.c b/crypto/kerberosIV/lib/krb/getfile.c
new file mode 100644
index 0000000..99d0c3f
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/getfile.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: getfile.c,v 1.5 1999/12/02 16:58:42 joda Exp $");
+
+static int
+is_suid(void)
+{
+    int ret = 0;
+#ifdef HAVE_GETUID
+    ret |= getuid() != geteuid();
+#endif
+#ifdef HAVE_GETGID
+    ret |= getgid() != getegid();
+#endif
+    return ret;
+}
+
+static int
+get_file(const char **files, int num, const char *file, char *buf, size_t len)
+{
+    const char *p, **q;
+    int i = 0;
+    if(!is_suid() && (p = getenv("KRBCONFDIR"))){
+	if(num == i){
+	    snprintf(buf, len, "%s/%s", p, file);
+	    return 0;
+	}
+	i++;
+    }
+    for(q = files; *q; q++, i++){
+	if(num == i){
+	    snprintf(buf, len, "%s", *q);
+	    return 0;
+	}
+    }
+    return -1;
+}
+
+int
+krb_get_krbconf(int num, char *buf, size_t len)
+{
+    const char *files[] = KRB_CNF_FILES;
+    return get_file(files, num, "krb.conf", buf, len);
+}
+
+int
+krb_get_krbrealms(int num, char *buf, size_t len)
+{
+    const char *files[] = KRB_RLM_FILES;
+    return get_file(files, num, "krb.realms", buf, len);
+}
+
+int
+krb_get_krbextra(int num, char *buf, size_t len)
+{
+    const char *files[] = { "/etc/krb.extra", NULL };
+    return get_file(files, num, "krb.extra", buf, len);
+}
diff --git a/crypto/kerberosIV/lib/krb/getrealm.c b/crypto/kerberosIV/lib/krb/getrealm.c
new file mode 100644
index 0000000..2dcb4cf
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/getrealm.c
@@ -0,0 +1,185 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: getrealm.c,v 1.36 1999/09/16 20:41:51 assar Exp $");
+
+#ifndef MATCH_SUBDOMAINS
+#define MATCH_SUBDOMAINS 0
+#endif
+
+/*
+ * krb_realmofhost.
+ * Given a fully-qualified domain-style primary host name,
+ * return the name of the Kerberos realm for the host.
+ * If the hostname contains no discernable domain, or an error occurs,
+ * return the local realm name, as supplied by get_krbrlm().
+ * If the hostname contains a domain, but no translation is found,
+ * the hostname's domain is converted to upper-case and returned.
+ *
+ * The format of each line of the translation file is:
+ * domain_name kerberos_realm
+ * -or-
+ * host_name kerberos_realm
+ *
+ * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU)
+ * host names should be in the usual form (e.g. FOO.BAR.BAZ)
+ */
+
+/* To automagically find the correct realm of a host (without
+ * krb.realms) add a text record for your domain with the name of your
+ * realm, like this:
+ *
+ * krb4-realm	IN	TXT	FOO.SE
+ *
+ * The search is recursive, so you can also add entries for specific
+ * hosts. To find the realm of host a.b.c, it first tries
+ * krb4-realm.a.b.c, then krb4-realm.b.c and so on.
+ */
+
+static int
+dns_find_realm(char *hostname, char *realm)
+{
+    char domain[MaxHostNameLen + sizeof("krb4-realm..")];
+    char *p;
+    int level = 0;
+    struct dns_reply *r;
+    
+    p = hostname;
+
+    while(1){
+	snprintf(domain, sizeof(domain), "krb4-realm.%s.", p);
+	p = strchr(p, '.');
+	if(p == NULL)
+	    break;
+	p++;
+	r = dns_lookup(domain, "TXT");
+	if(r){
+	    struct resource_record *rr = r->head;
+	    while(rr){
+		if(rr->type == T_TXT){
+		    strlcpy(realm, rr->u.txt, REALM_SZ);
+		    dns_free_data(r);
+		    return level;
+		}
+		rr = rr->next;
+	    }
+	    dns_free_data(r);
+	}
+	level++;
+    }
+    return -1;
+}
+
+
+static FILE *
+open_krb_realms(void)
+{
+    int i;
+    char file[MaxPathLen];
+    FILE *res;
+
+    for(i = 0; krb_get_krbrealms(i, file, sizeof(file)) == 0; i++)
+	if ((res = fopen(file, "r")) != NULL)
+	    return res;
+  return NULL;
+}
+
+static int
+file_find_realm(const char *phost, const char *domain,
+		char *ret_realm, size_t ret_realm_sz)
+{
+    FILE *trans_file;
+    char buf[1024];
+    int ret = -1;
+    
+    if ((trans_file = open_krb_realms()) == NULL)
+	return -1;
+
+    while (fgets(buf, sizeof(buf), trans_file) != NULL) {
+	char *save = NULL;
+	char *tok;
+	char *tmp_host;
+	char *tmp_realm;
+
+	tok = strtok_r(buf, " \t\r\n", &save);
+	if(tok == NULL)
+	    continue;
+	tmp_host = tok;
+	tok = strtok_r(NULL, " \t\r\n", &save);
+	if(tok == NULL)
+	    continue;
+	tmp_realm = tok;
+	if (strcasecmp(tmp_host, phost) == 0) {
+	    /* exact match of hostname, so return the realm */
+	    strlcpy(ret_realm, tmp_realm, ret_realm_sz);
+	    ret = 0;
+	    break;
+	}
+	if ((tmp_host[0] == '.') && domain) { 
+	    const char *cp = domain;
+	    do {
+		if(strcasecmp(tmp_host, cp) == 0){
+		    /* domain match, save for later */ 
+		    strlcpy(ret_realm, tmp_realm, ret_realm_sz);
+		    ret = 0;
+		    break;
+		}
+		cp = strchr(cp + 1, '.');
+	    } while(MATCH_SUBDOMAINS && cp);
+	}
+	if (ret == 0)
+	    break;
+    }
+    fclose(trans_file);
+    return ret;
+}
+
+char *
+krb_realmofhost(const char *host)
+{
+    static char ret_realm[REALM_SZ];
+    char *domain;
+    char phost[MaxHostNameLen];
+	
+    krb_name_to_name(host, phost, sizeof(phost));
+	
+    domain = strchr(phost, '.');
+
+    if(file_find_realm(phost, domain, ret_realm, sizeof ret_realm) == 0)
+	return ret_realm;
+
+    if(dns_find_realm(phost, ret_realm) >= 0)
+	return ret_realm;
+  
+    if (domain) {
+	char *cp;
+	  
+	strlcpy(ret_realm, &domain[1], REALM_SZ);
+	/* Upper-case realm */
+	for (cp = ret_realm; *cp; cp++)
+	    *cp = toupper(*cp);
+    } else {
+	strncpy(ret_realm, krb_get_default_realm(), REALM_SZ); /* Wild guess */
+    }
+    return ret_realm;
+}
diff --git a/crypto/kerberosIV/lib/krb/getst.c b/crypto/kerberosIV/lib/krb/getst.c
new file mode 100644
index 0000000..de99962
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/getst.c
@@ -0,0 +1,45 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: getst.c,v 1.6 1997/03/23 03:53:11 joda Exp $");
+
+/*
+ * getst() takes a file descriptor, a string and a count.  It reads
+ * from the file until either it has read "count" characters, or until
+ * it reads a null byte.  When finished, what has been read exists in
+ * the given string "s".  If "count" characters were actually read, the
+ * last is changed to a null, so the returned string is always null-
+ * terminated.  getst() returns the number of characters read, including
+ * the null terminator.
+ */
+
+int
+getst(int fd, char *s, int n)
+{
+    int count = n;
+    while (read(fd, s, 1) > 0 && --count)
+        if (*s++ == '\0')
+            return (n - count);
+    *s = '\0';
+    return (n - count);
+}
diff --git a/crypto/kerberosIV/lib/krb/k_getport.c b/crypto/kerberosIV/lib/krb/k_getport.c
new file mode 100644
index 0000000..063a0b2
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/k_getport.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: k_getport.c,v 1.11 1999/12/02 16:58:42 joda Exp $");
+
+int
+k_getportbyname (const char *service, const char *proto, int default_port)
+{
+#ifdef HAVE_GETSERVBYNAME  
+    struct servent *sp;
+    
+    sp = getservbyname(service, proto);
+    if(sp != NULL)
+	return sp->s_port;
+    
+    krb_warning ("%s/%s unknown service, using default port %d\n", 
+		 service, proto ? proto : "*", ntohs(default_port));
+#endif
+    return default_port;
+}
diff --git a/crypto/kerberosIV/lib/krb/k_getsockinst.c b/crypto/kerberosIV/lib/krb/k_getsockinst.c
new file mode 100644
index 0000000..2b0453c
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/k_getsockinst.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: k_getsockinst.c,v 1.13 1999/12/02 16:58:42 joda Exp $");
+
+/*
+ * Return in inst the name of the local interface bound to socket
+ * fd. On Failure return the 'wildcard' instance "*".
+ */
+
+int
+k_getsockinst(int fd, char *inst, size_t inst_size)
+{
+  struct sockaddr_in addr;
+  int len = sizeof(addr);
+  struct hostent *hnam;
+
+  if (getsockname(fd, (struct sockaddr *)&addr, &len) < 0)
+    goto fail;
+
+  hnam = gethostbyaddr((char *)&addr.sin_addr,
+		       sizeof(addr.sin_addr),
+		       addr.sin_family);
+  if (hnam == 0)
+    goto fail;
+
+  strlcpy (inst, hnam->h_name, inst_size);
+  k_ricercar(inst); /* Canonicalize name */
+  return 0;			/* Success */
+
+ fail:
+  inst[0] = '*';
+  inst[1] = 0;
+  return -1;
+}
diff --git a/crypto/kerberosIV/lib/krb/k_localtime.c b/crypto/kerberosIV/lib/krb/k_localtime.c
new file mode 100644
index 0000000..e8cbdd6
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/k_localtime.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: k_localtime.c,v 1.8 1999/12/02 16:58:42 joda Exp $");
+
+struct tm *k_localtime(u_int32_t *tp)
+{
+  time_t t;
+  t = *tp;
+  return localtime(&t);
+}
diff --git a/crypto/kerberosIV/lib/krb/kdc_reply.c b/crypto/kerberosIV/lib/krb/kdc_reply.c
new file mode 100644
index 0000000..7a069e4
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/kdc_reply.c
@@ -0,0 +1,129 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: kdc_reply.c,v 1.12 1999/12/02 16:58:42 joda Exp $");
+
+static int little_endian; /* XXX ugly */
+
+int
+kdc_reply_cred(KTEXT cip, CREDENTIALS *cred)
+{
+    unsigned char *p = cip->dat;
+    
+    memcpy(cred->session, p, 8);
+    p += 8;
+    
+    if(p + strlen((char*)p) > cip->dat + cip->length)
+	return INTK_BADPW;
+    p += krb_get_string(p, cred->service, sizeof(cred->service));
+    
+    if(p + strlen((char*)p) > cip->dat + cip->length)
+	return INTK_BADPW;
+    p += krb_get_string(p, cred->instance, sizeof(cred->instance));
+    
+    if(p + strlen((char*)p) > cip->dat + cip->length)
+	return INTK_BADPW;
+    p += krb_get_string(p, cred->realm, sizeof(cred->realm));
+    
+    if(p + 3 > cip->dat + cip->length)
+	return INTK_BADPW;
+    cred->lifetime = *p++;
+    cred->kvno = *p++;
+    cred->ticket_st.length = *p++;
+    
+    if(p + cred->ticket_st.length + 4 > cip->dat + cip->length)
+	return INTK_BADPW;
+    memcpy(cred->ticket_st.dat, p, cred->ticket_st.length);
+    p += cred->ticket_st.length;
+    
+    p += krb_get_int(p, (u_int32_t *)&cred->issue_date, 4, little_endian);
+    
+    return KSUCCESS;
+}
+
+int
+kdc_reply_cipher(KTEXT reply, KTEXT cip)
+{
+    unsigned char *p;
+    unsigned char pvno;
+    unsigned char type;
+
+    char aname[ANAME_SZ];
+    char inst[INST_SZ];
+    char realm[REALM_SZ];
+    
+    u_int32_t kdc_time;
+    u_int32_t exp_date;
+    u_int32_t clen;
+
+    p = reply->dat;
+
+    pvno = *p++;
+
+    if (pvno != KRB_PROT_VERSION )
+        return INTK_PROT;
+    
+    type = *p++;
+    little_endian = type & 1;
+    
+    type &= ~1;
+
+    if(type == AUTH_MSG_ERR_REPLY){
+	u_int32_t code;
+	/* skip these fields */
+	p += strlen((char*)p) + 1; /* name */
+	p += strlen((char*)p) + 1; /* instance */
+	p += strlen((char*)p) + 1; /* realm */
+	p += 4; /* time */
+	p += krb_get_int(p, &code, 4, little_endian);
+	if(code == 0)
+	    code = KFAILURE; /* things will go bad otherwise */
+	return code;
+    }
+    if(type != AUTH_MSG_KDC_REPLY)
+	return INTK_PROT;
+
+    p += krb_get_nir(p, aname, inst, realm);
+    p += krb_get_int(p, &kdc_time, 4, little_endian);
+    p++; /* number of tickets */
+    p += krb_get_int(p, &exp_date, 4, little_endian);
+    p++; /* master key version number */
+    p += krb_get_int(p, &clen, 2, little_endian);
+    cip->length = clen;
+    memcpy(cip->dat, p, clen);
+    p += clen;
+    
+    return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/klog.h b/crypto/kerberosIV/lib/krb/klog.h
new file mode 100644
index 0000000..cee92d9
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/klog.h
@@ -0,0 +1,47 @@
+/*
+ * $Id: klog.h,v 1.5 1997/05/11 11:05:28 assar Exp $
+ *
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * This file defines the types of log messages logged by klog.  Each
+ * type of message may be selectively turned on or off. 
+ */
+
+#ifndef KLOG_DEFS
+#define KLOG_DEFS
+
+#ifndef KRBLOG
+#define KRBLOG 		"/var/log/kerberos.log"  /* master server  */
+#endif
+#ifndef KRBSLAVELOG
+#define KRBSLAVELOG	"/var/log/kerberos_slave.log"  /* slave server  */
+#endif
+#define	NLOGTYPE	100	/* Maximum number of log msg types  */
+
+#define L_NET_ERR	  1	/* Error in network code	    */
+#define L_NET_INFO	  2	/* Info on network activity	    */
+#define L_KRB_PERR	  3	/* Kerberos protocol errors	    */
+#define L_KRB_PINFO	  4	/* Kerberos protocol info	    */
+#define L_INI_REQ	  5	/* Request for initial ticket	    */
+#define L_NTGT_INTK       6	/* Initial request not for TGT	    */
+#define L_DEATH_REQ       7	/* Request for server death	    */
+#define L_TKT_REQ	  8	/* All ticket requests using a tgt  */
+#define L_ERR_SEXP	  9	/* Service expired		    */
+#define L_ERR_MKV	 10	/* Master key version incorrect     */
+#define L_ERR_NKY	 11	/* User's key is null		    */
+#define L_ERR_NUN	 12	/* Principal not unique		    */
+#define L_ERR_UNK	 13	/* Principal Unknown		    */
+#define L_ALL_REQ	 14	/* All requests			    */
+#define L_APPL_REQ	 15	/* Application requests (using tgt) */
+#define L_KRB_PWARN      16	/* Protocol warning messages	    */
+
+char * klog __P((int type, const char *format, ...))
+#ifdef __GNUC__
+__attribute__ ((format (printf, 2, 3)))
+#endif
+;
+
+#endif /* KLOG_DEFS */
diff --git a/crypto/kerberosIV/lib/krb/kntoln.c b/crypto/kerberosIV/lib/krb/kntoln.c
new file mode 100644
index 0000000..86e5205
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/kntoln.c
@@ -0,0 +1,177 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+/*
+ * krb_kntoln converts an auth name into a local name by looking up
+ * the auth name in the /etc/aname file.  The format of the aname
+ * file is:
+ *
+ * +-----+-----+-----+-----+------+----------+-------+-------+
+ * | anl | inl | rll | lnl | name | instance | realm | lname |
+ * +-----+-----+-----+-----+------+----------+-------+-------+
+ * | 1by | 1by | 1by | 1by | name | instance | realm | lname |
+ * +-----+-----+-----+-----+------+----------+-------+-------+
+ *
+ * If the /etc/aname file can not be opened it will set the
+ * local name to the auth name.  Thus, in this case it performs as
+ * the identity function.
+ *
+ * The name instance and realm are passed to krb_kntoln through
+ * the AUTH_DAT structure (ad).
+ *
+ * Now here's what it *really* does:
+ *
+ * Given a Kerberos name in an AUTH_DAT structure, check that the
+ * instance is null, and that the realm is the same as the local
+ * realm, and return the principal's name in "lname".  Return
+ * KSUCCESS if all goes well, otherwise KFAILURE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: kntoln.c,v 1.10 1998/06/09 19:25:21 joda Exp $");
+
+int
+krb_kntoln(AUTH_DAT *ad, char *lname)
+{
+    static char lrealm[REALM_SZ] = "";
+
+    if (!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE))
+        return(KFAILURE);
+
+    if (strcmp(ad->pinst, ""))
+        return(KFAILURE);
+    if (strcmp(ad->prealm, lrealm))
+        return(KFAILURE);
+    strcpy(lname, ad->pname);
+    return(KSUCCESS);
+}
+
+#if 0
+/* Posted to usenet by "Derrick J. Brashear" <shadow+@andrew.cmu.edu> */
+
+#include <krb.h>
+#include <ndbm.h>
+#include <stdio.h>
+#include <sys/file.h>
+#include <strings.h>
+#include <sys/syslog.h>
+#include <sys/errno.h>
+
+extern int errno;
+/*
+ * antoln converts an authentication name into a local name by looking up
+ * the authentication name in the /etc/aname dbm database.
+ * 
+ * If the /etc/aname file can not be opened it will set the 
+ * local name to the principal name.  Thus, in this case it performs as 
+ * the identity function.
+ * 
+ * The name instance and realm are passed to antoln through
+ * the AUTH_DAT structure (ad).
+ */
+
+static char     lrealm[REALM_SZ] = "";
+
+int
+an_to_ln(AUTH_DAT *ad, char *lname)
+{
+    static DBM *aname = NULL;
+    char keyname[ANAME_SZ+INST_SZ+REALM_SZ+2];
+
+    if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE))
+	return(KFAILURE);
+
+    if((strcmp(ad->pinst,"") && strcmp(ad->pinst,"root")) ||
+       strcmp(ad->prealm,lrealm)) {
+	datum val;
+	datum key;
+	/*
+	 * Non-local name (or) non-null and non-root instance.
+	 * Look up in dbm file.
+	 */
+	if (!aname) {
+	    if ((aname = dbm_open("/etc/aname", O_RDONLY, 0))
+		== NULL) return (KFAILURE);
+	}
+	/* Construct dbm lookup key. */
+	an_to_a(ad, keyname);
+	key.dptr = keyname;
+	key.dsize = strlen(keyname)+1;
+	flock(dbm_dirfno(aname), LOCK_SH);
+	val = dbm_fetch(aname, key);
+	flock(dbm_dirfno(aname), LOCK_UN);
+	if (!val.dptr) {
+	    dbm_close(aname);
+	    return(KFAILURE);
+	}
+	/* Got it! */
+	strcpy(lname,val.dptr);
+	return(KSUCCESS);
+    } else strcpy(lname,ad->pname);
+    return(KSUCCESS);
+}
+
+void
+an_to_a(AUTH_DAT *ad, char *str)
+{
+    strcpy(str, ad->pname);
+    if(*ad->pinst) {
+	strcat(str, ".");
+	strcat(str, ad->pinst);
+    }
+    strcat(str, "@");
+    strcat(str, ad->prealm);
+}
+
+/*
+ * Parse a string of the form "user[.instance][@realm]" 
+ * into a struct AUTH_DAT.
+ */
+
+int
+a_to_an(char *str, AUTH_DAT *ad)
+{
+    char *buf = (char *)malloc(strlen(str)+1);
+    char *rlm, *inst, *princ;
+
+    if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) {
+	free(buf);
+	return(KFAILURE);
+    }
+    /* destructive string hacking is more fun.. */
+    strcpy(buf, str);
+
+    if (rlm = index(buf, '@')) {
+	*rlm++ = '\0';
+    }
+    if (inst = index(buf, '.')) {
+	*inst++ = '\0';
+    }
+    strcpy(ad->pname, buf);
+    if(inst) strcpy(ad->pinst, inst);
+    else *ad->pinst = '\0';
+    if (rlm) strcpy(ad->prealm, rlm);
+    else strcpy(ad->prealm, lrealm);
+    free(buf);
+    return(KSUCCESS);
+}
+#endif
diff --git a/crypto/kerberosIV/lib/krb/krb-archaeology.h b/crypto/kerberosIV/lib/krb/krb-archaeology.h
new file mode 100644
index 0000000..0757996
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb-archaeology.h
@@ -0,0 +1,131 @@
+/*
+ * $Id: krb-archaeology.h,v 1.2 1997/12/05 02:04:44 joda Exp $
+ *
+ * Most of the cruft in this file is probably:
+ *
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ */
+
+#ifndef __KRB_ARCHAEOLOGY_H__
+#define __KRB_ARCHAEOLOGY_H__
+
+/* Compare x and y in VAX byte order, result is -1, 0 or 1. */
+
+#define krb_lsb_antinet_ulong_less(x, y) (((x) == (y)) ? 0 :  krb_lsb_antinet_ulong_cmp(x, y))
+
+#define krb_lsb_antinet_ushort_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ushort_cmp(x, y))
+
+int krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y);
+int krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y);
+u_int32_t lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst);
+
+/* Macro's to obtain various fields from a packet */
+
+#define pkt_version(packet)  (unsigned int) *(packet->dat)
+#define pkt_msg_type(packet) (unsigned int) *(packet->dat+1)
+#define pkt_a_name(packet)   (packet->dat+2)
+#define pkt_a_inst(packet)   \
+	(packet->dat+3+strlen((char *)pkt_a_name(packet)))
+#define pkt_a_realm(packet)  \
+	(pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet)))
+
+/* Macro to obtain realm from application request */
+#define apreq_realm(auth)     (auth->dat + 3)
+
+#define pkt_time_ws(packet) (char *) \
+        (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \
+	 strlen((char *)pkt_a_inst(packet)) + \
+	 strlen((char *)pkt_a_realm(packet)))
+
+#define pkt_no_req(packet) (unsigned short) \
+        *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \
+	  strlen((char *)pkt_a_inst(packet)) + \
+	  strlen((char *)pkt_a_realm(packet)))
+#define pkt_x_date(packet) (char *) \
+        (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \
+	 strlen((char *)pkt_a_inst(packet)) + \
+	 strlen((char *)pkt_a_realm(packet)))
+#define pkt_err_code(packet) ( (char *) \
+        (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \
+	 strlen((char *)pkt_a_inst(packet)) + \
+	 strlen((char *)pkt_a_realm(packet))))
+#define pkt_err_text(packet) \
+        (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \
+	 strlen((char *)pkt_a_inst(packet)) + \
+	 strlen((char *)pkt_a_realm(packet)))
+
+/*
+ * macros for byte swapping; also scratch space
+ * u_quad  0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0
+ * u_int32_t  0-->3, 1-->2, 2-->1, 3-->0
+ * u_int16_t 0-->1, 1-->0
+ */
+
+#define     swap_u_16(x) {\
+ u_int32_t   _krb_swap_tmp[4];\
+ swab(((char *) x) +0, ((char *)  _krb_swap_tmp) +14 ,2); \
+ swab(((char *) x) +2, ((char *)  _krb_swap_tmp) +12 ,2); \
+ swab(((char *) x) +4, ((char *)  _krb_swap_tmp) +10 ,2); \
+ swab(((char *) x) +6, ((char *)  _krb_swap_tmp) +8  ,2); \
+ swab(((char *) x) +8, ((char *)  _krb_swap_tmp) +6 ,2); \
+ swab(((char *) x) +10,((char *)  _krb_swap_tmp) +4 ,2); \
+ swab(((char *) x) +12,((char *)  _krb_swap_tmp) +2 ,2); \
+ swab(((char *) x) +14,((char *)  _krb_swap_tmp) +0 ,2); \
+ memcpy(x, _krb_swap_tmp, 16);\
+                            }
+
+#define     swap_u_12(x) {\
+ u_int32_t   _krb_swap_tmp[4];\
+ swab(( char *) x,     ((char *)  _krb_swap_tmp) +10 ,2); \
+ swab(((char *) x) +2, ((char *)  _krb_swap_tmp) +8 ,2); \
+ swab(((char *) x) +4, ((char *)  _krb_swap_tmp) +6 ,2); \
+ swab(((char *) x) +6, ((char *)  _krb_swap_tmp) +4 ,2); \
+ swab(((char *) x) +8, ((char *)  _krb_swap_tmp) +2 ,2); \
+ swab(((char *) x) +10,((char *)  _krb_swap_tmp) +0 ,2); \
+ memcpy(x, _krb_swap_tmp, 12);\
+                            }
+
+#define     swap_C_Block(x) {\
+ u_int32_t   _krb_swap_tmp[4];\
+ swab(( char *) x,    ((char *)  _krb_swap_tmp) +6 ,2); \
+ swab(((char *) x) +2,((char *)  _krb_swap_tmp) +4 ,2); \
+ swab(((char *) x) +4,((char *)  _krb_swap_tmp) +2 ,2); \
+ swab(((char *) x) +6,((char *)  _krb_swap_tmp)    ,2); \
+ memcpy(x, _krb_swap_tmp, 8);\
+                            }
+#define     swap_u_quad(x) {\
+ u_int32_t   _krb_swap_tmp[4];\
+ swab(( char *) &x,    ((char *)  _krb_swap_tmp) +6 ,2); \
+ swab(((char *) &x) +2,((char *)  _krb_swap_tmp) +4 ,2); \
+ swab(((char *) &x) +4,((char *)  _krb_swap_tmp) +2 ,2); \
+ swab(((char *) &x) +6,((char *)  _krb_swap_tmp)    ,2); \
+ memcpy(x, _krb_swap_tmp, 8);\
+                            }
+
+#define     swap_u_long(x) {\
+ u_int32_t   _krb_swap_tmp[4];\
+ swab((char *)  &x,    ((char *)  _krb_swap_tmp) +2 ,2); \
+ swab(((char *) &x) +2,((char *)  _krb_swap_tmp),2); \
+ x = _krb_swap_tmp[0];   \
+                           }
+
+#define     swap_u_short(x) {\
+ u_int16_t	_krb_swap_sh_tmp; \
+ swab((char *)  &x,    ( &_krb_swap_sh_tmp) ,2); \
+ x = (u_int16_t) _krb_swap_sh_tmp; \
+                            }
+/* Kerberos ticket flag field bit definitions */
+#define K_FLAG_ORDER    0       /* bit 0 --> lsb */
+#define K_FLAG_1                /* reserved */
+#define K_FLAG_2                /* reserved */
+#define K_FLAG_3                /* reserved */
+#define K_FLAG_4                /* reserved */
+#define K_FLAG_5                /* reserved */
+#define K_FLAG_6                /* reserved */
+#define K_FLAG_7                /* reserved, bit 7 --> msb */
+
+#endif /* __KRB_ARCHAEOLOGY_H__ */
diff --git a/crypto/kerberosIV/lib/krb/krb-protos.h b/crypto/kerberosIV/lib/krb/krb-protos.h
new file mode 100644
index 0000000..bb385d6
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb-protos.h
@@ -0,0 +1,789 @@
+/*
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: krb-protos.h,v 1.24 1999/12/02 16:58:42 joda Exp $ */
+
+#ifndef __krb_protos_h__
+#define __krb_protos_h__
+
+#if defined (__STDC__) || defined (_MSC_VER)
+#include <stdarg.h>
+#ifndef __P
+#define __P(x) x
+#endif
+#else
+#ifndef __P
+#define __P(x) ()
+#endif
+#endif
+
+#ifdef __STDC__
+struct in_addr;
+struct sockaddr_in;
+struct timeval;
+#endif
+
+#ifndef KRB_LIB_FUNCTION
+#if defined(__BORLANDC__)
+#define KRB_LIB_FUNCTION /* not-ready-definition-yet */
+#elif defined(_MSC_VER)
+#define KRB_LIB_FUNCTION /* not-ready-definition-yet2 */
+#else
+#define KRB_LIB_FUNCTION
+#endif
+#endif
+
+void KRB_LIB_FUNCTION
+afs_string_to_key __P((
+	const char *str,
+	const char *cell,
+	des_cblock *key));
+
+int KRB_LIB_FUNCTION
+create_ciph __P((
+	KTEXT c,
+	unsigned char *session,
+	char *service,
+	char *instance,
+	char *realm,
+	u_int32_t life,
+	int kvno,
+	KTEXT tkt,
+	u_int32_t kdc_time,
+	des_cblock *key));
+
+int KRB_LIB_FUNCTION
+cr_err_reply __P((
+	KTEXT pkt,
+	char *pname,
+	char *pinst,
+	char *prealm,
+	u_int32_t time_ws,
+	u_int32_t e,
+	char *e_string));
+
+int KRB_LIB_FUNCTION
+decomp_ticket __P((
+	KTEXT tkt,
+	unsigned char *flags,
+	char *pname,
+	char *pinstance,
+	char *prealm,
+	u_int32_t *paddress,
+	unsigned char *session,
+	int *life,
+	u_int32_t *time_sec,
+	char *sname,
+	char *sinstance,
+	des_cblock *key,
+	des_key_schedule schedule));
+
+int KRB_LIB_FUNCTION
+dest_tkt __P((void));
+
+int KRB_LIB_FUNCTION
+get_ad_tkt __P((
+	char *service,
+	char *sinstance,
+	char *realm,
+	int lifetime));
+
+int KRB_LIB_FUNCTION
+getst __P((
+	int fd,
+	char *s,
+	int n));
+
+int KRB_LIB_FUNCTION
+in_tkt __P((
+	char *pname,
+	char *pinst));
+
+int KRB_LIB_FUNCTION
+k_get_all_addrs __P((struct in_addr **l));
+
+int KRB_LIB_FUNCTION
+k_gethostname __P((
+	char *name,
+	int namelen));
+
+int KRB_LIB_FUNCTION
+k_getportbyname __P((
+	const char *service,
+	const char *proto,
+	int default_port));
+
+int KRB_LIB_FUNCTION
+k_getsockinst __P((
+	int fd,
+	char *inst,
+	size_t inst_size));
+
+int KRB_LIB_FUNCTION
+k_isinst __P((char *s));
+
+int KRB_LIB_FUNCTION
+k_isname __P((char *s));
+
+int KRB_LIB_FUNCTION
+k_isrealm __P((char *s));
+
+struct tm * KRB_LIB_FUNCTION
+k_localtime __P((u_int32_t *tp));
+
+int KRB_LIB_FUNCTION
+kname_parse __P((
+	char *np,
+	char *ip,
+	char *rp,
+	char *fullname));
+
+int KRB_LIB_FUNCTION
+krb_atime_to_life __P((char *atime));
+
+int KRB_LIB_FUNCTION
+krb_check_auth __P((
+	KTEXT packet,
+	u_int32_t checksum,
+	MSG_DAT *msg_data,
+	des_cblock *session,
+	struct des_ks_struct *schedule,
+	struct sockaddr_in *laddr,
+	struct sockaddr_in *faddr));
+
+int KRB_LIB_FUNCTION
+krb_check_tm __P((struct tm tm));
+
+KTEXT KRB_LIB_FUNCTION
+krb_create_death_packet __P((char *a_name));
+
+int KRB_LIB_FUNCTION
+krb_create_ticket __P((
+	KTEXT tkt,
+	unsigned char flags,
+	char *pname,
+	char *pinstance,
+	char *prealm,
+	int32_t paddress,
+	void *session,
+	int16_t life,
+	int32_t time_sec,
+	char *sname,
+	char *sinstance,
+	des_cblock *key));
+
+int KRB_LIB_FUNCTION
+krb_decode_as_rep __P((
+	const char *user,
+	char *instance,		/* INOUT parameter */
+	const char *realm,
+	const char *service,
+	const char *sinstance,
+	key_proc_t key_proc,
+	decrypt_proc_t decrypt_proc,
+	const void *arg,
+	KTEXT as_rep,
+	CREDENTIALS *cred));
+
+int KRB_LIB_FUNCTION
+krb_disable_debug __P((void));
+
+int KRB_LIB_FUNCTION
+krb_enable_debug __P((void));
+
+int KRB_LIB_FUNCTION
+krb_equiv __P((
+	u_int32_t a,
+	u_int32_t b));
+
+int KRB_LIB_FUNCTION
+krb_get_address __P((
+	void *from,
+	u_int32_t *to));
+
+int KRB_LIB_FUNCTION
+krb_get_admhst __P((
+	char *host,
+	char *realm,
+	int nth));
+
+int KRB_LIB_FUNCTION
+krb_get_config_bool __P((const char *variable));
+
+const char * KRB_LIB_FUNCTION
+krb_get_config_string __P((const char *variable));
+
+int KRB_LIB_FUNCTION
+krb_get_cred __P((
+        char *service,
+        char *instance,
+        char *realm,
+        CREDENTIALS *c));
+
+int KRB_LIB_FUNCTION
+krb_get_default_principal __P((
+	char *name,
+	char *instance,
+	char *realm));
+
+char * KRB_LIB_FUNCTION
+krb_get_default_realm __P((void));
+
+const char * KRB_LIB_FUNCTION
+krb_get_default_tkt_root __P((void));
+
+const char * KRB_LIB_FUNCTION
+krb_get_default_keyfile __P((void));
+
+const char * KRB_LIB_FUNCTION
+krb_get_err_text __P((int code));
+
+struct krb_host* KRB_LIB_FUNCTION
+krb_get_host __P((
+	int nth,
+	const char *realm,
+	int admin));
+
+int KRB_LIB_FUNCTION
+krb_get_in_tkt __P((
+	char *user,
+	char *instance,
+	char *realm,
+	char *service,
+	char *sinstance,
+	int life,
+	key_proc_t key_proc,
+	decrypt_proc_t decrypt_proc,
+	void *arg));
+
+int KRB_LIB_FUNCTION
+krb_get_int __P((
+	void *f,
+	u_int32_t *to,
+	int size,
+	int lsb));
+
+int KRB_LIB_FUNCTION
+krb_get_kdc_time_diff __P((void));
+
+int KRB_LIB_FUNCTION
+krb_get_krbconf __P((
+	int num,
+	char *buf,
+	size_t len));
+
+int KRB_LIB_FUNCTION
+krb_get_krbextra __P((
+	int num,
+	char *buf,
+	size_t len));
+
+int KRB_LIB_FUNCTION
+krb_get_krbhst __P((
+	char *host,
+	char *realm,
+	int nth));
+
+int KRB_LIB_FUNCTION
+krb_get_krbrealms __P((
+	int num,
+	char *buf,
+	size_t len));
+
+int KRB_LIB_FUNCTION
+krb_get_lrealm __P((
+	char *r,
+	int n));
+
+int KRB_LIB_FUNCTION
+krb_get_nir __P((
+	void *from,
+	char *name,
+	char *instance,
+	char *realm));
+
+char * KRB_LIB_FUNCTION
+krb_get_phost __P((const char *alias));
+
+int KRB_LIB_FUNCTION
+krb_get_pw_in_tkt __P((
+	const char *user,
+	const char *instance,
+	const char *realm,
+	const char *service,
+	const char *sinstance,
+	int life,
+	const char *password));
+
+int KRB_LIB_FUNCTION
+krb_get_pw_in_tkt2 __P((
+	const char *user,
+	const char *instance,
+	const char *realm,
+	const char *service,
+	const char *sinstance,
+	int life,
+	const char *password,
+	des_cblock *key));
+
+int KRB_LIB_FUNCTION
+krb_get_string __P((
+	void *from,
+	char *to,
+	size_t to_size));
+
+int KRB_LIB_FUNCTION
+krb_get_svc_in_tkt __P((
+	char *user,
+	char *instance,
+	char *realm,
+	char *service,
+	char *sinstance,
+	int life,
+	char *srvtab));
+
+int KRB_LIB_FUNCTION
+krb_get_tf_fullname __P((
+	char *ticket_file,
+	char *name,
+	char *instance,
+	char *realm));
+
+int KRB_LIB_FUNCTION
+krb_get_tf_realm __P((
+	char *ticket_file,
+	char *realm));
+
+void KRB_LIB_FUNCTION
+krb_kdctimeofday __P((struct timeval *tv));
+
+int KRB_LIB_FUNCTION
+krb_kntoln __P((
+	AUTH_DAT *ad,
+	char *lname));
+
+int KRB_LIB_FUNCTION
+krb_kuserok __P((
+	char *name,
+	char *instance,
+	char *realm,
+	char *luser));
+
+char * KRB_LIB_FUNCTION
+krb_life_to_atime __P((int life));
+
+u_int32_t KRB_LIB_FUNCTION
+krb_life_to_time __P((
+	u_int32_t start,
+	int life_));
+
+int KRB_LIB_FUNCTION
+krb_lsb_antinet_ulong_cmp __P((
+	u_int32_t x,
+	u_int32_t y));
+
+int KRB_LIB_FUNCTION
+krb_lsb_antinet_ushort_cmp __P((
+	u_int16_t x,
+	u_int16_t y));
+
+int KRB_LIB_FUNCTION
+krb_mk_as_req __P((
+	const char *user,
+	const char *instance,
+	const char *realm,
+	const char *service,
+	const char *sinstance,
+	int life,
+	KTEXT cip));
+
+int KRB_LIB_FUNCTION
+krb_mk_auth __P((
+	int32_t options,
+	KTEXT ticket,
+	char *service,
+	char *instance,
+	char *realm,
+	u_int32_t checksum,
+	char *version,
+	KTEXT buf));
+
+int32_t KRB_LIB_FUNCTION
+krb_mk_err __P((
+	u_char *p,
+	int32_t e,
+	char *e_string));
+
+int32_t KRB_LIB_FUNCTION
+krb_mk_priv __P((
+	void *in,
+	void *out,
+	u_int32_t length,
+	struct des_ks_struct *schedule,
+	des_cblock *key,
+	struct sockaddr_in *sender,
+	struct sockaddr_in *receiver));
+
+int KRB_LIB_FUNCTION
+krb_mk_req __P((
+	KTEXT authent,
+	char *service,
+	char *instance,
+	char *realm,
+	int32_t checksum));
+
+int32_t KRB_LIB_FUNCTION
+krb_mk_safe __P((
+	void *in,
+	void *out,
+	u_int32_t length,
+	des_cblock *key,
+	struct sockaddr_in *sender,
+	struct sockaddr_in *receiver));
+
+int KRB_LIB_FUNCTION
+krb_net_read __P((
+	int fd,
+	void *v,
+	size_t len));
+
+int KRB_LIB_FUNCTION
+krb_net_write __P((
+	int fd,
+	const void *v,
+	size_t len));
+
+int KRB_LIB_FUNCTION
+krb_parse_name __P((
+	const char *fullname,
+	krb_principal *principal));
+
+int KRB_LIB_FUNCTION
+krb_put_address __P((
+	u_int32_t addr,
+	void *to,
+	size_t rem));
+
+int KRB_LIB_FUNCTION
+krb_put_int __P((
+	u_int32_t from,
+	void *to,
+	size_t rem,
+	int size));
+
+int KRB_LIB_FUNCTION
+krb_put_nir __P((
+	const char *name,
+	const char *instance,
+	const char *realm,
+	void *to,
+	size_t rem));
+
+int KRB_LIB_FUNCTION
+krb_put_string __P((
+	const char *from,
+	void *to,
+	size_t rem));
+
+int KRB_LIB_FUNCTION
+krb_rd_err __P((
+	u_char *in,
+	u_int32_t in_length,
+	int32_t *code,
+	MSG_DAT *m_data));
+
+int32_t KRB_LIB_FUNCTION
+krb_rd_priv __P((
+	void *in,
+	u_int32_t in_length,
+	struct des_ks_struct *schedule,
+	des_cblock *key,
+	struct sockaddr_in *sender,
+	struct sockaddr_in *receiver,
+	MSG_DAT *m_data));
+
+int KRB_LIB_FUNCTION
+krb_rd_req __P((
+	KTEXT authent,
+	char *service,
+	char *instance,
+	int32_t from_addr,
+	AUTH_DAT *ad,
+	char *fn));
+
+int32_t KRB_LIB_FUNCTION
+krb_rd_safe __P((
+	void *in,
+	u_int32_t in_length,
+	des_cblock *key,
+	struct sockaddr_in *sender,
+	struct sockaddr_in *receiver,
+	MSG_DAT *m_data));
+
+int KRB_LIB_FUNCTION
+krb_realm_parse __P((
+	char *realm,
+	int length));
+
+char * KRB_LIB_FUNCTION
+krb_realmofhost __P((const char *host));
+
+int KRB_LIB_FUNCTION
+krb_recvauth __P((
+	int32_t options,
+	int fd,
+	KTEXT ticket,
+	char *service,
+	char *instance,
+	struct sockaddr_in *faddr,
+	struct sockaddr_in *laddr,
+	AUTH_DAT *kdata,
+	char *filename,
+	struct des_ks_struct *schedule,
+	char *version));
+
+int KRB_LIB_FUNCTION
+krb_sendauth __P((
+	int32_t options,
+	int fd,
+	KTEXT ticket,
+	char *service,
+	char *instance,
+	char *realm,
+	u_int32_t checksum,
+	MSG_DAT *msg_data,
+	CREDENTIALS *cred,
+	struct des_ks_struct *schedule,
+	struct sockaddr_in *laddr,
+	struct sockaddr_in *faddr,
+	char *version));
+
+void KRB_LIB_FUNCTION
+krb_set_kdc_time_diff __P((int diff));
+
+int KRB_LIB_FUNCTION
+krb_set_key __P((
+	void *key,
+	int cvt));
+
+int KRB_LIB_FUNCTION
+krb_set_lifetime __P((int newval));
+
+void KRB_LIB_FUNCTION
+krb_set_tkt_string __P((const char *val));
+
+const char * KRB_LIB_FUNCTION
+krb_stime __P((time_t *t));
+
+int KRB_LIB_FUNCTION
+krb_time_to_life __P((
+	u_int32_t start,
+	u_int32_t end));
+
+char * KRB_LIB_FUNCTION
+krb_unparse_name __P((krb_principal *pr));
+
+char * KRB_LIB_FUNCTION
+krb_unparse_name_long __P((
+	char *name,
+	char *instance,
+	char *realm));
+
+char * KRB_LIB_FUNCTION
+krb_unparse_name_long_r __P((
+	char *name,
+	char *instance,
+	char *realm,
+	char *fullname));
+
+char * KRB_LIB_FUNCTION
+krb_unparse_name_r __P((
+	krb_principal *pr,
+	char *fullname));
+
+int KRB_LIB_FUNCTION
+krb_use_admin_server __P((int flag));
+
+int KRB_LIB_FUNCTION
+krb_verify_user __P((
+	char *name,
+	char *instance,
+	char *realm,
+	char *password,
+	int secure,
+	char *linstance));
+
+int KRB_LIB_FUNCTION
+krb_verify_user_srvtab __P((
+	char *name,
+	char *instance,
+	char *realm,
+	char *password,
+	int secure,
+	char *linstance,
+	char *srvtab));
+
+int KRB_LIB_FUNCTION
+kuserok __P((
+	AUTH_DAT *auth,
+	char *luser));
+
+u_int32_t KRB_LIB_FUNCTION
+lsb_time __P((
+	time_t t,
+	struct sockaddr_in *src,
+	struct sockaddr_in *dst));
+
+const char * KRB_LIB_FUNCTION
+month_sname __P((int n));
+
+int KRB_LIB_FUNCTION
+passwd_to_5key __P((
+	const char *user,
+	const char *instance,
+	const char *realm,
+	const void *passwd,
+	des_cblock *key));
+
+int KRB_LIB_FUNCTION
+passwd_to_afskey __P((
+	const char *user,
+	const char *instance,
+	const char *realm,
+	const void *passwd,
+	des_cblock *key));
+
+int KRB_LIB_FUNCTION
+passwd_to_key __P((
+	const char *user,
+	const char *instance,
+	const char *realm,
+	const void *passwd,
+	des_cblock *key));
+
+int KRB_LIB_FUNCTION
+read_service_key __P((
+	const char *service,
+	char *instance,
+	const char *realm,
+	int kvno,
+	const char *file,
+	void *key));
+
+int KRB_LIB_FUNCTION
+save_credentials __P((
+	char *service,
+	char *instance,
+	char *realm,
+	unsigned char *session,
+	int lifetime,
+	int kvno,
+	KTEXT ticket,
+	int32_t issue_date));
+
+int KRB_LIB_FUNCTION
+send_to_kdc __P((
+	KTEXT pkt,
+	KTEXT rpkt,
+	const char *realm));
+
+int KRB_LIB_FUNCTION
+srvtab_to_key __P((
+	const char *user,
+	char *instance,		/* INOUT parameter */
+	const char *realm,
+	const void *srvtab,
+	des_cblock *key));
+
+void KRB_LIB_FUNCTION
+tf_close __P((void));
+
+int KRB_LIB_FUNCTION
+tf_create __P((char *tf_name));
+
+int KRB_LIB_FUNCTION
+tf_get_cred __P((CREDENTIALS *c));
+
+int KRB_LIB_FUNCTION
+tf_get_cred_addr __P((char *realm, size_t realm_sz, struct in_addr *addr));
+
+int KRB_LIB_FUNCTION
+tf_get_pinst __P((char *inst));
+
+int KRB_LIB_FUNCTION
+tf_get_pname __P((char *p));
+
+int KRB_LIB_FUNCTION
+tf_init __P((
+	char *tf_name,
+	int rw));
+
+int KRB_LIB_FUNCTION
+tf_put_pinst __P((const char *inst));
+
+int KRB_LIB_FUNCTION
+tf_put_pname __P((const char *p));
+
+int KRB_LIB_FUNCTION
+tf_save_cred __P((
+	char *service,
+	char *instance,
+	char *realm,
+	unsigned char *session,
+	int lifetime,
+	int kvno,
+	KTEXT ticket,
+	u_int32_t issue_date));
+
+int KRB_LIB_FUNCTION
+tf_setup __P((
+	CREDENTIALS *cred,
+	const char *pname,
+	const char *pinst));
+
+int KRB_LIB_FUNCTION
+tf_get_addr __P((
+	const char *realm,
+	struct in_addr *addr));
+
+int KRB_LIB_FUNCTION
+tf_store_addr __P((const char *realm, struct in_addr *addr));
+
+char * KRB_LIB_FUNCTION
+tkt_string __P((void));
+
+int KRB_LIB_FUNCTION
+krb_add_our_ip_for_realm __P((const char *user, const char *instance,
+			      const char *realm, const char *password));
+
+#endif /* __krb_protos_h__ */
diff --git a/crypto/kerberosIV/lib/krb/krb.def b/crypto/kerberosIV/lib/krb/krb.def
new file mode 100644
index 0000000..1158e60
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb.def
@@ -0,0 +1,96 @@
+LIBRARY	krb	BASE=0x07000000
+EXPORTS
+	krb_get_err_text
+	
+	newTktMem
+	getTktMem
+	firstCred
+	nextCredIndex
+	currCredIndex
+	nextFreeIndex
+	
+	k_localtime
+	k_getsockinst
+	k_getportbyname
+	k_get_all_addrs
+	
+	krb_set_kdc_time_diff
+	krb_get_kdc_time_diff
+
+	krb_get_config_bool
+	krb_get_config_string
+
+	krb_equiv
+
+	afs_string_to_key
+
+	krb_life_to_time
+	krb_time_to_life
+	krb_life_to_atime
+	krb_atime_to_life
+
+	tf_get_cred
+	tf_get_pinst
+	tf_get_pname
+	tf_put_pinst
+	tf_put_pname
+	tf_init
+	tf_create
+	tf_save_cred
+	tf_close
+
+	krb_mk_priv
+	krb_rd_priv
+
+	create_auth_reply
+	krb_get_phost
+	krb_realmofhost
+	tkt_string
+	create_ciph
+	decomp_ticket
+	dest_tkt
+	get_ad_tkt
+	in_tkt
+	k_gethostname
+	k_isinst
+	k_isname
+	k_isrealm
+	kname_parse
+	krb_parse_name
+	krb_unparse_name
+	krb_unparse_name_long
+	krb_create_ticket
+	krb_get_admhst
+	krb_get_cred
+	krb_get_in_tkt
+	krb_get_krbhst
+	krb_get_lrealm
+	krb_get_default_realm
+	krb_get_pw_in_tkt
+	krb_get_svc_in_tkt
+	krb_get_tf_fullname
+	krb_get_tf_realm
+	krb_kntoln
+	krb_mk_req
+	krb_net_read
+	krb_net_write
+	krb_rd_err
+	krb_rd_req
+	krb_recvauth
+	krb_sendauth
+	krb_set_key
+	krb_set_lifetime 
+	read_service_key
+	save_credentials
+	send_to_kdc
+	krb_mk_err
+	krb_mk_safe
+	krb_rd_safe
+	ad_print
+	cr_err_reply
+	krb_set_tkt_string
+	krb_get_default_principal
+	krb_realm_parse
+	krb_verify_user
+	kset_logfile
+	getst
diff --git a/crypto/kerberosIV/lib/krb/krb.dsp b/crypto/kerberosIV/lib/krb/krb.dsp
new file mode 100644
index 0000000..efec3b2
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb.dsp
@@ -0,0 +1,398 @@
+# Microsoft Developer Studio Project File - Name="krb" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 5.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=krb - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE 
+!MESSAGE NMAKE /f "krb.mak".
+!MESSAGE 
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "krb.mak" CFG="krb - Win32 Release"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "krb - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "krb - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE 
+
+# Begin Project
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "krb - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir ".\Release"
+# PROP BASE Intermediate_Dir ".\Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir ".\Release"
+# PROP Intermediate_Dir ".\Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c
+# ADD CPP /nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386
+# ADD LINK32 ..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll /machine:I386
+
+!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir ".\Debug"
+# PROP BASE Intermediate_Dir ".\Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir ".\Debug"
+# PROP Intermediate_Dir ".\Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386
+# ADD LINK32 ..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll /debug /machine:I386
+
+!ENDIF 
+
+# Begin Target
+
+# Name "krb - Win32 Release"
+# Name "krb - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;hpj;bat;for;f90"
+# Begin Source File
+
+SOURCE=.\cr_err_reply.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\create_auth_reply.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\create_ciph.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\create_ticket.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\debug_decl.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\decomp_ticket.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\dllmain.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\encrypt_ktext.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\extra.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_ad_tkt.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_cred.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_default_principal.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_host.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_in_tkt.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_krbrlm.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_svc_in_tkt.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_tf_fullname.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_tf_realm.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\getaddrs.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\getfile.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\getrealm.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\getst.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\k_gethostname.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\k_getport.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\k_getsockinst.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\k_localtime.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\kdc_reply.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\kntoln.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\krb.def
+# End Source File
+# Begin Source File
+
+SOURCE=.\krb_check_auth.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\krb_equiv.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\krb_err_txt.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\krb_get_in_tkt.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\lifetime.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\logging.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\lsb_addr_comp.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mk_auth.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mk_err.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mk_priv.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mk_req.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mk_safe.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\month_sname.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\name2name.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\netread.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\netwrite.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\one.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\parse_name.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\rd_err.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\rd_priv.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\rd_req.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\rd_safe.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\read_service_key.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\realm_parse.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\recvauth.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\rw.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\save_credentials.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\send_to_kdc.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\sendauth.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\stime.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\str2key.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\ticket_memory.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\time.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\tkt_string.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\unparse_name.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\util.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\verify_user.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl;fi;fd"
+# Begin Source File
+
+SOURCE=.\klog.h
+# End Source File
+# Begin Source File
+
+SOURCE=".\krb-protos.h"
+# End Source File
+# Begin Source File
+
+SOURCE=.\krb.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\krb_locl.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\krb_log.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\prot.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\ticket_memory.h
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;cnt;rtf;gif;jpg;jpeg;jpe"
+# Begin Source File
+
+SOURCE=.\krb.rc
+# End Source File
+# End Group
+# End Target
+# End Project
diff --git a/crypto/kerberosIV/lib/krb/krb.h b/crypto/kerberosIV/lib/krb/krb.h
new file mode 100644
index 0000000..745b154
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb.h
@@ -0,0 +1,359 @@
+/*
+ * $Id: krb.h,v 1.99 1999/11/16 14:02:47 bg Exp $
+ * $FreeBSD$
+ *
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>. 
+ *
+ * Include file for the Kerberos library. 
+ */
+
+#if !defined (__STDC__) && !defined(_MSC_VER)
+#define const
+#define signed
+#endif
+
+#include <sys/types.h>
+#include <time.h>
+
+#ifndef __KRB_H__
+#define __KRB_H__
+
+/* XXX */
+#ifndef __BEGIN_DECLS
+#if defined(__cplusplus)
+#define	__BEGIN_DECLS	extern "C" {
+#define	__END_DECLS	};
+#else
+#define	__BEGIN_DECLS
+#define	__END_DECLS
+#endif
+#endif
+
+#if defined (__STDC__) || defined (_MSC_VER)
+#ifndef __P
+#define __P(x) x
+#endif
+#else
+#ifndef __P
+#define __P(x) ()
+#endif
+#endif
+
+__BEGIN_DECLS
+
+/* Need some defs from des.h	 */
+#if !defined(NOPROTO) && !defined(__STDC__)
+#define NOPROTO
+#endif
+#include <des.h>
+
+/* CNS compatibility ahead! */
+#ifndef KRB_INT32
+#define KRB_INT32 int32_t
+#endif
+#ifndef KRB_UINT32
+#define KRB_UINT32 u_int32_t
+#endif
+
+/* Global library variables. */
+extern int krb_ignore_ip_address; /* To turn off IP address comparison */
+extern int krb_no_long_lifetimes; /* To disable AFS compatible lifetimes */
+extern int krbONE;
+#define         HOST_BYTE_ORDER (* (char *) &krbONE)
+/* Debug variables */
+extern int krb_debug;
+extern int krb_ap_req_debug;
+extern int krb_dns_debug;
+
+
+/* Text describing error codes */
+#define		MAX_KRB_ERRORS	256
+extern const char *krb_err_txt[MAX_KRB_ERRORS];
+
+/* General definitions */
+#define		KSUCCESS	0
+#define		KFAILURE	255
+
+/*
+ * Kerberos specific definitions 
+ *
+ * KRBLOG is the log file for the kerberos master server. KRB_CONF is
+ * the configuration file where different host machines running master
+ * and slave servers can be found. KRB_MASTER is the name of the
+ * machine with the master database.  The admin_server runs on this
+ * machine, and all changes to the db (as opposed to read-only
+ * requests, which can go to slaves) must go to it. KRB_HOST is the
+ * default machine * when looking for a kerberos slave server.  Other
+ * possibilities are * in the KRB_CONF file. KRB_REALM is the name of
+ * the realm. 
+ */
+
+/* /etc/kerberosIV is only for backwards compatibility, don't use it! */
+#ifndef KRB_CONF
+#define KRB_CONF	"/etc/kerberosIV/krb.conf"
+#endif
+#ifndef KRB_RLM_TRANS
+#define KRB_RLM_TRANS   "/etc/kerberosIV/krb.realms"
+#endif
+#ifndef KRB_CNF_FILES
+#define KRB_CNF_FILES	{ KRB_CONF,   "/etc/krb.conf", 0}
+#endif
+#ifndef KRB_RLM_FILES
+#define KRB_RLM_FILES	{ KRB_RLM_TRANS, "/etc/krb.realms", 0}
+#endif
+#ifndef KRB_EQUIV
+#define KRB_EQUIV	"/etc/kerberosIV/krb.equiv"
+#endif
+#define KRB_MASTER	"kerberos"
+#ifndef KRB_REALM
+#define KRB_REALM	(krb_get_default_realm())
+#endif
+
+/* The maximum sizes for aname, realm, sname, and instance +1 */
+#define 	ANAME_SZ	40
+#define		REALM_SZ	40
+#define		SNAME_SZ	40
+#define		INST_SZ		40
+/* Leave space for quoting */
+#define		MAX_K_NAME_SZ	(2*ANAME_SZ + 2*INST_SZ + 2*REALM_SZ - 3)
+#define		KKEY_SZ		100
+#define		VERSION_SZ	1
+#define		MSG_TYPE_SZ	1
+#define		DATE_SZ		26	/* RTI date output */
+
+#define MAX_HSTNM 100 /* for compatibility */
+
+typedef struct krb_principal{
+    char name[ANAME_SZ];
+    char instance[INST_SZ];
+    char realm[REALM_SZ];
+}krb_principal;
+
+#ifndef DEFAULT_TKT_LIFE	/* allow compile-time override */
+/* default lifetime for krb_mk_req & co., 10 hrs */
+#define	DEFAULT_TKT_LIFE 120
+#endif
+
+#define		KRB_TICKET_GRANTING_TICKET	"krbtgt"
+
+/* Definition of text structure used to pass text around */
+#define		MAX_KTXT_LEN	1250
+
+struct ktext {
+    unsigned int length;		/* Length of the text */
+    unsigned char dat[MAX_KTXT_LEN];	/* The data itself */
+    u_int32_t mbz;		/* zero to catch runaway strings */
+};
+
+typedef struct ktext *KTEXT;
+typedef struct ktext KTEXT_ST;
+
+
+/* Definitions for send_to_kdc */
+#define	CLIENT_KRB_TIMEOUT	4	/* default time between retries */
+#define CLIENT_KRB_RETRY	5	/* retry this many times */
+#define	CLIENT_KRB_BUFLEN	512	/* max unfragmented packet */
+
+/* Definitions for ticket file utilities */
+#define	R_TKT_FIL	0
+#define	W_TKT_FIL	1
+
+/* Parameters for rd_ap_req */
+/* Maximum alloable clock skew in seconds */
+#define 	CLOCK_SKEW	5*60
+/* Filename for readservkey */
+#ifndef		KEYFILE
+#define		KEYFILE		(krb_get_default_keyfile())
+#endif
+
+/* Structure definition for rd_ap_req */
+
+struct auth_dat {
+    unsigned char k_flags;	/* Flags from ticket */
+    char    pname[ANAME_SZ];	/* Principal's name */
+    char    pinst[INST_SZ];	/* His Instance */
+    char    prealm[REALM_SZ];	/* His Realm */
+    u_int32_t checksum;		/* Data checksum (opt) */
+    des_cblock session;		/* Session Key */
+    int     life;		/* Life of ticket */
+    u_int32_t time_sec;		/* Time ticket issued */
+    u_int32_t address;		/* Address in ticket */
+    KTEXT_ST reply;		/* Auth reply (opt) */
+};
+
+typedef struct auth_dat AUTH_DAT;
+
+/* Structure definition for credentials returned by get_cred */
+
+struct credentials {
+    char    service[ANAME_SZ];	/* Service name */
+    char    instance[INST_SZ];	/* Instance */
+    char    realm[REALM_SZ];	/* Auth domain */
+    des_cblock session;		/* Session key */
+    int     lifetime;		/* Lifetime */
+    int     kvno;		/* Key version number */
+    KTEXT_ST ticket_st;		/* The ticket itself */
+    int32_t    issue_date;	/* The issue time */
+    char    pname[ANAME_SZ];	/* Principal's name */
+    char    pinst[INST_SZ];	/* Principal's instance */
+};
+
+typedef struct credentials CREDENTIALS;
+
+/* Structure definition for rd_private_msg and rd_safe_msg */
+
+struct msg_dat {
+    unsigned char *app_data;	/* pointer to appl data */
+    u_int32_t app_length;	/* length of appl data */
+    u_int32_t hash;		/* hash to lookup replay */
+    int     swap;		/* swap bytes? */
+    int32_t    time_sec;		/* msg timestamp seconds */
+    unsigned char time_5ms;	/* msg timestamp 5ms units */
+};
+
+typedef struct msg_dat MSG_DAT;
+
+struct krb_host {
+    char *realm;
+    char *host;
+    enum krb_host_proto { PROTO_UDP, PROTO_TCP, PROTO_HTTP } proto;
+    int port;
+    int admin;
+};
+
+/* Location of ticket file for save_cred and get_cred */
+#define TKT_FILE        tkt_string()
+#ifndef TKT_ROOT
+#define TKT_ROOT        (krb_get_default_tkt_root())
+#endif
+
+/* Error codes returned from the KDC */
+#define		KDC_OK		0	/* Request OK */
+#define		KDC_NAME_EXP	1	/* Principal expired */
+#define		KDC_SERVICE_EXP	2	/* Service expired */
+#define		KDC_AUTH_EXP	3	/* Auth expired */
+#define		KDC_PKT_VER	4	/* Protocol version unknown */
+#define		KDC_P_MKEY_VER	5	/* Wrong master key version */
+#define		KDC_S_MKEY_VER 	6	/* Wrong master key version */
+#define		KDC_BYTE_ORDER	7	/* Byte order unknown */
+#define		KDC_PR_UNKNOWN	8	/* Principal unknown */
+#define		KDC_PR_N_UNIQUE 9	/* Principal not unique */
+#define		KDC_NULL_KEY   10	/* Principal has null key */
+#define		KDC_GEN_ERR    20	/* Generic error from KDC */
+
+
+/* Values returned by get_credentials */
+#define		GC_OK		0	/* Retrieve OK */
+#define		RET_OK		0	/* Retrieve OK */
+#define		GC_TKFIL       21	/* Can't read ticket file */
+#define		RET_TKFIL      21	/* Can't read ticket file */
+#define		GC_NOTKT       22	/* Can't find ticket or TGT */
+#define		RET_NOTKT      22	/* Can't find ticket or TGT */
+
+
+/* Values returned by mk_ap_req	 */
+#define		MK_AP_OK	0	/* Success */
+#define		MK_AP_TGTEXP   26	/* TGT Expired */
+
+/* Values returned by rd_ap_req */
+#define		RD_AP_OK	0	/* Request authentic */
+#define		RD_AP_UNDEC    31	/* Can't decode authenticator */
+#define		RD_AP_EXP      32	/* Ticket expired */
+#define		RD_AP_NYV      33	/* Ticket not yet valid */
+#define		RD_AP_REPEAT   34	/* Repeated request */
+#define		RD_AP_NOT_US   35	/* The ticket isn't for us */
+#define		RD_AP_INCON    36	/* Request is inconsistent */
+#define		RD_AP_TIME     37	/* delta_t too big */
+#define		RD_AP_BADD     38	/* Incorrect net address */
+#define		RD_AP_VERSION  39	/* protocol version mismatch */
+#define		RD_AP_MSG_TYPE 40	/* invalid msg type */
+#define		RD_AP_MODIFIED 41	/* message stream modified */
+#define		RD_AP_ORDER    42	/* message out of order */
+#define		RD_AP_UNAUTHOR 43	/* unauthorized request */
+
+/* Values returned by get_pw_tkt */
+#define		GT_PW_OK	0	/* Got password changing tkt */
+#define		GT_PW_NULL     51	/* Current PW is null */
+#define		GT_PW_BADPW    52	/* Incorrect current password */
+#define		GT_PW_PROT     53	/* Protocol Error */
+#define		GT_PW_KDCERR   54	/* Error returned by KDC */
+#define		GT_PW_NULLTKT  55	/* Null tkt returned by KDC */
+
+
+/* Values returned by send_to_kdc */
+#define		SKDC_OK		0	/* Response received */
+#define		SKDC_RETRY     56	/* Retry count exceeded */
+#define		SKDC_CANT      57	/* Can't send request */
+
+/*
+ * Values returned by get_intkt
+ * (can also return SKDC_* and KDC errors)
+ */
+
+#define		INTK_OK		0	/* Ticket obtained */
+#define		INTK_W_NOTALL  61	/* Not ALL tickets returned */
+#define		INTK_BADPW     62	/* Incorrect password */
+#define		INTK_PROT      63	/* Protocol Error */
+#define		INTK_ERR       70	/* Other error */
+
+/* Values returned by get_adtkt */
+#define         AD_OK           0	/* Ticket Obtained */
+#define         AD_NOTGT       71	/* Don't have tgt */
+#define         AD_INTR_RLM_NOTGT 72	/* Can't get inter-realm tgt */
+
+/* Error codes returned by ticket file utilities */
+#define		NO_TKT_FIL	76	/* No ticket file found */
+#define		TKT_FIL_ACC	77	/* Couldn't access tkt file */
+#define		TKT_FIL_LCK	78	/* Couldn't lock ticket file */
+#define		TKT_FIL_FMT	79	/* Bad ticket file format */
+#define		TKT_FIL_INI	80	/* tf_init not called first */
+
+/* Error code returned by kparse_name */
+#define		KNAME_FMT	81	/* Bad Kerberos name format */
+
+/* Error code returned by krb_mk_safe */
+#define		SAFE_PRIV_ERROR	-1	/* syscall error */
+
+/* Defines for krb_sendauth and krb_recvauth */
+
+#define	KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */
+#define	KOPT_DO_MUTUAL   0x00000002 /* do mutual auth */
+
+#define	KOPT_DONT_CANON  0x00000004 /*
+				     * don't canonicalize inst as
+				     * a hostname
+				     */
+
+#define KOPT_IGNORE_PROTOCOL 0x0008
+
+#define	KRB_SENDAUTH_VLEN 8	    /* length for version strings */
+
+
+/* flags for krb_verify_user() */
+#define KRB_VERIFY_NOT_SECURE	0
+#define KRB_VERIFY_SECURE	1
+#define KRB_VERIFY_SECURE_FAIL	2
+
+extern char *krb4_version;
+
+typedef int (*key_proc_t) __P((const char *name,
+			       char *instance, /* INOUT parameter */
+			       const char *realm,
+			       const void *password,
+			       des_cblock *key));
+
+typedef int (*decrypt_proc_t) __P((const char *name,
+				   const char *instance,
+				   const char *realm,
+				   const void *arg, 
+				   key_proc_t,
+				   KTEXT *));
+
+#include "krb-protos.h"
+
+__END_DECLS
+
+#endif /* __KRB_H__ */
diff --git a/crypto/kerberosIV/lib/krb/krb.mak b/crypto/kerberosIV/lib/krb/krb.mak
new file mode 100644
index 0000000..e9d5690
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb.mak
@@ -0,0 +1,1902 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on krb.dsp
+!IF "$(CFG)" == ""
+CFG=krb - Win32 Release
+!MESSAGE No configuration specified. Defaulting to krb - Win32 Release.
+!ENDIF 
+
+!IF "$(CFG)" != "krb - Win32 Release" && "$(CFG)" != "krb - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line.  For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "krb.mak" CFG="krb - Win32 Release"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "krb - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "krb - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE 
+!ERROR An invalid configuration is specified.
+!ENDIF 
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE 
+NULL=nul
+!ENDIF 
+
+!IF  "$(CFG)" == "krb - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+# Begin Custom Macros
+OutDir=.\.\Release
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0" 
+
+ALL : "$(OUTDIR)\krb.dll"
+
+!ELSE 
+
+ALL : "des - Win32 Release" "$(OUTDIR)\krb.dll"
+
+!ENDIF 
+
+!IF "$(RECURSE)" == "1" 
+CLEAN :"des - Win32 ReleaseCLEAN" 
+!ELSE 
+CLEAN : 
+!ENDIF 
+	-@erase "$(INTDIR)\cr_err_reply.obj"
+	-@erase "$(INTDIR)\create_auth_reply.obj"
+	-@erase "$(INTDIR)\create_ciph.obj"
+	-@erase "$(INTDIR)\create_ticket.obj"
+	-@erase "$(INTDIR)\debug_decl.obj"
+	-@erase "$(INTDIR)\decomp_ticket.obj"
+	-@erase "$(INTDIR)\dllmain.obj"
+	-@erase "$(INTDIR)\encrypt_ktext.obj"
+	-@erase "$(INTDIR)\get_ad_tkt.obj"
+	-@erase "$(INTDIR)\get_cred.obj"
+	-@erase "$(INTDIR)\get_default_principal.obj"
+	-@erase "$(INTDIR)\get_host.obj"
+	-@erase "$(INTDIR)\get_in_tkt.obj"
+	-@erase "$(INTDIR)\get_krbrlm.obj"
+	-@erase "$(INTDIR)\get_svc_in_tkt.obj"
+	-@erase "$(INTDIR)\get_tf_fullname.obj"
+	-@erase "$(INTDIR)\get_tf_realm.obj"
+	-@erase "$(INTDIR)\getaddrs.obj"
+	-@erase "$(INTDIR)\getfile.obj"
+	-@erase "$(INTDIR)\getrealm.obj"
+	-@erase "$(INTDIR)\getst.obj"
+	-@erase "$(INTDIR)\k_flock.obj"
+	-@erase "$(INTDIR)\k_gethostname.obj"
+	-@erase "$(INTDIR)\k_getport.obj"
+	-@erase "$(INTDIR)\k_getsockinst.obj"
+	-@erase "$(INTDIR)\k_localtime.obj"
+	-@erase "$(INTDIR)\kdc_reply.obj"
+	-@erase "$(INTDIR)\kntoln.obj"
+	-@erase "$(INTDIR)\krb.res"
+	-@erase "$(INTDIR)\krb_check_auth.obj"
+	-@erase "$(INTDIR)\krb_equiv.obj"
+	-@erase "$(INTDIR)\krb_err_txt.obj"
+	-@erase "$(INTDIR)\krb_get_in_tkt.obj"
+	-@erase "$(INTDIR)\lifetime.obj"
+	-@erase "$(INTDIR)\logging.obj"
+	-@erase "$(INTDIR)\lsb_addr_comp.obj"
+	-@erase "$(INTDIR)\mk_auth.obj"
+	-@erase "$(INTDIR)\mk_err.obj"
+	-@erase "$(INTDIR)\mk_priv.obj"
+	-@erase "$(INTDIR)\mk_req.obj"
+	-@erase "$(INTDIR)\mk_safe.obj"
+	-@erase "$(INTDIR)\month_sname.obj"
+	-@erase "$(INTDIR)\name2name.obj"
+	-@erase "$(INTDIR)\netread.obj"
+	-@erase "$(INTDIR)\netwrite.obj"
+	-@erase "$(INTDIR)\one.obj"
+	-@erase "$(INTDIR)\parse_name.obj"
+	-@erase "$(INTDIR)\rd_err.obj"
+	-@erase "$(INTDIR)\rd_priv.obj"
+	-@erase "$(INTDIR)\rd_req.obj"
+	-@erase "$(INTDIR)\rd_safe.obj"
+	-@erase "$(INTDIR)\read_service_key.obj"
+	-@erase "$(INTDIR)\realm_parse.obj"
+	-@erase "$(INTDIR)\recvauth.obj"
+	-@erase "$(INTDIR)\rw.obj"
+	-@erase "$(INTDIR)\save_credentials.obj"
+	-@erase "$(INTDIR)\send_to_kdc.obj"
+	-@erase "$(INTDIR)\sendauth.obj"
+	-@erase "$(INTDIR)\stime.obj"
+	-@erase "$(INTDIR)\str2key.obj"
+	-@erase "$(INTDIR)\ticket_memory.obj"
+	-@erase "$(INTDIR)\time.obj"
+	-@erase "$(INTDIR)\tkt_string.obj"
+	-@erase "$(INTDIR)\unparse_name.obj"
+	-@erase "$(INTDIR)\util.obj"
+	-@erase "$(INTDIR)\vc50.idb"
+	-@erase "$(INTDIR)\verify_user.obj"
+	-@erase "$(OUTDIR)\krb.dll"
+	-@erase "$(OUTDIR)\krb.exp"
+	-@erase "$(OUTDIR)\krb.lib"
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I\
+ "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D\
+ "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)\krb.pch" /YX /Fo"$(INTDIR)\\"\
+ /Fd"$(INTDIR)\\" /FD /c 
+CPP_OBJS=.\Release/
+CPP_SBRS=.
+
+.c{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+MTL=midl.exe
+MTL_PROJ=/nologo /D "NDEBUG" /mktyplib203 /win32 
+RSC=rc.exe
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\krb.res" /d "NDEBUG" 
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\krb.bsc" 
+BSC32_SBRS= \
+	
+LINK32=link.exe
+LINK32_FLAGS=..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib\
+ kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\
+ shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll\
+ /incremental:no /pdb:"$(OUTDIR)\krb.pdb" /machine:I386 /def:".\krb.def"\
+ /out:"$(OUTDIR)\krb.dll" /implib:"$(OUTDIR)\krb.lib" 
+DEF_FILE= \
+	".\krb.def"
+LINK32_OBJS= \
+	"$(INTDIR)\cr_err_reply.obj" \
+	"$(INTDIR)\create_auth_reply.obj" \
+	"$(INTDIR)\create_ciph.obj" \
+	"$(INTDIR)\create_ticket.obj" \
+	"$(INTDIR)\debug_decl.obj" \
+	"$(INTDIR)\decomp_ticket.obj" \
+	"$(INTDIR)\dllmain.obj" \
+	"$(INTDIR)\encrypt_ktext.obj" \
+	"$(INTDIR)\get_ad_tkt.obj" \
+	"$(INTDIR)\get_cred.obj" \
+	"$(INTDIR)\get_default_principal.obj" \
+	"$(INTDIR)\get_host.obj" \
+	"$(INTDIR)\get_in_tkt.obj" \
+	"$(INTDIR)\get_krbrlm.obj" \
+	"$(INTDIR)\get_svc_in_tkt.obj" \
+	"$(INTDIR)\get_tf_fullname.obj" \
+	"$(INTDIR)\get_tf_realm.obj" \
+	"$(INTDIR)\getaddrs.obj" \
+	"$(INTDIR)\getfile.obj" \
+	"$(INTDIR)\getrealm.obj" \
+	"$(INTDIR)\getst.obj" \
+	"$(INTDIR)\k_flock.obj" \
+	"$(INTDIR)\k_gethostname.obj" \
+	"$(INTDIR)\k_getport.obj" \
+	"$(INTDIR)\k_getsockinst.obj" \
+	"$(INTDIR)\k_localtime.obj" \
+	"$(INTDIR)\kdc_reply.obj" \
+	"$(INTDIR)\kntoln.obj" \
+	"$(INTDIR)\krb.res" \
+	"$(INTDIR)\krb_check_auth.obj" \
+	"$(INTDIR)\krb_equiv.obj" \
+	"$(INTDIR)\krb_err_txt.obj" \
+	"$(INTDIR)\krb_get_in_tkt.obj" \
+	"$(INTDIR)\lifetime.obj" \
+	"$(INTDIR)\logging.obj" \
+	"$(INTDIR)\lsb_addr_comp.obj" \
+	"$(INTDIR)\mk_auth.obj" \
+	"$(INTDIR)\mk_err.obj" \
+	"$(INTDIR)\mk_priv.obj" \
+	"$(INTDIR)\mk_req.obj" \
+	"$(INTDIR)\mk_safe.obj" \
+	"$(INTDIR)\month_sname.obj" \
+	"$(INTDIR)\name2name.obj" \
+	"$(INTDIR)\netread.obj" \
+	"$(INTDIR)\netwrite.obj" \
+	"$(INTDIR)\one.obj" \
+	"$(INTDIR)\parse_name.obj" \
+	"$(INTDIR)\rd_err.obj" \
+	"$(INTDIR)\rd_priv.obj" \
+	"$(INTDIR)\rd_req.obj" \
+	"$(INTDIR)\rd_safe.obj" \
+	"$(INTDIR)\read_service_key.obj" \
+	"$(INTDIR)\realm_parse.obj" \
+	"$(INTDIR)\recvauth.obj" \
+	"$(INTDIR)\rw.obj" \
+	"$(INTDIR)\save_credentials.obj" \
+	"$(INTDIR)\send_to_kdc.obj" \
+	"$(INTDIR)\sendauth.obj" \
+	"$(INTDIR)\stime.obj" \
+	"$(INTDIR)\str2key.obj" \
+	"$(INTDIR)\ticket_memory.obj" \
+	"$(INTDIR)\time.obj" \
+	"$(INTDIR)\tkt_string.obj" \
+	"$(INTDIR)\unparse_name.obj" \
+	"$(INTDIR)\util.obj" \
+	"$(INTDIR)\verify_user.obj" \
+	"..\des\Release\des.lib"
+
+"$(OUTDIR)\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+
+!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\.\Debug
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0" 
+
+ALL : "$(OUTDIR)\krb.dll"
+
+!ELSE 
+
+ALL : "des - Win32 Debug" "$(OUTDIR)\krb.dll"
+
+!ENDIF 
+
+!IF "$(RECURSE)" == "1" 
+CLEAN :"des - Win32 DebugCLEAN" 
+!ELSE 
+CLEAN : 
+!ENDIF 
+	-@erase "$(INTDIR)\cr_err_reply.obj"
+	-@erase "$(INTDIR)\create_auth_reply.obj"
+	-@erase "$(INTDIR)\create_ciph.obj"
+	-@erase "$(INTDIR)\create_ticket.obj"
+	-@erase "$(INTDIR)\debug_decl.obj"
+	-@erase "$(INTDIR)\decomp_ticket.obj"
+	-@erase "$(INTDIR)\dllmain.obj"
+	-@erase "$(INTDIR)\encrypt_ktext.obj"
+	-@erase "$(INTDIR)\get_ad_tkt.obj"
+	-@erase "$(INTDIR)\get_cred.obj"
+	-@erase "$(INTDIR)\get_default_principal.obj"
+	-@erase "$(INTDIR)\get_host.obj"
+	-@erase "$(INTDIR)\get_in_tkt.obj"
+	-@erase "$(INTDIR)\get_krbrlm.obj"
+	-@erase "$(INTDIR)\get_svc_in_tkt.obj"
+	-@erase "$(INTDIR)\get_tf_fullname.obj"
+	-@erase "$(INTDIR)\get_tf_realm.obj"
+	-@erase "$(INTDIR)\getaddrs.obj"
+	-@erase "$(INTDIR)\getfile.obj"
+	-@erase "$(INTDIR)\getrealm.obj"
+	-@erase "$(INTDIR)\getst.obj"
+	-@erase "$(INTDIR)\k_flock.obj"
+	-@erase "$(INTDIR)\k_gethostname.obj"
+	-@erase "$(INTDIR)\k_getport.obj"
+	-@erase "$(INTDIR)\k_getsockinst.obj"
+	-@erase "$(INTDIR)\k_localtime.obj"
+	-@erase "$(INTDIR)\kdc_reply.obj"
+	-@erase "$(INTDIR)\kntoln.obj"
+	-@erase "$(INTDIR)\krb.res"
+	-@erase "$(INTDIR)\krb_check_auth.obj"
+	-@erase "$(INTDIR)\krb_equiv.obj"
+	-@erase "$(INTDIR)\krb_err_txt.obj"
+	-@erase "$(INTDIR)\krb_get_in_tkt.obj"
+	-@erase "$(INTDIR)\lifetime.obj"
+	-@erase "$(INTDIR)\logging.obj"
+	-@erase "$(INTDIR)\lsb_addr_comp.obj"
+	-@erase "$(INTDIR)\mk_auth.obj"
+	-@erase "$(INTDIR)\mk_err.obj"
+	-@erase "$(INTDIR)\mk_priv.obj"
+	-@erase "$(INTDIR)\mk_req.obj"
+	-@erase "$(INTDIR)\mk_safe.obj"
+	-@erase "$(INTDIR)\month_sname.obj"
+	-@erase "$(INTDIR)\name2name.obj"
+	-@erase "$(INTDIR)\netread.obj"
+	-@erase "$(INTDIR)\netwrite.obj"
+	-@erase "$(INTDIR)\one.obj"
+	-@erase "$(INTDIR)\parse_name.obj"
+	-@erase "$(INTDIR)\rd_err.obj"
+	-@erase "$(INTDIR)\rd_priv.obj"
+	-@erase "$(INTDIR)\rd_req.obj"
+	-@erase "$(INTDIR)\rd_safe.obj"
+	-@erase "$(INTDIR)\read_service_key.obj"
+	-@erase "$(INTDIR)\realm_parse.obj"
+	-@erase "$(INTDIR)\recvauth.obj"
+	-@erase "$(INTDIR)\rw.obj"
+	-@erase "$(INTDIR)\save_credentials.obj"
+	-@erase "$(INTDIR)\send_to_kdc.obj"
+	-@erase "$(INTDIR)\sendauth.obj"
+	-@erase "$(INTDIR)\stime.obj"
+	-@erase "$(INTDIR)\str2key.obj"
+	-@erase "$(INTDIR)\ticket_memory.obj"
+	-@erase "$(INTDIR)\time.obj"
+	-@erase "$(INTDIR)\tkt_string.obj"
+	-@erase "$(INTDIR)\unparse_name.obj"
+	-@erase "$(INTDIR)\util.obj"
+	-@erase "$(INTDIR)\vc50.idb"
+	-@erase "$(INTDIR)\vc50.pdb"
+	-@erase "$(INTDIR)\verify_user.obj"
+	-@erase "$(OUTDIR)\krb.dll"
+	-@erase "$(OUTDIR)\krb.exp"
+	-@erase "$(OUTDIR)\krb.ilk"
+	-@erase "$(OUTDIR)\krb.lib"
+	-@erase "$(OUTDIR)\krb.pdb"
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I\
+ "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D\
+ "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)\krb.pch" /YX /Fo"$(INTDIR)\\"\
+ /Fd"$(INTDIR)\\" /FD /c 
+CPP_OBJS=.\Debug/
+CPP_SBRS=.
+
+.c{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+MTL=midl.exe
+MTL_PROJ=/nologo /D "_DEBUG" /mktyplib203 /win32 
+RSC=rc.exe
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\krb.res" /d "_DEBUG" 
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\krb.bsc" 
+BSC32_SBRS= \
+	
+LINK32=link.exe
+LINK32_FLAGS=..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib\
+ kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\
+ shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll\
+ /incremental:yes /pdb:"$(OUTDIR)\krb.pdb" /debug /machine:I386 /def:".\krb.def"\
+ /out:"$(OUTDIR)\krb.dll" /implib:"$(OUTDIR)\krb.lib" 
+DEF_FILE= \
+	".\krb.def"
+LINK32_OBJS= \
+	"$(INTDIR)\cr_err_reply.obj" \
+	"$(INTDIR)\create_auth_reply.obj" \
+	"$(INTDIR)\create_ciph.obj" \
+	"$(INTDIR)\create_ticket.obj" \
+	"$(INTDIR)\debug_decl.obj" \
+	"$(INTDIR)\decomp_ticket.obj" \
+	"$(INTDIR)\dllmain.obj" \
+	"$(INTDIR)\encrypt_ktext.obj" \
+	"$(INTDIR)\get_ad_tkt.obj" \
+	"$(INTDIR)\get_cred.obj" \
+	"$(INTDIR)\get_default_principal.obj" \
+	"$(INTDIR)\get_host.obj" \
+	"$(INTDIR)\get_in_tkt.obj" \
+	"$(INTDIR)\get_krbrlm.obj" \
+	"$(INTDIR)\get_svc_in_tkt.obj" \
+	"$(INTDIR)\get_tf_fullname.obj" \
+	"$(INTDIR)\get_tf_realm.obj" \
+	"$(INTDIR)\getaddrs.obj" \
+	"$(INTDIR)\getfile.obj" \
+	"$(INTDIR)\getrealm.obj" \
+	"$(INTDIR)\getst.obj" \
+	"$(INTDIR)\k_flock.obj" \
+	"$(INTDIR)\k_gethostname.obj" \
+	"$(INTDIR)\k_getport.obj" \
+	"$(INTDIR)\k_getsockinst.obj" \
+	"$(INTDIR)\k_localtime.obj" \
+	"$(INTDIR)\kdc_reply.obj" \
+	"$(INTDIR)\kntoln.obj" \
+	"$(INTDIR)\krb.res" \
+	"$(INTDIR)\krb_check_auth.obj" \
+	"$(INTDIR)\krb_equiv.obj" \
+	"$(INTDIR)\krb_err_txt.obj" \
+	"$(INTDIR)\krb_get_in_tkt.obj" \
+	"$(INTDIR)\lifetime.obj" \
+	"$(INTDIR)\logging.obj" \
+	"$(INTDIR)\lsb_addr_comp.obj" \
+	"$(INTDIR)\mk_auth.obj" \
+	"$(INTDIR)\mk_err.obj" \
+	"$(INTDIR)\mk_priv.obj" \
+	"$(INTDIR)\mk_req.obj" \
+	"$(INTDIR)\mk_safe.obj" \
+	"$(INTDIR)\month_sname.obj" \
+	"$(INTDIR)\name2name.obj" \
+	"$(INTDIR)\netread.obj" \
+	"$(INTDIR)\netwrite.obj" \
+	"$(INTDIR)\one.obj" \
+	"$(INTDIR)\parse_name.obj" \
+	"$(INTDIR)\rd_err.obj" \
+	"$(INTDIR)\rd_priv.obj" \
+	"$(INTDIR)\rd_req.obj" \
+	"$(INTDIR)\rd_safe.obj" \
+	"$(INTDIR)\read_service_key.obj" \
+	"$(INTDIR)\realm_parse.obj" \
+	"$(INTDIR)\recvauth.obj" \
+	"$(INTDIR)\rw.obj" \
+	"$(INTDIR)\save_credentials.obj" \
+	"$(INTDIR)\send_to_kdc.obj" \
+	"$(INTDIR)\sendauth.obj" \
+	"$(INTDIR)\stime.obj" \
+	"$(INTDIR)\str2key.obj" \
+	"$(INTDIR)\ticket_memory.obj" \
+	"$(INTDIR)\time.obj" \
+	"$(INTDIR)\tkt_string.obj" \
+	"$(INTDIR)\unparse_name.obj" \
+	"$(INTDIR)\util.obj" \
+	"$(INTDIR)\verify_user.obj" \
+	"..\des\Debug\des.lib"
+
+"$(OUTDIR)\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+
+!ENDIF 
+
+
+!IF "$(CFG)" == "krb - Win32 Release" || "$(CFG)" == "krb - Win32 Debug"
+SOURCE=.\cr_err_reply.c
+DEP_CPP_CR_ER=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)"
+
+
+SOURCE=.\create_auth_reply.c
+DEP_CPP_CREAT=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)"
+
+
+SOURCE=.\create_ciph.c
+DEP_CPP_CREATE=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)"
+
+
+SOURCE=.\create_ticket.c
+DEP_CPP_CREATE_=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)"
+
+
+SOURCE=.\debug_decl.c
+DEP_CPP_DEBUG=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)"
+
+
+SOURCE=.\decomp_ticket.c
+DEP_CPP_DECOM=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)"
+
+
+SOURCE=.\dllmain.c
+DEP_CPP_DLLMA=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	".\ticket_memory.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)"
+
+
+SOURCE=.\encrypt_ktext.c
+DEP_CPP_ENCRY=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)"
+
+
+SOURCE=.\get_ad_tkt.c
+DEP_CPP_GET_A=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)"
+
+
+SOURCE=.\get_cred.c
+DEP_CPP_GET_C=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)"
+
+
+SOURCE=.\get_default_principal.c
+DEP_CPP_GET_D=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)"
+
+
+SOURCE=.\get_host.c
+DEP_CPP_GET_H=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)"
+
+
+SOURCE=.\get_in_tkt.c
+DEP_CPP_GET_I=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)"
+
+
+SOURCE=.\get_krbrlm.c
+DEP_CPP_GET_K=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)"
+
+
+SOURCE=.\get_svc_in_tkt.c
+DEP_CPP_GET_S=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)"
+
+
+SOURCE=.\get_tf_fullname.c
+DEP_CPP_GET_T=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)"
+
+
+SOURCE=.\get_tf_realm.c
+DEP_CPP_GET_TF=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)"
+
+
+SOURCE=.\getaddrs.c
+DEP_CPP_GETAD=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)"
+
+
+SOURCE=.\getfile.c
+DEP_CPP_GETFI=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\getfile.obj" : $(SOURCE) $(DEP_CPP_GETFI) "$(INTDIR)"
+
+
+SOURCE=.\getrealm.c
+DEP_CPP_GETRE=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	".\resolve.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)"
+
+
+SOURCE=.\getst.c
+DEP_CPP_GETST=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)"
+
+
+SOURCE=.\k_flock.c
+DEP_CPP_K_FLO=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)"
+
+
+SOURCE=.\k_gethostname.c
+DEP_CPP_K_GET=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)"
+
+
+SOURCE=.\k_getport.c
+DEP_CPP_K_GETP=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)"
+
+
+SOURCE=.\k_getsockinst.c
+DEP_CPP_K_GETS=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)"
+
+
+SOURCE=.\k_localtime.c
+DEP_CPP_K_LOC=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)"
+
+
+SOURCE=.\kdc_reply.c
+DEP_CPP_KDC_R=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)"
+
+
+SOURCE=.\kntoln.c
+DEP_CPP_KNTOL=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)"
+
+
+SOURCE=.\krb_check_auth.c
+DEP_CPP_KRB_C=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)"
+
+
+SOURCE=.\krb_equiv.c
+DEP_CPP_KRB_E=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+
+
+"$(INTDIR)\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)"
+
+
+SOURCE=.\krb_err_txt.c
+DEP_CPP_KRB_ER=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)"
+
+
+SOURCE=.\krb_get_in_tkt.c
+DEP_CPP_KRB_G=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)"
+
+
+SOURCE=.\lifetime.c
+DEP_CPP_LIFET=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)"
+
+
+SOURCE=.\logging.c
+DEP_CPP_LOGGI=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\klog.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)"
+
+
+SOURCE=.\lsb_addr_comp.c
+DEP_CPP_LSB_A=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-archaeology.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)"
+
+
+SOURCE=.\mk_auth.c
+DEP_CPP_MK_AU=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)"
+
+
+SOURCE=.\mk_err.c
+DEP_CPP_MK_ER=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)"
+
+
+SOURCE=.\mk_priv.c
+DEP_CPP_MK_PR=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-archaeology.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)"
+
+
+SOURCE=.\mk_req.c
+DEP_CPP_MK_RE=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)"
+
+
+SOURCE=.\mk_safe.c
+DEP_CPP_MK_SA=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-archaeology.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)"
+
+
+SOURCE=.\month_sname.c
+DEP_CPP_MONTH=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)"
+
+
+SOURCE=.\name2name.c
+DEP_CPP_NAME2=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)"
+
+
+SOURCE=.\netread.c
+DEP_CPP_NETRE=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)"
+
+
+SOURCE=.\netwrite.c
+DEP_CPP_NETWR=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)"
+
+
+SOURCE=.\one.c
+
+"$(INTDIR)\one.obj" : $(SOURCE) "$(INTDIR)"
+
+
+SOURCE=.\parse_name.c
+DEP_CPP_PARSE=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)"
+
+
+SOURCE=.\rd_err.c
+DEP_CPP_RD_ER=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)"
+
+
+SOURCE=.\rd_priv.c
+DEP_CPP_RD_PR=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-archaeology.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)"
+
+
+SOURCE=.\rd_req.c
+DEP_CPP_RD_RE=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)"
+
+
+SOURCE=.\rd_safe.c
+DEP_CPP_RD_SA=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-archaeology.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+
+
+"$(INTDIR)\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)"
+
+
+SOURCE=.\read_service_key.c
+DEP_CPP_READ_=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)"
+
+
+SOURCE=.\realm_parse.c
+DEP_CPP_REALM=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)"
+
+
+SOURCE=.\recvauth.c
+DEP_CPP_RECVA=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)"
+
+
+SOURCE=.\resolve.c
+DEP_CPP_RESOL=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)"
+
+
+SOURCE=.\rw.c
+DEP_CPP_RW_C6a=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\..\include\win32\version.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+
+
+"$(INTDIR)\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C6a) "$(INTDIR)"
+
+
+SOURCE=.\save_credentials.c
+DEP_CPP_SAVE_=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)"
+
+
+SOURCE=.\send_to_kdc.c
+DEP_CPP_SEND_=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\base64.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)"
+
+
+SOURCE=.\sendauth.c
+DEP_CPP_SENDA=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)"
+
+
+SOURCE=.\stime.c
+DEP_CPP_STIME=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)"
+
+
+SOURCE=.\str2key.c
+DEP_CPP_STR2K=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+
+
+"$(INTDIR)\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)"
+
+
+SOURCE=.\ticket_memory.c
+DEP_CPP_TICKE=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	".\ticket_memory.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)"
+
+
+SOURCE=.\time.c
+DEP_CPP_TIME_=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+
+
+"$(INTDIR)\time.obj" : $(SOURCE) $(DEP_CPP_TIME_) "$(INTDIR)"
+
+
+SOURCE=.\tkt_string.c
+DEP_CPP_TKT_S=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)"
+
+
+SOURCE=.\unparse_name.c
+DEP_CPP_UNPAR=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)"
+
+
+SOURCE=.\util.c
+DEP_CPP_UTIL_=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)"
+
+
+SOURCE=.\verify_user.c
+DEP_CPP_VERIF=\
+	"..\..\include\protos.h"\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
+	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)"
+
+
+SOURCE=.\krb.rc
+
+"$(INTDIR)\krb.res" : $(SOURCE) "$(INTDIR)"
+	$(RSC) $(RSC_PROJ) $(SOURCE)
+	
+
+!IF  "$(CFG)" == "krb - Win32 Release"
+
+"des - Win32 Release" : 
+   cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\des"
+   $(MAKE) /$(MAKEFLAGS) /F ".\des.mak" CFG="des - Win32 Release" 
+   cd "..\krb"
+
+"des - Win32 ReleaseCLEAN" : 
+   cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\des"
+   $(MAKE) /$(MAKEFLAGS) CLEAN /F ".\des.mak" CFG="des - Win32 Release"\
+ RECURSE=1 
+   cd "..\krb"
+
+!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
+
+"des - Win32 Debug" : 
+   cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\des"
+   $(MAKE) /$(MAKEFLAGS) /F ".\des.mak" CFG="des - Win32 Debug" 
+   cd "..\krb"
+
+"des - Win32 DebugCLEAN" : 
+   cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\des"
+   $(MAKE) /$(MAKEFLAGS) CLEAN /F ".\des.mak" CFG="des - Win32 Debug" RECURSE=1\
+	
+   cd "..\krb"
+
+!ENDIF 
+
+
+!ENDIF 
+
diff --git a/crypto/kerberosIV/lib/krb/krb.rc b/crypto/kerberosIV/lib/krb/krb.rc
new file mode 100644
index 0000000..413e706
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb.rc
@@ -0,0 +1,105 @@
+//Microsoft Developer Studio generated resource script.
+//
+#include "resource.h"
+
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 2 resource.
+//
+#include "afxres.h"
+
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+/////////////////////////////////////////////////////////////////////////////
+// Swedish resources
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_SVE)
+#ifdef _WIN32
+LANGUAGE LANG_SWEDISH, SUBLANG_DEFAULT
+#pragma code_page(1252)
+#endif //_WIN32
+
+#ifdef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// TEXTINCLUDE
+//
+
+1 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "resource.h\0"
+END
+
+2 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "#include ""afxres.h""\r\n"
+    "\0"
+END
+
+3 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "\r\n"
+    "\0"
+END
+
+#endif    // APSTUDIO_INVOKED
+
+
+#ifndef _MAC
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION 1,0,0,1
+ PRODUCTVERSION 1,0,0,1
+ FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+ FILEFLAGS 0x1L
+#else
+ FILEFLAGS 0x0L
+#endif
+ FILEOS 0x40004L
+ FILETYPE 0x2L
+ FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904b0"
+        BEGIN
+            VALUE "CompanyName", "Royal Institute of Technology (KTH)\0"
+            VALUE "FileDescription", "krb\0"
+            VALUE "FileVersion", "4, 0, 9, 9\0"
+            VALUE "InternalName", "krb\0"
+            VALUE "LegalCopyright", "Copyright � 1996 - 1998  Royal Institute of Technology (KTH)\0"
+            VALUE "OriginalFilename", "krb.dll\0"
+            VALUE "ProductName", "KTH Kerberos\0"
+            VALUE "ProductVersion", "4,0,9,9\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
+
+#endif    // !_MAC
+
+#endif    // Swedish resources
+/////////////////////////////////////////////////////////////////////////////
+
+
+
+#ifndef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 3 resource.
+//
+
+
+/////////////////////////////////////////////////////////////////////////////
+#endif    // not APSTUDIO_INVOKED
+
diff --git a/crypto/kerberosIV/lib/krb/krb_check_auth.c b/crypto/kerberosIV/lib/krb/krb_check_auth.c
new file mode 100644
index 0000000..f20b5c2
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_check_auth.c
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: krb_check_auth.c,v 1.5 1999/12/02 16:58:42 joda Exp $");
+
+/*
+ *
+ * Receive an mutual-authenticator for a server in `packet', with
+ * `checksum', `session', and `schedule' having the appropriate values
+ * and return the data in `msg_data'.
+ *
+ * Return KSUCCESS if the received checksum is correct.
+ *
+ */
+
+int
+krb_check_auth(KTEXT packet,
+	       u_int32_t checksum,
+	       MSG_DAT *msg_data,
+	       des_cblock *session,
+	       struct des_ks_struct *schedule,
+	       struct sockaddr_in *laddr,
+	       struct sockaddr_in *faddr)
+{
+  int ret;
+  u_int32_t checksum2;
+
+  ret = krb_rd_priv (packet->dat, packet->length, schedule, session, faddr,
+		     laddr, msg_data);
+  if (ret != RD_AP_OK)
+    return ret;
+  if (msg_data->app_length != 4)
+    return KFAILURE;
+  krb_get_int (msg_data->app_data, &checksum2, 4, 0);
+  if (checksum2 == checksum + 1)
+    return KSUCCESS;
+  else
+    return KFAILURE;
+}
diff --git a/crypto/kerberosIV/lib/krb/krb_equiv.c b/crypto/kerberosIV/lib/krb/krb_equiv.c
new file mode 100644
index 0000000..271d422
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_equiv.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * int krb_equiv(u_int32_t ipaddr_a, u_int32_t ipaddr_b);
+ *
+ * Given two IP adresses return true if they match
+ * or are considered to belong to the same host.
+ *
+ * For example if /etc/krb.equiv looks like
+ *
+ *    130.237.223.3   192.16.126.3    # alv alv1
+ *    130.237.223.4   192.16.126.4    # byse byse1
+ *    130.237.228.152 192.16.126.9    # topsy topsy1
+ *
+ * krb_equiv(alv, alv1) would return true but
+ * krb_equiv(alv, byse1) would not.
+ *
+ * A comment starts with an '#' and ends with '\n'.
+ *
+ */
+#include "krb_locl.h"
+
+RCSID("$Id: krb_equiv.c,v 1.15 1999/12/02 16:58:42 joda Exp $");
+
+int krb_ignore_ip_address = 0;
+
+int
+krb_equiv(u_int32_t a, u_int32_t b)
+{
+  FILE *fil;
+  char line[256];
+  int hit_a, hit_b;
+  int iscomment;
+  
+  if (a == b)			/* trivial match, also the common case */
+    return 1;
+  
+  if (krb_ignore_ip_address)
+    return 1;			/* if we have decided not to compare */
+
+  a = ntohl(a);
+  b = ntohl(b);
+
+  fil = fopen(KRB_EQUIV, "r");
+  if (fil == NULL)		/* open failed */
+    return 0;
+  
+  hit_a = hit_b = 0;
+  iscomment = 0;
+  while (fgets(line, sizeof(line)-1, fil) != NULL) /* for each line */
+    {
+      char *t = line;
+      int len = strlen(t);
+      
+      /* for each item on this line */
+      while (*t != 0)		/* more addresses on this line? */
+	if (*t == '\n') {
+	  iscomment = hit_a = hit_b = 0;
+	  break;
+	} else if (iscomment)
+	  t = line + len - 1;
+	else if (*t == '#') {		/* rest is comment */
+	  iscomment = 1;
+	  ++t;
+	} else if (*t == '\\' ) /* continuation */
+	  break;
+	else if (isspace((unsigned char)*t))	/* skip space */
+	  t++;
+	else if (isdigit((unsigned char)*t))	/* an address? */
+	  {
+	    u_int32_t tmp;
+	    u_int32_t tmpa, tmpb, tmpc, tmpd;
+	    
+	    sscanf(t, "%d.%d.%d.%d", &tmpa, &tmpb, &tmpc, &tmpd);
+	    tmp = (tmpa << 24) | (tmpb << 16) | (tmpc << 8) | tmpd;
+
+	    /* done with this address */
+	    while (*t == '.' || isdigit((unsigned char)*t))
+	      t++;
+
+	    if (tmp != -1) {	/* an address (and not broadcast) */
+	      u_int32_t mask = (u_int32_t)~0;
+
+	      if (*t == '/') {
+		++t;
+		mask <<= 32 - atoi(t);
+
+		while(isdigit((unsigned char)*t))
+		  ++t;
+	      }
+
+	      if ((tmp & mask) == (a & mask))
+		hit_a = 1;
+	      if ((tmp & mask) == (b & mask))
+		hit_b = 1;
+	      if (hit_a && hit_b) {
+		fclose(fil);
+		return 1;
+	      }
+	    }
+	  }
+	else
+	  ++t;		/* garbage on this line, skip it */
+
+    }
+
+  fclose(fil);
+  return 0;
+}
diff --git a/crypto/kerberosIV/lib/krb/krb_err.et b/crypto/kerberosIV/lib/krb/krb_err.et
new file mode 100644
index 0000000..9dce192
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_err.et
@@ -0,0 +1,65 @@
+#	Copyright 1987,1988 Massachusetts Institute of Technology
+#
+#	For copying and distribution information, see the file
+#	"mit-copyright.h".
+# 
+# This might look like a com_err file, but is not
+#
+id "$Id: krb_err.et,v 1.7 1998/03/29 14:19:52 bg Exp $"
+
+error_table krb
+
+prefix KRBET
+ec KSUCCESS,		"Kerberos successful"
+ec KDC_NAME_EXP,	"Kerberos principal expired"
+ec KDC_SERVICE_EXP,	"Kerberos service expired"
+ec KDC_AUTH_EXP,	"Kerberos auth expired"
+ec KDC_PKT_VER,		"Incorrect kerberos master key version"
+ec KDC_P_MKEY_VER,	"Incorrect kerberos master key version"
+ec KDC_S_MKEY_VER,	"Incorrect kerberos master key version"
+ec KDC_BYTE_ORDER,	"Kerberos error: byte order unknown"
+ec KDC_PR_UNKNOWN,	"Kerberos principal unknown"
+ec KDC_PR_N_UNIQUE,	"Kerberos principal not unique"
+ec KDC_NULL_KEY,	"Kerberos principal has null key"
+index 20
+ec KDC_GEN_ERR,		"Generic error from Kerberos KDC"
+ec GC_TKFIL,		"Can't read Kerberos ticket file"
+ec GC_NOTKT,		"Can't find Kerberos ticket or TGT"
+index 26
+ec MK_AP_TGTEXP,	"Kerberos TGT Expired"
+index 31
+ec RD_AP_UNDEC,		"Kerberos error: Can't decode authenticator"
+ec RD_AP_EXP,		"Kerberos ticket expired"
+ec RD_AP_NYV,		"Kerberos ticket not yet valid"
+ec RD_AP_REPEAT,	"Kerberos error: Repeated request"
+ec RD_AP_NOT_US,	"The kerberos ticket isn't for us"
+ec RD_AP_INCON,		"Kerberos request inconsistent"
+ec RD_AP_TIME,		"Kerberos error: delta_t too big"
+ec RD_AP_BADD,		"Kerberos error: incorrect net address"
+ec RD_AP_VERSION,	"Kerberos protocol version mismatch"
+ec RD_AP_MSG_TYPE,	"Kerberos error: invalid msg type"
+ec RD_AP_MODIFIED,	"Kerberos error: message stream modified"
+ec RD_AP_ORDER,		"Kerberos error: message out of order"
+ec RD_AP_UNAUTHOR,	"Kerberos error: unauthorized request"
+index 51
+ec GT_PW_NULL,		"Kerberos error: current PW is null"
+ec GT_PW_BADPW,		"Kerberos error: Incorrect current password"
+ec GT_PW_PROT,		"Kerberos protocol error"
+ec GT_PW_KDCERR,	"Error returned by Kerberos KDC"
+ec GT_PW_NULLTKT,	"Null Kerberos ticket returned by KDC"
+ec SKDC_RETRY,		"Kerberos error: Retry count exceeded"
+ec SKDC_CANT,		"Kerberos error: Can't send request"
+index 61
+ec INTK_W_NOTALL,	"Kerberos error: not all tickets returned"
+ec INTK_BADPW,		"Kerberos error: incorrect password"
+ec INTK_PROT,		"Kerberos error: Protocol Error"
+index 70
+ec INTK_ERR,		"Other error"
+ec AD_NOTGT,		"Don't have Kerberos ticket-granting ticket"
+index 76
+ec NO_TKT_FIL,		"No ticket file found"
+ec TKT_FIL_ACC,		"Couldn't access ticket file"
+ec TKT_FIL_LCK,		"Couldn't lock ticket file"
+ec TKT_FIL_FMT,		"Bad ticket file format"
+ec TKT_FIL_INI,		"tf_init not called first"
+ec KNAME_FMT,		"Bad Kerberos name format"
diff --git a/crypto/kerberosIV/lib/krb/krb_err_txt.c b/crypto/kerberosIV/lib/krb/krb_err_txt.c
new file mode 100644
index 0000000..cb6cd13
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_err_txt.c
@@ -0,0 +1,299 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: krb_err_txt.c,v 1.13 1998/01/31 08:11:52 joda Exp $");
+
+/*
+ * This file contains an array of error text strings.
+ * The associated error codes (which are defined in "krb.h")
+ * follow the string in the comments at the end of each line.
+ */
+
+const char *krb_err_txt[256] = {
+  "OK",							/* 000 */
+  "Principal expired (kerberos)",			/* 001 */
+  "Service expired (kerberos)",				/* 002 */
+  "Authentication expired (kerberos)",			/* 003 */
+  "Unknown protocol version number (kerberos)", 	/* 004 */
+  "Principal: Incorrect master key version (kerberos)", /* 005 */
+  "Service: Incorrect master key version (kerberos)",   /* 006 */
+  "Bad byte order (kerberos)",				/* 007 */
+  "Principal unknown (kerberos)",			/* 008 */
+  "Principal not unique (kerberos)",			/* 009 */
+  "Principal has null key (kerberos)",			/* 010 */
+  "Timeout in request (kerberos)",			/* 011 */
+  "Reserved error message 12 (kerberos)",		/* 012 */
+  "Reserved error message 13 (kerberos)",		/* 013 */
+  "Reserved error message 14 (kerberos)",		/* 014 */
+  "Reserved error message 15 (kerberos)",		/* 015 */
+  "Reserved error message 16 (kerberos)",		/* 016 */
+  "Reserved error message 17 (kerberos)",		/* 017 */
+  "Reserved error message 18 (kerberos)",		/* 018 */
+  "Reserved error message 19 (kerberos)",		/* 019 */
+  "Permission Denied (kerberos)",			/* 020 */
+  "Can't read ticket file (krb_get_cred)",		/* 021 */
+  "Can't find ticket (krb_get_cred)",			/* 022 */
+  "Reserved error message 23 (krb_get_cred)",		/* 023 */
+  "Reserved error message 24 (krb_get_cred)",		/* 024 */
+  "Reserved error message 25 (krb_get_cred)",		/* 025 */
+  "Ticket granting ticket expired (krb_mk_req)",	/* 026 */
+  "Reserved error message 27 (krb_mk_req)",		/* 027 */
+  "Reserved error message 28 (krb_mk_req)",		/* 028 */
+  "Reserved error message 29 (krb_mk_req)",		/* 029 */
+  "Reserved error message 30 (krb_mk_req)",		/* 030 */
+  "Can't decode authenticator (krb_rd_req)",		/* 031 */
+  "Ticket expired (krb_rd_req)",			/* 032 */
+  "Ticket issue date too far in the future (krb_rd_req)",/* 033 */
+  "Repeat request (krb_rd_req)",			/* 034 */
+  "Ticket for wrong server (krb_rd_req)",		/* 035 */
+  "Request inconsistent (krb_rd_req)",			/* 036 */
+  "Time is out of bounds (krb_rd_req)",			/* 037 */
+  "Incorrect network address (krb_rd_req)",		/* 038 */
+  "Protocol version mismatch (krb_rd_req)",		/* 039 */
+  "Invalid message type (krb_rd_req)",			/* 040 */
+  "Message integrity error (krb_rd_req)",		/* 041 */
+  "Message duplicate or out of order (krb_rd_req)",	/* 042 */
+  "Unauthorized request (krb_rd_req)",			/* 043 */
+  "Reserved error message 44 (krb_rd_req)",		/* 044 */
+  "Reserved error message 45 (krb_rd_req)",		/* 045 */
+  "Reserved error message 46 (krb_rd_req)",		/* 046 */
+  "Reserved error message 47 (krb_rd_req)",		/* 047 */
+  "Reserved error message 48 (krb_rd_req)",		/* 048 */
+  "Reserved error message 49 (krb_rd_req)",		/* 049 */
+  "Reserved error message 50 (krb_rd_req)",		/* 050 */
+  "Current password is NULL (get_pw_tkt)",		/* 051 */
+  "Current password incorrect (get_pw_tkt)",		/* 052 */
+  "Protocol error (gt_pw_tkt)",				/* 053 */
+  "Error returned by KDC (gt_pw_tkt)",			/* 054 */
+  "Null ticket returned by KDC (gt_pw_tkt)",		/* 055 */
+  "Retry count exceeded (send_to_kdc)",			/* 056 */
+  "Can't send request (send_to_kdc)",			/* 057 */
+  "Reserved error message 58 (send_to_kdc)",		/* 058 */
+  "Reserved error message 59 (send_to_kdc)",		/* 059 */
+  "Reserved error message 60 (send_to_kdc)",		/* 060 */
+  "Warning: Not ALL tickets returned",			/* 061 */
+  "Password incorrect",					/* 062 */
+  "Protocol error (get_in_tkt)",			/* 063 */
+  "Reserved error message 64 (get_in_tkt)",		/* 064 */
+  "Reserved error message 65 (get_in_tkt)",		/* 065 */
+  "Reserved error message 66 (get_in_tkt)",		/* 066 */
+  "Reserved error message 67 (get_in_tkt)",		/* 067 */
+  "Reserved error message 68 (get_in_tkt)",		/* 068 */
+  "Reserved error message 69 (get_in_tkt)",		/* 069 */
+  "Generic error (get_in_tkt)(can't write ticket file)", /* 070 */
+  "Don't have ticket granting ticket (get_ad_tkt)",	/* 071 */
+  "Can't get inter-realm ticket granting ticket (get_ad_tkt)",	/* 072 */
+  "Reserved error message 73 (get_ad_tkt)",		/* 073 */
+  "Reserved error message 74 (get_ad_tkt)",		/* 074 */
+  "Reserved error message 75 (get_ad_tkt)",		/* 075 */
+  "No ticket file (tf_util)",				/* 076 */
+  "Can't access ticket file (tf_util)",			/* 077 */
+  "Can't lock ticket file; try later (tf_util)",	/* 078 */
+  "Bad ticket file format (tf_util)",			/* 079 */
+  "Read ticket file before tf_init (tf_util)",		/* 080 */
+  "Bad Kerberos name format (kname_parse)",		/* 081 */
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "(reserved)",
+  "Generic kerberos error (kfailure)",			/* 255 */
+};
+
+static const char err_failure[] = "Unknown error code passed (krb_get_err_text)";
+
+const char *
+krb_get_err_text(int code)
+{
+  if(code < 0 || code >= MAX_KRB_ERRORS)
+    return err_failure;
+  return krb_err_txt[code];
+}
diff --git a/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c b/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c
new file mode 100644
index 0000000..46de59f
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c
@@ -0,0 +1,235 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: krb_get_in_tkt.c,v 1.30 1999/12/02 16:58:42 joda Exp $");
+
+/*
+ * decrypt_tkt(): Given user, instance, realm, passwd, key_proc
+ * and the cipher text sent from the KDC, decrypt the cipher text
+ * using the key returned by key_proc.
+ */
+
+static int
+decrypt_tkt(const char *user,
+	    char *instance,
+	    const char *realm,
+	    const void *arg,
+	    key_proc_t key_proc,
+	    KTEXT *cip)
+{
+    des_cblock key;		/* Key for decrypting cipher */
+    int ret;
+
+    ret = key_proc(user, instance, realm, arg, &key);
+    if (ret != 0)
+	return ret;
+    
+    encrypt_ktext(*cip, &key, DES_DECRYPT);
+
+    memset(&key, 0, sizeof(key));
+    return 0;
+}
+
+/*
+ * krb_get_in_tkt() gets a ticket for a given principal to use a given
+ * service and stores the returned ticket and session key for future
+ * use.
+ *
+ * The "user", "instance", and "realm" arguments give the identity of
+ * the client who will use the ticket.  The "service" and "sinstance"
+ * arguments give the identity of the server that the client wishes
+ * to use.  (The realm of the server is the same as the Kerberos server
+ * to whom the request is sent.)  The "life" argument indicates the
+ * desired lifetime of the ticket; the "key_proc" argument is a pointer
+ * to the routine used for getting the client's private key to decrypt
+ * the reply from Kerberos.  The "decrypt_proc" argument is a pointer
+ * to the routine used to decrypt the reply from Kerberos; and "arg"
+ * is an argument to be passed on to the "key_proc" routine.
+ *
+ * If all goes well, krb_get_in_tkt() returns INTK_OK, otherwise it
+ * returns an error code:  If an AUTH_MSG_ERR_REPLY packet is returned
+ * by Kerberos, then the error code it contains is returned.  Other
+ * error codes returned by this routine include INTK_PROT to indicate
+ * wrong protocol version, INTK_BADPW to indicate bad password (if
+ * decrypted ticket didn't make sense), INTK_ERR if the ticket was for
+ * the wrong server or the ticket store couldn't be initialized.
+ *
+ * The format of the message sent to Kerberos is as follows:
+ *
+ * Size			Variable		Field
+ * ----			--------		-----
+ *
+ * 1 byte		KRB_PROT_VERSION	protocol version number
+ * 1 byte		AUTH_MSG_KDC_REQUEST |	message type
+ *			HOST_BYTE_ORDER		local byte order in lsb
+ * string		user			client's name
+ * string		instance		client's instance
+ * string		realm			client's realm
+ * 4 bytes		tlocal.tv_sec		timestamp in seconds
+ * 1 byte		life			desired lifetime
+ * string		service			service's name
+ * string		sinstance		service's instance
+ */
+
+int
+krb_mk_as_req(const char *user,
+	      const char *instance,
+	      const char *realm, 
+	      const char *service,
+	      const char *sinstance,
+	      int life,
+	      KTEXT cip)
+{
+    KTEXT_ST pkt_st;
+    KTEXT pkt = &pkt_st;	/* Packet to KDC */
+    KTEXT_ST rpkt_st;
+    KTEXT rpkt = &rpkt_st;	/* Reply from KDC */
+    
+    int kerror;
+    struct timeval tv;
+
+    /* BUILD REQUEST PACKET */
+
+    unsigned char *p = pkt->dat;
+    int tmp;
+    size_t rem = sizeof(pkt->dat);
+    
+    tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(AUTH_MSG_KDC_REQUEST, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_nir(user, instance, realm, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    gettimeofday(&tv, NULL);
+    tmp = krb_put_int(tv.tv_sec, p, rem, 4);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(life, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_nir(service, sinstance, NULL, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    pkt->length = p - pkt->dat;
+
+    rpkt->length = 0;
+
+    /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */
+
+    kerror = send_to_kdc(pkt, rpkt, realm);
+    if(kerror) return kerror;
+    kerror = kdc_reply_cipher(rpkt, cip);
+    return kerror;
+}
+
+int
+krb_decode_as_rep(const char *user,
+		  char *instance,
+		  const char *realm,
+		  const char *service,
+		  const char *sinstance, 
+		  key_proc_t key_proc,
+		  decrypt_proc_t decrypt_proc,
+		  const void *arg,
+		  KTEXT as_rep,
+		  CREDENTIALS *cred)
+{
+    int kerror;
+    time_t now;
+    
+    if (decrypt_proc == NULL)
+        decrypt_tkt(user, instance, realm, arg, key_proc, &as_rep);
+    else
+        (*decrypt_proc)(user, instance, realm, arg, key_proc, &as_rep);
+
+    kerror = kdc_reply_cred(as_rep, cred);
+    if(kerror != KSUCCESS)
+	return kerror;
+	
+    if (strcmp(cred->service, service) || 
+	strcmp(cred->instance, sinstance) ||
+	strcmp(cred->realm, realm))	/* not what we asked for */
+	return INTK_ERR;	/* we need a better code here XXX */
+
+    now = time(NULL);
+    if(krb_get_config_bool("kdc_timesync"))
+	krb_set_kdc_time_diff(cred->issue_date - now);
+    else if (abs((int)(now - cred->issue_date)) > CLOCK_SKEW)
+	return RD_AP_TIME; /* XXX should probably be better code */
+
+    return 0;
+}
+
+int
+krb_get_in_tkt(char *user, char *instance, char *realm, 
+	       char *service, char *sinstance, int life,
+	       key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg)
+{
+    KTEXT_ST as_rep;
+    CREDENTIALS cred;
+    int ret;
+
+    ret = krb_mk_as_req(user, instance, realm, 
+			service, sinstance, life, &as_rep);
+    if(ret)
+	return ret;
+    ret = krb_decode_as_rep(user, instance, realm, service, sinstance, 
+			    key_proc, decrypt_proc, arg, &as_rep, &cred);
+    if(ret)
+	return ret;
+
+    return tf_setup(&cred, user, instance);
+}
diff --git a/crypto/kerberosIV/lib/krb/krb_ip_realm.c b/crypto/kerberosIV/lib/krb/krb_ip_realm.c
new file mode 100644
index 0000000..a9581f1
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_ip_realm.c
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 1999 Thomas Nystr�m and Stacken Computer Club
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: krb_ip_realm.c,v 1.2.2.1 1999/12/06 23:01:12 assar Exp $");
+
+/*
+ * Obtain a ticket for ourselves (`user.instance') in REALM and decrypt
+ * it using `password' to verify the address that the KDC got our
+ * request from.
+ * Store in the ticket cache.
+ */
+
+int
+krb_add_our_ip_for_realm(const char *user, const char *instance,
+			 const char *realm, const char *password)
+{
+    des_cblock newkey;
+    des_key_schedule schedule;
+    char scrapbuf[1024];
+    struct in_addr myAddr;
+    KTEXT_ST ticket;
+    CREDENTIALS c;
+    int err;
+    u_int32_t addr;
+
+    if ((err = krb_mk_req(&ticket, (char *)user, (char *)instance,
+			  (char *)realm, 0)) != KSUCCESS)
+	return err;
+
+    if ((err = krb_get_cred((char *)user, (char *)instance, (char *)realm,
+			    &c)) != KSUCCESS)
+	return err;
+
+    des_string_to_key((char *)password, &newkey);
+    des_set_key(&newkey, schedule);
+    err = decomp_ticket(&c.ticket_st,
+			(unsigned char *)scrapbuf, /* Flags */
+			scrapbuf,	/* Authentication name */
+			scrapbuf,	/* Principal's instance */
+			scrapbuf,	/* Principal's authentication domain */
+			/* The Address Of Me That Servers Sees */
+			(u_int32_t *)&addr,
+			(unsigned char *)scrapbuf, /* Session key in ticket */
+			(int *)scrapbuf, /* Lifetime of ticket */
+			(u_int32_t *)scrapbuf, /* Issue time and date */
+			scrapbuf,	/* Service name */
+			scrapbuf,	/* Service instance */
+			&newkey,	/* Secret key */
+			schedule	/* Precomp. key schedule */
+	);
+	
+    if (err != KSUCCESS) {
+	memset(newkey, 0, sizeof(newkey));
+	memset(schedule, 0, sizeof(schedule));
+	return err;
+    }
+
+    myAddr.s_addr = addr;
+
+    err = tf_store_addr(realm, &myAddr);
+
+    memset(newkey, 0, sizeof(newkey));
+    memset(schedule, 0, sizeof(schedule));
+
+    return err;
+}
+
+int
+krb_get_our_ip_for_realm(const char *realm, struct in_addr *ip_addr)
+{
+    return tf_get_addr(realm, ip_addr);
+}
diff --git a/crypto/kerberosIV/lib/krb/krb_locl.h b/crypto/kerberosIV/lib/krb/krb_locl.h
new file mode 100644
index 0000000..02e7fa2
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_locl.h
@@ -0,0 +1,175 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: krb_locl.h,v 1.50 1999/12/02 16:58:42 joda Exp $ */
+
+#ifndef __krb_locl_h
+#define __krb_locl_h
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "protos.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <stdarg.h>
+
+#include <errno.h>
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef HAVE_IO_H
+#include <io.h>
+#endif
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#ifdef HAVE_WINSOCK_H
+#include <winsock.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
+
+#endif
+
+#include <roken.h>
+
+#include <krb.h>
+#include <prot.h>
+
+#include "resolve.h"
+#include "krb_log.h"
+
+/* --- */
+
+/* Utils */
+int
+krb_name_to_name __P((
+	const char *host,
+	char *phost,
+	size_t phost_size));
+
+void
+encrypt_ktext __P((
+	KTEXT cip,
+	des_cblock *key,
+	int encrypt));
+
+int
+kdc_reply_cipher __P((
+	KTEXT reply,
+	KTEXT cip));
+
+int
+kdc_reply_cred __P((
+	KTEXT cip,
+	CREDENTIALS *cred));
+
+void
+k_ricercar __P((char *name));
+
+
+/* used in rd_safe.c and mk_safe.c */
+
+void
+fixup_quad_cksum __P((
+	void *start,
+	size_t len,
+	des_cblock *key,
+	void *new_checksum,
+	void *old_checksum,
+	int little));
+
+void
+krb_kdctimeofday __P((struct timeval *tv));
+
+#endif /*  __krb_locl_h */
diff --git a/crypto/kerberosIV/lib/krb/krb_log.h b/crypto/kerberosIV/lib/krb/krb_log.h
new file mode 100644
index 0000000..5155bc7
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_log.h
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: krb_log.h,v 1.3 1999/12/02 16:58:42 joda Exp $ */
+
+#include <krb.h>
+
+#ifndef __KRB_LOG_H__
+#define __KRB_LOG_H__
+
+#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(X)
+#endif
+
+__BEGIN_DECLS
+
+/* logging.c */
+
+typedef int (*krb_log_func_t) __P((FILE *, const char *, va_list));
+
+typedef krb_log_func_t krb_warnfn_t;
+
+struct krb_log_facility;
+
+int krb_vlogger __P((struct krb_log_facility*, const char *, va_list)) 
+	__attribute__ ((format (printf, 2, 0)));
+int krb_logger __P((struct krb_log_facility*, const char *, ...))
+	__attribute__ ((format (printf, 2, 3)));
+int krb_openlog __P((struct krb_log_facility*, char*, FILE*, krb_log_func_t));
+
+void krb_set_warnfn  __P((krb_warnfn_t));
+krb_warnfn_t krb_get_warnfn  __P((void));
+void krb_warning  __P((const char*, ...))
+	__attribute__ ((format (printf, 1, 2)));
+
+void kset_logfile __P((char*));
+void krb_log __P((const char*, ...))
+	__attribute__ ((format (printf, 1, 2)));
+char *klog __P((int, const char*, ...))
+	__attribute__ ((format (printf, 2, 3)));
+
+__END_DECLS
+
+#endif /* __KRB_LOG_H__ */
diff --git a/crypto/kerberosIV/lib/krb/krb_net_read.c b/crypto/kerberosIV/lib/krb/krb_net_read.c
new file mode 100644
index 0000000..3830cf9
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_net_read.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: krb_net_read.c,v 1.3 1999/12/02 16:58:42 joda Exp $");
+
+int
+krb_net_read (int fd, void *buf, size_t nbytes)
+{
+    return net_read (fd, buf, nbytes);
+}
diff --git a/crypto/kerberosIV/lib/krb/krb_net_write.c b/crypto/kerberosIV/lib/krb/krb_net_write.c
new file mode 100644
index 0000000..0473685
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_net_write.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: krb_net_write.c,v 1.3 1999/12/02 16:58:42 joda Exp $");
+
+int
+krb_net_write (int fd, const void *buf, size_t nbytes)
+{
+    return net_write (fd, buf, nbytes);
+}
diff --git a/crypto/kerberosIV/lib/krb/kuserok.c b/crypto/kerberosIV/lib/krb/kuserok.c
new file mode 100644
index 0000000..4913eaf
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/kuserok.c
@@ -0,0 +1,169 @@
+/*
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: kuserok.c,v 1.25 1999/12/02 16:58:42 joda Exp $");
+
+#define OK 0
+#define NOTOK 1
+#define MAX_USERNAME 10
+
+/*
+ * Return OK if `r' is one of the local realms, else NOTOK
+ */
+
+static int
+is_local_realm (const char *r)
+{
+    char lrealm[REALM_SZ];
+    int n;
+
+    for (n = 1; krb_get_lrealm(lrealm, n) == KSUCCESS; ++n) {
+	if (strcmp (r, lrealm) == 0)
+	    return OK;
+    }
+    return NOTOK;
+}
+
+/* 
+ * Given a Kerberos principal and a local username, determine whether
+ * user is authorized to login according to the authorization file
+ * ("~luser/.klogin" by default).  Returns OK if authorized, NOTOK if
+ * not authorized.
+ *
+ * IMPORTANT CHANGE: To eliminate the need of making a distinction
+ * between the 3 cases:
+ *
+ * 1. We can't verify that a .klogin file doesn't exist (no home dir).
+ * 2. It's there but we aren't allowed to read it.
+ * 3. We can read it and ~luser@LOCALREALM is (not) included.
+ *
+ * We instead make the assumption that luser@LOCALREALM is *always*
+ * included. Thus it is impossible to have an empty .klogin file and
+ * also to exclude luser@LOCALREALM from it. Root is treated differently
+ * since it's home should always be available.
+ *
+ * OLD STRATEGY:
+ * If there is no account for "luser" on the local machine, returns
+ * NOTOK.  If there is no authorization file, and the given Kerberos
+ * name "kdata" translates to the same name as "luser" (using
+ * krb_kntoln()), returns OK.  Otherwise, if the authorization file
+ * can't be accessed, returns NOTOK.  Otherwise, the file is read for
+ * a matching principal name, instance, and realm.  If one is found,
+ * returns OK, if none is found, returns NOTOK.
+ *
+ * The file entries are in the format:
+ *
+ *	name.instance@realm
+ *
+ * one entry per line.
+ *
+ */
+
+int
+krb_kuserok(char *name, char *instance, char *realm, char *luser)
+{
+    struct passwd *pwd;
+    FILE *f;
+    char line[1024];
+    char file[MaxPathLen];
+    struct stat st;
+
+    pwd = getpwnam(luser);
+    if(pwd == NULL)
+	return NOTOK;
+    if (pwd->pw_uid != 0
+	&& strcmp (name, luser) == 0
+	&& strcmp (instance, "") == 0
+	&& is_local_realm (realm) == OK)
+	return OK;
+
+    snprintf(file, sizeof(file), "%s/.klogin", pwd->pw_dir);
+
+    f = fopen(file, "r");
+    if(f == NULL)
+	return NOTOK;
+    
+    /* this is not a working test in filesystems like AFS and DFS */
+    if(fstat(fileno(f), &st) < 0){
+	fclose(f);
+	return NOTOK;
+    }
+    
+    if(st.st_uid != pwd->pw_uid){
+	fclose(f);
+	return NOTOK;
+    }
+    
+    while(fgets(line, sizeof(line), f)){
+	char fname[ANAME_SZ], finst[INST_SZ], frealm[REALM_SZ];
+	if(line[strlen(line) - 1] != '\n')
+	    /* read till end of line */
+	    while(1){
+		int c = fgetc(f);
+		if(c == '\n' || c == EOF)
+		    break;
+	    }
+	else
+	    line[strlen(line) - 1] = 0;
+	
+	if(kname_parse(fname, finst, frealm, line))
+	    continue;
+	if(strcmp(name, fname))
+	    continue;
+	if(strcmp(instance, finst))
+	    continue;
+#if 0 /* don't support principals without realm any longer */
+	if(frealm[0] == 0) {
+	    if (is_local_realm (realm) != OK)
+		continue;
+	} else
+#endif
+	if (strcmp (realm, frealm))
+	    continue;
+
+	fclose(f);
+	return OK;
+    }
+    fclose(f);
+    return NOTOK;
+}
+
+/* compatibility interface */
+
+int
+kuserok(AUTH_DAT *auth, char *luser)
+{
+    return krb_kuserok(auth->pname, auth->pinst, auth->prealm, luser);
+}
diff --git a/crypto/kerberosIV/lib/krb/lifetime.c b/crypto/kerberosIV/lib/krb/lifetime.c
new file mode 100644
index 0000000..1866996
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/lifetime.c
@@ -0,0 +1,213 @@
+/*
+ * Ticket lifetime.  This defines the table used to lookup lifetime
+ * for the fixed part of rande of the one byte lifetime field.  Values
+ * less than 0x80 are intrpreted as the number of 5 minute intervals.
+ * Values from 0x80 to 0xBF should be looked up in this table.  The
+ * value of 0x80 is the same using both methods: 10 and two-thirds
+ * hours .  The lifetime of 0xBF is 30 days.  The intervening values
+ * of have a fixed ratio of roughly 1.06914.  The value 0xFF is
+ * defined to mean a ticket has no expiration time.  This should be
+ * used advisedly since individual servers may impose defacto
+ * upperbounds on ticket lifetimes.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: lifetime.c,v 1.9 1997/05/02 14:29:18 assar Exp $");
+
+/* If you want to disable this feature */
+int krb_no_long_lifetimes = 0;
+
+#define TKTLIFENUMFIXED 64
+#define TKTLIFEMINFIXED 0x80
+#define TKTLIFEMAXFIXED 0xBF
+#define TKTLIFENOEXPIRE 0xFF
+#define MAXTKTLIFETIME	(30*24*3600)	/* 30 days */
+#ifndef NEVERDATE
+#define NEVERDATE ((unsigned long)0x7fffffffL)
+#endif
+
+static const int tkt_lifetimes[TKTLIFENUMFIXED] = {
+    38400,				/* 10.67 hours, 0.44 days */ 
+    41055,				/* 11.40 hours, 0.48 days */ 
+    43894,				/* 12.19 hours, 0.51 days */ 
+    46929,				/* 13.04 hours, 0.54 days */ 
+    50174,				/* 13.94 hours, 0.58 days */ 
+    53643,				/* 14.90 hours, 0.62 days */ 
+    57352,				/* 15.93 hours, 0.66 days */ 
+    61318,				/* 17.03 hours, 0.71 days */ 
+    65558,				/* 18.21 hours, 0.76 days */ 
+    70091,				/* 19.47 hours, 0.81 days */ 
+    74937,				/* 20.82 hours, 0.87 days */ 
+    80119,				/* 22.26 hours, 0.93 days */ 
+    85658,				/* 23.79 hours, 0.99 days */ 
+    91581,				/* 25.44 hours, 1.06 days */ 
+    97914,				/* 27.20 hours, 1.13 days */ 
+    104684,				/* 29.08 hours, 1.21 days */ 
+    111922,				/* 31.09 hours, 1.30 days */ 
+    119661,				/* 33.24 hours, 1.38 days */ 
+    127935,				/* 35.54 hours, 1.48 days */ 
+    136781,				/* 37.99 hours, 1.58 days */ 
+    146239,				/* 40.62 hours, 1.69 days */ 
+    156350,				/* 43.43 hours, 1.81 days */ 
+    167161,				/* 46.43 hours, 1.93 days */ 
+    178720,				/* 49.64 hours, 2.07 days */ 
+    191077,				/* 53.08 hours, 2.21 days */ 
+    204289,				/* 56.75 hours, 2.36 days */ 
+    218415,				/* 60.67 hours, 2.53 days */ 
+    233517,				/* 64.87 hours, 2.70 days */ 
+    249664,				/* 69.35 hours, 2.89 days */ 
+    266926,				/* 74.15 hours, 3.09 days */ 
+    285383,				/* 79.27 hours, 3.30 days */ 
+    305116,				/* 84.75 hours, 3.53 days */ 
+    326213,				/* 90.61 hours, 3.78 days */ 
+    348769,				/* 96.88 hours, 4.04 days */ 
+    372885,				/* 103.58 hours, 4.32 days */ 
+    398668,				/* 110.74 hours, 4.61 days */ 
+    426234,				/* 118.40 hours, 4.93 days */ 
+    455705,				/* 126.58 hours, 5.27 days */ 
+    487215,				/* 135.34 hours, 5.64 days */ 
+    520904,				/* 144.70 hours, 6.03 days */ 
+    556921,				/* 154.70 hours, 6.45 days */ 
+    595430,				/* 165.40 hours, 6.89 days */ 
+    636601,				/* 176.83 hours, 7.37 days */ 
+    680618,				/* 189.06 hours, 7.88 days */ 
+    727680,				/* 202.13 hours, 8.42 days */ 
+    777995,				/* 216.11 hours, 9.00 days */ 
+    831789,				/* 231.05 hours, 9.63 days */ 
+    889303,				/* 247.03 hours, 10.29 days */ 
+    950794,				/* 264.11 hours, 11.00 days */ 
+    1016537,				/* 282.37 hours, 11.77 days */ 
+    1086825,				/* 301.90 hours, 12.58 days */ 
+    1161973,				/* 322.77 hours, 13.45 days */ 
+    1242318,				/* 345.09 hours, 14.38 days */ 
+    1328218,				/* 368.95 hours, 15.37 days */ 
+    1420057,				/* 394.46 hours, 16.44 days */ 
+    1518247,				/* 421.74 hours, 17.57 days */ 
+    1623226,				/* 450.90 hours, 18.79 days */ 
+    1735464,				/* 482.07 hours, 20.09 days */ 
+    1855462,				/* 515.41 hours, 21.48 days */ 
+    1983758,				/* 551.04 hours, 22.96 days */ 
+    2120925,				/* 589.15 hours, 24.55 days */ 
+    2267576,				/* 629.88 hours, 26.25 days */ 
+    2424367,				/* 673.44 hours, 28.06 days */ 
+    2592000};				/* 720.00 hours, 30.00 days */ 
+
+/*
+ * krb_life_to_time - takes a start time and a Kerberos standard
+ * lifetime char and returns the corresponding end time.  There are
+ * four simple cases to be handled.  The first is a life of 0xff,
+ * meaning no expiration, and results in an end time of 0xffffffff.
+ * The second is when life is less than the values covered by the
+ * table.  In this case, the end time is the start time plus the
+ * number of 5 minute intervals specified by life.  The third case
+ * returns start plus the MAXTKTLIFETIME if life is greater than
+ * TKTLIFEMAXFIXED.  The last case, uses the life value (minus
+ * TKTLIFEMINFIXED) as an index into the table to extract the lifetime
+ * in seconds, which is added to start to produce the end time.
+ */
+u_int32_t
+krb_life_to_time(u_int32_t start, int life_)
+{
+    unsigned char life = (unsigned char) life_;
+
+    if (krb_no_long_lifetimes) return start + life*5*60;
+
+    if (life == TKTLIFENOEXPIRE) return NEVERDATE;
+    if (life < TKTLIFEMINFIXED) return start + life*5*60;
+    if (life > TKTLIFEMAXFIXED) return start + MAXTKTLIFETIME;
+    return start + tkt_lifetimes[life - TKTLIFEMINFIXED];
+}
+
+/*
+ * krb_time_to_life - takes start and end times for the ticket and
+ * returns a Kerberos standard lifetime char, possibily using the
+ * tkt_lifetimes table for lifetimes above 127*5 minutes.  First, the
+ * special case of (end == NEVERDATE) is handled to mean no
+ * expiration.  Then negative lifetimes and those greater than the
+ * maximum ticket lifetime are rejected.  Then lifetimes less than the
+ * first table entry are handled by rounding the requested lifetime
+ * *up* to the next 5 minute interval.  The final step is to search
+ * the table for the smallest entry *greater than or equal* to the
+ * requested entry.
+ */
+int krb_time_to_life(u_int32_t start, u_int32_t end)
+{
+    int i;
+    long lifetime = end - start;
+
+    if (krb_no_long_lifetimes) return (lifetime + 5*60 - 1)/(5*60);
+
+    if (end >= NEVERDATE) return TKTLIFENOEXPIRE;
+    if (lifetime > MAXTKTLIFETIME || lifetime <= 0) return 0;
+    if (lifetime < tkt_lifetimes[0]) return (lifetime + 5*60 - 1)/(5*60);
+    for (i=0; i<TKTLIFENUMFIXED; i++) {
+	if (lifetime <= tkt_lifetimes[i]) {
+	    return i+TKTLIFEMINFIXED;
+	}
+    }
+    return 0;
+}
+
+char *
+krb_life_to_atime(int life)
+{
+    static char atime[11+1+2+1+2+1+2+1];
+    unsigned long when;
+    int secs, mins, hours;
+
+    if (life == TKTLIFENOEXPIRE && !krb_no_long_lifetimes)
+	return("Forever");
+    when = krb_life_to_time(0, life);
+    secs = when%60;
+    when /= 60;
+    mins = when%60;
+    when /= 60;
+    hours = when%24;
+    when /= 24;
+    snprintf(atime, sizeof(atime), "%d+%02d:%02d:%02d", (int)when, hours, mins, secs);
+    return(atime);
+}
+
+int
+krb_atime_to_life(char *atime)
+{
+    unsigned long when = 0;
+    char *cp;
+    int colon = 0, plus = 0;
+    int n = 0;
+
+    if (strcasecmp(atime, "forever") == 0)
+	return(TKTLIFENOEXPIRE);
+    
+    for (cp=atime; *cp; cp++) {
+	switch(*cp) {
+	    case '0': case '1': case '2': case '3': case '4':
+	    case '5': case '6': case '7': case '8': case '9':
+		n = n*10 + *cp-'0';
+		break;
+	    case '+':
+		plus++;
+		when += n;
+		when *= 24;
+		n = 0;
+		break;
+	    case ':':
+		colon++;
+		when += n;
+		when *= 60;
+		n = 0;
+		break;
+	    default:
+		break;
+	}
+    }
+    when += n;
+    if (plus == 0 && colon == 0)
+	return((unsigned char)when);
+    while (colon < 2) {
+	when *= 60;
+	colon++;
+    }
+    return(krb_time_to_life(0,when));
+}
diff --git a/crypto/kerberosIV/lib/krb/logging.c b/crypto/kerberosIV/lib/krb/logging.c
new file mode 100644
index 0000000..bac1c18
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/logging.c
@@ -0,0 +1,235 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+#include <klog.h>
+
+RCSID("$Id: logging.c,v 1.18 1999/12/02 16:58:42 joda Exp $");
+
+struct krb_log_facility {
+    char filename[MaxPathLen]; 
+    FILE *file; 
+    krb_log_func_t func;
+};
+
+int
+krb_vlogger(struct krb_log_facility *f, const char *format, va_list args)
+{
+    FILE *file = NULL;
+    int ret;
+
+    if (f->file != NULL)
+	file = f->file;
+    else if (f->filename && f->filename[0])
+	file = fopen(f->filename, "a");
+
+    ret = f->func(file, format, args);
+
+    if (file != f->file)
+	fclose(file);
+    return ret;
+}
+
+int
+krb_logger(struct krb_log_facility *f, const char *format, ...)
+{
+    va_list args;
+    int ret;
+    va_start(args, format);
+    ret = krb_vlogger(f, format, args);
+    va_end(args);
+    return ret;
+}
+
+/*
+ * If FILE * is given log to it, otherwise, log to filename. When
+ * given a file name the file is opened and closed for each log
+ * record.
+ */
+int
+krb_openlog(struct krb_log_facility *f,
+	    char *filename,
+	    FILE *file,
+	    krb_log_func_t func)
+{
+    strlcpy(f->filename, filename, MaxPathLen);
+    f->file = file;
+    f->func = func;
+    return KSUCCESS;
+}
+
+/* ------------------------------------------------------------
+   Compatibility functions from warning.c
+   ------------------------------------------------------------ */
+
+static int
+log_tty(FILE *f, const char *format,  va_list args)
+{
+    if (f != NULL && isatty(fileno(f)))
+	vfprintf(f, format, args);
+    return KSUCCESS;
+}
+
+/* stderr */
+static struct krb_log_facility std_log = { "/dev/tty", NULL, log_tty };
+
+static void
+init_std_log (void)
+{
+  static int done = 0;
+
+  if (!done) {
+    std_log.file = stderr;
+    done = 1;
+  }
+}
+
+/*
+ *
+ */
+void
+krb_set_warnfn (krb_warnfn_t newfunc)
+{
+    init_std_log ();
+    std_log.func =  newfunc;
+}
+
+/*
+ *
+ */
+krb_warnfn_t
+krb_get_warnfn (void)
+{
+    init_std_log ();
+    return std_log.func;
+}
+
+/*
+ * Log warnings to stderr if it's a tty.
+ */
+void
+krb_warning (const char *format, ...)
+{
+    va_list args;
+    
+    init_std_log ();
+    va_start(args, format);
+    krb_vlogger(&std_log, format, args);
+    va_end(args);
+}
+
+/* ------------------------------------------------------------
+   Compatibility functions from klog.c and log.c
+   ------------------------------------------------------------ */
+
+/*
+ * Used by kerberos and kadmind daemons and in libkrb (rd_req.c).
+ *
+ * By default they log to the kerberos server log-file (KRBLOG) to be
+ * backwards compatible.
+ */
+
+static int
+log_with_timestamp_and_nl(FILE *file, const char *format, va_list args)
+{
+    time_t now;
+    if(file == NULL)
+	return KFAILURE;
+    time(&now);
+    fputs(krb_stime(&now), file);
+    fputs(": ", file);
+    vfprintf(file, format, args);
+    fputs("\n", file);
+    fflush(file);
+    return KSUCCESS;
+}
+
+static struct krb_log_facility
+file_log = { KRBLOG, NULL, log_with_timestamp_and_nl };
+
+/*
+ * kset_logfile() changes the name of the file to which
+ * messages are logged.  If kset_logfile() is not called,
+ * the logfile defaults to KRBLOG, defined in "krb.h".
+ */
+
+void
+kset_logfile(char *filename)
+{
+    krb_openlog(&file_log, filename, NULL, log_with_timestamp_and_nl);
+}
+
+/*
+ * krb_log() and klog() is used to add entries to the logfile.
+ *
+ * The log entry consists of a timestamp and the given arguments
+ * printed according to the given "format" string.
+ *
+ * The log file is opened and closed for each log entry.
+ *
+ * If the given log type "type" is unknown, or if the log file
+ * cannot be opened, no entry is made to the log file.
+ *
+ * CHANGE: the type is always ignored
+ *
+ * The return value of klog() is always a pointer to the formatted log
+ * text string "logtxt".
+ */
+
+/* Used in kerberos.c only. */
+char *
+klog(int type, const char *format, ...)
+{
+    static char logtxt[1024];
+
+    va_list ap;
+
+    va_start(ap, format);
+    vsnprintf(logtxt, sizeof(logtxt), format, ap);
+    va_end(ap);
+    
+    krb_logger(&file_log, "%s", logtxt);
+    
+    return logtxt;
+}
+
+/* Used in kadmind and rd_req.c */
+void
+krb_log(const char *format, ...)
+{
+    va_list args;
+
+    va_start(args, format);
+    krb_vlogger(&file_log, format, args);
+    va_end(args);
+}
diff --git a/crypto/kerberosIV/lib/krb/lsb_addr_comp.c b/crypto/kerberosIV/lib/krb/lsb_addr_comp.c
new file mode 100644
index 0000000..e74614d
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/lsb_addr_comp.c
@@ -0,0 +1,134 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: lsb_addr_comp.c,v 1.16 1999/12/02 16:58:42 joda Exp $");
+
+#include "krb-archaeology.h"
+
+int
+krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y)
+{
+    int i;
+    u_int32_t a = 0, b = 0;
+    u_int8_t *p = (u_int8_t*) &x;
+    u_int8_t *q = (u_int8_t*) &y;
+
+    for(i = sizeof(u_int32_t) - 1; i >= 0; i--){
+	a = (a << 8) | p[i];
+	b = (b << 8) | q[i];
+    }
+    if(a > b)
+	return 1;
+    if(a < b)
+	return -1;
+    return 0;
+}
+
+int
+krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y)
+{
+    int i;
+    u_int16_t a = 0, b = 0;
+    u_int8_t *p = (u_int8_t*) &x;
+    u_int8_t *q = (u_int8_t*) &y;
+
+    for(i = sizeof(u_int16_t) - 1; i >= 0; i--){
+	a = (a << 8) | p[i];
+	b = (b << 8) | q[i];
+    }
+    if(a > b)
+	return 1;
+    if(a < b)
+	return -1;
+    return 0;
+}
+
+u_int32_t
+lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst)
+{
+    int dir = 1;
+    const char *fw;
+
+    /*
+     * direction bit is the sign bit of the timestamp.  Ok until
+     * 2038??
+     */
+    if(krb_debug) {
+	krb_warning("lsb_time: src = %s:%u\n", 
+		    inet_ntoa(src->sin_addr), ntohs(src->sin_port));
+	krb_warning("lsb_time: dst = %s:%u\n", 
+		    inet_ntoa(dst->sin_addr), ntohs(dst->sin_port));
+    }
+
+    /* For compatibility with broken old code, compares are done in VAX 
+       byte order (LSBFIRST) */ 
+    if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, /* src < recv */ 
+				   dst->sin_addr.s_addr) < 0) 
+        dir = -1;
+    else if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, 
+					dst->sin_addr.s_addr)==0) 
+        if (krb_lsb_antinet_ushort_less(src->sin_port, dst->sin_port) < 0)
+            dir = -1;
+    /*
+     * all that for one tiny bit!  Heaven help those that talk to
+     * themselves.
+     */
+    if(krb_get_config_bool("reverse_lsb_test")) {
+	if(krb_debug) 
+	    krb_warning("lsb_time: reversing direction: %d -> %d\n", dir, -dir);
+	dir = -dir;
+    }else if((fw = krb_get_config_string("firewall_address"))) {
+	struct in_addr fw_addr;
+	fw_addr.s_addr = inet_addr(fw);
+	if(fw_addr.s_addr != INADDR_NONE) {
+	    int s_lt_d, d_lt_f;
+	    krb_warning("lsb_time: fw = %s\n", inet_ntoa(fw_addr));
+	    /* negate if src < dst < fw || fw < dst < src */
+	    s_lt_d = (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr,
+						 dst->sin_addr.s_addr) == -1);
+	    d_lt_f = (krb_lsb_antinet_ulong_less(fw_addr.s_addr,
+						 dst->sin_addr.s_addr) == 1);
+	    if((s_lt_d ^ d_lt_f) == 0) {
+		if(krb_debug) 
+		    krb_warning("lsb_time: reversing direction: %d -> %d\n", 
+				dir, -dir);
+		dir = -dir;
+	    }
+	}
+    }
+    t = t * dir;
+    t = t & 0xffffffff;
+    return t;
+}
diff --git a/crypto/kerberosIV/lib/krb/mk_auth.c b/crypto/kerberosIV/lib/krb/mk_auth.c
new file mode 100644
index 0000000..65354a9
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/mk_auth.c
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: mk_auth.c,v 1.8 1999/12/02 16:58:43 joda Exp $");
+
+/*
+ * Generate an authenticator for service.instance@realm.
+ * instance is canonicalized by `krb_get_phost'
+ * realm is set to the local realm if realm == NULL
+ * The ticket acquired by `krb_mk_req' is returned in `ticket' and the
+ * authenticator in `buf'.  
+ * Options control the behaviour (see krb_sendauth).
+ */
+
+int
+krb_mk_auth(int32_t options,
+	    KTEXT ticket,
+	    char *service,
+	    char *instance,
+	    char *realm,
+	    u_int32_t checksum,
+	    char *version,
+	    KTEXT buf)
+{
+  char realinst[INST_SZ];
+  char realrealm[REALM_SZ];
+  int ret;
+  char *tmp;
+
+  if (options & KOPT_DONT_CANON)
+    tmp = instance;
+  else
+    tmp = krb_get_phost (instance);
+
+  strlcpy(realinst, tmp, sizeof(realinst));
+
+  if (realm == NULL) {
+    ret = krb_get_lrealm (realrealm, 1);
+    if (ret != KSUCCESS)
+      return ret;
+    realm = realrealm;
+  }
+  
+  if(!(options & KOPT_DONT_MK_REQ)) {
+    ret = krb_mk_req (ticket, service, realinst, realm, checksum);
+    if (ret != KSUCCESS)
+      return ret;
+  }
+    
+  {
+      int tmp;
+      size_t rem = sizeof(buf->dat);
+      unsigned char *p = buf->dat;
+
+      p = buf->dat;
+
+      if (rem < 2 * KRB_SENDAUTH_VLEN)
+	  return KFAILURE;
+      memcpy (p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN);
+      p += KRB_SENDAUTH_VLEN;
+      rem -= KRB_SENDAUTH_VLEN;
+
+      memcpy (p, version, KRB_SENDAUTH_VLEN);
+      p += KRB_SENDAUTH_VLEN;
+      rem -= KRB_SENDAUTH_VLEN;
+
+      tmp = krb_put_int(ticket->length, p, rem, 4);
+      if (tmp < 0)
+	  return KFAILURE;
+      p += tmp;
+      rem -= tmp;
+
+      if (rem < ticket->length)
+	  return KFAILURE;
+      memcpy(p, ticket->dat, ticket->length);
+      p += ticket->length;
+      rem -= ticket->length;
+      buf->length = p - buf->dat;
+  }
+  return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/mk_err.c b/crypto/kerberosIV/lib/krb/mk_err.c
new file mode 100644
index 0000000..11fc059
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/mk_err.c
@@ -0,0 +1,57 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: mk_err.c,v 1.7 1998/06/09 19:25:22 joda Exp $");
+
+/*
+ * This routine creates a general purpose error reply message.  It
+ * doesn't use KTEXT because application protocol may have long
+ * messages, and may want this part of buffer contiguous to other
+ * stuff.
+ *
+ * The error reply is built in "p", using the error code "e" and
+ * error text "e_string" given.  The length of the error reply is
+ * returned.
+ *
+ * The error reply is in the following format:
+ *
+ * unsigned char	KRB_PROT_VERSION	protocol version no.
+ * unsigned char	AUTH_MSG_APPL_ERR	message type
+ * (least significant
+ * bit of above)	HOST_BYTE_ORDER		local byte order
+ * 4 bytes		e			given error code
+ * string		e_string		given error text
+ */
+
+int32_t
+krb_mk_err(u_char *p, int32_t e, char *e_string)
+{
+    unsigned char *start = p;
+    
+    p += krb_put_int(KRB_PROT_VERSION, p, 1, 1);
+    p += krb_put_int(AUTH_MSG_APPL_ERR, p, 1, 1);
+    
+    p += krb_put_int(e, p, 4, 4);
+    p += krb_put_string(e_string, p, strlen(e_string) + 1);
+    return p - start;
+}
diff --git a/crypto/kerberosIV/lib/krb/mk_priv.c b/crypto/kerberosIV/lib/krb/mk_priv.c
new file mode 100644
index 0000000..a72b732
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/mk_priv.c
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: mk_priv.c,v 1.22 1999/12/02 16:58:43 joda Exp $");
+
+/* application include files */
+#include "krb-archaeology.h"
+
+/*
+ * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message.  It takes
+ * some user data "in" of "length" bytes and creates a packet in "out"
+ * consisting of the user data, a timestamp, and the sender's network
+ * address.
+ * The packet is encrypted by pcbc_encrypt(), using the given
+ * "key" and "schedule".
+ * The length of the resulting packet "out" is
+ * returned.
+ *
+ * It is similar to krb_mk_safe() except for the additional key
+ * schedule argument "schedule" and the fact that the data is encrypted
+ * rather than appended with a checksum.  The protocol version is
+ * KRB_PROT_VERSION, defined in "krb.h".
+ *
+ * The "out" packet consists of:
+ *
+ * Size			Variable		Field
+ * ----			--------		-----
+ *
+ * 1 byte		KRB_PROT_VERSION	protocol version number
+ * 1 byte		AUTH_MSG_PRIVATE |	message type plus local
+ *			HOST_BYTE_ORDER		byte order in low bit
+ *
+ * 4 bytes		c_length		length of data
+ * we encrypt from here with pcbc_encrypt
+ * 
+ * 4 bytes		length			length of user data
+ * length		in			user data
+ * 1 byte		msg_time_5ms		timestamp milliseconds
+ * 4 bytes		sender->sin.addr.s_addr	sender's IP address
+ *
+ * 4 bytes		msg_time_sec or		timestamp seconds with
+ *			-msg_time_sec		direction in sign bit
+ *
+ * 0<=n<=7  bytes	pad to 8 byte multiple	zeroes
+ */
+
+int32_t
+krb_mk_priv(void *in, void *out, u_int32_t length, 
+	    struct des_ks_struct *schedule, des_cblock *key, 
+	    struct sockaddr_in *sender, struct sockaddr_in *receiver)
+{
+    unsigned char *p = (unsigned char*)out;
+    unsigned char *cipher;
+
+    struct timeval tv;
+    u_int32_t src_addr;
+    u_int32_t len;
+
+    p += krb_put_int(KRB_PROT_VERSION, p, 1, 1);
+    p += krb_put_int(AUTH_MSG_PRIVATE, p, 1, 1);
+
+    len = 4 + length + 1 + 4 + 4;
+    len = (len + 7) & ~7;
+    p += krb_put_int(len, p, 4, 4);
+    
+    cipher = p;
+
+    p += krb_put_int(length, p, 4, 4);
+    
+    memcpy(p, in, length);
+    p += length;
+    
+    krb_kdctimeofday(&tv);
+
+    *p++ =tv.tv_usec / 5000;
+    
+    src_addr = sender->sin_addr.s_addr;
+    p += krb_put_address(src_addr, p, 4);
+
+    p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4, 4);
+    
+    memset(p, 0, 7);
+
+    des_pcbc_encrypt((des_cblock *)cipher, (des_cblock *)cipher,
+		     len, schedule, key, DES_ENCRYPT);
+
+    return  (cipher - (unsigned char*)out) + len;
+}
diff --git a/crypto/kerberosIV/lib/krb/mk_req.c b/crypto/kerberosIV/lib/krb/mk_req.c
new file mode 100644
index 0000000..5e72e22
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/mk_req.c
@@ -0,0 +1,258 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: mk_req.c,v 1.22 1999/12/02 16:58:43 joda Exp $");
+
+static int lifetime = 255;	/* But no longer than TGT says. */
+
+
+static int
+build_request(KTEXT req, char *name, char *inst, char *realm, 
+	      u_int32_t checksum)
+{
+    struct timeval tv;
+    unsigned char *p = req->dat;
+    int tmp;
+    size_t rem = sizeof(req->dat);
+
+    tmp = krb_put_nir(name, inst, realm, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(checksum, p, rem, 4);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    /* Fill in the times on the request id */
+    krb_kdctimeofday(&tv);
+
+    if (rem < 1)
+	return KFAILURE;
+
+    *p++ = tv.tv_usec / 5000; /* 5ms */
+    --rem;
+    
+    tmp = krb_put_int(tv.tv_sec, p, rem, 4);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    /* Fill to a multiple of 8 bytes for DES */
+    req->length = ((p - req->dat + 7)/8) * 8;
+    return 0;
+}
+
+
+/*
+ * krb_mk_req takes a text structure in which an authenticator is to
+ * be built, the name of a service, an instance, a realm,
+ * and a checksum.  It then retrieves a ticket for
+ * the desired service and creates an authenticator in the text
+ * structure passed as the first argument.  krb_mk_req returns
+ * KSUCCESS on success and a Kerberos error code on failure.
+ *
+ * The peer procedure on the other end is krb_rd_req.  When making
+ * any changes to this routine it is important to make corresponding
+ * changes to krb_rd_req.
+ *
+ * The authenticator consists of the following:
+ *
+ * authent->dat
+ *
+ * unsigned char	KRB_PROT_VERSION	protocol version no.
+ * unsigned char	AUTH_MSG_APPL_REQUEST	message type
+ * (least significant
+ * bit of above)	HOST_BYTE_ORDER		local byte ordering
+ * unsigned char	kvno from ticket	server's key version
+ * string		realm			server's realm
+ * unsigned char	tl			ticket length
+ * unsigned char	idl			request id length
+ * text			ticket->dat		ticket for server
+ * text			req_id->dat		request id
+ *
+ * The ticket information is retrieved from the ticket cache or
+ * fetched from Kerberos.  The request id (called the "authenticator"
+ * in the papers on Kerberos) contains the following:
+ *
+ * req_id->dat
+ *
+ * string		cr.pname		{name, instance, and
+ * string		cr.pinst		realm of principal
+ * string		myrealm			making this request}
+ * 4 bytes		checksum		checksum argument given
+ * unsigned char	tv_local.tf_usec	time (milliseconds)
+ * 4 bytes		tv_local.tv_sec		time (seconds)
+ *
+ * req_id->length = 3 strings + 3 terminating nulls + 5 bytes for time,
+ *                  all rounded up to multiple of 8.
+ */
+
+int
+krb_mk_req(KTEXT authent, char *service, char *instance, char *realm, 
+	   int32_t checksum)
+{
+    KTEXT_ST req_st;
+    KTEXT req_id = &req_st;
+
+    CREDENTIALS cr;             /* Credentials used by retr */
+    KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */
+    int retval;                 /* Returned by krb_get_cred */
+
+    char myrealm[REALM_SZ];
+
+    unsigned char *p = authent->dat;
+    int rem = sizeof(authent->dat);
+    int tmp;
+
+    tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(AUTH_MSG_APPL_REQUEST, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    /* Get the ticket and move it into the authenticator */
+    if (krb_ap_req_debug)
+        krb_warning("Realm: %s\n", realm);
+
+    retval = krb_get_cred(service,instance,realm,&cr);
+
+    if (retval == RET_NOTKT) {
+	retval = get_ad_tkt(service, instance, realm, lifetime);
+	if (retval == KSUCCESS)
+	    retval = krb_get_cred(service, instance, realm, &cr);
+    }
+
+    if (retval != KSUCCESS)
+	return retval;
+
+
+    /*
+     * With multi realm ticket files either find a matching TGT or
+     * else use the first TGT for inter-realm authentication.
+     *
+     * In myrealm hold the realm of the principal "owning" the
+     * corresponding ticket-granting-ticket.
+     */
+
+    retval = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, 0);
+    if (retval == KSUCCESS) {
+      strlcpy(myrealm, realm, REALM_SZ);
+    } else
+      retval = krb_get_tf_realm(TKT_FILE, myrealm);
+    
+    if (retval != KSUCCESS)
+	return retval;
+    
+    if (krb_ap_req_debug)
+        krb_warning("serv=%s.%s@%s princ=%s.%s@%s\n", service, instance, realm,
+		    cr.pname, cr.pinst, myrealm);
+
+    tmp = krb_put_int(cr.kvno, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_string(realm, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(ticket->length, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    retval = build_request(req_id, cr.pname, cr.pinst, myrealm, checksum);
+    if (retval != KSUCCESS)
+	return retval;
+    
+    encrypt_ktext(req_id, &cr.session, DES_ENCRYPT);
+
+    tmp = krb_put_int(req_id->length, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    if (rem < ticket->length + req_id->length)
+	return KFAILURE;
+
+    memcpy(p, ticket->dat, ticket->length);
+    p += ticket->length;
+    rem -= ticket->length;
+    memcpy(p, req_id->dat, req_id->length);
+    p += req_id->length;
+    rem -= req_id->length;
+
+    authent->length = p - authent->dat;
+    
+    memset(&cr, 0, sizeof(cr));
+    memset(&req_st, 0, sizeof(req_st));
+
+    if (krb_ap_req_debug)
+        krb_warning("Authent->length = %d\n", authent->length);
+
+    return KSUCCESS;
+}
+
+/* 
+ * krb_set_lifetime sets the default lifetime for additional tickets
+ * obtained via krb_mk_req().
+ * 
+ * It returns the previous value of the default lifetime.
+ */
+
+int
+krb_set_lifetime(int newval)
+{
+    int olife = lifetime;
+
+    lifetime = newval;
+    return(olife);
+}
diff --git a/crypto/kerberosIV/lib/krb/mk_safe.c b/crypto/kerberosIV/lib/krb/mk_safe.c
new file mode 100644
index 0000000..2e8c5c2
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/mk_safe.c
@@ -0,0 +1,126 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: mk_safe.c,v 1.25 1999/12/02 16:58:43 joda Exp $");
+
+/* application include files */
+#include "krb-archaeology.h"
+
+
+/* from rd_safe.c */
+extern int dqc_type;
+void fixup_quad_cksum(void*, size_t, des_cblock*, void*, void*, int);
+
+/*
+ * krb_mk_safe() constructs an AUTH_MSG_SAFE message.  It takes some
+ * user data "in" of "length" bytes and creates a packet in "out"
+ * consisting of the user data, a timestamp, and the sender's network
+ * address, followed by a checksum computed on the above, using the
+ * given "key".  The length of the resulting packet is returned.
+ *
+ * The "out" packet consists of:
+ *
+ * Size			Variable		Field
+ * ----			--------		-----
+ *
+ * 1 byte		KRB_PROT_VERSION	protocol version number
+ * 1 byte		AUTH_MSG_SAFE |		message type plus local
+ *			HOST_BYTE_ORDER		byte order in low bit
+ *
+ * ===================== begin checksum ================================
+ * 
+ * 4 bytes		length			length of user data
+ * length		in			user data
+ * 1 byte		msg_time_5ms		timestamp milliseconds
+ * 4 bytes		sender->sin.addr.s_addr	sender's IP address
+ *
+ * 4 bytes		msg_time_sec or		timestamp seconds with
+ *			-msg_time_sec		direction in sign bit
+ *
+ * ======================= end checksum ================================
+ *
+ * 16 bytes		big_cksum		quadratic checksum of
+ *						above using "key"
+ */
+
+int32_t
+krb_mk_safe(void *in, void *out, u_int32_t length, des_cblock *key, 
+	    struct sockaddr_in *sender, struct sockaddr_in *receiver)
+{
+    unsigned char * p = (unsigned char*)out;
+    struct timeval tv;
+    unsigned char *start;
+    u_int32_t src_addr;
+
+    p += krb_put_int(KRB_PROT_VERSION, p, 1, 1);
+    p += krb_put_int(AUTH_MSG_SAFE, p, 1, 1);
+    
+    start = p;
+
+    p += krb_put_int(length, p, 4, 4);
+
+    memcpy(p, in, length);
+    p += length;
+    
+    krb_kdctimeofday(&tv);
+
+    *p++ = tv.tv_usec/5000; /* 5ms */
+    
+    src_addr = sender->sin_addr.s_addr;
+    p += krb_put_address(src_addr, p, 4);
+
+    p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4, 4);
+
+    {
+	/* We are faking big endian mode, so we need to fix the
+	 * checksum (that is byte order dependent). We always send a
+	 * checksum of the new type, unless we know that we are
+	 * talking to an old client (this requires a call to
+	 * krb_rd_safe first).  
+	 */
+	unsigned char new_checksum[16];
+	unsigned char old_checksum[16];
+	fixup_quad_cksum(start, p - start, key, new_checksum, old_checksum, 0);
+	
+	if((dqc_type == DES_QUAD_GUESS && DES_QUAD_DEFAULT == DES_QUAD_OLD) || 
+	   dqc_type == DES_QUAD_OLD)
+	    memcpy(p, old_checksum, 16);
+	else
+	    memcpy(p, new_checksum, 16);
+    }
+    p += 16;
+
+    return p - (unsigned char*)out;
+}
diff --git a/crypto/kerberosIV/lib/krb/month_sname.c b/crypto/kerberosIV/lib/krb/month_sname.c
new file mode 100644
index 0000000..aaceee5
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/month_sname.c
@@ -0,0 +1,39 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: month_sname.c,v 1.5 1997/03/23 03:53:14 joda Exp $");
+
+/*
+ * Given an integer 1-12, month_sname() returns a string
+ * containing the first three letters of the corresponding
+ * month.  Returns 0 if the argument is out of range.
+ */
+
+const char *month_sname(int n)
+{
+    static const char *name[] = {
+        "Jan","Feb","Mar","Apr","May","Jun",
+        "Jul","Aug","Sep","Oct","Nov","Dec"
+    };
+    return((n < 1 || n > 12) ? 0 : name [n-1]);
+}
diff --git a/crypto/kerberosIV/lib/krb/name2name.c b/crypto/kerberosIV/lib/krb/name2name.c
new file mode 100644
index 0000000..49e457d
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/name2name.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: name2name.c,v 1.22 1999/12/02 16:58:43 joda Exp $");
+
+/* convert host to a more fully qualified domain name, returns 0 if
+ * phost is the same as host, 1 otherwise. phost should be
+ * phost_size bytes long.
+ */
+
+int
+krb_name_to_name(const char *host, char *phost, size_t phost_size)
+{
+    struct hostent *hp;
+    struct in_addr adr;
+    const char *tmp;
+    
+    adr.s_addr = inet_addr(host);
+    if (adr.s_addr != INADDR_NONE)
+	hp = gethostbyaddr((char *)&adr, sizeof(adr), AF_INET);
+    else
+	hp = gethostbyname(host);
+    if (hp == NULL)
+	tmp = host;
+    else {
+	tmp = hp->h_name;
+	/*
+	 * Broken SunOS 5.4 sometimes keeps the official name as the
+	 * 1:st alias.
+	 */
+        if (strchr(tmp, '.') == NULL
+	    && hp->h_aliases != NULL
+	    && hp->h_aliases[0] != NULL
+	    && strchr (hp->h_aliases[0], '.') != NULL)
+		tmp = hp->h_aliases[0];
+    }
+    strlcpy (phost, tmp, phost_size);
+
+    if (strcmp(phost, host) == 0)
+	return 0;
+    else
+	return 1;
+}
+
+/* lowercase and truncate */
+
+void
+k_ricercar(char *name)
+{
+    unsigned char *p = (unsigned char *)name;
+
+    while(*p && *p != '.'){
+	if(isupper(*p))
+	    *p = tolower(*p);
+	p++;
+    }
+    if(*p == '.')
+	*p = 0;
+}
+
+/*
+ * This routine takes an alias for a host name and returns the first
+ * field, in lower case, of its domain name.
+ *
+ * Example: "fOo.BAR.com" -> "foo"
+ */
+
+char *
+krb_get_phost(const char *alias)
+{
+    static char phost[MaxHostNameLen];
+    
+    krb_name_to_name(alias, phost, sizeof(phost));
+    k_ricercar(phost);
+    return phost;
+}
diff --git a/crypto/kerberosIV/lib/krb/one.c b/crypto/kerberosIV/lib/krb/one.c
new file mode 100644
index 0000000..d43b284
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/one.c
@@ -0,0 +1,27 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+  Export of this software from the United States of America is assumed
+  to require a specific license from the United States Government.
+  It is the responsibility of any person or organization contemplating
+  export to obtain such a license before exporting.
+  
+  WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+  distribute this software and its documentation for any purpose and
+  without fee is hereby granted, provided that the above copyright
+  notice appear in all copies and that both that copyright notice and
+  this permission notice appear in supporting documentation, and that
+  the name of M.I.T. not be used in advertising or publicity pertaining
+  to distribution of the software without specific, written prior
+  permission.  M.I.T. makes no representations about the suitability of
+  this software for any purpose.  It is provided "as is" without express
+  or implied warranty.
+  
+  */
+
+/*
+ * definition of variable set to 1.
+ * used in krb_conf.h to determine host byte order.
+ */
+
+int krbONE = 1;
diff --git a/crypto/kerberosIV/lib/krb/parse_name.c b/crypto/kerberosIV/lib/krb/parse_name.c
new file mode 100644
index 0000000..fcb3394
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/parse_name.c
@@ -0,0 +1,194 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: parse_name.c,v 1.7 1999/12/02 16:58:43 joda Exp $");
+
+int
+krb_parse_name(const char *fullname, krb_principal *principal)
+{
+    const char *p;
+    char *ns, *np;
+    enum {n, i, r} pos = n;
+    int quote = 0;
+    ns = np = principal->name;
+
+    principal->name[0] = 0;
+    principal->instance[0] = 0;
+    principal->realm[0] = 0;
+
+    for(p = fullname; *p; p++){
+	if(np - ns == ANAME_SZ - 1) /* XXX they have the same size */
+	    return KNAME_FMT;
+	if(quote){
+	    *np++ = *p;
+	    quote = 0;
+	    continue;
+	}
+	if(*p == '\\')
+	    quote = 1;
+	else if(*p == '.' && pos == n){
+	    *np = 0;
+	    ns = np = principal->instance;
+	    pos = i;
+	}else if(*p == '@' && (pos == n || pos == i)){
+	    *np = 0;
+	    ns = np = principal->realm;
+	    pos = r;
+	}else
+	    *np++ = *p;
+    }
+    *np = 0;
+    if(quote || principal->name[0] == 0)
+	return KNAME_FMT;
+    return KSUCCESS;
+}
+
+int
+kname_parse(char *np, char *ip, char *rp, char *fullname)
+{
+    krb_principal p;
+    int ret;
+    if((ret = krb_parse_name(fullname, &p)) == 0){
+	strlcpy (np, p.name, ANAME_SZ);
+	strlcpy (ip, p.instance, INST_SZ);
+	if(p.realm[0])
+	    strlcpy (rp, p.realm, REALM_SZ);
+    }
+    return ret;
+}
+/*
+ * k_isname() returns 1 if the given name is a syntactically legitimate
+ * Kerberos name; returns 0 if it's not.
+ */
+
+int
+k_isname(char *s)
+{
+    char c;
+    int backslash = 0;
+
+    if (!*s)
+        return 0;
+    if (strlen(s) > ANAME_SZ - 1)
+        return 0;
+    while ((c = *s++)) {
+        if (backslash) {
+            backslash = 0;
+            continue;
+        }
+        switch(c) {
+        case '\\':
+            backslash = 1;
+            break;
+        case '.':
+            return 0;
+            /* break; */
+        case '@':
+            return 0;
+            /* break; */
+        }
+    }
+    return 1;
+}
+
+
+/*
+ * k_isinst() returns 1 if the given name is a syntactically legitimate
+ * Kerberos instance; returns 0 if it's not.
+ */
+
+int
+k_isinst(char *s)
+{
+    char c;
+    int backslash = 0;
+
+    if (strlen(s) > INST_SZ - 1)
+        return 0;
+    while ((c = *s++)) {
+        if (backslash) {
+            backslash = 0;
+            continue;
+        }
+        switch(c) {
+        case '\\':
+            backslash = 1;
+            break;
+        case '.':
+#if     INSTANCE_DOTS_OK
+            break;
+#else   /* INSTANCE_DOTS_OK */
+            return 0; 
+#endif  /* INSTANCE_DOTS_OK */
+            /* break; */
+        case '@':
+            return 0;
+            /* break; */
+        }
+    }
+    return 1;
+}
+
+/*
+ * k_isrealm() returns 1 if the given name is a syntactically legitimate
+ * Kerberos realm; returns 0 if it's not.
+ */
+
+int
+k_isrealm(char *s)
+{
+    char c;
+    int backslash = 0;
+
+    if (!*s)
+        return 0;
+    if (strlen(s) > REALM_SZ - 1)
+        return 0;
+    while ((c = *s++)) {
+        if (backslash) {
+            backslash = 0;
+            continue;
+        }
+        switch(c) {
+        case '\\':
+            backslash = 1;
+            break;
+        case '@':
+            return 0;
+            /* break; */
+        }
+    }
+    return 1;
+}
diff --git a/crypto/kerberosIV/lib/krb/prot.h b/crypto/kerberosIV/lib/krb/prot.h
new file mode 100644
index 0000000..e207881
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/prot.h
@@ -0,0 +1,72 @@
+/*
+ * $Id: prot.h,v 1.9 1999/11/30 18:57:46 bg Exp $
+ *
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Include file with authentication protocol information.
+ */
+
+#ifndef PROT_DEFS
+#define PROT_DEFS
+
+#include <krb.h>
+
+#define		KRB_SERVICE		"kerberos-iv"
+#define		KRB_PORT		750	/* PC's don't have
+						 * /etc/services */
+#define		KRB_PROT_VERSION 	4
+#define 	MAX_PKT_LEN		1000
+#define		MAX_TXT_LEN		1000
+
+/* Routines to create and read packets may be found in prot.c */
+
+KTEXT create_auth_reply(char *pname, char *pinst, char *prealm, 
+			int32_t time_ws, int n, u_int32_t x_date, 
+			int kvno, KTEXT cipher);
+#ifdef DEBUG
+KTEXT krb_create_death_packet(char *a_name);
+#endif
+
+/* Message types , always leave lsb for byte order */
+
+#define		AUTH_MSG_KDC_REQUEST			 (1<<1)
+#define 	AUTH_MSG_KDC_REPLY			 (2<<1)
+#define		AUTH_MSG_APPL_REQUEST			 (3<<1)
+#define		AUTH_MSG_APPL_REQUEST_MUTUAL		 (4<<1)
+#define		AUTH_MSG_ERR_REPLY			 (5<<1)
+#define		AUTH_MSG_PRIVATE			 (6<<1)
+#define		AUTH_MSG_SAFE				 (7<<1)
+#define		AUTH_MSG_APPL_ERR			 (8<<1)
+#define		AUTH_MSG_KDC_FORWARD			 (9<<1)
+#define		AUTH_MSG_KDC_RENEW			(10<<1)
+#define 	AUTH_MSG_DIE				(63<<1)
+
+/* values for kerb error codes */
+
+#define		KERB_ERR_OK				 0
+#define		KERB_ERR_NAME_EXP			 1
+#define		KERB_ERR_SERVICE_EXP			 2
+#define		KERB_ERR_AUTH_EXP			 3
+#define		KERB_ERR_PKT_VER			 4
+#define		KERB_ERR_NAME_MAST_KEY_VER		 5
+#define		KERB_ERR_SERV_MAST_KEY_VER		 6
+#define		KERB_ERR_BYTE_ORDER			 7
+#define		KERB_ERR_PRINCIPAL_UNKNOWN		 8
+#define		KERB_ERR_PRINCIPAL_NOT_UNIQUE		 9
+#define		KERB_ERR_NULL_KEY			10
+#define		KERB_ERR_TIMEOUT			11
+
+/* sendauth - recvauth */
+
+/*
+ * If the protocol changes, you will need to change the version string
+ * be sure to support old versions of krb_sendauth!
+ */
+
+#define	KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */
+
+#endif /* PROT_DEFS */
diff --git a/crypto/kerberosIV/lib/krb/rd_err.c b/crypto/kerberosIV/lib/krb/rd_err.c
new file mode 100644
index 0000000..76544f1
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/rd_err.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: rd_err.c,v 1.9 1999/12/02 16:58:43 joda Exp $");
+
+/*
+ * Given an AUTH_MSG_APPL_ERR message, "in" and its length "in_length",
+ * return the error code from the message in "code" and the text in
+ * "m_data" as follows:
+ *
+ *	m_data->app_data	points to the error text
+ *	m_data->app_length	points to the length of the error text
+ *
+ * If all goes well, return RD_AP_OK.  If the version number
+ * is wrong, return RD_AP_VERSION, and if it's not an AUTH_MSG_APPL_ERR
+ * type message, return RD_AP_MSG_TYPE.
+ *
+ * The AUTH_MSG_APPL_ERR message format can be found in mk_err.c
+ */
+
+int
+krb_rd_err(u_char *in, u_int32_t in_length, int32_t *code, MSG_DAT *m_data)
+{
+    unsigned char *p = (unsigned char*)in;
+    
+    unsigned char pvno, type;
+    int little_endian;
+
+    pvno = *p++;
+    if(pvno != KRB_PROT_VERSION)
+	return RD_AP_VERSION;
+    
+    type = *p++;
+    little_endian = type & 1;
+    type &= ~1;
+    
+    if(type != AUTH_MSG_APPL_ERR)
+	return RD_AP_MSG_TYPE;
+    
+    p += krb_get_int(p, (u_int32_t *)&code, 4, little_endian);
+    
+    m_data->app_data = p;
+    m_data->app_length = in_length; /* XXX is this correct? */
+    return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/rd_priv.c b/crypto/kerberosIV/lib/krb/rd_priv.c
new file mode 100644
index 0000000..0bb0a40
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/rd_priv.c
@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: rd_priv.c,v 1.27 1999/12/02 16:58:43 joda Exp $");
+
+/* application include files */
+#include "krb-archaeology.h"
+
+/*
+ * krb_rd_priv() decrypts and checks the integrity of an
+ * AUTH_MSG_PRIVATE message.  Given the message received, "in",
+ * the length of that message, "in_length", the key "schedule"
+ * and "key", and the network addresses of the
+ * "sender" and "receiver" of the message, krb_rd_safe() returns
+ * RD_AP_OK if the message is okay, otherwise some error code.
+ *
+ * The message data retrieved from "in" are returned in the structure
+ * "m_data".  The pointer to the application data
+ * (m_data->app_data) refers back to the appropriate place in "in".
+ *
+ * See the file "mk_priv.c" for the format of the AUTH_MSG_PRIVATE
+ * message.  The structure containing the extracted message
+ * information, MSG_DAT, is defined in "krb.h".
+ */
+
+int32_t
+krb_rd_priv(void *in, u_int32_t in_length, 
+	    struct des_ks_struct *schedule, des_cblock *key, 
+	    struct sockaddr_in *sender, struct sockaddr_in *receiver, 
+	    MSG_DAT *m_data)
+{
+    unsigned char *p = (unsigned char*)in;
+    int little_endian;
+    u_int32_t clen;
+    struct timeval tv;
+    u_int32_t src_addr;
+    int delta_t;
+
+    unsigned char pvno, type;
+
+    pvno = *p++;
+    if(pvno != KRB_PROT_VERSION)
+	return RD_AP_VERSION;
+    
+    type = *p++;
+    little_endian = type & 1;
+    type &= ~1;
+
+    p += krb_get_int(p, &clen, 4, little_endian);
+    
+    if(clen + 2 > in_length)
+	return RD_AP_MODIFIED;
+
+    des_pcbc_encrypt((des_cblock*)p, (des_cblock*)p, clen, 
+		     schedule, key, DES_DECRYPT);
+    
+    p += krb_get_int(p, &m_data->app_length, 4, little_endian);
+    if(m_data->app_length + 17 > in_length)
+	return RD_AP_MODIFIED;
+
+    m_data->app_data = p;
+    p += m_data->app_length;
+    
+    m_data->time_5ms = *p++;
+
+    p += krb_get_address(p, &src_addr);
+
+    if (!krb_equiv(src_addr, sender->sin_addr.s_addr))
+	return RD_AP_BADD;
+
+    p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian);
+
+    m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver);
+    
+    gettimeofday(&tv, NULL);
+
+    /* check the time integrity of the msg */
+    delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec));
+    if (delta_t > CLOCK_SKEW)
+	return RD_AP_TIME;
+    if (krb_debug)
+	krb_warning("delta_t = %d\n", (int) delta_t);
+
+    /*
+     * caller must check timestamps for proper order and
+     * replays, since server might have multiple clients
+     * each with its own timestamps and we don't assume
+     * tightly synchronized clocks.
+     */
+
+    return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/rd_req.c b/crypto/kerberosIV/lib/krb/rd_req.c
new file mode 100644
index 0000000..91b27a5
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/rd_req.c
@@ -0,0 +1,319 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: rd_req.c,v 1.27.2.1 1999/12/06 22:04:36 assar Exp $");
+
+static struct timeval t_local = { 0, 0 };
+
+/*
+ * Keep the following information around for subsequent calls
+ * to this routine by the same server using the same key.
+ */
+
+static des_key_schedule serv_key;	/* Key sched to decrypt ticket */
+static des_cblock ky;              /* Initialization vector */
+static int st_kvno;		/* version number for this key */
+static char st_rlm[REALM_SZ];	/* server's realm */
+static char st_nam[ANAME_SZ];	/* service name */
+static char st_inst[INST_SZ];	/* server's instance */
+
+/*
+ * This file contains two functions.  krb_set_key() takes a DES
+ * key or password string and returns a DES key (either the original
+ * key, or the password converted into a DES key) and a key schedule
+ * for it.
+ *
+ * krb_rd_req() reads an authentication request and returns information
+ * about the identity of the requestor, or an indication that the
+ * identity information was not authentic.
+ */
+
+/*
+ * krb_set_key() takes as its first argument either a DES key or a
+ * password string.  The "cvt" argument indicates how the first
+ * argument "key" is to be interpreted: if "cvt" is null, "key" is
+ * taken to be a DES key; if "cvt" is non-null, "key" is taken to
+ * be a password string, and is converted into a DES key using
+ * string_to_key().  In either case, the resulting key is returned
+ * in the external static variable "ky".  A key schedule is
+ * generated for "ky" and returned in the external static variable
+ * "serv_key".
+ *
+ * This routine returns the return value of des_key_sched.
+ *
+ * krb_set_key() needs to be in the same .o file as krb_rd_req() so that
+ * the key set by krb_set_key() is available in private storage for
+ * krb_rd_req().
+ */
+
+int
+krb_set_key(void *key, int cvt)
+{
+#ifdef NOENCRYPTION
+    memset(ky, 0, sizeof(ky));
+    return KSUCCESS;
+#else /* Encrypt */
+    if (cvt)
+        des_string_to_key((char*)key, &ky);
+    else
+        memcpy((char*)ky, key, 8);
+    return(des_key_sched(&ky, serv_key));
+#endif /* NOENCRYPTION */
+}
+
+
+/*
+ * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or
+ * AUTH_MSG_APPL_REQUEST_MUTUAL message created by krb_mk_req(),
+ * checks its integrity and returns a judgement as to the requestor's
+ * identity.
+ *
+ * The "authent" argument is a pointer to the received message.
+ * The "service" and "instance" arguments name the receiving server,
+ * and are used to get the service's ticket to decrypt the ticket
+ * in the message, and to compare against the server name inside the
+ * ticket.  "from_addr" is the network address of the host from which
+ * the message was received; this is checked against the network
+ * address in the ticket.  If "from_addr" is zero, the check is not
+ * performed.  "ad" is an AUTH_DAT structure which is
+ * filled in with information about the sender's identity according
+ * to the authenticator and ticket sent in the message.  Finally,
+ * "fn" contains the name of the file containing the server's key.
+ * (If "fn" is NULL, the server's key is assumed to have been set
+ * by krb_set_key().  If "fn" is the null string ("") the default
+ * file KEYFILE, defined in "krb.h", is used.)
+ *
+ * krb_rd_req() returns RD_AP_OK if the authentication information
+ * was genuine, or one of the following error codes (defined in
+ * "krb.h"):
+ *
+ *	RD_AP_VERSION		- wrong protocol version number
+ *	RD_AP_MSG_TYPE		- wrong message type
+ *	RD_AP_UNDEC		- couldn't decipher the message
+ *	RD_AP_INCON		- inconsistencies found
+ *	RD_AP_BADD		- wrong network address
+ *	RD_AP_TIME		- client time (in authenticator)
+ *				  too far off server time
+ *	RD_AP_NYV		- Kerberos time (in ticket) too
+ *				  far off server time
+ *	RD_AP_EXP		- ticket expired
+ *
+ * For the message format, see krb_mk_req().
+ *
+ * Mutual authentication is not implemented.
+ */
+
+int
+krb_rd_req(KTEXT authent,	/* The received message */
+	   char *service,	/* Service name */
+	   char *instance,	/* Service instance */
+	   int32_t from_addr,	/* Net address of originating host */
+	   AUTH_DAT *ad,	/* Structure to be filled in */
+	   char *fn)		/* Filename to get keys from */
+{
+    static KTEXT_ST ticket;     /* Temp storage for ticket */
+    static KTEXT tkt = &ticket;
+    static KTEXT_ST req_id_st;  /* Temp storage for authenticator */
+    KTEXT req_id = &req_id_st;
+
+    char realm[REALM_SZ];	/* Realm of issuing kerberos */
+
+    unsigned char skey[KKEY_SZ]; /* Session key from ticket */
+    char sname[SNAME_SZ];	/* Service name from ticket */
+    char iname[INST_SZ];	/* Instance name from ticket */
+    char r_aname[ANAME_SZ];	/* Client name from authenticator */
+    char r_inst[INST_SZ];	/* Client instance from authenticator */
+    char r_realm[REALM_SZ];	/* Client realm from authenticator */
+    u_int32_t r_time_sec;	/* Coarse time from authenticator */
+    unsigned long delta_t;      /* Time in authenticator - local time */
+    long tkt_age;		/* Age of ticket */
+    static unsigned char s_kvno;/* Version number of the server's key
+				 * Kerberos used to encrypt ticket */
+
+    struct timeval tv;
+    int status;
+
+    int pvno;
+    int type;
+    int little_endian;
+
+    unsigned char *p;
+
+    if (authent->length <= 0)
+	return(RD_AP_MODIFIED);
+
+    p = authent->dat;
+
+    /* get msg version, type and byte order, and server key version */
+
+    pvno = *p++;
+
+    if(pvno != KRB_PROT_VERSION)
+	return RD_AP_VERSION;
+    
+    type = *p++;
+    
+    little_endian = type & 1;
+    type &= ~1;
+    
+    if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL)
+	return RD_AP_MSG_TYPE;
+
+    s_kvno = *p++;
+
+    p += krb_get_string(p, realm, sizeof(realm));
+
+    /*
+     * If "fn" is NULL, key info should already be set; don't
+     * bother with ticket file.  Otherwise, check to see if we
+     * already have key info for the given server and key version
+     * (saved in the static st_* variables).  If not, go get it
+     * from the ticket file.  If "fn" is the null string, use the
+     * default ticket file.
+     */
+    if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) ||
+               strcmp(st_rlm,realm) || (st_kvno != s_kvno))) {
+        if (*fn == 0) fn = (char *)KEYFILE;
+        st_kvno = s_kvno;
+        if (read_service_key(service, instance, realm, s_kvno,
+			     fn, (char *)skey))
+            return(RD_AP_UNDEC);
+        if ((status = krb_set_key((char*)skey, 0)))
+	    return(status);
+        strlcpy (st_rlm, realm, REALM_SZ);
+        strlcpy (st_nam, service, SNAME_SZ);
+        strlcpy (st_inst, instance, INST_SZ);
+    }
+
+    tkt->length = *p++;
+
+    req_id->length = *p++;
+
+    if(tkt->length + (p - authent->dat) > authent->length)
+	return RD_AP_MODIFIED;
+
+    memcpy(tkt->dat, p, tkt->length);
+    p += tkt->length;
+
+    if (krb_ap_req_debug)
+        krb_log("ticket->length: %d",tkt->length);
+
+    /* Decrypt and take apart ticket */
+    if (decomp_ticket(tkt, &ad->k_flags, ad->pname, ad->pinst, ad->prealm,
+                      &ad->address, ad->session, &ad->life,
+                      &ad->time_sec, sname, iname, &ky, serv_key))
+        return RD_AP_UNDEC;
+    
+    if (krb_ap_req_debug) {
+        krb_log("Ticket Contents.");
+        krb_log(" Aname:   %s.%s",ad->pname, ad->prealm);
+        krb_log(" Service: %s", krb_unparse_name_long(sname, iname, NULL));
+    }
+
+    /* Extract the authenticator */
+    
+    if(req_id->length + (p - authent->dat) > authent->length)
+	return RD_AP_MODIFIED;
+
+    memcpy(req_id->dat, p, req_id->length);
+    p = req_id->dat;
+    
+#ifndef NOENCRYPTION
+    /* And decrypt it with the session key from the ticket */
+    if (krb_ap_req_debug) krb_log("About to decrypt authenticator");
+
+    encrypt_ktext(req_id, &ad->session, DES_DECRYPT);
+
+    if (krb_ap_req_debug) krb_log("Done.");
+#endif /* NOENCRYPTION */
+
+    /* cast req_id->length to int? */
+#define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED);
+
+    p += krb_get_nir(p, r_aname, r_inst, r_realm); /* XXX no rangecheck */
+
+    p += krb_get_int(p, &ad->checksum, 4, little_endian);
+
+    p++; /* time_5ms is not used */
+
+    p += krb_get_int(p, &r_time_sec, 4, little_endian);
+
+    /* Check for authenticity of the request */
+    if (krb_ap_req_debug)
+        krb_log("Principal: %s.%s@%s / %s.%s@%s",ad->pname,ad->pinst, ad->prealm, 
+	      r_aname, r_inst, r_realm);
+    if (strcmp(ad->pname, r_aname) != 0 ||
+	strcmp(ad->pinst, r_inst) != 0 ||
+	strcmp(ad->prealm, r_realm) != 0)
+	return RD_AP_INCON;
+    
+    if (krb_ap_req_debug)
+        krb_log("Address: %x %x", ad->address, from_addr);
+
+    if (from_addr && (!krb_equiv(ad->address, from_addr)))
+        return RD_AP_BADD;
+
+    gettimeofday(&tv, NULL);
+    delta_t = abs((int)(tv.tv_sec - r_time_sec));
+    if (delta_t > CLOCK_SKEW) {
+        if (krb_ap_req_debug)
+            krb_log("Time out of range: %lu - %lu = %lu",
+		    (unsigned long)t_local.tv_sec,
+		    (unsigned long)r_time_sec,
+		    (unsigned long)delta_t);
+        return RD_AP_TIME;
+    }
+
+    /* Now check for expiration of ticket */
+
+    tkt_age = tv.tv_sec - ad->time_sec;
+    if (krb_ap_req_debug)
+        krb_log("Time: %ld Issue Date: %lu Diff: %ld Life %x",
+		(long)tv.tv_sec,
+		(unsigned long)ad->time_sec,
+		tkt_age,
+		ad->life);
+    
+    if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW))
+	return RD_AP_NYV;
+
+    if (tv.tv_sec > krb_life_to_time(ad->time_sec, ad->life))
+        return RD_AP_EXP;
+
+    /* All seems OK */
+    ad->reply.length = 0;
+
+    return(RD_AP_OK);
+}
diff --git a/crypto/kerberosIV/lib/krb/rd_safe.c b/crypto/kerberosIV/lib/krb/rd_safe.c
new file mode 100644
index 0000000..fd8f35e
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/rd_safe.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: rd_safe.c,v 1.26 1999/12/02 16:58:43 joda Exp $");
+
+/* application include files */
+#include "krb-archaeology.h"
+
+/* Generate two checksums in the given byteorder of the data, one
+ * new-form and one old-form. It has to be done this way to be
+ * compatible with the old version of des_quad_cksum.
+ */
+
+/* des_quad_chsum-type; 0 == unknown, 1 == new PL10++, 2 == old */
+int dqc_type = DES_QUAD_DEFAULT;
+
+void
+fixup_quad_cksum(void *start, size_t len, des_cblock *key, 
+		 void *new_checksum, void *old_checksum, int little)
+{
+    des_quad_cksum((des_cblock*)start, (des_cblock*)new_checksum, len, 2, key);
+    if(HOST_BYTE_ORDER){
+	if(little){
+	    memcpy(old_checksum, new_checksum, 16);
+	}else{
+	    u_int32_t *tmp = (u_int32_t*)new_checksum;
+	    memcpy(old_checksum, new_checksum, 16);
+	    swap_u_16(old_checksum);
+	    swap_u_long(tmp[0]);
+	    swap_u_long(tmp[1]);
+	    swap_u_long(tmp[2]);
+	    swap_u_long(tmp[3]);
+	}
+    }else{
+	if(little){
+	    u_int32_t *tmp = (u_int32_t*)new_checksum;
+	    swap_u_long(tmp[0]);
+	    swap_u_long(tmp[1]);
+	    swap_u_long(tmp[2]);
+	    swap_u_long(tmp[3]);
+	    memcpy(old_checksum, new_checksum, 16);
+	}else{
+	    u_int32_t tmp[4];
+	    tmp[0] = ((u_int32_t*)new_checksum)[3];
+	    tmp[1] = ((u_int32_t*)new_checksum)[2];
+	    tmp[2] = ((u_int32_t*)new_checksum)[1];
+	    tmp[3] = ((u_int32_t*)new_checksum)[0];
+	    memcpy(old_checksum, tmp, 16);
+	}
+    }
+}
+
+/*
+ * krb_rd_safe() checks the integrity of an AUTH_MSG_SAFE message.
+ * Given the message received, "in", the length of that message,
+ * "in_length", the "key" to compute the checksum with, and the
+ * network addresses of the "sender" and "receiver" of the message,
+ * krb_rd_safe() returns RD_AP_OK if message is okay, otherwise
+ * some error code.
+ *
+ * The message data retrieved from "in" is returned in the structure
+ * "m_data".  The pointer to the application data (m_data->app_data)
+ * refers back to the appropriate place in "in".
+ *
+ * See the file "mk_safe.c" for the format of the AUTH_MSG_SAFE
+ * message.  The structure containing the extracted message
+ * information, MSG_DAT, is defined in "krb.h".
+ */
+
+int32_t
+krb_rd_safe(void *in, u_int32_t in_length, des_cblock *key, 
+	    struct sockaddr_in *sender, struct sockaddr_in *receiver, 
+	    MSG_DAT *m_data)
+{
+    unsigned char *p = (unsigned char*)in, *start;
+
+    unsigned char pvno, type;
+    int little_endian;
+    struct timeval tv;
+    u_int32_t src_addr;
+    int delta_t;
+    
+
+    pvno = *p++;
+    if(pvno != KRB_PROT_VERSION)
+	return RD_AP_VERSION;
+    
+    type = *p++;
+    little_endian = type & 1;
+    type &= ~1;
+    if(type != AUTH_MSG_SAFE)
+	return RD_AP_MSG_TYPE;
+
+    start = p;
+    
+    p += krb_get_int(p, &m_data->app_length, 4, little_endian);
+    
+    if(m_data->app_length + 31 > in_length)
+	return RD_AP_MODIFIED;
+    
+    m_data->app_data = p;
+
+    p += m_data->app_length;
+
+    m_data->time_5ms = *p++;
+
+    p += krb_get_address(p, &src_addr);
+
+    if (!krb_equiv(src_addr, sender->sin_addr.s_addr))
+        return RD_AP_BADD;
+
+    p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian);
+    m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver);
+    
+    gettimeofday(&tv, NULL);
+
+    delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec));
+    if (delta_t > CLOCK_SKEW) return RD_AP_TIME;
+
+    /*
+     * caller must check timestamps for proper order and replays, since
+     * server might have multiple clients each with its own timestamps
+     * and we don't assume tightly synchronized clocks.
+     */
+
+    {
+	unsigned char new_checksum[16];
+	unsigned char old_checksum[16];
+	fixup_quad_cksum(start, p - start, key, 
+			 new_checksum, old_checksum, little_endian);
+	if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_NEW) && 
+	   memcmp(new_checksum, p, 16) == 0)
+	    dqc_type = DES_QUAD_NEW;
+	else if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_OLD) && 
+		memcmp(old_checksum, p, 16) == 0)
+	    dqc_type = DES_QUAD_OLD;
+	else
+	    return RD_AP_MODIFIED;
+    }
+    return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/read_service_key.c b/crypto/kerberosIV/lib/krb/read_service_key.c
new file mode 100644
index 0000000..55fb98d
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/read_service_key.c
@@ -0,0 +1,117 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: read_service_key.c,v 1.12 1999/09/16 20:41:54 assar Exp $");
+
+/*
+ * The private keys for servers on a given host are stored in a
+ * "srvtab" file (typically "/etc/srvtab").  This routine extracts
+ * a given server's key from the file.
+ *
+ * read_service_key() takes the server's name ("service"), "instance",
+ * and "realm" and a key version number "kvno", and looks in the given
+ * "file" for the corresponding entry, and if found, returns the entry's
+ * key field in "key".
+ * 
+ * If "instance" contains the string "*", then it will match
+ * any instance, and the chosen instance will be copied to that
+ * string.  For this reason it is important that the there is enough
+ * space beyond the "*" to receive the entry.
+ *
+ * If "kvno" is 0, it is treated as a wild card and the first
+ * matching entry regardless of the "vno" field is returned.
+ *
+ * This routine returns KSUCCESS on success, otherwise KFAILURE.
+ *
+ * The format of each "srvtab" entry is as follows:
+ *
+ * Size			Variable		Field in file
+ * ----			--------		-------------
+ * string		serv			server name
+ * string		inst			server instance
+ * string		realm			server realm
+ * 1 byte		vno			server key version #
+ * 8 bytes		key			server's key
+ * ...			...			...
+ */
+
+
+int
+read_service_key(const char *service,	/* Service Name */
+		 char *instance, /* Instance name or "*" */
+		 const char *realm,	/* Realm */
+		 int kvno,	/* Key version number */
+		 const char *file,	/* Filename */
+		 void *key)	/* Pointer to key to be filled in */
+{
+    char serv[SNAME_SZ];
+    char inst[INST_SZ];
+    char rlm[REALM_SZ];
+    unsigned char vno;          /* Key version number */
+    int wcard;
+
+    int stab;
+
+    if ((stab = open(file, O_RDONLY, 0)) < 0)
+        return(KFAILURE);
+
+    wcard = (instance[0] == '*') && (instance[1] == '\0');
+
+    while (getst(stab,serv,SNAME_SZ) > 0) { /* Read sname */
+        getst(stab,inst,INST_SZ); /* Instance */
+        getst(stab,rlm,REALM_SZ); /* Realm */
+        /* Vers number */
+        if (read(stab, &vno, 1) != 1) {
+	    close(stab);
+            return(KFAILURE);
+	}
+        /* Key */
+        if (read(stab,key,8) != 8) {
+	    close(stab);
+            return(KFAILURE);
+	}
+        /* Is this the right service */
+        if (strcmp(serv,service))
+            continue;
+        /* How about instance */
+        if (!wcard && strcmp(inst,instance))
+            continue;
+        if (wcard) {
+	    strlcpy (instance, inst, INST_SZ);
+	}
+        /* Is this the right realm */
+        if (strcmp(rlm,realm)) 
+	    continue;
+
+        /* How about the key version number */
+        if (kvno && kvno != (int) vno)
+            continue;
+
+        close(stab);
+        return(KSUCCESS);
+    }
+
+    /* Can't find the requested service */
+    close(stab);
+    return(KFAILURE);
+}
diff --git a/crypto/kerberosIV/lib/krb/realm_parse.c b/crypto/kerberosIV/lib/krb/realm_parse.c
new file mode 100644
index 0000000..a4f0e7f
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/realm_parse.c
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: realm_parse.c,v 1.17 1999/12/02 16:58:43 joda Exp $");
+
+static int
+realm_parse(char *realm, int length, const char *file)
+{
+    FILE *F;
+    char tr[128];
+    char *p;
+    
+    if ((F = fopen(file,"r")) == NULL)
+	return -1;
+    
+    while(fgets(tr, sizeof(tr), F)){
+	char *unused = NULL;
+	p = strtok_r(tr, " \t\n\r", &unused);
+	if(p && strcasecmp(p, realm) == 0){
+	    fclose(F);
+	    strlcpy (realm, p, length);
+	    return 0;
+	}
+    }
+    fclose(F);
+    return -1;
+}
+
+int
+krb_realm_parse(char *realm, int length)
+{
+    int i;
+    char file[MaxPathLen];
+
+    for(i = 0; krb_get_krbconf(i, file, sizeof(file)) == 0; i++)
+	if (realm_parse(realm, length, file) == 0)
+	    return 0;
+    return -1;
+}
diff --git a/crypto/kerberosIV/lib/krb/recvauth.c b/crypto/kerberosIV/lib/krb/recvauth.c
new file mode 100644
index 0000000..f164b2b
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/recvauth.c
@@ -0,0 +1,192 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: recvauth.c,v 1.19 1998/06/09 19:25:25 joda Exp $");
+
+/*
+ * krb_recvauth() reads (and optionally responds to) a message sent
+ * using krb_sendauth().  The "options" argument is a bit-field of
+ * selected options (see "sendauth.c" for options description).
+ * The only option relevant to krb_recvauth() is KOPT_DO_MUTUAL
+ * (mutual authentication requested).  The "fd" argument supplies
+ * a file descriptor to read from (and write to, if mutual authenti-
+ * cation is requested).
+ *
+ * Part of the received message will be a Kerberos ticket sent by the
+ * client; this is read into the "ticket" argument.  The "service" and
+ * "instance" arguments supply the server's Kerberos name.  If the
+ * "instance" argument is the string "*", it is treated as a wild card
+ * and filled in during the krb_rd_req() call (see read_service_key()).
+ *
+ * The "faddr" and "laddr" give the sending (client) and receiving
+ * (local server) network addresses.  ("laddr" may be left NULL unless
+ * mutual authentication is requested, in which case it must be set.)
+ *
+ * The authentication information extracted from the message is returned
+ * in "kdata".  The "filename" argument indicates the file where the
+ * server's key can be found.  (It is passed on to krb_rd_req().)  If
+ * left null, the default "/etc/srvtab" will be used.
+ *
+ * If mutual authentication is requested, the session key schedule must
+ * be computed in order to reply; this schedule is returned in the
+ * "schedule" argument.  A string containing the application version
+ * number from the received message is returned in "version", which
+ * should be large enough to hold a KRB_SENDAUTH_VLEN-character string.
+ *
+ * See krb_sendauth() for the format of the received client message.
+ *
+ * krb_recvauth() first reads the protocol version string from the
+ * given file descriptor.  If it doesn't match the current protocol
+ * version (KRB_SENDAUTH_VERS), the old-style format is assumed.  In
+ * that case, the string of characters up to the first space is read
+ * and interpreted as the ticket length, then the ticket is read.
+ *
+ * If the first string did match KRB_SENDAUTH_VERS, krb_recvauth()
+ * next reads the application protocol version string.  Then the
+ * ticket length and ticket itself are read.
+ *
+ * The ticket is decrypted and checked by the call to krb_rd_req().
+ * If no mutual authentication is required, the result of the
+ * krb_rd_req() call is retured by this routine.  If mutual authenti-
+ * cation is required, a message in the following format is returned
+ * on "fd":
+ *
+ * Size			Variable		Field
+ * ----			--------		-----
+ *
+ * 4 bytes		tkt_len			length of ticket or -1
+ *						if error occurred
+ *
+ * priv_len		tmp_buf			"private" message created
+ *						by krb_mk_priv() which
+ *						contains the incremented
+ *						checksum sent by the client
+ *						encrypted in the session
+ *						key.  (This field is not
+ *						present in case of error.)
+ *
+ * If all goes well, KSUCCESS is returned; otherwise KFAILURE or some
+ * other error code is returned.
+ */
+
+static int
+send_error_reply(int fd)
+{
+    unsigned char tmp[4] = { 255, 255, 255, 255 };
+    if(krb_net_write(fd, tmp, sizeof(tmp)) != sizeof(tmp))
+	return -1;
+    return 0;
+}
+
+int
+krb_recvauth(int32_t options,	/* bit-pattern of options */
+	     int fd,		/* file descr. to read from */
+	     KTEXT ticket,	/* storage for client's ticket */
+	     char *service,	/* service expected */
+	     char *instance,	/* inst expected (may be filled in) */
+	     struct sockaddr_in *faddr,	/* address of foreign host on fd */
+	     struct sockaddr_in *laddr,	/* local address */
+	     AUTH_DAT *kdata,	/* kerberos data (returned) */
+	     char *filename,	/* name of file with service keys */
+	     struct des_ks_struct *schedule, /* key schedule (return) */
+	     char *version)	/* version string (filled in) */
+{
+    int cc;
+    char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */
+    int rem;
+    int32_t priv_len;
+    u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)];
+
+    if (!(options & KOPT_IGNORE_PROTOCOL)) {
+	/* read the protocol version number */
+	if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN)
+	    return(errno);
+	krb_vers[KRB_SENDAUTH_VLEN] = '\0';
+    }
+
+    /* read the application version string */
+    if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN)
+	return(errno);
+    version[KRB_SENDAUTH_VLEN] = '\0';
+
+    /* get the length of the ticket */
+    {
+	char tmp[4];
+	if (krb_net_read(fd, tmp, 4) != 4)
+	    return -1;
+	krb_get_int(tmp, &ticket->length, 4, 0);
+    }
+    
+    /* sanity check */
+    if (ticket->length <= 0 || ticket->length > MAX_KTXT_LEN) {
+	if (options & KOPT_DO_MUTUAL) {
+	    if(send_error_reply(fd))
+		return -1;
+	    return KFAILURE;
+	} else
+	    return KFAILURE; /* XXX there may still be junk on the fd? */
+    }
+
+    /* read the ticket */
+    if (krb_net_read(fd, ticket->dat, ticket->length) != ticket->length)
+	return -1;
+    /*
+     * now have the ticket.  decrypt it to get the authenticated
+     * data.
+     */
+    rem = krb_rd_req(ticket, service, instance, faddr->sin_addr.s_addr,
+		     kdata, filename);
+
+    /* if we are doing mutual auth, compose a response */
+    if (options & KOPT_DO_MUTUAL) {
+	if (rem != KSUCCESS){
+	    /* the krb_rd_req failed */
+	    if(send_error_reply(fd))
+		return -1;
+	    return rem;
+	}
+	
+	/* add one to the (formerly) sealed checksum, and re-seal it
+	   for return to the client */
+	{ 
+	    unsigned char cs[4];
+	    krb_put_int(kdata->checksum + 1, cs, sizeof(cs), 4);
+#ifndef NOENCRYPTION
+	    des_key_sched(&kdata->session,schedule);
+#endif
+	    priv_len = krb_mk_priv(cs, 
+				   tmp_buf+4, 
+				   4,
+				   schedule,
+				   &kdata->session,
+				   laddr,
+				   faddr);
+	}
+	/* mk_priv will never fail */
+	priv_len += krb_put_int(priv_len, tmp_buf, 4, 4);
+	
+	if((cc = krb_net_write(fd, tmp_buf, priv_len)) != priv_len)
+	    return -1;
+    }
+    return rem;
+}
diff --git a/crypto/kerberosIV/lib/krb/resource.h b/crypto/kerberosIV/lib/krb/resource.h
new file mode 100644
index 0000000..d50551f
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/resource.h
@@ -0,0 +1,15 @@
+//{{NO_DEPENDENCIES}}
+// Microsoft Developer Studio generated include file.
+// Used by krb.rc
+//
+
+// Next default values for new objects
+// 
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_NEXT_RESOURCE_VALUE        101
+#define _APS_NEXT_COMMAND_VALUE         40001
+#define _APS_NEXT_CONTROL_VALUE         1000
+#define _APS_NEXT_SYMED_VALUE           101
+#endif
+#endif
diff --git a/crypto/kerberosIV/lib/krb/roken_rename.h b/crypto/kerberosIV/lib/krb/roken_rename.h
new file mode 100644
index 0000000..bae1098
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/roken_rename.h
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: roken_rename.h,v 1.8 1999/12/02 16:58:44 joda Exp $ */
+
+#ifndef __roken_rename_h__
+#define __roken_rename_h__
+
+/*
+ * Libroken routines that are added libkrb
+ */
+
+#define base64_decode _krb_base64_decode
+#define base64_encode _krb_base64_encode
+
+#define net_write roken_net_write
+#define net_read  roken_net_read
+
+#ifndef HAVE_FLOCK
+#define flock _krb_flock
+#endif
+#ifndef HAVE_GETHOSTNAME
+#define gethostname _krb_gethostname
+#endif
+#ifndef HAVE_GETTIMEOFDAY
+#define gettimeofday _krb_gettimeofday
+#endif
+#ifndef HAVE_GETUID
+#define getuid _krb_getuid
+#endif
+#ifndef HAVE_SNPRINTF
+#define snprintf _krb_snprintf
+#endif
+#ifndef HAVE_ASPRINTF
+#define asprintf _krb_asprintf
+#endif
+#ifndef HAVE_ASNPRINTF
+#define asnprintf _krb_asnprintf
+#endif
+#ifndef HAVE_VASPRINTF
+#define vasprintf _krb_vasprintf
+#endif
+#ifndef HAVE_VASNPRINTF
+#define vasnprintf _krb_vasnprintf
+#endif
+#ifndef HAVE_VSNPRINTF
+#define vsnprintf _krb_vsnprintf
+#endif
+#ifndef HAVE_STRCASECMP
+#define strcasecmp _krb_strcasecmp
+#endif
+#ifndef HAVE_STRNCASECMP
+#define strncasecmp _krb_strncasecmp
+#endif
+#ifndef HAVE_STRDUP
+#define strdup _krb_strdup
+#endif
+#ifndef HAVE_STRNLEN
+#define strnlen _krb_strnlen
+#endif
+#ifndef HAVE_SWAB
+#define swab _krb_swab
+#endif
+#ifndef HAVE_STRTOK_R
+#define strtok_r _krb_strtok_r
+#endif
+
+#endif /* __roken_rename_h__ */
diff --git a/crypto/kerberosIV/lib/krb/rw.c b/crypto/kerberosIV/lib/krb/rw.c
new file mode 100644
index 0000000..88589c3
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/rw.c
@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* Almost all programs use these routines (implicitly) so it's a good
+ * place to put the version string. */
+
+#include "version.h"
+
+#include "krb_locl.h"
+
+RCSID("$Id: rw.c,v 1.12 1999/12/02 16:58:44 joda Exp $");
+
+int
+krb_get_int(void *f, u_int32_t *to, int size, int lsb)
+{
+    int i;
+    unsigned char *from = (unsigned char *)f;
+
+    *to = 0;
+    if(lsb){
+	for(i = size-1; i >= 0; i--)
+	    *to = (*to << 8) | from[i];
+    }else{
+	for(i = 0; i < size; i++)
+	    *to = (*to << 8) | from[i];
+    }
+    return size;
+}
+
+int
+krb_put_int(u_int32_t from, void *to, size_t rem, int size)
+{
+    int i;
+    unsigned char *p = (unsigned char *)to;
+
+    if (rem < size)
+	return -1;
+
+    for(i = size - 1; i >= 0; i--){
+	p[i] = from & 0xff;
+	from >>= 8;
+    }
+    return size;
+}
+
+
+/* addresses are always sent in network byte order */
+
+int
+krb_get_address(void *from, u_int32_t *to)
+{
+    unsigned char *p = (unsigned char*)from;
+    *to = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
+    return 4;
+}
+
+int
+krb_put_address(u_int32_t addr, void *to, size_t rem)
+{
+    return krb_put_int(ntohl(addr), to, rem, 4);
+}
+
+int
+krb_put_string(const char *from, void *to, size_t rem)
+{
+    size_t len = strlen(from) + 1;
+
+    if (rem < len)
+	return -1;
+    memcpy(to, from, len);
+    return len;
+}
+
+int
+krb_get_string(void *from, char *to, size_t to_size)
+{
+    strlcpy (to, (char *)from, to_size);
+    return strlen((char *)from) + 1;
+}
+
+int
+krb_get_nir(void *from, char *name, char *instance, char *realm)
+{
+    char *p = (char *)from;
+
+    p += krb_get_string(p, name, ANAME_SZ);
+    p += krb_get_string(p, instance, INST_SZ);
+    if(realm)
+	p += krb_get_string(p, realm, REALM_SZ);
+    return p - (char *)from;
+}
+
+int
+krb_put_nir(const char *name,
+	    const char *instance,
+	    const char *realm,
+	    void *to,
+	    size_t rem)
+{
+    char *p = (char *)to;
+    int tmp;
+    
+    tmp = krb_put_string(name, p, rem);
+    if (tmp < 0)
+	return tmp;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_string(instance, p, rem);
+    if (tmp < 0)
+	return tmp;
+    p += tmp;
+    rem -= tmp;
+    
+    if (realm) {
+	tmp = krb_put_string(realm, p, rem);
+	if (tmp < 0)
+	    return tmp;
+	p += tmp;
+	rem -= tmp;
+    }
+    return p - (char *)to;
+}
diff --git a/crypto/kerberosIV/lib/krb/save_credentials.c b/crypto/kerberosIV/lib/krb/save_credentials.c
new file mode 100644
index 0000000..cfd6c07
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/save_credentials.c
@@ -0,0 +1,59 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: save_credentials.c,v 1.5 1997/03/23 03:53:17 joda Exp $");
+
+/*
+ * This routine takes a ticket and associated info and calls
+ * tf_save_cred() to store them in the ticket cache.  The peer
+ * routine for extracting a ticket and associated info from the
+ * ticket cache is krb_get_cred().  When changes are made to
+ * this routine, the corresponding changes should be made
+ * in krb_get_cred() as well.
+ *
+ * Returns KSUCCESS if all goes well, otherwise an error returned
+ * by the tf_init() or tf_save_cred() routines.
+ */
+
+int
+save_credentials(char *service,	/* Service name */
+		 char *instance, /* Instance */
+		 char *realm,	/* Auth domain */
+		 unsigned char *session, /* Session key */
+		 int lifetime,	/* Lifetime */
+		 int kvno,	/* Key version number */
+		 KTEXT ticket,	/* The ticket itself */
+		 int32_t issue_date) /* The issue time */
+{
+    int tf_status;   /* return values of the tf_util calls */
+
+    /* Open and lock the ticket file for writing */
+    if ((tf_status = tf_init(TKT_FILE, W_TKT_FIL)) != KSUCCESS)
+	return(tf_status);
+
+    /* Save credentials by appending to the ticket file */
+    tf_status = tf_save_cred(service, instance, realm, session,
+			     lifetime, kvno, ticket, issue_date);
+    tf_close();
+    return (tf_status);
+}
diff --git a/crypto/kerberosIV/lib/krb/send_to_kdc.c b/crypto/kerberosIV/lib/krb/send_to_kdc.c
new file mode 100644
index 0000000..74ac1bb
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/send_to_kdc.c
@@ -0,0 +1,527 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+#include <base64.h>
+
+RCSID("$Id: send_to_kdc.c,v 1.71 1999/11/25 02:20:53 assar Exp $");
+
+struct host {
+    struct sockaddr_in addr;
+    const char *hostname;
+    enum krb_host_proto proto;
+};
+
+static int send_recv(KTEXT pkt, KTEXT rpkt, struct host *host);
+
+/*
+ * send_to_kdc() sends a message to the Kerberos authentication
+ * server(s) in the given realm and returns the reply message.
+ * The "pkt" argument points to the message to be sent to Kerberos;
+ * the "rpkt" argument will be filled in with Kerberos' reply.
+ * The "realm" argument indicates the realm of the Kerberos server(s)
+ * to transact with.  If the realm is null, the local realm is used.
+ *
+ * If more than one Kerberos server is known for a given realm,
+ * different servers will be queried until one of them replies.
+ * Several attempts (retries) are made for each server before
+ * giving up entirely.
+ *
+ * If an answer was received from a Kerberos host, KSUCCESS is
+ * returned.  The following errors can be returned:
+ *
+ * SKDC_CANT    - can't get local realm
+ *              - can't find "kerberos" in /etc/services database
+ *              - can't open socket
+ *              - can't bind socket
+ *              - all ports in use
+ *              - couldn't find any Kerberos host
+ *
+ * SKDC_RETRY   - couldn't get an answer from any Kerberos server,
+ *		  after several retries
+ */
+
+/* always use the admin server */
+static int krb_use_admin_server_flag = 0;
+
+static int client_timeout = -1;
+
+int
+krb_use_admin_server(int flag)
+{
+    int old = krb_use_admin_server_flag;
+    krb_use_admin_server_flag = flag;
+    return old;
+}
+
+#define PROXY_VAR "krb4_proxy"
+
+static int
+expand (struct host **ptr, size_t sz)
+{
+    void *tmp;
+
+    tmp = realloc (*ptr, sz) ;
+    if (tmp == NULL)
+	return SKDC_CANT;
+    *ptr = tmp;
+    return 0;
+}
+
+int
+send_to_kdc(KTEXT pkt, KTEXT rpkt, const char *realm)
+{
+    int i;
+    int no_host; /* was a kerberos host found? */
+    int retry;
+    int n_hosts;
+    int retval;
+    struct hostent *host;
+    char lrealm[REALM_SZ];
+    struct krb_host *k_host;
+    struct host *hosts = malloc(sizeof(*hosts));
+    const char *proxy = krb_get_config_string (PROXY_VAR);
+
+    if (hosts == NULL)
+	return SKDC_CANT;
+
+    if (client_timeout == -1) {
+	const char *to;
+
+	client_timeout = CLIENT_KRB_TIMEOUT;
+	to = krb_get_config_string ("kdc_timeout");
+	if (to != NULL) {
+	    int tmp;
+	    char *end;
+
+	    tmp = strtol (to, &end, 0);
+	    if (end != to)
+		client_timeout = tmp;
+	}
+    }
+
+    /*
+     * If "realm" is non-null, use that, otherwise get the
+     * local realm.
+     */
+    if (realm == NULL) {
+	if (krb_get_lrealm(lrealm,1)) {
+	    if (krb_debug)
+		krb_warning("send_to_kdc: can't get local realm\n");
+	    return(SKDC_CANT);
+	}
+	realm = lrealm;
+    }
+    if (krb_debug)
+	krb_warning("lrealm is %s\n", realm);
+
+    no_host = 1;
+    /* get an initial allocation */
+    n_hosts = 0;
+    for (i = 1;
+	 (k_host = krb_get_host(i, realm, krb_use_admin_server_flag)); 
+	 ++i) {
+	char *p;
+	char **addr_list;
+	int j;
+	int n_addrs;
+	struct host *tmp;
+
+	if (k_host->proto == PROTO_HTTP && proxy != NULL) {
+	    n_addrs = 1;
+	    no_host = 0;
+
+	    retval = expand (&hosts, (n_hosts + n_addrs) * sizeof(*hosts));
+	    if (retval)
+		goto rtn;
+
+	    memset (&hosts[n_hosts].addr, 0, sizeof(struct sockaddr_in));
+	    hosts[n_hosts].addr.sin_port = htons(k_host->port);
+	    hosts[n_hosts].proto         = k_host->proto;
+	    hosts[n_hosts].hostname      = k_host->host;
+	} else {
+	    if (krb_debug)
+		krb_warning("Getting host entry for %s...", k_host->host);
+	    host = gethostbyname(k_host->host);
+	    if (krb_debug) {
+		krb_warning("%s.\n",
+			    host ? "Got it" : "Didn't get it");
+	    }
+	    if (host == NULL)
+		continue;
+	    no_host = 0;    /* found at least one */
+
+	    n_addrs = 0;
+	    for (addr_list = host->h_addr_list;
+		 *addr_list != NULL;
+		 ++addr_list)
+		++n_addrs;
+
+	    retval = expand (&hosts, (n_hosts + n_addrs) * sizeof(*hosts));
+	    if (retval)
+		goto rtn;
+
+	    for (addr_list = host->h_addr_list, j = 0;
+		 (p = *addr_list) != NULL;
+		 ++addr_list, ++j) {
+		memset (&hosts[n_hosts + j].addr, 0,
+			sizeof(struct sockaddr_in));
+		hosts[n_hosts + j].addr.sin_family = host->h_addrtype;
+		hosts[n_hosts + j].addr.sin_port   = htons(k_host->port);
+		hosts[n_hosts + j].proto           = k_host->proto;
+		hosts[n_hosts + j].hostname        = k_host->host;
+		memcpy(&hosts[n_hosts + j].addr.sin_addr, p,
+		       sizeof(struct in_addr));
+	    }
+	}
+
+	for (j = 0; j < n_addrs; ++j) {
+	    if (send_recv(pkt, rpkt, &hosts[n_hosts + j])) {
+		retval = KSUCCESS;
+		goto rtn;
+	    }
+	    if (krb_debug) {
+		krb_warning("Timeout, error, or wrong descriptor\n");
+	    }
+	}
+	n_hosts += j;
+    }
+    if (no_host) {
+	if (krb_debug)
+	    krb_warning("send_to_kdc: can't find any Kerberos host.\n");
+        retval = SKDC_CANT;
+        goto rtn;
+    }
+    /* retry each host in sequence */
+    for (retry = 0; retry < CLIENT_KRB_RETRY; ++retry) {
+	for (i = 0; i < n_hosts; ++i) {
+	    if (send_recv(pkt, rpkt, &hosts[i])) {
+		retval = KSUCCESS;
+		goto rtn;
+	    }
+        }
+    }
+    retval = SKDC_RETRY;
+rtn:
+    free(hosts);
+    return(retval);
+}
+
+static int
+udp_socket(void)
+{
+    return socket(AF_INET, SOCK_DGRAM, 0);
+}
+
+static int
+udp_connect(int s, struct host *host)
+{
+    if(krb_debug) {
+	krb_warning("connecting to %s (%s) udp, port %d\n", 
+		    host->hostname,
+		    inet_ntoa(host->addr.sin_addr),
+		    ntohs(host->addr.sin_port));
+    }
+    return connect(s, (struct sockaddr*)&host->addr, sizeof(host->addr));
+}
+
+static int
+udp_send(int s, struct host *host, KTEXT pkt)
+{
+    if(krb_debug) {
+	krb_warning("sending %d bytes to %s (%s), udp port %d\n", 
+		    pkt->length,
+		    host->hostname,
+		    inet_ntoa(host->addr.sin_addr), 
+		    ntohs(host->addr.sin_port));
+    }
+    return send(s, pkt->dat, pkt->length, 0);
+}
+
+static int
+tcp_socket(void)
+{
+    return socket(AF_INET, SOCK_STREAM, 0);
+}
+
+static int
+tcp_connect(int s, struct host *host)
+{
+    if(krb_debug) {
+	krb_warning("connecting to %s (%s), tcp port %d\n", 
+		    host->hostname,
+		    inet_ntoa(host->addr.sin_addr), 
+		    ntohs(host->addr.sin_port));
+    }
+    return connect(s, (struct sockaddr*)&host->addr, sizeof(host->addr));
+}
+
+static int
+tcp_send(int s, struct host *host, KTEXT pkt)
+{
+    unsigned char len[4];
+
+    if(krb_debug) {
+	krb_warning("sending %d bytes to %s (%s), tcp port %d\n", 
+		    pkt->length,
+		    host->hostname,
+		    inet_ntoa(host->addr.sin_addr), 
+		    ntohs(host->addr.sin_port));
+    }
+    krb_put_int(pkt->length, len, sizeof(len), 4);
+    if(send(s, len, sizeof(len), 0) != sizeof(len))
+	return -1;
+    return send(s, pkt->dat, pkt->length, 0);
+}
+
+static int
+udptcp_recv(void *buf, size_t len, KTEXT rpkt)
+{
+    int pktlen = min(len, MAX_KTXT_LEN);
+
+    if(krb_debug)
+	krb_warning("recieved %lu bytes on udp/tcp socket\n", 
+		    (unsigned long)len);
+    memcpy(rpkt->dat, buf, pktlen);
+    rpkt->length = pktlen;
+    return 0;
+}
+
+static int
+url_parse(const char *url, char *host, size_t len, short *port)
+{
+    const char *p;
+    size_t n;
+
+    if(strncmp(url, "http://", 7))
+	return -1;
+    url += 7;
+    p = strchr(url, ':');
+    if(p) {
+	char *end;
+
+	*port = htons(strtol(p + 1, &end, 0));
+	if (end == p + 1)
+	    return -1;
+	n = p - url;
+    } else {
+	*port = k_getportbyname ("http", "tcp", htons(80));
+	p = strchr(url, '/');
+	if (p)
+	    n = p - url;
+	else
+	    n = strlen(url);
+    }
+    if (n >= len)
+	return -1;
+    memcpy(host, url, n);
+    host[n] = '\0';
+    return 0;
+}
+
+static int
+http_connect(int s, struct host *host)
+{
+    const char *proxy = krb_get_config_string(PROXY_VAR);
+    char proxy_host[MaxHostNameLen];
+    short port;
+    struct hostent *hp;
+    struct sockaddr_in sin;
+
+    if(proxy == NULL) {
+	if(krb_debug)
+	    krb_warning("Not using proxy.\n");
+	return tcp_connect(s, host);
+    }
+    if(url_parse(proxy, proxy_host, sizeof(proxy_host), &port) < 0)
+	return -1;
+    hp = gethostbyname(proxy_host);
+    if(hp == NULL)
+	return -1;
+    memset(&sin, 0, sizeof(sin));
+    sin.sin_family = AF_INET;
+    memcpy(&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr));
+    sin.sin_port = port;
+    if(krb_debug) {
+	krb_warning("connecting to proxy on %s (%s) port %d\n", 
+		    proxy_host, inet_ntoa(sin.sin_addr), ntohs(port));
+    }
+    return connect(s, (struct sockaddr*)&sin, sizeof(sin));
+}
+
+static int
+http_send(int s, struct host *host, KTEXT pkt)
+{
+    const char *proxy = krb_get_config_string (PROXY_VAR);
+    char *str;
+    char *msg;
+
+    if(base64_encode(pkt->dat, pkt->length, &str) < 0)
+	return -1;
+    if(proxy != NULL) {
+	if(krb_debug) {
+	    krb_warning("sending %d bytes to %s, tcp port %d (via proxy)\n", 
+			pkt->length,
+			host->hostname,
+			ntohs(host->addr.sin_port));
+	}
+	asprintf(&msg, "GET http://%s:%d/%s HTTP/1.0\r\n\r\n",
+		 host->hostname,
+		 ntohs(host->addr.sin_port),
+		 str);
+    } else {
+	if(krb_debug) {
+	    krb_warning("sending %d bytes to %s (%s), http port %d\n", 
+			pkt->length,
+			host->hostname,
+			inet_ntoa(host->addr.sin_addr), 
+			ntohs(host->addr.sin_port));
+	}
+	asprintf(&msg, "GET %s HTTP/1.0\r\n\r\n", str);
+    }
+    free(str);
+
+    if (msg == NULL)
+	return -1;
+	
+    if(send(s, msg, strlen(msg), 0) != strlen(msg)){
+	free(msg);
+	return -1;
+    }
+    free(msg);
+    return 0;
+}
+
+static int
+http_recv(void *buf, size_t len, KTEXT rpkt)
+{
+    char *p;
+    char *tmp = malloc(len + 1);
+
+    if (tmp == NULL)
+	return -1;
+    memcpy(tmp, buf, len);
+    tmp[len] = 0;
+    p = strstr(tmp, "\r\n\r\n");
+    if(p == NULL){
+	free(tmp);
+	return -1;
+    }
+    p += 4;
+    if(krb_debug)
+	krb_warning("recieved %lu bytes on http socket\n", 
+		    (unsigned long)((tmp + len) - p));
+    if((tmp + len) - p > MAX_KTXT_LEN) {
+	free(tmp);
+	return -1;
+    }
+    if (strncasecmp (tmp, "HTTP/1.0 2", 10) != 0
+	&& strncasecmp (tmp, "HTTP/1.1 2", 10) != 0) {
+	free (tmp);
+	return -1;
+    }
+    memcpy(rpkt->dat, p, (tmp + len) - p);
+    rpkt->length = (tmp + len) - p;
+    free(tmp);
+    return 0;
+}
+
+static struct proto_descr {
+    int proto;
+    int stream_flag;
+    int (*socket)(void);
+    int (*connect)(int, struct host *host);
+    int (*send)(int, struct host *host, KTEXT);
+    int (*recv)(void*, size_t, KTEXT);
+} protos[] = {
+    { PROTO_UDP, 0, udp_socket, udp_connect, udp_send, udptcp_recv },
+    { PROTO_TCP, 1, tcp_socket, tcp_connect, tcp_send, udptcp_recv },
+    { PROTO_HTTP, 1, tcp_socket, http_connect, http_send, http_recv }
+};
+
+static int
+send_recv(KTEXT pkt, KTEXT rpkt, struct host *host)
+{
+    int i;
+    int s;
+    unsigned char buf[MAX_KTXT_LEN];
+    int offset = 0;
+    
+    for(i = 0; i < sizeof(protos) / sizeof(protos[0]); i++){
+	if(protos[i].proto == host->proto)
+	    break;
+    }
+    if(i == sizeof(protos) / sizeof(protos[0]))
+	return FALSE;
+    if((s = (*protos[i].socket)()) < 0)
+	return FALSE;
+    if((*protos[i].connect)(s, host) < 0) {
+	close(s);
+	return FALSE;
+    }
+    if((*protos[i].send)(s, host, pkt) < 0) {
+	close(s);
+	return FALSE;
+    }
+    do{
+	fd_set readfds;
+	struct timeval timeout;
+	int len;
+	timeout.tv_sec = client_timeout;
+	timeout.tv_usec = 0;
+	FD_ZERO(&readfds);
+	FD_SET(s, &readfds);
+	
+	/* select - either recv is ready, or timeout */
+	/* see if timeout or error or wrong descriptor */
+	if(select(s + 1, &readfds, 0, 0, &timeout) < 1 
+	   || !FD_ISSET(s, &readfds)) {
+	    if (krb_debug)
+		krb_warning("select failed: errno = %d\n", errno);
+	    close(s);
+	    return FALSE;
+	}
+	len = recv(s, buf + offset, sizeof(buf) - offset, 0);
+	if (len < 0) {
+	    close(s);
+	    return FALSE;
+	}
+	if(len == 0)
+	    break;
+	offset += len;
+    } while(protos[i].stream_flag);
+    close(s);
+    if((*protos[i].recv)(buf, offset, rpkt) < 0)
+	return FALSE;
+    return TRUE;
+}
+
+/* The configuration line "hosts: dns files" in /etc/nsswitch.conf is
+ * rumored to avoid triggering this bug. */
+#if defined(linux) && defined(HAVE__DNS_GETHOSTBYNAME) && 0
+/* Linux libc 5.3 is broken probably somewhere in nsw_hosts.o,
+ * for now keep this kludge. */
+static
+struct hostent *gethostbyname(const char *name)
+{
+  return (void *)_dns_gethostbyname(name);
+}
+#endif
diff --git a/crypto/kerberosIV/lib/krb/sendauth.c b/crypto/kerberosIV/lib/krb/sendauth.c
new file mode 100644
index 0000000..201b388
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/sendauth.c
@@ -0,0 +1,165 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: sendauth.c,v 1.18 1999/09/16 20:41:55 assar Exp $");
+
+/*
+ * krb_sendauth() transmits a ticket over a file descriptor for a
+ * desired service, instance, and realm, doing mutual authentication
+ * with the server if desired.
+ */
+
+/*
+ * The first argument to krb_sendauth() contains a bitfield of
+ * options (the options are defined in "krb.h"):
+ *
+ * KOPT_DONT_CANON	Don't canonicalize instance as a hostname.
+ *			(If this option is not chosen, krb_get_phost()
+ *			is called to canonicalize it.)
+ *
+ * KOPT_DONT_MK_REQ 	Don't request server ticket from Kerberos.
+ *			A ticket must be supplied in the "ticket"
+ *			argument.
+ *			(If this option is not chosen, and there
+ *			is no ticket for the given server in the
+ *			ticket cache, one will be fetched using
+ *			krb_mk_req() and returned in "ticket".)
+ *
+ * KOPT_DO_MUTUAL	Do mutual authentication, requiring that the
+ * 			receiving server return the checksum+1 encrypted
+ *			in the session key.  The mutual authentication
+ *			is done using krb_mk_priv() on the other side
+ *			(see "recvauth.c") and krb_rd_priv() on this
+ *			side.
+ *
+ * The "fd" argument is a file descriptor to write to the remote
+ * server on.  The "ticket" argument is used to store the new ticket
+ * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is
+ * chosen, the ticket must be supplied in the "ticket" argument.
+ * The "service", "inst", and "realm" arguments identify the ticket.
+ * If "realm" is null, the local realm is used.
+ *
+ * The following arguments are only needed if the KOPT_DO_MUTUAL option
+ * is chosen:
+ *
+ *   The "checksum" argument is a number that the server will add 1 to
+ *   to authenticate itself back to the client; the "msg_data" argument
+ *   holds the returned mutual-authentication message from the server
+ *   (i.e., the checksum+1); the "cred" structure is used to hold the
+ *   session key of the server, extracted from the ticket file, for use
+ *   in decrypting the mutual authentication message from the server;
+ *   and "schedule" holds the key schedule for that decryption.  The
+ *   the local and server addresses are given in "laddr" and "faddr".
+ *
+ * The application protocol version number (of up to KRB_SENDAUTH_VLEN
+ * characters) is passed in "version".
+ *
+ * If all goes well, KSUCCESS is returned, otherwise some error code.
+ *
+ * The format of the message sent to the server is:
+ *
+ * Size			Variable		Field
+ * ----			--------		-----
+ *
+ * KRB_SENDAUTH_VLEN	KRB_SENDAUTH_VER	sendauth protocol
+ * bytes					version number
+ *
+ * KRB_SENDAUTH_VLEN	version			application protocol
+ * bytes					version number
+ *
+ * 4 bytes		ticket->length		length of ticket
+ *
+ * ticket->length	ticket->dat		ticket itself
+ */
+
+int
+krb_sendauth(int32_t options,	/* bit-pattern of options */
+	     int fd,		/* file descriptor to write onto */
+	     KTEXT ticket,	/* where to put ticket (return); or
+				 * supplied in case of KOPT_DONT_MK_REQ */
+	     char *service,	/* service name, instance, realm */
+	     char *instance,
+	     char *realm,
+	     u_int32_t checksum, /* checksum to include in request */
+	     MSG_DAT *msg_data,	/* mutual auth MSG_DAT (return) */
+	     CREDENTIALS *cred,	/* credentials (return) */
+	     struct des_ks_struct *schedule, /* key schedule (return) */
+	     struct sockaddr_in *laddr, /* local address */
+	     struct sockaddr_in *faddr,	/* address of foreign host on fd */
+	     char *version)	/* version string */
+{
+    int ret;
+    KTEXT_ST buf;
+    char realrealm[REALM_SZ];
+
+    if (realm == NULL) {
+	ret = krb_get_lrealm (realrealm, 1);
+	if (ret != KSUCCESS)
+	    return ret;
+	realm = realrealm;
+    }
+    ret = krb_mk_auth (options, ticket, service, instance, realm, checksum,
+		       version, &buf);
+    if (ret != KSUCCESS)
+	return ret;
+    ret = krb_net_write(fd, buf.dat, buf.length);
+    if(ret < 0)
+	return -1;
+      
+    if (options & KOPT_DO_MUTUAL) {
+	char tmp[4];
+	u_int32_t len;
+	char inst[INST_SZ];
+	char *i;
+
+	ret = krb_net_read (fd, tmp, 4);
+	if (ret < 0)
+	    return -1;
+
+	krb_get_int (tmp, &len, 4, 0);
+	if (len == 0xFFFFFFFF || len > sizeof(buf.dat))
+	    return KFAILURE;
+	buf.length = len;
+	ret = krb_net_read (fd, buf.dat, len);
+	if (ret < 0)
+	    return -1;
+
+	if (options & KOPT_DONT_CANON)
+	    i = instance;
+	else
+	    i = krb_get_phost(instance);
+	strlcpy (inst, i, sizeof(inst));
+
+	ret = krb_get_cred (service, inst, realm, cred);
+	if (ret != KSUCCESS)
+	    return ret;
+
+	des_key_sched(&cred->session, schedule);
+
+	ret = krb_check_auth (&buf, checksum, msg_data, &cred->session, 
+			      schedule, laddr, faddr);
+	if (ret != KSUCCESS)
+	    return ret;
+    }
+    return KSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/krb/sizetest.c b/crypto/kerberosIV/lib/krb/sizetest.c
new file mode 100644
index 0000000..e683416
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/sizetest.c
@@ -0,0 +1,40 @@
+#include "krb_locl.h"
+
+RCSID("$Id: sizetest.c,v 1.6 1998/01/01 22:29:04 assar Exp $");
+
+static void
+fatal(const char *msg)
+{
+  fputs(msg, stderr);
+  exit(1);
+}
+
+int
+main(void)
+{
+  if (sizeof(u_int8_t) < 1)
+    fatal("sizeof(u_int8_t) is smaller than 1 byte\n");
+  if (sizeof(u_int16_t) < 2)
+    fatal("sizeof(u_int16_t) is smaller than 2 bytes\n");
+  if (sizeof(u_int32_t) < 4)
+    fatal("sizeof(u_int32_t) is smaller than 4 bytes\n");
+
+  if (sizeof(u_int8_t) > 1)
+    fputs("warning: sizeof(u_int8_t) is larger than 1 byte, "
+	  "some stuff may not work properly!\n", stderr);
+
+  {
+    u_int8_t u = 1;
+    int i;
+    for (i = 0; u != 0 && i < 100; i++)
+      u <<= 1;
+
+    if (i < 8)
+      fatal("u_int8_t is smaller than 8 bits\n");
+    else if (i > 8)
+      fputs("warning: u_int8_t is larger than 8 bits, "
+	    "some stuff may not work properly!\n", stderr);
+  }
+
+  exit(0);
+}
diff --git a/crypto/kerberosIV/lib/krb/solaris_compat.c b/crypto/kerberosIV/lib/krb/solaris_compat.c
new file mode 100644
index 0000000..ff31e4b
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/solaris_compat.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: solaris_compat.c,v 1.4 1999/12/02 16:58:44 joda Exp $");
+
+#if (SunOS + 0) >= 50
+/*
+ * Compatibility with solaris' libkrb.
+ */
+
+int32_t
+_C0095C2A(void *in, void *out, u_int32_t length, 
+	  struct des_ks_struct *schedule, des_cblock *key, 
+	  struct sockaddr_in *sender, struct sockaddr_in *receiver)
+{
+    return krb_mk_priv (in, out, length, schedule, key, sender, receiver);
+}
+
+int32_t
+_C0095C2B(void *in, u_int32_t in_length, 
+	  struct des_ks_struct *schedule, des_cblock *key, 
+	  struct sockaddr_in *sender, struct sockaddr_in *receiver, 
+	  MSG_DAT *m_data)
+{
+    return krb_rd_priv (in, in_length, schedule, key,
+			sender, receiver, m_data);
+}
+
+void
+_C0095B2B(des_cblock *input,des_cblock *output,
+	  des_key_schedule ks,int enc)
+{
+    des_ecb_encrypt(input, output, ks, enc);
+}
+
+void
+_C0095B2A(des_cblock (*input),
+	  des_cblock (*output),
+	  long length,
+	  des_key_schedule schedule,
+	  des_cblock (*ivec),
+	  int encrypt)
+{
+  des_cbc_encrypt(input, output, length, schedule, ivec, encrypt);
+}
+
+void
+_C0095B2C(des_cblock (*input),
+	  des_cblock (*output),
+	  long length,
+	  des_key_schedule schedule,
+	  des_cblock (*ivec),
+	  int encrypt)
+{
+  des_pcbc_encrypt(input, output, length, schedule, ivec, encrypt);
+}
+#endif /* (SunOS-0) >= 50 */
diff --git a/crypto/kerberosIV/lib/krb/stime.c b/crypto/kerberosIV/lib/krb/stime.c
new file mode 100644
index 0000000..ec57d8f
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/stime.c
@@ -0,0 +1,35 @@
+/*
+ * $Id: stime.c,v 1.6 1997/05/02 14:29:20 assar Exp $
+ *
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: stime.c,v 1.6 1997/05/02 14:29:20 assar Exp $");
+
+/*
+ * Given a pointer to a long containing the number of seconds
+ * since the beginning of time (midnight 1 Jan 1970 GMT), return
+ * a string containing the local time in the form:
+ *
+ * "25-Jan-1988 10:17:56"
+ */
+
+const char *
+krb_stime(time_t *t)
+{
+    static char st[40];
+    struct tm *tm;
+
+    tm = localtime(t);
+    snprintf(st, sizeof(st),
+	     "%2d-%s-%04d %02d:%02d:%02d",tm->tm_mday,
+	     month_sname(tm->tm_mon + 1),tm->tm_year + 1900,
+	     tm->tm_hour, tm->tm_min, tm->tm_sec);
+    return st;
+}
diff --git a/crypto/kerberosIV/lib/krb/str2key.c b/crypto/kerberosIV/lib/krb/str2key.c
new file mode 100644
index 0000000..4ef4c57
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/str2key.c
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: str2key.c,v 1.17 1999/12/02 16:58:44 joda Exp $");
+
+#define lowcase(c) (('A' <= (c) && (c) <= 'Z') ? ((c) - 'A' + 'a') : (c))
+
+/*
+ * The string to key function used by Transarc AFS.
+ */
+void
+afs_string_to_key(const char *pass, const char *cell, des_cblock *key)
+{
+  if (strlen(pass) <= 8)	/* Short passwords. */
+    {
+      char buf[8 + 1], *s;
+      int i;
+
+      /*
+       * XOR cell and password and pad (or fill) with 'X' to length 8,
+       * then use crypt(3) to create DES key.
+       */
+      for (i = 0; i < 8; i++)
+	{
+	  buf[i] = *pass ^ lowcase(*cell);
+	  if (buf[i] == 0)
+	    buf[i] = 'X';
+	  if (*pass != 0)
+	    pass++;
+	  if (*cell != 0)
+	    cell++;
+	}
+      buf[8] = 0;
+
+      s = crypt(buf, "p1");	/* Result from crypt is 7bit chars. */
+      s = s + 2;		/* Skip 2 chars of salt. */
+      for (i = 0; i < 8; i++)
+	((char *) key)[i] = s[i] << 1; /* High bit is always zero */
+      des_fixup_key_parity(key); /*       Low  bit is parity */
+    }
+  else				/* Long passwords */
+    {
+      int plen, clen;
+      char *buf, *t;
+      des_key_schedule sched;
+      des_cblock ivec;
+
+      /*
+       * Concatenate password with cell name,
+       * then checksum twice to create DES key.
+       */
+      plen = strlen(pass);
+      clen = strlen(cell);
+      buf = malloc(plen + clen + 1);
+      memcpy(buf, pass, plen);
+      for (t = buf + plen; *cell != 0; t++, cell++)
+	*t = lowcase(*cell);
+
+      memcpy(&ivec, "kerberos", 8);
+      memcpy(key, "kdsbdsns", 8);
+      des_key_sched(key, sched);
+      /* Beware, ivec is passed twice */
+      des_cbc_cksum((des_cblock *)buf, &ivec, plen + clen, sched, &ivec);
+
+      memcpy(key, &ivec, 8);
+      des_fixup_key_parity(key);
+      des_key_sched(key, sched);
+      /* Beware, ivec is passed twice */
+      des_cbc_cksum((des_cblock *)buf, key, plen + clen, sched, &ivec);
+      free(buf);
+      des_fixup_key_parity(key);
+    }
+}
diff --git a/crypto/kerberosIV/lib/krb/tf_util.c b/crypto/kerberosIV/lib/krb/tf_util.c
new file mode 100644
index 0000000..c738757
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/tf_util.c
@@ -0,0 +1,805 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+        
+#include "krb_locl.h"
+
+RCSID("$Id: tf_util.c,v 1.39 1999/12/02 18:03:16 assar Exp $");
+
+
+#define TOO_BIG -1
+#define TF_LCK_RETRY ((unsigned)2)	/* seconds to sleep before
+					 * retry if ticket file is
+					 * locked */
+#define	TF_LCK_RETRY_COUNT	(50)	/* number of retries	*/
+
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
+#define MAGIC_TICKET_NAME "magic"
+#define MAGIC_TICKET_TIME_DIFF_INST "time-diff"
+#define MAGIC_TICKET_ADDR_INST "our-address"
+
+/*
+ * fd must be initialized to something that won't ever occur as a real
+ * file descriptor. Since open(2) returns only non-negative numbers as
+ * valid file descriptors, and tf_init always stuffs the return value
+ * from open in here even if it is an error flag, we must
+ * 	a. Initialize fd to a negative number, to indicate that it is
+ * 	   not initially valid.
+ *	b. When checking for a valid fd, assume that negative values
+ *	   are invalid (ie. when deciding whether tf_init has been
+ *	   called.)
+ *	c. In tf_close, be sure it gets reinitialized to a negative
+ *	   number. 
+ */
+static  int fd = -1;
+static	int curpos;				/* Position in tfbfr */
+static	int lastpos;			/* End of tfbfr */
+static	char tfbfr[BUFSIZ];		/* Buffer for ticket data */
+
+static int tf_gets(char *s, int n);
+static int tf_read(void *s, int n);
+
+/*
+ * This file contains routines for manipulating the ticket cache file.
+ *
+ * The ticket file is in the following format:
+ *
+ *      principal's name        (null-terminated string)
+ *      principal's instance    (null-terminated string)
+ *      CREDENTIAL_1
+ *      CREDENTIAL_2
+ *      ...
+ *      CREDENTIAL_n
+ *      EOF
+ *
+ *      Where "CREDENTIAL_x" consists of the following fixed-length
+ *      fields from the CREDENTIALS structure (see "krb.h"):
+ *
+ *              char            service[ANAME_SZ]
+ *              char            instance[INST_SZ]
+ *              char            realm[REALM_SZ]
+ *              C_Block         session
+ *              int             lifetime
+ *              int             kvno
+ *              KTEXT_ST        ticket_st
+ *              u_int32_t            issue_date
+ *
+ * Short description of routines:
+ *
+ * tf_init() opens the ticket file and locks it.
+ *
+ * tf_get_pname() returns the principal's name.
+ *
+ * tf_put_pname() writes the principal's name to the ticket file.
+ *
+ * tf_get_pinst() returns the principal's instance (may be null).
+ *
+ * tf_put_pinst() writes the instance.
+ *
+ * tf_get_cred() returns the next CREDENTIALS record.
+ *
+ * tf_save_cred() appends a new CREDENTIAL record to the ticket file.
+ *
+ * tf_close() closes the ticket file and releases the lock.
+ *
+ * tf_gets() returns the next null-terminated string.  It's an internal
+ * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred().
+ *
+ * tf_read() reads a given number of bytes.  It's an internal routine
+ * used by tf_get_cred().
+ */
+
+/*
+ * tf_init() should be called before the other ticket file routines.
+ * It takes the name of the ticket file to use, "tf_name", and a
+ * read/write flag "rw" as arguments. 
+ *
+ * It tries to open the ticket file, checks the mode, and if everything
+ * is okay, locks the file.  If it's opened for reading, the lock is
+ * shared.  If it's opened for writing, the lock is exclusive. 
+ *
+ * Returns KSUCCESS if all went well, otherwise one of the following: 
+ *
+ * NO_TKT_FIL   - file wasn't there
+ * TKT_FIL_ACC  - file was in wrong mode, etc.
+ * TKT_FIL_LCK  - couldn't lock the file, even after a retry
+ */
+
+#ifdef _NO_LOCKING
+#undef flock
+#define flock(F, M) 0
+#endif
+
+int
+tf_init(char *tf_name, int rw)
+{
+  /* Unix implementation */
+  int wflag;
+  struct stat stat_buf;
+  int i_retry;
+
+  switch (rw) {
+  case R_TKT_FIL:
+    wflag = 0;
+    break;
+  case W_TKT_FIL:
+    wflag = 1;
+    break;
+  default:
+    if (krb_debug)
+      krb_warning("tf_init: illegal parameter\n");
+    return TKT_FIL_ACC;
+  }
+  if (lstat(tf_name, &stat_buf) < 0)
+    switch (errno) {
+    case ENOENT:
+      return NO_TKT_FIL;
+    default:
+      return TKT_FIL_ACC;
+    }
+  if (!S_ISREG(stat_buf.st_mode))
+    return TKT_FIL_ACC;
+
+  /* The code tries to guess when the calling program is running
+   * set-uid and prevent unauthorized access.
+   *
+   * All library functions now assume that the right set of userids
+   * are set upon entry, therefore it's not strictly necessary to
+   * perform these test for programs adhering to these assumptions.
+   *
+   * This doesn't work on cygwin because getuid() returns a different
+   * uid than the owner of files that are created.
+   */
+#ifndef __CYGWIN__
+  {
+    uid_t me = getuid();
+    if (stat_buf.st_uid != me && me != 0)
+      return TKT_FIL_ACC;
+  }
+#endif
+
+  /*
+   * If "wflag" is set, open the ticket file in append-writeonly mode
+   * and lock the ticket file in exclusive mode.  If unable to lock
+   * the file, sleep and try again.  If we fail again, return with the
+   * proper error message. 
+   */
+
+  curpos = sizeof(tfbfr);
+
+    
+  if (wflag) {
+    fd = open(tf_name, O_RDWR | O_BINARY, 0600);
+    if (fd < 0) {
+      return TKT_FIL_ACC;
+    }
+    for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) {
+      if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
+	if (krb_debug)
+	  krb_warning("tf_init: retry %d of write lock of `%s'.\n",
+		      i_retry, tf_name);
+	sleep (TF_LCK_RETRY);
+      } else {
+	return KSUCCESS;		/* all done */
+      }
+    }
+    close (fd);
+    fd = -1;
+    return TKT_FIL_LCK;
+  }
+  /*
+   * Otherwise "wflag" is not set and the ticket file should be opened
+   * for read-only operations and locked for shared access. 
+   */
+
+  fd = open(tf_name, O_RDONLY | O_BINARY, 0600);
+  if (fd < 0) {
+    return TKT_FIL_ACC;
+  }
+
+  for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) {
+    if (flock(fd, LOCK_SH | LOCK_NB) < 0) {
+      if (krb_debug)
+	krb_warning("tf_init: retry %d of read lock of `%s'.\n",
+		    i_retry, tf_name);
+      sleep (TF_LCK_RETRY);
+    } else {
+      return KSUCCESS;		/* all done */
+    }
+  }
+  /* failure */
+  close(fd);
+  fd = -1;
+  return TKT_FIL_LCK;
+}
+
+/*
+ * tf_create() should be called when creating a new ticket file.
+ * The only argument is the name of the ticket file.
+ * After calling this, it should be possible to use other tf_* functions.
+ *
+ * New algoritm for creating ticket file:
+ * 1. try to erase contents of existing file.
+ * 2. try to remove old file.
+ * 3. try to open with O_CREAT and O_EXCL
+ * 4. if this fails, someone has created a file in between 1 and 2 and
+ *    we should fail.  Otherwise, all is wonderful.
+ */
+
+int
+tf_create(char *tf_name)
+{
+  struct stat statbuf;
+  char garbage[BUFSIZ];
+
+  fd = open(tf_name, O_RDWR | O_BINARY, 0);
+  if (fd >= 0) {
+    if (fstat (fd, &statbuf) == 0) {
+      int i;
+
+      for (i = 0; i < statbuf.st_size; i += sizeof(garbage))
+	write (fd, garbage, sizeof(garbage));
+    }
+    close (fd);
+  }
+
+  if (unlink (tf_name) && errno != ENOENT)
+    return TKT_FIL_ACC;
+
+  fd = open(tf_name, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
+  if (fd < 0)
+    return TKT_FIL_ACC;
+  if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
+    sleep(TF_LCK_RETRY);
+    if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
+      close(fd);
+      fd = -1;
+      return TKT_FIL_LCK;
+    }
+  }
+  return KSUCCESS;
+}
+
+/*
+ * tf_get_pname() reads the principal's name from the ticket file. It
+ * should only be called after tf_init() has been called.  The
+ * principal's name is filled into the "p" parameter.  If all goes well,
+ * KSUCCESS is returned.  If tf_init() wasn't called, TKT_FIL_INI is
+ * returned.  If the name was null, or EOF was encountered, or the name
+ * was longer than ANAME_SZ, TKT_FIL_FMT is returned. 
+ */
+
+int
+tf_get_pname(char *p)
+{
+  if (fd < 0) {
+    if (krb_debug)
+      krb_warning("tf_get_pname called before tf_init.\n");
+    return TKT_FIL_INI;
+  }
+  if (tf_gets(p, ANAME_SZ) < 2)	/* can't be just a null */
+    {
+      if (krb_debug) 
+	krb_warning ("tf_get_pname: pname < 2.\n");
+      return TKT_FIL_FMT;
+    }
+  return KSUCCESS;
+}
+
+/*
+ * tf_put_pname() sets the principal's name in the ticket file. Call
+ * after tf_create().
+ */
+
+int
+tf_put_pname(const char *p)
+{
+  unsigned count;
+
+  if (fd < 0) {
+    if (krb_debug)
+      krb_warning("tf_put_pname called before tf_create.\n");
+    return TKT_FIL_INI;
+  }
+  count = strlen(p)+1;
+  if (write(fd,p,count) != count)
+    return(KFAILURE);
+  return KSUCCESS;
+}
+
+/*
+ * tf_get_pinst() reads the principal's instance from a ticket file.
+ * It should only be called after tf_init() and tf_get_pname() have been
+ * called.  The instance is filled into the "inst" parameter.  If all
+ * goes well, KSUCCESS is returned.  If tf_init() wasn't called,
+ * TKT_FIL_INI is returned.  If EOF was encountered, or the instance
+ * was longer than ANAME_SZ, TKT_FIL_FMT is returned.  Note that the
+ * instance may be null. 
+ */
+
+int
+tf_get_pinst(char *inst)
+{
+  if (fd < 0) {
+    if (krb_debug)
+      krb_warning("tf_get_pinst called before tf_init.\n");
+    return TKT_FIL_INI;
+  }
+  if (tf_gets(inst, INST_SZ) < 1)
+    {
+      if (krb_debug)
+	krb_warning("tf_get_pinst: inst_sz < 1.\n");
+      return TKT_FIL_FMT;
+    }
+  return KSUCCESS;
+}
+
+/*
+ * tf_put_pinst writes the principal's instance to the ticket file.
+ * Call after tf_create.
+ */
+
+int
+tf_put_pinst(const char *inst)
+{
+  unsigned count;
+
+  if (fd < 0) {
+    if (krb_debug)
+      krb_warning("tf_put_pinst called before tf_create.\n");
+    return TKT_FIL_INI;
+  }
+  count = strlen(inst)+1;
+  if (write(fd,inst,count) != count)
+    return(KFAILURE);
+  return KSUCCESS;
+}
+
+/*
+ * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills
+ * in the given structure "c".  It should only be called after tf_init(),
+ * tf_get_pname(), and tf_get_pinst() have been called. If all goes well,
+ * KSUCCESS is returned.  Possible error codes are: 
+ *
+ * TKT_FIL_INI  - tf_init wasn't called first
+ * TKT_FIL_FMT  - bad format
+ * EOF          - end of file encountered
+ */
+
+static int
+real_tf_get_cred(CREDENTIALS *c)
+{
+  KTEXT   ticket = &c->ticket_st;	/* pointer to ticket */
+  int     k_errno;
+
+  if (fd < 0) {
+    if (krb_debug)
+      krb_warning ("tf_get_cred called before tf_init.\n");
+    return TKT_FIL_INI;
+  }
+  if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2)
+    switch (k_errno) {
+    case TOO_BIG:
+      if (krb_debug)
+	krb_warning("tf_get_cred: too big service cred.\n");
+    case 1:		/* can't be just a null */
+      tf_close();
+      if (krb_debug)
+	krb_warning("tf_get_cred: null service cred.\n");
+      return TKT_FIL_FMT;
+    case 0:
+      return EOF;
+    }
+  if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1)
+    switch (k_errno) {
+    case TOO_BIG:
+      if (krb_debug)
+	krb_warning ("tf_get_cred: too big instance cred.\n");
+      return TKT_FIL_FMT;
+    case 0:
+      return EOF;
+    }
+  if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2)
+    switch (k_errno) {
+    case TOO_BIG:
+      if (krb_debug)
+	krb_warning ("tf_get_cred: too big realm cred.\n");
+    case 1:		/* can't be just a null */
+      tf_close();
+      if (krb_debug)
+	krb_warning ("tf_get_cred: null realm cred.\n");
+      return TKT_FIL_FMT;
+    case 0:
+      return EOF;
+    }
+  if (
+      tf_read((c->session), DES_KEY_SZ) < 1 ||
+      tf_read(&(c->lifetime), sizeof(c->lifetime)) < 1 ||
+      tf_read(&(c->kvno), sizeof(c->kvno)) < 1 ||
+      tf_read(&(ticket->length), sizeof(ticket->length))
+      < 1 ||
+      /* don't try to read a silly amount into ticket->dat */
+      ticket->length > MAX_KTXT_LEN ||
+      tf_read((ticket->dat), ticket->length) < 1 ||
+      tf_read(&(c->issue_date), sizeof(c->issue_date)) < 1
+      ) {
+    tf_close();
+    if (krb_debug)
+      krb_warning ("tf_get_cred: failed tf_read.\n");
+    return TKT_FIL_FMT;
+  }
+  return KSUCCESS;
+}
+
+int
+tf_get_cred(CREDENTIALS *c)
+{
+  int ret;
+  int fake;
+
+  do {
+    fake = 0;
+
+    ret = real_tf_get_cred (c);
+    if (ret)
+      return ret;
+
+    if(strcmp(c->service, MAGIC_TICKET_NAME) == 0) {
+      if(strcmp(c->instance, MAGIC_TICKET_TIME_DIFF_INST) == 0) {
+	/* we found the magic `time diff' ticket; update the kdc time
+         differential, and then get the next ticket */
+	u_int32_t d;
+
+	krb_get_int(c->ticket_st.dat, &d, 4, 0);
+	krb_set_kdc_time_diff(d);
+	fake = 1;
+      } else if (strcmp(c->instance, MAGIC_TICKET_ADDR_INST) == 0) {
+	fake = 1;
+      }
+    }
+  } while (fake);
+  return ret;
+}
+
+int
+tf_get_cred_addr(char *realm, size_t realm_sz, struct in_addr *addr)
+{
+  int ret;
+  int fake;
+  CREDENTIALS cred;
+
+  do {
+    fake = 1;
+
+    ret = real_tf_get_cred (&cred);
+    if (ret)
+      return ret;
+
+    if(strcmp(cred.service, MAGIC_TICKET_NAME) == 0) {
+      if(strcmp(cred.instance, MAGIC_TICKET_TIME_DIFF_INST) == 0) {
+	/* we found the magic `time diff' ticket; update the kdc time
+         differential, and then get the next ticket */
+	u_int32_t d;
+
+	krb_get_int(cred.ticket_st.dat, &d, 4, 0);
+	krb_set_kdc_time_diff(d);
+      } else if (strcmp(cred.instance, MAGIC_TICKET_ADDR_INST) == 0) {
+	strlcpy(realm, cred.realm, realm_sz);
+	memcpy (addr, cred.ticket_st.dat, sizeof(*addr));
+	fake = 0;
+      }
+    }
+  } while (fake);
+  return ret;
+}
+
+/*
+ * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is
+ * not a valid file descriptor, it just returns.  It also clears the
+ * buffer used to read tickets.
+ *
+ * The return value is not defined.
+ */
+
+void
+tf_close(void)
+{
+  if (!(fd < 0)) {
+    flock(fd, LOCK_UN);
+    close(fd);
+    fd = -1;		/* see declaration of fd above */
+  }
+  memset(tfbfr, 0, sizeof(tfbfr));
+}
+
+/*
+ * tf_gets() is an internal routine.  It takes a string "s" and a count
+ * "n", and reads from the file until either it has read "n" characters,
+ * or until it reads a null byte. When finished, what has been read exists
+ * in "s". If it encounters EOF or an error, it closes the ticket file. 
+ *
+ * Possible return values are:
+ *
+ * n            the number of bytes read (including null terminator)
+ *              when all goes well
+ *
+ * 0            end of file or read error
+ *
+ * TOO_BIG      if "count" characters are read and no null is
+ *		encountered. This is an indication that the ticket
+ *		file is seriously ill.
+ */
+
+static int
+tf_gets(char *s, int n)
+{
+  int count;
+
+  if (fd < 0) {
+    if (krb_debug)
+      krb_warning ("tf_gets called before tf_init.\n");
+    return TKT_FIL_INI;
+  }
+  for (count = n - 1; count > 0; --count) {
+    if (curpos >= sizeof(tfbfr)) {
+      lastpos = read(fd, tfbfr, sizeof(tfbfr));
+      curpos = 0;
+    }
+    if (curpos == lastpos) {
+      tf_close();
+      return 0;
+    }
+    *s = tfbfr[curpos++];
+    if (*s++ == '\0')
+      return (n - count);
+  }
+  tf_close();
+  return TOO_BIG;
+}
+
+/*
+ * tf_read() is an internal routine.  It takes a string "s" and a count
+ * "n", and reads from the file until "n" bytes have been read.  When
+ * finished, what has been read exists in "s".  If it encounters EOF or
+ * an error, it closes the ticket file.
+ *
+ * Possible return values are:
+ *
+ * n		the number of bytes read when all goes well
+ *
+ * 0		on end of file or read error
+ */
+
+static int
+tf_read(void *v, int n)
+{
+  char *s = (char *)v;
+  int count;
+    
+  for (count = n; count > 0; --count) {
+    if (curpos >= sizeof(tfbfr)) {
+      lastpos = read(fd, tfbfr, sizeof(tfbfr));
+      curpos = 0;
+    }
+    if (curpos == lastpos) {
+      tf_close();
+      return 0;
+    }
+    *s++ = tfbfr[curpos++];
+  }
+  return n;
+}
+     
+/*
+ * tf_save_cred() appends an incoming ticket to the end of the ticket
+ * file.  You must call tf_init() before calling tf_save_cred().
+ *
+ * The "service", "instance", and "realm" arguments specify the
+ * server's name; "session" contains the session key to be used with
+ * the ticket; "kvno" is the server key version number in which the
+ * ticket is encrypted, "ticket" contains the actual ticket, and
+ * "issue_date" is the time the ticket was requested (local host's time).
+ *
+ * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't
+ * called previously, and KFAILURE for anything else that went wrong.
+ */
+ 
+int
+tf_save_cred(char *service,	/* Service name */
+	     char *instance,	/* Instance */
+	     char *realm,	/* Auth domain */
+	     unsigned char *session, /* Session key */
+	     int lifetime,	/* Lifetime */
+	     int kvno,		/* Key version number */
+	     KTEXT ticket,	/* The ticket itself */
+	     u_int32_t issue_date) /* The issue time */
+{
+  int count;			/* count for write */
+
+  if (fd < 0) {			/* fd is ticket file as set by tf_init */
+    if (krb_debug)
+      krb_warning ("tf_save_cred called before tf_init.\n");
+    return TKT_FIL_INI;
+  }
+  /* Find the end of the ticket file */
+  lseek(fd, 0L, SEEK_END);
+
+  /* Write the ticket and associated data */
+  /* Service */
+  count = strlen(service) + 1;
+  if (write(fd, service, count) != count)
+    goto bad;
+  /* Instance */
+  count = strlen(instance) + 1;
+  if (write(fd, instance, count) != count)
+    goto bad;
+  /* Realm */
+  count = strlen(realm) + 1;
+  if (write(fd, realm, count) != count)
+    goto bad;
+  /* Session key */
+  if (write(fd, session, 8) != 8)
+    goto bad;
+  /* Lifetime */
+  if (write(fd, &lifetime, sizeof(int)) != sizeof(int))
+    goto bad;
+  /* Key vno */
+  if (write(fd, &kvno, sizeof(int)) != sizeof(int))
+    goto bad;
+  /* Tkt length */
+  if (write(fd, &(ticket->length), sizeof(int)) !=
+      sizeof(int))
+    goto bad;
+  /* Ticket */
+  count = ticket->length;
+  if (write(fd, ticket->dat, count) != count)
+    goto bad;
+  /* Issue date */
+  if (write(fd, &issue_date, sizeof(issue_date)) != sizeof(issue_date))
+    goto bad;
+
+  return (KSUCCESS);
+bad:
+  return (KFAILURE);
+}
+
+int
+tf_setup(CREDENTIALS *cred, const char *pname, const char *pinst)
+{
+    int ret;
+    ret = tf_create(tkt_string());
+    if (ret != KSUCCESS)
+	return ret;
+
+    if (tf_put_pname(pname) != KSUCCESS ||
+	tf_put_pinst(pinst) != KSUCCESS) {
+	tf_close();
+	return INTK_ERR;
+    }
+    
+    if(krb_get_kdc_time_diff() != 0) {
+	/* Add an extra magic ticket containing the time differential
+           to the kdc. The first ticket defines which realm we belong
+           to, but since this ticket gets the same realm as the tgt,
+           this shouldn't be a problem */
+	des_cblock s = { 0, 0, 0, 0, 0, 0, 0, 0 };
+	KTEXT_ST t;
+	int d = krb_get_kdc_time_diff();
+	krb_put_int(d, t.dat, sizeof(t.dat), 4);
+	t.length = 4;
+	tf_save_cred(MAGIC_TICKET_NAME, MAGIC_TICKET_TIME_DIFF_INST,
+		     cred->realm, s, 
+		     cred->lifetime, 0, &t, cred->issue_date);
+    }
+    ret = tf_save_cred(cred->service, cred->instance, cred->realm, 
+		       cred->session, cred->lifetime, cred->kvno,
+		       &cred->ticket_st, cred->issue_date);
+    tf_close();
+    return ret;
+}
+
+int
+in_tkt(char *pname, char *pinst)
+{
+  int ret;
+  
+  ret = tf_create (tkt_string());
+  if (ret != KSUCCESS)
+    return ret;
+
+    if (tf_put_pname(pname) != KSUCCESS ||
+	tf_put_pinst(pinst) != KSUCCESS) {
+	tf_close();
+	return INTK_ERR;
+    }
+
+    tf_close();
+    return KSUCCESS;
+}
+
+/*
+ * If there's a magic ticket with an address for realm `realm' in
+ * ticket file, return it in `addr'.
+ * realm == NULL means any realm.
+ */
+
+int
+tf_get_addr (const char *realm, struct in_addr *addr)
+{
+  CREDENTIALS cred;
+  krb_principal princ;
+  int ret;
+
+  ret = tf_init (tkt_string (), R_TKT_FIL);
+  if (ret)
+    return ret;
+
+  ret = tf_get_pname (princ.name);
+  if (ret)
+    goto out;
+  ret = tf_get_pinst (princ.name);
+  if (ret)
+    goto out;
+  while ((ret = real_tf_get_cred (&cred)) == KSUCCESS) {
+    if (strcmp (cred.service, MAGIC_TICKET_NAME) == 0
+	&& strcmp (cred.instance, MAGIC_TICKET_ADDR_INST) == 0
+	&& (realm == NULL
+	    || strcmp (cred.realm, realm) == 0)) {
+      memcpy (addr, cred.ticket_st.dat, sizeof(*addr));
+      goto out;
+    }
+  }
+  ret = KFAILURE;
+
+out:
+  tf_close ();
+  return ret;
+}
+
+/*
+ * Store `realm, addr' as a magic ticket.
+ */
+
+int
+tf_store_addr (const char *realm, struct in_addr *addr)
+{
+  CREDENTIALS c;
+  krb_principal princ;
+  int ret;
+  des_cblock s = { 0, 0, 0, 0, 0, 0, 0, 0 };
+  KTEXT_ST t;
+
+  ret = tf_init (tkt_string (), W_TKT_FIL);
+  if (ret)
+    return ret;
+
+  t.length = sizeof(*addr);
+  memcpy (t.dat, addr, sizeof(*addr));
+
+  ret = tf_save_cred (MAGIC_TICKET_NAME, MAGIC_TICKET_ADDR_INST,
+		      (char *)realm, s, 0, /* lifetime */ 
+		      0, /* kvno */
+		      &t, time(NULL));
+  tf_close ();
+  return ret;
+}
diff --git a/crypto/kerberosIV/lib/krb/ticket_memory.c b/crypto/kerberosIV/lib/krb/ticket_memory.c
new file mode 100644
index 0000000..f694190
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/ticket_memory.c
@@ -0,0 +1,435 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* ticket_memory.c - Storage for tickets in memory
+ * Author: d93-jka@nada.kth.se - June 1996
+ */
+
+#define WIN32_LEAN_AND_MEAN
+#include <Windows.h>
+#include "krb_locl.h"
+#include "ticket_memory.h"
+
+RCSID("$Id: ticket_memory.c,v 1.15 1999/12/02 16:58:44 joda Exp $");
+
+void msg(char *text, int error);
+
+/* Global variables for memory mapping. */
+HANDLE	SharedMemoryHandle;
+tktmem	*SharedMemory;
+
+static int CredIndex = -1;
+
+void PostUpdateMessage(void);
+
+int
+newTktMem(const char *tf_name)
+{
+    if(!SharedMemory){
+	SharedMemoryHandle = CreateFileMapping((HANDLE)-1, 0,
+					       PAGE_READWRITE,
+					       sizeof(tktmem) >> 16,
+					       sizeof(tktmem) & 0xffff,
+					       "krb_memory");
+	
+	if(!SharedMemoryHandle){
+	    msg("Could not create shared memory.", GetLastError());
+	    return KFAILURE;
+	}
+		
+	SharedMemory = MapViewOfFile(SharedMemoryHandle,
+				     FILE_MAP_WRITE, 0, 0, 0);
+	if(!SharedMemory){
+	    msg("Unable to alloc shared memory.", GetLastError());
+	    return KFAILURE;
+	}
+	if(GetLastError() != ERROR_ALREADY_EXISTS) {
+            memset(SharedMemory, 0, sizeof(*SharedMemory));
+	    if(tf_name)
+		strlcpy(SharedMemory->tmname,
+				tf_name, sizeof(SharedMemory->tmname));
+	}
+    }
+    CredIndex = 0;
+    return KSUCCESS;
+}
+
+int
+freeTktMem(const char *tf_name)
+{
+    if(SharedMemory) {
+	UnmapViewOfFile(SharedMemory);
+	CloseHandle(SharedMemoryHandle);
+    }
+    return KSUCCESS;
+}
+
+
+
+tktmem *
+getTktMem(const char *tf_name)
+{
+    return SharedMemory;
+}
+
+void
+firstCred(void)
+{
+    if(getTktMem(0)->last_cred_no > 0)
+	CredIndex = 0;
+    else
+	CredIndex = -1;
+}
+	
+int
+nextCredIndex(void)
+{
+    const tktmem *mem;
+    int last;
+    mem = getTktMem(0);
+    last = mem->last_cred_no;
+    if(CredIndex >= 0 && CredIndex < last )
+	return CredIndex++;
+    else
+	return CredIndex = -1;
+}
+
+int
+currCredIndex(void)
+{
+    const tktmem *mem;
+    int last;
+    mem = getTktMem(0);
+    last = mem->last_cred_no;
+    if(CredIndex >= 0 && CredIndex < last)
+	return CredIndex;
+    else
+	return CredIndex = -1;
+}
+
+int
+nextFreeIndex(void)
+{
+    tktmem *mem = getTktMem(0);
+    if(mem->last_cred_no > CRED_VEC_SZ)
+	return -1;
+    else
+	return mem->last_cred_no++;
+}
+
+/*
+ * in_tkt() is used to initialize the ticket store.  It creates the
+ * file to contain the tickets and writes the given user's name "pname"
+ * and instance "pinst" in the file.  in_tkt() returns KSUCCESS on
+ * success, or KFAILURE if something goes wrong.
+ */
+
+int
+in_tkt(char *pname, char *pinst)
+{
+    /* Here goes code to initialize shared memory, to store tickets in. */
+    /* Implemented somewhere else. */
+    return KFAILURE;
+}
+
+/*
+ * dest_tkt() is used to destroy the ticket store upon logout.
+ * If the ticket file does not exist, dest_tkt() returns RET_TKFIL.
+ * Otherwise the function returns RET_OK on success, KFAILURE on
+ * failure.
+ *
+ * The ticket file (TKT_FILE) is defined in "krb.h".
+ */
+
+int
+dest_tkt(void)
+{
+    memset(getTktMem(0), 0, sizeof(tktmem));
+    return 0;
+}
+
+/* Short description of routines:
+ *
+ * tf_init() opens the ticket file and locks it.
+ *
+ * tf_get_pname() returns the principal's name.
+ *
+ * tf_put_pname() writes the principal's name to the ticket file.
+ *
+ * tf_get_pinst() returns the principal's instance (may be null).
+ *
+ * tf_put_pinst() writes the instance.
+ *
+ * tf_get_cred() returns the next CREDENTIALS record.
+ *
+ * tf_save_cred() appends a new CREDENTIAL record to the ticket file.
+ *
+ * tf_close() closes the ticket file and releases the lock.
+ *
+ * tf_gets() returns the next null-terminated string.  It's an internal
+ * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred().
+ *
+ * tf_read() reads a given number of bytes.  It's an internal routine
+ * used by tf_get_cred().
+ */
+
+/*
+ * tf_init() should be called before the other ticket file routines.
+ * It takes the name of the ticket file to use, "tf_name", and a
+ * read/write flag "rw" as arguments. 
+ *
+ * Returns KSUCCESS if all went well, otherwise one of the following: 
+ *
+ * NO_TKT_FIL   - file wasn't there
+ * TKT_FIL_ACC  - file was in wrong mode, etc.
+ * TKT_FIL_LCK  - couldn't lock the file, even after a retry
+ */
+
+int
+tf_init(char *tf_name, int rw)
+{
+    if(!getTktMem(tf_name))
+	return NO_TKT_FIL;
+    firstCred();
+    return KSUCCESS;
+}
+
+/*
+ * tf_create() should be called when creating a new ticket file.
+ * The only argument is the name of the ticket file.
+ * After calling this, it should be possible to use other tf_* functions.
+ */
+
+int
+tf_create(char *tf_name)
+{
+    if(newTktMem(tf_name) != KSUCCESS)
+	return NO_TKT_FIL;
+    return KSUCCESS;
+}
+
+/*
+ * tf_get_pname() reads the principal's name from the ticket file. It
+ * should only be called after tf_init() has been called.  The
+ * principal's name is filled into the "p" parameter.  If all goes well,
+ * KSUCCESS is returned.  If tf_init() wasn't called, TKT_FIL_INI is
+ * returned.  If the name was null, or EOF was encountered, or the name
+ * was longer than ANAME_SZ, TKT_FIL_FMT is returned. 
+ */
+
+int
+tf_get_pname(char *p)
+{
+    tktmem *TktStore;
+
+    if(!(TktStore =  getTktMem(0)))
+	return KFAILURE;
+    if(!TktStore->pname[0])
+	return KFAILURE;
+    strlcpy(p, TktStore->pname, ANAME_SZ);
+    return KSUCCESS;
+}
+
+/*
+ * tf_put_pname() sets the principal's name in the ticket file. Call
+ * after tf_create().
+ */
+
+int
+tf_put_pname(char *p)
+{
+    tktmem *TktStore;
+
+    if(!(TktStore =  getTktMem(0)))
+	return KFAILURE;
+    strlcpy(TktStore->pname, p, sizeof(TktStore->pname));
+    return KSUCCESS;
+}
+
+/*
+ * tf_get_pinst() reads the principal's instance from a ticket file.
+ * It should only be called after tf_init() and tf_get_pname() have been
+ * called.  The instance is filled into the "inst" parameter.  If all
+ * goes well, KSUCCESS is returned.  If tf_init() wasn't called,
+ * TKT_FIL_INI is returned.  If EOF was encountered, or the instance
+ * was longer than ANAME_SZ, TKT_FIL_FMT is returned.  Note that the
+ * instance may be null. 
+ */
+
+int
+tf_get_pinst(char *inst)
+{
+    tktmem *TktStore;
+
+    if(!(TktStore =  getTktMem(0)))
+	return KFAILURE;
+    strlcpy(inst, TktStore->pinst, INST_SZ);
+    return KSUCCESS;
+}
+
+/*
+ * tf_put_pinst writes the principal's instance to the ticket file.
+ * Call after tf_create.
+ */
+
+int
+tf_put_pinst(char *inst)
+{
+    tktmem *TktStore;
+
+    if(!(TktStore =  getTktMem(0)))
+	return KFAILURE;
+    strlcpy(TktStore->pinst, inst, sizeof(TktStore->pinst));
+    return KSUCCESS;
+}
+
+/*
+ * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills
+ * in the given structure "c".  It should only be called after tf_init(),
+ * tf_get_pname(), and tf_get_pinst() have been called. If all goes well,
+ * KSUCCESS is returned.  Possible error codes are: 
+ *
+ * TKT_FIL_INI  - tf_init wasn't called first
+ * TKT_FIL_FMT  - bad format
+ * EOF          - end of file encountered
+ */
+
+int
+tf_get_cred(CREDENTIALS *c)
+{
+    int index;
+    CREDENTIALS *cred;
+    tktmem *TktStore;
+
+    if(!(TktStore =  getTktMem(0)))
+	return KFAILURE;
+    krb_set_kdc_time_diff(TktStore->kdc_diff);
+    if((index = nextCredIndex()) == -1)
+	return EOF;
+    if(!(cred = TktStore->cred_vec+index))
+	return KFAILURE;
+    if(!c)
+	return KFAILURE;
+    memcpy(c, cred, sizeof(*c));
+    return KSUCCESS;
+}
+
+/*
+ * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is
+ * not a valid file descriptor, it just returns.  It also clears the
+ * buffer used to read tickets.
+ */
+
+void
+tf_close(void)
+{
+}
+
+/*
+ * tf_save_cred() appends an incoming ticket to the end of the ticket
+ * file.  You must call tf_init() before calling tf_save_cred().
+ *
+ * The "service", "instance", and "realm" arguments specify the
+ * server's name; "session" contains the session key to be used with
+ * the ticket; "kvno" is the server key version number in which the
+ * ticket is encrypted, "ticket" contains the actual ticket, and
+ * "issue_date" is the time the ticket was requested (local host's time).
+ *
+ * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't
+ * called previously, and KFAILURE for anything else that went wrong.
+ */
+ 
+int
+tf_save_cred(char *service,	/* Service name */
+	     char *instance,	/* Instance */
+	     char *realm,	/* Auth domain */
+	     unsigned char *session, /* Session key */
+	     int lifetime,	/* Lifetime */
+	     int kvno,		/* Key version number */
+	     KTEXT ticket,	/* The ticket itself */
+	     u_int32_t issue_date) /* The issue time */
+{
+    CREDENTIALS *cred;
+    tktmem *mem =  getTktMem(0);
+    int last = nextFreeIndex();
+
+    if(last == -1)
+	return KFAILURE;
+    cred = mem->cred_vec+last;
+    strlcpy(cred->service, service, sizeof(cred->service));
+    strlcpy(cred->instance, instance, sizeof(cred->instance));
+    strlcpy(cred->realm, realm, sizeof(cred->realm));
+    memcpy(cred->session, session, sizeof(cred->session));
+    cred->lifetime = lifetime;
+    cred->kvno = kvno;
+    memcpy(&(cred->ticket_st), ticket, sizeof(*ticket));
+    cred->issue_date = issue_date;
+    strlcpy(cred->pname, mem->pname, sizeof(cred->pname));
+    strlcpy(cred->pinst, mem->pinst, sizeof(cred->pinst));
+    PostUpdateMessage();
+    return KSUCCESS;
+}
+
+
+static void
+set_time_diff(time_t diff)
+{
+    tktmem *TktStore = getTktMem(0);
+    if(TktStore == NULL)
+	return;
+    TktStore->kdc_diff = diff;
+}
+
+
+int
+tf_setup(CREDENTIALS *cred, char *pname, char *pinst)
+{
+    int ret;
+    ret = tf_create(tkt_string());
+    if (ret != KSUCCESS)
+	return ret;
+
+    if (tf_put_pname(pname) != KSUCCESS ||
+	tf_put_pinst(pinst) != KSUCCESS) {
+	tf_close();
+	return INTK_ERR;
+    }
+
+    set_time_diff(krb_get_kdc_time_diff());
+
+    ret = tf_save_cred(cred->service, cred->instance, cred->realm, 
+		       cred->session, cred->lifetime, cred->kvno,
+		       &cred->ticket_st, cred->issue_date);
+    tf_close();
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/krb/ticket_memory.h b/crypto/kerberosIV/lib/krb/ticket_memory.h
new file mode 100644
index 0000000..72fb686
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/ticket_memory.h
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* ticket_memory.h - Storage for tickets in memory
+ * Author: d93-jka@nada.kth.se - June 1996
+ */
+
+/* $Id: ticket_memory.h,v 1.8 1999/12/02 16:58:44 joda Exp $ */
+
+#ifndef	TICKET_MEMORY_H
+#define TICKET_MEMORY_H
+
+#include "krb_locl.h"
+
+#define CRED_VEC_SZ	20
+
+typedef struct _tktmem
+{
+  char tmname[64];
+  char pname[ANAME_SZ];	/* Principal's name */
+  char pinst[INST_SZ];	/* Principal's instance */
+  int last_cred_no;
+  CREDENTIALS cred_vec[CRED_VEC_SZ];
+  time_t kdc_diff;
+} tktmem;
+
+int newTktMem(const char *tf_name);
+int freeTktMem(const char *tf_name);
+tktmem *getTktMem(const char *tf_name);
+void firstCred(void);
+int nextCredIndex(void);
+int currCredIndex(void);
+int nextFreeIndex(void);
+
+#endif /* TICKET_MEMORY_H */
diff --git a/crypto/kerberosIV/lib/krb/time.c b/crypto/kerberosIV/lib/krb/time.c
new file mode 100644
index 0000000..015259b
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/time.c
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: time.c,v 1.4 1999/12/02 16:58:44 joda Exp $");
+
+/* number of seconds the kdc clock is ahead of us */
+static int time_diff;
+
+void
+krb_set_kdc_time_diff(int diff)
+{
+    time_diff = diff;
+    if(krb_debug) 
+	krb_warning("Setting time diff to %d\n", diff);
+}
+
+int
+krb_get_kdc_time_diff(void)
+{
+    return time_diff;
+}
+
+/* return the time at the kdc (local time corrected with a time
+   differential) */
+void
+krb_kdctimeofday(struct timeval *tv)
+{
+    time_t t;
+
+    gettimeofday(tv, NULL);
+    t = tv->tv_sec;
+
+    if(krb_debug) 
+	krb_warning("Machine time: %s", ctime(&t));
+    t += krb_get_kdc_time_diff();
+    if(krb_debug) 
+	krb_warning("Correcting to %s", ctime(&t));
+    tv->tv_sec = t;
+}
diff --git a/crypto/kerberosIV/lib/krb/tkt_string.c b/crypto/kerberosIV/lib/krb/tkt_string.c
new file mode 100644
index 0000000..0aa787c
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/tkt_string.c
@@ -0,0 +1,75 @@
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
+
+#include "krb_locl.h"
+
+RCSID("$Id: tkt_string.c,v 1.15 1999/09/16 20:41:55 assar Exp $");
+
+/*
+ * This routine is used to generate the name of the file that holds
+ * the user's cache of server tickets and associated session keys.
+ *
+ * If it is set, krb_ticket_string contains the ticket file name.
+ * Otherwise, the filename is constructed as follows:
+ *
+ * If it is set, the environment variable "KRBTKFILE" will be used as
+ * the ticket file name.  Otherwise TKT_ROOT (defined in "krb.h") and
+ * the user's uid are concatenated to produce the ticket file name
+ * (e.g., "/tmp/tkt123").  A pointer to the string containing the ticket
+ * file name is returned.
+ */
+
+static char krb_ticket_string[MaxPathLen] = "";
+
+char *
+tkt_string(void)
+{
+    char *env;
+
+    if (!*krb_ticket_string) {
+        if ((env = getenv("KRBTKFILE"))) {
+	    strlcpy (krb_ticket_string,
+			     env,
+			     sizeof(krb_ticket_string));
+	} else {
+	    snprintf(krb_ticket_string, sizeof(krb_ticket_string),
+		     "%s%u",TKT_ROOT, (unsigned)getuid());
+        }
+    }
+    return krb_ticket_string;
+}
+
+/*
+ * This routine is used to set the name of the file that holds the user's
+ * cache of server tickets and associated session keys.
+ *
+ * The value passed in is copied into local storage.
+ *
+ * NOTE:  This routine should be called during initialization, before other
+ * Kerberos routines are called; otherwise tkt_string() above may be called
+ * and return an undesired ticket file name until this routine is called.
+ */
+
+void
+krb_set_tkt_string(const char *val)
+{
+    strlcpy (krb_ticket_string, val, sizeof(krb_ticket_string));
+}
diff --git a/crypto/kerberosIV/lib/krb/unparse_name.c b/crypto/kerberosIV/lib/krb/unparse_name.c
new file mode 100644
index 0000000..36f0a71
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/unparse_name.c
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: unparse_name.c,v 1.10 1999/12/02 16:58:44 joda Exp $");
+
+static void
+quote_string(char *quote, char *from, char *to)
+{
+    while(*from){
+	if(strchr(quote, *from))
+	    *to++ = '\\';
+	*to++ = *from++;
+    }
+    *to = 0;
+}
+
+/* To be compatible with old functions, we quote differently in each
+   part of the principal*/
+
+char *
+krb_unparse_name_r(krb_principal *pr, char *fullname)
+{
+    quote_string("'@\\", pr->name, fullname);
+    if(pr->instance[0]){
+	strcat(fullname, ".");
+	quote_string("@\\", pr->instance, fullname + strlen(fullname));
+    }
+    if(pr->realm[0]){
+	strcat(fullname, "@");
+	quote_string("\\", pr->realm, fullname + strlen(fullname));
+    }
+    return fullname;
+}
+
+char *
+krb_unparse_name_long_r(char *name, char *instance, char *realm,
+			char *fullname)
+{
+    krb_principal pr;
+
+    memset(&pr, 0, sizeof(pr));
+    strlcpy(pr.name, name, sizeof(pr.name));
+    if(instance)
+	strlcpy(pr.instance, instance, sizeof(pr.instance));
+    if(realm)
+	strlcpy(pr.realm, realm, sizeof(pr.realm));
+    return krb_unparse_name_r(&pr, fullname);
+}
+
+char *
+krb_unparse_name(krb_principal *pr)
+{
+    static char principal[MAX_K_NAME_SZ];
+    krb_unparse_name_r(pr, principal);
+    return principal;
+}
+
+char *
+krb_unparse_name_long(char *name, char *instance, char *realm)
+{
+    krb_principal pr;
+
+    memset(&pr, 0, sizeof(pr));
+    strlcpy(pr.name, name, sizeof(pr.name));
+    if(instance)
+	strlcpy(pr.instance, instance, sizeof(pr.instance));
+    if(realm)
+	strlcpy(pr.realm, realm, sizeof(pr.realm));
+    return krb_unparse_name(&pr);
+}
diff --git a/crypto/kerberosIV/lib/krb/verify_user.c b/crypto/kerberosIV/lib/krb/verify_user.c
new file mode 100644
index 0000000..36c64d7
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/verify_user.c
@@ -0,0 +1,185 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: verify_user.c,v 1.17.2.1 1999/12/06 22:57:17 assar Exp $");
+
+/*
+ * Verify user (name.instance@realm) with `password'.
+ *
+ * If secure, also verify against local
+ * service key (`linstance'.hostname) (or rcmd if linstance == NULL),
+ * this can (usually) only be done by root.
+ *
+ * If secure == KRB_VERIFY_SECURE, fail if there's no key.
+ * If secure == KRB_VERIFY_SECURE_FAIL, don't fail if there's no such
+ * key in the srvtab.
+ *
+ * As a side effect, fresh tickets are obtained.
+ *
+ * srvtab is where the key is found.
+ * 
+ * Returns zero if ok, a positive kerberos error or -1 for system
+ * errors.
+ */
+
+static int
+krb_verify_user_srvtab_exact(char *name,
+			     char *instance,
+			     char *realm,
+			     char *password, 
+			     int secure,
+			     char *linstance,
+			     char *srvtab)
+{
+    int ret;
+
+    ret = krb_get_pw_in_tkt(name, instance, realm,
+			    KRB_TICKET_GRANTING_TICKET,
+			    realm,
+			    DEFAULT_TKT_LIFE, password);
+    if(ret != KSUCCESS)
+	return ret;
+
+    if(secure == KRB_VERIFY_SECURE || secure == KRB_VERIFY_SECURE_FAIL){
+	struct hostent *hp;
+	int32_t addr;
+	
+	KTEXT_ST ticket;
+	AUTH_DAT auth;
+
+	char lrealm[REALM_SZ];
+	char hostname[MaxHostNameLen];
+	char *phost;
+
+	if (gethostname(hostname, sizeof(hostname)) == -1) {
+	    dest_tkt();
+	    return -1;
+	}
+
+	hp = gethostbyname(hostname);
+	if(hp == NULL){
+	    dest_tkt();
+	    return -1;
+	}
+	memcpy(&addr, hp->h_addr, sizeof(addr));
+
+	ret = krb_get_lrealm(lrealm, 1);
+	if(ret != KSUCCESS){
+	    dest_tkt();
+	    return ret;
+	}
+	phost = krb_get_phost(hostname);
+	
+	if (linstance == NULL)
+	    linstance = "rcmd";
+
+	if(secure == KRB_VERIFY_SECURE_FAIL) {
+	    des_cblock key;
+	    ret = read_service_key(linstance, phost, lrealm, 0, srvtab, &key);
+	    memset(key, 0, sizeof(key));
+	    if(ret == KFAILURE)
+		return 0;
+	}
+	
+	ret = krb_mk_req(&ticket, linstance, phost, lrealm, 33);
+	if(ret != KSUCCESS){
+	    dest_tkt();
+	    return ret;
+	}
+	
+	ret = krb_rd_req(&ticket, linstance, phost, addr, &auth, srvtab);
+	if(ret != KSUCCESS){
+	    dest_tkt();
+	    return ret;
+	}
+    }
+    return 0;
+}
+		
+/*
+ * Try to verify the user and password against all the local realms.
+ */
+
+int
+krb_verify_user_srvtab(char *name,
+		       char *instance,
+		       char *realm,
+		       char *password, 
+		       int secure,
+		       char *linstance,
+		       char *srvtab)
+{
+  int ret;
+  int n;
+  char rlm[256];
+
+  /* First try to verify against the supplied realm. */
+  ret = krb_verify_user_srvtab_exact(name, instance, realm, password,
+				     secure, linstance, srvtab);
+  if (ret == KSUCCESS)
+    return KSUCCESS;
+
+  /* Verify all local realms, except the supplied realm. */
+  for (n = 1; krb_get_lrealm(rlm, n) == KSUCCESS; n++)
+    if (strcmp(rlm, realm) != 0) {
+      ret = krb_verify_user_srvtab_exact(name, instance, rlm, password,
+					 secure, linstance, srvtab);
+      if (ret == KSUCCESS)
+	return KSUCCESS;
+    }
+
+  return ret;
+}
+
+/*
+ * Compat function without srvtab.
+ */
+
+int
+krb_verify_user(char *name,
+		char *instance,
+		char *realm,
+		char *password, 
+		int secure,
+		char *linstance)
+{
+    return krb_verify_user_srvtab (name,
+				   instance,
+				   realm,
+				   password,
+				   secure,
+				   linstance,
+				   (char *)KEYFILE);
+}
diff --git a/crypto/kerberosIV/lib/roken/ChangeLog b/crypto/kerberosIV/lib/roken/ChangeLog
new file mode 100644
index 0000000..116fdbd
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/ChangeLog
@@ -0,0 +1,614 @@
+1999-11-25  Assar Westerlund  <assar@sics.se>
+
+	* getopt.c (getopt): return -1 instead of EOF.  From
+	<art@stacken.kth.se>
+
+1999-11-13  Assar Westerlund  <assar@sics.se>
+
+	* strftime.c (strftime): handle `%z' and `%Z' in a tm_gmtoff-less
+	world
+
+	* getcap.c: make sure to use db only if we have both the library
+	and the header file
+	
+1999-11-12  Assar Westerlund  <assar@sics.se>
+
+	* getarg.h: add arg_counter
+	* getarg.c: add a new type of argument: `arg_counter' re-organize
+	the code somewhat
+	
+	* Makefile.am: add strptime and strpftime-test
+	
+	* snprintf.c (xyzprintf): try to do the right thing with an % at
+	the end of the format string
+	
+	* strptime.c (strptime): implement '%U', '%V', '%W'
+	* strftime.c (strftime): implement '%U', '%V', '%W', '%z'
+	
+	* strftime.c (strftime): correct %E and %O handling.  do something
+ 	reasonable with "...%"
+
+	* strftime.c: replace the BSD implementation by one of our own
+	coding
+
+	* strptime.c : new file
+	* strpftime-test.c: new file
+
+1999-11-07  Assar Westerlund  <assar@sics.se>
+
+	* parse_bytes-test.c: new file
+
+	* Makefile.am: add parse_bytes-test
+
+	* parse_units.c (parse_something): try to handle the case of no
+ 	value specified a little bit better
+
+1999-11-04  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: bump version to 3:2:0
+
+1999-10-30  Assar Westerlund  <assar@sics.se>
+
+	* snprintf.c (PARSE_INT_FORMAT): add redundant casts to work
+ 	around a gcc-bug that manifests itself on Linux-PPC.  From Tom
+ 	Rini <trini@kernel.crashing.org>
+
+1999-10-28  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: bump version to 3:1:0
+
+	* roken.h.in: use `unsigned char' instead of `u_int8_t' to avoid
+ 	having to have that definition.  this is the easy way out instead
+ 	of getting the definition here where it's needed.  flame me.
+
+Fri Oct 22 15:39:31 1999  Bjoern Groenvall  <bg@sics.se>
+
+	* k_getpwuid.c (k_getpwuid): getspuid() does not exist (even
+ 	though it should), use getspnam().
+
+1999-10-20  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: set version to 3:0:0
+
+1999-10-18  Johan Danielsson  <joda@pdc.kth.se>
+
+	* getarg.3: document arg_collect
+
+	* getarg.c: change the way arg_collect works; it's still quite
+	horrible though
+
+	* getarg.h: change type of the collect function
+
+1999-10-17  Assar Westerlund  <assar@sics.se>
+
+	* xdbm.h: undo last commit
+
+	* xdbm.h: reorder db includes
+
+1999-10-10  Assar Westerlund  <assar@sics.se>
+
+	* socket.c: const-ize and comment
+
+	* net_write.c: const-ize
+
+	* base64.c: const-ize
+
+1999-10-06  Assar Westerlund  <assar@sics.se>
+
+	* getarg.c (getarg): also set optind when returning error
+
+1999-09-26  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: add parse_bytes.[ch]
+
+1999-09-24  Johan Danielsson  <joda@pdc.kth.se>
+
+	* getarg.3: getarg manpage
+
+	* getarg.{c,h}: add a callback type to do more complicated processing
+
+	* getarg.{c,h}: add floating point support
+
+1999-09-16  Assar Westerlund  <assar@sics.se>
+
+	* strlcat.c (strlcat): call strlcpy
+
+	* strlcpy.c: update name and prototype
+
+	* strlcat.c: update name and prototype
+
+	* roken.h.in: rename strc{py,at}_truncate to strlc{py,at}
+
+	* Makefile.am: rename strc{py,at}_truncate -> strlc{py,at}
+
+	* Makefile.in: rename strc{py,at}_truncate -> strlc{py,at}
+
+ 	* strcpy_truncate.c (strcpy_truncate): change return value to be
+ 	the length of `src'
+
+1999-08-16  Assar Westerlund  <assar@sics.se>
+
+	* getcap.c: try to make this work on systems with DB
+
+1999-08-16  Johan Danielsson  <joda@pdc.kth.se>
+
+	* getcap.c: protect from db-less systems
+
+1999-08-09  Johan Danielsson  <joda@pdc.kth.se>
+
+	* simple_exec.c: add simple_exec{ve,le}
+
+	* getcap.c: getcap from NetBSD
+
+1999-08-06  Assar Westerlund  <assar@sics.se>
+
+	* roken.h.in (sockaddr_storage): cater for those that have
+ 	v6-support also
+
+1999-08-05  Assar Westerlund  <assar@sics.se>
+
+	* inet_ntop.c (inet_ntop_v4): remember to call ntohl
+
+1999-08-04  Assar Westerlund  <assar@sics.se>
+
+	* roken-common.h: add shutdown constants
+
+	* mini_inetd.c (listen_v4, listen_v6): handle the case of the
+ 	protocol not being supported
+
+1999-08-01  Assar Westerlund  <assar@sics.se>
+
+	* mini_inetd.c (socket_set_reuseaddr): remove duplicate
+
+1999-07-29  Assar Westerlund  <assar@sics.se>
+
+	* mini_inetd.c (mini_inetd): fix my stupid bugs
+
+1999-07-28  Assar Westerlund  <assar@sics.se>
+
+	* roken-common.h: add socket* functions
+
+	* Makefile.am (libroken_la_SOURCES): add socket.c
+
+	* socket.c: new file, originally from appl/ftp/common
+
+	* Makefile.am: set version to 2:0:2
+
+	* roken.h.in (inet_pton): add prototype
+
+	* Makefile.am (EXTRA_libroken_la_SOURCES): add inet_pton
+
+	* inet_pton.c: new file
+
+	* getipnodebyname.c (getipnodebyname): try gethostbyname2 if we
+ 	have it
+
+1999-07-27  Assar Westerlund  <assar@sics.se>
+
+	* mini_inetd.c: support IPv6
+
+1999-07-26  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: set version to 1:0:1
+
+	* roken.h.in (inet_ntop): add prototype
+
+ 	* roken-common.h: (INET{,6}_ADDRSTRLEN): add
+
+	* inet_ntop.c: new file
+
+	* Makefile.am (EXTRA_libroken_la_SOURCES): add inet_ntop.c
+
+	* Makefile.am: move some files from libroken_la_SOURCES to
+ 	EXTRA_libroken_la_SOURCES
+
+	* snprintf.c: some signed vs unsigned casts
+	
+1999-07-24  Assar Westerlund  <assar@sics.se>
+
+	* roken.h.in (struct sockaddr_storage): define it needed
+
+1999-07-19  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am (libroken_la_SOURCES): add copyhostent.c,
+ 	freehostent.c, getipnodebyname.c, getipnodebyaddr.c
+	
+	* roken.h.in: <netdb.h>: include
+	(copyhostent, freehostent, getipnodebyname, getipnodebyaddr): add
+	prototypes
+
+	* roken-common.h: new constants for getipnodeby*
+
+	* Makefile.in (SOURCES): add freehostent, copyhostent,
+ 	getipnodebyname, getipnodebyaddr
+
+	* freehostent.c: new file
+
+	* copyhostent.c: new file
+
+	* getipnodebyaddr.c: new file
+
+	* getipnodebyname.c: new file
+
+1999-07-13  Assar Westerlund  <assar@sics.se>
+
+	* roken.h.in (k_getpwnam): update prototype
+
+	* k_getpwnam.c (k_getpwnam): const-ize
+
+	* get_default_username.c (get_default_username): a better way of
+ 	guessing when the user has su:ed
+
+1999-07-08  Johan Danielsson  <joda@pdc.kth.se>
+
+	* roken.awk: use puts, as suggested by Jeffrey Hutzelman
+	<jhutz+@cmu.edu>
+
+1999-07-06  Assar Westerlund  <assar@sics.se>
+
+	* readv.c (readv): typo
+
+1999-07-03  Assar Westerlund  <assar@sics.se>
+
+	* writev.c (writev): error check malloc properly
+
+	* sendmsg.c (sendmsg): error check malloc properly
+
+	* resolve.c (parse_reply): error check malloc properly
+
+	* recvmsg.c (recvmsg): error check malloc properly
+
+	* readv.c (readv): error check malloc properly
+
+1999-06-23  Assar Westerlund  <assar@sics.se>
+
+	* parse_units.c (acc_units): move the special case of 0 -> 1 to
+ 	parse_something to avoid having it happen at the end of the string
+
+1999-06-15  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: add get_default_username
+
+	* get_default_username.c: new file
+
+	* roken.h.in (get_default_username): add prototype
+
+	* Makefile.am: add get_default_username
+
+1999-05-08  Assar Westerlund  <assar@sics.se>
+
+	* xdbm.h: also try <db.h> with DB_DBM_HSEARCH == 1
+
+	* strnlen.c (strnlen): update prototype
+
+	* Makefile.am: strndup.c: add
+
+	* Makefile.in: strndup.c: add
+
+	* roken.h.in (strndup): add
+	(strnlen): update prototype
+
+	* strndup.c: new file
+
+Fri Apr 16 17:59:30 1999  Assar Westerlund  <assar@sics.se>
+
+	* roken.h.in: include strsep prototype if needed
+
+Thu Apr 15 14:04:03 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: make make-print-version.o depend on version.h
+
+Wed Apr  7 14:11:00 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: make it compile w/o krb4
+
+Sat Mar 27 17:33:03 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
+
+	* snprintf.c (vasnprintf): correct check if realloc returns NULL
+
+Sat Mar 27 12:37:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: link print_version with -ldes to avoid unresolved
+ 	references if -lkrb is shared
+
+Sat Mar 20 03:42:30 1999  Assar Westerlund  <assar@sics.se>
+
+	* roken-common.h (eread, ewrite): add
+
+	* simple_exec.c: add <roken.h>
+
+Fri Mar 19 21:29:58 1999  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: add eread, ewrite
+
+	* eread.c, ewrite.c: new files
+
+	* Makefile.am (libroken_la_SOURCES): add eread and ewrite
+
+Fri Mar 19 14:52:57 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: add version-info
+
+Thu Mar 18 12:53:32 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: remove include_dir hack
+
+	* Makefile.am: parse_units.h
+
+	* Makefile.am: include Makefile.am.common
+
+Sat Mar 13 23:31:35 1999  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (SOURCES): add glob.c
+
+Thu Mar 11 15:02:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* iruserok.c: move innetgr() to separate file
+
+	* innetgr.c: move innetgr() to separate file
+
+	* hstrerror.c (hstrerror): add const to return type
+
+	* erealloc.c: fix types in format string
+
+	* emalloc.c: fix types in format string
+
+Wed Mar 10 16:36:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* resolve.c: ugly fix for crays
+
+Mon Mar  8 11:52:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* roken.h.in: protos for {un,}setenv
+
+1999-02-16  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (SOURCES): add fnmatch
+
+	* roken-common.h (abs): add
+
+Sat Feb 13 17:12:53 1999  Assar Westerlund  <assar@sics.se>
+
+	* emalloc.c, erealloc.c, estrup.c: new files
+
+	* roken.h.in (mkstemp, gethostname): also includes prototypes if
+ 	they are needed.
+
+1998-12-23  Assar Westerlund  <assar@sics.se>
+
+	* roken.h.in: mkstemp: add prototype
+
+1998-12-20  Assar Westerlund  <assar@sics.se>
+
+	* snprintf.c, iruserok.c, parse-units.c: unsigned char-correctness
+
+	* roken.h.in (inet_aton): also chedk NEED_INET_ATON_PROTO
+
+	* roken-common.h: __attribute__: check for autoconf'd
+	HAVE___ATTRIBUTE__ instead of GNUC
+
+Sun Dec  6 19:53:21 1998  Assar Westerlund  <assar@sics.se>
+
+	* parse_units.c (parse_something): func is called with val == 0 if
+ 	no unit was given
+	(acc_flags, acc_units): update to new standard
+
+Fri Nov 27 03:09:42 1998  Assar Westerlund  <assar@sics.se>
+
+	* resolve.c (stot): constify
+	(type_to_string): always declare
+	(dns_lookup_int): correct debug output
+
+Thu Nov 26 23:43:55 1998  Assar Westerlund  <assar@sics.se>
+
+	* resolve.c (dns_lookup_int): send rr_class to res_search
+
+Thu Nov 26 17:09:47 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* resolve.c: some cleanup
+
+	* resolve.h: add T_NAPTR
+
+Sun Nov 22 10:23:07 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (WFLAGS): set
+
+	* k_getpwnam.c (k_getpwnam): check for `struct spwd'
+
+	* k_getpwuid.c (k_getpwuid): check for `struct spwd'
+
+Tue Sep  8 05:18:31 1998  Assar Westerlund  <assar@sics.se>
+
+	* recvmsg.c (recvmsg): patch from bpreece@unity.ncsu.edu
+
+Fri Sep  4 16:29:27 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* vsyslog.c: asprintf -> vasprintf
+
+Tue Aug 18 22:25:52 1998  Assar Westerlund  <assar@sics.se>
+
+	* getarg.h (arg_printusage): new signature
+
+	* getarg.c (arg_printusage): new parameter `progname'.  NULL means
+ 	__progname.
+
+Sun Aug  9 14:53:44 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* Makefile.am: net_{read,write}.c
+
+Fri Jul 24 21:56:02 1998  Assar Westerlund  <assar@sics.se>
+
+	* simple_exec.c (simple_execvp): loop around waitpid when errno ==
+ 	EINTR
+
+Thu Jul 23 20:24:35 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* Makefile.am: net_{read,write}.c
+
+Wed Jul 22 21:38:35 1998  Assar Westerlund  <assar@sics.se>
+
+	* simple_exec.c (simple_execlp): initialize `argv'
+
+Mon Jul 13 23:01:22 1998  Assar Westerlund  <assar@sics.se>
+
+	* inaddr2str.c (inaddr2str): don't advance hostent->h_addr_list,
+ 	use a copy instead
+
+Fri Jul 10 01:20:08 1998  Assar Westerlund  <assar@sics.se>
+
+	* roken.h.in (net_write, net_read): add prototypes
+
+	* Makefile.in: net_{read,write}.c: add
+
+	* net_{read,write}.c: new files
+
+Tue Jun 30 17:29:09 1998  Assar Westerlund  <assar@sics.se>
+
+	* roken.h.in (issuid): add
+
+	* get_window_size.c: fix misspelling of TIOCGWINSZ and bad use of
+ 	fields
+
+Sun May 31 03:24:34 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* getarg.c (mandoc_template): Put short and long options in
+ 	SYNOPSIS within the same [ ] pair.
+
+Sat May 30 00:13:01 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* getarg.c (arg_printusage): try to keep options shorter than
+ 	column width
+
+	* get_window_size.c (get_window_size): check COLUMNS and LINES
+
+Fri May 29 00:05:04 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* getarg.c (mandoc_template): Put short and long options in
+ 	DESCRIPTION on the same line.
+
+	* getarg.c (arg_match_long): make sure you only get an exact match
+ 	if the strings are the same length
+
+Thu May 14 02:23:40 1998  Assar Westerlund  <assar@sics.se>
+
+	* roken.awk: stupid cray awk wants \#
+
+Fri May  1 01:29:36 1998  Assar Westerlund  <assar@sics.se>
+
+	* print_version.c (print_version): according to ISO/ANSI C the
+ 	elements of `arg' are not constant and therefore not settable at
+ 	compile-time.  Set the at run-time instead.
+
+Sun Apr 19 10:00:06 1998  Assar Westerlund  <assar@sics.se>
+
+	* roken.h.in: include paths.h
+
+Sun Apr  5 12:30:49 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (SOURCES): add roken_gethostby.c to make solaris
+ 	make happy
+
+Thu Mar 19 20:41:25 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* simple_exec.c: Simple fork+exec system() replacement.
+
+Fri Mar  6 00:21:53 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* roken_gethostby.c: Make `roken_gethostby_setup' take url-like
+ 	specification instead of split up versions. Makes it easier for
+ 	calling applications.
+
+	* roken_gethostby.c: Another miracle of the 20th century:
+ 	gethostby* over HTTP.
+
+Sat Feb 21 15:18:36 1998  assar westerlund  <assar@sics.se>
+
+	* parse_time.c (unparse_time_approx): new function that calls
+ 	`unparse_units_approx'
+
+	* parse_units.c (unparse_units_approx): new function that will
+ 	only print the first unit.
+
+	* Makefile.in: include parse_{time,units}
+
+Thu Feb 12 03:30:08 1998  Assar Westerlund  <assar@sics.se>
+
+	* parse_time.c (print_time_table): don't return a void value.
+
+Tue Feb  3 11:06:24 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* getarg.c (mandoc_template): Change date format to full month
+ 	name, and day of month without leading zero.
+
+Thu Jan 22 21:23:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* getarg.c: Fix long form of negative flags.
+
+Mon Dec 29 23:31:10 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* roken.h.in: Include <err.h>, to get linux __progname.
+
+Sun Dec 21 09:45:18 1997  Assar Westerlund  <assar@sics.se>
+
+	* parse_time.c (print_time_table): new function
+
+	* parse_units.c (print_flags_table, print_units_table): new
+ 	functions.
+
+Thu Dec  4 02:51:46 1997  Assar Westerlund  <assar@sics.se>
+
+	* iruserok.c: moved here.
+
+	* snprintf.c (sn_append_char): don't write any terminating zero.
+	(as_reserve): don't loop.  better heuristic for how much space to
+ 	realloc.
+	(vasnprintf): simplify initializing to one.
+
+Sun Nov 30 14:56:59 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* getarg.c: Add mandoc help back-end to getarg.
+
+Wed Nov 12 01:09:17 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* verr.c, verrx.c: Fix warnings by moving exit from.
+
+Tue Nov 11 21:12:09 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* parse_units.c: Change the list of separating characters (between
+ 	units) to comma, space, and tab, removing digits. Having digits in
+ 	this list makes a flag like `T42 generate a parse error. This
+ 	change makes `17m3s' an invalid time-spec (you need a space).
+
+Tue Nov 11 02:38:44 1997  Assar Westerlund  <assar@sics.se>
+
+	* roken.h: add <sys/socket.h>
+
+Sun Nov  9 04:48:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* fnmatch.c: Add fnmatch from NetBSD
+
+Sun Nov  9 02:00:08 1997  Assar Westerlund  <assar@sics.se>
+
+	* parse_units.c (parse_something): ignore white-space and ','
+
+Mon Nov  3 22:38:32 1997  Assar Westerlund  <assar@sics.se>
+	
+	* roken.h: fclose prototype
+
+	* roken.h: add prototype for vsyslog
+
+	* Makefile.in: add some more source files to make soriasis make
+ 	happy
+
+Sat Nov  1 00:19:21 1997  Assar Westerlund  <assar@sics.se>
+
+	* roken.h: include <sys/uio.h> and <errno.h>.
+	prototypes for readv and writev
+
+	* readv.c, writev.c: new files
+
+Wed Oct 29 02:21:38 1997  Assar Westerlund  <assar@sics.se>
+
+	* roken.h: Add ugly macros for openlog, gethostbyname,
+ 	gethostbyaddr, and getservbyname for the benefit of Crays.  Add
+ 	default definition of MAXPATHLEN
diff --git a/crypto/kerberosIV/lib/roken/Makefile.am b/crypto/kerberosIV/lib/roken/Makefile.am
new file mode 100644
index 0000000..e680230
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/Makefile.am
@@ -0,0 +1,177 @@
+# $Id: Makefile.am,v 1.54 1999/12/03 04:04:13 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+CLEANFILES = roken.h make-roken.c print_version.h
+
+lib_LTLIBRARIES = libroken.la
+libroken_la_LDFLAGS = -version-info 3:2:0
+
+noinst_PROGRAMS = make-roken make-print-version
+
+check_PROGRAMS = parse_bytes-test strpftime-test getaddrinfo-test
+TESTS = $(check_PROGRAMS)
+
+getaddrinfo_test_LDADD = libroken.la
+parse_bytes_test_LDADD = libroken.la
+strpftime_test_LDADD = strftime.o strptime.o
+
+if KRB4
+if KRB5
+## need to link with des here; otherwise, if krb4 is shared the link
+## will fail with unresolved references
+make_print_version_LDADD += $(LIB_krb4) -ldes
+endif
+endif
+
+libroken_la_SOURCES =		\
+	base64.c		\
+	concat.c		\
+	emalloc.c		\
+	eread.c			\
+	erealloc.c		\
+	estrdup.c		\
+	ewrite.c		\
+	get_default_username.c	\
+	get_window_size.c	\
+	getarg.c		\
+	inaddr2str.c		\
+	issuid.c		\
+	k_getpwnam.c		\
+	k_getpwuid.c		\
+	mini_inetd.c		\
+	net_read.c		\
+	net_write.c		\
+	parse_bytes.c		\
+	parse_time.c		\
+	parse_units.c		\
+	print_version.c		\
+	resolve.c		\
+	roken_gethostby.c	\
+	signal.c		\
+	simple_exec.c		\
+	snprintf.c		\
+	socket.c		\
+	tm2time.c		\
+	verify.c		\
+	warnerr.c		\
+	xdbm.h
+
+EXTRA_libroken_la_SOURCES =	\
+	chown.c			\
+	copyhostent.c		\
+	daemon.c		\
+	err.c			\
+	err.h			\
+	errx.c			\
+	fchown.c		\
+	flock.c			\
+	fnmatch.c		\
+	fnmatch.h		\
+	freeaddrinfo.c		\
+	freehostent.c		\
+	gai_strerror.c		\
+	getaddrinfo.c		\
+	getdtablesize.c		\
+	getegid.c		\
+	geteuid.c		\
+	getgid.c		\
+	gethostname.c		\
+	getipnodebyaddr.c	\
+	getipnodebyname.c	\
+	getnameinfo.c		\
+	getopt.c		\
+	gettimeofday.c		\
+	getuid.c		\
+	getusershell.c		\
+	glob.h			\
+	hstrerror.c		\
+	inet_aton.c		\
+	inet_ntop.c		\
+	inet_pton.c		\
+	initgroups.c		\
+	innetgr.c		\
+	iruserok.c		\
+	lstat.c			\
+	memmove.c		\
+	mkstemp.c		\
+	putenv.c		\
+	rcmd.c			\
+	readv.c			\
+	recvmsg.c		\
+	sendmsg.c		\
+	setegid.c		\
+	setenv.c		\
+	seteuid.c		\
+	strcasecmp.c		\
+	strdup.c		\
+	strerror.c		\
+	strftime.c		\
+	strlcat.c		\
+	strlcpy.c		\
+	strlwr.c		\
+	strncasecmp.c		\
+	strndup.c		\
+	strnlen.c		\
+	strptime.c		\
+	strsep.c		\
+	strtok_r.c		\
+	strupr.c		\
+	swab.c			\
+	unsetenv.c		\
+	verr.c			\
+	verrx.c			\
+	vsyslog.c		\
+	vwarn.c			\
+	vwarnx.c		\
+	warn.c			\
+	warnx.c			\
+	writev.c
+
+EXTRA_DIST = resource.h roken.awk roken.def roken.dsp roken.h.in \
+	roken.mak roken.rc
+
+
+
+libroken_la_LIBADD = @LTLIBOBJS@
+
+$(LTLIBOBJS) $(libroken_la_OBJECTS): roken.h
+
+include_HEADERS = $(err_h) base64.h getarg.h \
+	parse_bytes.h parse_time.h parse_units.h \
+	resolve.h roken.h roken-common.h
+
+build_HEADERZ = $(err_h) $(fnmatch_h) $(glob_h) xdbm.h
+
+if have_err_h
+err_h =
+else
+err_h = err.h
+endif
+
+if have_fnmatch_h
+fnmatch_h =
+else
+fnmatch_h = fnmatch.h
+endif
+
+if have_glob_h
+glob_h =
+else
+glob_h = glob.h
+endif
+
+roken.h: make-roken
+	@./make-roken > tmp.h ;\
+	if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \
+	else rm -f roken.h; mv tmp.h roken.h; fi
+
+make-roken.c: roken.h.in roken.awk
+	$(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c
+
+print_version.lo: print_version.h
+
+print_version.h: make-print-version
+	./make-print-version print_version.h
+
+make-print-version.o: $(top_builddir)/include/version.h
diff --git a/crypto/kerberosIV/lib/roken/Makefile.in b/crypto/kerberosIV/lib/roken/Makefile.in
new file mode 100644
index 0000000..70563e4
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/Makefile.in
@@ -0,0 +1,221 @@
+#
+# $Id: Makefile.in,v 1.73 1999/11/30 19:22:59 bg Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC	= @CC@
+LINK = @LINK@
+CPP	= @CPP@
+AR	= ar
+RANLIB	= @RANLIB@
+DEFS	= @DEFS@
+CFLAGS	= @CFLAGS@ $(WFLAGS)
+WFLAGS	= @WFLAGS@
+AWK	= @AWK@
+
+INSTALL = @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+EXECSUFFIX = @EXECSUFFIX@
+PICFLAGS = # @PICFLAGS@
+ 
+LIBNAME = $(LIBPREFIX)roken
+#LIBEXT = @LIBEXT@ Always build archive library and don't install!
+LIBEXT = a
+LIBPREFIX = @LIBPREFIX@
+SHLIBEXT = @SHLIBEXT@
+LDSHARED = @LDSHARED@
+LIB = $(LIBNAME).$(LIBEXT)
+
+SOURCES = \
+	base64.c \
+	chown.c \
+	concat.c \
+	copyhostent.c \
+	daemon.c \
+	emalloc.c \
+	erealloc.c \
+	estrdup.c \
+	eread.c \
+	err.c \
+	errx.c \
+	ewrite.c \
+	fchown.c \
+	flock.c \
+	fnmatch.c \
+	freehostent.c \
+	get_window_size.c \
+	getarg.c \
+	getcwd.c \
+	get_default_username.c \
+	getdtablesize.c \
+	gethostname.c \
+	getipnodebyaddr.c \
+	getipnodebyname.c \
+	getopt.c \
+	getusershell.c \
+	glob.c \
+	hstrerror.c \
+	inaddr2str.c \
+	inet_aton.c \
+	inet_ntop.c \
+	initgroups.c \
+	iruserok.c \
+	issuid.c \
+	k_getpwnam.c \
+	k_getpwuid.c \
+	lstat.c \
+	memmove.c \
+	mini_inetd.c \
+	mkstemp.c \
+	net_read.c \
+	net_write.c \
+	parse_time.c \
+	parse_units.c \
+	print_version.c \
+	putenv.c \
+	resolve.c \
+	rcmd.c \
+	roken_gethostby.c \
+	readv.c \
+	setegid.c \
+	setenv.c \
+	seteuid.c \
+	signal.c \
+	simple_exec.c \
+	snprintf.c \
+	socket.c \
+	strcasecmp.c \
+	strdup.c \
+	strerror.c \
+	strftime.c \
+	strlcat.c \
+	strlcpy.c \
+	strlwr.c \
+	strncasecmp.c \
+	strndup.c \
+	strnlen.c \
+	strsep.c \
+	strtok_r.c \
+	strupr.c \
+	tm2time.c \
+	unsetenv.c \
+	verify.c \
+	verr.c \
+	verrx.c \
+	vsyslog.c \
+	vwarn.c \
+	vwarnx.c \
+	warn.c \
+	warnerr.c \
+	warnx.c
+
+EXTRA_SOURCES = \
+	make-print-version.c
+
+OBJECTS = \
+	base64.o \
+	concat.o \
+	emalloc.o \
+	eread.o \
+	erealloc.o \
+	estrdup.o \
+	ewrite.o \
+	get_default_username.o \
+	get_window_size.o \
+	getarg.o \
+	inaddr2str.o \
+	issuid.o \
+	k_getpwnam.o \
+	k_getpwuid.o \
+	mini_inetd.o \
+	net_read.o \
+	net_write.o \
+	parse_time.o \
+	parse_units.o \
+	print_version.o \
+	resolve.o \
+	roken_gethostby.o \
+	signal.o \
+	simple_exec.o \
+	snprintf.o \
+	socket.o \
+	tm2time.o \
+	verify.o \
+	warnerr.o \
+	@LIBOBJS@
+
+all: $(LIB) install-roken-h
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I. -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
+
+install: all
+
+uninstall:
+
+TAGS: $(SOURCES) $(EXTRA_SOURCES)
+	etags $(SOURCES) $(EXTRA_SOURCES)
+
+check:
+
+clean:
+	rm -f $(LIB) *.o *.a roken.h make-roken$(EXECSUFFIX) make-roken.c \
+		make-print-version$(EXECSUFFIX) print_version.h
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+$(LIBNAME).a: $(OBJECTS)
+	rm -f $@
+	$(AR) cr $@ $(OBJECTS)
+	-$(RANLIB) $@
+
+$(LIBNAME).$(SHLIBEXT): $(OBJECTS)
+	rm -f $@
+	$(LDSHARED) -o $@ $(OBJECTS)
+
+roken.h: make-roken$(EXECSUFFIX)
+	@./make-roken > tmp.h ;\
+	if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \
+	else rm -f roken.h; mv tmp.h roken.h; fi
+
+make-roken$(EXECSUFFIX): make-roken.o
+	$(LINK) $(CFLAGS) -o $@ make-roken.o
+
+make-roken.c: roken.h.in roken.awk
+	$(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c
+
+print_version.o: print_version.h
+
+print_version.h: make-print-version$(EXECSUFFIX)
+	@./make-print-version$(EXECSUFFIX) print_version.h
+
+make-print-version$(EXECSUFFIX): make-print-version.o
+	$(LINK) $(CFLAGS) -o $@ make-print-version.o
+
+install-roken-h: roken.h
+	@if [ -f ../../include/roken.h ] && cmp -s ../../include/roken.h roken.h ; \
+	then :; else \
+	echo "  $(INSTALL) roken.h ../../include/roken.h"; \
+	$(INSTALL) roken.h ../../include/roken.h; fi
+
+$(OBJECTS): ../../include/config.h roken.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean install-roken-h
diff --git a/crypto/kerberosIV/lib/roken/base64.c b/crypto/kerberosIV/lib/roken/base64.c
new file mode 100644
index 0000000..daed869
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/base64.c
@@ -0,0 +1,146 @@
+/*
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: base64.c,v 1.4 1999/12/02 16:58:45 joda Exp $");
+#endif
+#include <stdlib.h>
+#include <string.h>
+#include "base64.h"
+
+static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+static int pos(char c)
+{
+  char *p;
+  for(p = base64; *p; p++)
+    if(*p == c)
+      return p - base64;
+  return -1;
+}
+
+int base64_encode(const void *data, int size, char **str)
+{
+  char *s, *p;
+  int i;
+  int c;
+  const unsigned char *q;
+
+  p = s = (char*)malloc(size*4/3+4);
+  if (p == NULL)
+      return -1;
+  q = (const unsigned char*)data;
+  i=0;
+  for(i = 0; i < size;){
+    c=q[i++];
+    c*=256;
+    if(i < size)
+      c+=q[i];
+    i++;
+    c*=256;
+    if(i < size)
+      c+=q[i];
+    i++;
+    p[0]=base64[(c&0x00fc0000) >> 18];
+    p[1]=base64[(c&0x0003f000) >> 12];
+    p[2]=base64[(c&0x00000fc0) >> 6];
+    p[3]=base64[(c&0x0000003f) >> 0];
+    if(i > size)
+      p[3]='=';
+    if(i > size+1)
+      p[2]='=';
+    p+=4;
+  }
+  *p=0;
+  *str = s;
+  return strlen(s);
+}
+
+int base64_decode(const char *str, void *data)
+{
+  const char *p;
+  unsigned char *q;
+  int c;
+  int x;
+  int done = 0;
+  q=(unsigned char*)data;
+  for(p=str; *p && !done; p+=4){
+    x = pos(p[0]);
+    if(x >= 0)
+      c = x;
+    else{
+      done = 3;
+      break;
+    }
+    c*=64;
+    
+    x = pos(p[1]);
+    if(x >= 0)
+      c += x;
+    else
+      return -1;
+    c*=64;
+    
+    if(p[2] == '=')
+      done++;
+    else{
+      x = pos(p[2]);
+      if(x >= 0)
+	c += x;
+      else
+	return -1;
+    }
+    c*=64;
+    
+    if(p[3] == '=')
+      done++;
+    else{
+      if(done)
+	return -1;
+      x = pos(p[3]);
+      if(x >= 0)
+	c += x;
+      else
+	return -1;
+    }
+    if(done < 3)
+      *q++=(c&0x00ff0000)>>16;
+      
+    if(done < 2)
+      *q++=(c&0x0000ff00)>>8;
+    if(done < 1)
+      *q++=(c&0x000000ff)>>0;
+  }
+  return q - (unsigned char*)data;
+}
diff --git a/crypto/kerberosIV/lib/roken/base64.h b/crypto/kerberosIV/lib/roken/base64.h
new file mode 100644
index 0000000..5ad1e3b
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/base64.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: base64.h,v 1.2 1999/12/02 16:58:45 joda Exp $ */
+
+#ifndef _BASE64_H_
+#define _BASE64_H_
+
+int base64_encode(const void *data, int size, char **str);
+int base64_decode(const char *str, void *data);
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/chown.c b/crypto/kerberosIV/lib/roken/chown.c
new file mode 100644
index 0000000..f3d34e3
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/chown.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: chown.c,v 1.3 1999/12/02 16:58:45 joda Exp $");
+#endif
+
+#include "roken.h"
+
+int
+chown(const char *path, uid_t owner, gid_t group)
+{
+  return 0;
+}
diff --git a/crypto/kerberosIV/lib/roken/concat.c b/crypto/kerberosIV/lib/roken/concat.c
new file mode 100644
index 0000000..ca295c0
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/concat.c
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: concat.c,v 1.4 1999/12/02 16:58:45 joda Exp $");
+#endif
+#include "roken.h"
+
+int
+roken_concat (char *s, size_t len, ...)
+{
+    int ret;
+    va_list args;
+
+    va_start(args, len);
+    ret = roken_vconcat (s, len, args);
+    va_end(args);
+    return ret;
+}
+
+int
+roken_vconcat (char *s, size_t len, va_list args)
+{
+    const char *a;
+
+    while ((a = va_arg(args, const char*))) {
+	size_t n = strlen (a);
+
+	if (n >= len)
+	    return -1;
+	memcpy (s, a, n);
+	s += n;
+	len -= n;
+    }
+    *s = '\0';
+    return 0;
+}
+
+size_t
+roken_vmconcat (char **s, size_t max_len, va_list args)
+{
+    const char *a;
+    char *p, *q;
+    size_t len = 0;
+    *s = NULL;
+    p = malloc(1);
+    if(p == NULL)
+	return 0;
+    len = 1;
+    while ((a = va_arg(args, const char*))) {
+	size_t n = strlen (a);
+	
+	if(max_len && len + n > max_len){
+	    free(p);
+	    return 0;
+	}
+	q = realloc(p, len + n);
+	if(q == NULL){
+	    free(p);
+	    return 0;
+	}
+	p = q;
+	memcpy (p + len - 1, a, n);
+	len += n;
+    }
+    p[len - 1] = '\0';
+    *s = p;
+    return len;
+}
+
+size_t
+roken_mconcat (char **s, size_t max_len, ...)
+{
+    int ret;
+    va_list args;
+
+    va_start(args, max_len);
+    ret = roken_vmconcat (s, max_len, args);
+    va_end(args);
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/copyhostent.c b/crypto/kerberosIV/lib/roken/copyhostent.c
new file mode 100644
index 0000000..a3be6db
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/copyhostent.c
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: copyhostent.c,v 1.2 1999/12/02 16:58:45 joda Exp $");
+#endif
+
+#include "roken.h"
+
+/*
+ * return a malloced copy of `h'
+ */
+
+struct hostent *
+copyhostent (const struct hostent *h)
+{
+    struct hostent *res;
+    char **p;
+    int i, n;
+
+    res = malloc (sizeof (*res));
+    if (res == NULL)
+	return NULL;
+    res->h_name      = NULL;
+    res->h_aliases   = NULL;
+    res->h_addrtype  = h->h_addrtype;
+    res->h_length    = h->h_length;
+    res->h_addr_list = NULL;
+    res->h_name = strdup (h->h_name);
+    if (res->h_name == NULL) {
+	freehostent (res);
+	return NULL;
+    }
+    for (n = 0, p = h->h_aliases; *p != NULL; ++p)
+	++n;
+    res->h_aliases = malloc ((n + 1) * sizeof(*res->h_aliases));
+    if (res->h_aliases == NULL) {
+	freehostent (res);
+	return NULL;
+    }
+    for (i = 0; i < n + 1; ++i)
+	res->h_aliases[i] = NULL;
+    for (i = 0; i < n; ++i) {
+	res->h_aliases[i] = strdup (h->h_aliases[i]);
+	if (res->h_aliases[i] == NULL) {
+	    freehostent (res);
+	    return NULL;
+	}
+    }
+
+    for (n = 0, p = h->h_addr_list; *p != NULL; ++p)
+	++n;
+    res->h_addr_list = malloc ((n + 1) * sizeof(*res->h_addr_list));
+    if (res->h_addr_list == NULL) {
+	freehostent (res);
+	return NULL;
+    }
+    for (i = 0; i < n + 1; ++i) {
+	res->h_addr_list[i] = NULL;
+    }
+    for (i = 0; i < n; ++i) {
+	res->h_addr_list[i] = malloc (h->h_length);
+	if (res->h_addr_list[i] == NULL) {
+	    freehostent (res);
+	    return NULL;
+	}
+	memcpy (res->h_addr_list[i], h->h_addr_list[i], h->h_length);
+    }
+    return res;
+}
+
diff --git a/crypto/kerberosIV/lib/roken/daemon.c b/crypto/kerberosIV/lib/roken/daemon.c
new file mode 100644
index 0000000..758856c
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/daemon.c
@@ -0,0 +1,88 @@
+/*-
+ * Copyright (c) 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)daemon.c	8.1 (Berkeley) 6/4/93";
+#endif /* LIBC_SCCS and not lint */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+RCSID("$Id: daemon.c,v 1.3 1997/10/04 21:55:48 joda Exp $");
+
+#ifndef HAVE_DAEMON
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "roken.h"
+
+int
+daemon(int nochdir, int noclose)
+{
+    int fd;
+
+    switch (fork()) {
+    case -1:
+	return (-1);
+    case 0:
+	break;
+    default:
+	_exit(0);
+    }
+
+    if (setsid() == -1)
+	return (-1);
+
+    if (!nochdir)
+	chdir("/");
+
+    if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
+	dup2(fd, STDIN_FILENO);
+	dup2(fd, STDOUT_FILENO);
+	dup2(fd, STDERR_FILENO);
+	if (fd > 2)
+	    close (fd);
+    }
+    return (0);
+}
+
+#endif /* HAVE_DAEMON */
diff --git a/crypto/kerberosIV/lib/roken/emalloc.c b/crypto/kerberosIV/lib/roken/emalloc.c
new file mode 100644
index 0000000..bbea1e0
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/emalloc.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: emalloc.c,v 1.4 1999/12/02 16:58:45 joda Exp $");
+#endif
+
+#include <stdlib.h>
+#include <err.h>
+
+#include <roken.h>
+
+/*
+ * Like malloc but never fails.
+ */
+
+void *
+emalloc (size_t sz)
+{
+    void *tmp = malloc (sz);
+
+    if (tmp == NULL && sz != 0)
+	err (1, "malloc %lu", (unsigned long)sz);
+    return tmp;
+}
diff --git a/crypto/kerberosIV/lib/roken/eread.c b/crypto/kerberosIV/lib/roken/eread.c
new file mode 100644
index 0000000..9a1b24b
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/eread.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: eread.c,v 1.2 1999/12/02 16:58:45 joda Exp $");
+#endif
+
+#include <unistd.h>
+#include <err.h>
+
+#include <roken.h>
+
+/*
+ * Like read but never fails (and never returns partial data).
+ */
+
+ssize_t
+eread (int fd, void *buf, size_t nbytes)
+{
+    ssize_t ret;
+
+    ret = net_read (fd, buf, nbytes);
+    if (ret < 0)
+	err (1, "read");
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/erealloc.c b/crypto/kerberosIV/lib/roken/erealloc.c
new file mode 100644
index 0000000..8afa8f3
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/erealloc.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: erealloc.c,v 1.4 1999/12/02 16:58:45 joda Exp $");
+#endif
+
+#include <stdlib.h>
+#include <err.h>
+
+#include <roken.h>
+
+/*
+ * Like realloc but never fails.
+ */
+
+void *
+erealloc (void *ptr, size_t sz)
+{
+    void *tmp = realloc (ptr, sz);
+
+    if (tmp == NULL && sz != 0)
+	err (1, "realloc %lu", (unsigned long)sz);
+    return tmp;
+}
diff --git a/crypto/kerberosIV/lib/roken/err.c b/crypto/kerberosIV/lib/roken/err.c
new file mode 100644
index 0000000..29b1f7b
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/err.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
+ * (Royal Institute of Technology, Stockholm, Sweden).  
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: err.c,v 1.6 1999/12/02 16:58:45 joda Exp $");
+#endif
+
+#include "err.h"
+
+void
+err(int eval, const char *fmt, ...)
+{
+  va_list ap;
+  va_start(ap, fmt);
+  verr(eval, fmt, ap);
+  va_end(ap);
+}
diff --git a/crypto/kerberosIV/lib/roken/err.h b/crypto/kerberosIV/lib/roken/err.h
new file mode 100644
index 0000000..b0b649f
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/err.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
+ * (Royal Institute of Technology, Stockholm, Sweden).  
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: err.h,v 1.15 1999/12/02 16:58:45 joda Exp $ */
+
+#ifndef __ERR_H__
+#define __ERR_H__
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+
+extern const char *__progname;
+
+#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(x)
+#endif
+
+void warnerr(int doerrno, const char *fmt, va_list ap)
+     __attribute__ ((format (printf, 2, 0)));
+
+void verr(int eval, const char *fmt, va_list ap)
+     __attribute__ ((noreturn, format (printf, 2, 0)));
+void err(int eval, const char *fmt, ...)
+     __attribute__ ((noreturn, format (printf, 2, 3)));
+void verrx(int eval, const char *fmt, va_list ap)
+     __attribute__ ((noreturn, format (printf, 2, 0)));
+void errx(int eval, const char *fmt, ...)
+     __attribute__ ((noreturn, format (printf, 2, 3)));
+void vwarn(const char *fmt, va_list ap)
+     __attribute__ ((format (printf, 1, 0)));
+void warn(const char *fmt, ...)
+     __attribute__ ((format (printf, 1, 2)));
+void vwarnx(const char *fmt, va_list ap)
+     __attribute__ ((format (printf, 1, 0)));
+void warnx(const char *fmt, ...)
+     __attribute__ ((format (printf, 1, 2)));
+
+#endif /* __ERR_H__ */
diff --git a/crypto/kerberosIV/lib/roken/errx.c b/crypto/kerberosIV/lib/roken/errx.c
new file mode 100644
index 0000000..2f8ec18
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/errx.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
+ * (Royal Institute of Technology, Stockholm, Sweden).  
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: errx.c,v 1.6 1999/12/02 16:58:45 joda Exp $");
+#endif
+
+#include "err.h"
+
+void
+errx(int eval, const char *fmt, ...)
+{
+  va_list ap;
+  va_start(ap, fmt);
+  verrx(eval, fmt, ap);
+  va_end(ap);
+}
diff --git a/crypto/kerberosIV/lib/roken/estrdup.c b/crypto/kerberosIV/lib/roken/estrdup.c
new file mode 100644
index 0000000..8c0d9a7
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/estrdup.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: estrdup.c,v 1.2 1999/12/02 16:58:45 joda Exp $");
+#endif
+
+#include <stdlib.h>
+#include <err.h>
+
+#include <roken.h>
+
+/*
+ * Like strdup but never fails.
+ */
+
+char *
+estrdup (const char *str)
+{
+    char *tmp = strdup (str);
+
+    if (tmp == NULL)
+	err (1, "strdup");
+    return tmp;
+}
diff --git a/crypto/kerberosIV/lib/roken/ewrite.c b/crypto/kerberosIV/lib/roken/ewrite.c
new file mode 100644
index 0000000..b2c43de
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/ewrite.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: ewrite.c,v 1.2 1999/12/02 16:58:45 joda Exp $");
+#endif
+
+#include <unistd.h>
+#include <err.h>
+
+#include <roken.h>
+
+/*
+ * Like write but never fails (and never returns partial data).
+ */
+
+ssize_t
+ewrite (int fd, const void *buf, size_t nbytes)
+{
+    ssize_t ret;
+
+    ret = net_write (fd, buf, nbytes);
+    if (ret < 0)
+	err (1, "write");
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/fchown.c b/crypto/kerberosIV/lib/roken/fchown.c
new file mode 100644
index 0000000..61e8546
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/fchown.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: fchown.c,v 1.3 1999/12/02 16:58:46 joda Exp $");
+#endif
+
+#include "roken.h"
+
+int
+fchown(int fd, uid_t owner, gid_t group)
+{
+  return 0;
+}
diff --git a/crypto/kerberosIV/lib/roken/flock.c b/crypto/kerberosIV/lib/roken/flock.c
new file mode 100644
index 0000000..13da4f4
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/flock.c
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifndef HAVE_FLOCK
+RCSID("$Id: flock.c,v 1.4 1999/12/02 16:58:46 joda Exp $");
+
+#include "roken.h"
+
+
+#define OP_MASK (LOCK_SH | LOCK_EX | LOCK_UN)
+
+int
+flock(int fd, int operation)
+{
+#if defined(HAVE_FCNTL) && defined(F_SETLK)
+  struct flock arg;
+  int code, cmd;
+  
+  arg.l_whence = SEEK_SET;
+  arg.l_start = 0;
+  arg.l_len = 0;		/* means to EOF */
+
+  if (operation & LOCK_NB)
+    cmd = F_SETLK;
+  else
+    cmd = F_SETLKW;		/* Blocking */
+
+  switch (operation & OP_MASK) {
+  case LOCK_UN:
+    arg.l_type = F_UNLCK;
+    code = fcntl(fd, F_SETLK, &arg);
+    break;
+  case LOCK_SH:
+    arg.l_type = F_RDLCK;
+    code = fcntl(fd, cmd, &arg);
+    break;
+  case LOCK_EX:
+    arg.l_type = F_WRLCK;
+    code = fcntl(fd, cmd, &arg);
+    break;
+  default:
+    errno = EINVAL;
+    code = -1;
+    break;
+  }
+  return code;
+#else
+  return -1;
+#endif
+}
+
+#endif
+
diff --git a/crypto/kerberosIV/lib/roken/fnmatch.c b/crypto/kerberosIV/lib/roken/fnmatch.c
new file mode 100644
index 0000000..dc01d6e
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/fnmatch.c
@@ -0,0 +1,173 @@
+/*	$NetBSD: fnmatch.c,v 1.11 1995/02/27 03:43:06 cgd Exp $	*/
+
+/*
+ * Copyright (c) 1989, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static char sccsid[] = "@(#)fnmatch.c	8.2 (Berkeley) 4/16/94";
+#else
+static char rcsid[] = "$NetBSD: fnmatch.c,v 1.11 1995/02/27 03:43:06 cgd Exp $";
+#endif
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * Function fnmatch() as specified in POSIX 1003.2-1992, section B.6.
+ * Compares a filename or pathname to a pattern.
+ */
+
+#include <fnmatch.h>
+#include <string.h>
+
+#define	EOS	'\0'
+
+static const char *rangematch (const char *, int, int);
+
+int
+fnmatch(const char *pattern, const char *string, int flags)
+{
+	const char *stringstart;
+	char c, test;
+
+	for (stringstart = string;;)
+		switch (c = *pattern++) {
+		case EOS:
+			return (*string == EOS ? 0 : FNM_NOMATCH);
+		case '?':
+			if (*string == EOS)
+				return (FNM_NOMATCH);
+			if (*string == '/' && (flags & FNM_PATHNAME))
+				return (FNM_NOMATCH);
+			if (*string == '.' && (flags & FNM_PERIOD) &&
+			    (string == stringstart ||
+			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
+				return (FNM_NOMATCH);
+			++string;
+			break;
+		case '*':
+			c = *pattern;
+			/* Collapse multiple stars. */
+			while (c == '*')
+				c = *++pattern;
+
+			if (*string == '.' && (flags & FNM_PERIOD) &&
+			    (string == stringstart ||
+			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
+				return (FNM_NOMATCH);
+
+			/* Optimize for pattern with * at end or before /. */
+			if (c == EOS)
+				if (flags & FNM_PATHNAME)
+					return (strchr(string, '/') == NULL ?
+					    0 : FNM_NOMATCH);
+				else
+					return (0);
+			else if (c == '/' && flags & FNM_PATHNAME) {
+				if ((string = strchr(string, '/')) == NULL)
+					return (FNM_NOMATCH);
+				break;
+			}
+
+			/* General case, use recursion. */
+			while ((test = *string) != EOS) {
+				if (!fnmatch(pattern, string, flags & ~FNM_PERIOD))
+					return (0);
+				if (test == '/' && flags & FNM_PATHNAME)
+					break;
+				++string;
+			}
+			return (FNM_NOMATCH);
+		case '[':
+			if (*string == EOS)
+				return (FNM_NOMATCH);
+			if (*string == '/' && flags & FNM_PATHNAME)
+				return (FNM_NOMATCH);
+			if ((pattern =
+			    rangematch(pattern, *string, flags)) == NULL)
+				return (FNM_NOMATCH);
+			++string;
+			break;
+		case '\\':
+			if (!(flags & FNM_NOESCAPE)) {
+				if ((c = *pattern++) == EOS) {
+					c = '\\';
+					--pattern;
+				}
+			}
+			/* FALLTHROUGH */
+		default:
+			if (c != *string++)
+				return (FNM_NOMATCH);
+			break;
+		}
+	/* NOTREACHED */
+}
+
+static const char *
+rangematch(const char *pattern, int test, int flags)
+{
+	int negate, ok;
+	char c, c2;
+
+	/*
+	 * A bracket expression starting with an unquoted circumflex
+	 * character produces unspecified results (IEEE 1003.2-1992,
+	 * 3.13.2).  This implementation treats it like '!', for
+	 * consistency with the regular expression syntax.
+	 * J.T. Conklin (conklin@ngai.kaleida.com)
+	 */
+	if (negate = (*pattern == '!' || *pattern == '^'))
+		++pattern;
+	
+	for (ok = 0; (c = *pattern++) != ']';) {
+		if (c == '\\' && !(flags & FNM_NOESCAPE))
+			c = *pattern++;
+		if (c == EOS)
+			return (NULL);
+		if (*pattern == '-' 
+		    && (c2 = *(pattern+1)) != EOS && c2 != ']') {
+			pattern += 2;
+			if (c2 == '\\' && !(flags & FNM_NOESCAPE))
+				c2 = *pattern++;
+			if (c2 == EOS)
+				return (NULL);
+			if (c <= test && test <= c2)
+				ok = 1;
+		} else if (c == test)
+			ok = 1;
+	}
+	return (ok == negate ? NULL : pattern);
+}
diff --git a/crypto/kerberosIV/lib/roken/fnmatch.h b/crypto/kerberosIV/lib/roken/fnmatch.h
new file mode 100644
index 0000000..95c91d6
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/fnmatch.h
@@ -0,0 +1,49 @@
+/*	$NetBSD: fnmatch.h,v 1.5 1994/10/26 00:55:53 cgd Exp $	*/
+
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)fnmatch.h	8.1 (Berkeley) 6/2/93
+ */
+
+#ifndef	_FNMATCH_H_
+#define	_FNMATCH_H_
+
+#define	FNM_NOMATCH	1	/* Match failed. */
+
+#define	FNM_NOESCAPE	0x01	/* Disable backslash escaping. */
+#define	FNM_PATHNAME	0x02	/* Slash must be matched by slash. */
+#define	FNM_PERIOD	0x04	/* Period must be matched by period. */
+
+int	 fnmatch (const char *, const char *, int);
+
+#endif /* !_FNMATCH_H_ */
diff --git a/crypto/kerberosIV/lib/roken/freehostent.c b/crypto/kerberosIV/lib/roken/freehostent.c
new file mode 100644
index 0000000..0cd92cd
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/freehostent.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: freehostent.c,v 1.2 1999/12/02 16:58:46 joda Exp $");
+#endif
+
+#include "roken.h"
+
+/*
+ * free a malloced hostent
+ */
+
+void
+freehostent (struct hostent *h)
+{
+    char **p;
+
+    free (h->h_name);
+    if (h->h_aliases != NULL) {
+	for (p = h->h_aliases; *p != NULL; ++p)
+	    free (*p);
+	free (h->h_aliases);
+    }
+    if (h->h_addr_list != NULL) {
+	for (p = h->h_addr_list; *p != NULL; ++p)
+	    free (*p);
+	free (h->h_addr_list);
+    }
+    free (h);
+}
diff --git a/crypto/kerberosIV/lib/roken/get_default_username.c b/crypto/kerberosIV/lib/roken/get_default_username.c
new file mode 100644
index 0000000..10b0863
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/get_default_username.c
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: get_default_username.c,v 1.3 1999/12/02 16:58:46 joda Exp $");
+#endif /* HAVE_CONFIG_H */
+
+#include "roken.h"
+
+/*
+ * Try to return what should be considered the default username or
+ * NULL if we can't guess at all.
+ */
+
+const char *
+get_default_username (void)
+{
+    const char *user;
+
+    user = getenv ("USER");
+    if (user == NULL)
+	user = getenv ("LOGNAME");
+    if (user == NULL)
+	user = getenv ("USERNAME");
+
+#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
+    if (user == NULL) {
+	user = (const char *)getlogin ();
+	if (user != NULL)
+	    return user;
+    }
+#endif
+#ifdef HAVE_PWD_H
+    {
+	uid_t uid = getuid ();
+	struct passwd *pwd;
+
+	if (user != NULL) {
+	    pwd = k_getpwnam (user);
+	    if (pwd != NULL && pwd->pw_uid == uid)
+		return user;
+	}
+	pwd = k_getpwuid (uid);
+	if (pwd != NULL)
+	    return pwd->pw_name;
+    }
+#endif
+    return user;
+}
diff --git a/crypto/kerberosIV/lib/roken/get_window_size.c b/crypto/kerberosIV/lib/roken/get_window_size.c
new file mode 100644
index 0000000..4eff8d2
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/get_window_size.c
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: get_window_size.c,v 1.9 1999/12/02 16:58:46 joda Exp $");
+#endif
+
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#if 0 /* Where were those needed? /confused */
+#ifdef HAVE_SYS_PROC_H
+#include <sys/proc.h>
+#endif
+
+#ifdef HAVE_SYS_TTY_H
+#include <sys/tty.h>
+#endif
+#endif
+
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#endif
+
+#include <roken.h>
+
+int
+get_window_size(int fd, struct winsize *wp)
+{
+    int ret = -1;
+    
+    memset(wp, 0, sizeof(*wp));
+
+#if defined(TIOCGWINSZ)
+    ret = ioctl(fd, TIOCGWINSZ, wp);
+#elif defined(TIOCGSIZE)
+    {
+	struct ttysize ts;
+	
+	ret = ioctl(fd, TIOCGSIZE, &ts);
+	if(ret == 0) {
+	    wp->ws_row = ts.ts_lines;
+	    wp->ws_col = ts.ts_cols;
+	}
+    }
+#elif defined(HAVE__SCRSIZE)
+    {
+	int dst[2];
+	
+	_scrsize(dst);
+	wp->ws_row = dst[1];
+	wp->ws_col = dst[0];
+	ret = 0;
+    }
+#endif
+    if (ret != 0) {
+        char *s;
+        if((s = getenv("COLUMNS")))
+	    wp->ws_col = atoi(s);
+	if((s = getenv("LINES")))
+	    wp->ws_row = atoi(s);
+	if(wp->ws_col > 0 && wp->ws_row > 0)
+	    ret = 0;
+    }
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/getarg.3 b/crypto/kerberosIV/lib/roken/getarg.3
new file mode 100644
index 0000000..78a8802
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getarg.3
@@ -0,0 +1,317 @@
+.\" Copyright (c) 1999 Kungliga Tekniska H�gskolan
+.\" $Id: getarg.3,v 1.2 1999/10/18 17:14:31 joda Exp $
+.Dd September 24, 1999
+.Dt GETARG 3
+.Os ROKEN
+.Sh NAME
+.Nm getarg , 
+.Nm arg_printusage
+.Nd collect command line options
+.Sh SYNOPSIS
+.Fd #include <getarg.h>
+
+.Ft int
+.Fn getarg "struct getargs *args" "size_t num_args" "int argc" "char **argv" "int *optind"
+
+.Ft void
+.Fn arg_printusage "struct getargs *args" "size_t num_args" "const char *progname" "const char *extra_string"
+
+.Sh DESCRIPTION
+.Fn getarg
+collects any command line options given to a program in an easily used way. 
+.Fn arg_printusage 
+pretty-prints the available options, with a short help text.
+.Pp
+.Fa args
+is the option specification to use, and it's an array of 
+.Fa struct getargs
+elements.
+.Fa num_args
+is the size of
+.Fa args
+(in elements).
+.Fa argc
+and
+.Fa argv
+are the argument count and argument vector to extract option from.
+.Fa optind
+is a pointer to an integer where the index to the last processed
+argument is stored, it must be initialised to the first index (minus
+one) to process (normally 0) before the first call.
+.Pp
+.Fa arg_printusage
+take the same
+.Fa args
+and
+.Fa num_args
+as getarg;
+.Fa progname is the name of the program (to be used in the help text), and 
+.Fa extra_string
+is a string to print after the actual options to indicate more
+arguments. The usefulness of this function is realised only be people
+who has used programs that has help strings that doesn't match what
+the code does.
+.Pp
+The
+.Fa getargs
+struct has the following elements.
+
+.Bd -literal
+struct getargs{
+    const char *long_name;
+    char short_name;
+    enum { arg_integer, 
+	   arg_string, 
+	   arg_flag, 
+	   arg_negative_flag, 
+	   arg_strings,
+	   arg_double,
+           arg_collect
+    } type;
+    void *value;
+    const char *help;
+    const char *arg_help;
+};
+.Ed
+.Pp
+.Fa long_name
+is the long name of the option, it can be 
+.Dv NULL ,
+if you don't want a long name.
+.Fa short_name 
+is the characted to use as short option, it can be zero. If the option
+has a value the
+.Fa value
+field gets filled in with that value interpreted as specified by the 
+.Fa type
+field.
+.Fa help
+is a longer help string for the option as a whole, if it's
+.Dv NULL
+the help text for the option is omitted (but it's still displayed in
+the synopsis).
+.Fa arg_help
+is a description of the argument, if
+.Dv NULL
+a default value will be used, depending on the type of the option:
+.Pp
+.Bl -hang -width arg_negative_flag
+.It arg_integer
+the argument is a signed integer, and
+.Fa value
+should point to an
+.Fa int .
+.It Fa arg_string
+the argument is a string, and
+.Fa value
+should point to a
+.Fa char* .
+.It Fa arg_flag
+the argument is a flag, and
+.Fa value
+should point to a
+.Fa int . 
+It gets filled in with either zero or one, depending on how the option
+is given, the normal case beeing one. Note that if the option isn't
+given, the value isn't altered, so it should be initialised to some
+useful default.
+.It Fa arg_negative_flag
+this is the same as 
+.Fa arg_flag
+but it reverses the meaning of the flag (a given short option clears
+the flag), and the synopsis of a long option is negated.
+.It Fa arg_strings
+the argument can be given multiple times, and the values are collected
+in an array;
+.Fa value
+should be a pointer to a 
+.Fa struct getarg_strings
+structure, which holds a length and a string pointer.
+.It Fa arg_double
+argument is a double precision floating point value, and
+.Fa value
+should point to a
+.Fa double .
+.It Fa arg_collect
+allows more fine-grained control of the option parsing process.
+.Fa value
+should be a pointer to a 
+.Fa getarg_collect_info
+structure:
+.Bd -literal
+typedef int (*getarg_collect_func)(int short_opt,
+				   int argc,
+				   char **argv,
+				   int *optind,
+				   int *optarg,
+				   void *data);
+
+typedef struct getarg_collect_info {
+    getarg_collect_func func;
+    void *data;
+} getarg_collect_info;
+.Ed
+.Pp
+With the
+.Fa func
+member set to a function to call, and 
+.Fa data
+to some application specific data. The parameters to the collect function are:
+.Bl -inset
+.It Fa short_flag
+non-zero if this call is via a short option flag, zero otherwise
+.It Fa argc , argv
+the whole argument list
+.It Fa optind
+pointer to the index in argv where the flag is
+.It Fa optarg
+pointer to the index in argv[*optind] where the flag name starts
+.It Fa data
+application specific data
+.El
+.Pp
+You can modify
+.Fa *optind ,
+and 
+.Fa *optarg ,
+but to do this correct you (more or less) have to know about the inner
+workings of getarg.
+ 
+You can skip parts of arguments by increasing
+.Fa *optarg
+(you could
+implement the 
+.Fl z Ns Ar 3
+set of flags from
+.Nm gzip
+with this), or whole argument strings by increasing
+.Fa *optind
+(let's say you want a flag 
+.Fl c Ar x y z
+to specify a coordinate); if you also have to set
+.Fa *optarg
+to a sane value.
+.Pp
+The collect function should return one of 
+.Dv ARG_ERR_NO_MATCH , ARG_ERR_BAD_ARG , ARG_ERR_NO_ARG
+on error, zero otherwise.
+.Pp
+For your convenience there is a function,
+.Fn getarg_optarg ,
+that returns the traditional argument string, and you pass it all
+arguments, sans data, that where given to the collection function.
+.Pp
+Don't use this more this unless you absolutely have to.
+.El
+.Pp
+Option parsing is similar to what 
+.Xr getopt
+uses. Short options without arguments can be compressed
+.Pf ( Fl xyz
+is the same as
+.Fl x y z ) ,
+and short
+options with arguments take these as either the rest of the
+argv-string or as the next option
+.Pf ( Fl o Ns Ar foo ,
+or
+.Fl o Ar foo ) .
+.Pp
+Long option names are prefixed with -- (double dash), and the value
+with a = (equal),
+.Fl -foo= Ns Ar bar .
+Long option flags can either be specified as they are 
+.Pf ( Fl -help ) ,
+or with an (boolean parsable) option
+.Pf ( Fl -help= Ns Ar yes ,
+.Fl -help= Ns Ar true ,
+or similar), or they can also be negated 
+.Pf ( Fl -no-help
+is the same as 
+.Fl -help= Ns no ) ,
+and if you're really confused you can do it multiple times
+.Pf ( Fl -no-no-help= Ns Ar false ,
+or even 
+.Fl -no-no-help= Ns Ar maybe ) .
+
+.Pp
+.Sh EXAMPLE
+.Bd -literal
+#include <stdio.h>
+#include <string.h>
+#include <getarg.h>
+
+char *source = "Ouagadougou";
+char *destination;
+int weight;
+int include_catalog = 1;
+int help_flag;
+
+struct getargs args[] = {
+    { "source",      's', arg_string,  &source, 
+      "source of shippment", "city" },
+    { "destination", 'd', arg_string,  &destination, 
+      "destination of shippment", "city" },
+    { "weight",      'w', arg_integer, &weight, 
+      "weight of shippment", "tons" },
+    { "catalog",     'c', arg_negative_flag, &include_catalog, 
+      "include product catalog" },
+    { "help",        'h', arg_flag, &help_flag }
+};
+
+int num_args = sizeof(args) / sizeof(args[0]); /* number of elements in args */
+
+const char *progname = "ship++";
+
+int
+main(int argc, char **argv)
+{
+    int optind = 0;
+    if (getarg(args, num_args, argc, argv, &optind)) {
+	arg_printusage(args, num_args, progname, "stuff...");
+	exit (1);
+    }
+    if (help_flag) {
+	arg_printusage(args, num_args, progname, "stuff...");
+	exit (0);
+    }
+    if (destination == NULL) {
+	fprintf(stderr, "%s: must specify destination\n", progname);
+	exit(1);
+    }
+    if (strcmp(source, destination) == 0) {
+	fprintf(stderr, "%s: destination must be different from source\n");
+	exit(1);
+    }
+    /* include more stuff here ... */
+    exit(2);
+}
+.Ed
+.Pp
+The output help output from this program looks like this:
+.Bd -literal
+$ ship++ --help                                            
+Usage: ship++ [--source=city] [-s city] [--destination=city] [-d city]
+   [--weight=tons] [-w tons] [--no-catalog] [-c] [--help] [-h] stuff...
+-s city, --source=city      source of shippment
+-d city, --destination=city destination of shippment
+-w tons, --weight=tons      weight of shippment
+-c, --no-catalog            include product catalog
+.Ed
+
+.Sh BUGS
+It should be more flexible, so it would be possible to use other more
+complicated option syntaxes, such as what
+.Xr ps 1 ,
+and 
+.Xr tar 1 ,
+uses, or the AFS model where you can skip the flag names as long as
+the options come in the correct order.
+.Pp
+Options with multiple arguments should be handled better.
+.Pp
+Should be integreated with SL.
+.Pp
+It's very confusing that the struct you pass in is called getargS.
+.Sh SEE ALSO
+.Xr getopt 3
diff --git a/crypto/kerberosIV/lib/roken/getarg.c b/crypto/kerberosIV/lib/roken/getarg.c
new file mode 100644
index 0000000..505e418
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getarg.c
@@ -0,0 +1,547 @@
+/*
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getarg.c,v 1.32 1999/12/02 16:58:46 joda Exp $");
+#endif
+
+#include <stdio.h>
+#include <roken.h>
+#include "getarg.h"
+
+#define ISFLAG(X) ((X).type == arg_flag || (X).type == arg_negative_flag)
+
+static size_t
+print_arg (char *string, size_t len, int mdoc, int longp, struct getargs *arg)
+{
+    const char *s;
+
+    *string = '\0';
+
+    if (ISFLAG(*arg) || (!longp && arg->type == arg_counter))
+	return 0;
+
+    if(mdoc){
+	if(longp)
+	    strlcat(string, "= Ns", len);
+	strlcat(string, " Ar ", len);
+    }else
+	if (longp)
+	    strlcat (string, "=", len);
+	else
+	    strlcat (string, " ", len);
+
+    if (arg->arg_help)
+	s = arg->arg_help;
+    else if (arg->type == arg_integer || arg->type == arg_counter)
+	s = "integer";
+    else if (arg->type == arg_string)
+	s = "string";
+    else if (arg->type == arg_double)
+	s = "float";
+    else
+	s = "<undefined>";
+
+    strlcat(string, s, len);
+    return 1 + strlen(s);
+}
+
+static void
+mandoc_template(struct getargs *args,
+		size_t num_args,
+		const char *progname,
+		const char *extra_string)
+{
+    int i;
+    char timestr[64], cmd[64];
+    char buf[128];
+    const char *p;
+    time_t t;
+
+    printf(".\\\" Things to fix:\n");
+    printf(".\\\"   * correct section, and operating system\n");
+    printf(".\\\"   * remove Op from mandatory flags\n");
+    printf(".\\\"   * use better macros for arguments (like .Pa for files)\n");
+    printf(".\\\"\n");
+    t = time(NULL);
+    strftime(timestr, sizeof(timestr), "%B %e, %Y", localtime(&t));
+    printf(".Dd %s\n", timestr);
+    p = strrchr(progname, '/');
+    if(p) p++; else p = progname;
+    strlcpy(cmd, p, sizeof(cmd));
+    strupr(cmd);
+       
+    printf(".Dt %s SECTION\n", cmd);
+    printf(".Os OPERATING_SYSTEM\n");
+    printf(".Sh NAME\n");
+    printf(".Nm %s\n", p);
+    printf(".Nd\n");
+    printf("in search of a description\n");
+    printf(".Sh SYNOPSIS\n");
+    printf(".Nm\n");
+    for(i = 0; i < num_args; i++){
+	/* we seem to hit a limit on number of arguments if doing
+           short and long flags with arguments -- split on two lines */
+	if(ISFLAG(args[i]) || 
+	   args[i].short_name == 0 || args[i].long_name == NULL) {
+	    printf(".Op ");
+
+	    if(args[i].short_name) {
+		print_arg(buf, sizeof(buf), 1, 0, args + i);
+		printf("Fl %c%s", args[i].short_name, buf);
+		if(args[i].long_name)
+		    printf(" | ");
+	    }
+	    if(args[i].long_name) {
+		print_arg(buf, sizeof(buf), 1, 1, args + i);
+		printf("Fl -%s%s", args[i].long_name, buf);
+	    }
+	    printf("\n");
+	} else {
+	    print_arg(buf, sizeof(buf), 1, 0, args + i);
+	    printf(".Oo Fl %c%s \\*(Ba Xo\n", args[i].short_name, buf);
+	    print_arg(buf, sizeof(buf), 1, 1, args + i);
+	    printf(".Fl -%s%s Oc\n.Xc\n", args[i].long_name, buf);
+	}
+    /*
+	    if(args[i].type == arg_strings)
+		fprintf (stderr, "...");
+		*/
+    }
+    if (extra_string && *extra_string)
+	printf (".Ar %s\n", extra_string);
+    printf(".Sh DESCRIPTION\n");
+    printf("Supported options:\n");
+    printf(".Bl -tag -width Ds\n");
+    for(i = 0; i < num_args; i++){
+	printf(".It Xo\n");
+	if(args[i].short_name){
+	    printf(".Fl %c", args[i].short_name);
+	    print_arg(buf, sizeof(buf), 1, 0, args + i);
+	    printf("%s", buf);
+	    if(args[i].long_name)
+		printf(" Ns ,");
+	    printf("\n");
+	}
+	if(args[i].long_name){
+	    printf(".Fl -%s", args[i].long_name);
+	    print_arg(buf, sizeof(buf), 1, 1, args + i);
+	    printf("%s\n", buf);
+	}
+	printf(".Xc\n");
+	if(args[i].help)
+	    printf("%s\n", args[i].help);
+    /*
+	    if(args[i].type == arg_strings)
+		fprintf (stderr, "...");
+		*/
+    }
+    printf(".El\n");
+    printf(".\\\".Sh ENVIRONMENT\n");
+    printf(".\\\".Sh FILES\n");
+    printf(".\\\".Sh EXAMPLES\n");
+    printf(".\\\".Sh DIAGNOSTICS\n");
+    printf(".\\\".Sh SEE ALSO\n");
+    printf(".\\\".Sh STANDARDS\n");
+    printf(".\\\".Sh HISTORY\n");
+    printf(".\\\".Sh AUTHORS\n");
+    printf(".\\\".Sh BUGS\n");
+}
+
+static int
+check_column(FILE *f, int col, int len, int columns)
+{
+    if(col + len > columns) {
+	fprintf(f, "\n");
+	col = fprintf(f, "  ");
+    }
+    return col;
+}
+
+void
+arg_printusage (struct getargs *args,
+		size_t num_args,
+		const char *progname,
+		const char *extra_string)
+{
+    int i;
+    size_t max_len = 0;
+    char buf[128];
+    int col = 0, columns;
+    struct winsize ws;
+
+    if (progname == NULL)
+	progname = __progname;
+
+    if(getenv("GETARGMANDOC")){
+	mandoc_template(args, num_args, progname, extra_string);
+	return;
+    }
+    if(get_window_size(2, &ws) == 0)
+	columns = ws.ws_col;
+    else
+	columns = 80;
+    col = 0;
+    col += fprintf (stderr, "Usage: %s", progname);
+    for (i = 0; i < num_args; ++i) {
+	size_t len = 0;
+
+	if (args[i].long_name) {
+	    buf[0] = '\0';
+	    strlcat(buf, "[--", sizeof(buf));
+	    len += 2;
+	    if(args[i].type == arg_negative_flag) {
+		strlcat(buf, "no-", sizeof(buf));
+		len += 3;
+	    }
+	    strlcat(buf, args[i].long_name, sizeof(buf));
+	    len += strlen(args[i].long_name);
+	    len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), 
+			     0, 1, &args[i]);
+	    strlcat(buf, "]", sizeof(buf));
+	    if(args[i].type == arg_strings)
+		strlcat(buf, "...", sizeof(buf));
+	    col = check_column(stderr, col, strlen(buf) + 1, columns);
+	    col += fprintf(stderr, " %s", buf);
+	}
+	if (args[i].short_name) {
+	    snprintf(buf, sizeof(buf), "[-%c", args[i].short_name);
+	    len += 2;
+	    len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), 
+			     0, 0, &args[i]);
+	    strlcat(buf, "]", sizeof(buf));
+	    if(args[i].type == arg_strings)
+		strlcat(buf, "...", sizeof(buf));
+	    col = check_column(stderr, col, strlen(buf) + 1, columns);
+	    col += fprintf(stderr, " %s", buf);
+	}
+	if (args[i].long_name && args[i].short_name)
+	    len += 2; /* ", " */
+	max_len = max(max_len, len);
+    }
+    if (extra_string) {
+	col = check_column(stderr, col, strlen(extra_string) + 1, columns);
+	fprintf (stderr, " %s\n", extra_string);
+    } else
+	fprintf (stderr, "\n");
+    for (i = 0; i < num_args; ++i) {
+	if (args[i].help) {
+	    size_t count = 0;
+
+	    if (args[i].short_name) {
+		count += fprintf (stderr, "-%c", args[i].short_name);
+		print_arg (buf, sizeof(buf), 0, 0, &args[i]);
+		count += fprintf(stderr, "%s", buf);
+	    }
+	    if (args[i].short_name && args[i].long_name)
+		count += fprintf (stderr, ", ");
+	    if (args[i].long_name) {
+		count += fprintf (stderr, "--");
+		if (args[i].type == arg_negative_flag)
+		    count += fprintf (stderr, "no-");
+		count += fprintf (stderr, "%s", args[i].long_name);
+		print_arg (buf, sizeof(buf), 0, 1, &args[i]);
+		count += fprintf(stderr, "%s", buf);
+	    }
+	    while(count++ <= max_len)
+		putc (' ', stderr);
+	    fprintf (stderr, "%s\n", args[i].help);
+	}
+    }
+}
+
+static void
+add_string(getarg_strings *s, char *value)
+{
+    s->strings = realloc(s->strings, (s->num_strings + 1) * sizeof(*s->strings));
+    s->strings[s->num_strings] = value;
+    s->num_strings++;
+}
+
+static int
+arg_match_long(struct getargs *args, size_t num_args,
+	       char *argv, int argc, char **rargv, int *optind)
+{
+    int i;
+    char *optarg = NULL;
+    int negate = 0;
+    int partial_match = 0;
+    struct getargs *partial = NULL;
+    struct getargs *current = NULL;
+    int argv_len;
+    char *p;
+
+    argv_len = strlen(argv);
+    p = strchr (argv, '=');
+    if (p != NULL)
+	argv_len = p - argv;
+
+    for (i = 0; i < num_args; ++i) {
+	if(args[i].long_name) {
+	    int len = strlen(args[i].long_name);
+	    char *p = argv;
+	    int p_len = argv_len;
+	    negate = 0;
+
+	    for (;;) {
+		if (strncmp (args[i].long_name, p, p_len) == 0) {
+		    if(p_len == len)
+			current = &args[i];
+		    else {
+			++partial_match;
+			partial = &args[i];
+		    }
+		    optarg  = p + p_len;
+		} else if (ISFLAG(args[i]) && strncmp (p, "no-", 3) == 0) {
+		    negate = !negate;
+		    p += 3;
+		    p_len -= 3;
+		    continue;
+		}
+		break;
+	    }
+	    if (current)
+		break;
+	}
+    }
+    if (current == NULL) {
+	if (partial_match == 1)
+	    current = partial;
+	else
+	    return ARG_ERR_NO_MATCH;
+    }
+    
+    if(*optarg == '\0'
+       && !ISFLAG(*current)
+       && current->type != arg_collect
+       && current->type != arg_counter)
+	return ARG_ERR_NO_MATCH;
+    switch(current->type){
+    case arg_integer:
+    {
+	int tmp;
+	if(sscanf(optarg + 1, "%d", &tmp) != 1)
+	    return ARG_ERR_BAD_ARG;
+	*(int*)current->value = tmp;
+	return 0;
+    }
+    case arg_string:
+    {
+	*(char**)current->value = optarg + 1;
+	return 0;
+    }
+    case arg_strings:
+    {
+	add_string((getarg_strings*)current->value, optarg + 1);
+	return 0;
+    }
+    case arg_flag:
+    case arg_negative_flag:
+    {
+	int *flag = current->value;
+	if(*optarg == '\0' ||
+	   strcmp(optarg + 1, "yes") == 0 || 
+	   strcmp(optarg + 1, "true") == 0){
+	    *flag = !negate;
+	    return 0;
+	} else if (*optarg && strcmp(optarg + 1, "maybe") == 0) {
+	    *flag = rand() & 1;
+	} else {
+	    *flag = negate;
+	    return 0;
+	}
+	return ARG_ERR_BAD_ARG;
+    }
+    case arg_counter :
+    {
+	int val;
+
+	if (*optarg == '\0')
+	    val = 1;
+	else {
+	    char *endstr;
+
+	    val = strtol (optarg, &endstr, 0);
+	    if (endstr == optarg)
+		return ARG_ERR_BAD_ARG;
+	}
+	*(int *)current->value += val;
+	return 0;
+    }
+    case arg_double:
+    {
+	double tmp;
+	if(sscanf(optarg + 1, "%lf", &tmp) != 1)
+	    return ARG_ERR_BAD_ARG;
+	*(double*)current->value = tmp;
+	return 0;
+    }
+    case arg_collect:{
+	struct getarg_collect_info *c = current->value;
+	int o = argv - rargv[*optind];
+	return (*c->func)(FALSE, argc, rargv, optind, &o, c->data);
+    }
+
+    default:
+	abort ();
+    }
+}
+
+static int
+arg_match_short (struct getargs *args, size_t num_args,
+		 char *argv, int argc, char **rargv, int *optind)
+{
+    int j, k;
+
+    for(j = 1; j > 0 && j < strlen(rargv[*optind]); j++) {
+	for(k = 0; k < num_args; k++) {
+	    char *optarg;
+
+	    if(args[k].short_name == 0)
+		continue;
+	    if(argv[j] == args[k].short_name) {
+		if(args[k].type == arg_flag) {
+		    *(int*)args[k].value = 1;
+		    break;
+		}
+		if(args[k].type == arg_negative_flag) {
+		    *(int*)args[k].value = 0;
+		    break;
+		} 
+		if(args[k].type == arg_counter) {
+		    ++*(int *)args[k].value;
+		    break;
+		}
+		if(args[k].type == arg_collect) {
+		    struct getarg_collect_info *c = args[k].value;
+
+		    if((*c->func)(TRUE, argc, rargv, optind, &j, c->data))
+			return ARG_ERR_BAD_ARG;
+		    break;
+		}
+
+		if(argv[j + 1])
+		    optarg = &argv[j + 1];
+		else {
+		    ++*optind;
+		    optarg = rargv[*optind];
+		}
+		if(optarg == NULL)
+		    return ARG_ERR_NO_ARG;
+		if(args[k].type == arg_integer) {
+		    int tmp;
+		    if(sscanf(optarg, "%d", &tmp) != 1)
+			return ARG_ERR_BAD_ARG;
+		    *(int*)args[k].value = tmp;
+		    return 0;
+		} else if(args[k].type == arg_string) {
+		    *(char**)args[k].value = optarg;
+		    return 0;
+		} else if(args[k].type == arg_strings) {
+		    add_string((getarg_strings*)args[k].value, optarg);
+		    return 0;
+		} else if(args[k].type == arg_double) {
+		    double tmp;
+		    if(sscanf(optarg, "%lf", &tmp) != 1)
+			return ARG_ERR_BAD_ARG;
+		    *(double*)args[k].value = tmp;
+		    return 0;
+		}
+		return ARG_ERR_BAD_ARG;
+	    }
+	}
+	if (k == num_args)
+	    return ARG_ERR_NO_MATCH;
+    }
+    return 0;
+}
+
+int
+getarg(struct getargs *args, size_t num_args, 
+       int argc, char **argv, int *optind)
+{
+    int i;
+    int ret = 0;
+
+    srand (time(NULL));
+    (*optind)++;
+    for(i = *optind; i < argc; i++) {
+	if(argv[i][0] != '-')
+	    break;
+	if(argv[i][1] == '-'){
+	    if(argv[i][2] == 0){
+		i++;
+		break;
+	    }
+	    ret = arg_match_long (args, num_args, argv[i] + 2, 
+				  argc, argv, &i);
+	} else {
+	    ret = arg_match_short (args, num_args, argv[i],
+				   argc, argv, &i);
+	}
+	if(ret)
+	    break;
+    }
+    *optind = i;
+    return ret;
+}
+
+#if TEST
+int foo_flag = 2;
+int flag1 = 0;
+int flag2 = 0;
+int bar_int;
+char *baz_string;
+
+struct getargs args[] = {
+    { NULL, '1', arg_flag, &flag1, "one", NULL },
+    { NULL, '2', arg_flag, &flag2, "two", NULL },
+    { "foo", 'f', arg_negative_flag, &foo_flag, "foo", NULL },
+    { "bar", 'b', arg_integer, &bar_int, "bar", "seconds"},
+    { "baz", 'x', arg_string, &baz_string, "baz", "name" },
+};
+
+int main(int argc, char **argv)
+{
+    int optind = 0;
+    while(getarg(args, 5, argc, argv, &optind))
+	printf("Bad arg: %s\n", argv[optind]);
+    printf("flag1 = %d\n", flag1);  
+    printf("flag2 = %d\n", flag2);  
+    printf("foo_flag = %d\n", foo_flag);  
+    printf("bar_int = %d\n", bar_int);
+    printf("baz_flag = %s\n", baz_string);
+    arg_printusage (args, 5, argv[0], "nothing here");
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/getarg.h b/crypto/kerberosIV/lib/roken/getarg.h
new file mode 100644
index 0000000..7fd374b
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getarg.h
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 1997, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: getarg.h,v 1.10 1999/12/02 16:58:46 joda Exp $ */
+
+#ifndef __GETARG_H__
+#define __GETARG_H__
+
+#include <stddef.h>
+
+struct getargs{
+    const char *long_name;
+    char short_name;
+    enum { arg_integer, 
+	   arg_string, 
+	   arg_flag, 
+	   arg_negative_flag, 
+	   arg_strings,
+	   arg_double,
+	   arg_collect,
+	   arg_counter
+    } type;
+    void *value;
+    const char *help;
+    const char *arg_help;
+};
+
+enum {
+    ARG_ERR_NO_MATCH  = 1,
+    ARG_ERR_BAD_ARG,
+    ARG_ERR_NO_ARG
+};
+
+typedef struct getarg_strings {
+    int num_strings;
+    char **strings;
+} getarg_strings;
+
+typedef int (*getarg_collect_func)(int short_opt,
+				   int argc,
+				   char **argv,
+				   int *optind,
+				   int *optarg,
+				   void *data);
+
+typedef struct getarg_collect_info {
+    getarg_collect_func func;
+    void *data;
+} getarg_collect_info;
+
+int getarg(struct getargs *args, size_t num_args, 
+	   int argc, char **argv, int *optind);
+
+void arg_printusage (struct getargs *args,
+		     size_t num_args,
+		     const char *progname,
+		     const char *extra_string);
+
+#endif /* __GETARG_H__ */
diff --git a/crypto/kerberosIV/lib/roken/getcap.c b/crypto/kerberosIV/lib/roken/getcap.c
new file mode 100644
index 0000000..997fabf
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getcap.c
@@ -0,0 +1,1118 @@
+/*	$NetBSD: getcap.c,v 1.29 1999/03/29 09:27:29 abs Exp $	*/
+
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Casey Leedom of Lawrence Livermore National Laboratory.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+RCSID("$Id: getcap.c,v 1.7 1999/11/17 21:11:58 assar Exp $");
+
+#include <sys/types.h>
+#include <ctype.h>
+#if defined(HAVE_DB_185_H)
+#include <db_185.h>
+#elif defined(HAVE_DB_H)
+#include <db.h>
+#endif
+#include <errno.h>	
+#include <fcntl.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define	BFRAG		1024
+#if 0
+#define	BSIZE		1024
+#endif
+#define	ESC		('[' & 037)	/* ASCII ESC */
+#define	MAX_RECURSION	32		/* maximum getent recursion */
+#define	SFRAG		100		/* cgetstr mallocs in SFRAG chunks */
+
+#define RECOK	(char)0
+#define TCERR	(char)1
+#define	SHADOW	(char)2
+
+static size_t	 topreclen;	/* toprec length */
+static char	*toprec;	/* Additional record specified by cgetset() */
+static int	 gottoprec;	/* Flag indicating retrieval of toprecord */
+
+#if defined(HAVE_DBOPEN) && defined(HAVE_DB_H)
+#define USE_DB
+#endif
+
+#ifdef USE_DB
+static int	cdbget (DB *, char **, const char *);
+#endif
+static int 	getent (char **, size_t *, char **, int, const char *, int, char *);
+static int	nfcmp (char *, char *);
+
+
+int cgetset(const char *ent);
+char *cgetcap(char *buf, const char *cap, int type);
+int cgetent(char **buf, char **db_array, const char *name);
+int cgetmatch(const char *buf, const char *name);
+int cgetclose(void);
+#if 0
+int cgetfirst(char **buf, char **db_array);
+int cgetnext(char **bp, char **db_array);
+#endif
+int cgetstr(char *buf, const char *cap, char **str);
+int cgetustr(char *buf, const char *cap, char **str);
+int cgetnum(char *buf, const char *cap, long *num);
+/*
+ * Cgetset() allows the addition of a user specified buffer to be added
+ * to the database array, in effect "pushing" the buffer on top of the
+ * virtual database. 0 is returned on success, -1 on failure.
+ */
+int
+cgetset(const char *ent)
+{
+    const char *source, *check;
+    char *dest;
+
+    if (ent == NULL) {
+	if (toprec)
+	    free(toprec);
+	toprec = NULL;
+	topreclen = 0;
+	return (0);
+    }
+    topreclen = strlen(ent);
+    if ((toprec = malloc (topreclen + 1)) == NULL) {
+	errno = ENOMEM;
+	return (-1);
+    }
+    gottoprec = 0;
+
+    source=ent;
+    dest=toprec;
+    while (*source) { /* Strip whitespace */
+	*dest++ = *source++; /* Do not check first field */
+	while (*source == ':') {
+	    check=source+1;
+	    while (*check && (isspace((unsigned char)*check) ||
+			      (*check=='\\' && isspace((unsigned char)check[1]))))
+		++check;
+	    if( *check == ':' )
+		source=check;
+	    else
+		break;
+
+	}
+    }
+    *dest=0;
+
+    return (0);
+}
+
+/*
+ * Cgetcap searches the capability record buf for the capability cap with
+ * type `type'.  A pointer to the value of cap is returned on success, NULL
+ * if the requested capability couldn't be found.
+ *
+ * Specifying a type of ':' means that nothing should follow cap (:cap:).
+ * In this case a pointer to the terminating ':' or NUL will be returned if
+ * cap is found.
+ *
+ * If (cap, '@') or (cap, terminator, '@') is found before (cap, terminator)
+ * return NULL.
+ */
+char *
+cgetcap(char *buf, const char *cap, int type)
+{
+    char *bp;
+    const char *cp;
+
+    bp = buf;
+    for (;;) {
+	/*
+	 * Skip past the current capability field - it's either the
+	 * name field if this is the first time through the loop, or
+	 * the remainder of a field whose name failed to match cap.
+	 */
+	for (;;)
+	    if (*bp == '\0')
+		return (NULL);
+	    else
+		if (*bp++ == ':')
+		    break;
+
+	/*
+	 * Try to match (cap, type) in buf.
+	 */
+	for (cp = cap; *cp == *bp && *bp != '\0'; cp++, bp++)
+	    continue;
+	if (*cp != '\0')
+	    continue;
+	if (*bp == '@')
+	    return (NULL);
+	if (type == ':') {
+	    if (*bp != '\0' && *bp != ':')
+		continue;
+	    return(bp);
+	}
+	if (*bp != type)
+	    continue;
+	bp++;
+	return (*bp == '@' ? NULL : bp);
+    }
+    /* NOTREACHED */
+}
+
+/*
+ * Cgetent extracts the capability record name from the NULL terminated file
+ * array db_array and returns a pointer to a malloc'd copy of it in buf.
+ * Buf must be retained through all subsequent calls to cgetcap, cgetnum,
+ * cgetflag, and cgetstr, but may then be free'd.  0 is returned on success,
+ * -1 if the requested record couldn't be found, -2 if a system error was
+ * encountered (couldn't open/read a file, etc.), and -3 if a potential
+ * reference loop is detected.
+ */
+int
+cgetent(char **buf, char **db_array, const char *name)
+{
+    size_t dummy;
+
+    return (getent(buf, &dummy, db_array, -1, name, 0, NULL));
+}
+
+/*
+ * Getent implements the functions of cgetent.  If fd is non-negative,
+ * *db_array has already been opened and fd is the open file descriptor.  We
+ * do this to save time and avoid using up file descriptors for tc=
+ * recursions.
+ *
+ * Getent returns the same success/failure codes as cgetent.  On success, a
+ * pointer to a malloc'ed capability record with all tc= capabilities fully
+ * expanded and its length (not including trailing ASCII NUL) are left in
+ * *cap and *len.
+ *
+ * Basic algorithm:
+ *	+ Allocate memory incrementally as needed in chunks of size BFRAG
+ *	  for capability buffer.
+ *	+ Recurse for each tc=name and interpolate result.  Stop when all
+ *	  names interpolated, a name can't be found, or depth exceeds
+ *	  MAX_RECURSION.
+ */
+static int
+getent(char **cap, size_t *len, char **db_array, int fd, 
+       const char *name, int depth, char *nfield)
+{
+    char *r_end, *rp = NULL, **db_p;	/* pacify gcc */
+    int myfd = 0, eof, foundit;
+    char *record;
+    int tc_not_resolved;
+	
+    /*
+     * Return with ``loop detected'' error if we've recursed more than
+     * MAX_RECURSION times.
+     */
+    if (depth > MAX_RECURSION)
+	return (-3);
+
+    /*
+     * Check if we have a top record from cgetset().
+     */
+    if (depth == 0 && toprec != NULL && cgetmatch(toprec, name) == 0) {
+	if ((record = malloc (topreclen + BFRAG)) == NULL) {
+	    errno = ENOMEM;
+	    return (-2);
+	}
+	(void)strcpy(record, toprec);	/* XXX: strcpy is safe */
+	db_p = db_array;
+	rp = record + topreclen + 1;
+	r_end = rp + BFRAG;
+	goto tc_exp;
+    }
+    /*
+     * Allocate first chunk of memory.
+     */
+    if ((record = malloc(BFRAG)) == NULL) {
+	errno = ENOMEM;
+	return (-2);
+    }
+    r_end = record + BFRAG;
+    foundit = 0;
+    /*
+     * Loop through database array until finding the record.
+     */
+
+    for (db_p = db_array; *db_p != NULL; db_p++) {
+	eof = 0;
+
+	/*
+	 * Open database if not already open.
+	 */
+
+	if (fd >= 0) {
+	    (void)lseek(fd, (off_t)0, SEEK_SET);
+	} else {
+#ifdef USE_DB
+	    char pbuf[_POSIX_PATH_MAX];
+	    char *cbuf;
+	    size_t clen;
+	    int retval;
+	    DB *capdbp;
+
+	    (void)snprintf(pbuf, sizeof(pbuf), "%s.db", *db_p);
+	    if ((capdbp = dbopen(pbuf, O_RDONLY, 0, DB_HASH, 0))
+		!= NULL) {
+		free(record);
+		retval = cdbget(capdbp, &record, name);
+		if (retval < 0) {
+		    /* no record available */
+		    (void)capdbp->close(capdbp);
+		    return (retval);
+		}
+				/* save the data; close frees it */
+		clen = strlen(record);
+		cbuf = malloc(clen + 1);
+		memmove(cbuf, record, clen + 1);
+		if (capdbp->close(capdbp) < 0) {
+		    free(cbuf);
+		    return (-2);
+		}
+		*len = clen;
+		*cap = cbuf;
+		return (retval);
+	    } else
+#endif
+	    {
+		fd = open(*db_p, O_RDONLY, 0);
+		if (fd < 0) {
+		    /* No error on unfound file. */
+		    continue;
+		}
+		myfd = 1;
+	    }
+	}
+	/*
+	 * Find the requested capability record ...
+	 */
+	{
+	    char buf[BUFSIZ];
+	    char *b_end, *bp, *cp;
+	    int c, slash;
+
+	    /*
+	     * Loop invariants:
+	     *	There is always room for one more character in record.
+	     *	R_end always points just past end of record.
+	     *	Rp always points just past last character in record.
+	     *	B_end always points just past last character in buf.
+	     *	Bp always points at next character in buf.
+	     *	Cp remembers where the last colon was.
+	     */
+	    b_end = buf;
+	    bp = buf;
+	    cp = 0;
+	    slash = 0;
+	    for (;;) {
+
+		/*
+		 * Read in a line implementing (\, newline)
+		 * line continuation.
+		 */
+		rp = record;
+		for (;;) {
+		    if (bp >= b_end) {
+			int n;
+		
+			n = read(fd, buf, sizeof(buf));
+			if (n <= 0) {
+			    if (myfd)
+				(void)close(fd);
+			    if (n < 0) {
+				free(record);
+				return (-2);
+			    } else {
+				fd = -1;
+				eof = 1;
+				break;
+			    }
+			}
+			b_end = buf+n;
+			bp = buf;
+		    }
+	
+		    c = *bp++;
+		    if (c == '\n') {
+			if (slash) {
+			    slash = 0;
+			    rp--;
+			    continue;
+			} else
+			    break;
+		    }
+		    if (slash) {
+			slash = 0;
+			cp = 0;
+		    }
+		    if (c == ':') {
+			/*
+			 * If the field was `empty' (i.e.
+			 * contained only white space), back up
+			 * to the colon (eliminating the
+			 * field).
+			 */
+			if (cp)
+			    rp = cp;
+			else
+			    cp = rp;
+		    } else if (c == '\\') {
+			slash = 1;
+		    } else if (c != ' ' && c != '\t') {
+			/*
+			 * Forget where the colon was, as this
+			 * is not an empty field.
+			 */
+			cp = 0;
+		    }
+		    *rp++ = c;
+
+				/*
+				 * Enforce loop invariant: if no room 
+				 * left in record buffer, try to get
+				 * some more.
+				 */
+		    if (rp >= r_end) {
+			u_int pos;
+			size_t newsize;
+
+			pos = rp - record;
+			newsize = r_end - record + BFRAG;
+			record = realloc(record, newsize);
+			if (record == NULL) {
+			    errno = ENOMEM;
+			    if (myfd)
+				(void)close(fd);
+			    return (-2);
+			}
+			r_end = record + newsize;
+			rp = record + pos;
+		    }
+		}
+		/* Eliminate any white space after the last colon. */
+		if (cp)
+		    rp = cp + 1;
+		/* Loop invariant lets us do this. */
+		*rp++ = '\0';
+
+		/*
+		 * If encountered eof check next file.
+		 */
+		if (eof)
+		    break;
+				
+		/*
+		 * Toss blank lines and comments.
+		 */
+		if (*record == '\0' || *record == '#')
+		    continue;
+	
+		/*
+		 * See if this is the record we want ...
+		 */
+		if (cgetmatch(record, name) == 0) {
+		    if (nfield == NULL || !nfcmp(nfield, record)) {
+			foundit = 1;
+			break;	/* found it! */
+		    }
+		}
+	    }
+	}
+	if (foundit)
+	    break;
+    }
+
+    if (!foundit)
+	return (-1);
+
+    /*
+     * Got the capability record, but now we have to expand all tc=name
+     * references in it ...
+     */
+ tc_exp:	{
+	char *newicap, *s;
+	size_t ilen, newilen;
+	int diff, iret, tclen;
+	char *icap, *scan, *tc, *tcstart, *tcend;
+
+	/*
+	 * Loop invariants:
+	 *	There is room for one more character in record.
+	 *	R_end points just past end of record.
+	 *	Rp points just past last character in record.
+	 *	Scan points at remainder of record that needs to be
+	 *	scanned for tc=name constructs.
+	 */
+	scan = record;
+	tc_not_resolved = 0;
+	for (;;) {
+	    if ((tc = cgetcap(scan, "tc", '=')) == NULL)
+		break;
+
+	    /*
+	     * Find end of tc=name and stomp on the trailing `:'
+	     * (if present) so we can use it to call ourselves.
+	     */
+	    s = tc;
+	    for (;;)
+		if (*s == '\0')
+		    break;
+		else
+		    if (*s++ == ':') {
+			*(s - 1) = '\0';
+			break;
+		    }
+	    tcstart = tc - 3;
+	    tclen = s - tcstart;
+	    tcend = s;
+
+	    iret = getent(&icap, &ilen, db_p, fd, tc, depth+1, 
+			  NULL);
+	    newicap = icap;		/* Put into a register. */
+	    newilen = ilen;
+	    if (iret != 0) {
+				/* an error */
+		if (iret < -1) {
+		    if (myfd)
+			(void)close(fd);
+		    free(record);
+		    return (iret);
+		}
+		if (iret == 1)
+		    tc_not_resolved = 1;
+				/* couldn't resolve tc */
+		if (iret == -1) {
+		    *(s - 1) = ':';			
+		    scan = s - 1;
+		    tc_not_resolved = 1;
+		    continue;
+					
+		}
+	    }
+	    /* not interested in name field of tc'ed record */
+	    s = newicap;
+	    for (;;)
+		if (*s == '\0')
+		    break;
+		else
+		    if (*s++ == ':')
+			break;
+	    newilen -= s - newicap;
+	    newicap = s;
+
+	    /* make sure interpolated record is `:'-terminated */
+	    s += newilen;
+	    if (*(s-1) != ':') {
+		*s = ':';	/* overwrite NUL with : */
+		newilen++;
+	    }
+
+	    /*
+	     * Make sure there's enough room to insert the
+	     * new record.
+	     */
+	    diff = newilen - tclen;
+	    if (diff >= r_end - rp) {
+		u_int pos, tcpos, tcposend;
+		size_t newsize;
+
+		pos = rp - record;
+		newsize = r_end - record + diff + BFRAG;
+		tcpos = tcstart - record;
+		tcposend = tcend - record;
+		record = realloc(record, newsize);
+		if (record == NULL) {
+		    errno = ENOMEM;
+		    if (myfd)
+			(void)close(fd);
+		    free(icap);
+		    return (-2);
+		}
+		r_end = record + newsize;
+		rp = record + pos;
+		tcstart = record + tcpos;
+		tcend = record + tcposend;
+	    }
+
+	    /*
+	     * Insert tc'ed record into our record.
+	     */
+	    s = tcstart + newilen;
+	    memmove(s, tcend,  (size_t)(rp - tcend));
+	    memmove(tcstart, newicap, newilen);
+	    rp += diff;
+	    free(icap);
+
+	    /*
+	     * Start scan on `:' so next cgetcap works properly
+	     * (cgetcap always skips first field).
+	     */
+	    scan = s-1;
+	}
+	
+    }
+    /*
+     * Close file (if we opened it), give back any extra memory, and
+     * return capability, length and success.
+     */
+    if (myfd)
+	(void)close(fd);
+    *len = rp - record - 1;	/* don't count NUL */
+    if (r_end > rp)
+	if ((record = 
+	     realloc(record, (size_t)(rp - record))) == NULL) {
+	    errno = ENOMEM;
+	    return (-2);
+	}
+		
+    *cap = record;
+    if (tc_not_resolved)
+	return (1);
+    return (0);
+}	
+
+#ifdef USE_DB
+static int
+cdbget(DB *capdbp, char **bp, const char *name)
+{
+	DBT key;
+	DBT data;
+
+	/* LINTED key is not modified */
+	key.data = (char *)name;
+	key.size = strlen(name);
+
+	for (;;) {
+		/* Get the reference. */
+		switch(capdbp->get(capdbp, &key, &data, 0)) {
+		case -1:
+			return (-2);
+		case 1:
+			return (-1);
+		}
+
+		/* If not an index to another record, leave. */
+		if (((char *)data.data)[0] != SHADOW)
+			break;
+
+		key.data = (char *)data.data + 1;
+		key.size = data.size - 1;
+	}
+	
+	*bp = (char *)data.data + 1;
+	return (((char *)(data.data))[0] == TCERR ? 1 : 0);
+}
+#endif /* USE_DB */
+
+/*
+ * Cgetmatch will return 0 if name is one of the names of the capability
+ * record buf, -1 if not.
+ */
+int
+cgetmatch(const char *buf, const char *name)
+{
+    const char *np, *bp;
+
+    /*
+     * Start search at beginning of record.
+     */
+    bp = buf;
+    for (;;) {
+	/*
+	 * Try to match a record name.
+	 */
+	np = name;
+	for (;;)
+	    if (*np == '\0') {
+		if (*bp == '|' || *bp == ':' || *bp == '\0')
+		    return (0);
+		else
+		    break;
+	    } else
+		if (*bp++ != *np++)
+		    break;
+
+	/*
+	 * Match failed, skip to next name in record.
+	 */
+	bp--;	/* a '|' or ':' may have stopped the match */
+	for (;;)
+	    if (*bp == '\0' || *bp == ':')
+		return (-1);	/* match failed totally */
+	    else
+		if (*bp++ == '|')
+		    break;	/* found next name */
+    }
+}
+
+#if 0
+int
+cgetfirst(char **buf, char **db_array)
+{
+    (void)cgetclose();
+    return (cgetnext(buf, db_array));
+}
+#endif
+
+static FILE *pfp;
+static int slash;
+static char **dbp;
+
+int
+cgetclose(void)
+{
+    if (pfp != NULL) {
+	(void)fclose(pfp);
+	pfp = NULL;
+    }
+    dbp = NULL;
+    gottoprec = 0;
+    slash = 0;
+    return(0);
+}
+
+#if 0
+/*
+ * Cgetnext() gets either the first or next entry in the logical database 
+ * specified by db_array.  It returns 0 upon completion of the database, 1
+ * upon returning an entry with more remaining, and -1 if an error occurs.
+ */
+int
+cgetnext(char **bp, char **db_array)
+{
+    size_t len;
+    int status, done;
+    char *cp, *line, *rp, *np, buf[BSIZE], nbuf[BSIZE];
+    size_t dummy;
+
+    if (dbp == NULL)
+	dbp = db_array;
+
+    if (pfp == NULL && (pfp = fopen(*dbp, "r")) == NULL) {
+	(void)cgetclose();
+	return (-1);
+    }
+    for(;;) {
+	if (toprec && !gottoprec) {
+	    gottoprec = 1;
+	    line = toprec;
+	} else {
+	    line = fgetln(pfp, &len);
+	    if (line == NULL && pfp) {
+		if (ferror(pfp)) {
+		    (void)cgetclose();
+		    return (-1);
+		} else {
+		    (void)fclose(pfp);
+		    pfp = NULL;
+		    if (*++dbp == NULL) {
+			(void)cgetclose();
+			return (0);
+		    } else if ((pfp =
+				fopen(*dbp, "r")) == NULL) {
+			(void)cgetclose();
+			return (-1);
+		    } else
+			continue;
+		}
+	    } else
+		line[len - 1] = '\0';
+	    if (len == 1) {
+		slash = 0;
+		continue;
+	    }
+	    if (isspace((unsigned char)*line) ||
+		*line == ':' || *line == '#' || slash) {
+		if (line[len - 2] == '\\')
+		    slash = 1;
+		else
+		    slash = 0;
+		continue;
+	    }
+	    if (line[len - 2] == '\\')
+		slash = 1;
+	    else
+		slash = 0;
+	}			
+
+
+	/* 
+	 * Line points to a name line.
+	 */
+	done = 0;
+	np = nbuf;
+	for (;;) {
+	    for (cp = line; *cp != '\0'; cp++) {
+		if (*cp == ':') {
+		    *np++ = ':';
+		    done = 1;
+		    break;
+		}
+		if (*cp == '\\')
+		    break;
+		*np++ = *cp;
+	    }
+	    if (done) {
+		*np = '\0';
+		break;
+	    } else { /* name field extends beyond the line */
+		line = fgetln(pfp, &len);
+		if (line == NULL && pfp) {
+		    if (ferror(pfp)) {
+			(void)cgetclose();
+			return (-1);
+		    }
+		    (void)fclose(pfp);
+		    pfp = NULL;
+		    *np = '\0';
+		    break;
+		} else
+		    line[len - 1] = '\0';
+	    }
+	}
+	rp = buf;
+	for(cp = nbuf; *cp != '\0'; cp++)
+	    if (*cp == '|' || *cp == ':')
+		break;
+	    else
+		*rp++ = *cp;
+
+	*rp = '\0';
+	/* 
+	 * XXX 
+	 * Last argument of getent here should be nbuf if we want true
+	 * sequential access in the case of duplicates.  
+	 * With NULL, getent will return the first entry found
+	 * rather than the duplicate entry record.  This is a 
+	 * matter of semantics that should be resolved.
+	 */
+	status = getent(bp, &dummy, db_array, -1, buf, 0, NULL);
+	if (status == -2 || status == -3)
+	    (void)cgetclose();
+
+	return (status + 1);
+    }
+    /* NOTREACHED */
+}
+#endif
+
+/*
+ * Cgetstr retrieves the value of the string capability cap from the
+ * capability record pointed to by buf.  A pointer to a decoded, NUL
+ * terminated, malloc'd copy of the string is returned in the char *
+ * pointed to by str.  The length of the string not including the trailing
+ * NUL is returned on success, -1 if the requested string capability
+ * couldn't be found, -2 if a system error was encountered (storage
+ * allocation failure).
+ */
+int
+cgetstr(char *buf, const char *cap, char **str)
+{
+    u_int m_room;
+    const char *bp;
+    char *mp;
+    int len;
+    char *mem;
+
+    /*
+     * Find string capability cap
+     */
+    bp = cgetcap(buf, cap, '=');
+    if (bp == NULL)
+	return (-1);
+
+    /*
+     * Conversion / storage allocation loop ...  Allocate memory in
+     * chunks SFRAG in size.
+     */
+    if ((mem = malloc(SFRAG)) == NULL) {
+	errno = ENOMEM;
+	return (-2);	/* couldn't even allocate the first fragment */
+    }
+    m_room = SFRAG;
+    mp = mem;
+
+    while (*bp != ':' && *bp != '\0') {
+	/*
+	 * Loop invariants:
+	 *	There is always room for one more character in mem.
+	 *	Mp always points just past last character in mem.
+	 *	Bp always points at next character in buf.
+	 */
+	if (*bp == '^') {
+	    bp++;
+	    if (*bp == ':' || *bp == '\0')
+		break;	/* drop unfinished escape */
+	    *mp++ = *bp++ & 037;
+	} else if (*bp == '\\') {
+	    bp++;
+	    if (*bp == ':' || *bp == '\0')
+		break;	/* drop unfinished escape */
+	    if ('0' <= *bp && *bp <= '7') {
+		int n, i;
+
+		n = 0;
+		i = 3;	/* maximum of three octal digits */
+		do {
+		    n = n * 8 + (*bp++ - '0');
+		} while (--i && '0' <= *bp && *bp <= '7');
+		*mp++ = n;
+	    }
+	    else switch (*bp++) {
+	    case 'b': case 'B':
+		*mp++ = '\b';
+		break;
+	    case 't': case 'T':
+		*mp++ = '\t';
+		break;
+	    case 'n': case 'N':
+		*mp++ = '\n';
+		break;
+	    case 'f': case 'F':
+		*mp++ = '\f';
+		break;
+	    case 'r': case 'R':
+		*mp++ = '\r';
+		break;
+	    case 'e': case 'E':
+		*mp++ = ESC;
+		break;
+	    case 'c': case 'C':
+		*mp++ = ':';
+		break;
+	    default:
+		/*
+		 * Catches '\', '^', and
+		 *  everything else.
+		 */
+		*mp++ = *(bp-1);
+		break;
+	    }
+	} else
+	    *mp++ = *bp++;
+	m_room--;
+
+	/*
+	 * Enforce loop invariant: if no room left in current
+	 * buffer, try to get some more.
+	 */
+	if (m_room == 0) {
+	    size_t size = mp - mem;
+
+	    if ((mem = realloc(mem, size + SFRAG)) == NULL)
+		return (-2);
+	    m_room = SFRAG;
+	    mp = mem + size;
+	}
+    }
+    *mp++ = '\0';	/* loop invariant let's us do this */
+    m_room--;
+    len = mp - mem - 1;
+
+    /*
+     * Give back any extra memory and return value and success.
+     */
+    if (m_room != 0)
+	if ((mem = realloc(mem, (size_t)(mp - mem))) == NULL)
+	    return (-2);
+    *str = mem;
+    return (len);
+}
+
+/*
+ * Cgetustr retrieves the value of the string capability cap from the
+ * capability record pointed to by buf.  The difference between cgetustr()
+ * and cgetstr() is that cgetustr does not decode escapes but rather treats
+ * all characters literally.  A pointer to a  NUL terminated malloc'd 
+ * copy of the string is returned in the char pointed to by str.  The 
+ * length of the string not including the trailing NUL is returned on success,
+ * -1 if the requested string capability couldn't be found, -2 if a system 
+ * error was encountered (storage allocation failure).
+ */
+int
+cgetustr(char *buf, const char *cap, char **str)
+{
+    u_int m_room;
+    const char *bp;
+    char *mp;
+    int len;
+    char *mem;
+
+    /*
+     * Find string capability cap
+     */
+    if ((bp = cgetcap(buf, cap, '=')) == NULL)
+	return (-1);
+
+    /*
+     * Conversion / storage allocation loop ...  Allocate memory in
+     * chunks SFRAG in size.
+     */
+    if ((mem = malloc(SFRAG)) == NULL) {
+	errno = ENOMEM;
+	return (-2);	/* couldn't even allocate the first fragment */
+    }
+    m_room = SFRAG;
+    mp = mem;
+
+    while (*bp != ':' && *bp != '\0') {
+	/*
+	 * Loop invariants:
+	 *	There is always room for one more character in mem.
+	 *	Mp always points just past last character in mem.
+	 *	Bp always points at next character in buf.
+	 */
+	*mp++ = *bp++;
+	m_room--;
+
+	/*
+	 * Enforce loop invariant: if no room left in current
+	 * buffer, try to get some more.
+	 */
+	if (m_room == 0) {
+	    size_t size = mp - mem;
+
+	    if ((mem = realloc(mem, size + SFRAG)) == NULL)
+		return (-2);
+	    m_room = SFRAG;
+	    mp = mem + size;
+	}
+    }
+    *mp++ = '\0';	/* loop invariant let's us do this */
+    m_room--;
+    len = mp - mem - 1;
+
+    /*
+     * Give back any extra memory and return value and success.
+     */
+    if (m_room != 0)
+	if ((mem = realloc(mem, (size_t)(mp - mem))) == NULL)
+	    return (-2);
+    *str = mem;
+    return (len);
+}
+
+/*
+ * Cgetnum retrieves the value of the numeric capability cap from the
+ * capability record pointed to by buf.  The numeric value is returned in
+ * the long pointed to by num.  0 is returned on success, -1 if the requested
+ * numeric capability couldn't be found.
+ */
+int
+cgetnum(char *buf, const char *cap, long *num)
+{
+    long n;
+    int base, digit;
+    const char *bp;
+
+    /*
+     * Find numeric capability cap
+     */
+    bp = cgetcap(buf, cap, '#');
+    if (bp == NULL)
+	return (-1);
+
+    /*
+     * Look at value and determine numeric base:
+     *	0x... or 0X...	hexadecimal,
+     * else	0...		octal,
+     * else			decimal.
+     */
+    if (*bp == '0') {
+	bp++;
+	if (*bp == 'x' || *bp == 'X') {
+	    bp++;
+	    base = 16;
+	} else
+	    base = 8;
+    } else
+	base = 10;
+
+    /*
+     * Conversion loop ...
+     */
+    n = 0;
+    for (;;) {
+	if ('0' <= *bp && *bp <= '9')
+	    digit = *bp - '0';
+	else if ('a' <= *bp && *bp <= 'f')
+	    digit = 10 + *bp - 'a';
+	else if ('A' <= *bp && *bp <= 'F')
+	    digit = 10 + *bp - 'A';
+	else
+	    break;
+
+	if (digit >= base)
+	    break;
+
+	n = n * base + digit;
+	bp++;
+    }
+
+    /*
+     * Return value and success.
+     */
+    *num = n;
+    return (0);
+}
+
+
+/*
+ * Compare name field of record.
+ */
+static int
+nfcmp(char *nf, char *rec)
+{
+    char *cp, tmp;
+    int ret;
+	
+    for (cp = rec; *cp != ':'; cp++)
+	;
+	
+    tmp = *(cp + 1);
+    *(cp + 1) = '\0';
+    ret = strcmp(nf, rec);
+    *(cp + 1) = tmp;
+
+    return (ret);
+}
diff --git a/crypto/kerberosIV/lib/roken/getcwd.c b/crypto/kerberosIV/lib/roken/getcwd.c
new file mode 100644
index 0000000..c1f2610
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getcwd.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getcwd.c,v 1.12 1999/12/02 16:58:46 joda Exp $");
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#include "roken.h"
+
+char*
+getcwd(char *path, size_t size)
+{
+    char xxx[MaxPathLen];
+    char *ret;
+    ret = getwd(xxx);
+    if(ret)
+	strlcpy(path, xxx, size);
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/getdtablesize.c b/crypto/kerberosIV/lib/roken/getdtablesize.c
new file mode 100644
index 0000000..9f9c74b
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getdtablesize.c
@@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getdtablesize.c,v 1.10 1999/12/02 16:58:46 joda Exp $");
+#endif
+
+#include "roken.h"
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+
+#ifdef HAVE_SYS_SYSCTL_H
+#include <sys/sysctl.h>
+#endif
+
+int getdtablesize(void)
+{
+  int files = -1;
+#if defined(HAVE_SYSCONF) && defined(_SC_OPEN_MAX)
+  files = sysconf(_SC_OPEN_MAX);
+#else /* !defined(HAVE_SYSCONF) */
+#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE)
+  struct rlimit res;
+  if (getrlimit(RLIMIT_NOFILE, &res) == 0)
+    files = res.rlim_cur;
+#else /* !definded(HAVE_GETRLIMIT) */
+#if defined(HAVE_SYSCTL) && defined(CTL_KERN) && defined(KERN_MAXFILES)
+  int mib[2];
+  size_t len;
+    
+  mib[0] = CTL_KERN;
+  mib[1] = KERN_MAXFILES;
+  len = sizeof(files);
+  sysctl(&mib, 2, &files, sizeof(nfil), NULL, 0);
+#endif /* defined(HAVE_SYSCTL) */
+#endif /* !definded(HAVE_GETRLIMIT) */
+#endif /* !defined(HAVE_SYSCONF) */
+
+#ifdef OPEN_MAX
+  if (files < 0)
+    files = OPEN_MAX;
+#endif
+
+#ifdef NOFILE
+  if (files < 0)
+    files = NOFILE;
+#endif    
+    
+  return files;
+}
diff --git a/crypto/kerberosIV/lib/roken/getegid.c b/crypto/kerberosIV/lib/roken/getegid.c
new file mode 100644
index 0000000..b6eab85
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getegid.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_GETEGID
+
+RCSID("$Id: getegid.c,v 1.2 1999/12/02 16:58:46 joda Exp $");
+
+int getegid(void)
+{
+    return getgid();
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/geteuid.c b/crypto/kerberosIV/lib/roken/geteuid.c
new file mode 100644
index 0000000..4bdf531
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/geteuid.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_GETEUID
+
+RCSID("$Id: geteuid.c,v 1.2 1999/12/02 16:58:46 joda Exp $");
+
+int geteuid(void)
+{
+    return getuid();
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/getgid.c b/crypto/kerberosIV/lib/roken/getgid.c
new file mode 100644
index 0000000..f2ca01a
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getgid.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_GETGID
+
+RCSID("$Id: getgid.c,v 1.2 1999/12/02 16:58:46 joda Exp $");
+
+int getgid(void)
+{
+    return 17;
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/gethostname.c b/crypto/kerberosIV/lib/roken/gethostname.c
new file mode 100644
index 0000000..753ba9f
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/gethostname.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_GETHOSTNAME
+
+#ifdef HAVE_SYS_UTSNAME_H
+#include <sys/utsname.h>
+#endif
+
+/*
+ * Return the local host's name in "name", up to "namelen" characters.
+ * "name" will be null-terminated if "namelen" is big enough.
+ * The return code is 0 on success, -1 on failure.  (The calling
+ * interface is identical to gethostname(2).)
+ */
+
+int
+gethostname(char *name, int namelen)
+{
+#if defined(HAVE_UNAME)
+    {
+	struct utsname utsname;
+	int ret;
+
+	ret = uname (&utsname);
+	if (ret < 0)
+	    return ret;
+	strlcpy (name, utsname.nodename, namelen);
+	return 0;
+    }
+#else
+    strlcpy (name, "some.random.host", namelen);
+    return 0;
+#endif
+}
+
+#endif /* GETHOSTNAME */
diff --git a/crypto/kerberosIV/lib/roken/getipnodebyaddr.c b/crypto/kerberosIV/lib/roken/getipnodebyaddr.c
new file mode 100644
index 0000000..f22aad7
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getipnodebyaddr.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getipnodebyaddr.c,v 1.2 1999/12/02 16:58:46 joda Exp $");
+#endif
+
+#include "roken.h"
+
+/*
+ * lookup `src, len' (address family `af') in DNS and return a pointer
+ * to a malloced struct hostent or NULL.
+ */
+
+struct hostent *
+getipnodebyaddr (const void *src, size_t len, int af, int *error_num)
+{
+    struct hostent *tmp;
+
+    tmp = gethostbyaddr (src, len, af);
+    if (tmp == NULL) {
+	switch (h_errno) {
+	case HOST_NOT_FOUND :
+	case TRY_AGAIN :
+	case NO_RECOVERY :
+	    *error_num = h_errno;
+	    break;
+	case NO_DATA :
+	    *error_num = NO_ADDRESS;
+	    break;
+	default :
+	    *error_num = NO_RECOVERY;
+	    break;
+	}
+	return NULL;
+    }
+    tmp = copyhostent (tmp);
+    if (tmp == NULL) {
+	*error_num = TRY_AGAIN;
+	return NULL;
+    }
+    return tmp;
+}
diff --git a/crypto/kerberosIV/lib/roken/getipnodebyname.c b/crypto/kerberosIV/lib/roken/getipnodebyname.c
new file mode 100644
index 0000000..576feef
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getipnodebyname.c
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getipnodebyname.c,v 1.3 1999/12/02 16:58:46 joda Exp $");
+#endif
+
+#include "roken.h"
+
+#ifndef HAVE_H_ERRNO
+static int h_errno = NO_RECOVERY;
+#endif
+
+/*
+ * lookup `name' (address family `af') in DNS and return a pointer
+ * to a malloced struct hostent or NULL.
+ */
+
+struct hostent *
+getipnodebyname (const char *name, int af, int flags, int *error_num)
+{
+    struct hostent *tmp;
+
+#ifdef HAVE_GETHOSTBYNAME2
+    tmp = gethostbyname2 (name, af);
+#else
+    if (af != AF_INET) {
+	*error_num = NO_ADDRESS;
+	return NULL;
+    }
+    tmp = gethostbyname (name);
+#endif
+    if (tmp == NULL) {
+	switch (h_errno) {
+	case HOST_NOT_FOUND :
+	case TRY_AGAIN :
+	case NO_RECOVERY :
+	    *error_num = h_errno;
+	    break;
+	case NO_DATA :
+	    *error_num = NO_ADDRESS;
+	    break;
+	default :
+	    *error_num = NO_RECOVERY;
+	    break;
+	}
+	return NULL;
+    }
+    tmp = copyhostent (tmp);
+    if (tmp == NULL) {
+	*error_num = TRY_AGAIN;
+	return NULL;
+    }
+    return tmp;
+}
diff --git a/crypto/kerberosIV/lib/roken/getopt.c b/crypto/kerberosIV/lib/roken/getopt.c
new file mode 100644
index 0000000..45fc350
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getopt.c
@@ -0,0 +1,128 @@
+/*
+ * Copyright (c) 1987, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)getopt.c	8.1 (Berkeley) 6/4/93";
+#endif /* LIBC_SCCS and not lint */
+
+#ifndef __STDC__
+#define const
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/*
+ * get option letter from argument vector
+ */
+int	opterr = 1,		/* if error message should be printed */
+	optind = 1,		/* index into parent argv vector */
+	optopt,			/* character checked for validity */
+	optreset;		/* reset getopt */
+char	*optarg;		/* argument associated with option */
+
+#define	BADCH	(int)'?'
+#define	BADARG	(int)':'
+#define	EMSG	""
+
+int
+getopt(nargc, nargv, ostr)
+	int nargc;
+	char * const *nargv;
+	const char *ostr;
+{
+	static char *place = EMSG;		/* option letter processing */
+	char *oli;			/* option letter list index */
+	char *p;
+
+	if (optreset || !*place) {		/* update scanning pointer */
+		optreset = 0;
+		if (optind >= nargc || *(place = nargv[optind]) != '-') {
+			place = EMSG;
+			return(-1);
+		}
+		if (place[1] && *++place == '-') {	/* found "--" */
+			++optind;
+			place = EMSG;
+			return(-1);
+		}
+	}					/* option letter okay? */
+	if ((optopt = (int)*place++) == (int)':' ||
+	    !(oli = strchr(ostr, optopt))) {
+		/*
+		 * if the user didn't specify '-' as an option,
+		 * assume it means -1 (EOF).
+		 */
+		if (optopt == (int)'-')
+			return(-1);
+		if (!*place)
+			++optind;
+		if (opterr && *ostr != ':') {
+			if (!(p = strrchr(*nargv, '/')))
+				p = *nargv;
+			else
+				++p;
+			fprintf(stderr, "%s: illegal option -- %c\n",
+			    p, optopt);
+		}
+		return(BADCH);
+	}
+	if (*++oli != ':') {			/* don't need argument */
+		optarg = NULL;
+		if (!*place)
+			++optind;
+	}
+	else {					/* need an argument */
+		if (*place)			/* no white space */
+			optarg = place;
+		else if (nargc <= ++optind) {	/* no arg */
+			place = EMSG;
+			if (!(p = strrchr(*nargv, '/')))
+				p = *nargv;
+			else
+				++p;
+			if (*ostr == ':')
+				return(BADARG);
+			if (opterr)
+				fprintf(stderr,
+				    "%s: option requires an argument -- %c\n",
+				    p, optopt);
+			return(BADCH);
+		}
+	 	else				/* white space */
+			optarg = nargv[optind];
+		place = EMSG;
+		++optind;
+	}
+	return(optopt);				/* dump back option letter */
+}
diff --git a/crypto/kerberosIV/lib/roken/gettimeofday.c b/crypto/kerberosIV/lib/roken/gettimeofday.c
new file mode 100644
index 0000000..ec8b62f
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/gettimeofday.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+#ifndef HAVE_GETTIMEOFDAY
+
+RCSID("$Id: gettimeofday.c,v 1.8 1999/12/02 16:58:46 joda Exp $");
+
+/*
+ * Simple gettimeofday that only returns seconds.
+ */
+int
+gettimeofday (struct timeval *tp, void *ignore)
+{
+     time_t t;
+
+     t = time(NULL);
+     tp->tv_sec  = t;
+     tp->tv_usec = 0;
+     return 0;
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/getuid.c b/crypto/kerberosIV/lib/roken/getuid.c
new file mode 100644
index 0000000..6ebce0a
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getuid.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_GETUID
+
+RCSID("$Id: getuid.c,v 1.3 1999/12/02 16:58:46 joda Exp $");
+
+int getuid(void)
+{
+    return 17;
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/getusershell.c b/crypto/kerberosIV/lib/roken/getusershell.c
new file mode 100644
index 0000000..87a48ec
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getusershell.c
@@ -0,0 +1,160 @@
+/*
+ * Copyright (c) 1985, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+RCSID("$Id: getusershell.c,v 1.8 1997/04/20 06:18:03 assar Exp $");
+
+#ifndef HAVE_GETUSERSHELL
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifndef _PATH_SHELLS
+#define _PATH_SHELLS "/etc/shells"
+#endif
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif
+
+#ifndef _PATH_CSHELL
+#define _PATH_CSHELL "/bin/csh"
+#endif
+
+/*
+ * Local shells should NOT be added here.  They should be added in
+ * /etc/shells.
+ */
+
+static char *okshells[] = { _PATH_BSHELL, _PATH_CSHELL, NULL };
+static char **curshell, **shells, *strings;
+static char **initshells (void);
+
+/*
+ * Get a list of shells from _PATH_SHELLS, if it exists.
+ */
+char *
+getusershell()
+{
+	char *ret;
+
+	if (curshell == NULL)
+		curshell = initshells();
+	ret = *curshell;
+	if (ret != NULL)
+		curshell++;
+	return (ret);
+}
+
+void
+endusershell()
+{
+	
+	if (shells != NULL)
+		free(shells);
+	shells = NULL;
+	if (strings != NULL)
+		free(strings);
+	strings = NULL;
+	curshell = NULL;
+}
+
+void
+setusershell()
+{
+
+	curshell = initshells();
+}
+
+static char **
+initshells()
+{
+	char **sp, *cp;
+	FILE *fp;
+	struct stat statb;
+
+	if (shells != NULL)
+		free(shells);
+	shells = NULL;
+	if (strings != NULL)
+		free(strings);
+	strings = NULL;
+	if ((fp = fopen(_PATH_SHELLS, "r")) == NULL)
+		return (okshells);
+	if (fstat(fileno(fp), &statb) == -1) {
+		fclose(fp);
+		return (okshells);
+	}
+	if ((strings = malloc((u_int)statb.st_size)) == NULL) {
+		fclose(fp);
+		return (okshells);
+	}
+	shells = calloc((unsigned)statb.st_size / 3, sizeof (char *));
+	if (shells == NULL) {
+		fclose(fp);
+		free(strings);
+		strings = NULL;
+		return (okshells);
+	}
+	sp = shells;
+	cp = strings;
+	while (fgets(cp, MaxPathLen + 1, fp) != NULL) {
+		while (*cp != '#' && *cp != '/' && *cp != '\0')
+			cp++;
+		if (*cp == '#' || *cp == '\0')
+			continue;
+		*sp++ = cp;
+		while (!isspace(*cp) && *cp != '#' && *cp != '\0')
+			cp++;
+		*cp++ = '\0';
+	}
+	*sp = NULL;
+	fclose(fp);
+	return (shells);
+}
+#endif /* HAVE_GETUSERSHELL */
diff --git a/crypto/kerberosIV/lib/roken/glob.c b/crypto/kerberosIV/lib/roken/glob.c
new file mode 100644
index 0000000..66e8ec6
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/glob.c
@@ -0,0 +1,835 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * glob(3) -- a superset of the one defined in POSIX 1003.2.
+ *
+ * The [!...] convention to negate a range is supported (SysV, Posix, ksh).
+ *
+ * Optional extra services, controlled by flags not defined by POSIX:
+ *
+ * GLOB_QUOTE:
+ *	Escaping convention: \ inhibits any special meaning the following
+ *	character might have (except \ at end of string is retained).
+ * GLOB_MAGCHAR:
+ *	Set in gl_flags if pattern contained a globbing character.
+ * GLOB_NOMAGIC:
+ *	Same as GLOB_NOCHECK, but it will only append pattern if it did
+ *	not contain any magic characters.  [Used in csh style globbing]
+ * GLOB_ALTDIRFUNC:
+ *	Use alternately specified directory access functions.
+ * GLOB_TILDE:
+ *	expand ~user/foo to the /home/dir/of/user/foo
+ * GLOB_BRACE:
+ *	expand {1,2}{a,b} to 1a 1b 2a 2b 
+ * gl_matchc:
+ *	Number of matches in the current invocation of glob.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#include <ctype.h>
+#ifdef HAVE_DIRENT_H
+#include <dirent.h>
+#endif
+#include <errno.h>
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "glob.h"
+#include "roken.h"
+
+#define	CHAR_DOLLAR		'$'
+#define	CHAR_DOT		'.'
+#define	CHAR_EOS		'\0'
+#define	CHAR_LBRACKET		'['
+#define	CHAR_NOT		'!'
+#define	CHAR_QUESTION		'?'
+#define	CHAR_QUOTE		'\\'
+#define	CHAR_RANGE		'-'
+#define	CHAR_RBRACKET		']'
+#define	CHAR_SEP		'/'
+#define	CHAR_STAR		'*'
+#define	CHAR_TILDE		'~'
+#define	CHAR_UNDERSCORE		'_'
+#define	CHAR_LBRACE		'{'
+#define	CHAR_RBRACE		'}'
+#define	CHAR_SLASH		'/'
+#define	CHAR_COMMA		','
+
+#ifndef DEBUG
+
+#define	M_QUOTE		0x8000
+#define	M_PROTECT	0x4000
+#define	M_MASK		0xffff
+#define	M_ASCII		0x00ff
+
+typedef u_short Char;
+
+#else
+
+#define	M_QUOTE		0x80
+#define	M_PROTECT	0x40
+#define	M_MASK		0xff
+#define	M_ASCII		0x7f
+
+typedef char Char;
+
+#endif
+
+
+#define	CHAR(c)		((Char)((c)&M_ASCII))
+#define	META(c)		((Char)((c)|M_QUOTE))
+#define	M_ALL		META('*')
+#define	M_END		META(']')
+#define	M_NOT		META('!')
+#define	M_ONE		META('?')
+#define	M_RNG		META('-')
+#define	M_SET		META('[')
+#define	ismeta(c)	(((c)&M_QUOTE) != 0)
+
+
+static int	 compare (const void *, const void *);
+static void	 g_Ctoc (const Char *, char *);
+static int	 g_lstat (Char *, struct stat *, glob_t *);
+static DIR	*g_opendir (Char *, glob_t *);
+static Char	*g_strchr (Char *, int);
+#ifdef notdef
+static Char	*g_strcat (Char *, const Char *);
+#endif
+static int	 g_stat (Char *, struct stat *, glob_t *);
+static int	 glob0 (const Char *, glob_t *);
+static int	 glob1 (Char *, glob_t *);
+static int	 glob2 (Char *, Char *, Char *, glob_t *);
+static int	 glob3 (Char *, Char *, Char *, Char *, glob_t *);
+static int	 globextend (const Char *, glob_t *);
+static const Char *	 globtilde (const Char *, Char *, glob_t *);
+static int	 globexp1 (const Char *, glob_t *);
+static int	 globexp2 (const Char *, const Char *, glob_t *, int *);
+static int	 match (Char *, Char *, Char *);
+#ifdef DEBUG
+static void	 qprintf (const char *, Char *);
+#endif
+
+int
+glob(const char *pattern, 
+     int flags, 
+     int (*errfunc)(const char *, int), 
+     glob_t *pglob)
+{
+	const u_char *patnext;
+	int c;
+	Char *bufnext, *bufend, patbuf[MaxPathLen+1];
+
+	patnext = (u_char *) pattern;
+	if (!(flags & GLOB_APPEND)) {
+		pglob->gl_pathc = 0;
+		pglob->gl_pathv = NULL;
+		if (!(flags & GLOB_DOOFFS))
+			pglob->gl_offs = 0;
+	}
+	pglob->gl_flags = flags & ~GLOB_MAGCHAR;
+	pglob->gl_errfunc = errfunc;
+	pglob->gl_matchc = 0;
+
+	bufnext = patbuf;
+	bufend = bufnext + MaxPathLen;
+	if (flags & GLOB_QUOTE) {
+		/* Protect the quoted characters. */
+		while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) 
+			if (c == CHAR_QUOTE) {
+				if ((c = *patnext++) == CHAR_EOS) {
+					c = CHAR_QUOTE;
+					--patnext;
+				}
+				*bufnext++ = c | M_PROTECT;
+			}
+			else
+				*bufnext++ = c;
+	}
+	else 
+	    while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) 
+		    *bufnext++ = c;
+	*bufnext = CHAR_EOS;
+
+	if (flags & GLOB_BRACE)
+	    return globexp1(patbuf, pglob);
+	else
+	    return glob0(patbuf, pglob);
+}
+
+/*
+ * Expand recursively a glob {} pattern. When there is no more expansion
+ * invoke the standard globbing routine to glob the rest of the magic
+ * characters
+ */
+static int globexp1(const Char *pattern, glob_t *pglob)
+{
+	const Char* ptr = pattern;
+	int rv;
+
+	/* Protect a single {}, for find(1), like csh */
+	if (pattern[0] == CHAR_LBRACE && pattern[1] == CHAR_RBRACE && pattern[2] == CHAR_EOS)
+		return glob0(pattern, pglob);
+
+	while ((ptr = (const Char *) g_strchr((Char *) ptr, CHAR_LBRACE)) != NULL)
+		if (!globexp2(ptr, pattern, pglob, &rv))
+			return rv;
+
+	return glob0(pattern, pglob);
+}
+
+
+/*
+ * Recursive brace globbing helper. Tries to expand a single brace.
+ * If it succeeds then it invokes globexp1 with the new pattern.
+ * If it fails then it tries to glob the rest of the pattern and returns.
+ */
+static int globexp2(const Char *ptr, const Char *pattern, 
+		    glob_t *pglob, int *rv)
+{
+	int     i;
+	Char   *lm, *ls;
+	const Char *pe, *pm, *pl;
+	Char    patbuf[MaxPathLen + 1];
+
+	/* copy part up to the brace */
+	for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
+		continue;
+	ls = lm;
+
+	/* Find the balanced brace */
+	for (i = 0, pe = ++ptr; *pe; pe++)
+		if (*pe == CHAR_LBRACKET) {
+			/* Ignore everything between [] */
+			for (pm = pe++; *pe != CHAR_RBRACKET && *pe != CHAR_EOS; pe++)
+				continue;
+			if (*pe == CHAR_EOS) {
+				/* 
+				 * We could not find a matching CHAR_RBRACKET.
+				 * Ignore and just look for CHAR_RBRACE
+				 */
+				pe = pm;
+			}
+		}
+		else if (*pe == CHAR_LBRACE)
+			i++;
+		else if (*pe == CHAR_RBRACE) {
+			if (i == 0)
+				break;
+			i--;
+		}
+
+	/* Non matching braces; just glob the pattern */
+	if (i != 0 || *pe == CHAR_EOS) {
+		*rv = glob0(patbuf, pglob);
+		return 0;
+	}
+
+	for (i = 0, pl = pm = ptr; pm <= pe; pm++)
+		switch (*pm) {
+		case CHAR_LBRACKET:
+			/* Ignore everything between [] */
+			for (pl = pm++; *pm != CHAR_RBRACKET && *pm != CHAR_EOS; pm++)
+				continue;
+			if (*pm == CHAR_EOS) {
+				/* 
+				 * We could not find a matching CHAR_RBRACKET.
+				 * Ignore and just look for CHAR_RBRACE
+				 */
+				pm = pl;
+			}
+			break;
+
+		case CHAR_LBRACE:
+			i++;
+			break;
+
+		case CHAR_RBRACE:
+			if (i) {
+			    i--;
+			    break;
+			}
+			/* FALLTHROUGH */
+		case CHAR_COMMA:
+			if (i && *pm == CHAR_COMMA)
+				break;
+			else {
+				/* Append the current string */
+				for (lm = ls; (pl < pm); *lm++ = *pl++)
+					continue;
+				/* 
+				 * Append the rest of the pattern after the
+				 * closing brace
+				 */
+				for (pl = pe + 1; (*lm++ = *pl++) != CHAR_EOS;)
+					continue;
+
+				/* Expand the current pattern */
+#ifdef DEBUG
+				qprintf("globexp2:", patbuf);
+#endif
+				*rv = globexp1(patbuf, pglob);
+
+				/* move after the comma, to the next string */
+				pl = pm + 1;
+			}
+			break;
+
+		default:
+			break;
+		}
+	*rv = 0;
+	return 0;
+}
+
+
+
+/*
+ * expand tilde from the passwd file.
+ */
+static const Char *
+globtilde(const Char *pattern, Char *patbuf, glob_t *pglob)
+{
+	struct passwd *pwd;
+	char *h;
+	const Char *p;
+	Char *b;
+
+	if (*pattern != CHAR_TILDE || !(pglob->gl_flags & GLOB_TILDE))
+		return pattern;
+
+	/* Copy up to the end of the string or / */
+	for (p = pattern + 1, h = (char *) patbuf; *p && *p != CHAR_SLASH; 
+	     *h++ = *p++)
+		continue;
+
+	*h = CHAR_EOS;
+
+	if (((char *) patbuf)[0] == CHAR_EOS) {
+		/* 
+		 * handle a plain ~ or ~/ by expanding $HOME 
+		 * first and then trying the password file
+		 */
+		if ((h = getenv("HOME")) == NULL) {
+			if ((pwd = k_getpwuid(getuid())) == NULL)
+				return pattern;
+			else
+				h = pwd->pw_dir;
+		}
+	}
+	else {
+		/*
+		 * Expand a ~user
+		 */
+		if ((pwd = k_getpwnam((char*) patbuf)) == NULL)
+			return pattern;
+		else
+			h = pwd->pw_dir;
+	}
+
+	/* Copy the home directory */
+	for (b = patbuf; *h; *b++ = *h++)
+		continue;
+	
+	/* Append the rest of the pattern */
+	while ((*b++ = *p++) != CHAR_EOS)
+		continue;
+
+	return patbuf;
+}
+	
+
+/*
+ * The main glob() routine: compiles the pattern (optionally processing
+ * quotes), calls glob1() to do the real pattern matching, and finally
+ * sorts the list (unless unsorted operation is requested).  Returns 0
+ * if things went well, nonzero if errors occurred.  It is not an error
+ * to find no matches.
+ */
+static int
+glob0(const Char *pattern, glob_t *pglob)
+{
+	const Char *qpatnext;
+	int c, err, oldpathc;
+	Char *bufnext, patbuf[MaxPathLen+1];
+
+	qpatnext = globtilde(pattern, patbuf, pglob);
+	oldpathc = pglob->gl_pathc;
+	bufnext = patbuf;
+
+	/* We don't need to check for buffer overflow any more. */
+	while ((c = *qpatnext++) != CHAR_EOS) {
+		switch (c) {
+		case CHAR_LBRACKET:
+			c = *qpatnext;
+			if (c == CHAR_NOT)
+				++qpatnext;
+			if (*qpatnext == CHAR_EOS ||
+			    g_strchr((Char *) qpatnext+1, CHAR_RBRACKET) == NULL) {
+				*bufnext++ = CHAR_LBRACKET;
+				if (c == CHAR_NOT)
+					--qpatnext;
+				break;
+			}
+			*bufnext++ = M_SET;
+			if (c == CHAR_NOT)
+				*bufnext++ = M_NOT;
+			c = *qpatnext++;
+			do {
+				*bufnext++ = CHAR(c);
+				if (*qpatnext == CHAR_RANGE &&
+				    (c = qpatnext[1]) != CHAR_RBRACKET) {
+					*bufnext++ = M_RNG;
+					*bufnext++ = CHAR(c);
+					qpatnext += 2;
+				}
+			} while ((c = *qpatnext++) != CHAR_RBRACKET);
+			pglob->gl_flags |= GLOB_MAGCHAR;
+			*bufnext++ = M_END;
+			break;
+		case CHAR_QUESTION:
+			pglob->gl_flags |= GLOB_MAGCHAR;
+			*bufnext++ = M_ONE;
+			break;
+		case CHAR_STAR:
+			pglob->gl_flags |= GLOB_MAGCHAR;
+			/* collapse adjacent stars to one, 
+			 * to avoid exponential behavior
+			 */
+			if (bufnext == patbuf || bufnext[-1] != M_ALL)
+			    *bufnext++ = M_ALL;
+			break;
+		default:
+			*bufnext++ = CHAR(c);
+			break;
+		}
+	}
+	*bufnext = CHAR_EOS;
+#ifdef DEBUG
+	qprintf("glob0:", patbuf);
+#endif
+
+	if ((err = glob1(patbuf, pglob)) != 0)
+		return(err);
+
+	/*
+	 * If there was no match we are going to append the pattern 
+	 * if GLOB_NOCHECK was specified or if GLOB_NOMAGIC was specified
+	 * and the pattern did not contain any magic characters
+	 * GLOB_NOMAGIC is there just for compatibility with csh.
+	 */
+	if (pglob->gl_pathc == oldpathc && 
+	    ((pglob->gl_flags & GLOB_NOCHECK) || 
+	      ((pglob->gl_flags & GLOB_NOMAGIC) &&
+	       !(pglob->gl_flags & GLOB_MAGCHAR))))
+		return(globextend(pattern, pglob));
+	else if (!(pglob->gl_flags & GLOB_NOSORT)) 
+		qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
+		    pglob->gl_pathc - oldpathc, sizeof(char *), compare);
+	return(0);
+}
+
+static int
+compare(const void *p, const void *q)
+{
+	return(strcmp(*(char **)p, *(char **)q));
+}
+
+static int
+glob1(Char *pattern, glob_t *pglob)
+{
+	Char pathbuf[MaxPathLen+1];
+
+	/* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
+	if (*pattern == CHAR_EOS)
+		return(0);
+	return(glob2(pathbuf, pathbuf, pattern, pglob));
+}
+
+/*
+ * The functions glob2 and glob3 are mutually recursive; there is one level
+ * of recursion for each segment in the pattern that contains one or more
+ * meta characters.
+ */
+
+#ifndef S_ISLNK
+#if defined(S_IFLNK) && defined(S_IFMT)
+#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK)
+#else
+#define S_ISLNK(mode) 0
+#endif
+#endif
+
+static int
+glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob)
+{
+	struct stat sb;
+	Char *p, *q;
+	int anymeta;
+
+	/*
+	 * Loop over pattern segments until end of pattern or until
+	 * segment with meta character found.
+	 */
+	for (anymeta = 0;;) {
+		if (*pattern == CHAR_EOS) {		/* End of pattern? */
+			*pathend = CHAR_EOS;
+			if (g_lstat(pathbuf, &sb, pglob))
+				return(0);
+		
+			if (((pglob->gl_flags & GLOB_MARK) &&
+			    pathend[-1] != CHAR_SEP) && (S_ISDIR(sb.st_mode)
+			    || (S_ISLNK(sb.st_mode) &&
+			    (g_stat(pathbuf, &sb, pglob) == 0) &&
+			    S_ISDIR(sb.st_mode)))) {
+				*pathend++ = CHAR_SEP;
+				*pathend = CHAR_EOS;
+			}
+			++pglob->gl_matchc;
+			return(globextend(pathbuf, pglob));
+		}
+
+		/* Find end of next segment, copy tentatively to pathend. */
+		q = pathend;
+		p = pattern;
+		while (*p != CHAR_EOS && *p != CHAR_SEP) {
+			if (ismeta(*p))
+				anymeta = 1;
+			*q++ = *p++;
+		}
+
+		if (!anymeta) {		/* No expansion, do next segment. */
+			pathend = q;
+			pattern = p;
+			while (*pattern == CHAR_SEP)
+				*pathend++ = *pattern++;
+		} else			/* Need expansion, recurse. */
+			return(glob3(pathbuf, pathend, pattern, p, pglob));
+	}
+	/* CHAR_NOTREACHED */
+}
+
+static int
+glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern, 
+      glob_t *pglob)
+{
+	struct dirent *dp;
+	DIR *dirp;
+	int err;
+	char buf[MaxPathLen];
+
+	/*
+	 * The readdirfunc declaration can't be prototyped, because it is
+	 * assigned, below, to two functions which are prototyped in glob.h
+	 * and dirent.h as taking pointers to differently typed opaque
+	 * structures.
+	 */
+	struct dirent *(*readdirfunc)(void *);
+
+	*pathend = CHAR_EOS;
+	errno = 0;
+	    
+	if ((dirp = g_opendir(pathbuf, pglob)) == NULL) {
+		/* TODO: don't call for ENOENT or ENOTDIR? */
+		if (pglob->gl_errfunc) {
+			g_Ctoc(pathbuf, buf);
+			if (pglob->gl_errfunc(buf, errno) ||
+			    pglob->gl_flags & GLOB_ERR)
+				return (GLOB_ABEND);
+		}
+		return(0);
+	}
+
+	err = 0;
+
+	/* Search directory for matching names. */
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		readdirfunc = pglob->gl_readdir;
+	else
+		readdirfunc = (struct dirent *(*)(void *))readdir;
+	while ((dp = (*readdirfunc)(dirp))) {
+		u_char *sc;
+		Char *dc;
+
+		/* Initial CHAR_DOT must be matched literally. */
+		if (dp->d_name[0] == CHAR_DOT && *pattern != CHAR_DOT)
+			continue;
+		for (sc = (u_char *) dp->d_name, dc = pathend; 
+		     (*dc++ = *sc++) != CHAR_EOS;)
+			continue;
+		if (!match(pathend, pattern, restpattern)) {
+			*pathend = CHAR_EOS;
+			continue;
+		}
+		err = glob2(pathbuf, --dc, restpattern, pglob);
+		if (err)
+			break;
+	}
+
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		(*pglob->gl_closedir)(dirp);
+	else
+		closedir(dirp);
+	return(err);
+}
+
+
+/*
+ * Extend the gl_pathv member of a glob_t structure to accomodate a new item,
+ * add the new item, and update gl_pathc.
+ *
+ * This assumes the BSD realloc, which only copies the block when its size
+ * crosses a power-of-two boundary; for v7 realloc, this would cause quadratic
+ * behavior.
+ *
+ * Return 0 if new item added, error code if memory couldn't be allocated.
+ *
+ * Invariant of the glob_t structure:
+ *	Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and
+ *	gl_pathv points to (gl_offs + gl_pathc + 1) items.
+ */
+static int
+globextend(const Char *path, glob_t *pglob)
+{
+	char **pathv;
+	int i;
+	u_int newsize;
+	char *copy;
+	const Char *p;
+
+	newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
+	pathv = pglob->gl_pathv ? 
+		    realloc(pglob->gl_pathv, newsize) :
+		    malloc(newsize);
+	if (pathv == NULL)
+		return(GLOB_NOSPACE);
+
+	if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
+		/* first time around -- clear initial gl_offs items */
+		pathv += pglob->gl_offs;
+		for (i = pglob->gl_offs; --i >= 0; )
+			*--pathv = NULL;
+	}
+	pglob->gl_pathv = pathv;
+
+	for (p = path; *p++;)
+		continue;
+	if ((copy = malloc(p - path)) != NULL) {
+		g_Ctoc(path, copy);
+		pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
+	}
+	pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
+	return(copy == NULL ? GLOB_NOSPACE : 0);
+}
+
+
+/*
+ * pattern matching function for filenames.  Each occurrence of the *
+ * pattern causes a recursion level.
+ */
+static int
+match(Char *name, Char *pat, Char *patend)
+{
+	int ok, negate_range;
+	Char c, k;
+
+	while (pat < patend) {
+		c = *pat++;
+		switch (c & M_MASK) {
+		case M_ALL:
+			if (pat == patend)
+				return(1);
+			do 
+			    if (match(name, pat, patend))
+				    return(1);
+			while (*name++ != CHAR_EOS);
+			return(0);
+		case M_ONE:
+			if (*name++ == CHAR_EOS)
+				return(0);
+			break;
+		case M_SET:
+			ok = 0;
+			if ((k = *name++) == CHAR_EOS)
+				return(0);
+			if ((negate_range = ((*pat & M_MASK) == M_NOT)) != CHAR_EOS)
+				++pat;
+			while (((c = *pat++) & M_MASK) != M_END)
+				if ((*pat & M_MASK) == M_RNG) {
+					if (c <= k && k <= pat[1])
+						ok = 1;
+					pat += 2;
+				} else if (c == k)
+					ok = 1;
+			if (ok == negate_range)
+				return(0);
+			break;
+		default:
+			if (*name++ != c)
+				return(0);
+			break;
+		}
+	}
+	return(*name == CHAR_EOS);
+}
+
+/* Free allocated data belonging to a glob_t structure. */
+void
+globfree(glob_t *pglob)
+{
+	int i;
+	char **pp;
+
+	if (pglob->gl_pathv != NULL) {
+		pp = pglob->gl_pathv + pglob->gl_offs;
+		for (i = pglob->gl_pathc; i--; ++pp)
+			if (*pp)
+				free(*pp);
+		free(pglob->gl_pathv);
+	}
+}
+
+static DIR *
+g_opendir(Char *str, glob_t *pglob)
+{
+	char buf[MaxPathLen];
+
+	if (!*str)
+		strlcpy(buf, ".", sizeof(buf));
+	else
+		g_Ctoc(str, buf);
+
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		return((*pglob->gl_opendir)(buf));
+
+	return(opendir(buf));
+}
+
+static int
+g_lstat(Char *fn, struct stat *sb, glob_t *pglob)
+{
+	char buf[MaxPathLen];
+
+	g_Ctoc(fn, buf);
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		return((*pglob->gl_lstat)(buf, sb));
+	return(lstat(buf, sb));
+}
+
+static int
+g_stat(Char *fn, struct stat *sb, glob_t *pglob)
+{
+	char buf[MaxPathLen];
+
+	g_Ctoc(fn, buf);
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		return((*pglob->gl_stat)(buf, sb));
+	return(stat(buf, sb));
+}
+
+static Char *
+g_strchr(Char *str, int ch)
+{
+	do {
+		if (*str == ch)
+			return (str);
+	} while (*str++);
+	return (NULL);
+}
+
+#ifdef notdef
+static Char *
+g_strcat(Char *dst, const Char *src)
+{
+	Char *sdst = dst;
+
+	while (*dst++)
+		continue;
+	--dst;
+	while((*dst++ = *src++) != CHAR_EOS)
+	    continue;
+
+	return (sdst);
+}
+#endif
+
+static void
+g_Ctoc(const Char *str, char *buf)
+{
+	char *dc;
+
+	for (dc = buf; (*dc++ = *str++) != CHAR_EOS;)
+		continue;
+}
+
+#ifdef DEBUG
+static void 
+qprintf(const Char *str, Char *s)
+{
+	Char *p;
+
+	printf("%s:\n", str);
+	for (p = s; *p; p++)
+		printf("%c", CHAR(*p));
+	printf("\n");
+	for (p = s; *p; p++)
+		printf("%c", *p & M_PROTECT ? '"' : ' ');
+	printf("\n");
+	for (p = s; *p; p++)
+		printf("%c", ismeta(*p) ? '_' : ' ');
+	printf("\n");
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/glob.h b/crypto/kerberosIV/lib/roken/glob.h
new file mode 100644
index 0000000..bece48a
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/glob.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)glob.h	8.1 (Berkeley) 6/2/93
+ */
+
+#ifndef _GLOB_H_
+#define	_GLOB_H_
+
+struct stat;
+typedef struct {
+	int gl_pathc;		/* Count of total paths so far. */
+	int gl_matchc;		/* Count of paths matching pattern. */
+	int gl_offs;		/* Reserved at beginning of gl_pathv. */
+	int gl_flags;		/* Copy of flags parameter to glob. */
+	char **gl_pathv;	/* List of paths matching pattern. */
+				/* Copy of errfunc parameter to glob. */
+	int (*gl_errfunc) (const char *, int);
+
+	/*
+	 * Alternate filesystem access methods for glob; replacement
+	 * versions of closedir(3), readdir(3), opendir(3), stat(2)
+	 * and lstat(2).
+	 */
+	void (*gl_closedir) (void *);
+	struct dirent *(*gl_readdir) (void *);	
+	void *(*gl_opendir) (const char *);
+	int (*gl_lstat) (const char *, struct stat *);
+	int (*gl_stat) (const char *, struct stat *);
+} glob_t;
+
+#define	GLOB_APPEND	0x0001	/* Append to output from previous call. */
+#define	GLOB_DOOFFS	0x0002	/* Use gl_offs. */
+#define	GLOB_ERR	0x0004	/* Return on error. */
+#define	GLOB_MARK	0x0008	/* Append / to matching directories. */
+#define	GLOB_NOCHECK	0x0010	/* Return pattern itself if nothing matches. */
+#define	GLOB_NOSORT	0x0020	/* Don't sort. */
+
+#define	GLOB_ALTDIRFUNC	0x0040	/* Use alternately specified directory funcs. */
+#define	GLOB_BRACE	0x0080	/* Expand braces ala csh. */
+#define	GLOB_MAGCHAR	0x0100	/* Pattern had globbing characters. */
+#define	GLOB_NOMAGIC	0x0200	/* GLOB_NOCHECK without magic chars (csh). */
+#define	GLOB_QUOTE	0x0400	/* Quote special chars with \. */
+#define	GLOB_TILDE	0x0800	/* Expand tilde names from the passwd file. */
+
+#define	GLOB_NOSPACE	(-1)	/* Malloc call failed. */
+#define	GLOB_ABEND	(-2)	/* Unignored error. */
+
+int	glob (const char *, int, int (*)(const char *, int), glob_t *);
+void	globfree (glob_t *);
+
+#endif /* !_GLOB_H_ */
diff --git a/crypto/kerberosIV/lib/roken/hstrerror.c b/crypto/kerberosIV/lib/roken/hstrerror.c
new file mode 100644
index 0000000..522de52
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/hstrerror.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: hstrerror.c,v 1.22 1999/12/02 16:58:46 joda Exp $");
+#endif
+
+#ifndef HAVE_HSTRERROR
+
+#include "roken.h"
+
+#include <stdio.h>
+
+#ifdef HAVE_NETDB_H
+#if (defined(SunOS) && (SunOS >= 50))
+#define hstrerror broken_proto
+#endif
+#include <netdb.h>
+#undef hstrerror
+#endif
+
+#ifndef HAVE_H_ERRNO
+int h_errno = -17; /* Some magic number */
+#endif
+
+#if !(defined(HAVE_H_ERRLIST) && defined(HAVE_H_NERR))
+static const char *const h_errlist[] = {
+    "Resolver Error 0 (no error)",
+    "Unknown host",		/* 1 HOST_NOT_FOUND */
+    "Host name lookup failure",	/* 2 TRY_AGAIN */
+    "Unknown server error",	/* 3 NO_RECOVERY */
+    "No address associated with name", /* 4 NO_ADDRESS */
+};
+
+static
+const
+int h_nerr = { sizeof h_errlist / sizeof h_errlist[0] };
+#else
+
+#ifndef HAVE_H_ERRLIST_DECLARATION
+extern const char *h_errlist[];
+extern int h_nerr;
+#endif
+
+#endif
+
+const char *
+hstrerror(int herr)
+{
+    if (0 <= herr && herr < h_nerr)
+	return h_errlist[herr];
+    else if(herr == -17)
+	return "unknown error";
+    else
+	return "Error number out of range (hstrerror)";
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/inaddr2str.c b/crypto/kerberosIV/lib/roken/inaddr2str.c
new file mode 100644
index 0000000..5a1ab56
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/inaddr2str.c
@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: inaddr2str.c,v 1.12 1999/12/02 16:58:46 joda Exp $");
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#include "roken.h"
+
+/*
+ * Get a verified name for `addr'.
+ * If unable to find it in the DNS, return x.y.z.a
+ */
+
+void
+inaddr2str(struct in_addr addr, char *s, size_t len)
+{
+  struct hostent *h;
+  char **p;
+
+  h = roken_gethostbyaddr ((const char *)&addr, sizeof(addr), AF_INET);
+  if (h) {
+    h = roken_gethostbyname (h->h_name);
+    if(h)
+      for(p = h->h_addr_list;
+	  *p;
+	  ++p)
+	if (memcmp (*p, &addr, sizeof(addr)) == 0) {
+	  strlcpy (s, h->h_name, len);
+	  return;
+	}
+  }
+  strlcpy (s, inet_ntoa (addr), len);
+  return;
+}
diff --git a/crypto/kerberosIV/lib/roken/inet_aton.c b/crypto/kerberosIV/lib/roken/inet_aton.c
new file mode 100644
index 0000000..755e426
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/inet_aton.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: inet_aton.c,v 1.12 1999/12/02 16:58:47 joda Exp $");
+#endif
+
+#include "roken.h"
+
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+/* Minimal implementation of inet_aton.
+ * Cannot distinguish between failure and a local broadcast address. */
+
+int
+inet_aton(const char *cp, struct in_addr *addr)
+{
+  addr->s_addr = inet_addr(cp);
+  return (addr->s_addr == INADDR_NONE) ? 0 : 1;
+}
diff --git a/crypto/kerberosIV/lib/roken/inet_ntop.c b/crypto/kerberosIV/lib/roken/inet_ntop.c
new file mode 100644
index 0000000..f79a35e
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/inet_ntop.c
@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: inet_ntop.c,v 1.3 1999/12/02 16:58:47 joda Exp $");
+#endif
+
+#include <errno.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#include <roken.h>
+
+/*
+ *
+ */
+
+static const char *
+inet_ntop_v4 (const void *src, char *dst, size_t size)
+{
+    const char digits[] = "0123456789";
+    int i;
+    struct in_addr *addr = (struct in_addr *)src;
+    u_long a = ntohl(addr->s_addr);
+    const char *orig_dst = dst;
+
+    if (size < INET_ADDRSTRLEN) {
+	errno = ENOSPC;
+	return NULL;
+    }
+    for (i = 0; i < 4; ++i) {
+	int n = (a >> (24 - i * 8)) & 0xFF;
+	int non_zerop = 0;
+
+	if (non_zerop || n / 100 > 0) {
+	    *dst++ = digits[n / 100];
+	    n %= 100;
+	    non_zerop = 1;
+	}
+	if (non_zerop || n / 10 > 0) {
+	    *dst++ = digits[n / 10];
+	    n %= 10;
+	    non_zerop = 1;
+	}
+	*dst++ = digits[n];
+	if (i != 3)
+	    *dst++ = '.';
+    }
+    *dst++ = '\0';
+    return orig_dst;
+}
+
+#ifdef HAVE_IPV6
+static const char *
+inet_ntop_v6 (const void *src, char *dst, size_t size)
+{
+    const char xdigits[] = "0123456789abcdef";
+    int i;
+    const struct in6_addr *addr = (struct in6_addr *)src;
+    const u_char *ptr = addr->s6_addr;
+    const char *orig_dst = dst;
+
+    if (size < INET6_ADDRSTRLEN) {
+	errno = ENOSPC;
+	return NULL;
+    }
+    for (i = 0; i < 8; ++i) {
+	int non_zerop = 1;
+
+	if (non_zerop || (ptr[0] >> 4)) {
+	    *dst++ = xdigits[ptr[0] >> 4];
+	    non_zerop = 1;
+	}
+	if (non_zerop || (ptr[0] & 0x0F)) {
+	    *dst++ = xdigits[ptr[0] & 0x0F];
+	    non_zerop = 1;
+	}
+	if (non_zerop || (ptr[1] >> 4)) {
+	    *dst++ = xdigits[ptr[1] >> 4];
+	    non_zerop = 1;
+	}
+	if (non_zerop || (ptr[1] & 0x0F)) {
+	    *dst++ = xdigits[ptr[1] & 0x0F];
+	    non_zerop = 1;
+	}
+	if (i != 7)
+	    *dst++ = ':';
+	ptr += 2;
+    }
+    *dst++ = '\0';
+    return orig_dst;
+}
+#endif /* HAVE_IPV6 */
+
+const char *
+inet_ntop(int af, const void *src, char *dst, size_t size)
+{
+    switch (af) {
+    case AF_INET :
+	return inet_ntop_v4 (src, dst, size);
+#ifdef HAVE_IPV6
+    case AF_INET6 :
+	return inet_ntop_v6 (src, dst, size);
+#endif
+    default :
+	errno = EAFNOSUPPORT;
+	return NULL;
+    }
+}
diff --git a/crypto/kerberosIV/lib/roken/inet_pton.c b/crypto/kerberosIV/lib/roken/inet_pton.c
new file mode 100644
index 0000000..9b195c2
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/inet_pton.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: inet_pton.c,v 1.2 1999/12/02 16:58:47 joda Exp $");
+#endif
+
+#include <errno.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#include <roken.h>
+
+int
+inet_pton(int af, const char *src, void *dst)
+{
+    if (af != AF_INET) {
+	errno = EAFNOSUPPORT;
+	return -1;
+    }
+    return inet_aton (src, dst);
+}
diff --git a/crypto/kerberosIV/lib/roken/initgroups.c b/crypto/kerberosIV/lib/roken/initgroups.c
new file mode 100644
index 0000000..dcf1d08
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/initgroups.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: initgroups.c,v 1.3 1999/12/02 16:58:47 joda Exp $");
+#endif
+
+#include "roken.h"
+
+int
+initgroups(const char *name, gid_t basegid)
+{
+  return 0;
+}
diff --git a/crypto/kerberosIV/lib/roken/innetgr.c b/crypto/kerberosIV/lib/roken/innetgr.c
new file mode 100644
index 0000000..4bc57f9
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/innetgr.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_INNETGR
+
+RCSID("$Id: innetgr.c,v 1.1 1999/03/11 14:04:01 joda Exp $");
+
+int
+innetgr(const char *netgroup, const char *machine, 
+	const char *user, const char *domain)
+{
+    return 0;
+}
+#endif
+
diff --git a/crypto/kerberosIV/lib/roken/iruserok.c b/crypto/kerberosIV/lib/roken/iruserok.c
new file mode 100644
index 0000000..7cac29f
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/iruserok.c
@@ -0,0 +1,294 @@
+/*
+ * Copyright (c) 1983, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: iruserok.c,v 1.22 1999/09/16 20:06:06 assar Exp $");
+#endif
+
+#include <stdio.h>
+#include <ctype.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+#ifdef HAVE_RPCSVC_YPCLNT_H
+#include <rpcsvc/ypclnt.h>
+#endif
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#include "roken.h"
+
+int     __check_rhosts_file = 1;
+char    *__rcmd_errstr = 0;
+
+/*
+ * Returns "true" if match, 0 if no match.
+ */
+static
+int
+__icheckhost(unsigned raddr, const char *lhost)
+{
+	struct hostent *hp;
+	u_long laddr;
+	char **pp;
+
+	/* Try for raw ip address first. */
+	if (isdigit((unsigned char)*lhost)
+	    && (long)(laddr = inet_addr(lhost)) != -1)
+		return (raddr == laddr);
+
+	/* Better be a hostname. */
+	if ((hp = gethostbyname(lhost)) == NULL)
+		return (0);
+
+	/* Spin through ip addresses. */
+	for (pp = hp->h_addr_list; *pp; ++pp)
+	        if (memcmp(&raddr, *pp, sizeof(u_long)) == 0)
+			return (1);
+
+	/* No match. */
+	return (0);
+}
+
+/*
+ * Returns 0 if ok, -1 if not ok.
+ */
+static
+int
+__ivaliduser(FILE *hostf, unsigned raddr, const char *luser,
+	     const char *ruser)
+{
+	char *user, *p;
+	int ch;
+	char buf[MaxHostNameLen + 128];		/* host + login */
+	char hname[MaxHostNameLen];
+	struct hostent *hp;
+	/* Presumed guilty until proven innocent. */
+	int userok = 0, hostok = 0;
+#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
+	char *ypdomain;
+
+	if (yp_get_default_domain(&ypdomain))
+		ypdomain = NULL;
+#else
+#define	ypdomain NULL
+#endif
+	/* We need to get the damn hostname back for netgroup matching. */
+	if ((hp = gethostbyaddr((char *)&raddr,
+				sizeof(u_long),
+				AF_INET)) == NULL)
+		return (-1);
+	strlcpy(hname, hp->h_name, sizeof(hname));
+
+	while (fgets(buf, sizeof(buf), hostf)) {
+		p = buf;
+		/* Skip lines that are too long. */
+		if (strchr(p, '\n') == NULL) {
+			while ((ch = getc(hostf)) != '\n' && ch != EOF);
+			continue;
+		}
+		if (*p == '\n' || *p == '#') {
+			/* comment... */
+			continue;
+		}
+		while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
+		        if (isupper((unsigned char)*p))
+			    *p = tolower((unsigned char)*p);
+			p++;
+		}
+		if (*p == ' ' || *p == '\t') {
+			*p++ = '\0';
+			while (*p == ' ' || *p == '\t')
+				p++;
+			user = p;
+			while (*p != '\n' && *p != ' ' &&
+			    *p != '\t' && *p != '\0')
+				p++;
+		} else
+			user = p;
+		*p = '\0';
+		/*
+		 * Do +/- and +@/-@ checking. This looks really nasty,
+		 * but it matches SunOS's behavior so far as I can tell.
+		 */
+		switch(buf[0]) {
+		case '+':
+			if (!buf[1]) {     /* '+' matches all hosts */
+				hostok = 1;
+				break;
+			}
+			if (buf[1] == '@')  /* match a host by netgroup */
+				hostok = innetgr((char *)&buf[2],
+					(char *)&hname, NULL, ypdomain);
+			else		/* match a host by addr */
+				hostok = __icheckhost(raddr,(char *)&buf[1]);
+			break;
+		case '-':     /* reject '-' hosts and all their users */
+			if (buf[1] == '@') {
+				if (innetgr((char *)&buf[2],
+					      (char *)&hname, NULL, ypdomain))
+					return(-1);
+			} else {
+				if (__icheckhost(raddr,(char *)&buf[1]))
+					return(-1);
+			}
+			break;
+		default:  /* if no '+' or '-', do a simple match */
+			hostok = __icheckhost(raddr, buf);
+			break;
+		}
+		switch(*user) {
+		case '+':
+			if (!*(user+1)) {      /* '+' matches all users */
+				userok = 1;
+				break;
+			}
+			if (*(user+1) == '@')  /* match a user by netgroup */
+				userok = innetgr(user+2, NULL, (char *)ruser,
+						 ypdomain);
+			else	   /* match a user by direct specification */
+				userok = !(strcmp(ruser, user+1));
+			break;
+		case '-': 		/* if we matched a hostname, */
+			if (hostok) {   /* check for user field rejections */
+				if (!*(user+1))
+					return(-1);
+				if (*(user+1) == '@') {
+					if (innetgr(user+2, NULL,
+						    (char *)ruser, ypdomain))
+						return(-1);
+				} else {
+					if (!strcmp(ruser, user+1))
+						return(-1);
+				}
+			}
+			break;
+		default:	/* no rejections: try to match the user */
+			if (hostok)
+				userok = !(strcmp(ruser,*user ? user : luser));
+			break;
+		}
+		if (hostok && userok)
+			return(0);
+	}
+	return (-1);
+}
+
+/*
+ * New .rhosts strategy: We are passed an ip address. We spin through
+ * hosts.equiv and .rhosts looking for a match. When the .rhosts only
+ * has ip addresses, we don't have to trust a nameserver.  When it
+ * contains hostnames, we spin through the list of addresses the nameserver
+ * gives us and look for a match.
+ *
+ * Returns 0 if ok, -1 if not ok.
+ */
+int
+iruserok(unsigned raddr, int superuser, const char *ruser, const char *luser)
+{
+	char *cp;
+	struct stat sbuf;
+	struct passwd *pwd;
+	FILE *hostf;
+	uid_t uid;
+	int first;
+	char pbuf[MaxPathLen];
+
+	first = 1;
+	hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
+again:
+	if (hostf) {
+		if (__ivaliduser(hostf, raddr, luser, ruser) == 0) {
+			fclose(hostf);
+			return (0);
+		}
+		fclose(hostf);
+	}
+	if (first == 1 && (__check_rhosts_file || superuser)) {
+		first = 0;
+		if ((pwd = k_getpwnam((char*)luser)) == NULL)
+			return (-1);
+		snprintf (pbuf, sizeof(pbuf), "%s/.rhosts", pwd->pw_dir);
+
+		/*
+		 * Change effective uid while opening .rhosts.  If root and
+		 * reading an NFS mounted file system, can't read files that
+		 * are protected read/write owner only.
+		 */
+		uid = geteuid();
+		seteuid(pwd->pw_uid);
+		hostf = fopen(pbuf, "r");
+		seteuid(uid);
+
+		if (hostf == NULL)
+			return (-1);
+		/*
+		 * If not a regular file, or is owned by someone other than
+		 * user or root or if writeable by anyone but the owner, quit.
+		 */
+		cp = NULL;
+		if (lstat(pbuf, &sbuf) < 0)
+			cp = ".rhosts lstat failed";
+		else if (!S_ISREG(sbuf.st_mode))
+			cp = ".rhosts not regular file";
+		else if (fstat(fileno(hostf), &sbuf) < 0)
+			cp = ".rhosts fstat failed";
+		else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
+			cp = "bad .rhosts owner";
+		else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
+			cp = ".rhosts writeable by other than owner";
+		/* If there were any problems, quit. */
+		if (cp) {
+			__rcmd_errstr = cp;
+			fclose(hostf);
+			return (-1);
+		}
+		goto again;
+	}
+	return (-1);
+}
diff --git a/crypto/kerberosIV/lib/roken/issuid.c b/crypto/kerberosIV/lib/roken/issuid.c
new file mode 100644
index 0000000..af2aae5
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/issuid.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: issuid.c,v 1.3 1999/12/02 16:58:47 joda Exp $");
+#endif
+
+#include "roken.h"
+
+int
+issuid(void)
+{
+#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
+    if(getuid() != geteuid())
+	return 1;
+#endif
+#if defined(HAVE_GETGID) && defined(HAVE_GETEGID)
+    if(getgid() != getegid())
+	return 2;
+#endif
+    return 0;
+}
diff --git a/crypto/kerberosIV/lib/roken/k_getpwnam.c b/crypto/kerberosIV/lib/roken/k_getpwnam.c
new file mode 100644
index 0000000..40681cd
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/k_getpwnam.c
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: k_getpwnam.c,v 1.9 1999/12/02 16:58:47 joda Exp $");
+#endif /* HAVE_CONFIG_H */
+
+#include "roken.h"
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+
+struct passwd *
+k_getpwnam (const char *user)
+{
+     struct passwd *p;
+
+     p = getpwnam (user);
+#if defined(HAVE_GETSPNAM) && defined(HAVE_STRUCT_SPWD)
+     if(p)
+     {
+	  struct spwd *spwd;
+
+	  spwd = getspnam (user);
+	  if (spwd)
+	       p->pw_passwd = spwd->sp_pwdp;
+	  endspent ();
+     }
+#else
+     endpwent ();
+#endif
+     return p;
+}
diff --git a/crypto/kerberosIV/lib/roken/k_getpwuid.c b/crypto/kerberosIV/lib/roken/k_getpwuid.c
new file mode 100644
index 0000000..1e2ca54
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/k_getpwuid.c
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: k_getpwuid.c,v 1.9 1999/12/02 16:58:47 joda Exp $");
+#endif /* HAVE_CONFIG_H */
+
+#include "roken.h"
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+
+struct passwd *
+k_getpwuid (uid_t uid)
+{
+     struct passwd *p;
+
+     p = getpwuid (uid);
+#if defined(HAVE_GETSPNAM) && defined(HAVE_STRUCT_SPWD)
+     if (p)
+     {
+	  struct spwd *spwd;
+
+	  spwd = getspnam (p->pw_name);
+	  if (spwd)
+	       p->pw_passwd = spwd->sp_pwdp;
+	  endspent ();
+     }
+#else
+     endpwent ();
+#endif
+     return p;
+}
diff --git a/crypto/kerberosIV/lib/roken/lstat.c b/crypto/kerberosIV/lib/roken/lstat.c
new file mode 100644
index 0000000..2f03e19
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/lstat.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: lstat.c,v 1.4 1999/12/02 16:58:51 joda Exp $");
+#endif
+
+#include "roken.h"
+
+int
+lstat(const char *path, struct stat *buf)
+{
+  return stat(path, buf);
+}
diff --git a/crypto/kerberosIV/lib/roken/make-print-version.c b/crypto/kerberosIV/lib/roken/make-print-version.c
new file mode 100644
index 0000000..d08e023
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/make-print-version.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: make-print-version.c,v 1.2 1999/12/02 16:58:51 joda Exp $");
+#endif
+
+#include <stdio.h>
+
+#ifdef KRB5
+extern char *heimdal_version;
+#endif
+#ifdef KRB4
+extern char *krb4_version;
+#endif
+#include <version.h>
+
+int
+main(int argc, char **argv)
+{
+    FILE *f;
+    if(argc != 2)
+	return 1;
+    f = fopen(argv[1], "w");
+    if(f == NULL)
+	return 1;
+    fprintf(f, "#define VERSIONLIST { ");
+#ifdef KRB5
+    fprintf(f, "\"%s\", ", heimdal_version);
+#endif
+#ifdef KRB4
+    fprintf(f, "\"%s\", ", krb4_version);
+#endif
+    fprintf(f, "}\n");
+    fclose(f);
+    return 0;
+}
diff --git a/crypto/kerberosIV/lib/roken/memmove.c b/crypto/kerberosIV/lib/roken/memmove.c
new file mode 100644
index 0000000..b77d56a
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/memmove.c
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: memmove.c,v 1.7 1999/12/02 16:58:51 joda Exp $");
+#endif
+
+/* 
+ * memmove for systems that doesn't have it 
+ */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+void* memmove(void *s1, const void *s2, size_t n)
+{
+  char *s=(char*)s2, *d=(char*)s1;
+
+  if(d > s){
+    s+=n-1;
+    d+=n-1;
+    while(n){
+      *d--=*s--;
+      n--;
+    }
+  }else if(d < s)
+    while(n){
+      *d++=*s++;
+      n--;
+    }
+  return s1;
+}
diff --git a/crypto/kerberosIV/lib/roken/mini_inetd.c b/crypto/kerberosIV/lib/roken/mini_inetd.c
new file mode 100644
index 0000000..a0c6333
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/mini_inetd.c
@@ -0,0 +1,194 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: mini_inetd.c,v 1.18 1999/12/02 16:58:51 joda Exp $");
+#endif
+
+#include <stdio.h>
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+
+#include <roken.h>
+
+static int
+listen_v4 (int port)
+{
+     struct sockaddr_in sa;
+     int s;
+
+     s = socket(AF_INET, SOCK_STREAM, 0);
+     if(s < 0) {
+	 if (errno == ENOSYS)
+	     return -1;
+	  perror("socket");
+	  exit(1);
+     }
+     socket_set_reuseaddr (s, 1);
+     memset(&sa, 0, sizeof(sa));
+     sa.sin_family      = AF_INET;
+     sa.sin_port        = port;
+     sa.sin_addr.s_addr = INADDR_ANY;
+     if(bind(s, (struct sockaddr*)&sa, sizeof(sa)) < 0){
+	  perror("bind");
+	  exit(1);
+     }
+     if(listen(s, SOMAXCONN) < 0){
+	  perror("listen");
+	  exit(1);
+     }
+     return s;
+}
+
+#ifdef HAVE_IPV6
+static int
+listen_v6 (int port)
+{
+     struct sockaddr_in6 sa;
+     int s;
+
+     s = socket(AF_INET6, SOCK_STREAM, 0);
+     if(s < 0) {
+	 if (errno == ENOSYS)
+	     return -1;
+	 perror("socket");
+	 exit(1);
+     }
+     socket_set_reuseaddr (s, 1);
+     memset(&sa, 0, sizeof(sa));
+     sa.sin6_family = AF_INET6;
+     sa.sin6_port   = port;
+     sa.sin6_addr   = in6addr_any;
+     if(bind(s, (struct sockaddr*)&sa, sizeof(sa)) < 0){
+	  perror("bind");
+	  exit(1);
+     }
+     if(listen(s, SOMAXCONN) < 0){
+	  perror("listen");
+	  exit(1);
+     }
+     return s;
+}
+#endif /* HAVE_IPV6 */
+
+/*
+ * accept a connection on `s' and pretend it's served by inetd.
+ */
+
+static void
+accept_it (int s)
+{
+    int s2;
+
+    s2 = accept(s, NULL, 0);
+    if(s2 < 0){
+	perror("accept");
+	exit(1);
+    }
+    close(s);
+    dup2(s2, STDIN_FILENO);
+    dup2(s2, STDOUT_FILENO);
+    /* dup2(s2, STDERR_FILENO); */
+    close(s2);
+}
+
+/*
+ * Listen on `port' emulating inetd.
+ */
+
+void
+mini_inetd (int port)
+{
+    int ret;
+    int max_fd = -1;
+    int sock_v4 = -1;
+    int sock_v6 = -1;
+    fd_set orig_read_set, read_set;
+
+    FD_ZERO(&orig_read_set);
+
+    sock_v4 = listen_v4 (port);
+    if (sock_v4 >= 0) {
+	max_fd  = max(max_fd, sock_v4);
+	FD_SET(sock_v4, &orig_read_set);
+    }
+#ifdef HAVE_IPV6
+    sock_v6 = listen_v6 (port);
+    if (sock_v6 >= 0) {
+	max_fd  = max(max_fd, sock_v6);
+	FD_SET(sock_v6, &orig_read_set);
+    }
+#endif    
+
+    do {
+	read_set = orig_read_set;
+
+	ret = select (max_fd + 1, &read_set, NULL, NULL, NULL);
+	if (ret < 0 && ret != EINTR) {
+	    perror ("select");
+	    exit (1);
+	}
+    } while (ret <= 0);
+
+    if (sock_v4 > 0 && FD_ISSET (sock_v4, &read_set)) {
+	accept_it (sock_v4);
+	return;
+    }
+    if (sock_v6 > 0 && FD_ISSET (sock_v6, &read_set)) {
+	accept_it (sock_v6);
+	return;
+    }
+    abort ();
+}
diff --git a/crypto/kerberosIV/lib/roken/mkstemp.c b/crypto/kerberosIV/lib/roken/mkstemp.c
new file mode 100644
index 0000000..350f4cb
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/mkstemp.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <errno.h>
+
+RCSID("$Id: mkstemp.c,v 1.3 1999/12/02 16:58:51 joda Exp $");
+
+#ifndef HAVE_MKSTEMP
+
+int
+mkstemp(char *template)
+{
+    int start, i;
+    pid_t val;
+    val = getpid();
+    start = strlen(template) - 1;
+    while(template[start] == 'X') {
+	template[start] = '0' + val % 10;
+	val /= 10;
+	start--;
+    }
+    
+    do{
+	int fd;
+	fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600);
+	if(fd >= 0 || errno != EEXIST)
+	    return fd;
+	i = start + 1;
+	do{
+	    if(template[i] == 0)
+		return -1;
+	    template[i]++;
+	    if(template[i] == '9' + 1)
+		template[i] = 'a';
+	    if(template[i] <= 'z')
+		break;
+	    template[i] = 'a';
+	    i++;
+	}while(1);
+    }while(1);
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/net_read.c b/crypto/kerberosIV/lib/roken/net_read.c
new file mode 100644
index 0000000..6d45bfa
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/net_read.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: net_read.c,v 1.3 1999/12/02 16:58:51 joda Exp $");
+#endif
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <roken.h>
+
+/*
+ * Like read but never return partial data.
+ */
+
+ssize_t
+net_read (int fd, void *buf, size_t nbytes)
+{
+    char *cbuf = (char *)buf;
+    ssize_t count;
+    size_t rem = nbytes;
+
+    while (rem > 0) {
+#ifdef WIN32
+	count = recv (fd, cbuf, rem, 0);
+#else
+	count = read (fd, cbuf, rem);
+#endif
+	if (count < 0) {
+	    if (errno == EINTR)
+		continue;
+	    else
+		return count;
+	} else if (count == 0) {
+	    return count;
+	}
+	cbuf += count;
+	rem -= count;
+    }
+    return nbytes;
+}
diff --git a/crypto/kerberosIV/lib/roken/net_write.c b/crypto/kerberosIV/lib/roken/net_write.c
new file mode 100644
index 0000000..2f63dbe
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/net_write.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: net_write.c,v 1.4 1999/12/02 16:58:51 joda Exp $");
+#endif
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <roken.h>
+
+/*
+ * Like write but never return partial data.
+ */
+
+ssize_t
+net_write (int fd, const void *buf, size_t nbytes)
+{
+    const char *cbuf = (const char *)buf;
+    ssize_t count;
+    size_t rem = nbytes;
+
+    while (rem > 0) {
+#ifdef WIN32
+	count = send (fd, cbuf, rem, 0);
+#else
+	count = write (fd, cbuf, rem);
+#endif
+	if (count < 0) {
+	    if (errno == EINTR)
+		continue;
+	    else
+		return count;
+	}
+	cbuf += count;
+	rem -= count;
+    }
+    return nbytes;
+}
diff --git a/crypto/kerberosIV/lib/roken/parse_bytes-test.c b/crypto/kerberosIV/lib/roken/parse_bytes-test.c
new file mode 100644
index 0000000..499d942
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/parse_bytes-test.c
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: parse_bytes-test.c,v 1.2 1999/12/02 16:58:51 joda Exp $");
+#endif
+
+#include "roken.h"
+#include "parse_bytes.h"
+
+static struct testcase {
+    int canonicalp;
+    int val;
+    const char *def_unit;
+    const char *str;
+} tests[] = {
+    {0, 0, NULL, "0 bytes"},
+    {1, 0, NULL, "0"},
+    {0, 1, NULL, "1"},
+    {1, 1, NULL, "1 byte"},
+    {0, 0, "kilobyte", "0"},
+    {0, 1024, "kilobyte", "1"},
+    {1, 1024, "kilobyte", "1 kilobyte"},
+    {1, 1024 * 1024, NULL, "1 megabyte"},
+    {0, 1025, NULL, "1 kilobyte 1"},
+    {1, 1025, NULL, "1 kilobyte 1 byte"},
+};
+
+int
+main(int argc, char **argv)
+{
+    int i;
+    int ret = 0;
+
+    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); ++i) {
+	char buf[256];
+	int val = parse_bytes (tests[i].str, tests[i].def_unit);
+	size_t len;
+
+	if (val != tests[i].val) {
+	    printf ("parse_bytes (%s, %s) = %d != %d\n",
+		    tests[i].str,
+		    tests[i].def_unit ? tests[i].def_unit : "none",
+		    val, tests[i].val);
+	    ++ret;
+	}
+	if (tests[i].canonicalp) {
+	    len = unparse_bytes (tests[i].val, buf, sizeof(buf));
+	    if (strcmp (tests[i].str, buf) != 0) {
+		printf ("unparse_bytes (%d) = \"%s\" != \"%s\"\n",
+			tests[i].val, buf, tests[i].str);
+		++ret;
+	    }
+	}    
+    }
+    if (ret) {
+	printf ("%d errors\n", ret);
+	return 1;
+    } else
+	return 0;
+}
diff --git a/crypto/kerberosIV/lib/roken/parse_bytes.c b/crypto/kerberosIV/lib/roken/parse_bytes.c
new file mode 100644
index 0000000..f3c514f
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/parse_bytes.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: parse_bytes.c,v 1.2 1999/12/02 16:58:51 joda Exp $");
+#endif
+
+#include <parse_units.h>
+#include "parse_bytes.h"
+
+static units bytes_units[] = {
+    { "gigabyte", 1024 * 1024 * 1024 },
+    { "gbyte", 1024 * 1024 * 1024 },
+    { "GB", 1024 * 1024 * 1024 },
+    { "megabyte", 1024 * 1024 },
+    { "mbyte", 1024 * 1024 },
+    { "MB", 1024 * 1024 },
+    { "kilobyte", 1024 },
+    { "KB", 1024 },
+    { "byte", 1 },
+    { NULL, 0 }
+};
+
+static units bytes_short_units[] = {
+    { "GB", 1024 * 1024 * 1024 },
+    { "MB", 1024 * 1024 },
+    { "KB", 1024 },
+    { NULL, 0 }
+};
+
+int
+parse_bytes (const char *s, const char *def_unit)
+{
+    return parse_units (s, bytes_units, def_unit);
+}
+
+size_t
+unparse_bytes (int t, char *s, size_t len)
+{
+    return unparse_units (t, bytes_units, s, len);
+}
+
+size_t
+unparse_bytes_short (int t, char *s, size_t len)
+{
+    return unparse_units_approx (t, bytes_short_units, s, len);
+}
diff --git a/crypto/kerberosIV/lib/roken/parse_bytes.h b/crypto/kerberosIV/lib/roken/parse_bytes.h
new file mode 100644
index 0000000..8116c1c
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/parse_bytes.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: parse_bytes.h,v 1.2 1999/12/02 16:58:51 joda Exp $ */
+
+#ifndef __PARSE_BYTES_H__
+#define __PARSE_BYTES_H__
+
+int
+parse_bytes (const char *s, const char *def_unit);
+
+size_t
+unparse_bytes (int t, char *s, size_t len);
+
+size_t
+unparse_bytes_short (int t, char *s, size_t len);
+
+#endif /* __PARSE_BYTES_H__ */
diff --git a/crypto/kerberosIV/lib/roken/parse_time.c b/crypto/kerberosIV/lib/roken/parse_time.c
new file mode 100644
index 0000000..a09ded7
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/parse_time.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: parse_time.c,v 1.5 1999/12/02 16:58:51 joda Exp $");
+#endif
+
+#include <parse_units.h>
+#include "parse_time.h"
+
+static units time_units[] = {
+    {"year",	365 * 24 * 60 * 60},
+    {"month",	30 * 24 * 60 * 60},
+    {"week",	7 * 24 * 60 * 60},
+    {"day",	24 * 60 * 60},
+    {"hour",	60 * 60},
+    {"h",	60 * 60},
+    {"minute",	60},
+    {"m",	60},
+    {"second",	1},
+    {"s",	1},
+    {NULL, 0},
+};
+
+int
+parse_time (const char *s, const char *def_unit)
+{
+    return parse_units (s, time_units, def_unit);
+}
+
+size_t
+unparse_time (int t, char *s, size_t len)
+{
+    return unparse_units (t, time_units, s, len);
+}
+
+size_t
+unparse_time_approx (int t, char *s, size_t len)
+{
+    return unparse_units_approx (t, time_units, s, len);
+}
+
+void
+print_time_table (FILE *f)
+{
+    print_units_table (time_units, f);
+}
diff --git a/crypto/kerberosIV/lib/roken/parse_time.h b/crypto/kerberosIV/lib/roken/parse_time.h
new file mode 100644
index 0000000..55de505
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/parse_time.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: parse_time.h,v 1.4 1999/12/02 16:58:51 joda Exp $ */
+
+#ifndef __PARSE_TIME_H__
+#define __PARSE_TIME_H__
+
+int
+parse_time (const char *s, const char *def_unit);
+
+size_t
+unparse_time (int t, char *s, size_t len);
+
+size_t
+unparse_time_approx (int t, char *s, size_t len);
+
+void
+print_time_table (FILE *f);
+
+#endif /* __PARSE_TIME_H__ */
diff --git a/crypto/kerberosIV/lib/roken/parse_units.c b/crypto/kerberosIV/lib/roken/parse_units.c
new file mode 100644
index 0000000..34c5030
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/parse_units.c
@@ -0,0 +1,324 @@
+/*
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: parse_units.c,v 1.12 1999/12/02 16:58:51 joda Exp $");
+#endif
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <roken.h>
+#include "parse_units.h"
+
+/*
+ * Parse string in `s' according to `units' and return value.
+ * def_unit defines the default unit.
+ */
+
+static int
+parse_something (const char *s, const struct units *units,
+		 const char *def_unit,
+		 int (*func)(int res, int val, unsigned mult),
+		 int init,
+		 int accept_no_val_p)
+{
+    const char *p;
+    int res = init;
+    unsigned def_mult = 1;
+
+    if (def_unit != NULL) {
+	const struct units *u;
+
+	for (u = units; u->name; ++u) {
+	    if (strcasecmp (u->name, def_unit) == 0) {
+		def_mult = u->mult;
+		break;
+	    }
+	}
+	if (u->name == NULL)
+	    return -1;
+    }
+
+    p = s;
+    while (*p) {
+	double val;
+	char *next;
+	const struct units *u, *partial_unit;
+	size_t u_len;
+	unsigned partial;
+	int no_val_p = 0;
+
+	while(isspace((unsigned char)*p) || *p == ',')
+	    ++p;
+
+	val = strtod (p, &next); /* strtol(p, &next, 0); */
+	if (val == 0 && p == next) {
+	    if(!accept_no_val_p)
+		return -1;
+	    no_val_p = 1;
+	}
+	p = next;
+	while (isspace((unsigned char)*p))
+	    ++p;
+	if (*p == '\0') {
+	    res = (*func)(res, val, def_mult);
+	    if (res < 0)
+		return res;
+	    break;
+	} else if (*p == '+') {
+	    ++p;
+	    val = 1;
+	} else if (*p == '-') {
+	    ++p;
+	    val = -1;
+	}
+	if (no_val_p && val == 0)
+	    val = 1;
+	u_len = strcspn (p, ", \t");
+	partial = 0;
+	partial_unit = NULL;
+	if (u_len > 1 && p[u_len - 1] == 's')
+	    --u_len;
+	for (u = units; u->name; ++u) {
+	    if (strncasecmp (p, u->name, u_len) == 0) {
+		if (u_len == strlen (u->name)) {
+		    p += u_len;
+		    res = (*func)(res, val, u->mult);
+		    if (res < 0)
+			return res;
+		    break;
+		} else {
+		    ++partial;
+		    partial_unit = u;
+		}
+	    }
+	}
+	if (u->name == NULL) {
+	    if (partial == 1) {
+		p += u_len;
+		res = (*func)(res, val, partial_unit->mult);
+		if (res < 0)
+		    return res;
+	    } else {
+		return -1;
+	    }
+	}
+	if (*p == 's')
+	    ++p;
+    }
+    return res;
+}
+
+/*
+ * The string consists of a sequence of `n unit'
+ */
+
+static int
+acc_units(int res, int val, unsigned mult)
+{
+    return res + val * mult;
+}
+
+int
+parse_units (const char *s, const struct units *units,
+	     const char *def_unit)
+{
+    return parse_something (s, units, def_unit, acc_units, 0, 0);
+}
+
+/*
+ * The string consists of a sequence of `[+-]flag'.  `orig' consists
+ * the original set of flags, those are then modified and returned as
+ * the function value.
+ */
+
+static int
+acc_flags(int res, int val, unsigned mult)
+{
+    if(val == 1)
+	return res | mult;
+    else if(val == -1)
+	return res & ~mult;
+    else if (val == 0)
+	return mult;
+    else
+	return -1;
+}
+
+int
+parse_flags (const char *s, const struct units *units,
+	     int orig)
+{
+    return parse_something (s, units, NULL, acc_flags, orig, 1);
+}
+
+/*
+ * Return a string representation according to `units' of `num' in `s'
+ * with maximum length `len'.  The actual length is the function value.
+ */
+
+static size_t
+unparse_something (int num, const struct units *units, char *s, size_t len,
+		   int (*print) (char *s, size_t len, int div,
+				const char *name, int rem),
+		   int (*update) (int in, unsigned mult),
+		   const char *zero_string)
+{
+    const struct units *u;
+    size_t ret = 0, tmp;
+
+    if (num == 0)
+	return snprintf (s, len, "%s", zero_string);
+
+    for (u = units; num > 0 && u->name; ++u) {
+	int div;
+
+	div = num / u->mult;
+	if (div) {
+	    num = (*update) (num, u->mult);
+	    tmp = (*print) (s, len, div, u->name, num);
+
+	    len -= tmp;
+	    s += tmp;
+	    ret += tmp;
+	}
+    }
+    return ret;
+}
+
+static int
+print_unit (char *s, size_t len, int div, const char *name, int rem)
+{
+    return snprintf (s, len, "%u %s%s%s",
+		     div, name,
+		     div == 1 ? "" : "s",
+		     rem > 0 ? " " : "");
+}
+
+static int
+update_unit (int in, unsigned mult)
+{
+    return in % mult;
+}
+
+static int
+update_unit_approx (int in, unsigned mult)
+{
+    if (in / mult > 0)
+	return 0;
+    else
+	return update_unit (in, mult);
+}
+
+size_t
+unparse_units (int num, const struct units *units, char *s, size_t len)
+{
+    return unparse_something (num, units, s, len,
+			      print_unit,
+			      update_unit,
+			      "0");
+}
+
+size_t
+unparse_units_approx (int num, const struct units *units, char *s, size_t len)
+{
+    return unparse_something (num, units, s, len,
+			      print_unit,
+			      update_unit_approx,
+			      "0");
+}
+
+void
+print_units_table (const struct units *units, FILE *f)
+{
+    const struct units *u, *u2;
+    unsigned max_sz = 0;
+
+    for (u = units; u->name; ++u) {
+	max_sz = max(max_sz, strlen(u->name));
+    }
+
+    for (u = units; u->name;) {
+	char buf[1024];
+	const struct units *next;
+
+	for (next = u + 1; next->name && next->mult == u->mult; ++next)
+	    ;
+
+	if (next->name) {
+	    for (u2 = next;
+		 u2->name && u->mult % u2->mult != 0;
+		 ++u2)
+		;
+	    if (u2->name == NULL)
+		--u2;
+	    unparse_units (u->mult, u2, buf, sizeof(buf));
+	    fprintf (f, "1 %*s = %s\n", max_sz, u->name, buf);
+	} else {
+	    fprintf (f, "1 %s\n", u->name);
+	}
+	u = next;
+    }
+}
+
+static int
+print_flag (char *s, size_t len, int div, const char *name, int rem)
+{
+    return snprintf (s, len, "%s%s", name, rem > 0 ? ", " : "");
+}
+
+static int
+update_flag (int in, unsigned mult)
+{
+    return in - mult;
+}
+
+size_t
+unparse_flags (int num, const struct units *units, char *s, size_t len)
+{
+    return unparse_something (num, units, s, len,
+			      print_flag,
+			      update_flag,
+			      "");
+}
+
+void
+print_flags_table (const struct units *units, FILE *f)
+{
+    const struct units *u;
+
+    for(u = units; u->name; ++u)
+	fprintf(f, "%s%s", u->name, (u+1)->name ? ", " : "\n");
+}
diff --git a/crypto/kerberosIV/lib/roken/parse_units.h b/crypto/kerberosIV/lib/roken/parse_units.h
new file mode 100644
index 0000000..f159d30
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/parse_units.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: parse_units.h,v 1.6 1999/12/02 16:58:51 joda Exp $ */
+
+#ifndef __PARSE_UNITS_H__
+#define __PARSE_UNITS_H__
+
+#include <stdio.h>
+#include <stddef.h>
+
+struct units {
+    const char *name;
+    unsigned mult;
+};
+
+typedef struct units units;
+
+int
+parse_units (const char *s, const struct units *units,
+	     const char *def_unit);
+
+void
+print_units_table (const struct units *units, FILE *f);
+
+int
+parse_flags (const char *s, const struct units *units,
+	     int orig);
+
+size_t
+unparse_units (int num, const struct units *units, char *s, size_t len);
+
+size_t
+unparse_units_approx (int num, const struct units *units, char *s,
+		      size_t len);
+
+size_t
+unparse_flags (int num, const struct units *units, char *s, size_t len);
+
+void
+print_flags_table (const struct units *units, FILE *f);
+
+#endif /* __PARSE_UNITS_H__ */
diff --git a/crypto/kerberosIV/lib/roken/print_version.c b/crypto/kerberosIV/lib/roken/print_version.c
new file mode 100644
index 0000000..809bbb3
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/print_version.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: print_version.c,v 1.5 1999/12/02 16:58:51 joda Exp $");
+#endif
+#include "roken.h"
+
+#include "print_version.h"
+
+void
+print_version(const char *progname)
+{
+    const char *arg[] = VERSIONLIST;
+    const int num_args = sizeof(arg) / sizeof(arg[0]);
+    char *msg;
+    size_t len = 0;
+    int i;
+    
+    if(progname == NULL)
+	progname = __progname;
+    
+    if(num_args == 0)
+	msg = "no version information";
+    else {
+	for(i = 0; i < num_args; i++) {
+	    if(i > 0)
+		len += 2;
+	    len += strlen(arg[i]);
+	}
+	msg = malloc(len + 1);
+	if(msg == NULL) {
+	    fprintf(stderr, "%s: out of memory\n", progname);
+	    return;
+	}
+	msg[0] = '\0';
+	for(i = 0; i < num_args; i++) {
+	    if(i > 0)
+		strcat(msg, ", ");
+	    strcat(msg, arg[i]);
+	}
+    }
+    fprintf(stderr, "%s (%s)\n", progname, msg);
+    fprintf(stderr, "Copyright (c) 1999 Kungliga Tekniska H�gskolan\n");
+    if(num_args != 0)
+	free(msg);
+}
diff --git a/crypto/kerberosIV/lib/roken/putenv.c b/crypto/kerberosIV/lib/roken/putenv.c
new file mode 100644
index 0000000..80951d1
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/putenv.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: putenv.c,v 1.6 1999/12/02 16:58:51 joda Exp $");
+#endif
+
+#include <stdlib.h>
+
+extern char **environ;
+
+/*
+ * putenv --
+ *	String points to a string of the form name=value.
+ *
+ *      Makes the value of the environment variable name equal to
+ *      value by altering an existing variable or creating a new one.
+ */
+int putenv(const char *string)
+{
+    int i;
+    int len;
+    
+    len = string - strchr(string, '=') + 1;
+
+    if(environ == NULL){
+	environ = malloc(sizeof(char*));
+	if(environ == NULL)
+	    return 1;
+	environ[0] = NULL;
+    }
+
+    for(i = 0; environ[i]; i++)
+	if(strncmp(string, environ[i], len)){
+	    environ[len] = string;
+	    return 0;
+	}
+    environ = realloc(environ, sizeof(char*) * (i + 1));
+    if(environ == NULL)
+	return 1;
+    environ[i] = string;
+    environ[i+1] = NULL;
+    return 0;
+}
+
diff --git a/crypto/kerberosIV/lib/roken/rcmd.c b/crypto/kerberosIV/lib/roken/rcmd.c
new file mode 100644
index 0000000..4117948
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/rcmd.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: rcmd.c,v 1.3 1999/12/02 16:58:51 joda Exp $");
+#endif
+
+#include "roken.h"
+#include <stdio.h>
+
+int
+rcmd(char **ahost,
+     unsigned short inport,
+     const char *locuser,
+     const char *remuser,
+     const char *cmd,
+     int *fd2p)
+{
+  fprintf(stderr, "Only kerberized services are implemented\n");
+  return -1;
+}
diff --git a/crypto/kerberosIV/lib/roken/readv.c b/crypto/kerberosIV/lib/roken/readv.c
new file mode 100644
index 0000000..de2f9ea
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/readv.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: readv.c,v 1.5 1999/12/02 16:58:52 joda Exp $");
+#endif
+
+#include "roken.h"
+
+ssize_t
+readv(int d, const struct iovec *iov, int iovcnt)
+{
+    ssize_t ret, nb;
+    size_t tot = 0;
+    int i;
+    char *buf, *p;
+
+    for(i = 0; i < iovcnt; ++i)
+	tot += iov[i].iov_len;
+    buf = malloc(tot);
+    if (tot != 0 && buf == NULL) {
+	errno = ENOMEM;
+	return -1;
+    }
+    nb = ret = read (d, buf, tot);
+    p = buf;
+    while (nb > 0) {
+	ssize_t cnt = min(nb, iov->iov_len);
+
+	memcpy (iov->iov_base, p, cnt);
+	p += cnt;
+	nb -= cnt;
+    }
+    free(buf);
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/recvmsg.c b/crypto/kerberosIV/lib/roken/recvmsg.c
new file mode 100644
index 0000000..e94ad68
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/recvmsg.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: recvmsg.c,v 1.5 1999/12/02 16:58:52 joda Exp $");
+#endif
+
+#include "roken.h"
+
+ssize_t
+recvmsg(int s, struct msghdr *msg, int flags)
+{
+    ssize_t ret, nb;
+    size_t tot = 0;
+    int i;
+    char *buf, *p;
+    struct iovec *iov = msg->msg_iov;
+
+    for(i = 0; i < msg->msg_iovlen; ++i)
+	tot += iov[i].iov_len;
+    buf = malloc(tot);
+    if (tot != 0 && buf == NULL) {
+	errno = ENOMEM;
+	return -1;
+    }
+    nb = ret = recvfrom (s, buf, tot, flags, msg->msg_name, &msg->msg_namelen);
+    p = buf;
+    while (nb > 0) {
+	ssize_t cnt = min(nb, iov->iov_len);
+
+	memcpy (iov->iov_base, p, cnt);
+	p += cnt;
+	nb -= cnt;
+	++iov;
+    }
+    free(buf);
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/resolve.c b/crypto/kerberosIV/lib/roken/resolve.c
new file mode 100644
index 0000000..8840740
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/resolve.c
@@ -0,0 +1,353 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+#include "resolve.h"
+
+RCSID("$Id: resolve.c,v 1.22 1999/12/02 16:58:52 joda Exp $");
+
+#if defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND)
+
+#define DECL(X) {#X, T_##X}
+
+static struct stot{
+    const char *name;
+    int type;
+}stot[] = {
+    DECL(A),
+    DECL(NS),
+    DECL(CNAME),
+    DECL(PTR),
+    DECL(MX),
+    DECL(TXT),
+    DECL(AFSDB),
+    DECL(SRV),
+    {NULL, 	0}
+};
+
+int _resolve_debug;
+
+static int
+string_to_type(const char *name)
+{
+    struct stot *p = stot;
+    for(p = stot; p->name; p++)
+	if(strcasecmp(name, p->name) == 0)
+	    return p->type;
+    return -1;
+}
+
+static const char *
+type_to_string(int type)
+{
+    struct stot *p = stot;
+    for(p = stot; p->name; p++)
+	if(type == p->type)
+	    return p->name;
+    return NULL;
+}
+
+void
+dns_free_data(struct dns_reply *r)
+{
+    struct resource_record *rr;
+    if(r->q.domain)
+	free(r->q.domain);
+    for(rr = r->head; rr;){
+	struct resource_record *tmp = rr;
+	if(rr->domain)
+	    free(rr->domain);
+	if(rr->u.data)
+	    free(rr->u.data);
+	rr = rr->next;
+	free(tmp);
+    }
+    free (r);
+}
+
+static struct dns_reply*
+parse_reply(unsigned char *data, int len)
+{
+    unsigned char *p;
+    char host[128];
+    int status;
+    
+    struct dns_reply *r;
+    struct resource_record **rr;
+    
+    r = calloc(1, sizeof(*r));
+    if (r == NULL)
+	return NULL;
+
+    p = data;
+#if 0
+    /* doesn't work on Crays */
+    memcpy(&r->h, p, sizeof(HEADER));
+    p += sizeof(HEADER);
+#else
+    memcpy(&r->h, p, 12); /* XXX this will probably be mostly garbage */
+    p += 12;
+#endif
+    status = dn_expand(data, data + len, p, host, sizeof(host));
+    if(status < 0){
+	dns_free_data(r);
+	return NULL;
+    }
+    r->q.domain = strdup(host);
+    if(r->q.domain == NULL) {
+	dns_free_data(r);
+	return NULL;
+    }
+    p += status;
+    r->q.type = (p[0] << 8 | p[1]);
+    p += 2;
+    r->q.class = (p[0] << 8 | p[1]);
+    p += 2;
+    rr = &r->head;
+    while(p < data + len){
+	int type, class, ttl, size;
+	status = dn_expand(data, data + len, p, host, sizeof(host));
+	if(status < 0){
+	    dns_free_data(r);
+	    return NULL;
+	}
+	p += status;
+	type = (p[0] << 8) | p[1];
+	p += 2;
+	class = (p[0] << 8) | p[1];
+	p += 2;
+	ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+	p += 4;
+	size = (p[0] << 8) | p[1];
+	p += 2;
+	*rr = (struct resource_record*)calloc(1, 
+					      sizeof(struct resource_record));
+	if(*rr == NULL) {
+	    dns_free_data(r);
+	    return NULL;
+	}
+	(*rr)->domain = strdup(host);
+	if((*rr)->domain == NULL) {
+	    dns_free_data(r);
+	    return NULL;
+	}
+	(*rr)->type = type;
+	(*rr)->class = class;
+	(*rr)->ttl = ttl;
+	(*rr)->size = size;
+	switch(type){
+	case T_NS:
+	case T_CNAME:
+	case T_PTR:
+	    status = dn_expand(data, data + len, p, host, sizeof(host));
+	    if(status < 0){
+		dns_free_data(r);
+		return NULL;
+	    }
+	    (*rr)->u.txt = strdup(host);
+	    if((*rr)->u.txt == NULL) {
+		dns_free_data(r);
+		return NULL;
+	    }
+	    break;
+	case T_MX:
+	case T_AFSDB:{
+	    status = dn_expand(data, data + len, p + 2, host, sizeof(host));
+	    if(status < 0){
+		dns_free_data(r);
+		return NULL;
+	    }
+	    (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + 
+						    strlen(host));
+	    if((*rr)->u.mx == NULL) {
+		dns_free_data(r);
+		return NULL;
+	    }
+	    (*rr)->u.mx->preference = (p[0] << 8) | p[1];
+	    strcpy((*rr)->u.mx->domain, host);
+	    break;
+	}
+	case T_SRV:{
+	    status = dn_expand(data, data + len, p + 6, host, sizeof(host));
+	    if(status < 0){
+		dns_free_data(r);
+		return NULL;
+	    }
+	    (*rr)->u.srv = 
+		(struct srv_record*)malloc(sizeof(struct srv_record) + 
+					   strlen(host));
+	    if((*rr)->u.srv == NULL) {
+		dns_free_data(r);
+		return NULL;
+	    }
+	    (*rr)->u.srv->priority = (p[0] << 8) | p[1];
+	    (*rr)->u.srv->weight = (p[2] << 8) | p[3];
+	    (*rr)->u.srv->port = (p[4] << 8) | p[5];
+	    strcpy((*rr)->u.srv->target, host);
+	    break;
+	}
+	case T_TXT:{
+	    (*rr)->u.txt = (char*)malloc(size + 1);
+	    if((*rr)->u.txt == NULL) {
+		dns_free_data(r);
+		return NULL;
+	    }
+	    strncpy((*rr)->u.txt, (char*)p + 1, *p);
+	    (*rr)->u.txt[*p] = 0;
+	    break;
+	}
+	    
+	default:
+	    (*rr)->u.data = (unsigned char*)malloc(size);
+	    if(size != 0 && (*rr)->u.data == NULL) {
+		dns_free_data(r);
+		return NULL;
+	    }
+	    memcpy((*rr)->u.data, p, size);
+	}
+	p += size;
+	rr = &(*rr)->next;
+    }
+    *rr = NULL;
+    return r;
+}
+
+static struct dns_reply *
+dns_lookup_int(const char *domain, int rr_class, int rr_type)
+{
+    unsigned char reply[1024];
+    int len;
+    struct dns_reply *r = NULL;
+    u_long old_options = 0;
+    
+    if (_resolve_debug) {
+        old_options = _res.options;
+	_res.options |= RES_DEBUG;
+	fprintf(stderr, "dns_lookup(%s, %d, %s)\n", domain,
+		rr_class, type_to_string(rr_type));
+    }
+    len = res_search(domain, rr_class, rr_type, reply, sizeof(reply));
+    if (_resolve_debug) {
+        _res.options = old_options;
+	fprintf(stderr, "dns_lookup(%s, %d, %s) --> %d\n",
+		domain, rr_class, type_to_string(rr_type), len);
+    }
+    if (len >= 0)
+	r = parse_reply(reply, len);
+    return r;
+}
+
+struct dns_reply *
+dns_lookup(const char *domain, const char *type_name)
+{
+    int type;
+    
+    type = string_to_type(type_name);
+    if(type == -1) {
+	if(_resolve_debug)
+	    fprintf(stderr, "dns_lookup: unknown resource type: `%s'\n", 
+		    type_name);
+	return NULL;
+    }
+    return dns_lookup_int(domain, C_IN, type);
+}
+
+#else /* NOT defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) */
+
+struct dns_reply *
+dns_lookup(const char *domain, const char *type_name)
+{
+    return NULL;
+}
+
+void
+dns_free_data(struct dns_reply *r)
+{
+}
+
+#endif
+
+#ifdef TEST
+int 
+main(int argc, char **argv)
+{
+    struct dns_reply *r;
+    struct resource_record *rr;
+    r = dns_lookup(argv[1], argv[2]);
+    if(r == NULL){
+	printf("No reply.\n");
+	return 1;
+    }
+    for(rr = r->head; rr;rr=rr->next){
+	printf("%s %s %d ", rr->domain, type_to_string(rr->type), rr->ttl);
+	switch(rr->type){
+	case T_NS:
+	    printf("%s\n", (char*)rr->u.data);
+	    break;
+	case T_A:
+	    printf("%d.%d.%d.%d\n", 
+		   ((unsigned char*)rr->u.data)[0],
+		   ((unsigned char*)rr->u.data)[1],
+		   ((unsigned char*)rr->u.data)[2],
+		   ((unsigned char*)rr->u.data)[3]);
+	    break;
+	case T_MX:
+	case T_AFSDB:{
+	    struct mx_record *mx = (struct mx_record*)rr->u.data;
+	    printf("%d %s\n", mx->preference, mx->domain);
+	    break;
+	}
+	case T_SRV:{
+	    struct srv_record *srv = (struct srv_record*)rr->u.data;
+	    printf("%d %d %d %s\n", srv->priority, srv->weight, 
+		   srv->port, srv->target);
+	    break;
+	}
+	default:
+	    printf("\n");
+	    break;
+	}
+    }
+    
+    return 0;
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/resolve.h b/crypto/kerberosIV/lib/roken/resolve.h
new file mode 100644
index 0000000..c90f6b5
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/resolve.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: resolve.h,v 1.8 1999/12/02 16:58:52 joda Exp $ */
+
+#ifndef __RESOLVE_H__
+#define __RESOLVE_H__
+
+/* We use these, but they are not always present in <arpa/nameser.h> */
+
+#ifndef T_TXT
+#define T_TXT		16
+#endif
+#ifndef T_AFSDB
+#define T_AFSDB		18
+#endif
+#ifndef T_SRV
+#define T_SRV		33
+#endif
+#ifndef T_NAPTR
+#define T_NAPTR		35
+#endif
+
+struct dns_query{
+    char *domain;
+    unsigned type;
+    unsigned class;
+};
+
+struct mx_record{
+    unsigned  preference;
+    char domain[1];
+};
+
+struct srv_record{
+    unsigned priority;
+    unsigned weight;
+    unsigned port;
+    char target[1];
+};
+
+struct resource_record{
+    char *domain;
+    unsigned type;
+    unsigned class;
+    unsigned ttl;
+    unsigned size;
+    union {
+	void *data;
+	struct mx_record *mx;
+	struct mx_record *afsdb; /* mx and afsdb are identical */
+	struct srv_record *srv;
+	struct in_addr *a;
+	char *txt;
+    }u;
+    struct resource_record *next;
+};
+
+#ifndef T_A /* XXX if <arpa/nameser.h> isn't included */
+typedef int HEADER; /* will never be used */
+#endif
+
+struct dns_reply{
+    HEADER h;
+    struct dns_query q;
+    struct resource_record *head;
+};
+
+
+struct dns_reply* dns_lookup(const char *, const char *);
+void dns_free_data(struct dns_reply *);
+
+#endif /* __RESOLVE_H__ */
diff --git a/crypto/kerberosIV/lib/roken/resource.h b/crypto/kerberosIV/lib/roken/resource.h
new file mode 100644
index 0000000..01cd01d
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/resource.h
@@ -0,0 +1,15 @@
+//{{NO_DEPENDENCIES}}
+// Microsoft Developer Studio generated include file.
+// Used by roken.rc
+//
+
+// Next default values for new objects
+// 
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_NEXT_RESOURCE_VALUE        101
+#define _APS_NEXT_COMMAND_VALUE         40001
+#define _APS_NEXT_CONTROL_VALUE         1000
+#define _APS_NEXT_SYMED_VALUE           101
+#endif
+#endif
diff --git a/crypto/kerberosIV/lib/roken/roken-common.h b/crypto/kerberosIV/lib/roken/roken-common.h
new file mode 100644
index 0000000..0bb648b
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken-common.h
@@ -0,0 +1,255 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: roken-common.h,v 1.19 1999/12/02 16:58:52 joda Exp $ */
+
+#ifndef __ROKEN_COMMON_H__
+#define __ROKEN_COMMON_H__
+
+#ifndef INADDR_NONE
+#define INADDR_NONE 0xffffffff
+#endif
+
+#ifndef SOMAXCONN
+#define SOMAXCONN 5
+#endif
+
+#ifndef STDIN_FILENO
+#define STDIN_FILENO 0
+#endif
+
+#ifndef STDOUT_FILENO
+#define STDOUT_FILENO 1
+#endif
+
+#ifndef STDERR_FILENO
+#define STDERR_FILENO 2
+#endif
+
+#ifndef max
+#define max(a,b) (((a)>(b))?(a):(b))
+#endif
+
+#ifndef min
+#define min(a,b) (((a)<(b))?(a):(b))
+#endif
+
+#ifndef TRUE
+#define TRUE 1
+#endif
+
+#ifndef FALSE
+#define FALSE 0
+#endif
+
+#ifndef LOG_DAEMON
+#define openlog(id,option,facility) openlog((id),(option))
+#define	LOG_DAEMON	0
+#endif
+#ifndef LOG_ODELAY
+#define LOG_ODELAY 0
+#endif
+#ifndef LOG_NDELAY
+#define LOG_NDELAY 0x08
+#endif
+#ifndef LOG_CONS
+#define LOG_CONS 0
+#endif
+#ifndef LOG_AUTH
+#define LOG_AUTH 0
+#endif
+#ifndef LOG_AUTHPRIV
+#define LOG_AUTHPRIV LOG_AUTH
+#endif
+
+#ifndef F_OK
+#define F_OK 0
+#endif
+
+#ifndef O_ACCMODE
+#define O_ACCMODE	003
+#endif
+
+#ifndef _PATH_DEVNULL
+#define _PATH_DEVNULL "/dev/null"
+#endif
+
+#ifndef _PATH_HEQUIV
+#define _PATH_HEQUIV "/etc/hosts.equiv"
+#endif
+
+#ifndef MAXPATHLEN
+#define MAXPATHLEN (1024+4)
+#endif
+
+#ifndef SIG_ERR
+#define SIG_ERR ((RETSIGTYPE (*)())-1)
+#endif
+
+#ifndef HOST_NOT_FOUND
+#define HOST_NOT_FOUND 1
+#endif
+
+#ifndef TRY_AGAIN
+#define TRY_AGAIN 2
+#endif
+
+#ifndef NO_RECOVERY
+#define NO_RECOVERY 3
+#endif
+
+#ifndef NO_DATA
+#define NO_DATA 4
+#endif
+
+#ifndef NO_ADDRESS
+#define NO_ADDRESS NO_DATA
+#endif
+
+#if 0
+
+struct addrinfo {
+    int    ai_flags;
+    int    ai_family;
+    int    ai_socktype;
+    int    ai_protocol;
+    size_t ai_addrlen;
+    char  *ai_canonname;
+    struct sockaddr *ai_addr;
+    struct addrinfo *ai_next;
+};
+
+#define EAI_ADDRFAMILY	1	/* address family for nodename not supported */
+#define EAI_AGAIN	2	/* temporary failure in name resolution */
+#define EAI_BADFLAGS	3	/* invalid value for ai_flags */
+#define EAI_FAIL	4	/* non-recoverable failure in name resolution */
+#define EAI_FAMILY	5	/* ai_family not supported */
+#define EAI_MEMORY	6	/* memory allocation failure */
+#define EAI_NODATA	7	/* no address associated with nodename */
+#define EAI_NONAME	8	/* nodename nor servname provided, or not known */
+#define EAI_SERVICE	9	/* servname not supported for ai_socktype */
+#define EAI_SOCKTYPE   10	/* ai_socktype not supported */
+#define EAI_SYSTEM     11	/* system error returned in errno */
+
+/* flags for getaddrinfo() */
+
+#define AI_PASSIVE	0x01
+#define AI_CANONNAME	0x02
+#define AI_NUMERICHOST	0x04
+
+#endif
+
+/*
+ * constants for inet_ntop
+ */
+
+#ifndef INET_ADDRSTRLEN
+#define INET_ADDRSTRLEN    16
+#endif
+
+#ifndef INET6_ADDRSTRLEN
+#define INET6_ADDRSTRLEN   46
+#endif
+
+/*
+ * for shutdown(2)
+ */
+
+#ifndef SHUT_RD
+#define SHUT_RD 0
+#endif
+
+#ifndef SHUT_WR
+#define SHUT_WR 1
+#endif
+
+#ifndef SHUT_RDWR
+#define SHUT_RDWR 2
+#endif
+
+#ifndef HAVE___ATTRIBUTE__
+#define __attribute__(x)
+#endif
+
+#if IRIX != 4 /* fix for compiler bug */
+#ifdef RETSIGTYPE
+typedef RETSIGTYPE (*SigAction)(/* int??? */);
+SigAction signal(int iSig, SigAction pAction); /* BSD compatible */
+#endif
+#endif
+
+int ROKEN_LIB_FUNCTION simple_execve(const char*, char*const[], char*const[]);
+int ROKEN_LIB_FUNCTION simple_execvp(const char*, char *const[]);
+int ROKEN_LIB_FUNCTION simple_execlp(const char*, ...);
+int ROKEN_LIB_FUNCTION simple_execle(const char*, ...);
+
+void ROKEN_LIB_FUNCTION print_version(const char *);
+
+void *ROKEN_LIB_FUNCTION emalloc (size_t);
+void *ROKEN_LIB_FUNCTION erealloc (void *, size_t);
+char *ROKEN_LIB_FUNCTION estrdup (const char *);
+
+ssize_t ROKEN_LIB_FUNCTION eread (int fd, void *buf, size_t nbytes);
+ssize_t ROKEN_LIB_FUNCTION ewrite (int fd, const void *buf, size_t nbytes);
+
+void
+socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port);
+
+size_t
+socket_addr_size (const struct sockaddr *sa);
+
+void
+socket_set_any (struct sockaddr *sa, int af);
+
+size_t
+socket_sockaddr_size (const struct sockaddr *sa);
+
+void *
+socket_get_address (struct sockaddr *sa);
+
+int
+socket_get_port (const struct sockaddr *sa);
+
+void
+socket_set_port (struct sockaddr *sa, int port);
+
+void
+socket_set_debug (int sock);
+
+void
+socket_set_tos (int sock, int tos);
+
+void
+socket_set_reuseaddr (int sock, int val);
+
+#endif /* __ROKEN_COMMON_H__ */
diff --git a/crypto/kerberosIV/lib/roken/roken.awk b/crypto/kerberosIV/lib/roken/roken.awk
new file mode 100644
index 0000000..626fae5
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken.awk
@@ -0,0 +1,35 @@
+BEGIN {
+	print "#include <stdio.h>"
+	print "#ifdef HAVE_CONFIG_H"
+	print "#include <config.h>"
+	print "#endif"
+	print ""
+	print "int main()"
+	print "{"
+	    print "puts(\"/* This is an OS dependent, generated file */\");"
+	print "puts(\"\\n\");"
+	print "puts(\"#ifndef __ROKEN_H__\");"
+	print "puts(\"#define __ROKEN_H__\");"
+	print "puts(\"\");"
+}
+END {
+	print "puts(\"#endif /* __ROKEN_H__ */\");"
+	print "exit(0);"
+	print "}"
+}
+
+$1 == "\#ifdef" || $1 == "\#ifndef" || $1 == "\#if" || $1 == "\#else" || $1 == "\#elif" || $1 == "\#endif" || $1 == "#ifdef" || $1 == "#ifndef" || $1 == "#if" || $1 == "#else" || $1 == "#elif" || $1 == "#endif" {
+	print $0;
+	next
+}
+
+{
+	s = ""
+	for(i = 1; i <= length; i++){
+		x = substr($0, i, 1)
+		if(x == "\"" || x == "\\")
+			s = s "\\";
+		s = s x;
+	}
+	print "puts(\"" s "\");"
+}
diff --git a/crypto/kerberosIV/lib/roken/roken.def b/crypto/kerberosIV/lib/roken/roken.def
new file mode 100644
index 0000000..f9b0369
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken.def
@@ -0,0 +1,17 @@
+LIBRARY roken BASE=0x68f0000
+EXPORTS
+	gettimeofday
+	strcasecmp
+	strtok_r
+	snprintf
+	asprintf
+	vsnprintf
+	base64_decode
+	base64_encode
+	roken_concat
+	roken_vconcat
+	roken_vmconcat
+	roken_mconcat
+	getuid
+	dns_free_data
+	dns_lookup
diff --git a/crypto/kerberosIV/lib/roken/roken.dsp b/crypto/kerberosIV/lib/roken/roken.dsp
new file mode 100644
index 0000000..d84854e
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken.dsp
@@ -0,0 +1,156 @@
+# Microsoft Developer Studio Project File - Name="roken" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 5.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=roken - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE 
+!MESSAGE NMAKE /f "roken.mak".
+!MESSAGE 
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "roken.mak" CFG="roken - Win32 Release"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "roken - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "roken - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE 
+
+# Begin Project
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "roken - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir ".\Release"
+# PROP BASE Intermediate_Dir ".\Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir ".\Release"
+# PROP Intermediate_Dir ".\Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c
+# ADD CPP /nologo /MT /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386
+# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /base:"0x68e7780" /subsystem:windows /dll /machine:I386
+
+!ELSEIF  "$(CFG)" == "roken - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir ".\Debug"
+# PROP BASE Intermediate_Dir ".\Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir ".\Debug"
+# PROP Intermediate_Dir ".\Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c
+# ADD CPP /nologo /MDd /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386
+# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll /debug /machine:I386 /def:".\roken.def"
+# SUBTRACT LINK32 /pdb:none
+
+!ENDIF 
+
+# Begin Target
+
+# Name "roken - Win32 Release"
+# Name "roken - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;hpj;bat;for;f90"
+# Begin Source File
+
+SOURCE=.\base64.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\concat.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\gettimeofday.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\getuid.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\resolve.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\roken.def
+
+!IF  "$(CFG)" == "roken - Win32 Release"
+
+!ELSEIF  "$(CFG)" == "roken - Win32 Debug"
+
+# PROP Exclude_From_Build 1
+
+!ENDIF 
+
+# End Source File
+# Begin Source File
+
+SOURCE=.\snprintf.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\strcasecmp.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\strtok_r.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl;fi;fd"
+# Begin Source File
+
+SOURCE=.\resolve.h
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;cnt;rtf;gif;jpg;jpeg;jpe"
+# Begin Source File
+
+SOURCE=.\roken.rc
+# End Source File
+# End Group
+# End Target
+# End Project
diff --git a/crypto/kerberosIV/lib/roken/roken.h.in b/crypto/kerberosIV/lib/roken/roken.h.in
new file mode 100644
index 0000000..65263ba
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken.h.in
@@ -0,0 +1,505 @@
+/* -*- C -*- */
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: roken.h.in,v 1.125 1999/12/02 16:58:52 joda Exp $ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <signal.h>
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#ifdef HAVE_WINSOCK_H
+#include <winsock.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_ERRNO_H
+#include <errno.h>
+#endif
+#ifdef HAVE_ERR_H
+#include <err.h>
+#endif
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#endif
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef ROKEN_LIB_FUNCTION
+#if defined(__BORLANDC__)
+#define ROKEN_LIB_FUNCTION /* not-ready-definition-yet */
+#elif defined(_MSC_VER)
+#define ROKEN_LIB_FUNCTION /* not-ready-definition-yet2 */
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+#include <roken-common.h>
+
+#if !defined(HAVE_SETSID) && defined(HAVE__SETSID)
+#define setsid _setsid
+#endif
+
+#ifndef HAVE_PUTENV
+int putenv(const char *string);
+#endif
+
+#if !defined(HAVE_SETENV) || defined(NEED_SETENV_PROTO)
+int setenv(const char *var, const char *val, int rewrite);
+#endif
+
+#if !defined(HAVE_UNSETENV) || defined(NEED_UNSETENV_PROTO)
+void unsetenv(const char *name);
+#endif
+
+#if !defined(HAVE_GETUSERSHELL) || defined(NEED_GETUSERSHELL_PROTO)
+char *getusershell(void);
+void endusershell(void);
+#endif
+
+#if !defined(HAVE_SNPRINTF) || defined(NEED_SNPRINTF_PROTO)
+int snprintf (char *str, size_t sz, const char *format, ...)
+     __attribute__ ((format (printf, 3, 4)));
+#endif
+
+#if !defined(HAVE_VSNPRINTF) || defined(NEED_VSNPRINTF_PROTO)
+int vsnprintf (char *str, size_t sz, const char *format, va_list ap)
+     __attribute__((format (printf, 3, 0)));
+#endif
+
+#if !defined(HAVE_ASPRINTF) || defined(NEED_ASPRINTF_PROTO)
+int asprintf (char **ret, const char *format, ...)
+     __attribute__ ((format (printf, 2, 3)));
+#endif
+
+#if !defined(HAVE_VASPRINTF) || defined(NEED_VASPRINTF_PROTO)
+int vasprintf (char **ret, const char *format, va_list ap)
+     __attribute__((format (printf, 2, 0)));
+#endif
+
+#if !defined(HAVE_ASNPRINTF) || defined(NEED_ASNPRINTF_PROTO)
+int asnprintf (char **ret, size_t max_sz, const char *format, ...)
+     __attribute__ ((format (printf, 3, 4)));
+#endif
+
+#if !defined(HAVE_VASNPRINTF) || defined(NEED_VASNPRINTF_PROTO)
+int vasnprintf (char **ret, size_t max_sz, const char *format, va_list ap)
+     __attribute__((format (printf, 3, 0)));
+#endif
+
+#ifndef HAVE_STRDUP
+char * strdup(const char *old);
+#endif
+
+#ifndef HAVE_STRNDUP
+char * strndup(const char *old, size_t sz);
+#endif
+
+#ifndef HAVE_STRLWR
+char * strlwr(char *);
+#endif
+
+#ifndef HAVE_STRNLEN
+size_t strnlen(const char*, size_t);
+#endif
+
+#if !defined(HAVE_STRSEP) || defined(NEED_STRSEP_PROTO)
+char *strsep(char**, const char*);
+#endif
+
+#ifndef HAVE_STRCASECMP
+int strcasecmp(const char *s1, const char *s2);
+#endif
+
+#ifdef NEED_FCLOSE_PROTO
+int fclose(FILE *);
+#endif
+
+#ifdef NEED_STRTOK_R_PROTO
+char *strtok_r(char *s1, const char *s2, char **lasts);
+#endif
+
+#ifndef HAVE_STRUPR
+char * strupr(char *);
+#endif
+
+#ifndef HAVE_STRLCPY
+size_t strlcpy (char *dst, const char *src, size_t dst_sz);
+#endif
+
+#ifndef HAVE_STRLCAT
+size_t strlcat (char *dst, const char *src, size_t dst_sz);
+#endif
+
+#ifndef HAVE_GETDTABLESIZE
+int getdtablesize(void);
+#endif
+
+#if !defined(HAVE_STRERROR) && !defined(strerror)
+char *strerror(int eno);
+#endif
+
+#if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO)
+/* This causes a fatal error under Psoriasis */
+#if !(defined(SunOS) && (SunOS >= 50))
+const char *hstrerror(int herr);
+#endif
+#endif
+
+#ifndef HAVE_H_ERRNO_DECLARATION
+extern int h_errno;
+#endif
+
+#if !defined(HAVE_INET_ATON) || defined(NEED_INET_ATON_PROTO)
+int inet_aton(const char *cp, struct in_addr *adr);
+#endif
+
+#ifndef HAVE_INET_NTOP
+const char *
+inet_ntop(int af, const void *src, char *dst, size_t size);
+#endif
+
+#ifndef HAVE_INET_PTON
+int
+inet_pton(int af, const char *src, void *dst);
+#endif
+
+#if !defined(HAVE_GETCWD)
+char* getcwd(char *path, size_t size);
+#endif
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+struct passwd *k_getpwnam (const char *user);
+struct passwd *k_getpwuid (uid_t uid);
+#endif
+
+const char *get_default_username (void);
+
+#ifndef HAVE_SETEUID
+int seteuid(uid_t euid);
+#endif
+
+#ifndef HAVE_SETEGID
+int setegid(gid_t egid);
+#endif
+
+#ifndef HAVE_LSTAT
+int lstat(const char *path, struct stat *buf);
+#endif
+
+#if !defined(HAVE_MKSTEMP) || defined(NEED_MKSTEMP_PROTO)
+int mkstemp(char *);
+#endif
+
+#ifndef HAVE_CGETENT
+int cgetent(char **buf, char **db_array, const char *name);
+int cgetstr(char *buf, const char *cap, char **str);
+#endif
+
+#ifndef HAVE_INITGROUPS
+int initgroups(const char *name, gid_t basegid);
+#endif
+
+#ifndef HAVE_FCHOWN
+int fchown(int fd, uid_t owner, gid_t group);
+#endif
+
+#ifndef HAVE_DAEMON
+int daemon(int nochdir, int noclose);
+#endif
+
+#ifndef HAVE_INNETGR
+int innetgr(const char *netgroup, const char *machine, 
+	    const char *user, const char *domain);
+#endif
+
+#ifndef HAVE_CHOWN
+int chown(const char *path, uid_t owner, gid_t group);
+#endif
+
+#ifndef HAVE_RCMD
+int rcmd(char **ahost, unsigned short inport, const char *locuser,
+	 const char *remuser, const char *cmd, int *fd2p);
+#endif
+
+#if !defined(HAVE_INNETGR) || defined(NEED_INNETGR_PROTO)
+int innetgr(const char*, const char*, const char*, const char*);
+#endif
+
+#ifndef HAVE_IRUSEROK
+int iruserok(unsigned raddr, int superuser, const char *ruser,
+	     const char *luser);
+#endif
+
+#if !defined(HAVE_GETHOSTNAME) || defined(NEED_GETHOSTNAME_PROTO)
+int gethostname(char *name, int namelen);
+#endif
+
+#ifndef HAVE_WRITEV
+ssize_t
+writev(int d, const struct iovec *iov, int iovcnt);
+#endif
+
+#ifndef HAVE_READV
+ssize_t
+readv(int d, const struct iovec *iov, int iovcnt);
+#endif
+
+#ifndef HAVE_MKSTEMP
+int
+mkstemp(char *template);
+#endif
+
+#ifndef HAVE_FLOCK
+#ifndef LOCK_SH
+#define LOCK_SH   1		/* Shared lock */
+#endif
+#ifndef	LOCK_EX
+#define LOCK_EX   2		/* Exclusive lock */
+#endif
+#ifndef LOCK_NB
+#define LOCK_NB   4		/* Don't block when locking */
+#endif
+#ifndef LOCK_UN
+#define LOCK_UN   8		/* Unlock */
+#endif
+
+int flock(int fd, int operation);
+#endif /* HAVE_FLOCK */
+
+time_t tm2time (struct tm tm, int local);
+
+int unix_verify_user(char *user, char *password);
+
+void inaddr2str(struct in_addr addr, char *s, size_t len);
+
+void mini_inetd (int port);
+
+int roken_concat (char *s, size_t len, ...);
+
+size_t roken_mconcat (char **s, size_t max_len, ...);
+
+int roken_vconcat (char *s, size_t len, va_list args);
+
+size_t roken_vmconcat (char **s, size_t max_len, va_list args);
+
+ssize_t net_write (int fd, const void *buf, size_t nbytes);
+
+ssize_t net_read (int fd, void *buf, size_t nbytes);
+
+int issuid(void);
+
+#ifndef HAVE_STRUCT_WINSIZE
+struct winsize {
+	unsigned short ws_row, ws_col;
+	unsigned short ws_xpixel, ws_ypixel;
+};
+#endif
+
+int get_window_size(int fd, struct winsize *);
+
+#ifndef HAVE_VSYSLOG
+void vsyslog(int pri, const char *fmt, va_list ap);
+#endif
+
+#ifndef HAVE_OPTARG_DECLARATION
+extern char *optarg;
+#endif
+#ifndef HAVE_OPTIND_DECLARATION
+extern int optind;
+#endif
+#ifndef HAVE_OPTERR_DECLARATION
+extern int opterr;
+#endif
+
+#ifndef HAVE___PROGNAME_DECLARATION
+extern const char *__progname;
+#endif
+
+#ifndef HAVE_ENVIRON_DECLARATION
+extern char **environ;
+#endif
+
+#ifndef HAVE_GETIPNODEBYNAME
+struct hostent *
+getipnodebyname (const char *name, int af, int flags, int *error_num);
+#endif
+
+#ifndef HAVE_GETIPNODEBYADDR
+struct hostent *
+getipnodebyaddr (const void *src, size_t len, int af, int *error_num);
+#endif
+
+#ifndef HAVE_FREEHOSTENT
+void
+freehostent (struct hostent *h);
+#endif
+
+#ifndef HAVE_COPYHOSTENT
+struct hostent *
+copyhostent (const struct hostent *h);
+#endif
+
+#ifndef HAVE_STRUCT_SOCKADDR_STORAGE
+
+#ifndef HAVE_SA_FAMILY_T
+typedef unsigned short sa_family_t;
+#endif
+
+#if HAVE_STRUCT_SOCKADDR_SA_LEN
+
+struct sockaddr_storage {
+    unsigned char	__ss_len;
+    sa_family_t		__ss_family;
+    char		pad[
+#ifdef HAVE_IPV6
+			    sizeof(struct sockaddr_in6)
+#else
+			    sizeof(struct sockaddr_in)
+#endif
+			   - sizeof(unsigned char) - sizeof(sa_family_t)];
+};
+
+#else
+
+struct sockaddr_storage {
+    sa_family_t		__ss_family;
+    char		pad[
+#ifdef HAVE_IPV6
+			    sizeof(struct sockaddr_in6)
+#else
+			    sizeof(struct sockaddr_in)
+#endif
+			    - sizeof(sa_family_t)];
+};
+
+#endif
+
+#endif /* HAVE_STRUCT_SOCKADDR_STORAGE */
+
+/*
+ * kludges and such
+ */
+
+#if 1
+int roken_gethostby_setup(const char*, const char*);
+struct hostent* roken_gethostbyname(const char*);
+struct hostent* roken_gethostbyaddr(const void*, size_t, int);
+#else
+#ifdef GETHOSTBYNAME_PROTO_COMPATIBLE
+#define roken_gethostbyname(x) gethostbyname(x)
+#else
+#define roken_gethostbyname(x) gethostbyname((char *)x)
+#endif
+
+#ifdef GETHOSTBYADDR_PROTO_COMPATIBLE
+#define roken_gethostbyaddr(a, l, t) gethostbyaddr(a, l, t)
+#else
+#define roken_gethostbyaddr(a, l, t) gethostbyaddr((char *)a, l, t)
+#endif
+#endif
+
+#ifdef GETSERVBYNAME_PROTO_COMPATIBLE
+#define roken_getservbyname(x,y) getservbyname(x,y)
+#else
+#define roken_getservbyname(x,y) getservbyname((char *)x, (char *)y)
+#endif
+
+#ifdef OPENLOG_PROTO_COMPATIBLE
+#define roken_openlog(a,b,c) openlog(a,b,c)
+#else
+#define roken_openlog(a,b,c) openlog((char *)a,b,c)
+#endif
+
+void set_progname(char *argv0);
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/roken.mak b/crypto/kerberosIV/lib/roken/roken.mak
new file mode 100644
index 0000000..da9a834
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken.mak
@@ -0,0 +1,316 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on roken.dsp
+!IF "$(CFG)" == ""
+CFG=roken - Win32 Release
+!MESSAGE No configuration specified. Defaulting to roken - Win32 Release.
+!ENDIF 
+
+!IF "$(CFG)" != "roken - Win32 Release" && "$(CFG)" != "roken - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line.  For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "roken.mak" CFG="roken - Win32 Release"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "roken - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "roken - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE 
+!ERROR An invalid configuration is specified.
+!ENDIF 
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE 
+NULL=nul
+!ENDIF 
+
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "roken - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+# Begin Custom Macros
+OutDir=.\.\Release
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0" 
+
+ALL : "$(OUTDIR)\roken.dll"
+
+!ELSE 
+
+ALL : "$(OUTDIR)\roken.dll"
+
+!ENDIF 
+
+CLEAN : 
+	-@erase "$(INTDIR)\base64.obj"
+	-@erase "$(INTDIR)\concat.obj"
+	-@erase "$(INTDIR)\gettimeofday.obj"
+	-@erase "$(INTDIR)\getuid.obj"
+	-@erase "$(INTDIR)\resolve.obj"
+	-@erase "$(INTDIR)\roken.res"
+	-@erase "$(INTDIR)\snprintf.obj"
+	-@erase "$(INTDIR)\strcasecmp.obj"
+	-@erase "$(INTDIR)\strtok_r.obj"
+	-@erase "$(INTDIR)\vc50.idb"
+	-@erase "$(OUTDIR)\roken.dll"
+	-@erase "$(OUTDIR)\roken.exp"
+	-@erase "$(OUTDIR)\roken.lib"
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MT /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I\
+ "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D\
+ "HAVE_CONFIG_H" /Fp"$(INTDIR)\roken.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\"\
+ /FD /c 
+CPP_OBJS=.\Release/
+CPP_SBRS=.
+MTL_PROJ=/nologo /D "NDEBUG" /mktyplib203 /win32 
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\roken.res" /d "NDEBUG" 
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\roken.bsc" 
+BSC32_SBRS= \
+	
+LINK32=link.exe
+LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\
+ advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo\
+ /base:"0x68e7780" /subsystem:windows /dll /incremental:no\
+ /pdb:"$(OUTDIR)\roken.pdb" /machine:I386 /def:".\roken.def"\
+ /out:"$(OUTDIR)\roken.dll" /implib:"$(OUTDIR)\roken.lib" 
+DEF_FILE= \
+	".\roken.def"
+LINK32_OBJS= \
+	"$(INTDIR)\base64.obj" \
+	"$(INTDIR)\concat.obj" \
+	"$(INTDIR)\gettimeofday.obj" \
+	"$(INTDIR)\getuid.obj" \
+	"$(INTDIR)\resolve.obj" \
+	"$(INTDIR)\roken.res" \
+	"$(INTDIR)\snprintf.obj" \
+	"$(INTDIR)\strcasecmp.obj" \
+	"$(INTDIR)\strtok_r.obj"
+
+"$(OUTDIR)\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+
+!ELSEIF  "$(CFG)" == "roken - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\.\Debug
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0" 
+
+ALL : "$(OUTDIR)\roken.dll"
+
+!ELSE 
+
+ALL : "$(OUTDIR)\roken.dll"
+
+!ENDIF 
+
+CLEAN : 
+	-@erase "$(INTDIR)\base64.obj"
+	-@erase "$(INTDIR)\concat.obj"
+	-@erase "$(INTDIR)\gettimeofday.obj"
+	-@erase "$(INTDIR)\getuid.obj"
+	-@erase "$(INTDIR)\resolve.obj"
+	-@erase "$(INTDIR)\roken.res"
+	-@erase "$(INTDIR)\snprintf.obj"
+	-@erase "$(INTDIR)\strcasecmp.obj"
+	-@erase "$(INTDIR)\strtok_r.obj"
+	-@erase "$(INTDIR)\vc50.idb"
+	-@erase "$(INTDIR)\vc50.pdb"
+	-@erase "$(OUTDIR)\roken.dll"
+	-@erase "$(OUTDIR)\roken.exp"
+	-@erase "$(OUTDIR)\roken.ilk"
+	-@erase "$(OUTDIR)\roken.lib"
+	-@erase "$(OUTDIR)\roken.pdb"
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP_PROJ=/nologo /MDd /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I\
+ "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D\
+ "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)\roken.pch" /YX /Fo"$(INTDIR)\\"\
+ /Fd"$(INTDIR)\\" /FD /c 
+CPP_OBJS=.\Debug/
+CPP_SBRS=.
+MTL_PROJ=/nologo /D "_DEBUG" /mktyplib203 /win32 
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\roken.res" /d "_DEBUG" 
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\roken.bsc" 
+BSC32_SBRS= \
+	
+LINK32=link.exe
+LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\
+ advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo\
+ /subsystem:windows /dll /incremental:yes /pdb:"$(OUTDIR)\roken.pdb" /debug\
+ /machine:I386 /def:".\roken.def" /out:"$(OUTDIR)\roken.dll"\
+ /implib:"$(OUTDIR)\roken.lib" 
+LINK32_OBJS= \
+	"$(INTDIR)\base64.obj" \
+	"$(INTDIR)\concat.obj" \
+	"$(INTDIR)\gettimeofday.obj" \
+	"$(INTDIR)\getuid.obj" \
+	"$(INTDIR)\resolve.obj" \
+	"$(INTDIR)\roken.res" \
+	"$(INTDIR)\snprintf.obj" \
+	"$(INTDIR)\strcasecmp.obj" \
+	"$(INTDIR)\strtok_r.obj"
+
+"$(OUTDIR)\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+
+!ENDIF 
+
+.c{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+
+!IF "$(CFG)" == "roken - Win32 Release" || "$(CFG)" == "roken - Win32 Debug"
+SOURCE=.\base64.c
+DEP_CPP_BASE6=\
+	"..\..\include\win32\config.h"\
+	".\base64.h"\
+
+
+"$(INTDIR)\base64.obj" : $(SOURCE) $(DEP_CPP_BASE6) "$(INTDIR)"
+
+
+SOURCE=.\concat.c
+DEP_CPP_CONCA=\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\roken.h"\
+	".\err.h"\
+	".\roken-common.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\concat.obj" : $(SOURCE) $(DEP_CPP_CONCA) "$(INTDIR)"
+
+
+SOURCE=.\gettimeofday.c
+DEP_CPP_GETTI=\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\roken.h"\
+	".\err.h"\
+	".\roken-common.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\gettimeofday.obj" : $(SOURCE) $(DEP_CPP_GETTI) "$(INTDIR)"
+
+
+SOURCE=.\getuid.c
+DEP_CPP_GETUI=\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\roken.h"\
+	".\err.h"\
+	".\roken-common.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\getuid.obj" : $(SOURCE) $(DEP_CPP_GETUI) "$(INTDIR)"
+
+
+SOURCE=.\resolve.c
+DEP_CPP_RESOL=\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\roken.h"\
+	".\err.h"\
+	".\resolve.h"\
+	".\roken-common.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)"
+
+
+SOURCE=.\snprintf.c
+DEP_CPP_SNPRI=\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\roken.h"\
+	".\err.h"\
+	".\roken-common.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\snprintf.obj" : $(SOURCE) $(DEP_CPP_SNPRI) "$(INTDIR)"
+
+
+SOURCE=.\strcasecmp.c
+DEP_CPP_STRCA=\
+	"..\..\include\win32\config.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\strcasecmp.obj" : $(SOURCE) $(DEP_CPP_STRCA) "$(INTDIR)"
+
+
+SOURCE=.\strtok_r.c
+DEP_CPP_STRTO=\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\roken.h"\
+	".\err.h"\
+	".\roken-common.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\strtok_r.obj" : $(SOURCE) $(DEP_CPP_STRTO) "$(INTDIR)"
+
+
+SOURCE=.\roken.rc
+
+"$(INTDIR)\roken.res" : $(SOURCE) "$(INTDIR)"
+	$(RSC) $(RSC_PROJ) $(SOURCE)
+	
+
+
+!ENDIF 
+
diff --git a/crypto/kerberosIV/lib/roken/roken.rc b/crypto/kerberosIV/lib/roken/roken.rc
new file mode 100644
index 0000000..e7e2f3e
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken.rc
@@ -0,0 +1,105 @@
+//Microsoft Developer Studio generated resource script.
+//
+#include "resource.h"
+
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 2 resource.
+//
+#include "afxres.h"
+
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+/////////////////////////////////////////////////////////////////////////////
+// Swedish resources
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_SVE)
+#ifdef _WIN32
+LANGUAGE LANG_SWEDISH, SUBLANG_DEFAULT
+#pragma code_page(1252)
+#endif //_WIN32
+
+#ifdef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// TEXTINCLUDE
+//
+
+1 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "resource.h\0"
+END
+
+2 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "#include ""afxres.h""\r\n"
+    "\0"
+END
+
+3 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "\r\n"
+    "\0"
+END
+
+#endif    // APSTUDIO_INVOKED
+
+
+#ifndef _MAC
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION 1,0,0,1
+ PRODUCTVERSION 1,0,0,1
+ FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+ FILEFLAGS 0x1L
+#else
+ FILEFLAGS 0x0L
+#endif
+ FILEOS 0x40004L
+ FILETYPE 0x2L
+ FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904b0"
+        BEGIN
+            VALUE "CompanyName", "Royal Institute of Technology (KTH)\0"
+            VALUE "FileDescription", "roken\0"
+            VALUE "FileVersion", "4, 0, 9, 9\0"
+            VALUE "InternalName", "roken\0"
+            VALUE "LegalCopyright", "Copyright � 1996 - 1998  Royal Institute of Technology (KTH)\0"
+            VALUE "OriginalFilename", "roken.dll\0"
+            VALUE "ProductName", "KTH Kerberos\0"
+            VALUE "ProductVersion", "4,0,9,9\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
+
+#endif    // !_MAC
+
+#endif    // Swedish resources
+/////////////////////////////////////////////////////////////////////////////
+
+
+
+#ifndef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 3 resource.
+//
+
+
+/////////////////////////////////////////////////////////////////////////////
+#endif    // not APSTUDIO_INVOKED
+
diff --git a/crypto/kerberosIV/lib/roken/roken_gethostby.c b/crypto/kerberosIV/lib/roken/roken_gethostby.c
new file mode 100644
index 0000000..8eb2325
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken_gethostby.c
@@ -0,0 +1,280 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: roken_gethostby.c,v 1.4 1999/12/02 16:58:52 joda Exp $");
+#endif
+
+#include <roken.h>
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#undef roken_gethostbyname
+#undef roken_gethostbyaddr
+
+static struct sockaddr_in dns_addr;
+static char *dns_req;
+
+static int
+make_address(const char *address, struct in_addr *ip)
+{
+    if(inet_aton(address, ip) == 0){
+	/* try to resolve as hostname, it might work if the address we
+           are trying to lookup is local, for instance a web proxy */
+	struct hostent *he = gethostbyname(address);
+	if(he) {
+	    unsigned char *p = (unsigned char*)he->h_addr;
+	    ip->s_addr = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+	} else {
+	    return -1;
+	}
+    }
+    return 0;
+}
+
+static int
+setup_int(const char *proxy_host, short proxy_port,
+	  const char *dns_host, short dns_port,
+	  const char *dns_path)
+{
+    memset(&dns_addr, 0, sizeof(dns_addr));
+    if(dns_req)
+	free(dns_req);
+    if(proxy_host) {
+	if(make_address(proxy_host, &dns_addr.sin_addr) != 0)
+	    return -1;
+	dns_addr.sin_port = htons(proxy_port);
+	asprintf(&dns_req, "http://%s:%d%s", dns_host, dns_port, dns_path);
+    } else {
+	if(make_address(dns_host, &dns_addr.sin_addr) != 0)
+	    return -1;
+	dns_addr.sin_port = htons(dns_port);
+	asprintf(&dns_req, "%s", dns_path);
+    }
+    dns_addr.sin_family = AF_INET;
+    return 0;
+}
+
+static void
+split_spec(const char *spec, char **host, int *port, char **path, int def_port)
+{
+    char *p;
+    *host = strdup(spec);
+    p = strchr(*host, ':');
+    if(p) {
+	*p++ = '\0';
+	if(sscanf(p, "%d", port) != 1)
+	    *port = def_port;
+    } else
+	*port = def_port;
+    p = strchr(p ? p : *host, '/');
+    if(p) {
+	if(path) 
+	    *path = strdup(p);
+	*p = '\0';
+    }else
+	if(path) 
+	    *path = NULL;
+}
+
+
+int
+roken_gethostby_setup(const char *proxy_spec, const char *dns_spec)
+{
+    char *proxy_host = NULL;
+    int proxy_port;
+    char *dns_host, *dns_path;
+    int dns_port;
+    
+    int ret = -1;
+    
+    split_spec(dns_spec, &dns_host, &dns_port, &dns_path, 80);
+    if(dns_path == NULL)
+	goto out;
+    if(proxy_spec)
+	split_spec(proxy_spec, &proxy_host, &proxy_port, NULL, 80);
+    ret = setup_int(proxy_host, proxy_port, dns_host, dns_port, dns_path);
+out:
+    free(proxy_host);
+    free(dns_host);
+    free(dns_path);
+    return ret;
+}
+    
+
+/* Try to lookup a name or an ip-address using http as transport
+   mechanism. See the end of this file for an example program. */
+static struct hostent*
+roken_gethostby(const char *hostname)
+{
+    int s;
+    struct sockaddr_in sin;
+    char *request;
+    char buf[1024];
+    int offset = 0;
+    int n;
+    char *p, *foo;
+    
+    if(dns_addr.sin_family == 0)
+	return NULL; /* no configured host */
+    sin = dns_addr;
+    asprintf(&request, "GET %s?%s HTTP/1.0\r\n\r\n", dns_req, hostname);
+    if(request == NULL)
+	return NULL;
+    s  = socket(AF_INET, SOCK_STREAM, 0);
+    if(s < 0) {
+	free(request);
+	return NULL;
+    }
+    if(connect(s, (struct sockaddr*)&sin, sizeof(sin)) < 0) {
+	close(s);
+	free(request);
+	return NULL;
+    }
+    if(write(s, request, strlen(request)) != strlen(request)) {
+	close(s);
+	free(request);
+	return NULL;
+    }
+    free(request);
+    while(1) {
+	n = read(s, buf + offset, sizeof(buf) - offset);
+	if(n <= 0)
+	    break;
+	offset += n;
+    }
+    buf[offset] = '\0';
+    close(s);
+    p = strstr(buf, "\r\n\r\n"); /* find end of header */
+    if(p) p += 4;
+    else return NULL;
+    foo = NULL;
+    p = strtok_r(p, " \t\r\n", &foo);
+    if(p == NULL)
+	return NULL;
+    {
+	/* make a hostent to return */
+#define MAX_ADDRS 16
+	static struct hostent he;
+	static char addrs[4 * MAX_ADDRS];
+	static char *addr_list[MAX_ADDRS];
+	int num_addrs = 0;
+	
+	he.h_name = p;
+	he.h_aliases = NULL;
+	he.h_addrtype = AF_INET;
+	he.h_length = 4;
+	
+	while((p = strtok_r(NULL, " \t\r\n", &foo)) && num_addrs < MAX_ADDRS) {
+	    struct in_addr ip;
+	    inet_aton(p, &ip);
+	    ip.s_addr = ntohl(ip.s_addr);
+	    addr_list[num_addrs] = &addrs[num_addrs * 4];
+	    addrs[num_addrs * 4 + 0] = (ip.s_addr >> 24) & 0xff;
+	    addrs[num_addrs * 4 + 1] = (ip.s_addr >> 16) & 0xff;
+	    addrs[num_addrs * 4 + 2] = (ip.s_addr >> 8) & 0xff;
+	    addrs[num_addrs * 4 + 3] = (ip.s_addr >> 0) & 0xff;
+	    addr_list[++num_addrs] = NULL;
+	}
+	he.h_addr_list = addr_list;
+	return &he;
+    }
+}
+
+struct hostent*
+roken_gethostbyname(const char *hostname)
+{
+    struct hostent *he;
+    he = gethostbyname(hostname);
+    if(he)
+	return he;
+    return roken_gethostby(hostname);
+}
+
+struct hostent*
+roken_gethostbyaddr(const void *addr, size_t len, int type)
+{
+    struct in_addr a;
+    const char *p;
+    struct hostent *he;
+    he = gethostbyaddr(addr, len, type);
+    if(he)
+	return he;
+    if(type != AF_INET || len != 4)
+	return NULL;
+    p = addr;
+    a.s_addr = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
+    return roken_gethostby(inet_ntoa(a));
+}
+
+#if 0
+
+/* this program can be used as a cgi `script' to lookup names and
+   ip-addresses */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <netdb.h>
+#include <sys/param.h>
+
+int
+main(int argc, char **argv)
+{
+    char *query = getenv("QUERY_STRING");
+    char host[MAXHOSTNAMELEN];
+    int i;
+    struct hostent *he;
+    
+    printf("Content-type: text/plain\n\n");
+    if(query == NULL)
+	exit(0);
+    he = gethostbyname(query);
+    strncpy(host, he->h_name, sizeof(host));
+    host[sizeof(host) - 1] = '\0';
+    he = gethostbyaddr(he->h_addr, he->h_length, AF_INET);
+    printf("%s\n", he->h_name);
+    for(i = 0; he->h_addr_list[i]; i++) {
+	struct in_addr ip;
+	unsigned char *p = (unsigned char*)he->h_addr_list[i];
+	ip.s_addr = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
+	printf("%s\n", inet_ntoa(ip));
+    }
+    exit(0);
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/sendmsg.c b/crypto/kerberosIV/lib/roken/sendmsg.c
new file mode 100644
index 0000000..7075bf2
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/sendmsg.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: sendmsg.c,v 1.4 1999/12/02 16:58:52 joda Exp $");
+#endif
+
+#include "roken.h"
+
+ssize_t
+sendmsg(int s, const struct msghdr *msg, int flags)
+{
+    ssize_t ret;
+    size_t tot = 0;
+    int i;
+    char *buf, *p;
+    struct iovec *iov = msg->msg_iov;
+
+    for(i = 0; i < msg->msg_iovlen; ++i)
+	tot += iov[i].iov_len;
+    buf = malloc(tot);
+    if (tot != 0 && buf == NULL) {
+	errno = ENOMEM;
+	return -1;
+    }
+    p = buf;
+    for (i = 0; i < msg->msg_iovlen; ++i) {
+	memcpy (p, iov[i].iov_base, iov[i].iov_len);
+	p += iov[i].iov_len;
+    }
+    ret = sendto (s, buf, tot, flags, msg->msg_name, msg->msg_namelen);
+    free (buf);
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/setegid.c b/crypto/kerberosIV/lib/roken/setegid.c
new file mode 100644
index 0000000..2f46fe4
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/setegid.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: setegid.c,v 1.9 1999/12/02 16:58:52 joda Exp $");
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "roken.h"
+
+int
+setegid(gid_t egid)
+{
+#ifdef HAVE_SETREGID
+    return setregid(-1, egid);
+#endif
+
+#ifdef HAVE_SETRESGID
+    return setresgid(-1, egid, -1);
+#endif
+
+    return -1;
+}
diff --git a/crypto/kerberosIV/lib/roken/setenv.c b/crypto/kerberosIV/lib/roken/setenv.c
new file mode 100644
index 0000000..15b5811
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/setenv.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: setenv.c,v 1.9 1999/12/02 16:58:52 joda Exp $");
+#endif
+
+#include "roken.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+/*
+ * This is the easy way out, use putenv to implement setenv. We might
+ * leak some memory but that is ok since we are usally about to exec
+ * anyway.
+ */
+
+int
+setenv(const char *var, const char *val, int rewrite)
+{
+    char *t;
+
+    if (!rewrite && getenv(var) != 0)
+	return 0;
+  
+    asprintf (&t, "%s=%s", var, val);
+    if (t == NULL)
+	return -1;
+
+    if (putenv(t) == 0)
+	return 0;
+    else
+	return -1;
+}
diff --git a/crypto/kerberosIV/lib/roken/seteuid.c b/crypto/kerberosIV/lib/roken/seteuid.c
new file mode 100644
index 0000000..ee68ba7
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/seteuid.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: seteuid.c,v 1.10 1999/12/02 16:58:52 joda Exp $");
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "roken.h"
+
+int
+seteuid(uid_t euid)
+{
+#ifdef HAVE_SETREUID
+    return setreuid(-1, euid);
+#endif
+
+#ifdef HAVE_SETRESUID
+    return setresuid(-1, euid, -1);
+#endif
+
+    return -1;
+}
diff --git a/crypto/kerberosIV/lib/roken/signal.c b/crypto/kerberosIV/lib/roken/signal.c
new file mode 100644
index 0000000..c26f72f
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/signal.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: signal.c,v 1.9 1999/12/02 16:58:52 joda Exp $");
+#endif
+
+#include <signal.h>
+
+/*
+ * We would like to always use this signal but there is a link error
+ * on NEXTSTEP
+ */
+#ifndef NeXT
+/*
+ * Bugs:
+ *
+ * Do we need any extra hacks for SIGCLD and/or SIGCHLD?
+ */
+
+typedef RETSIGTYPE (*SigAction)(/* int??? */);
+
+SigAction
+signal(int iSig, SigAction pAction)
+{
+    struct sigaction saNew, saOld;
+
+    saNew.sa_handler = pAction;
+    sigemptyset(&saNew.sa_mask);
+    saNew.sa_flags = 0;
+
+    if (iSig == SIGALRM)
+	{
+#ifdef SA_INTERRUPT
+	    saNew.sa_flags |= SA_INTERRUPT;
+#endif
+	}
+    else
+	{
+#ifdef SA_RESTART
+	    saNew.sa_flags |= SA_RESTART;
+#endif
+	}
+
+    if (sigaction(iSig, &saNew, &saOld) < 0)
+	return(SIG_ERR);
+
+    return(saOld.sa_handler);
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/simple_exec.c b/crypto/kerberosIV/lib/roken/simple_exec.c
new file mode 100644
index 0000000..426f494
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/simple_exec.c
@@ -0,0 +1,171 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: simple_exec.c,v 1.6 1999/12/02 16:58:52 joda Exp $");
+#endif
+
+#include <stdarg.h>
+#include <stdlib.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <errno.h>
+
+#include <roken.h>
+
+#define EX_NOEXEC	126
+#define EX_NOTFOUND	127
+
+/* return values:
+   -1   on `unspecified' system errors
+   -2   on fork failures
+   -3   on waitpid errors
+   0-   is return value from subprocess
+   126  if the program couldn't be executed
+   127  if the program couldn't be found
+   128- is 128 + signal that killed subprocess
+   */
+
+static int
+check_status(pid_t pid)
+{
+    while(1) {
+	int status;
+
+	while(waitpid(pid, &status, 0) < 0)
+	    if (errno != EINTR)
+		return -3;
+	if(WIFSTOPPED(status))
+	    continue;
+	if(WIFEXITED(status))
+	    return WEXITSTATUS(status);
+	if(WIFSIGNALED(status))
+	    return WTERMSIG(status) + 128;
+    }
+}
+
+int
+simple_execvp(const char *file, char *const args[])
+{
+    pid_t pid = fork();
+    switch(pid){
+    case -1:
+	return -2;
+    case 0:
+	execvp(file, args);
+	exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
+    default: 
+	return check_status(pid);
+    }
+}
+
+/* gee, I'd like a execvpe */
+int
+simple_execve(const char *file, char *const args[], char *const envp[])
+{
+    pid_t pid = fork();
+    switch(pid){
+    case -1:
+	return -2;
+    case 0:
+	execve(file, args, envp);
+	exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
+    default: 
+	return check_status(pid);
+    }
+}
+
+static char **
+collect_args(va_list *ap)
+{
+    char **argv = NULL;
+    int argc = 0, i = 0;
+    do {
+	if(i == argc) {
+	    /* realloc argv */
+	    char **tmp = realloc(argv, (argc + 5) * sizeof(*argv));
+	    if(tmp == NULL) {
+		errno = ENOMEM;
+		return NULL;
+	    }
+	    argv = tmp;
+	    argc += 5;
+	}
+	argv[i++] = va_arg(*ap, char*);
+    } while(argv[i - 1] != NULL);
+    return argv;
+}
+
+int
+simple_execlp(const char *file, ...)
+{
+    va_list ap;
+    char **argv;
+    int ret;
+
+    va_start(ap, file);
+    argv = collect_args(&ap);
+    va_end(ap);
+    if(argv == NULL)
+	return -1;
+    ret = simple_execvp(file, argv);
+    free(argv);
+    return ret;
+}
+
+int
+simple_execle(const char *file, ... /* ,char *const envp[] */)
+{
+    va_list ap;
+    char **argv;
+    char *const* envp;
+    int ret;
+
+    va_start(ap, file);
+    argv = collect_args(&ap);
+    envp = va_arg(ap, char **);
+    va_end(ap);
+    if(argv == NULL)
+	return -1;
+    ret = simple_execve(file, argv, envp);
+    free(argv);
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/snprintf.c b/crypto/kerberosIV/lib/roken/snprintf.c
new file mode 100644
index 0000000..0333e87
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/snprintf.c
@@ -0,0 +1,619 @@
+/*
+ * Copyright (c) 1995-1997, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: snprintf.c,v 1.24 1999/12/02 16:58:52 joda Exp $");
+#endif
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <roken.h>
+
+enum format_flags {
+    minus_flag     =  1,
+    plus_flag      =  2,
+    space_flag     =  4,
+    alternate_flag =  8,
+    zero_flag      = 16
+};
+
+/*
+ * Common state
+ */
+
+struct state {
+  unsigned char *str;
+  unsigned char *s;
+  unsigned char *theend;
+  size_t sz;
+  size_t max_sz;
+  int (*append_char)(struct state *, unsigned char);
+  int (*reserve)(struct state *, size_t);
+  /* XXX - methods */
+};
+
+#ifndef HAVE_VSNPRINTF
+static int
+sn_reserve (struct state *state, size_t n)
+{
+  return state->s + n > state->theend;
+}
+
+static int
+sn_append_char (struct state *state, unsigned char c)
+{
+  if (sn_reserve (state, 1)) {
+    return 1;
+  } else {
+    *state->s++ = c;
+    return 0;
+  }
+}
+#endif
+
+static int
+as_reserve (struct state *state, size_t n)
+{
+  if (state->s + n > state->theend) {
+    int off = state->s - state->str;
+    unsigned char *tmp;
+
+    if (state->max_sz && state->sz >= state->max_sz)
+      return 1;
+
+    state->sz = max(state->sz * 2, state->sz + n);
+    if (state->max_sz)
+      state->sz = min(state->sz, state->max_sz);
+    tmp = realloc (state->str, state->sz);
+    if (tmp == NULL)
+      return 1;
+    state->str = tmp;
+    state->s = state->str + off;
+    state->theend = state->str + state->sz - 1;
+  }
+  return 0;
+}
+
+static int
+as_append_char (struct state *state, unsigned char c)
+{
+  if(as_reserve (state, 1))
+    return 1;
+  else {
+    *state->s++ = c;
+    return 0;
+  }
+}
+
+static int
+append_number(struct state *state,
+	      unsigned long num, unsigned base, char *rep,
+	      int width, int prec, int flags, int minusp)
+{
+  int len = 0;
+  int i;
+
+  /* given precision, ignore zero flag */
+  if(prec != -1)
+    flags &= ~zero_flag;
+  else
+    prec = 1;
+  /* zero value with zero precision -> "" */
+  if(prec == 0 && num == 0)
+    return 0;
+  do{
+    if((*state->append_char)(state, rep[num % base]))
+      return 1;
+    len++;
+    num /= base;
+  }while(num);
+  prec -= len;
+  /* pad with prec zeros */
+  while(prec-- > 0){
+    if((*state->append_char)(state, '0'))
+      return 1;
+    len++;
+  }
+  /* add length of alternate prefix (added later) to len */
+  if(flags & alternate_flag && (base == 16 || base == 8))
+    len += base / 8;
+  /* pad with zeros */
+  if(flags & zero_flag){
+    width -= len;
+    if(minusp || (flags & space_flag) || (flags & plus_flag))
+      width--;
+    while(width-- > 0){
+      if((*state->append_char)(state, '0'))
+	return 1;
+      len++;
+    }
+  }
+  /* add alternate prefix */
+  if(flags & alternate_flag && (base == 16 || base == 8)){
+    if(base == 16)
+      if((*state->append_char)(state, rep[10] + 23)) /* XXX */
+	return 1;
+    if((*state->append_char)(state, '0'))
+      return 1;
+  }
+  /* add sign */
+  if(minusp){
+    if((*state->append_char)(state, '-'))
+      return 1;
+    len++;
+  } else if(flags & plus_flag) {
+    if((*state->append_char)(state, '+'))
+      return 1;
+    len++;
+  } else if(flags & space_flag) {
+    if((*state->append_char)(state, ' '))
+      return 1;
+    len++;
+  }
+  if(flags & minus_flag)
+    /* swap before padding with spaces */
+    for(i = 0; i < len / 2; i++){
+      char c = state->s[-i-1];
+      state->s[-i-1] = state->s[-len+i];
+      state->s[-len+i] = c;
+    }
+  width -= len;
+  while(width-- > 0){
+    if((*state->append_char)(state,  ' '))
+      return 1;
+    len++;
+  }
+  if(!(flags & minus_flag))
+    /* swap after padding with spaces */
+    for(i = 0; i < len / 2; i++){
+      char c = state->s[-i-1];
+      state->s[-i-1] = state->s[-len+i];
+      state->s[-len+i] = c;
+    }
+    
+  return 0;
+}
+
+static int
+append_string (struct state *state,
+	       unsigned char *arg,
+	       int width,
+	       int prec,
+	       int flags)
+{
+  if(prec != -1)
+    width -= prec;
+  else
+    width -= strlen((char *)arg);
+  if(!(flags & minus_flag))
+    while(width-- > 0)
+      if((*state->append_char) (state, ' '))
+	return 1;
+  if (prec != -1) {
+    while (*arg && prec--)
+      if ((*state->append_char) (state, *arg++))
+	return 1;
+  } else {
+    while (*arg)
+      if ((*state->append_char) (state, *arg++))
+	return 1;
+  }
+  if(flags & minus_flag)
+    while(width-- > 0)
+      if((*state->append_char) (state, ' '))
+	return 1;
+  return 0;
+}
+
+static int
+append_char(struct state *state,
+	    unsigned char arg,
+	    int width,
+	    int flags)
+{
+  while(!(flags & minus_flag) && --width > 0)
+    if((*state->append_char) (state, ' '))
+      return 1;
+    
+  if((*state->append_char) (state, arg))
+    return 1;
+  while((flags & minus_flag) && --width > 0)
+    if((*state->append_char) (state, ' '))
+      return 1;
+    
+  return 0;
+}
+
+/*
+ * This can't be made into a function...
+ */
+
+#define PARSE_INT_FORMAT(res, arg, unsig) \
+if (long_flag) \
+     res = (unsig long)va_arg(arg, unsig long); \
+else if (short_flag) \
+     res = (unsig short)va_arg(arg, unsig short); \
+else \
+     res = (unsig int)va_arg(arg, unsig int)
+
+/*
+ * zyxprintf - return 0 or -1
+ */
+
+static int
+xyzprintf (struct state *state, const char *char_format, va_list ap)
+{
+  const unsigned char *format = (const unsigned char *)char_format;
+  unsigned char c;
+
+  while((c = *format++)) {
+    if (c == '%') {
+      int flags      = 0;
+      int width      = 0;
+      int prec       = -1;
+      int long_flag  = 0;
+      int short_flag = 0;
+
+      /* flags */
+      while((c = *format++)){
+	if(c == '-')
+	  flags |= minus_flag;
+	else if(c == '+')
+	  flags |= plus_flag;
+	else if(c == ' ')
+	  flags |= space_flag;
+	else if(c == '#')
+	  flags |= alternate_flag;
+	else if(c == '0')
+	  flags |= zero_flag;
+	else
+	  break;
+      }
+      
+      if((flags & space_flag) && (flags & plus_flag))
+	flags ^= space_flag;
+
+      if((flags & minus_flag) && (flags & zero_flag))
+	flags ^= zero_flag;
+
+      /* width */
+      if (isdigit(c))
+	do {
+	  width = width * 10 + c - '0';
+	  c = *format++;
+	} while(isdigit(c));
+      else if(c == '*') {
+	width = va_arg(ap, int);
+	c = *format++;
+      }
+
+      /* precision */
+      if (c == '.') {
+	prec = 0;
+	c = *format++;
+	if (isdigit(c))
+	  do {
+	    prec = prec * 10 + c - '0';
+	    c = *format++;
+	  } while(isdigit(c));
+	else if (c == '*') {
+	  prec = va_arg(ap, int);
+	  c = *format++;
+	}
+      }
+
+      /* size */
+
+      if (c == 'h') {
+	short_flag = 1;
+	c = *format++;
+      } else if (c == 'l') {
+	long_flag = 1;
+	c = *format++;
+      }
+
+      switch (c) {
+      case 'c' :
+	if(append_char(state, va_arg(ap, int), width, flags))
+	  return -1;
+	break;
+      case 's' :
+	if (append_string(state,
+			  va_arg(ap, unsigned char*),
+			  width,
+			  prec, 
+			  flags))
+	  return -1;
+	break;
+      case 'd' :
+      case 'i' : {
+	long arg;
+	unsigned long num;
+	int minusp = 0;
+
+	PARSE_INT_FORMAT(arg, ap, signed);
+
+	if (arg < 0) {
+	  minusp = 1;
+	  num = -arg;
+	} else
+	  num = arg;
+
+	if (append_number (state, num, 10, "0123456789",
+			   width, prec, flags, minusp))
+	  return -1;
+	break;
+      }
+      case 'u' : {
+	unsigned long arg;
+
+	PARSE_INT_FORMAT(arg, ap, unsigned);
+
+	if (append_number (state, arg, 10, "0123456789",
+			   width, prec, flags, 0))
+	  return -1;
+	break;
+      }
+      case 'o' : {
+	unsigned long arg;
+
+	PARSE_INT_FORMAT(arg, ap, unsigned);
+
+	if (append_number (state, arg, 010, "01234567",
+			   width, prec, flags, 0))
+	  return -1;
+	break;
+      }
+      case 'x' : {
+	unsigned long arg;
+
+	PARSE_INT_FORMAT(arg, ap, unsigned);
+
+	if (append_number (state, arg, 0x10, "0123456789abcdef",
+			   width, prec, flags, 0))
+	  return -1;
+	break;
+      }
+      case 'X' :{
+	unsigned long arg;
+
+	PARSE_INT_FORMAT(arg, ap, unsigned);
+
+	if (append_number (state, arg, 0x10, "0123456789ABCDEF",
+			   width, prec, flags, 0))
+	  return -1;
+	break;
+      }
+      case 'p' : {
+	unsigned long arg = (unsigned long)va_arg(ap, void*);
+
+	if (append_number (state, arg, 0x10, "0123456789ABCDEF",
+			   width, prec, flags, 0))
+	  return -1;
+	break;
+      }
+      case 'n' : {
+	int *arg = va_arg(ap, int*);
+	*arg = state->s - state->str;
+	break;
+      }
+      case '\0' :
+	  --format;
+	  /* FALLTHROUGH */
+      case '%' :
+	if ((*state->append_char)(state, c))
+	  return -1;
+	break;
+      default :
+	if (   (*state->append_char)(state, '%')
+	    || (*state->append_char)(state, c))
+	  return -1;
+	break;
+      }
+    } else
+      if ((*state->append_char) (state, c))
+	return -1;
+  }
+  return 0;
+}
+
+#ifndef HAVE_SNPRINTF
+int
+snprintf (char *str, size_t sz, const char *format, ...)
+{
+  va_list args;
+  int ret;
+
+  va_start(args, format);
+  ret = vsnprintf (str, sz, format, args);
+
+#ifdef PARANOIA
+  {
+    int ret2;
+    char *tmp;
+
+    tmp = malloc (sz);
+    if (tmp == NULL)
+      abort ();
+
+    ret2 = vsprintf (tmp, format, args);
+    if (ret != ret2 || strcmp(str, tmp))
+      abort ();
+    free (tmp);
+  }
+#endif
+
+  va_end(args);
+  return ret;
+}
+#endif
+
+#ifndef HAVE_ASPRINTF
+int
+asprintf (char **ret, const char *format, ...)
+{
+  va_list args;
+  int val;
+
+  va_start(args, format);
+  val = vasprintf (ret, format, args);
+
+#ifdef PARANOIA
+  {
+    int ret2;
+    char *tmp;
+    tmp = malloc (val + 1);
+    if (tmp == NULL)
+      abort ();
+
+    ret2 = vsprintf (tmp, format, args);
+    if (val != ret2 || strcmp(*ret, tmp))
+      abort ();
+    free (tmp);
+  }
+#endif
+
+  va_end(args);
+  return val;
+}
+#endif
+
+#ifndef HAVE_ASNPRINTF
+int
+asnprintf (char **ret, size_t max_sz, const char *format, ...)
+{
+  va_list args;
+  int val;
+
+  va_start(args, format);
+  val = vasnprintf (ret, max_sz, format, args);
+
+#ifdef PARANOIA
+  {
+    int ret2;
+    char *tmp;
+    tmp = malloc (val + 1);
+    if (tmp == NULL)
+      abort ();
+
+    ret2 = vsprintf (tmp, format, args);
+    if (val != ret2 || strcmp(*ret, tmp))
+      abort ();
+    free (tmp);
+  }
+#endif
+
+  va_end(args);
+  return val;
+}
+#endif
+
+#ifndef HAVE_VASPRINTF
+int
+vasprintf (char **ret, const char *format, va_list args)
+{
+  return vasnprintf (ret, 0, format, args);
+}
+#endif
+
+
+#ifndef HAVE_VASNPRINTF
+int
+vasnprintf (char **ret, size_t max_sz, const char *format, va_list args)
+{
+  int st;
+  size_t len;
+  struct state state;
+
+  state.max_sz = max_sz;
+  state.sz     = 1;
+  state.str    = malloc(state.sz);
+  if (state.str == NULL) {
+    *ret = NULL;
+    return -1;
+  }
+  state.s = state.str;
+  state.theend = state.s + state.sz - 1;
+  state.append_char = as_append_char;
+  state.reserve     = as_reserve;
+
+  st = xyzprintf (&state, format, args);
+  if (st) {
+    free (state.str);
+    *ret = NULL;
+    return -1;
+  } else {
+    char *tmp;
+
+    *state.s = '\0';
+    len = state.s - state.str;
+    tmp = realloc (state.str, len+1);
+    if (tmp == NULL) {
+      free (state.str);
+      *ret = NULL;
+      return -1;
+    }
+    *ret = tmp;
+    return len;
+  }
+}
+#endif
+
+#ifndef HAVE_VSNPRINTF
+int
+vsnprintf (char *str, size_t sz, const char *format, va_list args)
+{
+  struct state state;
+  int ret;
+  unsigned char *ustr = (unsigned char *)str;
+
+  state.max_sz = 0;
+  state.sz     = sz;
+  state.str    = ustr;
+  state.s      = ustr;
+  state.theend = ustr + sz - 1;
+  state.append_char = sn_append_char;
+  state.reserve     = sn_reserve;
+
+  ret = xyzprintf (&state, format, args);
+  *state.s = '\0';
+  if (ret)
+    return sz;
+  else
+    return state.s - state.str;
+}
+#endif
+
diff --git a/crypto/kerberosIV/lib/roken/socket.c b/crypto/kerberosIV/lib/roken/socket.c
new file mode 100644
index 0000000..6e9c3df
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/socket.c
@@ -0,0 +1,282 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: socket.c,v 1.3 1999/12/02 16:58:52 joda Exp $");
+#endif
+
+#include <string.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IP_H
+#include <netinet/ip.h>
+#endif
+
+#include <roken.h>
+
+#include <err.h>
+
+/*
+ * Set `sa' to the unitialized address of address family `af'
+ */
+
+void
+socket_set_any (struct sockaddr *sa, int af)
+{
+    switch (af) {
+    case AF_INET : {
+	struct sockaddr_in *sin = (struct sockaddr_in *)sa;
+
+	memset (sin, 0, sizeof(*sin));
+	sin->sin_family = AF_INET;
+	sin->sin_port   = 0;
+	sin->sin_addr.s_addr = INADDR_ANY;
+	break;
+    }
+#ifdef HAVE_IPV6
+    case AF_INET6 : {
+	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
+
+	memset (sin6, 0, sizeof(*sin6));
+	sin6->sin6_family = AF_INET6;
+	sin6->sin6_port   = 0;
+	sin6->sin6_addr   = in6addr_any;
+	break;
+    }
+#endif
+    default :
+	errx (1, "unknown address family %d", sa->sa_family);
+	break;
+    }
+}
+
+/*
+ * set `sa' to (`ptr', `port')
+ */
+
+void
+socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port)
+{
+    switch (sa->sa_family) {
+    case AF_INET : {
+	struct sockaddr_in *sin = (struct sockaddr_in *)sa;
+
+	memset (sin, 0, sizeof(*sin));
+	sin->sin_family = AF_INET;
+	sin->sin_port   = port;
+	memcpy (&sin->sin_addr, ptr, sizeof(struct in_addr));
+	break;
+    }
+#ifdef HAVE_IPV6
+    case AF_INET6 : {
+	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
+
+	memset (sin6, 0, sizeof(*sin6));
+	sin6->sin6_family = AF_INET6;
+	sin6->sin6_port   = port;
+	memcpy (&sin6->sin6_addr, ptr, sizeof(struct in6_addr));
+	break;
+    }
+#endif
+    default :
+	errx (1, "unknown address family %d", sa->sa_family);
+	break;
+    }
+}
+
+/*
+ * Return the size of an address of the type in `sa'
+ */
+
+size_t
+socket_addr_size (const struct sockaddr *sa)
+{
+    switch (sa->sa_family) {
+    case AF_INET :
+	return sizeof(struct in_addr);
+#ifdef HAVE_IPV6
+    case AF_INET6 :
+	return sizeof(struct in6_addr);
+#endif
+    default :
+	errx (1, "unknown address family %d", sa->sa_family);
+	break;
+    }
+}
+
+/*
+ * Return the size of a `struct sockaddr' in `sa'.
+ */
+
+size_t
+socket_sockaddr_size (const struct sockaddr *sa)
+{
+    switch (sa->sa_family) {
+    case AF_INET :
+	return sizeof(struct sockaddr_in);
+#ifdef HAVE_IPV6
+    case AF_INET6 :
+	return sizeof(struct sockaddr_in6);
+#endif
+    default :
+	errx (1, "unknown address family %d", sa->sa_family);
+	break;
+    }
+}
+
+/*
+ * Return the binary address of `sa'.
+ */
+
+void *
+socket_get_address (struct sockaddr *sa)
+{
+    switch (sa->sa_family) {
+    case AF_INET : {
+	struct sockaddr_in *sin = (struct sockaddr_in *)sa;
+	return &sin->sin_addr;
+    }
+#ifdef HAVE_IPV6
+    case AF_INET6 : {
+	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
+	return &sin6->sin6_addr;
+    }
+#endif
+    default :
+	errx (1, "unknown address family %d", sa->sa_family);
+	break;
+    }
+}
+
+/*
+ * Return the port number from `sa'.
+ */
+
+int
+socket_get_port (const struct sockaddr *sa)
+{
+    switch (sa->sa_family) {
+    case AF_INET : {
+	const struct sockaddr_in *sin = (const struct sockaddr_in *)sa;
+	return sin->sin_port;
+    }
+#ifdef HAVE_IPV6
+    case AF_INET6 : {
+	const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
+	return sin6->sin6_port;
+    }
+#endif
+    default :
+	errx (1, "unknown address family %d", sa->sa_family);
+	break;
+    }
+}
+
+/*
+ * Set the port in `sa' to `port'.
+ */
+
+void
+socket_set_port (struct sockaddr *sa, int port)
+{
+    switch (sa->sa_family) {
+    case AF_INET : {
+	struct sockaddr_in *sin = (struct sockaddr_in *)sa;
+	sin->sin_port = port;
+	break;
+    }
+#ifdef HAVE_IPV6
+    case AF_INET6 : {
+	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
+	sin6->sin6_port = port;
+	break;
+    }
+#endif
+    default :
+	errx (1, "unknown address family %d", sa->sa_family);
+	break;
+    }
+}
+
+/*
+ * Enable debug on `sock'.
+ */
+
+void
+socket_set_debug (int sock)
+{
+    int on = 1;
+
+#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
+    if (setsockopt (sock, SOL_SOCKET, SO_DEBUG, (void *) &on, sizeof (on)) < 0)
+	warn ("setsockopt SO_DEBUG (ignored)");
+#endif
+}
+
+/*
+ * Set the type-of-service of `sock' to `tos'.
+ */
+
+void
+socket_set_tos (int sock, int tos)
+{
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+    if (setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof (int)) < 0)
+	warn ("setsockopt TOS (ignored)");
+#endif
+}
+
+/*
+ * set the reuse of addresses on `sock' to `val'.
+ */
+
+void
+socket_set_reuseaddr (int sock, int val)
+{
+#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
+    if(setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&val,
+		  sizeof(val)) < 0)
+	err (1, "setsockopt SO_REUSEADDR");
+#endif
+}
diff --git a/crypto/kerberosIV/lib/roken/strcasecmp.c b/crypto/kerberosIV/lib/roken/strcasecmp.c
new file mode 100644
index 0000000..b5e20e7
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strcasecmp.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strcasecmp.c,v 1.9 1999/12/02 16:58:52 joda Exp $");
+#endif
+
+#include <string.h>
+#include <ctype.h>
+#include <stddef.h>
+#include "roken.h"
+
+#ifndef HAVE_STRCASECMP
+
+int
+strcasecmp(const char *s1, const char *s2)
+{
+    while(toupper(*s1) == toupper(*s2)) {
+	if(*s1 == '\0')
+	    return 0;
+	s1++;
+	s2++;
+    }
+    return toupper(*s1) - toupper(*s2);
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/strcat_truncate.c b/crypto/kerberosIV/lib/roken/strcat_truncate.c
new file mode 100644
index 0000000..bbd808d
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strcat_truncate.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      H�gskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+RCSID("$Id: strcat_truncate.c,v 1.2 1998/05/29 18:25:06 joda Exp $");
+
+#ifndef HAVE_STRCAT_TRUNCATE
+
+int
+strcat_truncate (char *dst, const char *src, size_t dst_sz)
+{
+    int len = strlen(dst);
+
+    return len + strcpy_truncate (dst + len, src, dst_sz - len);
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/strcpy_truncate.c b/crypto/kerberosIV/lib/roken/strcpy_truncate.c
new file mode 100644
index 0000000..ba3668b
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strcpy_truncate.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      H�gskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+RCSID("$Id: strcpy_truncate.c,v 1.2 1998/06/09 19:25:38 joda Exp $");
+
+#ifndef HAVE_STRCPY_TRUNCATE
+
+int
+strcpy_truncate (char *dst, const char *src, size_t dst_sz)
+{
+    int n;
+    char *p;
+
+    for (p = dst, n = 0;
+	 n + 1 < dst_sz && *src != '\0';
+	 ++p, ++src, ++n)
+	*p = *src;
+    *p = '\0';
+    if (*src == '\0')
+	return n;
+    else
+	return dst_sz;
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/strdup.c b/crypto/kerberosIV/lib/roken/strdup.c
new file mode 100644
index 0000000..87fb43e
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strdup.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strdup.c,v 1.10 1999/12/02 16:58:53 joda Exp $");
+#endif
+#include <stdlib.h>
+#include <string.h>
+
+#ifndef HAVE_STRDUP
+char *
+strdup(const char *old)
+{
+	char *t = malloc(strlen(old)+1);
+	if (t != 0)
+		strcpy(t, old);
+	return t;
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/strerror.c b/crypto/kerberosIV/lib/roken/strerror.c
new file mode 100644
index 0000000..21936d7
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strerror.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strerror.c,v 1.10 1999/12/02 16:58:53 joda Exp $");
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+extern int sys_nerr;
+extern char *sys_errlist[];
+
+char*
+strerror(int eno)
+{
+    static char emsg[1024];
+
+    if(eno < 0 || eno >= sys_nerr)
+	snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno);
+    else
+	snprintf(emsg, sizeof(emsg), "%s", sys_errlist[eno]);
+
+    return emsg;
+}
diff --git a/crypto/kerberosIV/lib/roken/strftime.c b/crypto/kerberosIV/lib/roken/strftime.c
new file mode 100644
index 0000000..b90614b
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strftime.c
@@ -0,0 +1,396 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+RCSID("$Id: strftime.c,v 1.10 1999/11/13 04:18:33 assar Exp $");
+
+static const char *abb_weekdays[] = {
+    "Sun",
+    "Mon",
+    "Tue",
+    "Wed",
+    "Thu",
+    "Fri",
+    "Sat",
+};
+
+static const char *full_weekdays[] = {
+    "Sunday",
+    "Monday",
+    "Tuesday",
+    "Wednesday",
+    "Thursday",
+    "Friday",
+    "Saturday",
+};
+
+static const char *abb_month[] = {
+    "Jan",
+    "Feb",
+    "Mar",
+    "Apr",
+    "May",
+    "Jun",
+    "Jul",
+    "Aug",
+    "Sep",
+    "Oct",
+    "Nov",
+    "Dec"
+};
+
+static const char *full_month[] = {
+    "January",
+    "February",
+    "Mars",
+    "April",
+    "May",
+    "June",
+    "July",
+    "August",
+    "September",
+    "October",
+    "November",
+    "December"
+};
+
+static const char *ampm[] = {
+    "AM",
+    "PM"
+};
+
+/*
+ * Convert hour in [0, 24] to [12 1 - 11 12 1 - 11 12]
+ */
+
+static int
+hour_24to12 (int hour)
+{
+    int ret = hour % 12;
+
+    if (ret == 0)
+	ret = 12;
+    return ret;
+}
+
+/*
+ * Return AM or PM for `hour'
+ */
+
+static const char *
+hour_to_ampm (int hour)
+{
+    return ampm[hour / 12];
+}
+
+/*
+ * Return the week number of `tm' (Sunday being the first day of the week)
+ * as [0, 53]
+ */
+
+static int
+week_number_sun (const struct tm *tm)
+{
+    return (tm->tm_yday + 7 - (tm->tm_yday % 7 - tm->tm_wday + 7) % 7) / 7;
+}
+
+/*
+ * Return the week number of `tm' (Monday being the first day of the week)
+ * as [0, 53]
+ */
+
+static int
+week_number_mon (const struct tm *tm)
+{
+    int wday = (tm->tm_wday + 6) % 7;
+
+    return (tm->tm_yday + 7 - (tm->tm_yday % 7 - wday + 7) % 7) / 7;
+}
+
+/*
+ * Return the week number of `tm' (Monday being the first day of the
+ * week) as [01, 53].  Week number one is the one that has four or more
+ * days in that year.
+ */
+
+static int
+week_number_mon4 (const struct tm *tm)
+{
+    int wday  = (tm->tm_wday + 6) % 7;
+    int w1day = (wday - tm->tm_yday % 7 + 7) % 7;
+    int ret;
+    
+    ret = (tm->tm_yday + w1day) / 7;
+    if (w1day >= 4)
+	--ret;
+    if (ret == -1)
+	ret = 53;
+    else
+	++ret;
+    return ret;
+}
+
+/*
+ *
+ */
+
+size_t
+strftime (char *buf, size_t maxsize, const char *format,
+	  const struct tm *tm)
+{
+    size_t n = 0;
+    size_t ret;
+
+    while (*format != '\0' && n < maxsize) {
+	if (*format == '%') {
+	    ++format;
+	    if(*format == 'E' || *format == 'O')
+		++format;
+	    switch (*format) {
+	    case 'a' :
+		ret = snprintf (buf, maxsize - n,
+				"%s", abb_weekdays[tm->tm_wday]);
+		break;
+	    case 'A' :
+		ret = snprintf (buf, maxsize - n,
+				"%s", full_weekdays[tm->tm_wday]);
+		break;
+	    case 'h' :
+	    case 'b' :
+		ret = snprintf (buf, maxsize - n,
+				"%s", abb_month[tm->tm_mon]);
+		break;
+	    case 'B' :
+		ret = snprintf (buf, maxsize - n,
+				"%s", full_month[tm->tm_mon]);
+		break;
+	    case 'c' :
+		ret = snprintf (buf, maxsize - n,
+				"%d:%02d:%02d %02d:%02d:%02d",
+				tm->tm_year,
+				tm->tm_mon + 1,
+				tm->tm_mday,
+				tm->tm_hour,
+				tm->tm_min,
+				tm->tm_sec);
+		break;
+	    case 'C' :
+		ret = snprintf (buf, maxsize - n,
+				"%02d", (tm->tm_year + 1900) / 100);
+		break;
+	    case 'd' :
+		ret = snprintf (buf, maxsize - n,
+				"%02d", tm->tm_mday);
+		break;
+	    case 'D' :
+		ret = snprintf (buf, maxsize - n,
+				"%02d/%02d/%02d",
+				tm->tm_mon + 1,
+				tm->tm_mday,
+				(tm->tm_year + 1900) % 100);
+		break;
+	    case 'e' :
+		ret = snprintf (buf, maxsize - n,
+				"%2d", tm->tm_mday);
+		break;
+	    case 'F':
+		ret = snprintf (buf, maxsize - n,
+				"%04d-%02d-%02d", tm->tm_year + 1900,
+				tm->tm_mon + 1, tm->tm_mday);
+		break;
+	    case 'g':
+		/* last two digits of week-based year */
+		abort();
+	    case 'G':
+		/* week-based year */
+		abort();
+	    case 'H' :
+		ret = snprintf (buf, maxsize - n,
+				"%02d", tm->tm_hour);
+		break;
+	    case 'I' :
+		ret = snprintf (buf, maxsize - n,
+				"%02d",
+				hour_24to12 (tm->tm_hour));
+		break;
+	    case 'j' :
+		ret = snprintf (buf, maxsize - n,
+				"%03d", tm->tm_yday + 1);
+		break;
+	    case 'k' :
+		ret = snprintf (buf, maxsize - n,
+				"%2d", tm->tm_hour);
+		break;
+	    case 'l' :
+		ret = snprintf (buf, maxsize - n,
+				"%2d",
+				hour_24to12 (tm->tm_hour));
+		break;
+	    case 'm' :
+		ret = snprintf (buf, maxsize - n,
+				"%02d", tm->tm_mon + 1);
+		break;
+	    case 'M' :
+		ret = snprintf (buf, maxsize - n,
+				"%02d", tm->tm_min);
+		break;
+	    case 'n' :
+		ret = snprintf (buf, maxsize - n, "\n");
+		break;
+	    case 'p' :
+		ret = snprintf (buf, maxsize - n, "%s",
+				hour_to_ampm (tm->tm_hour));
+		break;
+	    case 'r' :
+		ret = snprintf (buf, maxsize - n,
+				"%02d:%02d:%02d %s",
+				hour_24to12 (tm->tm_hour),
+				tm->tm_min,
+				tm->tm_sec,
+				hour_to_ampm (tm->tm_hour));
+		break;
+	    case 'R' :
+		ret = snprintf (buf, maxsize - n,
+				"%02d:%02d",
+				tm->tm_hour,
+				tm->tm_min);
+		    
+	    case 's' :
+		ret = snprintf (buf, maxsize - n,
+				"%d", (int)mktime((struct tm *)tm));
+		break;
+	    case 'S' :
+		ret = snprintf (buf, maxsize - n,
+				"%02d", tm->tm_sec);
+		break;
+	    case 't' :
+		ret = snprintf (buf, maxsize - n, "\t");
+		break;
+	    case 'T' :
+	    case 'X' :
+		ret = snprintf (buf, maxsize - n,
+				"%02d:%02d:%02d",
+				tm->tm_hour,
+				tm->tm_min,
+				tm->tm_sec);
+		break;
+	    case 'u' :
+		ret = snprintf (buf, maxsize - n,
+				"%d", (tm->tm_wday == 0) ? 7 : tm->tm_wday);
+		break;
+	    case 'U' :
+		ret = snprintf (buf, maxsize - n,
+				"%02d", week_number_sun (tm));
+		break;
+	    case 'V' :
+		ret = snprintf (buf, maxsize - n,
+				"%02d", week_number_mon4 (tm));
+		break;
+	    case 'w' :
+		ret = snprintf (buf, maxsize - n,
+				"%d", tm->tm_wday);
+		break;
+	    case 'W' :
+		ret = snprintf (buf, maxsize - n,
+				"%02d", week_number_mon (tm));
+		break;
+	    case 'x' :
+		ret = snprintf (buf, maxsize - n,
+				"%d:%02d:%02d",
+				tm->tm_year,
+				tm->tm_mon + 1,
+				tm->tm_mday);
+		break;
+	    case 'y' :
+		ret = snprintf (buf, maxsize - n,
+				"%02d", (tm->tm_year + 1900) % 100);
+		break;
+	    case 'Y' :
+		ret = snprintf (buf, maxsize - n,
+				"%d", tm->tm_year + 1900);
+		break;
+	    case 'z':
+		ret = snprintf (buf, maxsize - n,
+				"%ld",
+#if defined(HAVE_STRUCT_TM_TM_GMTOFF)
+				(long)tm->tm_gmtoff
+#elif defined(HAVE_TIMEZONE)
+				tm->tm_isdst ?
+				(long)altzone :
+				(long)timezone
+#else
+#error Where in timezone chaos are you?
+#endif    
+				);
+		break;
+	    case 'Z' :
+		ret = snprintf (buf, maxsize - n,
+				"%s",
+
+#if defined(HAVE_STRUCT_TM_TM_ZONE)
+				tm->tm_zone
+#elif defined(HAVE_TIMEZONE)
+				tzname[tm->tm_isdst]
+#else
+#error what?
+#endif
+		    );
+		break;
+	    case '\0' :
+		--format;
+		/* FALLTHROUGH */
+	    case '%' :
+		ret = snprintf (buf, maxsize - n,
+				"%%");
+		break;
+	    default :
+		ret = snprintf (buf, maxsize - n,
+				"%%%c", *format);
+		break;
+	    }
+	    if (ret >= maxsize - n)
+		return 0;
+	    n   += ret;
+	    buf += ret;
+	    ++format;
+	} else {
+	    *buf++ = *format++;
+	    ++n;
+	}
+    }
+    *buf++ = '\0';
+    return n;
+}
diff --git a/crypto/kerberosIV/lib/roken/strlcat.c b/crypto/kerberosIV/lib/roken/strlcat.c
new file mode 100644
index 0000000..d3c8baa
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strlcat.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+RCSID("$Id: strlcat.c,v 1.5 1999/12/02 16:58:53 joda Exp $");
+
+#ifndef HAVE_STRLCAT
+
+size_t
+strlcat (char *dst, const char *src, size_t dst_sz)
+{
+    size_t len = strlen(dst);
+
+    return len + strlcpy (dst + len, src, dst_sz - len);
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/strlcpy.c b/crypto/kerberosIV/lib/roken/strlcpy.c
new file mode 100644
index 0000000..33cd9cb
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strlcpy.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+RCSID("$Id: strlcpy.c,v 1.5 1999/12/02 16:58:53 joda Exp $");
+
+#ifndef HAVE_STRLCPY
+
+size_t
+strlcpy (char *dst, const char *src, size_t dst_sz)
+{
+    size_t n;
+    char *p;
+
+    for (p = dst, n = 0;
+	 n + 1 < dst_sz && *src != '\0';
+	 ++p, ++src, ++n)
+	*p = *src;
+    *p = '\0';
+    if (*src == '\0')
+	return n;
+    else
+	return n + strlen (src);
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/strlwr.c b/crypto/kerberosIV/lib/roken/strlwr.c
new file mode 100644
index 0000000..cb36789
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strlwr.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strlwr.c,v 1.4 1999/12/02 16:58:53 joda Exp $");
+#endif
+#include <string.h>
+#include <ctype.h>
+
+#include <roken.h>
+
+#ifndef HAVE_STRLWR
+char *
+strlwr(char *str)
+{
+  char *s;
+
+  for(s = str; *s; s++)
+    *s = tolower(*s);
+  return str;
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/strncasecmp.c b/crypto/kerberosIV/lib/roken/strncasecmp.c
new file mode 100644
index 0000000..7c6474f
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strncasecmp.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strncasecmp.c,v 1.2 1999/12/02 16:58:53 joda Exp $");
+#endif
+
+#include <string.h>
+#include <ctype.h>
+#include <stddef.h>
+
+#ifndef HAVE_STRNCASECMP
+
+int
+strncasecmp(const char *s1, const char *s2, size_t n)
+{
+    while(n > 0 && toupper(*s1) == toupper(*s2)) {
+	if(*s1 == '\0')
+	    return 0;
+	s1++;
+	s2++;
+	n--;
+    }
+    if(n == 0)
+	return 0;
+    return toupper(*s1) - toupper(*s2);
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/strndup.c b/crypto/kerberosIV/lib/roken/strndup.c
new file mode 100644
index 0000000..31e7e9f
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strndup.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strndup.c,v 1.2 1999/12/02 16:58:53 joda Exp $");
+#endif
+#include <stdlib.h>
+#include <string.h>
+
+#include <roken.h>
+
+#ifndef HAVE_STRNDUP
+char *
+strndup(const char *old, size_t sz)
+{
+    size_t len = strnlen (old, sz);
+    char *t    = malloc(len + 1);
+
+    if (t != NULL) {
+	memcpy (t, old, len);
+	t[len] = '\0';
+    }
+    return t;
+}
+#endif /* HAVE_STRNDUP */
diff --git a/crypto/kerberosIV/lib/roken/strnlen.c b/crypto/kerberosIV/lib/roken/strnlen.c
new file mode 100644
index 0000000..fffb3b7
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strnlen.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strnlen.c,v 1.7 1999/12/02 16:58:53 joda Exp $");
+#endif
+
+#include "roken.h"
+
+size_t
+strnlen(const char *s, size_t len)
+{
+    size_t i;
+
+    for(i = 0; i < len && s[i]; i++)
+	;
+    return i;
+}
diff --git a/crypto/kerberosIV/lib/roken/strpftime-test.c b/crypto/kerberosIV/lib/roken/strpftime-test.c
new file mode 100644
index 0000000..7eb8fb8
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strpftime-test.c
@@ -0,0 +1,287 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+RCSID("$Id: strpftime-test.c,v 1.2 1999/11/12 15:29:55 assar Exp $");
+
+enum { MAXSIZE = 26 };
+
+static struct testcase {
+    time_t t;
+    struct {
+	const char *format;
+	const char *result;
+    } vals[MAXSIZE];
+} tests[] = {
+    {0,
+     {
+	 {"%A", "Thursday"},
+	 {"%a", "Thu"},
+	 {"%B", "January"},
+	 {"%b", "Jan"},
+	 {"%C", "19"},
+	 {"%d", "01"},
+	 {"%e", " 1"},
+	 {"%H", "00"},
+	 {"%I", "12"},
+	 {"%j", "001"},
+	 {"%k", " 0"},
+	 {"%l", "12"},
+	 {"%M", "00"},
+	 {"%m", "01"},
+	 {"%n", "\n"},
+	 {"%p", "AM"},
+	 {"%S", "00"},
+	 {"%t", "\t"},
+	 {"%w", "4"},
+	 {"%Y", "1970"},
+	 {"%y", "70"},
+	 {"%U", "00"},
+	 {"%W", "00"},
+	 {"%V", "01"},
+	 {"%%", "%"},
+	 {NULL, NULL}}
+    },
+    {90000,
+     {
+	 {"%A", "Friday"},
+	 {"%a", "Fri"},
+	 {"%B", "January"},
+	 {"%b", "Jan"},
+	 {"%C", "19"},
+	 {"%d", "02"},
+	 {"%e", " 2"},
+	 {"%H", "01"},
+	 {"%I", "01"},
+	 {"%j", "002"},
+	 {"%k", " 1"},
+	 {"%l", " 1"},
+	 {"%M", "00"},
+	 {"%m", "01"},
+	 {"%n", "\n"},
+	 {"%p", "AM"},
+	 {"%S", "00"},
+	 {"%t", "\t"},
+	 {"%w", "5"},
+	 {"%Y", "1970"},
+	 {"%y", "70"},
+	 {"%U", "00"},
+	 {"%W", "00"},
+	 {"%V", "01"},
+	 {"%%", "%"},
+	 {NULL, NULL}
+     }
+    },
+    {216306,
+     {
+	 {"%A", "Saturday"},
+	 {"%a", "Sat"},
+	 {"%B", "January"},
+	 {"%b", "Jan"},
+	 {"%C", "19"},
+	 {"%d", "03"},
+	 {"%e", " 3"},
+	 {"%H", "12"},
+	 {"%I", "12"},
+	 {"%j", "003"},
+	 {"%k", "12"},
+	 {"%l", "12"},
+	 {"%M", "05"},
+	 {"%m", "01"},
+	 {"%n", "\n"},
+	 {"%p", "PM"},
+	 {"%S", "06"},
+	 {"%t", "\t"},
+	 {"%w", "6"},
+	 {"%Y", "1970"},
+	 {"%y", "70"},
+	 {"%U", "00"},
+	 {"%W", "00"},
+	 {"%V", "01"},
+	 {"%%", "%"},
+	 {NULL, NULL}
+     }
+    },
+    {259200,
+     {
+	 {"%A", "Sunday"},
+	 {"%a", "Sun"},
+	 {"%B", "January"},
+	 {"%b", "Jan"},
+	 {"%C", "19"},
+	 {"%d", "04"},
+	 {"%e", " 4"},
+	 {"%H", "00"},
+	 {"%I", "12"},
+	 {"%j", "004"},
+	 {"%k", " 0"},
+	 {"%l", "12"},
+	 {"%M", "00"},
+	 {"%m", "01"},
+	 {"%n", "\n"},
+	 {"%p", "AM"},
+	 {"%S", "00"},
+	 {"%t", "\t"},
+	 {"%w", "0"},
+	 {"%Y", "1970"},
+	 {"%y", "70"},
+	 {"%U", "01"},
+	 {"%W", "00"},
+	 {"%V", "01"},
+	 {"%%", "%"},
+	 {NULL, NULL}
+     }
+    },
+    {915148800,
+     {
+	 {"%A", "Friday"},
+	 {"%a", "Fri"},
+	 {"%B", "January"},
+	 {"%b", "Jan"},
+	 {"%C", "19"},
+	 {"%d", "01"},
+	 {"%e", " 1"},
+	 {"%H", "00"},
+	 {"%I", "12"},
+	 {"%j", "001"},
+	 {"%k", " 0"},
+	 {"%l", "12"},
+	 {"%M", "00"},
+	 {"%m", "01"},
+	 {"%n", "\n"},
+	 {"%p", "AM"},
+	 {"%S", "00"},
+	 {"%t", "\t"},
+	 {"%w", "5"},
+	 {"%Y", "1999"},
+	 {"%y", "99"},
+	 {"%U", "00"},
+	 {"%W", "00"},
+	 {"%V", "53"},
+	 {"%%", "%"},
+	 {NULL, NULL}}
+    },
+    {942161105,
+     {
+
+	 {"%A", "Tuesday"},
+	 {"%a", "Tue"},
+	 {"%B", "November"},
+	 {"%b", "Nov"},
+	 {"%C", "19"},
+	 {"%d", "09"},
+	 {"%e", " 9"},
+	 {"%H", "15"},
+	 {"%I", "03"},
+	 {"%j", "313"},
+	 {"%k", "15"},
+	 {"%l", " 3"},
+	 {"%M", "25"},
+	 {"%m", "11"},
+	 {"%n", "\n"},
+	 {"%p", "PM"},
+	 {"%S", "05"},
+	 {"%t", "\t"},
+	 {"%w", "2"},
+	 {"%Y", "1999"},
+	 {"%y", "99"},
+	 {"%U", "45"},
+	 {"%W", "45"},
+	 {"%V", "45"},
+	 {"%%", "%"},
+	 {NULL, NULL}
+     }
+    }
+};
+
+int
+main(int argc, char **argv)
+{
+    int i, j;
+    int ret = 0;
+
+    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); ++i) {
+	struct tm *tm;
+
+	tm = gmtime (&tests[i].t);
+
+	for (j = 0; tests[i].vals[j].format != NULL; ++j) {
+	    char buf[128];
+	    size_t len;
+	    struct tm tm2;
+	    char *ptr;
+
+	    len = strftime (buf, sizeof(buf), tests[i].vals[j].format, tm);
+	    if (len != strlen (buf)) {
+		printf ("length of strftime(\"%s\") = %d (\"%s\")\n",
+			tests[i].vals[j].format, len,
+			buf);
+		++ret;
+		continue;
+	    }
+	    if (strcmp (buf, tests[i].vals[j].result) != 0) {
+		printf ("result of strftime(\"%s\") = \"%s\" != \"%s\"\n",
+			tests[i].vals[j].format, buf,
+			tests[i].vals[j].result);
+		++ret;
+		continue;
+	    }
+	    memset (&tm2, 0, sizeof(tm2));
+	    ptr = strptime (tests[i].vals[j].result,
+			    tests[i].vals[j].format,
+			    &tm2);
+	    if (ptr == NULL || *ptr != '\0') {
+		printf ("bad return value from strptime("
+			"\"%s\", \"%s\")\n",
+			tests[i].vals[j].result,
+			tests[i].vals[j].format);
+		++ret;
+	    }
+	    strftime (buf, sizeof(buf), tests[i].vals[j].format, &tm2);
+	    if (strcmp (buf, tests[i].vals[j].result) != 0) {
+		printf ("reverse of \"%s\" failed: \"%s\" vs \"%s\"\n",
+			tests[i].vals[j].format,
+			buf, tests[i].vals[j].result);
+		++ret;
+	    }
+	}
+    }
+    if (ret) {
+	printf ("%d errors\n", ret);
+	return 1;
+    } else
+	return 0;
+}
diff --git a/crypto/kerberosIV/lib/roken/strptime.c b/crypto/kerberosIV/lib/roken/strptime.c
new file mode 100644
index 0000000..36f0822
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strptime.c
@@ -0,0 +1,444 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <ctype.h>
+#include "roken.h"
+
+RCSID("$Id: strptime.c,v 1.2 1999/11/12 15:29:55 assar Exp $");
+
+static const char *abb_weekdays[] = {
+    "Sun",
+    "Mon",
+    "Tue",
+    "Wed",
+    "Thu",
+    "Fri",
+    "Sat",
+    NULL
+};
+
+static const char *full_weekdays[] = {
+    "Sunday",
+    "Monday",
+    "Tuesday",
+    "Wednesday",
+    "Thursday",
+    "Friday",
+    "Saturday",
+    NULL
+};
+
+static const char *abb_month[] = {
+    "Jan",
+    "Feb",
+    "Mar",
+    "Apr",
+    "May",
+    "Jun",
+    "Jul",
+    "Aug",
+    "Sep",
+    "Oct",
+    "Nov",
+    "Dec",
+    NULL
+};
+
+static const char *full_month[] = {
+    "January",
+    "February",
+    "Mars",
+    "April",
+    "May",
+    "June",
+    "July",
+    "August",
+    "September",
+    "October",
+    "November",
+    "December",
+    NULL,
+};
+
+static const char *ampm[] = {
+    "am",
+    "pm",
+    NULL
+};
+
+/*
+ * Try to match `*buf' to one of the strings in `strs'.  Return the
+ * index of the matching string (or -1 if none).  Also advance buf.
+ */
+
+static int
+match_string (const char **buf, const char **strs)
+{
+    int i = 0;
+
+    for (i = 0; strs[i] != NULL; ++i) {
+	int len = strlen (strs[i]);
+
+	if (strncasecmp (*buf, strs[i], len) == 0) {
+	    *buf += len;
+	    return i;
+	}
+    }
+    return -1;
+}
+
+/*
+ * tm_year is relative this year */
+
+const int tm_year_base = 1900;
+
+/*
+ * Return TRUE iff `year' was a leap year.
+ */
+
+static int
+is_leap_year (int year)
+{
+    return (year % 4) == 0 && ((year % 100) != 0 || (year % 400) == 0);
+}
+
+/*
+ * Return the weekday [0,6] (0 = Sunday) of the first day of `year'
+ */
+
+static int
+first_day (int year)
+{
+    int ret = 4;
+
+    for (; year > 1970; --year)
+	ret = (ret + 365 + is_leap_year (year) ? 1 : 0) % 7;
+    return ret;
+}
+
+/*
+ * Set `timeptr' given `wnum' (week number [0, 53])
+ */
+
+static void
+set_week_number_sun (struct tm *timeptr, int wnum)
+{
+    int fday = first_day (timeptr->tm_year + tm_year_base);
+
+    timeptr->tm_yday = wnum * 7 + timeptr->tm_wday - fday;
+    if (timeptr->tm_yday < 0) {
+	timeptr->tm_wday = fday;
+	timeptr->tm_yday = 0;
+    }
+}
+
+/*
+ * Set `timeptr' given `wnum' (week number [0, 53])
+ */
+
+static void
+set_week_number_mon (struct tm *timeptr, int wnum)
+{
+    int fday = (first_day (timeptr->tm_year + tm_year_base) + 6) % 7;
+
+    timeptr->tm_yday = wnum * 7 + (timeptr->tm_wday + 6) % 7 - fday;
+    if (timeptr->tm_yday < 0) {
+	timeptr->tm_wday = (fday + 1) % 7;
+	timeptr->tm_yday = 0;
+    }
+}
+
+/*
+ * Set `timeptr' given `wnum' (week number [0, 53])
+ */
+
+static void
+set_week_number_mon4 (struct tm *timeptr, int wnum)
+{
+    int fday = (first_day (timeptr->tm_year + tm_year_base) + 6) % 7;
+    int offset = 0;
+
+    if (fday < 4)
+	offset += 7;
+
+    timeptr->tm_yday = offset + (wnum - 1) * 7 + timeptr->tm_wday - fday;
+    if (timeptr->tm_yday < 0) {
+	timeptr->tm_wday = fday;
+	timeptr->tm_yday = 0;
+    }
+}
+
+/*
+ *
+ */
+
+char *
+strptime (const char *buf, const char *format, struct tm *timeptr)
+{
+    char c;
+
+    for (; (c = *format) != '\0'; ++format) {
+	char *s;
+	int ret;
+
+	if (isspace (c)) {
+	    while (isspace (*buf))
+		++buf;
+	} else if (c == '%' && format[1] != '\0') {
+	    c = *++format;
+	    if (c == 'E' || c == 'O')
+		c = *++format;
+	    switch (c) {
+	    case 'A' :
+		ret = match_string (&buf, full_weekdays);
+		if (ret < 0)
+		    return NULL;
+		timeptr->tm_wday = ret;
+		break;
+	    case 'a' :
+		ret = match_string (&buf, abb_weekdays);
+		if (ret < 0)
+		    return NULL;
+		timeptr->tm_wday = ret;
+		break;
+	    case 'B' :
+		ret = match_string (&buf, full_month);
+		if (ret < 0)
+		    return NULL;
+		timeptr->tm_mon = ret;
+		break;
+	    case 'b' :
+	    case 'h' :
+		ret = match_string (&buf, abb_month);
+		if (ret < 0)
+		    return NULL;
+		timeptr->tm_mon = ret;
+		break;
+	    case 'C' :
+		ret = strtol (buf, &s, 10);
+		if (s == buf)
+		    return NULL;
+		timeptr->tm_year = (ret * 100) - tm_year_base;
+		buf = s;
+		break;
+	    case 'c' :
+		abort ();
+	    case 'D' :		/* %m/%d/%y */
+		s = strptime (buf, "%m/%d/%y", timeptr);
+		if (s == NULL)
+		    return NULL;
+		buf = s;
+		break;
+	    case 'd' :
+	    case 'e' :
+		ret = strtol (buf, &s, 10);
+		if (s == buf)
+		    return NULL;
+		timeptr->tm_mday = ret;
+		buf = s;
+		break;
+	    case 'H' :
+	    case 'k' :
+		ret = strtol (buf, &s, 10);
+		if (s == buf)
+		    return NULL;
+		timeptr->tm_hour = ret;
+		buf = s;
+		break;
+	    case 'I' :
+	    case 'l' :
+		ret = strtol (buf, &s, 10);
+		if (s == buf)
+		    return NULL;
+		if (ret == 12)
+		    timeptr->tm_hour = 0;
+		else
+		    timeptr->tm_hour = ret;
+		buf = s;
+		break;
+	    case 'j' :
+		ret = strtol (buf, &s, 10);
+		if (s == buf)
+		    return NULL;
+		timeptr->tm_yday = ret - 1;
+		buf = s;
+		break;
+	    case 'm' :
+		ret = strtol (buf, &s, 10);
+		if (s == buf)
+		    return NULL;
+		timeptr->tm_mon = ret - 1;
+		buf = s;
+		break;
+	    case 'M' :
+		ret = strtol (buf, &s, 10);
+		if (s == buf)
+		    return NULL;
+		timeptr->tm_min = ret;
+		buf = s;
+		break;
+	    case 'n' :
+		if (*buf == '\n')
+		    ++buf;
+		else
+		    return NULL;
+		break;
+	    case 'p' :
+		ret = match_string (&buf, ampm);
+		if (ret < 0)
+		    return NULL;
+		if (timeptr->tm_hour == 0) {
+		    if (ret == 1)
+			timeptr->tm_hour = 12;
+		} else
+		    timeptr->tm_hour += 12;
+		break;
+	    case 'r' :		/* %I:%M:%S %p */
+		s = strptime (buf, "%I:%M:%S %p", timeptr);
+		if (s == NULL)
+		    return NULL;
+		buf = s;
+		break;
+	    case 'R' :		/* %H:%M */
+		s = strptime (buf, "%H:%M", timeptr);
+		if (s == NULL)
+		    return NULL;
+		buf = s;
+		break;
+	    case 'S' :
+		ret = strtol (buf, &s, 10);
+		if (s == buf)
+		    return NULL;
+		timeptr->tm_sec = ret;
+		buf = s;
+		break;
+	    case 't' :
+		if (*buf == '\t')
+		    ++buf;
+		else
+		    return NULL;
+		break;
+	    case 'T' :		/* %H:%M:%S */
+	    case 'X' :
+		s = strptime (buf, "%H:%M:%S", timeptr);
+		if (s == NULL)
+		    return NULL;
+		buf = s;
+		break;
+	    case 'u' :
+		ret = strtol (buf, &s, 10);
+		if (s == buf)
+		    return NULL;
+		timeptr->tm_wday = ret - 1;
+		buf = s;
+		break;
+	    case 'w' :
+		ret = strtol (buf, &s, 10);
+		if (s == buf)
+		    return NULL;
+		timeptr->tm_wday = ret;
+		buf = s;
+		break;
+	    case 'U' :
+		ret = strtol (buf, &s, 10);
+		if (s == buf)
+		    return NULL;
+		set_week_number_sun (timeptr, ret);
+		buf = s;
+		break;
+	    case 'V' :
+		ret = strtol (buf, &s, 10);
+		if (s == buf)
+		    return NULL;
+		set_week_number_mon4 (timeptr, ret);
+		buf = s;
+		break;
+	    case 'W' :
+		ret = strtol (buf, &s, 10);
+		if (s == buf)
+		    return NULL;
+		set_week_number_mon (timeptr, ret);
+		buf = s;
+		break;
+	    case 'x' :
+		s = strptime (buf, "%Y:%m:%d", timeptr);
+		if (s == NULL)
+		    return NULL;
+		buf = s;
+		break;
+	    case 'y' :
+		ret = strtol (buf, &s, 10);
+		if (s == buf)
+		    return NULL;
+		if (ret < 70)
+		    timeptr->tm_year = 100 + ret;
+		else
+		    timeptr->tm_year = ret;
+		buf = s;
+		break;
+	    case 'Y' :
+		ret = strtol (buf, &s, 10);
+		if (s == buf)
+		    return NULL;
+		timeptr->tm_year = ret - tm_year_base;
+		buf = s;
+		break;
+	    case 'Z' :
+		abort ();
+	    case '\0' :
+		--format;
+		/* FALLTHROUGH */
+	    case '%' :
+		if (*buf == '%')
+		    ++buf;
+		else
+		    return NULL;
+		break;
+	    default :
+		if (*buf == '%' || *++buf == c)
+		    ++buf;
+		else
+		    return NULL;
+		break;
+	    }
+	} else {
+	    if (*buf == c)
+		++buf;
+	    else
+		return NULL;
+	}
+    }
+    return (char *)buf;
+}
diff --git a/crypto/kerberosIV/lib/roken/strsep.c b/crypto/kerberosIV/lib/roken/strsep.c
new file mode 100644
index 0000000..efc714a
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strsep.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strsep.c,v 1.3 1999/12/02 16:58:53 joda Exp $");
+#endif
+
+#include <string.h>
+
+#include "roken.h"
+
+#ifndef HAVE_STRSEP
+
+char *
+strsep(char **str, const char *delim)
+{
+    char *save = *str;
+    if(*str == NULL)
+	return NULL;
+    *str = *str + strcspn(*str, delim);
+    if(**str == 0)
+	*str = NULL;
+    else{
+	**str = 0;
+	(*str)++;
+    }
+    return save;
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/strtok_r.c b/crypto/kerberosIV/lib/roken/strtok_r.c
new file mode 100644
index 0000000..45b036a
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strtok_r.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strtok_r.c,v 1.5 1999/12/02 16:58:53 joda Exp $");
+#endif
+
+#include <string.h>
+
+#include "roken.h"
+
+#ifndef HAVE_STRTOK_R
+
+char *
+strtok_r(char *s1, const char *s2, char **lasts)
+{
+  char *ret;
+
+  if (s1 == NULL)
+    s1 = *lasts;
+  while(*s1 && strchr(s2, *s1))
+    ++s1;
+  if(*s1 == '\0')
+    return NULL;
+  ret = s1;
+  while(*s1 && !strchr(s2, *s1))
+    ++s1;
+  if(*s1)
+    *s1++ = '\0';
+  *lasts = s1;
+  return ret;
+}
+
+#endif /* HAVE_STRTOK_R */
diff --git a/crypto/kerberosIV/lib/roken/strupr.c b/crypto/kerberosIV/lib/roken/strupr.c
new file mode 100644
index 0000000..96dd042
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strupr.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strupr.c,v 1.4 1999/12/02 16:58:53 joda Exp $");
+#endif
+#include <string.h>
+#include <ctype.h>
+
+#include <roken.h>
+
+#ifndef HAVE_STRUPR
+char *
+strupr(char *str)
+{
+  char *s;
+
+  for(s = str; *s; s++)
+    *s = toupper(*s);
+  return str;
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/swab.c b/crypto/kerberosIV/lib/roken/swab.c
new file mode 100644
index 0000000..c623bd0
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/swab.c
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_SWAB
+
+RCSID("$Id: swab.c,v 1.7 1999/12/02 16:58:53 joda Exp $");
+
+void
+swab (char *from, char *to, int nbytes)
+{
+     while(nbytes >= 2) {
+	  *(to + 1) = *from;
+	  *to = *(from + 1);
+	  to += 2;
+	  from += 2;
+	  nbytes -= 2;
+     }
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/tm2time.c b/crypto/kerberosIV/lib/roken/tm2time.c
new file mode 100644
index 0000000..b912e32
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/tm2time.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: tm2time.c,v 1.7 1999/12/02 16:58:53 joda Exp $");
+#endif
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#include "roken.h"
+
+time_t
+tm2time (struct tm tm, int local)
+{
+     time_t t;
+
+     tm.tm_isdst = -1;
+
+     t = mktime (&tm);
+
+     if (!local)
+       t += t - mktime (gmtime (&t));
+     return t;
+}
diff --git a/crypto/kerberosIV/lib/roken/unsetenv.c b/crypto/kerberosIV/lib/roken/unsetenv.c
new file mode 100644
index 0000000..6d95a51
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/unsetenv.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: unsetenv.c,v 1.7 1999/12/02 16:58:53 joda Exp $");
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "roken.h"
+
+extern char **environ;
+
+/*
+ * unsetenv --
+ */
+void
+unsetenv(const char *name)
+{
+  int len;
+  const char *np;
+  char **p;
+
+  if (name == 0 || environ == 0)
+    return;
+
+  for (np = name; *np && *np != '='; np++)
+    /* nop */;
+  len = np - name;
+  
+  for (p = environ; *p != 0; p++)
+    if (strncmp(*p, name, len) == 0 && (*p)[len] == '=')
+      break;
+
+  for (; *p != 0; p++)
+    *p = *(p + 1);
+}
+
diff --git a/crypto/kerberosIV/lib/roken/verify.c b/crypto/kerberosIV/lib/roken/verify.c
new file mode 100644
index 0000000..842fa9a
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/verify.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: verify.c,v 1.13 1999/12/02 16:58:53 joda Exp $");
+#endif
+
+#include <stdio.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+#include "roken.h"
+
+int
+unix_verify_user(char *user, char *password)
+{
+    struct passwd *pw;
+    
+    pw = k_getpwnam(user);
+    if(pw == NULL)
+	return -1;
+    if(strlen(pw->pw_passwd) == 0 && strlen(password) == 0)
+	return 0;
+    if(strcmp(crypt(password, pw->pw_passwd), pw->pw_passwd) == 0)
+        return 0;
+    return -1;
+}
+
diff --git a/crypto/kerberosIV/lib/roken/verr.c b/crypto/kerberosIV/lib/roken/verr.c
new file mode 100644
index 0000000..511e640
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/verr.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
+ * (Royal Institute of Technology, Stockholm, Sweden).  
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: verr.c,v 1.8 1999/12/02 16:58:53 joda Exp $");
+#endif
+
+#include "err.h"
+
+void
+verr(int eval, const char *fmt, va_list ap)
+{
+    warnerr(1, fmt, ap);
+    exit(eval);
+}
diff --git a/crypto/kerberosIV/lib/roken/verrx.c b/crypto/kerberosIV/lib/roken/verrx.c
new file mode 100644
index 0000000..f4578d3
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/verrx.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
+ * (Royal Institute of Technology, Stockholm, Sweden).  
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: verrx.c,v 1.8 1999/12/02 16:58:53 joda Exp $");
+#endif
+
+#include "err.h"
+
+void
+verrx(int eval, const char *fmt, va_list ap)
+{
+    warnerr(0, fmt, ap);
+    exit(eval);
+}
diff --git a/crypto/kerberosIV/lib/roken/vsyslog.c b/crypto/kerberosIV/lib/roken/vsyslog.c
new file mode 100644
index 0000000..22e6a35
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/vsyslog.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: vsyslog.c,v 1.3 1999/12/02 16:58:54 joda Exp $");
+#endif
+
+#ifndef HAVE_VSYSLOG
+
+#include <stdio.h>
+#include <syslog.h>
+#include <stdarg.h>
+
+#include "roken.h"
+
+void
+vsyslog(int pri, const char *fmt, va_list ap)
+{
+    char *p;
+
+    vasprintf (&p, fmt, ap);
+    syslog (pri, "%s", p);
+    free (p);
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/vwarn.c b/crypto/kerberosIV/lib/roken/vwarn.c
new file mode 100644
index 0000000..15f9a38
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/vwarn.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
+ * (Royal Institute of Technology, Stockholm, Sweden).  
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: vwarn.c,v 1.8 1999/12/02 16:58:54 joda Exp $");
+#endif
+
+#include "err.h"
+
+void
+vwarn(const char *fmt, va_list ap)
+{
+    warnerr(1, fmt, ap);
+}
diff --git a/crypto/kerberosIV/lib/roken/vwarnx.c b/crypto/kerberosIV/lib/roken/vwarnx.c
new file mode 100644
index 0000000..48f1ffd
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/vwarnx.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
+ * (Royal Institute of Technology, Stockholm, Sweden).  
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: vwarnx.c,v 1.8 1999/12/02 16:58:54 joda Exp $");
+#endif
+
+#include "err.h"
+
+void
+vwarnx(const char *fmt, va_list ap)
+{
+    warnerr(0, fmt, ap);
+}
+
diff --git a/crypto/kerberosIV/lib/roken/warn.c b/crypto/kerberosIV/lib/roken/warn.c
new file mode 100644
index 0000000..d8ee335
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/warn.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
+ * (Royal Institute of Technology, Stockholm, Sweden).  
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: warn.c,v 1.6 1999/12/02 16:58:54 joda Exp $");
+#endif
+
+#include "err.h"
+
+void
+warn(const char *fmt, ...)
+{
+  va_list ap;
+  va_start(ap, fmt);
+  vwarn(fmt, ap);
+  va_end(ap);
+}
diff --git a/crypto/kerberosIV/lib/roken/warnerr.c b/crypto/kerberosIV/lib/roken/warnerr.c
new file mode 100644
index 0000000..4df375d
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/warnerr.c
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
+ * (Royal Institute of Technology, Stockholm, Sweden).  
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: warnerr.c,v 1.8 1999/12/02 16:58:54 joda Exp $");
+#endif
+
+#include "roken.h"
+#include "err.h"
+
+#ifndef HAVE___PROGNAME
+const char *__progname;
+#endif
+
+void
+set_progname(char *argv0)
+{
+#ifndef HAVE___PROGNAME
+    char *p;
+    if(argv0 == NULL)
+	return;
+    p = strrchr(argv0, '/');
+    if(p == NULL)
+	p = argv0;
+    else
+	p++;
+    __progname = p;
+#endif
+}
+
+void
+warnerr(int doerrno, const char *fmt, va_list ap)
+{
+    int sverrno = errno;
+    if(__progname != NULL){
+	fprintf(stderr, "%s", __progname);
+	if(fmt != NULL || doerrno)
+	    fprintf(stderr, ": ");
+    }
+    if (fmt != NULL){
+	vfprintf(stderr, fmt, ap);
+	if(doerrno)
+	    fprintf(stderr, ": ");
+    }
+    if(doerrno)
+	fprintf(stderr, "%s", strerror(sverrno));
+    fprintf(stderr, "\n");
+}
diff --git a/crypto/kerberosIV/lib/roken/warnx.c b/crypto/kerberosIV/lib/roken/warnx.c
new file mode 100644
index 0000000..c991176
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/warnx.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
+ * (Royal Institute of Technology, Stockholm, Sweden).  
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: warnx.c,v 1.6 1999/12/02 16:58:54 joda Exp $");
+#endif
+
+#include "err.h"
+
+void
+warnx(const char *fmt, ...)
+{
+  va_list ap;
+  va_start(ap, fmt);
+  vwarnx(fmt, ap);
+  va_end(ap);
+}
diff --git a/crypto/kerberosIV/lib/roken/writev.c b/crypto/kerberosIV/lib/roken/writev.c
new file mode 100644
index 0000000..e3859bf
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/writev.c
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: writev.c,v 1.3 1999/12/02 16:58:54 joda Exp $");
+#endif
+
+#include "roken.h"
+
+ssize_t
+writev(int d, const struct iovec *iov, int iovcnt)
+{
+    ssize_t ret;
+    size_t tot = 0;
+    int i;
+    char *buf, *p;
+
+    for(i = 0; i < iovcnt; ++i)
+	tot += iov[i].iov_len;
+    buf = malloc(tot);
+    if (tot != 0 && buf == NULL) {
+	errno = ENOMEM;
+	return -1;
+    }
+    p = buf;
+    for (i = 0; i < iovcnt; ++i) {
+	memcpy (p, iov[i].iov_base, iov[i].iov_len);
+	p += iov[i].iov_len;
+    }
+    ret = write (d, buf, tot);
+    free (buf);
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/xdbm.h b/crypto/kerberosIV/lib/roken/xdbm.h
new file mode 100644
index 0000000..83885b3
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/xdbm.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: xdbm.h,v 1.6 1999/12/02 16:58:54 joda Exp $ */
+
+/* Generic *dbm include file */
+
+#ifndef __XDBM_H__
+#define __XDBM_H__
+
+#ifdef HAVE_NDBM_H
+#include <ndbm.h>
+#elif defined(HAVE_DBM_H)
+#include <dbm.h>
+#elif defined(HAVE_RPCSVC_DBM_H)
+#include <rpcsvc/dbm.h>
+#elif defined(HAVE_DB_H)
+#define DB_DBM_HSEARCH 1
+#include <db.h>
+#endif
+
+/* Macros to convert ndbm names to dbm names.
+ * Note that dbm_nextkey() cannot be simply converted using a macro, since
+ * it is invoked giving the database, and nextkey() needs the previous key.
+ *
+ * Instead, all routines call "dbm_next" instead.
+ */
+
+#ifndef NDBM
+typedef char DBM;
+
+#define dbm_open(file, flags, mode) ((dbminit(file) == 0)?"":((char *)0))
+#define dbm_fetch(db, key) fetch(key)
+#define dbm_store(db, key, content, flag) store(key, content)
+#define dbm_delete(db, key) delete(key)
+#define dbm_firstkey(db) firstkey()
+#define dbm_next(db,key) nextkey(key)
+#define dbm_close(db) dbmclose()
+#else
+#define dbm_next(db,key) dbm_nextkey(db)
+#endif
+
+#endif /* __XDBM_H__ */
diff --git a/crypto/kerberosIV/lib/sl/ChangeLog b/crypto/kerberosIV/lib/sl/ChangeLog
new file mode 100644
index 0000000..a8647de
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/ChangeLog
@@ -0,0 +1,112 @@
+Thu Apr  1 17:03:59 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* make_cmds.c: use getarg
+
+Tue Mar 23 14:36:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: don't rename
+
+Sun Mar 21 14:13:29 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: don't roken-rename
+
+Sat Mar 20 03:43:30 1999  Assar Westerlund  <assar@sics.se>
+
+	* parse.y: replace return with YYACCEPT
+
+Fri Mar 19 14:53:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: add libss; add version-info
+
+Thu Mar 18 15:07:06 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: clean lex.c parse.c parse.h
+
+	* Makefile.am: install ss.h
+
+	* Makefile.am: include Makefile.am.common
+
+Thu Mar 11 15:01:01 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* parse.y: prototype for error_message
+
+Tue Feb  9 23:45:37 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.in: add snprintf.o to make_cmds
+
+Sun Nov 22 10:46:23 1998  Assar Westerlund  <assar@sics.se>
+
+	* sl.c (sl_command_loop): remove unused variable
+
+	* ss.c (ss_error): remove unused variable
+
+	* make_cmds.c: include err.h
+	(main): remove unused variable
+
+	* Makefile.in (WFLAGS): set
+
+Sun Sep 27 01:28:21 1998  Assar Westerlund  <assar@sics.se>
+
+	* make_cmds.c: clean-up and simplification
+
+Mon May 25 02:54:13 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (clean): try to remove shared library debris
+
+	* Makefile.in: make symlink magic work
+
+Sun Apr 19 10:00:26 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: add symlink magic for linux
+
+Sun Apr  5 09:21:43 1998  Assar Westerlund  <assar@sics.se>
+
+	* parse.y: define alloca to malloc in case we're using bison but
+ 	don't have alloca
+
+Sat Mar 28 11:39:00 1998  Assar Westerlund  <assar@sics.se>
+
+	* sl.c (sl_loop): s/2/1
+
+Sat Mar 21 00:46:51 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* sl.c (sl_loop): check that there is at least one argument before
+ 	calling sl_command
+
+Sun Mar  1 05:14:37 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* sl.c (sl_loop): Fix general broken-ness.
+
+	* sl.c: Cleanup printing of help strings.
+
+Thu Feb 26 02:22:02 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: @LEXLIB@
+
+Sat Feb 21 15:18:21 1998  assar westerlund  <assar@sics.se>
+
+	* Makefile.in: set YACC and LEX
+
+Mon Feb 16 16:08:25 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* Makefile.am: Some fixes for ss/mk_cmds.
+
+Sun Feb 15 05:12:11 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* Makefile.in: Install libsl under the `libss' name too. Install
+ 	mk_cmds, and ss.h.
+
+	* make_cmds.c: A mk_cmds clone that creates SL structures.
+
+	* ss.c: SS compatibility functions.
+
+	* sl.c: Move command line split to function `sl_make_argv'.
+
+Tue Feb  3 16:45:44 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* sl.c: Add sl_command_loop, that is the loop body of sl_loop.
+
+Mon Oct 20 01:13:21 1997  Assar Westerlund  <assar@sics.se>
+
+	* sl.c (sl_help): actually use the `help' field of `SL_cmd'
+
diff --git a/crypto/kerberosIV/lib/sl/Makefile.am b/crypto/kerberosIV/lib/sl/Makefile.am
new file mode 100644
index 0000000..54bc75b
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/Makefile.am
@@ -0,0 +1,44 @@
+# $Id: Makefile.am,v 1.14 1999/04/09 18:28:29 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+YFLAGS = -d
+
+include_HEADERS = sl.h
+
+lib_LTLIBRARIES = libsl.la libss.la
+libsl_la_LDFLAGS = -version-info 0:0:0
+libss_la_LDFLAGS = -version-info 0:0:0
+
+RENAME_SRC = roken_rename.h strtok_r.c snprintf.c
+
+libsl_la_SOURCES = sl_locl.h sl.c
+libss_la_SOURCES = $(libsl_la_SOURCES) ss.c ss.h
+
+EXTRA_libsl_la_SOURCES = strtok_r.c snprintf.c roken_rename.h
+
+# install these?
+
+noinst_PROGRAMS = mk_cmds
+
+mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l
+
+RENAME_mk_cmds_SRC = roken_rename.h snprintf.c
+
+EXTRA_mk_cmds_SOURCES = snprintf.c roken_rename.h
+
+ssincludedir = $(includedir)/ss
+ssinclude_HEADERS = ss.h
+
+CLEANFILES = lex.c parse.c parse.h snprintf.c strtok_r.c
+
+$(mk_cmds_OBJECTS): parse.h
+
+LDADD = \
+	$(LIB_roken) \
+	$(LEXLIB)
+
+strtok_r.c:
+	$(LN_S) $(srcdir)/../roken/strtok_r.c .
+snprintf.c:
+	$(LN_S) $(srcdir)/../roken/snprintf.c .
diff --git a/crypto/kerberosIV/lib/sl/Makefile.in b/crypto/kerberosIV/lib/sl/Makefile.in
new file mode 100644
index 0000000..6cdb8a6
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/Makefile.in
@@ -0,0 +1,139 @@
+#
+# $Id: Makefile.in,v 1.31 1999/03/10 19:01:17 joda Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+top_builddir=../..
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+LN_S = @LN_S@
+DEFS = @DEFS@ -DROKEN_RENAME
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+YACC = @YACC@
+LEX = @LEX@
+
+INSTALL = @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+bindir = @bindir@
+includedir = @includedir@
+
+LIB_DEPS = @lib_deps_yes@ @LIB_readline@ -lc
+build_symlink_command   = @build_symlink_command@
+install_symlink_command = @install_symlink_command@
+install_symlink_command2 = @install_symlink_command2@
+
+PICFLAGS = @PICFLAGS@
+EXECSUFFIX = @EXECSUFFIX@
+ 
+LIBEXT = @LIBEXT@
+SHLIBEXT = @SHLIBEXT@
+LIBPREFIX = @LIBPREFIX@
+LIBNAME = $(LIBPREFIX)sl
+sl_LIB = $(LIBNAME).$(LIBEXT)
+LIB = $(sl_LIB)
+LIBNAME2 = $(LIBPREFIX)ss
+ss_LIB = $(LIBNAME2).$(LIBEXT)
+LIB2 = $(ss_LIB)
+LDSHARED = @LDSHARED@
+PROGS = mk_cmds$(EXECSUFFIX)
+
+LIB_SOURCES = sl.c ss.c
+EXTRA_SOURCES = strtok_r.c snprintf.c
+
+SOURCES = $(LIB_SOURCES) make_cmds.c $(EXTRA_SOURCES)
+
+LIBADD = strtok_r.o snprintf.o
+
+LIB_OBJECTS = sl.o ss.o $(LIBADD)
+
+mk_cmds_OBJECTS = make_cmds.o parse.o lex.o snprintf.o
+
+OBJECTS = $(LIB_OBJECTS) $(mk_cmds_OBJECTS)
+
+all: $(sl_LIB) $(PROGS)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../include -I. -I$(srcdir) -I$(srcdir)/../des $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(includedir)/ss
+	$(INSTALL_DATA) $(srcdir)/ss.h $(DESTDIR)$(includedir)/ss/ss.h
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	$(INSTALL) -m 555 $(sl_LIB) $(DESTDIR)$(libdir)/$(sl_LIB)
+	$(INSTALL) -m 555 $(sl_LIB) $(DESTDIR)$(libdir)/$(ss_LIB)
+	@install_symlink_command@
+	@install_symlink_command2@
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
+	$(INSTALL) -m 0555 $(PROGS) $(DESTDIR)$(bindir)/$(PROGS)
+
+uninstall:
+	rm -f $(DESTDIR)$(includedir)/ss/ss.h
+	rm -f $(DESTDIR)$(libdir)/$(sl_LIB) $(DESTDIR)$(libdir)/$(ss_LIB)
+	rm -f $(DESTDIR)$(bindir)/$(PROGS)
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f $(sl_LIB) $(PROGS) lex.c parse.c parse.h *.o *.a *.so *.so.* so_locations
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *~
+
+realclean: distclean
+	rm -f TAGS
+
+$(LIBNAME).a: $(LIB_OBJECTS)
+	rm -f $@
+	$(AR) cr $@ $(LIB_OBJECTS)
+	-$(RANLIB) $@
+
+$(LIBNAME).$(SHLIBEXT): $(LIB_OBJECTS)
+	rm -f $@
+	$(LDSHARED) -o $@ $(LIB_OBJECTS) $(LIB_DEPS)
+	@build_symlink_command@
+
+$(OBJECTS): ../../include/config.h
+
+$(mk_cmds_OBJECTS): parse.h
+
+mk_cmds$(EXECSUFFIX): $(mk_cmds_OBJECTS)
+	$(LINK) $(CFLAGS) -o $@ $(mk_cmds_OBJECTS) -L../roken -lroken
+
+parse.c: parse.h
+parse.h: $(srcdir)/parse.y
+	$(YACC) -d $(srcdir)/parse.y
+	mv -f y.tab.h parse.h
+	mv -f y.tab.c parse.c
+
+lex.c: $(srcdir)/lex.l
+	$(LEX) $(srcdir)/lex.l
+	mv -f lex.yy.c lex.c
+
+strtok_r.c:
+	$(LN_S) $(srcdir)/../roken/strtok_r.c .
+snprintf.c:
+	$(LN_S) $(srcdir)/../roken/snprintf.c .
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/sl/lex.l b/crypto/kerberosIV/lib/sl/lex.l
new file mode 100644
index 0000000..b7c1c44
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/lex.l
@@ -0,0 +1,114 @@
+%{
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "make_cmds.h"
+#include "parse.h"
+
+RCSID("$Id: lex.l,v 1.3 1999/12/02 16:58:55 joda Exp $");
+
+static unsigned lineno = 1;
+void error_message(char *, ...);
+int getstring(void);
+
+%}
+
+
+%%
+command_table		{ return TABLE; }
+request			{ return REQUEST; }
+unknown			{ return UNKNOWN; }
+unimplemented		{ return UNIMPLEMENTED; }
+end			{ return END; }
+#[^\n]*			;
+[ \t]			;
+\n			{ lineno++; }
+\"			{ return getstring(); }
+[a-zA-Z0-9_]+		{ yylval.string = strdup(yytext); return STRING; }
+.			{ return *yytext; }
+%%
+
+#ifndef yywrap /* XXX */
+int
+yywrap () 
+{
+     return 1;
+}
+#endif
+
+int
+getstring(void)
+{
+    char x[128];
+    int i = 0;
+    int c;
+    int backslash = 0;
+    while((c = input()) != EOF){
+	if(backslash) {
+	    if(c == 'n')
+		c = '\n';
+	    else if(c == 't')
+		c = '\t';
+	    x[i++] = c;
+	    backslash = 0;
+	    continue;
+	}
+	if(c == '\n'){
+	    error_message("unterminated string");
+	    lineno++;
+	    break;
+	}
+	if(c == '\\'){
+	    backslash++;
+	    continue;
+	}
+	if(c == '\"')
+	    break;
+	x[i++] = c;
+    }
+    x[i] = '\0';
+    yylval.string = strdup(x);
+    return STRING;
+}
+
+void
+error_message (char *format, ...)
+{
+     va_list args;
+
+     va_start (args, format);
+     fprintf (stderr, "%s:%d: ", filename, lineno);
+     vfprintf (stderr, format, args);
+     va_end (args);
+     numerror++;
+}
diff --git a/crypto/kerberosIV/lib/sl/make_cmds.c b/crypto/kerberosIV/lib/sl/make_cmds.c
new file mode 100644
index 0000000..492e9e6
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/make_cmds.c
@@ -0,0 +1,240 @@
+/*
+ * Copyright (c) 1998-1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "make_cmds.h"
+#include <getarg.h>
+
+RCSID("$Id: make_cmds.c,v 1.6 1999/12/02 16:58:55 joda Exp $");
+
+#include <roken.h>
+#include <err.h>
+#include "parse.h"
+
+int numerror;
+extern FILE *yyin;
+FILE *c_file;
+
+extern void yyparse(void);
+
+#ifdef YYDEBUG
+extern int yydebug = 1;
+#endif
+
+char *filename;
+char *table_name;
+
+static struct command_list *commands;
+
+void
+add_command(char *function, 
+	    char *help, 
+	    struct string_list *aliases, 
+	    unsigned flags)
+{
+    struct command_list *cl = malloc(sizeof(*cl));
+
+    if (cl == NULL)
+	err (1, "malloc");
+    cl->function = function;
+    cl->help = help;
+    cl->aliases = aliases;
+    cl->flags = flags;
+    cl->next = NULL;
+    if(commands) {
+	*commands->tail = cl;
+	commands->tail = &cl->next;
+	return;
+    }
+    cl->tail = &cl->next;
+    commands = cl;
+}
+
+static char *
+quote(const char *str)
+{
+    char buf[1024]; /* XXX */
+    const char *p;
+    char *q;
+    q = buf;
+    
+    *q++ = '\"';
+    for(p = str; *p != '\0'; p++) {
+	if(*p == '\n') {
+	    *q++ = '\\';
+	    *q++ = 'n';
+	    continue;
+	}
+	if(*p == '\t') {
+	    *q++ = '\\';
+	    *q++ = 't';
+	    continue;
+	}
+	if(*p == '\"' || *p == '\\')
+	    *q++ = '\\';
+	*q++ = *p;
+    }
+    *q++ = '\"';
+    *q++ = '\0';
+    return strdup(buf);
+}
+
+static void
+generate_commands(void)
+{
+    char *base;
+    char *cfn;
+    char *p;
+
+    p = strrchr(table_name, '/');
+    if(p == NULL)
+	p = table_name;
+    else
+	p++;
+
+    base = strdup (p);
+    if (base == NULL)
+	err (1, "strdup");
+
+    p = strrchr(base, '.');
+    if(p)
+	*p = '\0';
+    
+    asprintf(&cfn, "%s.c", base);
+    if (cfn == NULL)
+	err (1, "asprintf");
+
+    c_file = fopen(cfn, "w");
+    if (c_file == NULL)
+	err (1, "cannot fopen %s", cfn);
+    
+    fprintf(c_file, "/* Generated from %s */\n", filename);
+    fprintf(c_file, "\n");
+    fprintf(c_file, "#include <stddef.h>\n");
+    fprintf(c_file, "#include <sl.h>\n");
+    fprintf(c_file, "\n");
+
+    {
+	struct command_list *cl, *xl;
+	char *p, *q;
+
+	for(cl = commands; cl; cl = cl->next) {
+	    for(xl = commands; xl != cl; xl = xl->next)
+		if(strcmp(cl->function, xl->function) == 0)
+		    break;
+	    if(xl != cl)
+		continue;
+	    /* XXX hack for ss_quit */
+	    if(strcmp(cl->function, "ss_quit") == 0) {
+		fprintf(c_file, "int %s (int, char**);\n", cl->function);
+		fprintf(c_file, "#define _ss_quit_wrap ss_quit\n\n"); 
+		continue;
+	    }
+	    fprintf(c_file, "void %s (int, char**);\n", cl->function);
+	    fprintf(c_file, "static int _%s_wrap (int argc, char **argv)\n", 
+		    cl->function);
+	    fprintf(c_file, "{\n");
+	    fprintf(c_file, "  %s (argc, argv);\n", cl->function);
+	    fprintf(c_file, "  return 0;\n");
+	    fprintf(c_file, "}\n\n");
+	}
+
+	fprintf(c_file, "SL_cmd %s[] = {\n", table_name);
+	for(cl = commands; cl; cl = cl->next) {
+	    struct string_list *sl;
+	    sl = cl->aliases;
+	    p = quote(sl->string);
+	    q = quote(cl->help);
+	    fprintf(c_file, "  { %s, _%s_wrap, %s },\n", p, cl->function, q);
+	    free(p);
+	    free(q);
+    
+	    for(sl = sl->next; sl; sl = sl->next) {
+		p = quote(sl->string);
+		fprintf(c_file, "  { %s },\n", p);
+		free(p);
+	    }
+	}
+	fprintf(c_file, "  { NULL },\n");
+	fprintf(c_file, "};\n");
+	fprintf(c_file, "\n");
+    }
+    fclose(c_file);
+    free(base);
+    free(cfn);
+}
+
+int version_flag;
+int help_flag;
+struct getargs args[] = {
+    { "version", 0, arg_flag, &version_flag },
+    { "help", 0, arg_flag, &help_flag }
+};
+int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int code)
+{
+    arg_printusage(args, num_args, NULL, "command-table");
+    exit(code);
+}
+
+int
+main(int argc, char **argv)
+{
+    int optind = 0;
+
+    set_progname(argv[0]);
+    if(getarg(args, num_args, argc, argv, &optind))
+	usage(1);
+    if(help_flag)
+	usage(0);
+    if(version_flag) {
+	print_version(NULL);
+	exit(0);
+    }
+    
+    if(argc == optind)
+	usage(1);
+    filename = argv[optind];
+    yyin = fopen(filename, "r");
+    if(yyin == NULL)
+	err(1, "%s", filename);
+    
+    yyparse();
+    
+    generate_commands();
+
+    if(numerror)
+	return 1;
+    return 0;
+}
diff --git a/crypto/kerberosIV/lib/sl/make_cmds.h b/crypto/kerberosIV/lib/sl/make_cmds.h
new file mode 100644
index 0000000..24dbd60
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/make_cmds.h
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: make_cmds.h,v 1.2 1999/12/02 16:58:55 joda Exp $ */
+
+#ifndef __MAKE_CMDS_H__
+#define __MAKE_CMDS_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdarg.h>
+
+extern char *filename;
+extern char *table_name;
+extern int numerror;
+
+struct command_list {
+    char *function;
+    char *help;
+    struct string_list *aliases;
+    unsigned flags;
+    struct command_list *next;
+    struct command_list **tail;
+};
+
+struct string_list {
+    char *string;
+    struct string_list *next;
+    struct string_list **tail;
+};
+
+void add_command(char*, char*, struct string_list*, unsigned);
+
+#endif /* __MAKE_CMDS_H__ */
diff --git a/crypto/kerberosIV/lib/sl/parse.y b/crypto/kerberosIV/lib/sl/parse.y
new file mode 100644
index 0000000..b8b2d63
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/parse.y
@@ -0,0 +1,194 @@
+%{
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "make_cmds.h"
+RCSID("$Id: parse.y,v 1.5 1999/12/02 16:58:55 joda Exp $");
+
+void yyerror (char *s);
+long name2number(const char *str);
+void error_message(char *, ...);
+
+struct string_list* append_string(struct string_list*, char*);
+void free_string_list(struct string_list *list);
+unsigned string_to_flag(const char *);
+
+/* This is for bison */
+
+#if !defined(alloca) && !defined(HAVE_ALLOCA)
+#define alloca(x) malloc(x)
+#endif
+
+%}
+
+%union {
+  char *string;
+  unsigned number;
+  struct string_list *list;
+}
+
+%token TABLE REQUEST UNKNOWN UNIMPLEMENTED END
+%token <string> STRING
+%type <number> flag flags
+%type <list> aliases
+
+%%
+
+file		: /* */ 
+		| statements
+		;
+
+statements	: statement
+		| statements statement
+		;
+
+statement	: TABLE STRING ';'
+		{
+		    table_name = $2;
+		}
+		| REQUEST STRING ',' STRING ',' aliases ',' '(' flags ')' ';'
+		{
+		    add_command($2, $4, $6, $9);
+		}
+		| REQUEST STRING ',' STRING ',' aliases ';'
+		{
+		    add_command($2, $4, $6, 0);
+		}
+		| UNIMPLEMENTED STRING ',' STRING ',' aliases ';'
+		{
+		    free($2);
+		    free($4);
+		    free_string_list($6);
+		}
+		| UNKNOWN aliases ';'
+		{
+		    free_string_list($2);
+		}
+		| END ';'
+		{
+		    YYACCEPT;
+		}
+		;
+
+aliases		: STRING
+		{
+		    $$ = append_string(NULL, $1);
+		}
+		| aliases ',' STRING
+		{
+		    $$ = append_string($1, $3);
+		}
+		;
+
+flags		: flag
+		{
+		    $$ = $1;
+		}
+		| flags ',' flag
+		{
+		    $$ = $1 | $3;
+		}
+		;
+flag		: STRING
+		{
+		    $$ = string_to_flag($1);
+		    free($1);
+		}
+		;
+
+
+
+%%
+
+long
+name2number(const char *str)
+{
+    const char *p;
+    long base = 0;
+    const char *x = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+	"abcdefghijklmnopqrstuvwxyz0123456789_";
+    if(strlen(str) > 4) {
+	yyerror("table name too long");
+	return 0;
+    }
+    for(p = str; *p; p++){
+	char *q = strchr(x, *p);
+	if(q == NULL) {
+	    yyerror("invalid character in table name");
+	    return 0;
+	}
+	base = (base << 6) + (q - x) + 1;
+    }
+    base <<= 8;
+    if(base > 0x7fffffff)
+	base = -(0xffffffff - base + 1);
+    return base;
+}
+
+void
+yyerror (char *s)
+{
+    error_message ("%s\n", s);
+}
+
+struct string_list*
+append_string(struct string_list *list, char *str)
+{
+    struct string_list *sl = malloc(sizeof(*sl));
+    sl->string = str;
+    sl->next = NULL;
+    if(list) {
+	*list->tail = sl;
+	list->tail = &sl->next;
+	return list;
+    }
+    sl->tail = &sl->next;
+    return sl;
+}
+
+void
+free_string_list(struct string_list *list)
+{
+    while(list) {
+	struct string_list *sl = list->next;
+	free(list->string);
+	free(list);
+	list = sl;
+    }
+}
+
+unsigned
+string_to_flag(const char *string)
+{
+    return 0;
+}
diff --git a/crypto/kerberosIV/lib/sl/roken_rename.h b/crypto/kerberosIV/lib/sl/roken_rename.h
new file mode 100644
index 0000000..c668802
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/roken_rename.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: roken_rename.h,v 1.3 1999/12/02 16:58:55 joda Exp $ */
+
+#ifndef __roken_rename_h__
+#define __roken_rename_h__
+
+#ifndef HAVE_STRTOK_R
+#define strtok_r _sl_strtok_r
+#endif
+#ifndef HAVE_SNPRINTF
+#define snprintf _sl_snprintf
+#endif
+#ifndef HAVE_ASPRINTF
+#define asprintf _sl_asprintf
+#endif
+#ifndef HAVE_ASNPRINTF
+#define asnprintf _sl_asnprintf
+#endif
+#ifndef HAVE_VASPRINTF
+#define vasprintf _sl_vasprintf
+#endif
+#ifndef HAVE_VASNPRINTF
+#define vasnprintf _sl_vasnprintf
+#endif
+#ifndef HAVE_VSNPRINTF
+#define vsnprintf _sl_vsnprintf
+#endif
+
+#endif /* __roken_rename_h__ */
diff --git a/crypto/kerberosIV/lib/sl/sl.c b/crypto/kerberosIV/lib/sl/sl.c
new file mode 100644
index 0000000..688ca8b
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/sl.c
@@ -0,0 +1,223 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: sl.c,v 1.25 1999/12/02 16:58:55 joda Exp $");
+#endif
+
+#include "sl_locl.h"
+
+static SL_cmd *
+sl_match (SL_cmd *cmds, char *cmd, int exactp)
+{
+    SL_cmd *c, *current = NULL, *partial_cmd = NULL;
+    int partial_match = 0;
+
+    for (c = cmds; c->name; ++c) {
+	if (c->func)
+	    current = c;
+	if (strcmp (cmd, c->name) == 0)
+	    return current;
+	else if (strncmp (cmd, c->name, strlen(cmd)) == 0 &&
+		 partial_cmd != current) {
+	    ++partial_match;
+	    partial_cmd = current;
+	}
+    }
+    if (partial_match == 1 && !exactp)
+	return partial_cmd;
+    else
+	return NULL;
+}
+
+void
+sl_help (SL_cmd *cmds, int argc, char **argv)
+{
+    SL_cmd *c, *prev_c;
+
+    if (argc == 1) {
+	prev_c = NULL;
+	for (c = cmds; c->name; ++c) {
+	    if (c->func) {
+		if(prev_c)
+		    printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "",
+			    prev_c->usage ? "\n" : "");
+		prev_c = c;
+		printf ("%s", c->name);
+	    } else
+		printf (", %s", c->name);
+	}
+	if(prev_c)
+	    printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "",
+		    prev_c->usage ? "\n" : "");
+    } else { 
+	c = sl_match (cmds, argv[1], 0);
+	if (c == NULL)
+	    printf ("No such command: %s. "
+		    "Try \"help\" for a list of all commands\n",
+		    argv[1]);
+	else {
+	    printf ("%s\t%s\n", c->name, c->usage);
+	    if(c->help && *c->help)
+		printf ("%s\n", c->help);
+	    if((++c)->name && c->func == NULL) {
+		printf ("Synonyms:");
+		while (c->name && c->func == NULL)
+		    printf ("\t%s", (c++)->name);
+		printf ("\n");
+	    }
+	}
+    }
+}
+
+#ifdef HAVE_READLINE
+
+char *readline(char *prompt);
+void add_history(char *p);
+
+#else
+
+static char *
+readline(char *prompt)
+{
+    char buf[BUFSIZ];
+    printf ("%s", prompt);
+    fflush (stdout);
+    if(fgets(buf, sizeof(buf), stdin) == NULL)
+	return NULL;
+    if (buf[strlen(buf) - 1] == '\n')
+	buf[strlen(buf) - 1] = '\0';
+    return strdup(buf);
+}
+
+static void
+add_history(char *p)
+{
+}
+
+#endif
+
+int
+sl_command(SL_cmd *cmds, int argc, char **argv)
+{
+    SL_cmd *c;
+    c = sl_match (cmds, argv[0], 0);
+    if (c == NULL)
+	return -1;
+    return (*c->func)(argc, argv);
+}
+
+struct sl_data {
+    int max_count;
+    char **ptr;
+};
+
+int
+sl_make_argv(char *line, int *ret_argc, char ***ret_argv)
+{
+    char *foo = NULL;
+    char *p;
+    int argc, nargv;
+    char **argv;
+    
+    nargv = 10;
+    argv = malloc(nargv * sizeof(*argv));
+    if(argv == NULL)
+	return ENOMEM;
+    argc = 0;
+
+    for(p = strtok_r (line, " \t", &foo);
+	p;
+	p = strtok_r (NULL, " \t", &foo)) {
+	if(argc == nargv - 1) {
+	    char **tmp;
+	    nargv *= 2;
+	    tmp = realloc (argv, nargv * sizeof(*argv));
+	    if (tmp == NULL) {
+		free(argv);
+		return ENOMEM;
+	    }
+	    argv = tmp;
+	}
+	argv[argc++] = p;
+    }
+    argv[argc] = NULL;
+    *ret_argc = argc;
+    *ret_argv = argv;
+    return 0;
+}
+
+/* return values: 0 on success, -1 on fatal error, or return value of command */
+int
+sl_command_loop(SL_cmd *cmds, char *prompt, void **data)
+{
+    int ret = 0;
+    char *buf;
+    int argc;
+    char **argv;
+	
+    ret = 0;
+    buf = readline(prompt);
+    if(buf == NULL)
+	return 1;
+
+    if(*buf)
+	add_history(buf);
+    ret = sl_make_argv(buf, &argc, &argv);
+    if(ret) {
+	fprintf(stderr, "sl_loop: out of memory\n");
+	free(buf);
+	return -1;
+    }
+    if (argc >= 1) {
+	ret = sl_command(cmds, argc, argv);
+	if(ret == -1) {
+	    printf ("Unrecognized command: %s\n", argv[0]);
+	    ret = 0;
+	}
+    }
+    free(buf);
+    free(argv);
+    return ret;
+}
+
+int 
+sl_loop(SL_cmd *cmds, char *prompt)
+{
+    void *data = NULL;
+    int ret;
+    while((ret = sl_command_loop(cmds, prompt, &data)) == 0)
+	;
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/sl/sl.h b/crypto/kerberosIV/lib/sl/sl.h
new file mode 100644
index 0000000..1a6d3fa
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/sl.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: sl.h,v 1.7 1999/12/02 16:58:55 joda Exp $ */
+
+#ifndef _SL_H
+#define _SL_H
+
+typedef int (*cmd_func)(int, char **);
+
+struct sl_cmd {
+  char *name;
+  cmd_func func;
+  char *usage;
+  char *help;
+};
+
+typedef struct sl_cmd SL_cmd;
+
+void sl_help (SL_cmd *, int argc, char **argv);
+int  sl_loop (SL_cmd *, char *prompt);
+int  sl_command_loop (SL_cmd *cmds, char *prompt, void **data);
+int  sl_command (SL_cmd *cmds, int argc, char **argv);
+int sl_make_argv(char*, int*, char***);
+
+
+#endif /* _SL_H */
diff --git a/crypto/kerberosIV/lib/sl/sl_locl.h b/crypto/kerberosIV/lib/sl/sl_locl.h
new file mode 100644
index 0000000..4bd9660
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/sl_locl.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: sl_locl.h,v 1.6 1999/12/02 16:58:55 joda Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+
+#include <roken.h>
+
+#include <sl.h>
diff --git a/crypto/kerberosIV/lib/sl/ss.c b/crypto/kerberosIV/lib/sl/ss.c
new file mode 100644
index 0000000..f3c0546
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/ss.c
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "sl_locl.h"
+#include <com_err.h>
+#include "ss.h"
+
+RCSID("$Id: ss.c,v 1.4 1999/12/02 16:58:55 joda Exp $");
+
+struct ss_subst {
+    char *name;
+    char *version;
+    char *info;
+    ss_request_table *table;
+};
+
+static struct ss_subst subsystems[2];
+static int num_subsystems;
+
+int
+ss_create_invocation(const char *subsystem, 
+		     const char *version, 
+		     const char *info, 
+		     ss_request_table *table, 
+		     int *code)
+{
+    struct ss_subst *ss;
+    if(num_subsystems >= sizeof(subsystems) / sizeof(subsystems[0])) {
+	*code = 17;
+	return 0;
+    }
+    ss = &subsystems[num_subsystems];
+    ss->name = subsystem ? strdup(subsystem) : NULL;
+    ss->version = version ? strdup(version) : NULL;
+    ss->info = info ? strdup(info) : NULL;
+    ss->table = table;
+    *code = 0;
+    return num_subsystems++;
+}
+
+void
+ss_error (int index, long code, const char *fmt, ...)
+{
+    va_list ap;
+    va_start(ap, fmt);
+    com_err_va (subsystems[index].name, code, fmt, ap);
+    va_end(ap);
+}
+
+void
+ss_perror (int index, long code, const char *msg)
+{
+    ss_error(index, code, "%s", msg);
+}
+
+int
+ss_execute_command(int index, char **argv)
+{
+    int argc = 0;
+    while(argv[argc++]);
+    sl_command(subsystems[index].table, argc, argv);
+    return 0;
+}
+
+int
+ss_execute_line (int index, const char *line)
+{
+    char *buf = strdup(line);
+    int argc;
+    char **argv;
+    
+    sl_make_argv(buf, &argc, &argv);
+    sl_command(subsystems[index].table, argc, argv);
+    free(buf);
+    return 0;
+}
+
+int
+ss_listen (int index)
+{
+    char *prompt = malloc(strlen(subsystems[index].name) + 3);
+    if(prompt == NULL) {
+	abort();
+    }
+    strcpy(prompt, subsystems[index].name);
+    strcat(prompt, ": ");
+    sl_loop(subsystems[index].table, prompt);
+    free(prompt);
+    return 0;
+}
+
+int
+ss_list_requests(int argc, char **argv /* , int index, void *info */)
+{
+    sl_help(subsystems[0 /* index */].table, argc, argv);
+    return 0;
+}
+
+int
+ss_quit(int argc, char **argv)
+{
+    return 1;
+}
diff --git a/crypto/kerberosIV/lib/sl/ss.h b/crypto/kerberosIV/lib/sl/ss.h
new file mode 100644
index 0000000..0d9d297
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/ss.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+/* $Id: ss.h,v 1.2 1999/12/02 16:58:55 joda Exp $ */
+
+/* SS compatibility for SL */
+
+#ifndef __ss_h__
+#define __ss_h__
+
+#include <sl.h>
+
+typedef SL_cmd ss_request_table;
+
+int ss_create_invocation (const char *, const char *, const char*, 
+			  ss_request_table*, int*);
+
+void ss_error (int, long, const char*, ...);
+int ss_execute_command (int, char**);
+int ss_execute_line (int, const char*);
+int ss_list_requests (int argc, char**);
+int ss_listen (int);
+void ss_perror (int, long, const char*);
+int ss_quit (int argc, char**);
+
+#endif /* __ss_h__ */
diff --git a/crypto/kerberosIV/man/Makefile b/crypto/kerberosIV/man/Makefile
new file mode 100644
index 0000000..6e6442a
--- /dev/null
+++ b/crypto/kerberosIV/man/Makefile
@@ -0,0 +1,11 @@
+#
+# *** THIS FILE IS NORMALLY OVERWRITTEN BY CONFIGURE ***
+#
+#
+# $Id: Makefile,v 1.3 1997/09/09 15:06:35 bg Exp $
+
+all:
+	$(MAKE) -f Makefile.in cat
+
+clean:
+	rm -f *.cat[1358] *~
diff --git a/crypto/kerberosIV/man/Makefile.in b/crypto/kerberosIV/man/Makefile.in
new file mode 100644
index 0000000..c4941b1
--- /dev/null
+++ b/crypto/kerberosIV/man/Makefile.in
@@ -0,0 +1,153 @@
+# Makefile.in,v 1.2 1994/05/13 05:02:46 assar Exp
+
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+SHELL		= /bin/sh
+
+INSTALL		= @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS	= @top_srcdir@/mkinstalldirs
+
+prefix		= @prefix@
+mandir		= @mandir@
+transform	= @program_transform_name@
+
+disable_cat_manpages = @disable_cat_manpages@
+
+# You need a BSD44 system or groff to create the manpages
+NROFF_MAN = groff -mandoc -Tascii
+#NROFF_MAN = nroff -man
+.SUFFIXES: .1 .cat1 .3 .cat3 .5 .cat5 .8 .cat8
+.1.cat1: ; $(NROFF_MAN) $< > $@
+.3.cat3: ; $(NROFF_MAN) $< > $@
+.5.cat5: ; $(NROFF_MAN) $< > $@
+.8.cat8: ; $(NROFF_MAN) $< > $@
+
+
+MANRX = \(.*\)\.\([0-9]\)
+CATRX = \(.*\)\.cat\([0-9]\)
+CATSUFFIX=@CATSUFFIX@
+
+MAN1 = afslog.1 des.1 ftp.1 kauth.1 kdestroy.1 \
+       kerberos.1 kinit.1 klist.1 kpasswd.1 ksrvtgt.1 \
+       kx.1 login.1 movemail.1 otp.1 otpprint.1 pagsh.1 \
+       rcp.1 rlogin.1 rsh.1 rxtelnet.1 rxterm.1 su.1 \
+       telnet.1 tenletxr.1
+
+CAT1 = afslog.cat1 des.cat1 ftp.cat1 kauth.cat1 kdestroy.cat1 \
+       kerberos.cat1 kinit.cat1 klist.cat1 kpasswd.cat1 ksrvtgt.cat1 \
+       kx.cat1 login.cat1 movemail.cat1 otp.cat1 otpprint.cat1 pagsh.cat1 \
+       rcp.cat1 rlogin.cat1 rsh.cat1 rxtelnet.cat1 rxterm.cat1 su.cat1 \
+       telnet.cat1 tenletxr.cat1
+
+MAN3 = acl_check.3 des_crypt.3 kafs.3 \
+       kerberos.3 krb_realmofhost.3 krb_sendauth.3 \
+       krb_set_tkt_string.3 kuserok.3 tf_util.3 \
+       ../lib/editline/editline.3
+
+# getusershell.3 
+
+CAT3 = acl_check.cat3 des_crypt.cat3 kafs.cat3 \
+       kerberos.cat3 krb_realmofhost.cat3 krb_sendauth.cat3 \
+       krb_set_tkt_string.cat3 kuserok.cat3 tf_util.cat3 \
+       ../lib/editline/editline.cat3
+
+# getusershell.cat3 
+
+MAN5 = ftpusers.5 krb.conf.5 krb.equiv.5 krb.extra.5 \
+       krb.realms.5 login.access.5
+
+CAT5 = ftpusers.cat5 krb.conf.cat5 krb.equiv.cat5 \
+       krb.realms.cat5 login.access.cat5
+
+MAN8 = ext_srvtab.8 ftpd.8 kadmin.8 kadmind.8 kauthd.8 \
+       kdb_destroy.8 kdb_edit.8 kdb_init.8 kdb_util.8 \
+       kerberos.8 kprop.8 kpropd.8 ksrvutil.8 kstash.8 \
+       kxd.8 popper.8 rlogind.8 rshd.8 telnetd.8 \
+       ../appl/push/push.8
+
+CAT8 = ext_srvtab.cat8 ftpd.cat8 kadmin.cat8 kadmind.cat8 kauthd.cat8 \
+       kdb_destroy.cat8 kdb_edit.cat8 kdb_init.cat8 kdb_util.cat8 \
+       kerberos.cat8 kprop.cat8 kpropd.cat8 ksrvutil.cat8 kstash.cat8 \
+       kxd.cat8 popper.cat8 rlogind.cat8 rshd.cat8 telnetd.cat8 \
+       ../appl/push/push.cat8
+
+all: 
+
+cat: $(CAT1) $(CAT3) $(CAT5) $(CAT8)
+
+Wall:
+
+install: all
+		for x in man1 man3 man5 man8; do \
+			$(MKINSTALLDIRS) $(DESTDIR)$(mandir)/$$x; done
+		if test "$(disable_cat_manpages)" != "yes"; then \
+		for x in cat1 cat3 cat5 cat8; do \
+			$(MKINSTALLDIRS) $(DESTDIR)$(mandir)/$$x; done \
+		fi
+		@(cd $(srcdir); \
+			for x in $(MAN1) $(MAN8); do \
+				f=`basename $$x`; \
+				b=`echo $$f | sed 's!$(MANRX)!\1!'`; \
+				s=`echo $$x | sed 's!$(MANRX)!\2!'` ; \
+				m=`echo $$b | sed '$(transform)'`.$$s; \
+				echo "$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/man$$s/$$m";\
+				$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/man$$s/$$m; done ;\
+			for x in $(MAN3) $(MAN5); do \
+				f=`basename $$x`; \
+				s=`echo $$f | sed 's!$(MANRX)!\2!'` ; \
+				echo "$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/man$$s/$$f";\
+				$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/man$$s/$$f; done ;\
+			if test "$(disable_cat_manpages)" != "yes"; then \
+			for x in $(CAT1) $(CAT8); do \
+				if test -f $$x; then \
+				f=`basename $$x`; \
+				b=`echo $$f | sed 's!$(CATRX)!\1!'`; \
+				s=`echo $$x | sed 's!$(CATRX)!\2!'`; \
+				m=`echo $$b | sed '$(transform)'`; \
+				echo "$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/cat$$s/$$m.$(CATSUFFIX)";\
+			$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/cat$$s/$$m.$(CATSUFFIX);\
+			 fi; done ;\
+			for x in $(CAT3) $(CAT5); do \
+				if test -f $$x; then \
+				f=`basename $$x`; \
+				s=`echo $$f |  sed 's!$(CATRX)!\2!'`; \
+				b=`echo $$f |  sed 's!$(CATRX)!\1!'`; \
+			echo "$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/cat$$s/$$b.$(CATSUFFIX)";\
+			$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/cat$$s/$$b.$(CATSUFFIX);\
+			 fi; done; fi )
+
+uninstall:
+		for x in $(MAN1) $(MAN8); do \
+			f=`basename $$x`; \
+			b=`echo $$f | sed 's!$(MANRX)!\1!'`; \
+			s=`echo $$x | sed 's!$(MANRX)!\2!'` ; \
+			m=`echo $$b | sed '$(transform)'`.$$s; \
+			rm -f $(DESTDIR)$(mandir)/man$$s/$$m; done
+		for x in $(MAN3) $(MAN5); do \
+			f=`basename $$x`; \
+			s=`echo $$f | sed 's!$(MANRX)!\2!'` ; \
+			rm -f $(DESTDIR)$(mandir)/man$$s/$$f; done
+		for x in $(CAT1) $(CAT8); do \
+			f=`basename $$x`; \
+			b=`echo $$f | sed 's!$(CATRX)!\1!'`; \
+			s=`echo $$x | sed 's!$(CATRX)!\2!'`; \
+			m=`echo $$b | sed '$(transform)'`; \
+			rm -f $(DESTDIR)$(mandir)/cat$$s/$$m.$(CATSUFFIX); done
+		for x in $(CAT3) $(CAT5); do \
+			f=`basename $$x`; \
+			s=`echo $$f | sed 's!$(CATRX)!\2!'`; \
+			b=`echo $$x | sed 's!$(CATRX)!\1!'`; \
+			rm -f $(DESTDIR)$(mandir)/cat$$s/$$b.$(CATSUFFIX); done
+
+clean:
+
+mostlyclean:	clean
+
+distclean:
+	rm -f Makefile *~
+
+realclean:	distclean
+
+.PHONY: all cat Wall install uninstall clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/man/acl_check.3 b/crypto/kerberosIV/man/acl_check.3
new file mode 100644
index 0000000..53bb7c8
--- /dev/null
+++ b/crypto/kerberosIV/man/acl_check.3
@@ -0,0 +1,182 @@
+.\" $Id: acl_check.3,v 1.2 1996/06/12 21:29:08 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH ACL_CHECK 3 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+acl_canonicalize_principal, acl_check, acl_exact_match, acl_add,
+acl_delete, acl_initialize \- Access control list routines
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+cc <files> \-lacl \-lkrb
+.PP
+.ft B
+#include <krb.h>
+.PP
+.ft B
+acl_canonicalize_principal(principal, buf)
+char *principal;
+char *buf;
+.PP
+.ft B
+acl_check(acl, principal)
+char *acl;
+char *principal;
+.PP
+.ft B
+acl_exact_match(acl, principal)
+char *acl;
+char *principal;
+.PP
+.ft B
+acl_add(acl, principal)
+char *acl;
+char *principal;
+.PP
+.ft B
+acl_delete(acl, principal)
+char *acl;
+char *principal;
+.PP
+.ft B
+acl_initialize(acl_file, mode)
+char *acl_file;
+int mode;
+.fi
+.ft R
+.SH DESCRIPTION
+.SS Introduction
+.PP
+An access control list (ACL) is a list of principals, where each
+principal is represented by a text string which cannot contain
+whitespace.  The library allows application programs to refer to named
+access control lists to test membership and to atomically add and
+delete principals using a natural and intuitive interface.  At
+present, the names of access control lists are required to be Unix
+filenames, and refer to human-readable Unix files; in the future, when
+a networked ACL server is implemented, the names may refer to a
+different namespace specific to the ACL service.
+.PP
+.SS Principal Names
+.PP
+Principal names have the form
+.nf
+.in +5n
+<name>[.<instance>][@<realm>]
+.in -5n
+e.g.:
+.in +5n
+asp
+asp.root
+asp@ATHENA.MIT.EDU
+asp.@ATHENA.MIT.EDU
+asp.root@ATHENA.MIT.EDU
+.in -5n
+.fi
+It is possible for principals to be underspecified.  If an instance is
+missing, it is assumed to be "".  If realm is missing, it is assumed
+to be the local realm as determined by
+.IR krb_get_lrealm (3).
+The canonical form contains all of name, instance,
+and realm; the acl_add and acl_delete routines will always
+leave the file in that form.  Note that the canonical form of
+asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU.
+.SS Routines
+.PP
+.I acl_canonicalize_principal
+stores the canonical form of 
+.I principal
+in 
+.IR buf .
+.I Buf
+must contain enough
+space to store a principal, given the limits on the sizes of name,
+instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ,
+respectively, in
+.IR /usr/include/krb.h .
+.PP
+.I acl_check
+returns nonzero if
+.I principal
+appears in 
+.IR acl .
+Returns 0 if principal
+does not appear in acl, or if an error occurs.  Canonicalizes
+principal before checking, and allows the ACL to contain wildcards.  The
+only supported wildcards are entries of the form
+name.*@realm, *.*@realm, and *.*@*.  An asterisk matches any value for the
+its component field.  For example, "jtkohl.*@*" would match principal
+jtkohl, with any instance and any realm.
+.PP
+.I acl_exact_match
+performs like 
+.IR acl_check ,
+but does no canonicalization or wildcard matching.
+.PP
+.I acl_add
+atomically adds 
+.I principal
+to 
+.IR acl .
+Returns 0 if successful, nonzero otherwise.  It is considered a failure
+if
+.I principal
+is already in 
+.IR acl .
+This routine will canonicalize
+.IR principal ,
+but will treat wildcards literally.
+.PP
+.I acl_delete
+atomically deletes 
+.I principal
+from 
+.IR acl .
+Returns 0 if successful,
+nonzero otherwise.  It is considered a failure if 
+.I principal
+is not
+already in 
+.IR acl .
+This routine will canonicalize 
+.IR principal ,
+but will treat wildcards literally.
+.PP
+.I acl_initialize
+initializes
+.IR acl_file .
+If the file 
+.I acl_file
+does not exist,
+.I acl_initialize
+creates it with mode
+.IR mode .
+If the file
+.I acl_file
+exists,
+.I acl_initialize
+removes all members.  Returns 0 if successful,
+nonzero otherwise.  WARNING: Mode argument is likely to change with
+the eventual introduction of an ACL service.  
+.SH NOTES
+In the presence of concurrency, there is a very small chance that
+.I acl_add
+or
+.I acl_delete
+could report success even though it would have
+had no effect.  This is a necessary side effect of using lock files
+for concurrency control rather than flock(2), which is not supported
+by NFS.
+.PP
+The current implementation caches ACLs in memory in a hash-table
+format for increased efficiency in checking membership; one effect of
+the caching scheme is that one file descriptor will be kept open for
+each ACL cached, up to a maximum of 8.
+.SH SEE ALSO
+kerberos(3), krb_get_lrealm(3)
+.SH AUTHOR
+James Aspnes (MIT Project Athena)
diff --git a/crypto/kerberosIV/man/afslog.1 b/crypto/kerberosIV/man/afslog.1
new file mode 100644
index 0000000..625f831
--- /dev/null
+++ b/crypto/kerberosIV/man/afslog.1
@@ -0,0 +1,72 @@
+.\" $Id: afslog.1,v 1.3 1998/06/30 15:28:48 assar Exp $
+.\"
+.Dd April 27, 1996
+.Dt AFSLOG 1
+.Os KTH-KRB
+.Sh NAME
+.Nm afslog
+.Nd
+obtains AFS tokens for specified cells
+.Sh SYNOPSIS
+.Nm
+.Op Fl d
+.Op Fl c Ar cell
+.Op Fl k Ar realm
+.Op Fl p Pa path
+.Op Fl unlog
+.Op Fl createuser
+.Op Ar args
+.Sh DESCRIPTION
+The
+.Nm
+command obtains AFS tokens, 
+.Ar args
+are either a name of a cell or a pathnames of a file in the cell to
+get tokens for. If an argument is 
+.Li .
+or 
+.Li ..
+or contains a slash it is assumed to be a pathname. Otherwise it is
+assumed to be a name of a cell or a prefix thereof.
+.Pp
+The
+.Fl c
+and
+.Fl p
+flags can be used to resolve ambiguities.
+.Pp
+.Nm
+might fail to guess the Kerberos realm to get tickets for (for
+instance if the volume location servers of the cell does not reside in
+the kerberos realm that holds the AFS service key, and the correct
+realm isn't the same as the cell name or the local realm (I didn't say
+this was a common problem)). Anyway, the
+.Fl k
+can be used to give a hint. It should not be used unless there is a
+problem, since all tickets will be taken from the specified realm and
+this is not (usually) what you want.
+.Pp
+.Fl createuser
+means that
+.Nm
+should try to run
+.Nm pts
+to create a remote user principal in another cell.
+.Fl d
+can be used for debugging.
+.Pp
+If the
+.Fl unlog
+flag is given any tokens are removed and all other arguments are ignored.
+.Sh SEE ALSO
+.Xr kauth 1 ,
+.Xr kafs 3
+.Sh BUGS
+It should be able to handle the MIT Athena
+.Nm aklog
+flags
+.Fl hosts , 
+.Fl zsubs , 
+and
+.Fl noprdb ,
+but does not.
diff --git a/crypto/kerberosIV/man/ext_srvtab.8 b/crypto/kerberosIV/man/ext_srvtab.8
new file mode 100644
index 0000000..4f2c120
--- /dev/null
+++ b/crypto/kerberosIV/man/ext_srvtab.8
@@ -0,0 +1,62 @@
+.\" $Id: ext_srvtab.8,v 1.3 1997/04/02 21:09:51 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH EXT_SRVTAB 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+ext_srvtab \- extract service key files from Kerberos key distribution center database
+.SH SYNOPSIS
+ext_srvtab [
+.B \-n
+] [
+.B \-r realm
+] [
+.B hostname ...
+]
+.SH DESCRIPTION
+.I ext_srvtab
+extracts service key files from the Kerberos key distribution center
+(KDC) database.
+.PP
+Upon execution, it prompts the user to enter the master key string for
+the database.  If the
+.B \-n
+option is specified, the master key is instead fetched from the master
+key cache file.
+.PP
+For each
+.I hostname
+specified on the command line, 
+.I ext_srvtab
+creates the service key file
+.IR hostname -new-srvtab,
+containing all the entries in the database with an instance field of
+.I hostname.
+This new file contains all the keys registered for Kerberos-mediated
+service providing programs which use the 
+.IR krb_get_phost (3)
+principal and instance conventions to run on the host
+.IR hostname .
+If the
+.B \-r
+option is specified, the realm fields in the extracted file will
+match the given realm rather than the local realm.
+.SH DIAGNOSTICS
+.TP 20n
+"verify_master_key: Invalid master key, does not match database."
+The master key string entered was incorrect.
+.SH FILES
+.TP 20n
+.IR hostname -new-srvtab
+Service key file generated for
+.I hostname
+.TP
+/var/kerberos/principal.pag, /var/kerberos/principal.dir
+DBM files containing database
+.TP
+/.k
+Master key cache file.
+.SH SEE ALSO
+read_service_key(3), krb_get_phost(3)
diff --git a/crypto/kerberosIV/man/ftp.1 b/crypto/kerberosIV/man/ftp.1
new file mode 100644
index 0000000..e5c21f0
--- /dev/null
+++ b/crypto/kerberosIV/man/ftp.1
@@ -0,0 +1,1193 @@
+.\" 	$NetBSD: ftp.1,v 1.11 1995/09/08 01:06:24 tls Exp $
+.\"
+.\" Copyright (c) 1985, 1989, 1990, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)ftp.1	8.3 (Berkeley) 10/9/94
+.\"
+.Dd April 27, 1996
+.Dt FTP 1
+.Os BSD 4.2
+.Sh NAME
+.Nm ftp
+.Nd
+.Tn ARPANET
+file transfer program
+.Sh SYNOPSIS
+.Nm ftp
+.Op Fl t
+.Op Fl v
+.Op Fl d
+.Op Fl i
+.Op Fl n
+.Op Fl g
+.Op Fl p
+.Op Ar host
+.Sh DESCRIPTION
+.Nm Ftp
+is the user interface to the
+.Tn ARPANET
+standard File Transfer Protocol.
+The program allows a user to transfer files to and from a
+remote network site.
+.Pp
+Modifications has been made so that it almost follows the ftpsec
+Internet draft.
+.Pp
+Options may be specified at the command line, or to the
+command interpreter.
+.Bl -tag -width flag
+.It Fl t
+Enables packet tracing.
+.It Fl v
+Verbose option forces
+.Nm ftp
+to show all responses from the remote server, as well
+as report on data transfer statistics.
+.It Fl n
+Restrains
+.Nm ftp
+from attempting \*(Lqauto-login\*(Rq upon initial connection.
+If auto-login is enabled,
+.Nm ftp
+will check the
+.Pa .netrc
+(see below) file in the user's home directory for an entry describing
+an account on the remote machine.
+If no entry exists,
+.Nm ftp
+will prompt for the remote machine login name (default is the user
+identity on the local machine), and, if necessary, prompt for a password
+and an account with which to login.
+.It Fl i
+Turns off interactive prompting during
+multiple file transfers.
+.It Fl p
+Turn on passive mode.
+.It Fl d
+Enables debugging.
+.It Fl g
+Disables file name globbing.
+.El
+.Pp
+The client host with which
+.Nm ftp
+is to communicate may be specified on the command line.
+If this is done,
+.Nm ftp
+will immediately attempt to establish a connection to an
+.Tn FTP
+server on that host; otherwise,
+.Nm ftp
+will enter its command interpreter and await instructions
+from the user.
+When
+.Nm ftp
+is awaiting commands from the user the prompt
+.Ql ftp>
+is provided to the user.
+The following commands are recognized
+by
+.Nm ftp  :
+.Bl -tag -width Fl
+.It Ic \&! Op Ar command Op Ar args
+Invoke an interactive shell on the local machine.
+If there are arguments, the first is taken to be a command to execute
+directly, with the rest of the arguments as its arguments.
+.It Ic \&$ Ar macro-name Op Ar args
+Execute the macro
+.Ar macro-name
+that was defined with the
+.Ic macdef
+command.
+Arguments are passed to the macro unglobbed.
+.It Ic account Op Ar passwd
+Supply a supplemental password required by a remote system for access
+to resources once a login has been successfully completed.
+If no argument is included, the user will be prompted for an account
+password in a non-echoing input mode.
+.It Ic append Ar local-file Op Ar remote-file
+Append a local file to a file on the remote machine.
+If
+.Ar remote-file
+is left unspecified, the local file name is used in naming the
+remote file after being altered by any
+.Ic ntrans
+or
+.Ic nmap
+setting.
+File transfer uses the current settings for
+.Ic type  ,
+.Ic format ,
+.Ic mode  ,
+and
+.Ic structure .
+.It Ic ascii
+Set the file transfer
+.Ic type
+to network
+.Tn ASCII .
+This is the default type.
+.It Ic bell
+Arrange that a bell be sounded after each file transfer
+command is completed.
+.It Ic binary
+Set the file transfer
+.Ic type
+to support binary image transfer.
+.It Ic bye
+Terminate the
+.Tn FTP
+session with the remote server
+and exit
+.Nm ftp  .
+An end of file will also terminate the session and exit.
+.It Ic case
+Toggle remote computer file name case mapping during
+.Ic mget
+commands.
+When
+.Ic case
+is on (default is off), remote computer file names with all letters in
+upper case are written in the local directory with the letters mapped
+to lower case.
+.It Ic \&cd Ar remote-directory
+Change the working directory on the remote machine
+to
+.Ar remote-directory  .
+.It Ic cdup
+Change the remote machine working directory to the parent of the
+current remote machine working directory.
+.It Ic chmod Ar mode file-name
+Change the permission modes of the file
+.Ar file-name
+on the remote
+sytem to
+.Ar mode  .
+.It Ic close
+Terminate the
+.Tn FTP
+session with the remote server, and
+return to the command interpreter.
+Any defined macros are erased.
+.It Ic \&cr
+Toggle carriage return stripping during
+ascii type file retrieval.
+Records are denoted by a carriage return/linefeed sequence
+during ascii type file transfer.
+When
+.Ic \&cr
+is on (the default), carriage returns are stripped from this
+sequence to conform with the
+.Ux
+single linefeed record
+delimiter.
+Records on
+.Pf non\- Ns Ux
+remote systems may contain single linefeeds;
+when an ascii type transfer is made, these linefeeds may be
+distinguished from a record delimiter only when
+.Ic \&cr
+is off.
+.It Ic delete Ar remote-file
+Delete the file
+.Ar remote-file
+on the remote machine.
+.It Ic debug Op Ar debug-value
+Toggle debugging mode.
+If an optional
+.Ar debug-value
+is specified it is used to set the debugging level.
+When debugging is on,
+.Nm ftp
+prints each command sent to the remote machine, preceded
+by the string
+.Ql \-\->
+.It Xo
+.Ic dir
+.Op Ar remote-directory
+.Op Ar local-file
+.Xc
+Print a listing of the directory contents in the
+directory,
+.Ar remote-directory  ,
+and, optionally, placing the output in
+.Ar local-file  .
+If interactive prompting is on,
+.Nm ftp
+will prompt the user to verify that the last argument is indeed the
+target local file for receiving
+.Ic dir
+output.
+If no directory is specified, the current working
+directory on the remote machine is used.
+If no local
+file is specified, or
+.Ar local-file
+is
+.Fl  ,
+output comes to the terminal.
+.It Ic disconnect
+A synonym for
+.Ar close  .
+.It Ic form Ar format
+Set the file transfer
+.Ic form
+to
+.Ar format  .
+The default format is \*(Lqfile\*(Rq.
+.It Ic get Ar remote-file Op Ar local-file
+Retrieve the
+.Ar remote-file
+and store it on the local machine.
+If the local
+file name is not specified, it is given the same
+name it has on the remote machine, subject to
+alteration by the current
+.Ic case  ,
+.Ic ntrans ,
+and
+.Ic nmap
+settings.
+The current settings for
+.Ic type  ,
+.Ic form ,
+.Ic mode  ,
+and
+.Ic structure
+are used while transferring the file.
+.It Ic glob
+Toggle filename expansion for
+.Ic mdelete  ,
+.Ic mget
+and
+.Ic mput  .
+If globbing is turned off with
+.Ic glob  ,
+the file name arguments
+are taken literally and not expanded.
+Globbing for
+.Ic mput
+is done as in
+.Xr csh 1 .
+For
+.Ic mdelete
+and
+.Ic mget  ,
+each remote file name is expanded
+separately on the remote machine and the lists are not merged.
+Expansion of a directory name is likely to be
+different from expansion of the name of an ordinary file:
+the exact result depends on the foreign operating system and ftp server,
+and can be previewed by doing
+.Ql mls remote-files \- .
+As a security measure, remotely globbed files that starts with
+.Sq /
+or contains
+.Sq ../ ,
+will not be automatically received. If you have interactive prompting
+turned off, these filenames will be ignored.  Note:
+.Ic mget
+and
+.Ic mput
+are not meant to transfer
+entire directory subtrees of files.
+That can be done by
+transferring a
+.Xr tar 1
+archive of the subtree (in binary mode).
+.It Ic hash
+Toggle hash-sign (``#'') printing for each data block
+transferred.
+The size of a data block is 1024 bytes.
+.It Ic help Op Ar command
+Print an informative message about the meaning of
+.Ar command  .
+If no argument is given,
+.Nm ftp
+prints a list of the known commands.
+.It Ic idle Op Ar seconds
+Set the inactivity timer on the remote server to
+.Ar seconds
+seconds.
+If
+.Ar seconds
+is omitted, the current inactivity timer is printed.
+.It Ic lcd Op Ar directory
+Change the working directory on the local machine.
+If
+no
+.Ar directory
+is specified, the user's home directory is used.
+.It Xo
+.Ic \&ls
+.Op Ar remote-directory
+.Op Ar local-file
+.Xc
+Print a listing of the contents of a
+directory on the remote machine.
+The listing includes any system-dependent information that the server
+chooses to include; for example, most
+.Ux
+systems will produce
+output from the command
+.Ql ls \-l .
+(See also
+.Ic nlist . )
+If
+.Ar remote-directory
+is left unspecified, the current working directory is used.
+If interactive prompting is on,
+.Nm ftp
+will prompt the user to verify that the last argument is indeed the
+target local file for receiving
+.Ic \&ls
+output.
+If no local file is specified, or if
+.Ar local-file
+is
+.Sq Fl ,
+the output is sent to the terminal.
+.It Ic macdef Ar macro-name
+Define a macro.
+Subsequent lines are stored as the macro
+.Ar macro-name  ;
+a null line (consecutive newline characters
+in a file or
+carriage returns from the terminal) terminates macro input mode.
+There is a limit of 16 macros and 4096 total characters in all
+defined macros.
+Macros remain defined until a
+.Ic close
+command is executed.
+The macro processor interprets `$' and `\e' as special characters.
+A `$' followed by a number (or numbers) is replaced by the
+corresponding argument on the macro invocation command line.
+A `$' followed by an `i' signals that macro processor that the
+executing macro is to be looped.
+On the first pass `$i' is
+replaced by the first argument on the macro invocation command line,
+on the second pass it is replaced by the second argument, and so on.
+A `\e' followed by any character is replaced by that character.
+Use the `\e' to prevent special treatment of the `$'.
+.It Ic mdelete Op Ar remote-files
+Delete the
+.Ar remote-files
+on the remote machine.
+.It Ic mdir Ar remote-files local-file
+Like
+.Ic dir  ,
+except multiple remote files may be specified.
+If interactive prompting is on,
+.Nm ftp
+will prompt the user to verify that the last argument is indeed the
+target local file for receiving
+.Ic mdir
+output.
+.It Ic mget Ar remote-files
+Expand the
+.Ar remote-files
+on the remote machine
+and do a
+.Ic get
+for each file name thus produced.
+See
+.Ic glob
+for details on the filename expansion.
+Resulting file names will then be processed according to
+.Ic case  ,
+.Ic ntrans ,
+and
+.Ic nmap
+settings.
+Files are transferred into the local working directory,
+which can be changed with
+.Ql lcd directory ;
+new local directories can be created with
+.Ql "\&! mkdir directory" .
+.It Ic mkdir Ar directory-name
+Make a directory on the remote machine.
+.It Ic mls Ar remote-files local-file
+Like
+.Ic nlist  ,
+except multiple remote files may be specified,
+and the
+.Ar local-file
+must be specified.
+If interactive prompting is on,
+.Nm ftp
+will prompt the user to verify that the last argument is indeed the
+target local file for receiving
+.Ic mls
+output.
+.It Ic mode Op Ar mode-name
+Set the file transfer
+.Ic mode
+to
+.Ar mode-name  .
+The default mode is \*(Lqstream\*(Rq mode.
+.It Ic modtime Ar file-name
+Show the last modification time of the file on the remote machine.
+.It Ic mput Ar local-files
+Expand wild cards in the list of local files given as arguments
+and do a
+.Ic put
+for each file in the resulting list.
+See
+.Ic glob
+for details of filename expansion.
+Resulting file names will then be processed according to
+.Ic ntrans
+and
+.Ic nmap
+settings.
+.It Ic newer Ar file-name
+Get the file only if the modification time of the remote file is more
+recent that the file on the current system.
+If the file does not
+exist on the current system, the remote file is considered
+.Ic newer  .
+Otherwise, this command is identical to
+.Ar get  .
+.It Xo
+.Ic nlist
+.Op Ar remote-directory
+.Op Ar local-file
+.Xc
+Print a  list of the files in a
+directory on the remote machine.
+If
+.Ar remote-directory
+is left unspecified, the current working directory is used.
+If interactive prompting is on,
+.Nm ftp
+will prompt the user to verify that the last argument is indeed the
+target local file for receiving
+.Ic nlist
+output.
+If no local file is specified, or if
+.Ar local-file
+is
+.Fl  ,
+the output is sent to the terminal.
+.It Ic nmap Op Ar inpattern outpattern
+Set or unset the filename mapping mechanism.
+If no arguments are specified, the filename mapping mechanism is unset.
+If arguments are specified, remote filenames are mapped during
+.Ic mput
+commands and
+.Ic put
+commands issued without a specified remote target filename.
+If arguments are specified, local filenames are mapped during
+.Ic mget
+commands and
+.Ic get
+commands issued without a specified local target filename.
+This command is useful when connecting to a
+.No non\- Ns Ux
+remote computer
+with different file naming conventions or practices.
+The mapping follows the pattern set by
+.Ar inpattern
+and
+.Ar outpattern  .
+.Op Ar Inpattern
+is a template for incoming filenames (which may have already been
+processed according to the
+.Ic ntrans
+and
+.Ic case
+settings).
+Variable templating is accomplished by including the
+sequences `$1', `$2', ..., `$9' in
+.Ar inpattern  .
+Use `\\' to prevent this special treatment of the `$' character.
+All other characters are treated literally, and are used to determine the
+.Ic nmap
+.Op Ar inpattern
+variable values.
+For example, given
+.Ar inpattern
+$1.$2 and the remote file name "mydata.data", $1 would have the value
+"mydata", and $2 would have the value "data".
+The
+.Ar outpattern
+determines the resulting mapped filename.
+The sequences `$1', `$2', ...., `$9' are replaced by any value resulting
+from the
+.Ar inpattern
+template.
+The sequence `$0' is replace by the original filename.
+Additionally, the sequence
+.Ql Op Ar seq1 , Ar seq2
+is replaced by
+.Op Ar seq1
+if
+.Ar seq1
+is not a null string; otherwise it is replaced by
+.Ar seq2 .
+For example, the command
+.Pp
+.Bd -literal -offset indent -compact
+nmap $1.$2.$3 [$1,$2].[$2,file]
+.Ed
+.Pp
+would yield
+the output filename "myfile.data" for input filenames "myfile.data" and
+"myfile.data.old", "myfile.file" for the input filename "myfile", and
+"myfile.myfile" for the input filename ".myfile".
+Spaces may be included in
+.Ar outpattern  ,
+as in the example: `nmap $1 sed "s/  *$//" > $1' .
+Use the `\e' character to prevent special treatment
+of the `$','[','[', and `,' characters.
+.It Ic ntrans Op Ar inchars Op Ar outchars
+Set or unset the filename character translation mechanism.
+If no arguments are specified, the filename character
+translation mechanism is unset.
+If arguments are specified, characters in
+remote filenames are translated during
+.Ic mput
+commands and
+.Ic put
+commands issued without a specified remote target filename.
+If arguments are specified, characters in
+local filenames are translated during
+.Ic mget
+commands and
+.Ic get
+commands issued without a specified local target filename.
+This command is useful when connecting to a
+.No non\- Ns Ux
+remote computer
+with different file naming conventions or practices.
+Characters in a filename matching a character in
+.Ar inchars
+are replaced with the corresponding character in
+.Ar outchars  .
+If the character's position in
+.Ar inchars
+is longer than the length of
+.Ar outchars  ,
+the character is deleted from the file name.
+.It Ic open Ar host Op Ar port
+Establish a connection to the specified
+.Ar host
+.Tn FTP
+server.
+An optional port number may be supplied,
+in which case,
+.Nm ftp
+will attempt to contact an
+.Tn FTP
+server at that port.
+If the
+.Ic auto-login
+option is on (default),
+.Nm ftp
+will also attempt to automatically log the user in to
+the
+.Tn FTP
+server (see below).
+.It Ic passive
+Toggle passive mode.  If passive mode is turned on
+(default is off), the ftp client will
+send a
+.Dv PASV
+command for all data connections instead of the usual
+.Dv PORT
+command.  The
+.Dv PASV
+command requests that the remote server open a port for the data connection
+and return the address of that port.  The remote server listens on that
+port and the client connects to it.  When using the more traditional
+.Dv PORT
+command, the client listens on a port and sends that address to the remote
+server, who connects back to it.  Passive mode is useful when using
+.Nm ftp
+through a gateway router or host that controls the directionality of
+traffic.
+(Note that though ftp servers are required to support the
+.Dv PASV
+command by RFC 1123, some do not.)
+.It Ic prompt
+Toggle interactive prompting.
+Interactive prompting
+occurs during multiple file transfers to allow the
+user to selectively retrieve or store files.
+If prompting is turned off (default is on), any
+.Ic mget
+or
+.Ic mput
+will transfer all files, and any
+.Ic mdelete
+will delete all files.
+.It Ic proxy Ar ftp-command
+Execute an ftp command on a secondary control connection.
+This command allows simultaneous connection to two remote ftp
+servers for transferring files between the two servers.
+The first
+.Ic proxy
+command should be an
+.Ic open  ,
+to establish the secondary control connection.
+Enter the command "proxy ?" to see other ftp commands executable on the
+secondary connection.
+The following commands behave differently when prefaced by
+.Ic proxy  :
+.Ic open
+will not define new macros during the auto-login process,
+.Ic close
+will not erase existing macro definitions,
+.Ic get
+and
+.Ic mget
+transfer files from the host on the primary control connection
+to the host on the secondary control connection, and
+.Ic put  ,
+.Ic mput ,
+and
+.Ic append
+transfer files from the host on the secondary control connection
+to the host on the primary control connection.
+Third party file transfers depend upon support of the ftp protocol
+.Dv PASV
+command by the server on the secondary control connection.
+.It Ic put Ar local-file Op Ar remote-file
+Store a local file on the remote machine.
+If
+.Ar remote-file
+is left unspecified, the local file name is used
+after processing according to any
+.Ic ntrans
+or
+.Ic nmap
+settings
+in naming the remote file.
+File transfer uses the
+current settings for
+.Ic type  ,
+.Ic format ,
+.Ic mode  ,
+and
+.Ic structure  .
+.It Ic pwd
+Print the name of the current working directory on the remote
+machine.
+.It Ic quit
+A synonym for
+.Ic bye  .
+.It Ic quote Ar arg1 arg2 ...
+The arguments specified are sent, verbatim, to the remote
+.Tn FTP
+server.
+.It Ic recv Ar remote-file Op Ar local-file
+A synonym for get.
+.It Ic reget Ar remote-file Op Ar local-file
+Reget acts like get, except that if
+.Ar local-file
+exists and is
+smaller than
+.Ar remote-file  ,
+.Ar local-file
+is presumed to be
+a partially transferred copy of
+.Ar remote-file
+and the transfer
+is continued from the apparent point of failure.
+This command
+is useful when transferring very large files over networks that
+are prone to dropping connections.
+.It Ic remotehelp Op Ar command-name
+Request help from the remote
+.Tn FTP
+server.
+If a
+.Ar command-name
+is specified it is supplied to the server as well.
+.It Ic remotestatus Op Ar file-name
+With no arguments, show status of remote machine.
+If
+.Ar file-name
+is specified, show status of
+.Ar file-name
+on remote machine.
+.It Xo
+.Ic rename
+.Op Ar from
+.Op Ar to
+.Xc
+Rename the file
+.Ar from
+on the remote machine, to the file
+.Ar to  .
+.It Ic reset
+Clear reply queue.
+This command re-synchronizes command/reply sequencing with the remote
+ftp server.
+Resynchronization may be necessary following a violation of the ftp protocol
+by the remote server.
+.It Ic restart Ar marker
+Restart the immediately following
+.Ic get
+or
+.Ic put
+at the
+indicated
+.Ar marker  .
+On
+.Ux
+systems, marker is usually a byte
+offset into the file.
+.It Ic rmdir Ar directory-name
+Delete a directory on the remote machine.
+.It Ic runique
+Toggle storing of files on the local system with unique filenames.
+If a file already exists with a name equal to the target
+local filename for a
+.Ic get
+or
+.Ic mget
+command, a ".1" is appended to the name.
+If the resulting name matches another existing file,
+a ".2" is appended to the original name.
+If this process continues up to ".99", an error
+message is printed, and the transfer does not take place.
+The generated unique filename will be reported.
+Note that
+.Ic runique
+will not affect local files generated from a shell command
+(see below).
+The default value is off.
+.It Ic send Ar local-file Op Ar remote-file
+A synonym for put.
+.It Ic sendport
+Toggle the use of
+.Dv PORT
+commands.
+By default,
+.Nm ftp
+will attempt to use a
+.Dv PORT
+command when establishing
+a connection for each data transfer.
+The use of
+.Dv PORT
+commands can prevent delays
+when performing multiple file transfers.
+If the
+.Dv PORT
+command fails,
+.Nm ftp
+will use the default data port.
+When the use of
+.Dv PORT
+commands is disabled, no attempt will be made to use
+.Dv PORT
+commands for each data transfer.
+This is useful
+for certain
+.Tn FTP
+implementations which do ignore
+.Dv PORT
+commands but, incorrectly, indicate they've been accepted.
+.It Ic site Ar arg1 arg2 ...
+The arguments specified are sent, verbatim, to the remote
+.Tn FTP
+server as a
+.Dv SITE
+command.
+.It Ic size Ar file-name
+Return size of
+.Ar file-name
+on remote machine.
+.It Ic status
+Show the current status of
+.Nm ftp  .
+.It Ic struct Op Ar struct-name
+Set the file transfer
+.Ar structure
+to
+.Ar struct-name .
+By default \*(Lqstream\*(Rq structure is used.
+.It Ic sunique
+Toggle storing of files on remote machine under unique file names.
+Remote ftp server must support ftp protocol
+.Dv STOU
+command for
+successful completion.
+The remote server will report unique name.
+Default value is off.
+.It Ic system
+Show the type of operating system running on the remote machine.
+.It Ic tenex
+Set the file transfer type to that needed to
+talk to
+.Tn TENEX
+machines.
+.It Ic trace
+Toggle packet tracing.
+.It Ic type Op Ar type-name
+Set the file transfer
+.Ic type
+to
+.Ar type-name  .
+If no type is specified, the current type
+is printed.
+The default type is network
+.Tn ASCII .
+.It Ic umask Op Ar newmask
+Set the default umask on the remote server to
+.Ar newmask  .
+If
+.Ar newmask
+is omitted, the current umask is printed.
+.It Xo
+.Ic user Ar user-name
+.Op Ar password
+.Op Ar account
+.Xc
+Identify yourself to the remote
+.Tn FTP
+server.
+If the
+.Ar password
+is not specified and the server requires it,
+.Nm ftp
+will prompt the user for it (after disabling local echo).
+If an
+.Ar account
+field is not specified, and the
+.Tn FTP
+server
+requires it, the user will be prompted for it.
+If an
+.Ar account
+field is specified, an account command will
+be relayed to the remote server after the login sequence
+is completed if the remote server did not require it
+for logging in.
+Unless
+.Nm ftp
+is invoked with \*(Lqauto-login\*(Rq disabled, this
+process is done automatically on initial connection to
+the
+.Tn FTP
+server.
+.It Ic verbose
+Toggle verbose mode.
+In verbose mode, all responses from
+the
+.Tn FTP
+server are displayed to the user.
+In addition,
+if verbose is on, when a file transfer completes, statistics
+regarding the efficiency of the transfer are reported.
+By default,
+verbose is on.
+.It Ic ? Op Ar command
+A synonym for help.
+.El
+.Pp
+The following command can be used with ftpsec-aware servers.
+.Bl -tag -width Fl
+.It Xo
+.Ic prot 
+.Ar clear | 
+.Ar safe | 
+.Ar confidential | 
+.Ar private
+.Xc
+Set the data protection level to the requested level.
+.El
+.Pp
+The following command can be used with ftp servers that has
+implemented the KAUTH site command.
+.Bl -tag -width Fl
+.It Ic kauth Op Ar principal
+Obtain remote tickets.
+.El
+.Pp
+Command arguments which have embedded spaces may be quoted with
+quote `"' marks.
+.Sh ABORTING A FILE TRANSFER
+To abort a file transfer, use the terminal interrupt key
+(usually Ctrl-C).
+Sending transfers will be immediately halted.
+Receiving transfers will be halted by sending a ftp protocol
+.Dv ABOR
+command to the remote server, and discarding any further data received.
+The speed at which this is accomplished depends upon the remote
+server's support for
+.Dv ABOR
+processing.
+If the remote server does not support the
+.Dv ABOR
+command, an
+.Ql ftp>
+prompt will not appear until the remote server has completed
+sending the requested file.
+.Pp
+The terminal interrupt key sequence will be ignored when
+.Nm ftp
+has completed any local processing and is awaiting a reply
+from the remote server.
+A long delay in this mode may result from the ABOR processing described
+above, or from unexpected behavior by the remote server, including
+violations of the ftp protocol.
+If the delay results from unexpected remote server behavior, the local
+.Nm ftp
+program must be killed by hand.
+.Sh FILE NAMING CONVENTIONS
+Files specified as arguments to
+.Nm ftp
+commands are processed according to the following rules.
+.Bl -enum
+.It
+If the file name
+.Sq Fl
+is specified, the
+.Ar stdin
+(for reading) or
+.Ar stdout
+(for writing) is used.
+.It
+If the first character of the file name is
+.Sq \&| ,
+the
+remainder of the argument is interpreted as a shell command.
+.Nm Ftp
+then forks a shell, using
+.Xr popen 3
+with the argument supplied, and reads (writes) from the stdout
+(stdin).
+If the shell command includes spaces, the argument
+must be quoted; e.g.
+\*(Lq" ls -lt"\*(Rq.
+A particularly
+useful example of this mechanism is: \*(Lqdir more\*(Rq.
+.It
+Failing the above checks, if ``globbing'' is enabled,
+local file names are expanded
+according to the rules used in the
+.Xr csh  1  ;
+c.f. the
+.Ic glob
+command.
+If the
+.Nm ftp
+command expects a single local file (.e.g.
+.Ic put  ) ,
+only the first filename generated by the "globbing" operation is used.
+.It
+For
+.Ic mget
+commands and
+.Ic get
+commands with unspecified local file names, the local filename is
+the remote filename, which may be altered by a
+.Ic case  ,
+.Ic ntrans ,
+or
+.Ic nmap
+setting.
+The resulting filename may then be altered if
+.Ic runique
+is on.
+.It
+For
+.Ic mput
+commands and
+.Ic put
+commands with unspecified remote file names, the remote filename is
+the local filename, which may be altered by a
+.Ic ntrans
+or
+.Ic nmap
+setting.
+The resulting filename may then be altered by the remote server if
+.Ic sunique
+is on.
+.El
+.Sh FILE TRANSFER PARAMETERS
+The FTP specification specifies many parameters which may
+affect a file transfer.
+The
+.Ic type
+may be one of \*(Lqascii\*(Rq, \*(Lqimage\*(Rq (binary),
+\*(Lqebcdic\*(Rq, and \*(Lqlocal byte size\*(Rq (for
+.Tn PDP Ns -10's
+and
+.Tn PDP Ns -20's
+mostly).
+.Nm Ftp
+supports the ascii and image types of file transfer,
+plus local byte size 8 for
+.Ic tenex
+mode transfers.
+.Pp
+.Nm Ftp
+supports only the default values for the remaining
+file transfer parameters:
+.Ic mode  ,
+.Ic form ,
+and
+.Ic struct  .
+.Sh THE .netrc FILE
+The
+.Pa .netrc
+file contains login and initialization information
+used by the auto-login process.
+It resides in the user's home directory.
+The following tokens are recognized; they may be separated by spaces,
+tabs, or new-lines:
+.Bl -tag -width password
+.It Ic machine Ar name
+Identify a remote machine
+.Ar name .
+The auto-login process searches the
+.Pa .netrc
+file for a
+.Ic machine
+token that matches the remote machine specified on the
+.Nm ftp
+command line or as an
+.Ic open
+command argument.
+Once a match is made, the subsequent
+.Pa .netrc
+tokens are processed,
+stopping when the end of file is reached or another
+.Ic machine
+or a
+.Ic default
+token is encountered.
+.It Ic default
+This is the same as
+.Ic machine
+.Ar name
+except that
+.Ic default
+matches any name.
+There can be only one
+.Ic default
+token, and it must be after all
+.Ic machine
+tokens.
+This is normally used as:
+.Pp
+.Dl default login anonymous password user@site
+.Pp
+thereby giving the user
+.Ar automatic
+anonymous ftp login to
+machines not specified in
+.Pa .netrc .
+This can be overridden
+by using the
+.Fl n
+flag to disable auto-login.
+.It Ic login Ar name
+Identify a user on the remote machine.
+If this token is present, the auto-login process will initiate
+a login using the specified
+.Ar name .
+.It Ic password Ar string
+Supply a password.
+If this token is present, the auto-login process will supply the
+specified string if the remote server requires a password as part
+of the login process.
+Note that if this token is present in the
+.Pa .netrc
+file for any user other
+than
+.Ar anonymous  ,
+.Nm ftp
+will abort the auto-login process if the
+.Pa .netrc
+is readable by
+anyone besides the user.
+.It Ic account Ar string
+Supply an additional account password.
+If this token is present, the auto-login process will supply the
+specified string if the remote server requires an additional
+account password, or the auto-login process will initiate an
+.Dv ACCT
+command if it does not.
+.It Ic macdef Ar name
+Define a macro.
+This token functions like the
+.Nm ftp
+.Ic macdef
+command functions.
+A macro is defined with the specified name; its contents begin with the
+next
+.Pa .netrc
+line and continue until a null line (consecutive new-line
+characters) is encountered.
+If a macro named
+.Ic init
+is defined, it is automatically executed as the last step in the
+auto-login process.
+.El
+.Sh ENVIRONMENT
+.Nm Ftp
+utilizes the following environment variables.
+.Bl -tag -width Fl
+.It Ev HOME
+For default location of a
+.Pa .netrc
+file, if one exists.
+.It Ev SHELL
+For default shell.
+.El
+.Sh SEE ALSO
+.Xr ftpd 8 ,
+.%T RFC2228
+.Sh HISTORY
+The
+.Nm ftp
+command appeared in
+.Bx 4.2 .
+.Sh BUGS
+Correct execution of many commands depends upon proper behavior
+by the remote server.
+.Pp
+An error in the treatment of carriage returns
+in the
+.Bx 4.2
+ascii-mode transfer code
+has been corrected.
+This correction may result in incorrect transfers of binary files
+to and from
+.Bx 4.2
+servers using the ascii type.
+Avoid this problem by using the binary image type.
diff --git a/crypto/kerberosIV/man/ftpd.8 b/crypto/kerberosIV/man/ftpd.8
new file mode 100644
index 0000000..c51de1c
--- /dev/null
+++ b/crypto/kerberosIV/man/ftpd.8
@@ -0,0 +1,473 @@
+.\"	$NetBSD: ftpd.8,v 1.7 1995/04/11 02:44:53 cgd Exp $
+.\"
+.\" Copyright (c) 1985, 1988, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)ftpd.8	8.2 (Berkeley) 4/19/94
+.\"
+.Dd April 19, 1997
+.Dt FTPD 8
+.Os BSD 4.2
+.Sh NAME
+.Nm ftpd
+.Nd
+Internet File Transfer Protocol server
+.Sh SYNOPSIS
+.Nm ftpd
+.Op Fl a Ar authmode
+.Op Fl dilv
+.Op Fl g Ar umask
+.Op Fl p Ar port 
+.Op Fl T Ar maxtimeout
+.Op Fl t Ar timeout
+.Op Fl u Ar default umask
+.Sh DESCRIPTION
+.Nm Ftpd
+is the
+Internet File Transfer Protocol
+server process.  The server uses the
+.Tn TCP
+protocol
+and listens at the port specified in the
+.Dq ftp
+service specification; see
+.Xr services 5 .
+.Pp
+Available options:
+.Bl -tag -width Ds
+.It Fl a
+Select the level of authentication required.  Kerberised login can not
+be turned off. The default is to only allow kerberised login.  Other
+possibilities can be turned on by giving a string of comma separated
+flags as argument to
+.Fl a .
+Recognised flags are:
+.Bl -tag -width plain
+.It Ar plain
+Allow logging in with plaintext password. The password can be a(n) OTP
+or an ordinary password.
+.It Ar otp
+Same as
+.Ar plain ,
+but only OTP is allowed.
+.It Ar ftp
+Allow anonymous login.
+.El
+
+The following combination modes exists for backwards compatibility:
+.Bl -tag -width plain
+.It Ar none
+Same as
+.Ar plain,ftp .
+.It Ar safe
+Same as 
+.Ar ftp .
+.It Ar user
+Ignored.
+.El
+.It Fl d
+Debugging information is written to the syslog using LOG_FTP.
+.It Fl g
+Anonymous users will get a umask of
+.Ar umask .
+.It Fl i
+Open a socket and wait for a connection. This is mainly used for
+debugging when ftpd isn't started by inetd.
+.It Fl l
+Each successful and failed 
+.Xr ftp 1
+session is logged using syslog with a facility of LOG_FTP.
+If this option is specified twice, the retrieve (get), store (put), append,
+delete, make directory, remove directory and rename operations and
+their filename arguments are also logged.
+.It Fl p
+Use
+.Ar port
+(a service name or number) instead of the default 
+.Ar ftp/tcp .
+.It Fl T
+A client may also request a different timeout period;
+the maximum period allowed may be set to
+.Ar timeout
+seconds with the
+.Fl T
+option.
+The default limit is 2 hours.
+.It Fl t
+The inactivity timeout period is set to
+.Ar timeout
+seconds (the default is 15 minutes).
+.It Fl u
+Set the initial umask to something else than the default 027.
+.It Fl v
+Verbose mode.
+.El
+.Pp
+The file
+.Pa /etc/nologin
+can be used to disable ftp access.
+If the file exists,
+.Nm
+displays it and exits.
+If the file
+.Pa /etc/ftpwelcome
+exists,
+.Nm
+prints it before issuing the 
+.Dq ready
+message.
+If the file
+.Pa /etc/motd
+exists,
+.Nm
+prints it after a successful login.
+.Pp
+The ftp server currently supports the following ftp requests.
+The case of the requests is ignored.
+.Bl -column "Request" -offset indent
+.It Request Ta "Description"
+.It ABOR Ta "abort previous command"
+.It ACCT Ta "specify account (ignored)"
+.It ALLO Ta "allocate storage (vacuously)"
+.It APPE Ta "append to a file"
+.It CDUP Ta "change to parent of current working directory"
+.It CWD Ta "change working directory"
+.It DELE Ta "delete a file"
+.It HELP Ta "give help information"
+.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA"
+.It MKD Ta "make a directory"
+.It MDTM Ta "show last modification time of file"
+.It MODE Ta "specify data transfer" Em mode
+.It NLST Ta "give name list of files in directory"
+.It NOOP Ta "do nothing"
+.It PASS Ta "specify password"
+.It PASV Ta "prepare for server-to-server transfer"
+.It PORT Ta "specify data connection port"
+.It PWD Ta "print the current working directory"
+.It QUIT Ta "terminate session"
+.It REST Ta "restart incomplete transfer"
+.It RETR Ta "retrieve a file"
+.It RMD Ta "remove a directory"
+.It RNFR Ta "specify rename-from file name"
+.It RNTO Ta "specify rename-to file name"
+.It SITE Ta "non-standard commands (see next section)"
+.It SIZE Ta "return size of file"
+.It STAT Ta "return status of server"
+.It STOR Ta "store a file"
+.It STOU Ta "store a file with a unique name"
+.It STRU Ta "specify data transfer" Em structure
+.It SYST Ta "show operating system type of server system"
+.It TYPE Ta "specify data transfer" Em type
+.It USER Ta "specify user name"
+.It XCUP Ta "change to parent of current working directory (deprecated)"
+.It XCWD Ta "change working directory (deprecated)"
+.It XMKD Ta "make a directory (deprecated)"
+.It XPWD Ta "print the current working directory (deprecated)"
+.It XRMD Ta "remove a directory (deprecated)"
+.El
+.Pp
+The following commands are specified by RFC2228.
+.Bl -column Request -offset indent
+.It AUTH Ta "authentication/security mechanism"
+.It ADAT Ta "authentication/security data"
+.It PROT Ta "data channel protection level"
+.It PBSZ Ta "protection buffer size"
+.It MIC Ta "integrity protected command"
+.It CONF Ta "confidentiality protected command"
+.It ENC Ta "privacy protected command"
+.It CCC Ta "clear command channel"
+.El
+.Pp
+The following non-standard or
+.Tn UNIX
+specific commands are supported
+by the
+SITE request.
+.Pp
+.Bl -column Request -offset indent
+.It UMASK Ta change umask, (e.g. 
+.Ic "SITE UMASK 002" )
+.It IDLE Ta set idle-timer, (e.g. 
+.Ic "SITE IDLE 60" )
+.It CHMOD Ta change mode of a file (e.g. 
+.Ic "SITE CHMOD 755 filename" )
+.It FIND Ta quickly find a specific file with GNU 
+.Xr locate 1 .
+.It HELP Ta give help information.
+.El
+.Pp
+The following Kerberos related site commands are understood.
+.Bl -column Request -offset indent
+.It KAUTH Ta obtain remote tickets.
+.It KLIST Ta show remote tickets
+.El
+.Pp
+The remaining ftp requests specified in Internet RFC 959
+are
+recognized, but not implemented.
+MDTM and SIZE are not specified in RFC 959, but will appear in the
+next updated FTP RFC.
+.Pp
+The ftp server will abort an active file transfer only when the
+ABOR
+command is preceded by a Telnet "Interrupt Process" (IP)
+signal and a Telnet "Synch" signal in the command Telnet stream,
+as described in Internet RFC 959.
+If a
+STAT
+command is received during a data transfer, preceded by a Telnet IP
+and Synch, transfer status will be returned.
+.Pp
+.Nm Ftpd
+interprets file names according to the
+.Dq globbing
+conventions used by
+.Xr csh 1 .
+This allows users to utilize the metacharacters
+.Dq Li \&*?[]{}~ .
+.Pp
+.Nm Ftpd
+authenticates users according to these rules. 
+.Pp
+.Bl -enum -offset indent
+.It
+If Kerberos authentication is used, the user must pass valid tickets
+and the principal must be allowed to login as the remote user.
+.It
+The login name must be in the password data base, and not have a null
+password (if kerberos is used the password field is not checked).  In
+this case a password must be provided by the client before any file
+operations may be performed.  If the user has an OTP key, the response
+from a successful USER command will include an OTP challenge. The
+client may choose to respond with a PASS command giving either a
+standard password or an OTP one-time password. The server will
+automatically determine which type of password it has been given and
+attempt to authenticate accordingly. See
+.Xr otp 1
+for more information on OTP authentication.
+.It
+The login name must not appear in the file
+.Pa /etc/ftpusers .
+.It
+The user must have a standard shell returned by 
+.Xr getusershell 3 .
+.It
+If the user name appears in the file
+.Pa /etc/ftpchroot
+the session's root will be changed to the user's login directory by
+.Xr chroot 2
+as for an
+.Dq anonymous
+or
+.Dq ftp
+account (see next item).  However, the user must still supply a password.
+This feature is intended as a compromise between a fully anonymous account 
+and a fully privileged account.  The account should also be set up as for an
+anonymous account.
+.It
+If the user name is
+.Dq anonymous
+or
+.Dq ftp ,
+an
+anonymous ftp account must be present in the password
+file (user
+.Dq ftp ) .
+In this case the user is allowed
+to log in by specifying any password (by convention an email address for
+the user should be used as the password).
+.El
+.Pp
+In the last case, 
+.Nm ftpd
+takes special measures to restrict the client's access privileges.
+The server performs a 
+.Xr chroot 2
+to the home directory of the
+.Dq ftp
+user.
+In order that system security is not breached, it is recommended
+that the
+.Dq ftp
+subtree be constructed with care, consider following these guidelines
+for anonymous ftp.
+
+In general all files should be owned by
+.Dq root ,
+and have non-write permissions (644 or 755 depending on the kind of
+file). No files should be owned or writable by
+.Dq ftp
+(possibly with exception for the
+.Pa ~ftp/incoming ,
+as specified below).
+.Bl -tag -width "~ftp/pub" -offset indent
+.It Pa ~ftp
+The 
+.Dq ftp
+homedirectory should be owned by root.
+.It Pa ~ftp/bin
+The directory for external programs (such as 
+.Xr ls 1 ) .
+These programs must either be statically linked, or you must setup an
+environment for dynamic linking when running chrooted.  
+These programs will be used if present:
+.Bl -tag -width "locate" -offset indent
+.It ls
+Used when listing files.
+.It compress
+When retrieving a filename that ends in
+.Pa .Z ,
+and that file isn't present,
+.Nm
+will try to find the filename without
+.Pa .Z
+and compress it on the fly.
+.It gzip
+Same as compress, just with files ending in
+.Pa .gz .
+.It gtar
+Enables retrieval of whole directories as files ending in
+.Pa .tar .
+Can also be combined with compression. You must use GNU Tar (or some
+other that supports the
+.Fl z 
+and
+.Fl Z
+flags).
+.It locate
+Will enable ``fast find'' with the 
+.Ic SITE FIND
+command. You must also create a 
+.Pa locatedb
+file in 
+.Pa ~ftp/etc .
+.El
+.It Pa ~ftp/etc
+If you put copies of the
+.Xr passwd 5
+and 
+.Xr group 5
+files here, ls will be able to produce owner names rather than
+numbers. Remember to remove any passwords from these files.  
+
+The file
+.Pa motd ,
+if present, will be printed after a successful login.
+.It Pa ~ftp/dev 
+Put a copy of
+.Xr /dev/null 7
+here.
+.It Pa ~ftp/pub
+Traditional place to put whatever you want to make public.
+.El
+
+If you want guests to be able to upload files, create a
+.Pa ~ftp/incoming
+directory owned by 
+.Dq root ,
+and group
+.Dq ftp
+with mode 730 (make sure 
+.Dq ftp 
+is member of group
+.Dq ftp ) .
+The following restrictions apply to anonymous users:
+.Bl -bullet
+.It
+Directories created will have mode 700.
+.It
+Uploaded files will be created with an umask of 777, if not changed
+with the
+.Fl g
+option.
+.It
+These command are not accessible: 
+.Ic DELE , RMD , RNTO , RNFR , 
+.Ic SITE UMASK ,
+and
+.Ic SITE CHMOD .
+.It
+Filenames must start with an alpha-numeric character, and consist of
+alpha-numeric characters or any of the following: 
+.Li \&+  
+(plus),
+.Li \&-  
+(minus),
+.Li \&=  
+(equal),
+.Li \&_  
+(underscore),
+.Li \&.  
+(period), and
+.Li \&,  
+(comma).
+.El
+.Sh FILES
+.Bl -tag -width /etc/ftpwelcome -compact
+.It Pa /etc/ftpusers
+Access list for users.
+.It Pa /etc/ftpchroot
+List of normal users who should be chroot'd.
+.It Pa /etc/ftpwelcome
+Welcome notice.
+.It Pa /etc/motd
+Welcome notice after login.
+.It Pa /etc/nologin
+Displayed and access refused.
+.It Pa ~/.klogin
+Login access for Kerberos.
+.El
+.Sh SEE ALSO
+.Xr ftp 1 ,
+.Xr otp 1 ,
+.Xr getusershell 3 ,
+.Xr ftpusers 5 ,
+.Xr syslogd 8 ,
+.Sh STANDARDS
+.Bl -tag -compact -width "RFC 1938"
+.It Cm RFC 959
+FTP PROTOCOL SPECIFICATION
+.It Cm RFC 1938
+OTP Specification
+.It Cm RFC 2228
+FTP Security Extensions.
+.Sh BUGS
+The server must run as the super-user
+to create sockets with privileged port numbers.  It maintains
+an effective user id of the logged in user, reverting to
+the super-user only when binding addresses to sockets.  The
+possible security holes have been extensively
+scrutinized, but are possibly incomplete.
+.Sh HISTORY
+The
+.Nm
+command appeared in
+.Bx 4.2 .
diff --git a/crypto/kerberosIV/man/ftpusers.5 b/crypto/kerberosIV/man/ftpusers.5
new file mode 100644
index 0000000..dfd66f9
--- /dev/null
+++ b/crypto/kerberosIV/man/ftpusers.5
@@ -0,0 +1,38 @@
+.\"	$Id: ftpusers.5,v 1.2 1997/05/07 20:11:11 joda Exp $
+.\"
+.Dd May 7, 1997
+.Dt FTPUSERS 5
+.Os KTH-KRB
+.Sh NAME
+.Pa /etc/ftpusers
+.Nd
+FTP access list file.
+.Sh DESCRIPTION
+.Pa /etc/ftpusers
+contains a list of users that should be allowed or denied FTP
+access. Each line contains a user, optionally followed by
+.Dq allow 
+(anything but
+.Dq allow
+is ignored).  The semi-user
+.Dq *
+matches any user.  Users that has an explicit
+.Dq allow ,
+or that does not match any line, are allowed access. Anyone else is
+denied access.
+
+Note that this is compatible with the old format, where this file
+contained a list of users that should be denied access.
+.Sh EXAMPLES
+This will deny anyone but
+.Dq foo
+and
+.Dq bar
+to use FTP:
+.Bd -literal
+foo allow
+bar allow
+*
+.Ed
+.Sh SEE ALSO
+.Xr ftpd 8
diff --git a/crypto/kerberosIV/man/getusershell.3 b/crypto/kerberosIV/man/getusershell.3
new file mode 100644
index 0000000..84dc3ad
--- /dev/null
+++ b/crypto/kerberosIV/man/getusershell.3
@@ -0,0 +1,99 @@
+.\"	$NetBSD: getusershell.3,v 1.3 1995/02/27 04:13:24 cgd Exp $
+.\"
+.\" Copyright (c) 1985, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)getusershell.3	8.1 (Berkeley) 6/4/93
+.\"
+.Dd June 4, 1993
+.Dt GETUSERSHELL 3
+.Os BSD 4.3
+.Sh NAME
+.Nm getusershell ,
+.Nm setusershell ,
+.Nm endusershell
+.Nd get legal user shells
+.Sh SYNOPSIS
+.Ft char *
+.Fn getusershell void
+.Ft void
+.Fn setusershell void
+.Ft void
+.Fn endusershell void
+.Sh DESCRIPTION
+The
+.Fn getusershell
+function
+returns a pointer to a legal user shell as defined by the
+system manager in the file 
+.Pa /etc/shells .
+If 
+.Pa /etc/shells
+is unreadable or does not exist,
+.Fn getusershell
+behaves as if
+.Pa /bin/sh
+and
+.Pa /bin/csh
+were listed in the file.
+.Pp
+The
+.Fn getusershell
+function
+reads the next
+line (opening the file if necessary);
+.Fn setusershell
+rewinds the file;
+.Fn endusershell
+closes it.
+.Sh FILES
+.Bl -tag -width /etc/shells -compact
+.It Pa /etc/shells
+.El
+.Sh DIAGNOSTICS
+The routine
+.Fn getusershell
+returns a null pointer (0) on
+.Dv EOF .
+.Sh SEE ALSO
+.Xr shells 5
+.Sh HISTORY
+The
+.Fn getusershell
+function appeared in 
+.Bx 4.3 .
+.Sh BUGS
+The
+.Fn getusershell
+function leaves its result in an internal static object and returns
+a pointer to that object. Subsequent calls to
+.Fn getusershell
+will modify the same object.
diff --git a/crypto/kerberosIV/man/kadmin.8 b/crypto/kerberosIV/man/kadmin.8
new file mode 100644
index 0000000..afd9126
--- /dev/null
+++ b/crypto/kerberosIV/man/kadmin.8
@@ -0,0 +1,140 @@
+.\" $Id: kadmin.8,v 1.6 1998/12/18 16:56:29 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+
+.Dd February  3, 1998
+.Dt KADMIN 8
+.Os "KTH-KRB"
+.Sh NAME
+.Nm kadmin
+.Nd
+network utility for Kerberos database administration
+.Sh SYNOPSIS
+.Nm
+.Op Fl p Ar principal
+.Op Fl u Ar username
+.Op Fl r Ar realm
+.Op Fl m
+.Op Fl T Ar timeout
+.Op Fl t
+.Op Fl -version
+.Op Fl h
+.Op Fl -help
+.Ar [command]
+.Sh DESCRIPTION
+This utility provides a unified administration interface to the
+Kerberos master database.  Kerberos administrators use
+.Nm
+to register new users and services to the master database, and to
+change information about existing database entries, such as changing a
+user's Kerberos password. A Kerberos administrator is a user with an
+.Dq admin
+instance whose name appears on one of the Kerberos administration
+access control lists.
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Fl p Ar principal
+This is the adminstrator principal to use when talking to the Kadmin
+server. The default is taken from the users environment.
+.It Fl r Ar realm
+This is the default realm to use for transactions. Default is the
+local realm.
+.It Fl u Ar username
+This is similar to 
+.Fl p ,
+but specifies a name, that gets appended with a
+.Dq admin
+instance.
+.It Fl T Ar timeout
+To prevent someone from walking up to an unguarded terminal and doing
+malicious things, administrator tickets are destroyed after a period
+of inactivity. This flag changes the timeout from the default of one
+minute. A timeout of zero seconds disables this functionality.
+.It Fl m
+Historically
+.Nm
+destroyed tickets after every command; this flag used to stop this
+behaviour (only destroying tickets upon exit). Now it's just a synonym
+for
+.Fl T Ar 0 .
+.It Fl t
+Use existing tickets (if any are available), this also disbles
+timeout, and doesn't destroy any tickets upon exit.
+
+These tickets have to be for the changepw.kerberos service.  Use
+.Nm kinit -p
+to acquire them.
+.El
+.Pp
+The
+.Nm
+program communicates over the network with the
+.Nm kadmind
+program, which runs on the machine housing the Kerberos master
+database, and does the actual modifications to the database.
+.Pp
+When you enter the
+.Nm
+command, the program displays a message that welcomes you and explains
+how to ask for help.  Then
+.Nm
+waits for you to enter commands (which are described below).  It then
+asks you for your administrator's password before accessing the
+database.
+.Pp
+All commands can be abbreviated as long as they are unique.  Some
+short versions of the commands are also recognized for backwards
+compatibility.
+.Pp
+Recognised commands:
+.Bl -tag -width Ds
+.It add_new_key Ar principal
+Creates a new principal in the Kerberos database. You give the name of
+the new principal as an argument. You will then be asked for a maximum
+ticket lifetime, attributes, the expiration date of the principal, and
+finally the password of the principal.
+.It change_password Ar principal
+Changes a principal's password. You will be prompted for the new
+password.
+.It change_key Ar principal
+This is the same as change_password, but the password is given as a
+raw DES key (for the few occations when you need this).
+.It change_admin_password
+Changes your own admin password. It will prompt you for you old and
+new passwords.
+.It del_entry Ar principal
+Removes principal from the database.
+.It get_entry Ar principal
+Show various information for the given principal. Note that the key is
+shown as zeros.
+.It mod_entry Ar principal
+Modifies a particular entry, for instance to change the expiration
+date.  
+.It destroy_tickets
+Destroys your admin tickets explicitly.
+.It quit
+Obvious.
+.El
+.\".Sh ENVIRONMENT
+.\".Sh FILES
+.\".Sh EXAMPLES
+.\".Sh DIAGNOSTICS
+.Sh SEE ALSO
+.Xr kerberos 1 ,
+.Xr kadmind 8 ,
+.Xr kpasswd 1 ,
+.Xr kinit 1 ,
+.Xr ksrvutil 8
+.\".Sh STANDARDS
+.\".Sh HISTORY
+.Sh AUTHORS
+Jeffrey I. Schiller, MIT Project Athena
+.Pp
+Emanuel Jay Berkenbilt, MIT Project Athena
+.Sh BUGS
+The user interface is primitive, and the command names could be
+better.
diff --git a/crypto/kerberosIV/man/kadmind.8 b/crypto/kerberosIV/man/kadmind.8
new file mode 100644
index 0000000..71660fa
--- /dev/null
+++ b/crypto/kerberosIV/man/kadmind.8
@@ -0,0 +1,134 @@
+.\" $Id: kadmind.8,v 1.6 1999/09/15 15:10:08 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kadmind \- network daemon for Kerberos database administration
+.SH SYNOPSIS
+.B kadmind
+[
+.B \-n
+] [
+.B \-m
+] [
+.B \-h
+] [
+.B \-r realm
+] [
+.B \-f filename
+] [
+.B \-d dbname
+] [
+.B \-a acldir
+] [
+.B \-i address
+]
+.SH DESCRIPTION
+.I kadmind
+is the network database server for the Kerberos password-changing and
+administration tools.
+.PP
+Upon execution, it fetches the master key from the key cache file.
+.PP
+If the
+.B \-m
+option is specified, it instead prompts the user to enter the master
+key string for the database.
+.PP
+The
+.B \-n
+option is a no-op and is left for compatibility reasons.
+.PP
+If the
+.B \-r
+.I realm
+option is specified, the admin server will pretend that its
+local realm is 
+.I realm
+instead of the actual local realm of the host it is running on.
+This makes it possible to run a server for a foreign kerberos
+realm.
+.PP
+If the
+.B \-f
+.I filename
+option is specified, then that file is used to hold the log information
+instead of the default.
+.PP
+If the
+.B \-d
+.I dbname
+option is specified, then that file is used as the database name instead
+of the default.
+.PP
+If the
+.B \-a
+.I acldir
+option is specified, then
+.I acldir
+is used as the directory in which to search for access control lists
+instead of the default.
+.PP
+If the
+.B \-h
+option is specified,
+.I kadmind
+prints out a short summary of the permissible control arguments, and
+then exits.
+.PP
+If the
+.B \-i
+option is specified,
+.I kadmind
+will only listen on that particular address and not on all configured
+addresses of the host, which is the default.
+.PP
+When performing requests on behalf of clients,
+.I kadmind
+checks access control lists (ACLs) to determine the authorization of the client
+to perform the requested action.
+Currently four distinct access types are supported:
+.TP 1i
+Addition
+(.add ACL file).  If a principal is on this list, it may add new
+principals to the database.
+.TP
+Retrieval
+(.get ACL file).  If a principal is on this list, it may retrieve
+database entries.  NOTE:  A principal's private key is never returned by
+the get functions.
+.TP
+Modification
+(.mod ACL file).  If a principal is on this list, it may modify entries
+in the database.
+.TP
+Deletions
+(.del ACL file).  If a principal is on this list, if may delete
+entries from the database.
+.PP
+A principal is always granted authorization to change its own password.
+.SH FILES
+.TP 20n
+/var/log/admin_server.syslog
+Default log file.
+.TP 
+/var/kerberos
+Default access control list directory.
+.TP
+admin_acl.{add,get,mod}
+Access control list files (within the directory)
+.TP
+/var/kerberos/principal.pag, /var/kerberos/principal.dir
+Default DBM files containing database
+.TP
+/.k
+Master key cache file.
+.SH "SEE ALSO"
+kerberos(1), kpasswd(1), kadmin(8), acl_check(3)
+.SH AUTHORS
+Douglas A. Church, MIT Project Athena
+.br
+John T. Kohl, Project Athena/Digital Equipment Corporation
diff --git a/crypto/kerberosIV/man/kafs.3 b/crypto/kerberosIV/man/kafs.3
new file mode 100644
index 0000000..4a7b5ef
--- /dev/null
+++ b/crypto/kerberosIV/man/kafs.3
@@ -0,0 +1,158 @@
+.\"	$Id: kafs.3,v 1.3 1998/06/30 15:41:52 assar Exp $
+.\"
+.Dd May 7, 1997
+.Os KTH-KRB
+.Dt KAFS 3
+.Sh NAME
+.Nm k_hasafs ,
+.Nm k_pioctl ,
+.Nm k_unlog ,
+.Nm k_setpag ,
+.Nm k_afs_cell_of_file ,
+.Nm krb_afslog ,
+.Nm krb_afslog_uid
+\" .Nm krb5_afslog ,
+\" .Nm krb5_afslog_uid
+.Nd AFS library
+.Sh SYNOPSIS
+.Fd #include <kafs.h>
+.Ft int
+.Fn k_afs_cell_of_file "const char *path" "char *cell" "int len"
+.Ft int
+.Fn k_hasafs
+.Ft int
+.Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks"
+.Ft int
+.Fn k_setpag
+.Ft int
+.Fn k_unlog
+.Ft int
+.Fn krb_afslog "char *cell" "char *realm"
+.Ft int
+.Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid"
+\" .Ft krb5_error_code
+\" .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid"
+\" .Ft krb5_error_code
+\" .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm"
+.Sh DESCRIPTION
+.Fn k_hasafs
+initializes some library internal structures, and tests for the
+presense of AFS in the kernel, none of the other functions should be
+called before 
+.Fn k_hasafs
+is called, or if it fails.
+
+.Fn krb_afslog ,
+and
+.Fn krb_afslog_uid
+obtains new tokens (and possibly tickets) for the specified
+.Fa cell
+and
+.Fa realm .
+If 
+.Fa cell
+is 
+.Dv NULL ,
+the local cell is used. If 
+.Fa realm 
+is
+.Dv NULL ,
+the function tries to guess what realm to use. Unless you  have some good knowledge of what cell or realm to use, you should pass
+.Dv NULL . 
+.Fn krb_afslog 
+will use the real user-id for the
+.Dv ViceId
+field in the token, 
+.Fn krb_afslog_uid
+will use
+.Fa uid .
+
+\" .Fn krb5_afslog ,
+\" and 
+\" .Fn krb5_afslog_uid
+\" are the Kerberos 5 equivalents of
+\" .Fn krb_afslog ,
+\" and
+\" .Fn krb_afslog_uid .
+\" The extra arguments are the ubiquitous context, and the cache id where
+\" to store any obtained tickets. Since AFS servers normally can't handle
+\" Kerberos 5 tickets directly, these functions will first obtain version
+\" 5 tickets for the requested cells, and then convert them to version 4
+\" tickets, that can be stashed in the kernel. To convert tickets the
+\" .Fn krb524_convert_creds_kdc
+\" function will be used.
+
+.Fn k_afs_cell_of_file
+will in 
+.Fa cell
+return the cell of a specified file, no more than
+.Fa len
+characters is put in 
+.Fa cell .
+
+.Fn k_pioctl
+does a 
+.Fn pioctl
+syscall with the specified arguments. This function is equivalent to
+.Fn lpioctl .
+
+.Fn k_setpag
+initializes a new PAG.
+
+.Fn k_unlog
+removes destroys all tokens in the current PAG.
+
+.Sh ENVIRONMENT
+The following environment variable affect the mode of operation of
+.Nm kafs :
+.Bl -tag
+.It Ev AFS_SYSCALL
+Normally,
+.Nm kafs
+will try to figure out the correct system call(s) that are used by AFS
+by itself.  If it does not manage to do that, or does it incorrectly,
+you can set this variable to the system call number or list of system
+call numbers that should be used.
+.El
+.Sh RETURN VALUES
+.Fn k_hasafs
+returns 1 if AFS is present in the kernel, 0 otherwise.
+.Fn krb_afslog
+and
+.Fn krb_afslog_uid
+returns 0 on success, or a kerberos error number on failure.
+.Fn k_afs_cell_of_file ,
+.Fn k_pioctl , 
+.Fn k_setpag ,
+and
+.Fn k_unlog
+all return the value of the underlaying system call, 0 on success.
+.Sh EXAMPLES
+The following code from
+.Nm login 
+will obtain a new PAG and tokens for the local cell and the cell of
+the users home directory.
+.Bd -literal
+if (k_hasafs()) {
+	char cell[64];
+	k_setpag();
+	if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
+		krb_afslog(cell, NULL);
+	krb_afslog(NULL, NULL);
+}
+.Ed
+.Sh ERRORS
+If any of these functions (appart from 
+.Fn k_hasafs )
+is called without AFS beeing present in the kernel, the process will
+usually (depending on the operating system) receive a SIGSYS signal.
+.Sh SEE ALSO
+.Rs
+.%A Transarc Corporation
+.%J AFS-3 Programmer's Reference
+.%T File Server/Cache Manager Interface
+.%D 1991
+.Re
+.Sh BUGS
+.Ev AFS_SYSCALL
+has no effect under AIX.
diff --git a/crypto/kerberosIV/man/kauth.1 b/crypto/kerberosIV/man/kauth.1
new file mode 100644
index 0000000..2efb709
--- /dev/null
+++ b/crypto/kerberosIV/man/kauth.1
@@ -0,0 +1,67 @@
+.\" $Id: kauth.1,v 1.3 1998/06/30 15:29:17 assar Exp $
+.\"
+.Dd May 4, 1996
+.Dt KAUTH 1
+.Os KTH-KRB
+.Sh NAME
+.Nm kauth
+.Nd
+overworked Kerberos login program
+.Sh SYNOPSIS
+.Nm
+.Op Fl n Ar name
+.Op Fl r Ar remote user
+.Op Fl t Pa remote ticket file
+.Op Fl h Ar hosts...
+.Op Fl l Ar lifetime
+.Op Fl f Pa srvtab
+.Op Fl c Ar cell
+.Op Ar command ...
+.Sh DESCRIPTION
+The
+.Nm
+command obtains ticket granting tickets as well as AFS ticket and
+tokens. It also does a whole lot of other stuff.
+.Pp
+The following flags are supported:
+.Bl -tag -width xxxx
+.It Fl n
+Principal to get tickets for. If no other arguments are present this
+can be given without the
+.Fl n
+flag.
+.It Fl h
+Remote hosts to obtain tickets for. This works similar to the MIT
+Athena Kerberos 4 patchlevel 10 command
+.Xr rkinit 1 ,
+however not in a compatible way. It requires that the remote host runs
+the
+.Xr kauthd 8 ,
+server. The 
+.Fl r
+and
+.Fl t
+flags are useful only with this option.
+.It Fl r
+User on the remote host that should own the ticket file.
+.It Fl t 
+Ticket file on remote host.
+.It Fl l
+Lifetime of tickets in minutes. A value of -1 is used for maximum
+ticket lifetime.
+.It Fl f
+Srvtab to get service keys from. Default is 
+.Pa /etc/srvtab .
+This is mainly used with batch services that need to run
+authenticated. If any command is given, it will be executed in an
+authenticated fashion and when the program exits the tickets are
+destroyed. For long running jobs the tickets will be renewed.
+.It Fl c
+AFS cell to get tokens for, default is your local cell.
+.El
+.Sh SEE ALSO
+.Xr kinit 1 ,
+.Xr kauthd 8 ,
+.Xr kafs 3
+.Sh BUGS
+There is no help-switch.
diff --git a/crypto/kerberosIV/man/kauthd.8 b/crypto/kerberosIV/man/kauthd.8
new file mode 100644
index 0000000..4978ff2
--- /dev/null
+++ b/crypto/kerberosIV/man/kauthd.8
@@ -0,0 +1,27 @@
+.\" $Id: kauthd.8,v 1.2 1996/09/28 22:04:48 assar Exp $
+.\"
+.Dd September 27, 1996
+.Dt KAUTHD 8
+.Os KTH-KRB
+.Sh NAME
+.Nm kauthd
+.Nd
+remote Kerberos login daemon
+.Sh SYNOPSIS
+.Nm
+.Sh DESCRIPTION
+Daemon for the
+.Xr kauth 1
+command.
+.Pp
+Options supported by
+.Nm kauthd :
+.Bl -tag -width Ds
+.It Fl i
+Interactive.  Do not expect to be started by
+.Nm inetd,
+but allocate and listen to the socket yourself.  Handy for testing
+and debugging.
+.El
+.Sh SEE ALSO
+.Xr kauth 1
diff --git a/crypto/kerberosIV/man/kdb_destroy.8 b/crypto/kerberosIV/man/kdb_destroy.8
new file mode 100644
index 0000000..c6e4739
--- /dev/null
+++ b/crypto/kerberosIV/man/kdb_destroy.8
@@ -0,0 +1,32 @@
+.\" $Id: kdb_destroy.8,v 1.3 1997/04/02 21:09:54 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KDB_DESTROY 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kdb_destroy \- destroy Kerberos key distribution center database
+.SH SYNOPSIS
+kdb_destroy
+.SH DESCRIPTION
+.I kdb_destroy
+deletes a Kerberos key distribution center database.
+.PP
+The user is prompted to verify that the database should be destroyed.  A
+response beginning with `y' or `Y' confirms deletion.
+Any other response aborts deletion.
+.SH DIAGNOSTICS
+.TP 20n
+"Database cannot be deleted at /var/kerberos/principal"
+The attempt to delete the database failed (probably due to a system or
+access permission error).
+.TP
+"Database not deleted."
+The user aborted the deletion.
+.SH FILES
+.TP 20n
+/var/kerberos/principal.pag, /var/kerberos/principal.dir
+DBM files containing database
+.SH SEE ALSO
+kdb_init(8)
diff --git a/crypto/kerberosIV/man/kdb_edit.8 b/crypto/kerberosIV/man/kdb_edit.8
new file mode 100644
index 0000000..14f7e92
--- /dev/null
+++ b/crypto/kerberosIV/man/kdb_edit.8
@@ -0,0 +1,54 @@
+.\" $Id: kdb_edit.8,v 1.3 1997/04/02 21:09:54 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KDB_EDIT 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kdb_edit \-  Kerberos key distribution center database editing utility
+.SH SYNOPSIS
+kdb_edit [
+.B \-n
+]
+.SH DESCRIPTION
+.I kdb_edit
+is used to create or change principals stored in the Kerberos key
+distribution center (KDC) database.
+.PP
+When executed,
+.I kdb_edit
+prompts for the master key string and verifies that it matches the
+master key stored in the database.
+If the
+.B \-n
+option is specified, the master key is instead fetched from the master
+key cache file.
+.PP
+Once the master key has been verified,
+.I kdb_edit
+begins a prompt loop.  The user is prompted for the principal and
+instance to be modified.  If the entry is not found the user may create
+it.
+Once an entry is found or created, the user may set the password,
+expiration date, maximum ticket lifetime, and attributes.
+Default expiration dates, maximum ticket lifetimes, and attributes are
+presented in brackets; if the user presses return the default is selected.
+There is no default password.
+The password RANDOM is interpreted specially, and if entered
+the user may have the program select a random DES key for the
+principal.
+.PP
+Upon successfully creating or changing the entry, ``Edit O.K.'' is
+printed.
+.SH DIAGNOSTICS
+.TP 20n
+"verify_master_key: Invalid master key, does not match database."
+The master key string entered was incorrect.
+.SH FILES
+.TP 20n
+/var/kerberos/principal.pag, /var/kerberos/principal.dir
+DBM files containing database
+.TP
+/.k
+Master key cache file.
diff --git a/crypto/kerberosIV/man/kdb_init.8 b/crypto/kerberosIV/man/kdb_init.8
new file mode 100644
index 0000000..f019dd4
--- /dev/null
+++ b/crypto/kerberosIV/man/kdb_init.8
@@ -0,0 +1,37 @@
+.\" $Id: kdb_init.8,v 1.3 1997/04/02 21:09:54 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KDB_INIT 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kdb_init \- Initialize Kerberos key distribution center database
+.SH SYNOPSIS
+kdb_init [ 
+.B realm
+]
+.SH DESCRIPTION
+.I kdb_init
+initializes a Kerberos key distribution center database, creating the
+necessary principals.
+.PP
+If the optional
+.I realm
+argument is not present,
+.I kdb_init
+prompts for a realm name.
+After determining the realm to be created, it prompts for
+a master key password.  The master key password is used to encrypt
+every encryption key stored in the database.
+.SH DIAGNOSTICS
+.TP 20n
+"/var/kerberos/principal: File exists"
+An attempt was made to create a database on a machine which already had
+an existing database.
+.SH FILES
+.TP 20n
+/var/kerberos/principal.pag, /var/kerberos/principal.dir
+DBM files containing database
+.SH SEE ALSO
+kdb_destroy(8)
diff --git a/crypto/kerberosIV/man/kdb_util.8 b/crypto/kerberosIV/man/kdb_util.8
new file mode 100644
index 0000000..0e3c201
--- /dev/null
+++ b/crypto/kerberosIV/man/kdb_util.8
@@ -0,0 +1,68 @@
+.\" $Id: kdb_util.8,v 1.3 1997/04/02 20:45:38 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KDB_UTIL 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kdb_util \-  Kerberos key distribution center database utility
+.SH SYNOPSIS
+kdb_util 
+.B operation filename
+.SH DESCRIPTION
+.I kdb_util
+allows the Kerberos key distribution center (KDC) database administrator to
+perform utility functions on the database.
+.PP
+.I Operation
+must be one of the following:
+.TP 10n
+.I load
+initializes the KDC database with the records described by the
+text contained in the file
+.IR filename .
+Any existing database is overwritten.
+.TP
+.I dump
+dumps the KDC database into a text representation in the file
+.IR filename .
+.TP
+.I slave_dump
+performs a database dump like the
+.I dump
+operation, and additionally creates a semaphore file signalling the
+propagation software that an update is available for distribution to
+slave KDC databases.
+.TP
+.I merge
+merges in the entries from
+.IR filename
+into the database.
+.TP
+.I new_master_key
+prompts for the old and new master key strings, and then dumps the KDC
+database into a text representation in the file
+.IR filename .
+The keys in the text representation are encrypted in the new master key.
+.TP
+.I convert_old_db
+prompts for the master key string, and then dumps the KDC database into
+a text representation in the file
+.IR filename .
+The existing database is assumed to be encrypted using the old format
+(encrypted by the key schedule of the master key); the dumped database
+is encrypted using the new format (encrypted directly with master key).
+.PP
+.SH DIAGNOSTICS
+.TP 20n
+"verify_master_key: Invalid master key, does not match database."
+The master key string entered was incorrect.
+.SH FILES
+.TP 20n
+/kerberos/principal.pag, /kerberos/principal.dir
+DBM files containing database
+.TP
+.IR filename .ok
+semaphore file created by
+.IR slave_dump.
diff --git a/crypto/kerberosIV/man/kdestroy.1 b/crypto/kerberosIV/man/kdestroy.1
new file mode 100644
index 0000000..c7797c0
--- /dev/null
+++ b/crypto/kerberosIV/man/kdestroy.1
@@ -0,0 +1,96 @@
+.\" $Id: kdestroy.1,v 1.4 1999/06/15 13:29:32 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KDESTROY 1 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kdestroy \- destroy Kerberos tickets
+.SH SYNOPSIS
+.B kdestroy
+[
+.B \-f
+]
+[
+.B \-q
+]
+[
+.B \-t
+]
+.SH DESCRIPTION
+The
+.I kdestroy
+utility destroys the user's active
+Kerberos
+authorization tickets by writing zeros to the file that contains them.
+If the ticket file does not exist,
+.I kdestroy
+displays a message to that effect.
+.PP
+After overwriting the file,
+.I kdestroy
+removes the file from the system.
+The utility
+displays a message indicating the success or failure of the
+operation.
+If
+.I kdestroy
+is unable to destroy the ticket file,
+the utility will warn you by making your terminal beep.
+.PP
+In the Athena workstation environment,
+the
+.I toehold
+service automatically destroys your tickets when you
+end a workstation session.
+If your site does not provide a similar ticket-destroying mechanism,
+you can place the
+.I kdestroy
+command in your
+.I .logout
+file so that your tickets are destroyed automatically
+when you logout.
+.PP
+The options to
+.I kdestroy
+are as follows:
+.TP 7
+.B \-f
+.I kdestroy
+runs without displaying the status message.
+.TP
+.B \-q
+.I kdestroy
+will not make your terminal beep if it fails to destroy the tickets.
+.TP
+.B \-t
+destroy tickets only and keep all AFS tokens.
+.TP
+.B \-u
+unlog, i.e remove any AFS tokens associated with the current PAG
+but leave the ticket file alone.
+.PP
+If neither
+.B \-t
+nor 
+.B \-u
+is given, both tickets and AFS tokens are destroyed.
+.SH FILES
+KRBTKFILE environment variable if set, otherwise
+.br
+/tmp/tkt[uid]
+.SH SEE ALSO
+kerberos(1), kinit(1), klist(1)
+.SH BUGS
+.PP
+Only the tickets in the user's current ticket file are destroyed.
+Separate ticket files are used to hold root instance and password
+changing tickets.  These files should probably be destroyed too, or
+all of a user's tickets kept in a single ticket file.
+.SH AUTHORS
+Steve Miller, MIT Project Athena/Digital Equipment Corporation
+.br
+Clifford Neuman, MIT Project Athena
+.br
+Bill Sommerfeld, MIT Project Athena
diff --git a/crypto/kerberosIV/man/kerberos.1 b/crypto/kerberosIV/man/kerberos.1
new file mode 100644
index 0000000..4968822
--- /dev/null
+++ b/crypto/kerberosIV/man/kerberos.1
@@ -0,0 +1,258 @@
+.\" $Id: kerberos.1,v 1.3 1997/11/07 12:37:34 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KERBEROS 1 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kerberos \- introduction to the Kerberos system
+
+.SH DESCRIPTION
+The
+Kerberos
+system authenticates
+individual users in a network environment.
+After authenticating yourself to
+Kerberos,
+you can use network utilities such as
+.IR rlogin ,
+.IR rcp ,
+and
+.IR rsh
+without
+having to present passwords to remote hosts and without having to bother
+with
+.I \.rhosts
+files.
+Note that these utilities will work without passwords only if
+the remote machines you deal with
+support the
+Kerberos
+system.
+All Athena timesharing machines and public workstations support
+Kerberos.
+.PP
+Before you can use
+Kerberos,
+you must register as an Athena user,
+and you must make sure you have been added to
+the
+Kerberos
+database.
+You can use the
+.I kinit
+command to find out.
+This command
+tries to log you into the
+Kerberos
+system.
+.I kinit
+will prompt you for a username and password.
+Enter your username and password.
+If the utility lets you login without giving you a message,
+you have already been registered.
+.PP
+If you enter your username and
+.I kinit
+responds with this message:
+.nf
+
+Principal unknown (kerberos)
+
+.fi
+you haven't been registered as a
+Kerberos
+user.
+See your system administrator.
+.PP
+A Kerberos name contains three parts.
+The first is the
+.I principal name,
+which is usually a user's or service's name.
+The second is the
+.I instance,
+which in the case of a user is usually null.
+Some users may have privileged instances, however,
+such as ``root'' or ``admin''.
+In the case of a service, the instance is the
+name of the machine on which it runs; i.e. there
+can be an
+.I rlogin
+service running on the machine ABC, which
+is different from the rlogin service running on
+the machine XYZ.
+The third part of a Kerberos name
+is the
+.I realm.
+The realm corresponds to the Kerberos service providing
+authentication for the principal.
+For example, at MIT there is a Kerberos running at the
+Laboratory for Computer Science and one running at
+Project Athena.
+.PP
+When writing a Kerberos name, the principal name is
+separated from the instance (if not null) by a period,
+and the realm (if not the local realm) follows, preceded by
+an ``@'' sign.
+The following are examples of valid Kerberos names:
+.sp
+.nf
+.in +8
+billb
+jis.admin
+srz@lcs.mit.edu
+treese.root@athena.mit.edu
+.in -8
+.fi
+.PP
+When you authenticate yourself with
+Kerberos,
+through either the workstation
+.I toehold
+system or the
+.I kinit
+command,
+Kerberos
+gives you an initial
+Kerberos
+.IR ticket .
+(A
+Kerberos
+ticket
+is an encrypted protocol message that provides authentication.)
+Kerberos
+uses this ticket for network utilities
+such as
+.I rlogin
+and
+.IR rcp .
+The ticket transactions are done transparently,
+so you don't have to worry about their management.
+.PP
+Note, however, that tickets expire.
+Privileged tickets, such as root instance tickets,
+expire in a few minutes, while tickets that carry more ordinary
+privileges may be good for several hours or a day, depending on the
+installation's policy.
+If your login session extends beyond the time limit,
+you will have to re-authenticate yourself to
+Kerberos
+to get new tickets.
+Use the
+.IR kinit
+command to re-authenticate yourself.
+.PP
+If you use the
+.I kinit
+command to get your tickets,
+make sure you use the
+.I kdestroy
+command
+to destroy your tickets before you end your login session.
+You should probably put the
+.I kdestroy
+command in your
+.I \.logout
+file so that your tickets will be destroyed automatically when you logout.
+For more information about the
+.I kinit
+and
+.I kdestroy
+commands,
+see the
+.I kinit(1)
+and
+.I kdestroy(1)
+manual pages.
+.PP
+Currently,
+Kerberos
+supports the following network services:
+.IR rlogin ,
+.IR rsh ,
+.IR rcp ,
+.IR pop ,
+.IR ftp ,
+.IR telnet ,
+.IR AFS
+and
+.IR NFS.
+
+.SH "SEE ALSO"
+kdestroy(1), kinit(1), klist(1), kpasswd(1), des_crypt(3), kerberos(3),
+kadmin(8)
+.SH BUGS
+Kerberos
+will not do authentication forwarding.
+In other words,
+if you use
+.I rlogin
+to login to a remote host,
+you cannot use
+Kerberos
+services from that host
+until you authenticate yourself explicitly on that host.
+Although you may need to authenticate yourself on the remote
+host,
+be aware that when you do so,
+.I rlogin
+sends your password across the network in clear text.
+
+.SH AUTHORS
+Steve Miller, MIT Project Athena/Digital Equipment Corporation
+.br
+Clifford Neuman, MIT Project Athena
+
+The following people helped out on various aspects of the system:
+
+Jeff Schiller designed and wrote the administration server and its
+user interface, kadmin.
+He also wrote the dbm version of the database management system.
+
+Mark Colan developed the
+Kerberos
+versions of
+.IR rlogin ,
+.IR rsh ,
+and
+.IR rcp ,
+as well as contributing work on the servers.
+
+John Ostlund developed the
+Kerberos
+versions of
+.I passwd
+and
+.IR userreg .
+
+Stan Zanarotti pioneered Kerberos in a foreign realm (LCS),
+and made many contributions based on that experience.
+
+Many people contributed code and/or useful ideas, including
+Jim Aspnes,
+Bob Baldwin,
+John Barba,
+Richard Basch,
+Jim Bloom,
+Bill Bryant,
+Rob French,
+Dan Geer,
+David Jedlinsky,
+John Kohl,
+John Kubiatowicz,
+Bob McKie,
+Brian Murphy,
+Ken Raeburn,
+Chris Reed,
+Jon Rochlis,
+Mike Shanzer,
+Bill Sommerfeld,
+Jennifer Steiner,
+Ted Ts'o,
+and
+Win Treese.
+
+.SH RESTRICTIONS
+
+COPYRIGHT 1985,1986 Massachusetts Institute of Technology
diff --git a/crypto/kerberosIV/man/kerberos.3 b/crypto/kerberosIV/man/kerberos.3
new file mode 100644
index 0000000..71da54d
--- /dev/null
+++ b/crypto/kerberosIV/man/kerberos.3
@@ -0,0 +1,460 @@
+.\" $Id: kerberos.3,v 1.2 1996/06/12 21:29:18 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KERBEROS 3 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, krb_get_cred,
+krb_mk_priv, krb_rd_priv, krb_mk_safe, krb_rd_safe, krb_mk_err,
+krb_rd_err, krb_ck_repl \- Kerberos authentication library
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+#include <des.h>
+#include <krb.h>
+.PP
+.ft B
+extern char *krb_err_txt[];
+.PP
+.ft B
+int krb_mk_req(authent,service,instance,realm,checksum)
+KTEXT authent;
+char *service;
+char *instance;
+char *realm;
+u_long checksum;
+.PP
+.ft B
+int krb_rd_req(authent,service,instance,from_addr,ad,fn)
+KTEXT authent;
+char *service;
+char *instance;
+u_long from_addr;
+AUTH_DAT *ad;
+char *fn;
+.PP
+.ft B
+int krb_kntoln(ad,lname)
+AUTH_DAT *ad;
+char *lname;
+.PP
+.ft B
+int krb_set_key(key,cvt)
+char *key;
+int cvt;
+.PP
+.ft B
+int krb_get_cred(service,instance,realm,c)
+char *service;
+char *instance;
+char *realm;
+CREDENTIALS *c;
+.PP
+.ft B
+long krb_mk_priv(in,out,in_length,schedule,key,sender,receiver)
+u_char *in;
+u_char *out;
+u_long in_length;
+des_cblock key;
+des_key_schedule schedule;
+struct sockaddr_in *sender;
+struct sockaddr_in *receiver;
+.PP
+.ft B
+long krb_rd_priv(in,in_length,schedule,key,sender,receiver,msg_data)
+u_char *in;
+u_long in_length;
+Key_schedule schedule;
+des_cblock key;
+struct sockaddr_in *sender;
+struct sockaddr_in *receiver;
+MSG_DAT *msg_data;
+.PP
+.ft B
+long krb_mk_safe(in,out,in_length,key,sender,receiver)
+u_char *in;
+u_char *out;
+u_long in_length;
+des_cblock key;
+struct sockaddr_in *sender;
+struct sockaddr_in *receiver;
+.PP
+.ft B
+long krb_rd_safe(in,length,key,sender,receiver,msg_data)
+u_char *in;
+u_long length;
+des_cblock key;
+struct sockaddr_in *sender;
+struct sockaddr_in *receiver;
+MSG_DAT *msg_data;
+.PP
+.ft B
+long krb_mk_err(out,code,string)
+u_char *out;
+long code;
+char *string;
+.PP
+.ft B
+long krb_rd_err(in,length,code,msg_data)
+u_char *in;
+u_long length;
+long code;
+MSG_DAT *msg_data;
+.fi
+.ft R
+.SH DESCRIPTION
+This library supports network authentication and various related
+operations.  The library contains many routines beyond those described
+in this man page, but they are not intended to be used directly.
+Instead, they are called by the routines that are described, the
+authentication server and the login program.
+.PP
+.I krb_err_txt[]
+contains text string descriptions of various Kerberos error codes returned
+by some of the routines below.
+.PP
+.I krb_mk_req
+takes a pointer to a text structure in which an authenticator is to be
+built.  It also takes the name, instance, and realm of the service to be
+used and an optional checksum.  It is up to the application to decide
+how to generate the checksum.
+.I krb_mk_req
+then retrieves a ticket for the desired service and creates an
+authenticator.  The authenticator is built in
+.I authent
+and is accessible
+to the calling procedure.
+.PP
+It is up to the application to get the authenticator to the service
+where it will be read by
+.I krb_rd_req.
+Unless an attacker posesses the session key contained in the ticket, it
+will be unable to modify the authenticator.  Thus, the checksum can be
+used to verify the authenticity of the other data that will pass through
+a connection.
+.PP
+.I krb_rd_req
+takes an authenticator of type
+.B KTEXT,
+a service name, an instance, the address of the
+host originating the request, and a pointer to a structure of type
+.B AUTH_DAT
+which is filled in with information obtained from the authenticator.
+It also optionally takes the name of the file in which it will find the
+secret key(s) for the service.
+If the supplied
+.I instance
+contains "*", then the first service key with the same service name
+found in the service key file will be used, and the
+.I instance
+argument will be filled in with the chosen instance.  This means that
+the caller must provide space for such an instance name.
+.PP
+It is used to find out information about the principal when a request
+has been made to a service.  It is up to the application protocol to get
+the authenticator from the client to the service.  The authenticator is
+then passed to
+.I krb_rd_req
+to extract the desired information.
+.PP
+.I krb_rd_req
+returns zero (RD_AP_OK) upon successful authentication.  If a packet was
+forged, modified, or replayed, authentication will fail.  If the
+authentication fails, a non-zero value is returned indicating the
+particular problem encountered.  See
+.I krb.h
+for the list of error codes.
+.PP
+If the last argument is the null string (""), krb_rd_req will use the
+file /etc/srvtab to find its keys.  If the last argument is NULL, it
+will assume that the key has been set by
+.I krb_set_key
+and will not bother looking further.
+.PP
+.I krb_kntoln
+converts a Kerberos name to a local name.  It takes a structure
+of type AUTH_DAT and uses the name and instance to look in the database
+/etc/aname to find the corresponding local name.  The local name is
+returned and can be used by an application to change uids, directories,
+or other parameters.  It is not an integral part of Kerberos, but is
+instead provided to support the use of Kerberos in existing utilities.
+.PP
+.I krb_set_key
+takes as an argument a des key.  It then creates
+a key schedule from it and saves the original key to be used as an
+initialization vector.
+It is used to set the server's key which
+must be used to decrypt tickets.
+.PP
+If called with a non-zero second argument,
+.I krb_set_key
+will first convert the input from a string of arbitrary length to a DES
+key by encrypting it with a one-way function.
+.PP
+In most cases it should not be necessary to call
+.I krb_set_key.
+The necessary keys will usually be obtained and set inside
+.I krb_rd_req.  krb_set_key
+is provided for those applications that do not wish to place the
+application keys on disk.
+.PP
+.I krb_get_cred
+searches the caller's ticket file for a ticket for the given service, instance,
+and realm; and, if a ticket is found, fills in the given CREDENTIALS structure
+with the ticket information.
+.PP
+If the ticket was found,
+.I krb_get_cred
+returns GC_OK.
+If the ticket file can't be found, can't be read, doesn't belong to
+the user (other than root), isn't a regular file, or is in the wrong
+mode, the error GC_TKFIL is returned.
+.PP
+.I krb_mk_priv
+creates an encrypted, authenticated
+message from any arbitrary application data, pointed to by
+.I in
+and
+.I in_length
+bytes long.
+The private session key, pointed to by
+.I key
+and the key schedule,
+.I schedule,
+are used to encrypt the data and some header information using
+.I pcbc_encrypt.
+.I sender
+and
+.I receiver
+point to the Internet address of the two parties.
+In addition to providing privacy, this protocol message protects
+against modifications, insertions or replays.  The encapsulated message and
+header are placed in the area pointed to by
+.I out
+and the routine returns the length of the output, or -1 indicating
+an error.
+.PP
+.I krb_rd_priv
+decrypts and authenticates a received
+.I krb_mk_priv
+message.
+.I in
+points to the beginning of the received message, whose length
+is specified in
+.I in_length.
+The private session key, pointed to by
+.I key,
+and the key schedule,
+.I schedule,
+are used to decrypt and verify the received message.
+.I msg_data
+is a pointer to a
+.I MSG_DAT
+struct, defined in
+.I krb.h.
+The routine fills in the
+.I app_data
+field with a pointer to the decrypted application data,
+.I app_length
+with the length of the
+.I app_data
+field,
+.I time_sec
+and
+.I time_5ms
+with the timestamps in the message, and
+.I swap
+with a 1 if the byte order of the receiver is different than that of
+the sender.  (The application must still determine if it is appropriate
+to byte-swap application data; the Kerberos protocol fields are already taken
+care of).  The
+.I hash
+field returns a value useful as input to the
+.I krb_ck_repl
+routine.
+
+The routine returns zero if ok, or a Kerberos error code. Modified messages
+and old messages cause errors, but it is up to the caller to
+check the time sequence of messages, and to check against recently replayed
+messages using
+.I krb_ck_repl
+if so desired.
+.PP
+.I krb_mk_safe
+creates an authenticated, but unencrypted message from any arbitrary
+application data,
+pointed to by
+.I in
+and
+.I in_length
+bytes long.
+The private session key, pointed to by
+.I key,
+is used to seed the
+.I quad_cksum()
+checksum algorithm used as part of the authentication.
+.I sender
+and
+.I receiver
+point to the Internet address of the two parties.
+This message does not provide privacy, but does protect (via detection)
+against modifications, insertions or replays.  The encapsulated message and
+header are placed in the area pointed to by
+.I out
+and the routine returns the length of the output, or -1 indicating
+an error.
+The authentication provided by this routine is not as strong as that
+provided by
+.I krb_mk_priv
+or by computing the checksum using
+.I cbc_cksum
+instead, both of which authenticate via DES.
+.PP
+
+.I krb_rd_safe
+authenticates a received
+.I krb_mk_safe
+message.
+.I in
+points to the beginning of the received message, whose length
+is specified in
+.I in_length.
+The private session key, pointed to by
+.I key,
+is used to seed the quad_cksum() routine as part of the authentication.
+.I msg_data
+is a pointer to a
+.I MSG_DAT
+struct, defined in
+.I krb.h .
+The routine fills in these
+.I MSG_DAT
+fields:
+the
+.I app_data
+field with a pointer to the application data,
+.I app_length
+with the length of the
+.I app_data
+field,
+.I time_sec
+and
+.I time_5ms
+with the timestamps in the message, and
+.I swap
+with a 1 if the byte order of the receiver is different than that of
+the sender.
+(The application must still determine if it is appropriate
+to byte-swap application data; the Kerberos protocol fields are already taken
+care of).  The
+.I hash
+field returns a value useful as input to the
+.I krb_ck_repl
+routine.
+
+The routine returns zero if ok, or a Kerberos error code. Modified messages
+and old messages cause errors, but it is up to the caller to
+check the time sequence of messages, and to check against recently replayed
+messages using
+.I krb_ck_repl
+if so desired.
+.PP
+.I krb_mk_err
+constructs an application level error message that may be used along
+with
+.I krb_mk_priv
+or
+.I krb_mk_safe.
+.I out
+is a pointer to the output buffer,
+.I code
+is an application specific error code, and
+.I string
+is an application specific error string.
+
+.PP
+.I krb_rd_err
+unpacks a received
+.I krb_mk_err
+message.
+.I in
+points to the beginning of the received message, whose length
+is specified in
+.I in_length.
+.I code
+is a pointer to a value to be filled in with the error
+value provided by the application.
+.I msg_data
+is a pointer to a
+.I MSG_DAT
+struct, defined in
+.I krb.h .
+The routine fills in these
+.I MSG_DAT
+fields: the
+.I app_data
+field with a pointer to the application error text,
+.I app_length
+with the length of the
+.I app_data
+field, and
+.I swap
+with a 1 if the byte order of the receiver is different than that of
+the sender.  (The application must still determine if it is appropriate
+to byte-swap application data; the Kerberos protocol fields are already taken
+care of).
+
+The routine returns zero if the error message has been successfully received,
+or a Kerberos error code.
+.PP
+The
+.I KTEXT
+structure is used to pass around text of varying lengths.  It consists
+of a buffer for the data, and a length.  krb_rd_req takes an argument of this
+type containing the authenticator, and krb_mk_req returns the
+authenticator in a structure of this type.  KTEXT itself is really a
+pointer to the structure.   The actual structure is of type KTEXT_ST.
+.PP
+The
+.I AUTH_DAT
+structure is filled in by krb_rd_req.  It must be allocated before
+calling krb_rd_req, and a pointer to it is passed.  The structure is
+filled in with data obtained from Kerberos.
+.I MSG_DAT
+structure is filled in by either krb_rd_priv, krb_rd_safe, or
+krb_rd_err.  It must be allocated before the call and a pointer to it
+is passed.  The structure is
+filled in with data obtained from Kerberos.
+.PP
+.SH FILES
+/usr/include/krb.h
+.br
+/usr/lib/libkrb.a
+.br
+/usr/include/des.h
+.br
+/usr/lib/libdes.a
+.br
+/etc/aname
+.br
+/etc/srvtab
+.br
+/tmp/tkt[uid]
+.SH "SEE ALSO"
+kerberos(1), des_crypt(3)
+.SH DIAGNOSTICS
+.SH BUGS
+The caller of
+.I krb_rd_req, krb_rd_priv, and krb_rd_safe
+must check time order and for replay attempts.
+.I krb_ck_repl
+is not implemented yet.
+.SH AUTHORS
+Clifford Neuman, MIT Project Athena
+.br
+Steve Miller, MIT Project Athena/Digital Equipment Corporation
+.SH RESTRICTIONS
+COPYRIGHT 1985,1986,1989 Massachusetts Institute of Technology
diff --git a/crypto/kerberosIV/man/kerberos.8 b/crypto/kerberosIV/man/kerberos.8
new file mode 100644
index 0000000..5d89635
--- /dev/null
+++ b/crypto/kerberosIV/man/kerberos.8
@@ -0,0 +1,192 @@
+.\" $Id: kerberos.8,v 1.4 1997/09/26 17:55:23 joda Exp $
+.\"
+.Dd September 26, 1997
+.Dt KERBEROS 8
+.Os KTH-KRB
+.Sh NAME
+.Nm kerberos
+.Nd The kerberos daemon
+.Sh SYNPOSIS
+.Nm
+.Op Fl mns
+.Op Fl a Ar max age
+.Op Fl i Ar address
+.Op Fl l Ar log
+.Op Fl p Ar pause
+.Op Fl P Ar portspec
+.Op Fl r Ar realm
+.Op Ar database
+.Sh DESCRIPTION
+This is the
+.Nm
+daemon.
+.Pp
+Options:
+.Bl -tag -width -ident
+.It Fl a
+Set the
+.Ar max age
+before the database is considered stale.
+.It Fl i
+Only listen on 
+.Ar address .
+Normally, the kerberos server listens on all addresses of all
+interfaces.
+.It Fl l
+Write the log to
+.Ar log
+.It Fl m
+Run manually and prompt for master key.
+.It Fl n
+Do not check max age. 
+.It Fl p
+Pause for
+.Ar pause
+before dying.
+.It Fl P
+Listen to the ports specified by
+.Ar portspec .
+This should be a white-space separated list of port specificatios. A
+port specification follows the format:
+.Ar port Ns Op / Ns Ar protocol .
+The
+.Ar port
+can be either a symbolic port name (from
+.Pa /etc/services), or a number;
+.Ar protocol can be either 
+.Li udp ,
+or
+.Li tcp . 
+If left out, the KDC will listen to both UDP and TCP sockets on the
+specified port.
+.br
+The special string
+.Li +
+mean that the default set of ports (TCP and UDP on ports 88 and 750)
+should be included.
+.It Fl r
+Run as a server for realm
+.Ar realm
+.It Fl s
+Set slave parameters.  This will enable check to see if data is
+getting too stale relative to the master.
+.El
+
+If no 
+.Ar database
+is given a default datbase will be used, normally
+.Pa /var/kerberos/principal .
+.Sh DIAGNOSTICS
+
+The server logs several messages in a log file
+.Pf ( Pa /var/run/kerberos.log
+by default).  The logging mechanism opens and closes the log file for
+each message, so you can safely rename the log file when the server is
+running.
+.Ss Operational messages
+These are normal messages that you will see in the log. They might be
+followed by some error message.
+.Bl -tag -width xxxxx
+.It Li Getting key for Ar REALM
+The server fetched the key for 
+.Sq krbtgt.REALM
+for the specific
+realm. You will see this at startup, and for every attempt to use
+cross realm authentication.
+.It Xo Li Starting Kerberos for
+.Ar REALM 
+.Li (kvno Ar kvno )
+.Xc
+You will see this also if you start with
+.Fl m .
+.It Xo Li AS REQ 
+.Ar name.instance@REALM 
+.Li for 
+.Ar sname.sinstance 
+.Li from 
+.Ar ip-number
+.Xc
+An initial (password authenticated) request was received.
+.It Xo Li APPL REQ 
+.Ar name.instance@REALM
+.Li for 
+.Ar sname.sinstance
+.Li from Ar ip-number
+.Xc
+A tgt-based request for a ticket was made.
+.El
+
+.Ss Error messages
+These messages reflects misconfigured clients, invalid requests, or
+possibly attepted attacks.
+.Bl -tag -width xxxxx
+.It Li UNKNOWN Ar name.instance
+The server received a request with an unknown principal. This is most
+likely because someone typed the wrong name at a login prompt. It
+could also be someone trying to get a list of possible users.
+.It Xo Li Unknown realm Ar REALM 
+.Li from Ar ip-number
+.Xc
+There isn't a principal for 
+.Sq krbtgt.REALM
+in the database.
+.It Xo Li Can't hop realms: Ar REALM1 
+.Li -> Ar REALM2
+.Xc 
+There was a request for a ticket for another realm.  This might be
+because of a misconfigured client.
+.It Li Principal not unique Ar name.instance
+There is more than one entry for this principal in the database. This
+is not very good.
+.It Li Null key Ar name.instance
+Someone tried to use a principal that for some reason doesn't have a
+key.
+.It Xo Li Incorrect master key version for 
+.Ar name.instance
+.Li : Ar number 
+.Li (should be Ar number )
+.Xc
+The principal has it's key encrypted with the wrong master key.
+.It Xo Li Principal Ar name.instance 
+.Li expired at Ar date
+.Xc
+The principal's key has expired.
+.It Li krb_rd_req from Ar ip-number : error-message
+The message couldn't be decoded properly. The error message will give
+you further hints. You will see this if someone is trying to use
+expired tickets.
+.It Xo Li Unknown message type: Ar number 
+.Li from Ar ip-number
+.Xc
+The message received was not one that is understood by this server.
+.It Li Can't authorize password changed based on TGT
+Someone tried to get a 
+.Sq changepw.kerberos
+via a tgt exchange. This is
+because of a broken client, or possibly an attack.
+.It Li KRB protocol version mismatch ( Ar number )
+The server received a request with an unknown version number.
+.El
+
+.Ss Fatal error messages
+The following messages indicate problems when starting the server.
+.Bl -tag -width xxxxx
+.It Li Database unavailable!
+There was some problem reading the database.
+.It Li Database currently being updated!
+Someone is currently updating the database (possibly via krop).
+.It Li Database out of date!
+The database is older than the maximum age specified.
+.It Li Couldn't get master key.
+The master key file wasn't found or the file is damaged.
+.It Li Can't verify master key.
+The key in the keyfile doesn't match the current databse.
+.It Li Ticket granting ticket service unknown
+The database doesn't contain a 
+.Sq krbtgt.REALM
+for the local realm.
+.El
+
+.Sh SEE ALSO
+.Xr kprop 8 ,
+.Xr kpropd 8
diff --git a/crypto/kerberosIV/man/kinit.1 b/crypto/kerberosIV/man/kinit.1
new file mode 100644
index 0000000..7d05b30
--- /dev/null
+++ b/crypto/kerberosIV/man/kinit.1
@@ -0,0 +1,137 @@
+.\" $Id: kinit.1,v 1.4 1998/12/18 16:57:29 assar Exp $
+.\" $FreeBSD$
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KINIT 1 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kinit \- Kerberos login utility
+.SH SYNOPSIS
+.B kinit
+[
+.B \-irvlp
+]
+.SH DESCRIPTION
+The
+.I kinit
+command is used to login to the
+Kerberos
+authentication and authorization system.
+Note that only registered
+Kerberos
+users can use the
+Kerberos
+system.
+For information about registering as a
+Kerberos
+user,
+see the
+.I kerberos(1)
+manual page.
+.PP
+If you are logged in to a workstation that is running the
+.I toehold
+service,
+you do not have to use
+.I kinit.
+The
+.I toehold
+login procedure will log you into
+Kerberos
+automatically.
+You will need to use
+.I kinit
+only in those situations in which
+your original tickets have expired.
+(Tickets expire in about a day.)
+Note as well that
+.I toehold
+will automatically destroy your tickets when you logout from the workstation.
+.PP
+When you use
+.I kinit
+without options,
+the utility
+prompts for your username and Kerberos password,
+and tries to authenticate your login with the local
+Kerberos
+server.
+.PP
+If
+Kerberos
+authenticates the login attempt,
+.I kinit
+retrieves your initial ticket and puts it in the ticket file specified by
+your KRBTKFILE environment variable.
+If this variable is undefined,
+your ticket will be stored in the
+.IR /tmp
+directory,
+in the file
+.I tktuid ,
+where
+.I uid
+specifies your user identification number.
+.PP
+If you have logged in to
+Kerberos
+without the benefit of the workstation
+.I toehold
+system,
+make sure you use the
+.I kdestroy
+command to destroy any active tickets before you end your login session.
+You may want to put the
+.I kdestroy
+command in your
+.I \.logout
+file so that your tickets will be destroyed automatically when you logout.
+.PP
+The options to
+.I kinit
+are as follows:
+.TP 7
+.B \-i
+.I kinit
+prompts you for a
+Kerberos
+instance.
+.TP
+.B \-r
+.I kinit
+prompts you for a
+Kerberos
+realm.
+This option lets you authenticate yourself with a remote
+Kerberos
+server.
+.TP
+.B \-v
+Verbose mode.
+.I kinit
+prints the name of the ticket file used, and
+a status message indicating the success or failure of
+your login attempt.
+.TP
+.B \-l
+.I kinit
+prompts you for a ticket lifetime in minutes.  Due to protocol
+restrictions in Kerberos Version 4, this value must be between 5 and
+1275 minutes.
+.TP
+.B \-p
+.I kinit
+will acquires a ticket for changepw.kerberos.
+.SH SEE ALSO
+.PP
+kerberos(1), kdestroy(1), klist(1), toehold(1)
+.SH BUGS
+The
+.B \-r
+option has not been fully implemented.
+.SH AUTHORS
+Steve Miller, MIT Project Athena/Digital Equipment Corporation
+.br
+Clifford Neuman, MIT Project Athena
diff --git a/crypto/kerberosIV/man/klist.1 b/crypto/kerberosIV/man/klist.1
new file mode 100644
index 0000000..76dec02
--- /dev/null
+++ b/crypto/kerberosIV/man/klist.1
@@ -0,0 +1,83 @@
+.\" $Id: klist.1,v 1.2 1996/06/12 21:29:19 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KLIST 1 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+klist \- list currently held Kerberos tickets
+.SH SYNOPSIS
+.B klist
+[
+\fB\-s \fR|\fB \-t\fR
+] [
+.B \-file
+name ] [
+.B \-srvtab
+]
+.br
+.SH DESCRIPTION
+.I klist
+prints the name of the tickets file and the
+identity of the principal the tickets are for (as listed in the
+tickets file), and 
+lists the principal names of all Kerberos tickets currently held by
+the user, along with the issue and expire time for each authenticator.
+Principal names are listed in the form
+.I name.instance@realm,
+with the '.' omitted if the instance is null,
+and the '@' omitted if the realm is null.
+
+If given the
+.B \-s
+option,
+.I klist
+does not print the issue and expire times, the name of the tickets file,
+or the identity of the principal.
+
+If given the
+.B \-t
+option, 
+.B klist
+checks for the existence of a non-expired ticket-granting-ticket in the
+ticket file.  If one is present, it exits with status 0, else it exits
+with status 1.  No output is generated when this option is specified. 
+
+If given the
+.B \-file
+option, the following argument is used as the ticket file.
+Otherwise, if the
+.B KRBTKFILE
+environment variable is set, it is used.
+If this environment variable
+is not set, the file
+.B /tmp/tkt[uid]
+is used, where
+.B uid
+is the current user-id of the user.
+
+If given the
+.B \-srvtab
+option, the file is treated as a service key file, and the names of the
+keys contained therein are printed.  If no file is
+specified with a
+.B \-file
+option, the default is
+.IR /etc/srvtab .
+.SH FILES
+.TP 2i
+/etc/krb.conf
+to get the name of the local realm
+.TP
+/tmp/tkt[uid]
+as the default ticket file ([uid] is the decimal UID of the user).
+.TP
+/etc/srvtab
+as the default service key file
+.SH SEE ALSO
+.PP
+kerberos(1), kinit(1), kdestroy(1)
+.SH BUGS
+When reading a file as a service key file, very little sanity or error
+checking is performed.
diff --git a/crypto/kerberosIV/man/kpasswd.1 b/crypto/kerberosIV/man/kpasswd.1
new file mode 100644
index 0000000..ad0c858
--- /dev/null
+++ b/crypto/kerberosIV/man/kpasswd.1
@@ -0,0 +1,85 @@
+.\" $Id: kpasswd.1,v 1.2 1996/06/12 21:29:21 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KPASSWD 1 "Kerberos Version 4.0" "MIT Project Athena"
+.FM mit
+.SH NAME
+kpasswd \- change a user's Kerberos password
+.SH SYNOPSIS
+.B kpasswd
+[
+.B \-h
+] [
+.B \-n
+.I name
+] [
+.B \-i
+.I instance
+] [
+.B \-r
+.I realm
+] [
+\-u
+.IR username[.instance][@realm] ]
+.SH DESCRIPTION
+The
+.I kpasswd
+command is used to change a Kerberos principal's password.
+.PP
+If the
+.I \-h
+option is specified, a brief summary of the options is printed, and 
+.I kpasswd
+then exits.
+.PP
+If the
+.I \-n
+option is specified, 
+.I name
+is used as the principal name rather than the username of the user
+running
+.IR kpasswd .
+(This is determined from the ticket file if it exists;
+otherwise, it is determined from the unix user id.)
+.PP
+If the
+.I \-i
+option is specified,
+.I instance
+is used as the instance rather than a null instance.
+.PP
+If the
+.I \-r
+option is specified,
+.I realm
+is used as the realm rather than the local realm.
+.PP
+If the 
+.I \-u 
+option is specified, a fully qualified kerberos
+principal can be given.
+.PP
+
+The utility prompts for the current Kerberos password (printing
+the name of the principal for which it intends to change the password),
+which is verified by the Kerberos server.  If the old password is
+correct, the user is prompted twice for the new password.  A message is
+printed indicating the success or failure of the password changing
+operation.
+
+.SH BUGS
+
+.I kpasswd
+does not handle names, instances, or realms with special
+characters in them when the -n, -i, or -r options are used.  Any
+valid fullname is accepted, however, if the -u option is used.
+
+If the principal whose password you are trying to change does
+not exist, you will not be told until after you have entered the
+old password.
+
+.SH SEE ALSO
+kerberos(1), kinit(1), passwd(1), kadmin(8)
diff --git a/crypto/kerberosIV/man/kprop.8 b/crypto/kerberosIV/man/kprop.8
new file mode 100644
index 0000000..62761e5
--- /dev/null
+++ b/crypto/kerberosIV/man/kprop.8
@@ -0,0 +1,59 @@
+.\" $Id: kprop.8,v 1.2 1996/06/15 17:03:22 assar Exp $
+.\" $FreeBSD$
+.\"
+.Dd June 7, 1996
+.Dt KPROP 8
+.Os KTH-KRB
+.Sh NAME
+.Nm kprop
+.Nd
+the kerberos slave server update client
+.Sh SYNOPSIS
+.Nm
+.Op Fl force
+.Op Fl realm Ar realm
+.Op Ar dump-file
+.Op Ar slave-file
+.Sh DESCRIPTION
+Changes to the database, such as changed passwords, are only made to
+the master server through the
+.Nm kadmind
+service. To propagate these changes to the slave servers, 
+.Nm 
+should be run regularly on the master server.
+
+The following options are recognised.
+
+.Bl -tag -width -force
+.It Fl force
+Propagate even if there hasn't been an update to the dump file since
+last time.
+.It Fl realm
+Realm if other than the default.
+.It dump-file
+is a file created with 
+.Ic kdb_util slave_dump ,
+default is
+.Pa /var/kerberos/slave_dump .
+.It slave-file
+Contains the names of the slave servers. Default is
+.Pa /var/kerberos/slaves .
+.El
+
+.Nm
+will use the principal 
+.Nm rcmd.kerberos
+to authenticate to the master servers. This principal has to be added
+to the database, and it should also be put into the service key file
+on the master server.
+
+.Sh FILES
+.Bl -tag -width indent -compact
+.It Pa /var/kerberos/slave_dump
+.It Pa /var/kerberos/slaves
+.It Pa /etc/srvtab
+.El
+.Sh SEE ALSO
+.Xr kpropd 8 ,
+.Xr kerberos 8 ,
+.Xr kadmind 8
diff --git a/crypto/kerberosIV/man/kpropd.8 b/crypto/kerberosIV/man/kpropd.8
new file mode 100644
index 0000000..be46ca3
--- /dev/null
+++ b/crypto/kerberosIV/man/kpropd.8
@@ -0,0 +1,64 @@
+.\" $Id: kpropd.8,v 1.2 1997/02/07 22:04:55 assar Exp $
+.\" $FreeBSD$
+.\"
+.Dd June 7, 1996
+.Dt KPROPD 8
+.Os KTH-KRB
+.Sh NAME
+.Nm kpropd
+.Nd
+the kerberos slave server update facility
+.Sh SYNOPSIS
+.Nm
+.Op Fl i
+.Op Fl d Ar database
+.Op Fl l Ar logfile
+.Op Fl m
+.Op Fl p Ar kdb_util
+.Op Fl r Ar realm
+.Op Fl s Ar srvtab
+.Sh DESCRIPTION
+The
+.Nm
+responds to database update requests from the
+.Nm kprop
+command. It can either be started from
+.Nm inetd
+or as an ordinary program.
+
+The following options are recognised:
+
+.Bl -tag -width xxxx
+.It Fl i
+Run stand-alone.  If this flag is not given, it is assumed to have
+been started by
+.Nm inetd .
+.It Fl d
+What database file to use, default is
+.Pa /var/kerberos/principal .
+.It Fl l
+Logfile to use, default is
+.Pa /var/log/kpropd.log .
+.It Fl m
+Treat data as changes to the database rather than a complete database.
+.It Fl p
+The path to
+.Nm kdb_util ,
+default is
+.Pa /usr/athena/sbin/kdb_util .
+.It Fl r
+Realm if other than the default realm.
+.It Fl s
+Srvtab if other than
+.Pa /etc/kerberosIV/srvtab .
+.El
+.Sh FILES
+.Bl -tag -width indent -compact
+.It Pa /var/db/kerberos/principal.{db,dir,pag}
+.It Pa /var/log/kpropd.log
+.It Pa /etc/srvtab
+.El
+.Sh SEE ALSO
+.Xr kprop 8 ,
+.Xr kerberos 8 ,
+.Xr kadmind 8
diff --git a/crypto/kerberosIV/man/krb.conf.5 b/crypto/kerberosIV/man/krb.conf.5
new file mode 100644
index 0000000..8ffa9af
--- /dev/null
+++ b/crypto/kerberosIV/man/krb.conf.5
@@ -0,0 +1,42 @@
+.\" $Id: krb.conf.5,v 1.4 1999/08/02 16:09:57 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KRB.CONF 5 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+/etc/krb.conf \- Kerberos configuration file
+.SH DESCRIPTION
+.I krb.conf
+contains configuration information describing the Kerberos realm(s) and the
+Kerberos key distribution center (KDC) servers for known realms.
+.PP
+.I krb.conf
+starts with a definition of the local realm on the first line, this is
+followed by any number lines defining supplementary local realms.  The
+rest of the file consists of lines indicating realm/host entries. The
+first token is a realm name, and the second is a server specification
+of a host running a KDC for that realm. The words "admin server"
+following the hostname indicate that the host also provides an
+administrative database server.
+
+To be able to communicate with the KDC through a firewall it is
+sometimes necessary to tunnel requests over HTTP or TCP. Tunnel
+protocols and port numbers are specified in the server specification
+using the syntax [(UDP|TCP|HTTP)/]hostname[:port].
+
+For example:
+.nf
+.in +1i
+SICS.SE
+NADA.KTH.SE
+SICS.SE     TCP/kerberos.sics.se:88 admin server
+NADA.KTH.SE kerberos.nada.kth.se    admin server
+NADA.KTH.SE kerberos-1.nada.kth.se
+NADA.KTH.SE kerberos-2.nada.kth.se
+NADA.KTH.SE HTTP/kerberos-3.nada.kth.se
+KTH.SE      kerberos.kth.se         admin server
+.in -1i
+.SH SEE ALSO
+krb.realms(5), krb_get_krbhst(3), krb_get_lrealm(3)
diff --git a/crypto/kerberosIV/man/krb.equiv.5 b/crypto/kerberosIV/man/krb.equiv.5
new file mode 100644
index 0000000..e38f94b
--- /dev/null
+++ b/crypto/kerberosIV/man/krb.equiv.5
@@ -0,0 +1,28 @@
+.\"	$Id: krb.equiv.5,v 1.3 1996/06/18 16:26:20 joda Exp $
+.\"
+.Dd June 18, 1996
+.Dt KRB.EQUIV 5
+.Os KTH-KRB
+.Sh NAME
+.Nm krb.equiv
+.Nd
+Kerberos equivalent hosts file
+.Sh DESCRIPTION
+.Nm
+contains a list of IP addresses that is to be considered being the
+same host for Kerberos purposes. Plain addresses match a single
+host. Addresses followed by a slash (/) and a number is taken as a
+sub-network that should be considered equal.
+.Pp
+Hash (#) starts a comment. Backslash (\\) is a continuation character.
+.Sh EXAMPLES
+.Bd -literal
+# A machine with two interfaces.
+130.237.232.113 130.237.221.42  # emma emma-ether
+# A machine with *many* interfaces
+193.10.156.0/24 193.10.157.0/24 # syk-* syk-*-hps
+.Ed
+.Sh SEE ALSO
+.Xr krb_equiv 3 ,
+.Xr krb.conf 5 ,
+.Xr krb.realms 5
diff --git a/crypto/kerberosIV/man/krb.extra.5 b/crypto/kerberosIV/man/krb.extra.5
new file mode 100644
index 0000000..38569fd
--- /dev/null
+++ b/crypto/kerberosIV/man/krb.extra.5
@@ -0,0 +1,51 @@
+.\" $Id: krb.extra.5,v 1.4 1999/11/25 05:30:42 assar Exp $
+.\"
+.Dd June 24, 1999
+.Dt KRB.EXTRA 5
+.Os KTH-KRB
+.Sh NAME
+.Nm krb.extra
+.Nd
+Kerberos misc configuration file
+.Sh DESCRIPTION
+.Nm
+contains a number of settings that are used by the kerberos library,
+or directly by applications. Each line in the file consists of a
+variable, an equal sign, and a value. Lines beginning with hash are
+ignored.
+.Pp
+Currently defined variables are:
+.Bl -tag -width foo
+.It kdc_timeout
+time in seconds to wait for an answer from the KDC (default is 4
+seconds)
+.It kdc_timesync
+if this is enabled, the time differential between the client and the
+KDC will be stored, and used later on when computing the correct time;
+this is useful if the client's clock is drifting
+.It firewall_address
+the outside address of the firewall; this is used in some places to
+compute a direction bit, and this might break if the server has a
+different idea about which address to use then the client
+.It krb4_proxy
+address of a web-proxy to use when connecting to the KDC via HTTP
+.It krb_default_tkt_root
+the default prefix for ticket files. E.g, if your uid is 42 and the
+prefix is /tmp/tkt then your default ticket file will be /tmp/tkt42
+.It krb_default_keyfile
+the default kefile, normally /etc/srvtab
+.It nat_in_use
+if a Network Address Translator (NAT) is being used.
+.El
+.Sh EXAMPLES
+.Bd -literal
+# this is a comment
+krb_default_tkt_root = /tkt/tkt_
+kdc_timesync = yes
+firewall_address = 10.0.0.1
+krb_default_keyfile = /etc/kerberosIV/srvtab
+.Ed
+.Sh SEE ALSO
+.Xr krb.equiv 5 ,
+.Xr krb.conf 5 ,
+.Xr krb.realms 5
diff --git a/crypto/kerberosIV/man/krb.realms.5 b/crypto/kerberosIV/man/krb.realms.5
new file mode 100644
index 0000000..427c455
--- /dev/null
+++ b/crypto/kerberosIV/man/krb.realms.5
@@ -0,0 +1,38 @@
+.\" $Id: krb.realms.5,v 1.2 1996/06/12 21:29:22 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KRB.REALMS 5 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+/etc/krb.realms \- host to Kerberos realm translation file
+.SH DESCRIPTION
+.I krb.realms
+provides a translation from a hostname to the Kerberos realm name for
+the services provided by that host.
+.PP
+Each line of the translation file is in one of the following forms
+(domain_name should be of the form .XXX.YYY, e.g. .LCS.MIT.EDU):
+.nf
+.in +5n
+host_name kerberos_realm
+domain_name kerberos_realm
+.in -5n
+.fi
+If a hostname exactly matches the 
+.I host_name
+field in a line of the first
+form, the corresponding realm is the realm of the host.
+If a hostname does not match any 
+.I host_name
+in the file, but its
+domain exactly matches the 
+.I domain_name
+field in a line of the second
+form, the corresponding realm is the realm of the host.
+.PP
+If no translation entry applies, the host's realm is considered to be
+the hostname's domain portion converted to upper case.
+.SH SEE ALSO
+krb_realmofhost(3)
diff --git a/crypto/kerberosIV/man/krb_realmofhost.3 b/crypto/kerberosIV/man/krb_realmofhost.3
new file mode 100644
index 0000000..ddbda74
--- /dev/null
+++ b/crypto/kerberosIV/man/krb_realmofhost.3
@@ -0,0 +1,160 @@
+.\" $Id: krb_realmofhost.3,v 1.2 1996/06/12 21:29:23 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KRB_REALMOFHOST 3 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+krb_realmofhost, krb_get_phost, krb_get_krbhst, krb_get_admhst,
+krb_get_lrealm \- additional Kerberos utility routines
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+#include <krb.h>
+#include <des.h>
+#include <netinet/in.h>
+.PP
+.ft B
+char *krb_realmofhost(host)
+char *host;
+.PP
+.ft B
+char *krb_get_phost(alias)
+char *alias;
+.PP
+.ft B
+krb_get_krbhst(host,realm,n)
+char *host;
+char *realm;
+int n;
+.PP
+.ft B
+krb_get_admhst(host,realm,n)
+char *host;
+char *realm;
+int n;
+.PP
+.ft B
+krb_get_lrealm(realm,n)
+char *realm;
+int n;
+.fi
+.ft R
+.SH DESCRIPTION
+.I krb_realmofhost
+returns the Kerberos realm of the host
+.IR host ,
+as determined by the translation table
+.IR /etc/krb.realms .
+.I host
+should be the fully-qualified domain-style primary host name of the host
+in question.  In order to prevent certain security attacks, this routine
+must either have 
+.I a priori
+knowledge of a host's realm, or obtain such information securely.
+.PP
+The format of the translation file is described by 
+.IR krb.realms (5).
+If
+.I host
+exactly matches a host_name line, the corresponding realm
+is returned.
+Otherwise, if the domain portion of
+.I host
+matches a domain_name line, the corresponding realm
+is returned.
+If
+.I host
+contains a domain, but no translation is found,
+.IR host 's
+domain is converted to upper-case and returned.
+If 
+.I host
+contains no discernable domain, or an error occurs,
+the local realm name, as supplied by 
+.IR krb_get_lrealm (3),
+is returned.
+.PP
+.I krb_get_phost
+converts the hostname
+.I alias
+(which can be either an official name or an alias) into the instance
+name to be used in obtaining Kerberos tickets for most services,
+including the Berkeley rcmd suite (rlogin, rcp, rsh).
+.br
+The current convention is to return the first segment of the official
+domain-style name after conversion to lower case.
+.PP
+.I krb_get_krbhst
+fills in
+.I host
+with the hostname of the
+.IR n th
+host running a Kerberos key distribution center (KDC)
+for realm
+.IR realm ,
+as specified in the configuration file (\fI/etc/krb.conf\fR).
+The configuration file is described by 
+.IR krb.conf (5).
+If the host is successfully filled in, the routine
+returns KSUCCESS.
+If the file cannot be opened, and
+.I n
+equals 1, then the value of KRB_HOST as defined in
+.I <krb.h>
+is filled in, and KSUCCESS is returned.  If there are fewer than
+.I n
+hosts running a Kerberos KDC for the requested realm, or the
+configuration file is malformed, the routine
+returns KFAILURE.
+.PP
+.I krb_get_admhst
+fills in
+.I host
+with the hostname of the
+.IR n th
+host running a Kerberos KDC database administration server
+for realm
+.IR realm ,
+as specified in the configuration file (\fI/etc/krb.conf\fR).
+If the file cannot be opened or is malformed, or there are fewer than
+.I n
+hosts running a Kerberos KDC database administration server,
+the routine returns KFAILURE.
+.PP
+The character arrays used as return values for
+.IR krb_get_krbhst ,
+.IR krb_get_admhst ,
+should be large enough to
+hold any hostname (MAXHOSTNAMELEN from <sys/param.h>).
+.PP
+.I krb_get_lrealm
+fills in
+.I realm
+with the
+.IR n th
+realm of the local host, as specified in the configuration file.
+.I realm
+should be at least REALM_SZ (from
+.IR <krb.h>) characters long.
+.PP
+.SH SEE ALSO
+kerberos(3), krb.conf(5), krb.realms(5)
+.SH FILES
+.TP 20n
+/etc/krb.realms
+translation file for host-to-realm mapping.
+.TP
+/etc/krb.conf
+local realm-name and realm/server configuration file.
+.SH BUGS
+The current convention for instance names is too limited; the full
+domain name should be used.
+.PP
+.I krb_get_lrealm
+currently only supports 
+.I n
+= 1.  It should really consult the user's ticket cache to determine the
+user's current realm, rather than consulting a file on the host.
diff --git a/crypto/kerberosIV/man/krb_sendauth.3 b/crypto/kerberosIV/man/krb_sendauth.3
new file mode 100644
index 0000000..208b6bc
--- /dev/null
+++ b/crypto/kerberosIV/man/krb_sendauth.3
@@ -0,0 +1,347 @@
+.\" $Id: krb_sendauth.3,v 1.2 1996/06/12 21:29:24 bg Exp $
+.\" Copyright 1988 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KRB_SENDAUTH 3 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+krb_sendauth, krb_recvauth, krb_net_write, krb_net_read \-
+Kerberos routines for sending authentication via network stream sockets
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+#include <krb.h>
+#include <des.h>
+#include <netinet/in.h>
+.PP
+.fi
+.HP 1i
+.ft B
+int krb_sendauth(options, fd, ktext, service, inst, realm, checksum,
+msg_data, cred, schedule, laddr, faddr, version)
+.nf
+.RS 0
+.ft B
+long options;
+int fd;
+KTEXT ktext;
+char *service, *inst, *realm;
+u_long checksum;
+MSG_DAT *msg_data;
+CREDENTIALS *cred;
+Key_schedule schedule;
+struct sockaddr_in *laddr, *faddr;
+char *version;
+.PP
+.fi
+.HP 1i
+.ft B
+int krb_recvauth(options, fd, ktext, service, inst, faddr, laddr,
+auth_data, filename, schedule, version)
+.nf
+.RS 0
+.ft B
+long options;
+int fd;
+KTEXT ktext;
+char *service, *inst;
+struct sockaddr_in *faddr, *laddr;
+AUTH_DAT *auth_data;
+char *filename;
+Key_schedule schedule;
+char *version;			
+.PP
+.ft B
+int krb_net_write(fd, buf, len)
+int fd;
+char *buf;
+int len;
+.PP
+.ft B
+int krb_net_read(fd, buf, len)
+int fd;
+char *buf;
+int len;
+.fi
+.SH DESCRIPTION
+.PP
+These functions,
+which are built on top of the core Kerberos library,
+provide a convenient means for client and server
+programs to send authentication messages
+to one another through network connections.
+The
+.I krb_sendauth
+function sends an authenticated ticket from the client program to
+the server program by writing the ticket to a network socket.
+The
+.I krb_recvauth
+function receives the ticket from the client by
+reading from a network socket.
+
+.SH KRB_SENDAUTH
+.PP
+This function writes the ticket to
+the network socket specified by the
+file descriptor
+.IR fd,
+returning KSUCCESS if the write proceeds successfully,
+and an error code if it does not.
+
+The
+.I ktext
+argument should point to an allocated KTEXT_ST structure.
+The
+.IR service,
+.IR inst,
+and
+.IR realm
+arguments specify the server program's Kerberos principal name,
+instance, and realm.
+If you are writing a client that uses the local realm exclusively,
+you can set the
+.I realm
+argument to NULL.
+
+The
+.I version
+argument allows the client program to pass an application-specific
+version string that the server program can then match against
+its own version string.
+The
+.I version
+string can be up to KSEND_VNO_LEN (see 
+.IR <krb.h> )
+characters in length.
+
+The
+.I checksum
+argument can be used to pass checksum information to the
+server program.
+The client program is responsible for specifying this information.
+This checksum information is difficult to corrupt because
+.I krb_sendauth
+passes it over the network in encrypted form.
+The
+.I checksum
+argument is passed as the checksum argument to
+.IR krb_mk_req .
+
+You can set
+.IR krb_sendauth's
+other arguments to NULL unless you want the
+client and server programs to mutually authenticate
+themselves.
+In the case of mutual authentication,
+the client authenticates itself to the server program,
+and demands that the server in turn authenticate itself to
+the client.
+
+.SH KRB_SENDAUTH AND MUTUAL AUTHENTICATION
+.PP
+If you want mutual authentication,
+make sure that you read all pending data from the local socket
+before calling
+.IR krb_sendauth.
+Set
+.IR krb_sendauth's
+.I options
+argument to
+.BR KOPT_DO_MUTUAL
+(this macro is defined in the
+.IR krb.h
+file);
+make sure that the
+.I laddr
+argument points to
+the address of the local socket,
+and that
+.I faddr
+points to the foreign socket's network address.
+
+.I Krb_sendauth
+fills in the other arguments--
+.IR msg_data ,
+.IR cred ,
+and
+.IR schedule --before
+sending the ticket to the server program.
+You must, however, allocate space for these arguments
+before calling the function.
+
+.I Krb_sendauth
+supports two other options:
+.BR KOPT_DONT_MK_REQ,
+and
+.BR KOPT_DONT_CANON.
+If called with
+.I options
+set as KOPT_DONT_MK_REQ,
+.I krb_sendauth
+will not use the
+.I krb_mk_req
+function to retrieve the ticket from the Kerberos server.
+The
+.I ktext
+argument must point to an existing ticket and authenticator (such as
+would be created by 
+.IR krb_mk_req ),
+and the
+.IR service,
+.IR inst,
+and
+.IR realm
+arguments can be set to NULL.
+
+If called with
+.I options
+set as KOPT_DONT_CANON,
+.I krb_sendauth
+will not convert the service's instance to canonical form using 
+.IR krb_get_phost (3).
+
+If you want to call
+.I krb_sendauth
+with a multiple
+.I options
+specification,
+construct
+.I options
+as a bitwise-OR of the options you want to specify.
+
+.SH KRB_RECVAUTH
+.PP
+The
+.I krb_recvauth
+function
+reads a ticket/authenticator pair from the socket pointed to by the
+.I fd
+argument.
+Set the
+.I options
+argument
+as a bitwise-OR of the options desired.
+Currently only KOPT_DO_MUTUAL is useful to the receiver.
+
+The
+.I ktext
+argument
+should point to an allocated KTEXT_ST structure.
+.I Krb_recvauth
+fills
+.I ktext
+with the
+ticket/authenticator pair read from
+.IR fd ,
+then passes it to
+.IR krb_rd_req .
+
+The
+.I service
+and
+.I inst
+arguments
+specify the expected service and instance for which the ticket was
+generated.  They are also passed to
+.IR krb_rd_req.
+The
+.I inst
+argument may be set to "*" if the caller wishes
+.I krb_mk_req
+to fill in the instance used (note that there must be space in the
+.I inst
+argument to hold a full instance name, see 
+.IR krb_mk_req (3)).
+
+The
+.I faddr
+argument
+should point to the address of the peer which is presenting the ticket.
+It is also passed to
+.IR krb_rd_req .
+
+If the client and server plan to mutually authenticate
+one another,
+the
+.I laddr
+argument
+should point to the local address of the file descriptor.
+Otherwise you can set this argument to NULL.
+
+The
+.I auth_data
+argument
+should point to an allocated AUTH_DAT area.
+It is passed to and filled in by
+.IR krb_rd_req .
+The checksum passed to the corresponding
+.I krb_sendauth
+is available as part of the filled-in AUTH_DAT area.
+
+The
+.I filename
+argument
+specifies the filename
+which the service program should use to obtain its service key.
+.I Krb_recvauth
+passes
+.I filename
+to the
+.I krb_rd_req
+function.
+If you set this argument to "",
+.I krb_rd_req
+looks for the service key in the file
+.IR /etc/srvtab.
+
+If the client and server are performing mutual authenication,
+the
+.I schedule
+argument
+should point to an allocated Key_schedule.
+Otherwise it is ignored and may be NULL.
+
+The
+.I version
+argument should point to a character array of at least KSEND_VNO_LEN
+characters.  It is filled in with the version string passed by the client to
+.IR krb_sendauth.
+.PP
+.SH KRB_NET_WRITE AND KRB_NET_READ
+.PP
+The
+.I krb_net_write
+function
+emulates the write(2) system call, but guarantees that all data
+specified is written to
+.I fd
+before returning, unless an error condition occurs.
+.PP
+The
+.I krb_net_read
+function
+emulates the read(2) system call, but guarantees that the requested
+amount of data is read from
+.I fd
+before returning, unless an error condition occurs.
+.PP
+.SH BUGS
+.IR krb_sendauth,
+.IR krb_recvauth,
+.IR krb_net_write,
+and
+.IR krb_net_read
+will not work properly on sockets set to non-blocking I/O mode.
+
+.SH SEE ALSO
+
+krb_mk_req(3), krb_rd_req(3), krb_get_phost(3)
+
+.SH AUTHOR
+John T. Kohl, MIT Project Athena
+.SH RESTRICTIONS
+Copyright 1988, Massachusetts Instititute of Technology.
+For copying and distribution information,
+please see the file <mit-copyright.h>.
diff --git a/crypto/kerberosIV/man/krb_set_tkt_string.3 b/crypto/kerberosIV/man/krb_set_tkt_string.3
new file mode 100644
index 0000000..9d94143
--- /dev/null
+++ b/crypto/kerberosIV/man/krb_set_tkt_string.3
@@ -0,0 +1,42 @@
+.\" $Id: krb_set_tkt_string.3,v 1.2 1996/06/12 21:29:24 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KRB_SET_TKT_STRING 3 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+krb_set_tkt_string \- set Kerberos ticket cache file name
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+#include <krb.h>
+.PP
+.ft B
+void krb_set_tkt_string(filename)
+char *filename;
+.fi
+.ft R
+.SH DESCRIPTION
+.I krb_set_tkt_string
+sets the name of the file that holds the user's
+cache of Kerberos server tickets and associated session keys.
+.PP
+The string 
+.I filename
+passed in is copied into local storage.
+Only MAXPATHLEN-1 (see <sys/param.h>) characters of the filename are
+copied in for use as the cache file name.
+.PP
+This routine should be called during initialization, before other
+Kerberos routines are called; otherwise the routines which fetch the
+ticket cache file name may be called and return an undesired ticket file
+name until this routine is called.
+.SH FILES
+.TP 20n
+/tmp/tkt[uid]
+default ticket file name, unless the environment variable KRBTKFILE is set.
+[uid] denotes the user's uid, in decimal.
+.SH SEE ALSO
+kerberos(3), setenv(3)
diff --git a/crypto/kerberosIV/man/ksrvtgt.1 b/crypto/kerberosIV/man/ksrvtgt.1
new file mode 100644
index 0000000..ff8563c
--- /dev/null
+++ b/crypto/kerberosIV/man/ksrvtgt.1
@@ -0,0 +1,50 @@
+.\" $Id: ksrvtgt.1,v 1.2 1996/06/12 21:29:26 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KSRVTGT 1 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+ksrvtgt \- fetch and store Kerberos ticket-granting-ticket using a
+service key
+.SH SYNOPSIS
+.B ksrvtgt
+name instance [[realm] srvtab]
+.SH DESCRIPTION
+.I ksrvtgt
+retrieves a ticket-granting ticket with a lifetime of five (5) minutes
+for the principal
+.I name.instance@realm
+(or 
+.I name.instance@localrealm
+if
+.I realm
+is not supplied on the command line), decrypts the response using
+the service key found in
+.I srvtab
+(or in 
+.B /etc/srvtab
+if
+.I srvtab
+is not specified on the command line), and stores the ticket in the
+standard ticket cache.
+.PP
+This command is intended primarily for use in shell scripts and other
+batch-type facilities.
+.SH DIAGNOSTICS
+"Generic kerberos failure (kfailure)" can indicate a whole range of
+problems, the most common of which is the inability to read the service
+key file.
+.SH FILES
+.TP 2i
+/etc/krb.conf
+to get the name of the local realm.
+.TP
+/tmp/tkt[uid]
+The default ticket file.
+.TP
+/etc/srvtab
+The default service key file.
+.SH SEE ALSO
+kerberos(1), kinit(1), kdestroy(1)
diff --git a/crypto/kerberosIV/man/ksrvutil.8 b/crypto/kerberosIV/man/ksrvutil.8
new file mode 100644
index 0000000..23db919
--- /dev/null
+++ b/crypto/kerberosIV/man/ksrvutil.8
@@ -0,0 +1,105 @@
+.\" $Id: ksrvutil.8,v 1.3 1996/06/12 21:29:27 bg Exp $
+.\" $FreeBSD$
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.Dd May 4, 1996
+.Dt KSRVUTIL 8
+.Os KTH-KRB
+
+.Sh NAME
+.Nm ksrvutil 
+host kerberos keyfile (srvtab) manipulation utility
+.Sh SYNOPSIS
+.Nm
+.Op Fl f Pa keyfile
+.Op Fl i
+.Op Fl k 
+.Op Fl p Ar principal
+.Op Fl r Ar realm
+.Ar operation
+
+.Sh DESCRIPTION
+.Nm
+allows a system manager to list or change keys currently in his
+keyfile or to add new keys to the keyfile.
+.Pp
+Operation must be one of the following:
+.Bl -tag -width indent
+.It list
+lists the keys in a keyfile showing version number and principal name.
+If the
+.Fl k
+option is given, keys will also be shown.
+.It change
+changes all the keys in the keyfile by using the regular admin
+protocol.  If the
+.Fl i
+flag is given,
+.Nm ksrvutil
+will prompt for yes or no before changing each key.  If the 
+.Fl k
+option is used, the old and new keys will be displayed.
+.It add
+allows the user to add a key.
+add
+prompts for name, instance, realm, and key version number, asks
+for confirmation, and then asks for a password.  
+.Nm
+then converts the password to a key and appends the keyfile with the
+new information.  If the
+.Fl k
+option is used, the key is displayed.
+.It get
+gets a service from the Kerberos server, possibly creating the
+principal. Names, instances and realms for the service keys to get are
+prompted for. The default principal used in the kadmin transcation is
+your root instance. This can be changed with the
+.Fl p
+option.
+.El
+.Pp
+In all cases, the default file used is KEY_FILE as defined in krb.h
+unless this is overridden by the
+.Fl f
+option.
+.Pp
+A good use for
+.Nm
+would be for adding keys to a keyfile.  A system manager could
+ask a kerberos administrator to create a new service key with 
+.Xr kadmin 8
+and could supply an initial password.  Then, he could use 
+.Nm
+to add the key to the keyfile and then to change the key so that it
+will be random and unknown to either the system manager or the
+kerberos administrator.
+
+.Nm
+always makes a backup copy of the keyfile before making any changes.
+
+.Sh DIAGNOSTICS
+If 
+.Nm
+should exit on an error condition at any time during a change or add,
+a copy of the original keyfile can be found in
+.Pa filename Ns .old
+where 
+.Pa filename
+is the name of the keyfile, and a copy of the file with all new
+keys changed or added so far can be found in 
+.Pa filename Ns .work.
+The original keyfile is left unmodified until the program exits at
+which point it is removed and replaced it with the workfile.
+Appending the workfile to the backup copy and replacing the keyfile
+with the result should always give a usable keyfile, although the
+resulting keyfile will have some out of date keys in it.
+
+.Sh SEE ALSO
+.Xr kadmin 8 ,
+.Xr ksrvtgt 1
+
+.Sh AUTHOR
+Emanuel Jay Berkenbilt, MIT Project Athena
diff --git a/crypto/kerberosIV/man/kstash.8 b/crypto/kerberosIV/man/kstash.8
new file mode 100644
index 0000000..0197a3d
--- /dev/null
+++ b/crypto/kerberosIV/man/kstash.8
@@ -0,0 +1,40 @@
+.\" $Id: kstash.8,v 1.3 1997/04/02 21:09:56 assar Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KSTASH 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kstash \- stash Kerberos key distribution center database master key
+.SH SYNOPSIS
+kstash
+.SH DESCRIPTION
+.I kstash
+saves the Kerberos key distribution center (KDC) database master key in
+the master key cache file.
+.PP
+The user is prompted to enter the key, to verify the authenticity of the
+key and the authorization to store the key in the file.
+.SH DIAGNOSTICS
+.TP 20n
+"verify_master_key: Invalid master key, does not match database."
+The master key string entered was incorrect.
+.TP
+"kstash: Unable to open master key file"
+The attempt to open the cache file for writing failed (probably due to a
+system or access permission error).
+.TP
+"kstash: Write I/O error on master key file"
+The 
+.BR write (2)
+system call returned an error while
+.I kstash
+was attempting to write the key to the file.
+.SH FILES
+.TP 20n
+/var/kerberos/principal.pag, /var/kerberos/principal.dir
+DBM files containing database
+.TP
+/.k
+Master key cache file.
diff --git a/crypto/kerberosIV/man/kuserok.3 b/crypto/kerberosIV/man/kuserok.3
new file mode 100644
index 0000000..0987308
--- /dev/null
+++ b/crypto/kerberosIV/man/kuserok.3
@@ -0,0 +1,66 @@
+.\" $Id: kuserok.3,v 1.3 1996/10/13 17:51:18 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KUSEROK 3 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kuserok \- Kerberos version of ruserok
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+#include <krb.h>
+.PP
+.ft B
+kuserok(kdata, localuser)
+AUTH_DAT *auth_data;
+char   *localuser;
+.fi
+.ft R
+.SH DESCRIPTION
+.I kuserok
+determines whether a Kerberos principal described by the structure
+.I auth_data
+is authorized to login as user
+.I localuser
+according to the authorization file
+("~\fIlocaluser\fR/.klogin" by default).  It returns 0 (zero) if authorized,
+1 (one) if not authorized.
+.PP
+If there is no account for 
+.I localuser
+on the local machine, authorization is not granted.
+If there is no authorization file, and the Kerberos principal described
+by 
+.I auth_data
+translates to 
+.I localuser
+(using 
+.IR krb_kntoln (3)),
+authorization is granted.
+If the authorization file
+can't be accessed, or the file is not owned by
+.IR localuser,
+authorization is denied.  Otherwise, the file is searched for
+a matching principal name, instance, and realm.  If a match is found,
+authorization is granted, else authorization is denied.
+.PP
+The file entries are in the format:
+.nf
+.in +5n
+	name.instance@realm
+.in -5n
+.fi
+with one entry per line.
+
+For convenience ~localuser@LOCALREALM is
+always considered to be an entry in the file even when there is no
+file or the file is unreadable.
+.SH SEE ALSO
+kerberos(3), ruserok(3), krb_kntoln(3)
+.SH FILES
+.TP 20n
+~\fIlocaluser\fR/.klogin
+authorization list
diff --git a/crypto/kerberosIV/man/login.1 b/crypto/kerberosIV/man/login.1
new file mode 100644
index 0000000..b05a6a4
--- /dev/null
+++ b/crypto/kerberosIV/man/login.1
@@ -0,0 +1,160 @@
+.\" Copyright (c) 1980, 1990, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)login.1	8.1 (Berkeley) 6/9/93
+.\"
+.Dd June 9, 1993
+.Dt LOGIN 1
+.Os BSD 4
+.Sh NAME
+.Nm login
+.Nd log into the computer
+.Sh SYNOPSIS
+.Nm login
+.Op Fl fp
+.Op Fl h Ar hostname
+.Op Ar user
+.Sh DESCRIPTION
+.Sy Note:
+this manual page describes the original login program for
+NetBSD. Everything in here might not be true.
+.Pp
+The
+.Nm login
+utility logs users (and pseudo-users) into the computer system.
+.Pp
+If no user is specified, or if a user is specified and authentication
+of the user fails,
+.Nm login
+prompts for a user name.
+Authentication of users is done via passwords.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl f
+The
+.Fl f
+option is used when a user name is specified to indicate that proper
+authentication has already been done and that no password need be
+requested.
+This option may only be used by the super-user or when an already
+logged in user is logging in as themselves.
+.It Fl h
+The
+.Fl h
+option specifies the host from which the connection was received.
+It is used by various daemons such as
+.Xr telnetd  8 .
+This option may only be used by the super-user.
+.It Fl p
+By default,
+.Nm login
+discards any previous environment.
+The
+.Fl p
+option disables this behavior.
+.El
+.Pp
+If the file
+.Pa /etc/nologin
+exists,
+.Nm login
+dislays its contents to the user and exits.
+This is used by
+.Xr shutdown  8
+to prevent users from logging in when the system is about to go down.
+.Pp
+If the file
+.Pa /etc/fbtab
+exists,
+.Nm login
+changes the protection and ownership of certain devices specified in this
+file.
+.Pp
+Immediately after logging a user in,
+.Nm login
+displays the system copyright notice, the date and time the user last
+logged in, the message of the day as well as other information.
+If the file
+.Dq Pa .hushlogin
+exists in the user's home directory, all of these messages are suppressed.
+This is to simplify logins for non-human users, such as
+.Xr uucp 1 .
+.Nm Login
+then records an entry in the
+.Xr wtmp 5
+and
+.Xr utmp 5
+files and executes the user's command interpretor.
+.Pp
+Login enters information into the environment (see
+.Xr environ 7 )
+specifying the user's home directory (HOME), command interpreter (SHELL),
+search path (PATH), terminal type (TERM) and user name (both LOGNAME and
+USER).
+.Pp
+The standard shells,
+.Xr csh 1
+and
+.Xr sh 1 ,
+do not fork before executing the
+.Nm login
+utility.
+.Sh FILES
+.Bl -tag -width /var/mail/userXXX -compact
+.It Pa /etc/fbtab
+changes device protections
+.It Pa /etc/motd
+message-of-the-day
+.It Pa /etc/nologin
+disallows logins
+.It Pa /var/run/utmp
+current logins
+.It Pa /var/log/wtmp
+login account records
+.It Pa /var/mail/user
+system mailboxes
+.It Pa \&.hushlogin
+makes login quieter
+.El
+.Sh SEE ALSO
+.Xr chpass 1 ,
+.Xr passwd 1 ,
+.Xr rlogin 1 ,
+.Xr getpass 3 ,
+.Xr fbtab 5 ,
+.Xr utmp 5 ,
+.Xr environ 7
+.Sh HISTORY
+A
+.Nm login
+appeared in
+.At v6 .
diff --git a/crypto/kerberosIV/man/login.access.5 b/crypto/kerberosIV/man/login.access.5
new file mode 100644
index 0000000..28d423c
--- /dev/null
+++ b/crypto/kerberosIV/man/login.access.5
@@ -0,0 +1,50 @@
+.\" this is comment
+.Dd April 30, 1994
+.Dt SKEY.ACCESS 5
+.Os FreeBSD 1.2
+.Sh NAME
+.Nm login.access
+.Nd Login access control table
+.Sh DESCRIPTION
+The
+.Nm login.access
+file specifies (user, host) combinations and/or (user, tty) 
+combinations for which a login will be either accepted or refused.
+.Pp
+When someone logs in, the 
+.Nm login.access
+is scanned for the first entry that
+matches the (user, host) combination, or, in case of non-networked
+logins, the first entry that matches the (user, tty) combination.  The
+permissions field of that table entry determines whether the login will 
+be accepted or refused.
+.Pp
+Each line of the login access control table has three fields separated by a
+":" character:	  permission : users : origins
+
+The first field should be a "+" (access granted) or "-" (access denied)
+character. The second field should be a list of one or more login names,
+group names, or ALL (always matches).  The third field should be a list
+of one or more tty names (for non-networked logins), host names, domain
+names (begin with "."), host addresses, internet network numbers (end
+with "."), ALL (always matches) or LOCAL (matches any string that does
+not contain a "." character). If you run NIS you can use @netgroupname
+in host or user patterns.
+
+The EXCEPT operator makes it possible to write very compact rules.
+
+The group file is searched only when a name does not match that of the
+logged-in user. Only groups are matched in which users are explicitly
+listed: the program does not look at a user's primary group id value.
+.Sh FILES
+.Bl -tag -width /etc/login.access -compact
+.It Pa /etc/login.access
+The
+.Nm login.access
+file resides in
+.Pa /etc .
+.El
+.Sh SEE ALSO
+.Xr login 1
+.Sh AUTHOR
+Guido van Rooij
diff --git a/crypto/kerberosIV/man/pagsh.1 b/crypto/kerberosIV/man/pagsh.1
new file mode 100644
index 0000000..cd95f8b
--- /dev/null
+++ b/crypto/kerberosIV/man/pagsh.1
@@ -0,0 +1,22 @@
+.\" $Id: pagsh.1,v 1.1 1996/04/27 23:03:35 d91-jda Exp $
+.\"
+.Dd April 27, 1996
+.Dt PAGSH 1
+.Os KTH-KRB
+.Sh NAME
+.Nm pagsh
+.Nd
+execute a command without authentication
+.Sh SYNOPSIS
+.Nm pagsh
+.Op Oo Fl c Oc Nm command Ar args
+.Sh DESCRIPTION
+Starts a new subprocess that is detached from any Kerberos ticket
+cache and AFS tokens. Without
+.Nm command
+a new shell is started.
+.Sh ENVIRONMENT
+.Bl -tag -width Fl
+.It Ev $SHELL
+Default shell.
+.El
diff --git a/crypto/kerberosIV/man/rcp.1 b/crypto/kerberosIV/man/rcp.1
new file mode 100644
index 0000000..cc5efd0
--- /dev/null
+++ b/crypto/kerberosIV/man/rcp.1
@@ -0,0 +1,161 @@
+.\"	$NetBSD: rcp.1,v 1.5 1995/03/21 08:19:04 cgd Exp $
+.\"
+.\" Copyright (c) 1983, 1990, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)rcp.1	8.1 (Berkeley) 5/31/93
+.\"
+.Dd May 31, 1993
+.Dt RCP 1
+.Os BSD 4.3r
+.Sh NAME
+.Nm rcp
+.Nd remote file copy
+.Sh SYNOPSIS
+.Nm rcp
+.Op Fl Kpx
+.Op Fl k Ar realm
+.Ar file1 file2
+.Nm rcp
+.Op Fl Kprx
+.Op Fl k Ar realm
+.Ar file ...
+.Ar directory
+.Sh DESCRIPTION
+.Nm Rcp
+copies files between machines.  Each
+.Ar file
+or
+.Ar directory
+argument is either a remote file name of the
+form ``rname@rhost:path'', or a local file name (containing no `:' characters,
+or a `/' before any `:'s).
+.Pp
+.Bl -tag -width flag
+.It Fl K
+The
+.Fl K
+option turns off all Kerberos authentication.
+.It Fl k
+The
+.Fl k
+option requests
+.Nm rcp
+to obtain tickets
+for the remote host in realm
+.Ar realm
+instead of the remote host's realm as determined by
+.Xr krb_realmofhost  3  .
+.It Fl p
+The
+.Fl p
+option causes
+.Nm rcp
+to attempt to preserve (duplicate) in its copies the modification
+times and modes of the source files, ignoring the
+.Ar umask  .
+By default, the mode and owner of
+.Ar file2
+are preserved if it already existed; otherwise the mode of the source file
+modified by the
+.Xr umask  2
+on the destination host is used.
+.It Fl r
+If any of the source files are directories,
+.Nm rcp
+copies each subtree rooted at that name; in this case
+the destination must be a directory.
+.It Fl x
+The
+.Fl x
+option turns on
+.Tn DES
+encryption for all data passed by
+.Nm rcp .
+This may impact response time and
+.Tn CPU
+utilization, but provides
+increased security.
+.El
+.Pp
+If
+.Ar path
+is not a full path name, it is interpreted relative to
+the login directory of the specified user
+.Ar ruser
+on
+.Ar rhost  ,
+or your current user name if no other remote user name is specified.
+A
+.Ar path
+on a remote host may be quoted (using \e, ", or \(aa)
+so that the metacharacters are interpreted remotely.
+.Pp
+.Nm Rcp
+does not prompt for passwords; it performs remote execution
+via
+.Xr rsh  1  ,
+and requires the same authorization.
+.Pp
+.Nm Rcp
+handles third party copies, where neither source nor target files
+are on the current machine.
+.Sh SEE ALSO
+.Xr cp 1 ,
+.Xr ftp 1 ,
+.Xr rsh 1 ,
+.Xr rlogin 1
+.Sh HISTORY
+The
+.Nm rcp
+command appeared in
+.Bx 4.2 .
+The version of
+.Nm rcp
+described here
+has been reimplemented with Kerberos in
+.Bx 4.3 Reno .
+.Sh BUGS
+Doesn't detect all cases where the target of a copy might
+be a file in cases where only a directory should be legal.
+.Pp
+Is confused by any output generated by commands in a
+.Pa \&.login ,
+.Pa \&.profile ,
+or
+.Pa \&.cshrc
+file on the remote host.
+.Pp
+The destination user and hostname may have to be specified as
+``rhost.rname'' when the destination machine is running the
+.Bx 4.2
+version of
+.Nm rcp  .
diff --git a/crypto/kerberosIV/man/rlogin.1 b/crypto/kerberosIV/man/rlogin.1
new file mode 100644
index 0000000..3e1fd8d
--- /dev/null
+++ b/crypto/kerberosIV/man/rlogin.1
@@ -0,0 +1,190 @@
+.\"	$NetBSD: rlogin.1,v 1.3 1995/03/21 07:58:37 cgd Exp $
+.\"
+.\" Copyright (c) 1983, 1990, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)rlogin.1	8.1 (Berkeley) 6/6/93
+.\"
+.Dd June 6, 1993
+.Dt RLOGIN 1
+.Os BSD 4.2
+.Sh NAME
+.Nm rlogin
+.Nd remote login
+.Sh SYNOPSIS
+.Ar rlogin
+.Op Fl 8EKLdx
+.Op Fl e Ar char
+.Op Fl k Ar realm
+.Op Fl l Ar username
+.Op Fl p Ar portnumber
+.Ar host
+.Sh DESCRIPTION
+.Nm Rlogin
+starts a terminal session on a remote host
+.Ar host  .
+.Pp
+.Nm Rlogin
+first attempts to use the Kerberos authorization mechanism, described below.
+If the remote host does not supporting Kerberos the standard Berkeley
+.Pa rhosts
+authorization mechanism is used.
+The options are as follows:
+.Bl -tag -width flag
+.It Fl 8
+The
+.Fl 8
+option allows an eight-bit input data path at all times; otherwise
+parity bits are stripped except when the remote side's stop and start
+characters are other than
+^S/^Q .
+.It Fl E
+The
+.Fl E
+option stops any character from being recognized as an escape character.
+When used with the
+.Fl 8
+option, this provides a completely transparent connection.
+.It Fl K
+The
+.Fl K
+option turns off all Kerberos authentication.
+.It Fl L
+The
+.Fl L
+option allows the rlogin session to be run in ``litout'' (see
+.Xr tty 4 )
+mode.
+.It Fl d
+The
+.Fl d
+option turns on socket debugging (see
+.Xr setsockopt 2 )
+on the TCP sockets used for communication with the remote host.
+.It Fl e
+The
+.Fl e
+option allows user specification of the escape character, which is
+``~'' by default.
+This specification may be as a literal character, or as an octal
+value in the form \ennn.
+.It Fl k
+The
+.FL k
+option requests rlogin to obtain tickets for the remote host
+in realm
+.Ar realm
+instead of the remote host's realm as determined by
+.Xr krb_realmofhost  3  .
+.It Fl x
+The
+.Fl x
+option turns on
+.Tn DES
+encryption for all data passed via the
+rlogin session.
+This may impact response time and
+.Tn CPU
+utilization, but provides
+increased security.
+.It Fl D
+Use the TCP nodelay option (see setsockopt(2)).
+.It Fl p portnumber
+Specifies the port number to connect to on the remote host.
+.El
+.Pp
+A line of the form ``<escape char>.'' disconnects from the remote host.
+Similarly, the line ``<escape char>^Z'' will suspend the
+.Nm rlogin
+session, and ``<escape char><delayed-suspend char>'' suspends the
+send portion of the rlogin, but allows output from the remote system.
+By default, the tilde (``~'') character is the escape character, and
+normally control-Y (``^Y'') is the delayed-suspend character.
+.Pp
+All echoing takes place at the remote site, so that (except for delays)
+the
+.Nm rlogin
+is transparent.
+Flow control via ^S/^Q and flushing of input and output on interrupts
+are handled properly.
+.Sh KERBEROS AUTHENTICATION
+Each user may have a private authorization list in the file
+.Pa .klogin
+in their home directory.
+Each line in this file should contain a Kerberos principal name of the
+form
+.Ar principal.instance@realm  .
+If the originating user is authenticated to one of the principals named
+in
+.Pa .klogin ,
+access is granted to the account.
+The principal
+.Ar accountname.@localrealm
+is granted access if
+there is no
+.Pa .klogin
+file.
+Otherwise a login and password will be prompted for on the remote machine
+as in
+.Xr login  1  .
+To avoid certain security problems, the
+.Pa .klogin
+file must be owned by
+the remote user.
+.Pp
+If Kerberos authentication fails, a warning message is printed and the
+standard Berkeley
+.Nm rlogin
+is used instead.
+.Sh ENVIRONMENT
+The following environment variable is utilized by
+.Nm rlogin :
+.Bl -tag -width TERM
+.It Ev TERM
+Determines the user's terminal type.
+.El
+.Sh SEE ALSO
+.Xr rsh 1 ,
+.Xr kerberos 3 ,
+.Xr krb_sendauth 3 ,
+.Xr krb_realmofhost 3
+.Sh HISTORY
+The
+.Nm rlogin
+command appeared in
+.Bx 4.2 .
+.Sh BUGS
+.Nm Rlogin
+will be replaced by
+.Xr telnet  1
+in the near future.
+.Pp
+More of the environment should be propagated.
diff --git a/crypto/kerberosIV/man/rlogind.8 b/crypto/kerberosIV/man/rlogind.8
new file mode 100644
index 0000000..bc99529
--- /dev/null
+++ b/crypto/kerberosIV/man/rlogind.8
@@ -0,0 +1,178 @@
+.\" Copyright (c) 1983, 1989, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)rlogind.8	8.1 (Berkeley) 6/4/93
+.\"
+.Dd August 25, 1996
+.Dt RLOGIND 8
+.Os BSD 4.2
+.Sh NAME
+.Nm rlogind
+.Nd remote login server
+.Sh SYNOPSIS
+.Nm rlogind
+.Op Fl ailnkvxD
+.Op Fl p Ar portnumber
+.Op Fl L Ar /bin/login
+.Sh DESCRIPTION
+.Nm Rlogind
+is the server for the 
+.Xr rlogin 1
+program.  The server provides a remote login facility with
+kerberos-based authentication or traditional pseudo-authentication with
+privileged port numbers from trusted hosts.
+.Pp
+Options supported by
+.Nm rlogind :
+.Bl -tag -width Ds
+.It Fl a
+No-op.  For backwards compatibility.  Hostnames are always verified.
+.It Fl l
+Prevent any authentication based on the user's
+.Dq Pa .rhosts
+file, unless the user is logging in as the superuser.
+.It Fl n
+Disable keep-alive messages.
+.It Fl k
+Enable kerberos authentication.
+.It Fl i
+Do not expect to be spawned by inetd and create a socket and listen on
+it yourself.
+.It Fl p portnumber
+Specifies the port number it should listen on in case the
+.It Fl i
+flag has been given.
+.It Fl v
+Vacuous, echo "Remote host requires Kerberos authentication" and exit.
+.It Fl x
+Provides an encrypted communications channel.  This options requires the
+.Fl k
+flag.
+.It Fl L pathname
+Specify pathname to an alternative login program.
+.It Fl D
+Use the TCP nodelay option (see setsockopt(2)).
+.El
+.Pp
+When a service request is received,
+.Nm rlogind
+verifies the kerberos ticket supplied by the user.
+.Pp
+For non-kerberised connections, the following protocol is initiated:
+.Bl -enum
+.It
+The server checks the client's source port.
+If the port is not in the range 512-1023, the server
+aborts the connection.
+.It
+The server checks the client's source address
+and requests the corresponding host name (see
+.Xr gethostbyaddr 3 ,
+.Xr hosts 5
+and
+.Xr named 8 ) .
+If the hostname cannot be determined,
+the dot-notation representation of the host address is used.
+The addresses for the hostname are requested,
+verifying that the name and address correspond.
+Normal authentication is bypassed if the address verification fails.
+.El
+.Pp
+Once the source port and address have been checked, 
+.Nm rlogind
+proceeds with the authentication process described in
+.Xr rshd 8 .
+.Pp
+It then allocates a pseudo terminal (see 
+.Xr pty 4 ) ,
+and manipulates file descriptors so that the slave
+half of the pseudo terminal becomes the 
+.Em stdin ,
+.Em stdout ,
+and
+.Em stderr
+for a login process.
+The login process is an instance of the
+.Xr login 1
+program, invoked with the
+.Fl f
+option if authentication has succeeded.
+If automatic authentication fails, the user is
+prompted to log in as if on a standard terminal line.
+.Pp
+The parent of the login process manipulates the master side of
+the pseudo terminal, operating as an intermediary
+between the login process and the client instance of the
+.Xr rlogin
+program.  In normal operation, the packet protocol described
+in
+.Xr pty 4
+is invoked to provide
+.Ql ^S/^Q
+type facilities and propagate
+interrupt signals to the remote programs.  The login process
+propagates the client terminal's baud rate and terminal type,
+as found in the environment variable,
+.Ql Ev TERM ;
+see
+.Xr environ 7 .
+The screen or window size of the terminal is requested from the client,
+and window size changes from the client are propagated to the pseudo terminal.
+.Pp
+Transport-level keepalive messages are enabled unless the
+.Fl n
+option is present.
+The use of keepalive messages allows sessions to be timed out
+if the client crashes or becomes unreachable.
+.Sh DIAGNOSTICS
+All initial diagnostic messages are indicated
+by a leading byte with a value of 1,
+after which any network connections are closed.
+If there are no errors before
+.Xr login
+is invoked, a null byte is returned as in indication of success.
+.Bl -tag -width Ds
+.It Sy Try again.
+A
+.Xr fork
+by the server failed.
+.El
+.Sh SEE ALSO
+.Xr login 1 ,
+.Xr ruserok 3 ,
+.Xr rshd 8
+.Sh BUGS
+A more extensible protocol should be used.
+.Sh HISTORY
+The
+.Nm
+command appeared in
+.Bx 4.2 .
diff --git a/crypto/kerberosIV/man/rsh.1 b/crypto/kerberosIV/man/rsh.1
new file mode 100644
index 0000000..5d79faf
--- /dev/null
+++ b/crypto/kerberosIV/man/rsh.1
@@ -0,0 +1,182 @@
+.\" Copyright (c) 1983, 1990 The Regents of the University of California.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	from: @(#)rsh.1	6.10 (Berkeley) 7/24/91
+.\"	$Id: rsh.1,v 1.1.1.1 1995/10/23 11:20:27 d91-jda Exp $
+.\"
+.Dd July 24, 1991
+.Dt RSH 1
+.Os BSD 4.2
+.Sh NAME
+.Nm rsh
+.Nd remote shell
+.Sh SYNOPSIS
+.Nm rsh
+.Op Fl Kdnx
+.Op Fl k Ar realm
+.Op Fl l Ar username
+.Ar host
+.Op command
+.Sh DESCRIPTION
+.Nm Rsh
+executes
+.Ar command
+on
+.Ar host  .
+.Pp
+.Nm Rsh
+copies its standard input to the remote command, the standard
+output of the remote command to its standard output, and the
+standard error of the remote command to its standard error.
+Interrupt, quit and terminate signals are propagated to the remote
+command;
+.Nm rsh
+normally terminates when the remote command does.
+The options are as follows:
+.Bl -tag -width flag
+.It Fl K
+The
+.Fl K
+option turns off all Kerberos authentication.
+.It Fl d
+The
+.Fl d
+option turns on socket debugging (using
+.Xr setsockopt  2  )
+on the
+.Tn TCP
+sockets used for communication with the remote host.
+.It Fl k
+The
+.Fl k
+option causes
+.Nm rsh
+to obtain tickets for the remote host in
+.Ar realm
+instead of the remote host's realm as determined by
+.Xr krb_realmofhost  3  .
+.It Fl l
+By default, the remote username is the same as the local username.
+The
+.Fl l
+option allows the remote name to be specified.
+Kerberos authentication is used, and authorization is determined
+as in
+.Xr rlogin  1  .
+.It Fl n
+The
+.Fl n
+option redirects input from the special device
+.Pa /dev/null
+(see the
+.Sx BUGS
+section of this manual page).
+.It Fl x
+The
+.Fl x
+option turns on
+.Tn DES
+encryption for all data exchange.
+This may introduce a significant delay in response time.
+.El
+.Pp
+If no
+.Ar command
+is specified, you will be logged in on the remote host using
+.Xr rlogin  1  .
+.Pp
+Shell metacharacters which are not quoted are interpreted on local machine,
+while quoted metacharacters are interpreted on the remote machine.
+For example, the command
+.Pp
+.Dl rsh otherhost cat remotefile >> localfile
+.Pp
+appends the remote file
+.Ar remotefile
+to the local file
+.Ar localfile ,
+while
+.Pp
+.Dl rsh otherhost cat remotefile \&">>\&" other_remotefile
+.Pp
+appends
+.Ar remotefile
+to
+.Ar other_remotefile .
+.\" .Pp
+.\" Many sites specify a large number of host names as commands in the
+.\" directory /usr/hosts.
+.\" If this directory is included in your search path, you can use the
+.\" shorthand ``host command'' for the longer form ``rsh host command''.
+.Sh FILES
+.Bl -tag -width /etc/hosts -compact
+.It Pa /etc/hosts
+.El
+.Sh SEE ALSO
+.Xr rlogin 1 ,
+.Xr kerberos 3 ,
+.Xr krb_sendauth 3 ,
+.Xr krb_realmofhost 3
+.Sh HISTORY
+The
+.Nm rsh
+command appeared in
+.Bx 4.2 .
+.Sh BUGS
+If you are using
+.Xr csh  1
+and put a
+.Nm rsh
+in the background without redirecting its input away from the terminal,
+it will block even if no reads are posted by the remote command.
+If no input is desired you should redirect the input of
+.Nm rsh
+to
+.Pa /dev/null
+using the
+.Fl n
+option.
+.Pp
+You cannot run an interactive command
+(like
+.Xr rogue  6
+or
+.Xr vi  1  )
+using
+.Nm rsh  ;
+use
+.Xr rlogin  1
+instead.
+.Pp
+Stop signals stop the local
+.Nm rsh
+process only; this is arguably wrong, but currently hard to fix for reasons
+too complicated to explain here.
diff --git a/crypto/kerberosIV/man/rshd.8 b/crypto/kerberosIV/man/rshd.8
new file mode 100644
index 0000000..8bd661f
--- /dev/null
+++ b/crypto/kerberosIV/man/rshd.8
@@ -0,0 +1,221 @@
+.\" Copyright (c) 1983, 1989, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)rshd.8	8.1 (Berkeley) 6/4/93
+.\"
+.Dd August 25, 1996
+.Dt RSHD 8
+.Os BSD 4.2
+.Sh NAME
+.Nm rshd
+.Nd remote shell server
+.Sh SYNOPSIS
+.Nm rshd
+.Op Fl ailnkvxLP
+.Op Fl p Ar portnumber
+.Sh DESCRIPTION
+The
+.Nm rshd
+server
+is the server for the 
+.Xr rcmd 3
+routine and, consequently, for the
+.Xr rsh 1
+program.  The server provides remote execution facilities with
+kerberos-based authentication or traditional pseudo-authentication
+with privileged port numbers from trusted hosts.
+.Pp
+The
+.Nm rshd
+server
+listens for service requests at the port indicated in
+the ``cmd'' service specification; see
+.Xr services 5 .
+When a service request is received
+.Nm rshd
+verifies the kerberos ticket supplied by the user.
+.Pp
+For non-kerberised connections, the following protocol is initiated:
+.Bl -enum
+.It
+The server checks the client's source port.
+If the port is not in the range 512-1023, the server
+aborts the connection.
+.It
+The server reads characters from the socket up
+to a null (`\e0') byte.  The resultant string is
+interpreted as an
+.Tn ASCII
+number, base 10.
+.It
+If the number received in step 2 is non-zero,
+it is interpreted as the port number of a secondary
+stream to be used for the 
+.Em stderr .
+A second connection is then created to the specified
+port on the client's machine.  The source port of this
+second connection is also in the range 512-1023.
+.It
+The server checks the client's source address
+and requests the corresponding host name (see
+.Xr gethostbyaddr 3 ,
+.Xr hosts 5
+and
+.Xr named 8 ) .
+If the hostname cannot be determined,
+the dot-notation representation of the host address is used.
+The addresses for the hostname are requested,
+verifying that the name and address correspond.
+If address verification fails, the connection is aborted
+with the message, ``Host address mismatch.''
+.It
+A null terminated user name of at most 16 characters
+is retrieved on the initial socket.  This user name
+is interpreted as the user identity on the
+.Em client Ns 's
+machine.
+.It
+A null terminated user name of at most 16 characters
+is retrieved on the initial socket.  This user name
+is interpreted as a user identity to use on the
+.Sy server Ns 's
+machine.
+.It
+A null terminated command to be passed to a
+shell is retrieved on the initial socket.  The length of
+the command is limited by the upper bound on the size of
+the system's argument list.  
+.It
+.Nm Rshd
+then validates the user using
+.Xr ruserok 3 ,
+which uses the file
+.Pa /etc/hosts.equiv
+and the
+.Pa .rhosts
+file found in the user's home directory.  The
+.Fl l
+option prevents
+.Xr ruserok 3
+from doing any validation based on the user's ``.rhosts'' file,
+unless the user is the superuser.
+.It
+If the file 
+.Pa /etc/nologin
+exists and the user is not the superuser,
+the connection is closed.
+.It
+A null byte is returned on the initial socket
+and the command line is passed to the normal login
+shell of the user.  The
+shell inherits the network connections established
+by
+.Nm rshd .
+.El
+.Pp
+Transport-level keepalive messages are enabled unless the
+.Fl n
+option is present.
+The use of keepalive messages allows sessions to be timed out
+if the client crashes or becomes unreachable.
+.Pp
+The
+.Fl L
+option causes all successful accesses to be logged to
+.Xr syslogd 8
+as
+.Li auth.info
+messages.
+.Bl -tag -width Ds
+.It Fl k
+Enable kerberos authentication.
+.It Fl i
+Do not expect to be spawned by inetd and create a socket and listen on
+it yourself.
+.It Fl p portnumber
+Specifies the port number it should listen on in case the
+.It Fl i
+flag has been given.
+.It Fl v
+Vacuous, echo "Remote host requires Kerberos authentication" and exit.
+.It Fl x
+Provides an encrypted communications channel. This option requires the
+.Fl k
+flag.
+.It Fl P
+AFS only! Doesn't put the remote proccess in a new PAG.
+.El
+.Sh DIAGNOSTICS
+Except for the last one listed below,
+all diagnostic messages
+are returned on the initial socket,
+after which any network connections are closed.
+An error is indicated by a leading byte with a value of
+1 (0 is returned in step 10 above upon successful completion
+of all the steps prior to the execution of the login shell).
+.Bl -tag -width indent
+.It Sy Locuser too long.
+The name of the user on the client's machine is
+longer than 16 characters.
+.It Sy Ruser too long.
+The name of the user on the remote machine is
+longer than 16 characters.
+.It Sy Command too long  .
+The command line passed exceeds the size of the argument
+list (as configured into the system).
+.It Sy Login incorrect.
+No password file entry for the user name existed.
+.It Sy Remote directory.
+The 
+.Xr chdir
+command to the home directory failed.
+.It Sy Permission denied.
+The authentication procedure described above failed.
+.It Sy Can't make pipe.
+The pipe needed for the 
+.Em stderr ,
+wasn't created.
+.It Sy Can't fork; try again. 
+A
+.Xr fork
+by the server failed.
+.It Sy <shellname>: ...
+The user's login shell could not be started.  This message is returned
+on the connection associated with the
+.Em stderr ,
+and is not preceded by a flag byte.
+.El
+.Sh SEE ALSO
+.Xr rsh 1 ,
+.Xr rcmd 3 ,
+.Xr ruserok 3
+.Sh BUGS
+A more extensible protocol (such as Telnet) should be used.
diff --git a/crypto/kerberosIV/man/su.1 b/crypto/kerberosIV/man/su.1
new file mode 100644
index 0000000..78d5c8d
--- /dev/null
+++ b/crypto/kerberosIV/man/su.1
@@ -0,0 +1,189 @@
+.\" Copyright (c) 1988, 1990 The Regents of the University of California.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	from: @(#)su.1	6.12 (Berkeley) 7/29/91
+.\"	$Id: su.1,v 1.3 1996/02/11 23:56:09 d91-jda Exp $
+.\"
+.Dd July 29, 1991
+.Dt SU 1
+.Os
+.Sh NAME
+.Nm su
+.Nd substitute user identity
+.Sh SYNOPSIS
+.Nm su
+.Op Fl Kflmi
+.Op Ar login Op Ar "shell arguments"
+.Sh DESCRIPTION
+.Nm Su
+requests the Kerberos password for
+.Ar login
+(or for
+.Dq Ar login Ns .root ,
+if no login is provided), and switches to
+that user and group ID after obtaining a Kerberos ticket granting ticket.
+A shell is then executed, and any additional
+.Ar "shell arguments"
+after the login name
+are passed to the shell.
+.Nm Su
+will resort to the local password file to find the password for
+.Ar login
+if there is a Kerberos error.
+If
+.Nm su
+is executed by root, no password is requested and a shell
+with the appropriate user ID is executed; no additional Kerberos tickets
+are obtained.
+.Pp
+Alternately, if the user enters the password "s/key", they will be
+authenticated using the S/Key one-time password system as described in
+.Xr skey 1 .
+S/Key is a Trademark of Bellcore.
+.Pp
+By default, the environment is unmodified with the exception of
+.Ev USER ,
+.Ev HOME ,
+and
+.Ev SHELL .
+.Ev HOME
+and
+.Ev SHELL
+are set to the target login's default values.
+.Ev USER
+is set to the target login, unless the target login has a user ID of 0,
+in which case it is unmodified.
+The invoked shell is the target login's.
+This is the traditional behavior of
+.Nm su .
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl K
+Do not attempt to use Kerberos to authenticate the user.
+.It Fl f
+If the invoked shell is
+.Xr csh 1 ,
+this option prevents it from reading the
+.Dq Pa .cshrc
+file.
+.It Fl l
+Simulate a full login.
+The environment is discarded except for
+.Ev HOME ,
+.Ev SHELL ,
+.Ev PATH ,
+.Ev TERM ,
+and
+.Ev USER .
+.Ev HOME
+and
+.Ev SHELL
+are modified as above.
+.Ev USER
+is set to the target login.
+.Ev PATH
+is set to
+.Dq Pa /bin:/usr/bin .
+.Ev TERM
+is imported from your current environment.
+The invoked shell is the target login's, and
+.Nm su
+will change directory to the target login's home directory.
+.It Fl m
+Leave the environment unmodified.
+The invoked shell is your login shell, and no directory changes are made.
+As a security precaution, if the target user's shell is a non-standard
+shell (as defined by
+.Xr getusershell 3 )
+and the caller's real uid is
+non-zero,
+.Nm su
+will fail.
+.It Fl i
+If the kerberos root instance is not root any other value can be passed
+using this switch.
+.El
+.Pp
+The
+.Fl l
+and
+.Fl m
+options are mutually exclusive; the last one specified
+overrides any previous ones.
+.Pp
+Only users mentioned in
+.Dq Pa ~root/.klogin
+(or in group 0 when not doing kerberos) can
+.Nm su
+to
+.Dq root .
+.Pp
+By default (unless the prompt is reset by a startup file) the super-user
+prompt is set to
+.Dq Sy \&#
+to remind one of its awesome power.
+.Sh SEE ALSO
+.Xr csh 1 ,
+.Xr login 1 ,
+.Xr sh 1 ,
+.Xr skey 1 ,
+.Xr kinit 1 ,
+.Xr kerberos 1 ,
+.Xr passwd 5 ,
+.Xr group 5 ,
+.Xr environ 7
+.Sh ENVIRONMENT
+Environment variables used by
+.Nm su :
+.Bl -tag -width HOME
+.It Ev HOME
+Default home directory of real user ID unless modified as
+specified above.
+.It Ev PATH
+Default search path of real user ID unless modified as specified above.
+.It Ev TERM
+Provides terminal type which may be retained for the substituted
+user ID.
+.It Ev USER
+The user ID is always the effective ID (the target user ID) after an
+.Nm su
+unless the user ID is 0 (root).
+.El
+.Sh HISTORY
+A
+.Nm
+command appeared in
+.At v7 .
+The version described
+here is an adaptation of the
+.Tn MIT
+Athena Kerberos command.
diff --git a/crypto/kerberosIV/man/telnet.1 b/crypto/kerberosIV/man/telnet.1
new file mode 100644
index 0000000..2b3198e
--- /dev/null
+++ b/crypto/kerberosIV/man/telnet.1
@@ -0,0 +1,1369 @@
+.\" Copyright (c) 1983, 1990, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)telnet.1	8.6 (Berkeley) 6/1/94
+.\"
+.Dd June 1, 1994
+.Dt TELNET 1
+.Os BSD 4.2
+.Sh NAME
+.Nm telnet
+.Nd user interface to the 
+.Tn TELNET
+protocol
+.Sh SYNOPSIS
+.Nm telnet
+.Op Fl 78EFKLacdfrx
+.Op Fl S Ar tos
+.Op Fl X Ar authtype
+.Op Fl e Ar escapechar
+.Op Fl k Ar realm
+.Op Fl l Ar user
+.Op Fl n Ar tracefile
+.Oo
+.Ar host
+.Op port
+.Oc
+.Sh DESCRIPTION
+The
+.Nm telnet
+command
+is used to communicate with another host using the 
+.Tn TELNET
+protocol.
+If
+.Nm telnet
+is invoked without the
+.Ar host
+argument, it enters command mode,
+indicated by its prompt
+.Pq Nm telnet\&> .
+In this mode, it accepts and executes the commands listed below.
+If it is invoked with arguments, it performs an
+.Ic open
+command with those arguments.
+.Pp
+Options:
+.Bl -tag -width indent
+.It Fl 8
+Specifies an 8-bit data path.  This causes an attempt to
+negotiate the
+.Dv TELNET BINARY
+option on both input and output.
+.It Fl 7
+Do not try to negotiate
+.Dv TELNET BINARY
+option.
+.It Fl E
+Stops any character from being recognized as an escape character.
+.It Fl F
+If Kerberos V5 authentication is being used, the
+.Fl F
+option allows the local credentials to be forwarded
+to the remote system, including any credentials that
+have already been forwarded into the local environment.
+.It Fl K
+Specifies no automatic login to the remote system.
+.It Fl L
+Specifies an 8-bit data path on output.  This causes the
+BINARY option to be negotiated on output.
+.It Fl S Ar tos
+Sets the IP type-of-service (TOS) option for the telnet
+connection to the value
+.Ar tos,
+which can be a numeric TOS value
+or, on systems that support it, a symbolic
+TOS name found in the /etc/iptos file.
+.It Fl X Ar atype 
+Disables the
+.Ar atype
+type of authentication.
+.It Fl a
+Attempt automatic login.
+Currently, this sends the user name via the
+.Ev USER
+variable
+of the
+.Ev ENVIRON
+option if supported by the remote system.
+The name used is that of the current user as returned by
+.Xr getlogin 2
+if it agrees with the current user ID,
+otherwise it is the name associated with the user ID.
+.It Fl c
+Disables the reading of the user's
+.Pa \&.telnetrc
+file.  (See the
+.Ic toggle skiprc
+command on this man page.)
+.It Fl d
+Sets the initial value of the
+.Ic debug
+toggle to
+.Dv TRUE
+.It Fl e Ar escape char 
+Sets the initial
+.Nm
+.Nm telnet
+escape character to
+.Ar escape char.
+If
+.Ar escape char
+is omitted, then
+there will be no escape character.
+.It Fl f
+If Kerberos V5 authentication is being used, the
+.Fl f
+option allows the local credentials to be forwarded to the remote system.
+.ne 1i
+.It Fl k Ar realm
+If Kerberos authentication is being used, the
+.Fl k
+option requests that telnet obtain tickets for the remote host in
+realm realm instead of the remote host's realm, as determined
+by
+.Xr krb_realmofhost 3 .
+.It Fl l Ar user 
+When connecting to the remote system, if the remote system
+understands the
+.Ev ENVIRON
+option, then
+.Ar user
+will be sent to the remote system as the value for the variable USER.
+This option implies the
+.Fl a
+option.
+This option may also be used with the
+.Ic open
+command.
+.It Fl n Ar tracefile 
+Opens
+.Ar tracefile
+for recording trace information.
+See the
+.Ic set tracefile
+command below.
+.It Fl r
+Specifies a user interface similar to
+.Xr rlogin 1 .
+In this
+mode, the escape character is set to the tilde (~) character,
+unless modified by the -e option.
+.It Fl x
+Turns on encryption of the data stream if possible. This is 
+currently the default and when it fails a warning is issued.
+.It Ar host
+Indicates the official name, an alias, or the Internet address
+of a remote host.
+.It Ar port
+Indicates a port number (address of an application).  If a number is
+not specified, the default
+.Nm telnet
+port is used.
+.El
+.Pp
+When in rlogin mode, a line of the form ~.  disconnects from the
+remote host; ~ is the telnet escape character.
+Similarly, the line ~^Z suspends the telnet session.
+The line ~^] escapes to the normal telnet escape prompt.
+.Pp
+Once a connection has been opened,
+.Nm telnet
+will attempt to enable the
+.Dv TELNET LINEMODE
+option.
+If this fails, then
+.Nm telnet
+will revert to one of two input modes:
+either \*(Lqcharacter at a time\*(Rq
+or \*(Lqold line by line\*(Rq
+depending on what the remote system supports.
+.Pp
+When 
+.Dv LINEMODE
+is enabled, character processing is done on the
+local system, under the control of the remote system.  When input
+editing or character echoing is to be disabled, the remote system
+will relay that information.  The remote system will also relay
+changes to any special characters that happen on the remote
+system, so that they can take effect on the local system.
+.Pp
+In \*(Lqcharacter at a time\*(Rq mode, most
+text typed is immediately sent to the remote host for processing.
+.Pp
+In \*(Lqold line by line\*(Rq mode, all text is echoed locally,
+and (normally) only completed lines are sent to the remote host.
+The \*(Lqlocal echo character\*(Rq (initially \*(Lq^E\*(Rq) may be used
+to turn off and on the local echo
+(this would mostly be used to enter passwords
+without the password being echoed).
+.Pp
+If the 
+.Dv LINEMODE
+option is enabled, or if the
+.Ic localchars
+toggle is
+.Dv TRUE
+(the default for \*(Lqold line by line\*(Lq; see below),
+the user's
+.Ic quit  ,
+.Ic intr ,
+and
+.Ic flush
+characters are trapped locally, and sent as
+.Tn TELNET
+protocol sequences to the remote side.
+If 
+.Dv LINEMODE
+has ever been enabled, then the user's
+.Ic susp
+and
+.Ic eof
+are also sent as
+.Tn TELNET
+protocol sequences,
+and
+.Ic quit
+is sent as a 
+.Dv TELNET ABORT
+instead of 
+.Dv BREAK
+There are options (see
+.Ic toggle
+.Ic autoflush
+and
+.Ic toggle
+.Ic autosynch
+below)
+which cause this action to flush subsequent output to the terminal
+(until the remote host acknowledges the
+.Tn TELNET
+sequence) and flush previous terminal input
+(in the case of
+.Ic quit
+and
+.Ic intr  ) .
+.Pp
+While connected to a remote host,
+.Nm telnet
+command mode may be entered by typing the
+.Nm telnet
+\*(Lqescape character\*(Rq (initially \*(Lq^]\*(Rq).
+When in command mode, the normal terminal editing conventions are available.
+.Pp
+The following
+.Nm telnet
+commands are available.
+Only enough of each command to uniquely identify it need be typed
+(this is also true for arguments to the
+.Ic mode  ,
+.Ic set ,
+.Ic toggle  ,
+.Ic unset ,
+.Ic slc  ,
+.Ic environ ,
+and
+.Ic display
+commands).
+.Pp
+.Bl -tag -width "mode type"
+.It Ic auth Ar argument ... 
+The auth command manipulates the information sent through the
+.Dv TELNET AUTHENTICATE
+option.  Valid arguments for the
+auth command are as follows:
+.Bl -tag -width "disable type"
+.It Ic disable Ar type
+Disables the specified type of authentication.  To
+obtain a list of available types, use the
+.Ic auth disable \&?
+command.
+.It Ic enable Ar type
+Enables the specified type of authentication.  To
+obtain a list of available types, use the
+.Ic auth enable \&?
+command.
+.It Ic status
+Lists the current status of the various types of
+authentication.
+.El
+.It Ic close
+Close a
+.Tn TELNET
+session and return to command mode.
+.It Ic display Ar argument ... 
+Displays all, or some, of the
+.Ic set
+and
+.Ic toggle
+values (see below).
+.It Ic encrypt Ar argument ...
+The encrypt command manipulates the information sent through the
+.Dv TELNET ENCRYPT
+option.
+.Pp
+Note:  Because of export controls, the
+.Dv TELNET ENCRYPT
+option is not supported outside of the United States and Canada.
+.Pp
+Valid arguments for the encrypt command are as follows:
+.Bl -tag -width Ar
+.It Ic disable Ar type Ic [input|output]
+Disables the specified type of encryption.  If you
+omit the input and output, both input and output
+are disabled.  To obtain a list of available
+types, use the
+.Ic encrypt disable \&?
+command.
+.It Ic enable Ar type Ic [input|output]
+Enables the specified type of encryption.  If you
+omit input and output, both input and output are
+enabled.  To obtain a list of available types, use the
+.Ic encrypt enable \&?
+command.
+.It Ic input
+This is the same as the
+.Ic encrypt start input
+command.
+.It Ic -input
+This is the same as the
+.Ic encrypt stop input
+command.
+.It Ic output
+This is the same as the
+.Ic encrypt start output
+command.
+.It Ic -output
+This is the same as the
+.Ic encrypt stop output
+command.
+.It Ic start Ic [input|output]
+Attempts to start encryption.  If you omit
+.Ic input
+and
+.Ic output,
+both input and output are enabled.  To
+obtain a list of available types, use the
+.Ic encrypt enable \&?
+command.
+.It Ic status
+Lists the current status of encryption.
+.It Ic stop Ic [input|output]
+Stops encryption.  If you omit input and output,
+encryption is on both input and output.
+.It Ic type Ar type
+Sets the default type of encryption to be used
+with later
+.Ic encrypt start
+or
+.Ic encrypt stop
+commands.
+.El
+.It Ic environ Ar arguments... 
+The
+.Ic environ
+command is used to manipulate the
+the variables that my be sent through the
+.Dv TELNET ENVIRON
+option.
+The initial set of variables is taken from the users
+environment, with only the
+.Ev DISPLAY
+and
+.Ev PRINTER
+variables being exported by default.
+The
+.Ev USER
+variable is also exported if the
+.Fl a
+or
+.Fl l
+options are used.
+.br
+Valid arguments for the
+.Ic environ
+command are:
+.Bl -tag -width Fl
+.It Ic define Ar variable value 
+Define the variable
+.Ar variable
+to have a value of
+.Ar value.
+Any variables defined by this command are automatically exported.
+The
+.Ar value
+may be enclosed in single or double quotes so
+that tabs and spaces may be included.
+.It Ic undefine Ar variable 
+Remove
+.Ar variable
+from the list of environment variables.
+.It Ic export Ar variable 
+Mark the variable
+.Ar variable
+to be exported to the remote side.
+.It Ic unexport Ar variable 
+Mark the variable
+.Ar variable
+to not be exported unless
+explicitly asked for by the remote side.
+.It Ic list
+List the current set of environment variables.
+Those marked with a
+.Cm *
+will be sent automatically,
+other variables will only be sent if explicitly requested.
+.It Ic \&?
+Prints out help information for the
+.Ic environ
+command.
+.El
+.It Ic logout
+Sends the
+.Dv TELNET LOGOUT
+option to the remote side.
+This command is similar to a
+.Ic close
+command; however, if the remote side does not support the
+.Dv LOGOUT
+option, nothing happens.
+If, however, the remote side does support the
+.Dv LOGOUT
+option, this command should cause the remote side to close the
+.Tn TELNET
+connection.
+If the remote side also supports the concept of
+suspending a user's session for later reattachment,
+the logout argument indicates that you
+should terminate the session immediately.
+.It Ic mode Ar type 
+.Ar Type
+is one of several options, depending on the state of the
+.Tn TELNET
+session.
+The remote host is asked for permission to go into the requested mode.
+If the remote host is capable of entering that mode, the requested
+mode will be entered.
+.Bl -tag -width Ar
+.It Ic character
+Disable the
+.Dv TELNET LINEMODE
+option, or, if the remote side does not understand the
+.Dv LINEMODE
+option, then enter \*(Lqcharacter at a time\*(Lq mode.
+.It Ic line
+Enable the
+.Dv TELNET LINEMODE
+option, or, if the remote side does not understand the
+.Dv LINEMODE
+option, then attempt to enter \*(Lqold-line-by-line\*(Lq mode.
+.It Ic isig Pq Ic \-isig 
+Attempt to enable (disable) the 
+.Dv TRAPSIG
+mode of the 
+.Dv LINEMODE
+option.
+This requires that the 
+.Dv LINEMODE
+option be enabled.
+.It Ic edit Pq Ic \-edit 
+Attempt to enable (disable) the 
+.Dv EDIT
+mode of the 
+.Dv LINEMODE
+option.
+This requires that the 
+.Dv LINEMODE
+option be enabled.
+.It Ic softtabs Pq Ic \-softtabs 
+Attempt to enable (disable) the 
+.Dv SOFT_TAB
+mode of the 
+.Dv LINEMODE
+option.
+This requires that the 
+.Dv LINEMODE
+option be enabled.
+.ne 1i
+.It Ic litecho Pq Ic \-litecho 
+Attempt to enable (disable) the 
+.Dv LIT_ECHO
+mode of the 
+.Dv LINEMODE
+option.
+This requires that the 
+.Dv LINEMODE
+option be enabled.
+.It Ic \&?
+Prints out help information for the
+.Ic mode
+command.
+.El
+.It Xo
+.Ic open Ar host
+.Oo Op Fl l
+.Ar user
+.Oc Ns Oo Fl
+.Ar port Oc
+.Xc
+Open a connection to the named host.
+If no port number
+is specified,
+.Nm telnet
+will attempt to contact a
+.Tn TELNET
+server at the default port.
+The host specification may be either a host name (see
+.Xr hosts  5  )
+or an Internet address specified in the \*(Lqdot notation\*(Rq (see
+.Xr inet 3 ) .
+The
+.Op Fl l
+option may be used to specify the user name
+to be passed to the remote system via the
+.Ev ENVIRON
+option.
+When connecting to a non-standard port,
+.Nm telnet
+omits any automatic initiation of
+.Tn TELNET
+options.  When the port number is preceded by a minus sign,
+the initial option negotiation is done.
+After establishing a connection, the file
+.Pa \&.telnetrc
+in the
+users home directory is opened.  Lines beginning with a # are
+comment lines.  Blank lines are ignored.  Lines that begin
+without white space are the start of a machine entry.  The
+first thing on the line is the name of the machine that is
+being connected to.  The rest of the line, and successive
+lines that begin with white space are assumed to be
+.Nm telnet
+commands and are processed as if they had been typed
+in manually to the
+.Nm telnet
+command prompt.
+.It Ic quit
+Close any open
+.Tn TELNET
+session and exit
+.Nm telnet  .
+An end of file (in command mode) will also close a session and exit.
+.It Ic send Ar arguments 
+Sends one or more special character sequences to the remote host.
+The following are the arguments which may be specified
+(more than one argument may be specified at a time):
+.Pp
+.Bl -tag -width escape
+.It Ic abort
+Sends the
+.Dv TELNET ABORT
+(Abort
+processes)
+sequence.
+.It Ic ao
+Sends the
+.Dv TELNET AO
+(Abort Output) sequence, which should cause the remote system to flush
+all output
+.Em from
+the remote system
+.Em to
+the user's terminal.
+.It Ic ayt
+Sends the
+.Dv TELNET AYT
+(Are You There)
+sequence, to which the remote system may or may not choose to respond.
+.It Ic brk
+Sends the
+.Dv TELNET BRK
+(Break) sequence, which may have significance to the remote
+system.
+.It Ic ec
+Sends the
+.Dv TELNET EC
+(Erase Character)
+sequence, which should cause the remote system to erase the last character
+entered.
+.It Ic el
+Sends the
+.Dv TELNET EL
+(Erase Line)
+sequence, which should cause the remote system to erase the line currently
+being entered.
+.It Ic eof
+Sends the
+.Dv TELNET EOF
+(End Of File)
+sequence.
+.It Ic eor
+Sends the
+.Dv TELNET EOR
+(End of Record)
+sequence.
+.It Ic escape
+Sends the current
+.Nm telnet
+escape character (initially \*(Lq^\*(Rq).
+.It Ic ga
+Sends the
+.Dv TELNET GA
+(Go Ahead)
+sequence, which likely has no significance to the remote system.
+.It Ic getstatus
+If the remote side supports the
+.Dv TELNET STATUS
+command,
+.Ic getstatus
+will send the subnegotiation to request that the server send
+its current option status.
+.ne 1i
+.It Ic ip
+Sends the
+.Dv TELNET IP
+(Interrupt Process) sequence, which should cause the remote
+system to abort the currently running process.
+.It Ic nop
+Sends the
+.Dv TELNET NOP
+(No OPeration)
+sequence.
+.It Ic susp
+Sends the
+.Dv TELNET SUSP
+(SUSPend process)
+sequence.
+.It Ic synch
+Sends the
+.Dv TELNET SYNCH
+sequence.
+This sequence causes the remote system to discard all previously typed
+(but not yet read) input.
+This sequence is sent as
+.Tn TCP
+urgent
+data (and may not work if the remote system is a
+.Bx 4.2
+system -- if
+it doesn't work, a lower case \*(Lqr\*(Rq may be echoed on the terminal).
+.It Ic do Ar cmd
+.It Ic dont Ar cmd
+.It Ic will Ar cmd
+.It Ic wont Ar cmd
+Sends the
+.Dv TELNET DO
+.Ar cmd
+sequence.
+.Ar Cmd
+can be either a decimal number between 0 and 255,
+or a symbolic name for a specific
+.Dv TELNET
+command.
+.Ar Cmd
+can also be either
+.Ic help
+or
+.Ic \&?
+to print out help information, including
+a list of known symbolic names.
+.It Ic \&?
+Prints out help information for the
+.Ic send
+command.
+.El
+.It Ic set Ar argument value 
+.It Ic unset Ar argument value 
+The
+.Ic set
+command will set any one of a number of
+.Nm telnet
+variables to a specific value or to
+.Dv TRUE .
+The special value
+.Ic off
+turns off the function associated with
+the variable, this is equivalent to using the
+.Ic unset
+command.
+The
+.Ic unset
+command will disable or set to
+.Dv FALSE
+any of the specified functions.
+The values of variables may be interrogated with the
+.Ic display
+command.
+The variables which may be set or unset, but not toggled, are
+listed here.  In addition, any of the variables for the
+.Ic toggle
+command may be explicitly set or unset using
+the
+.Ic set
+and
+.Ic unset
+commands.
+.Bl -tag -width escape
+.It Ic ayt
+If
+.Tn TELNET
+is in localchars mode, or
+.Dv LINEMODE
+is enabled, and the status character is typed, a
+.Dv TELNET AYT
+sequence (see
+.Ic send ayt
+preceding) is sent to the
+remote host.  The initial value for the "Are You There"
+character is the terminal's status character.
+.It Ic echo
+This is the value (initially \*(Lq^E\*(Rq) which, when in
+\*(Lqline by line\*(Rq mode, toggles between doing local echoing
+of entered characters (for normal processing), and suppressing
+echoing of entered characters (for entering, say, a password).
+.It Ic eof
+If
+.Nm telnet
+is operating in
+.Dv LINEMODE
+or \*(Lqold line by line\*(Rq mode, entering this character
+as the first character on a line will cause this character to be
+sent to the remote system.
+The initial value of the eof character is taken to be the terminal's
+.Ic eof
+character.
+.It Ic erase
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below),
+.Sy and
+if
+.Nm telnet
+is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
+character is typed, a
+.Dv TELNET EC
+sequence (see
+.Ic send
+.Ic ec
+above)
+is sent to the remote system.
+The initial value for the erase character is taken to be
+the terminal's
+.Ic erase
+character.
+.It Ic escape
+This is the
+.Nm telnet
+escape character (initially \*(Lq^[\*(Rq) which causes entry
+into
+.Nm telnet
+command mode (when connected to a remote system).
+.It Ic flushoutput
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below)
+and the
+.Ic flushoutput
+character is typed, a
+.Dv TELNET AO
+sequence (see
+.Ic send
+.Ic ao
+above)
+is sent to the remote host.
+The initial value for the flush character is taken to be
+the terminal's
+.Ic flush
+character.
+.It Ic forw1
+.It Ic forw2
+If
+.Tn TELNET
+is operating in
+.Dv LINEMODE ,
+these are the
+characters that, when typed, cause partial lines to be
+forwarded to the remote system.  The initial value for
+the forwarding characters are taken from the terminal's
+eol and eol2 characters.
+.It Ic interrupt
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below)
+and the
+.Ic interrupt
+character is typed, a
+.Dv TELNET IP
+sequence (see
+.Ic send
+.Ic ip
+above)
+is sent to the remote host.
+The initial value for the interrupt character is taken to be
+the terminal's
+.Ic intr
+character.
+.It Ic kill
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below),
+.Ic and
+if
+.Nm telnet
+is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
+character is typed, a
+.Dv TELNET EL
+sequence (see
+.Ic send
+.Ic el
+above)
+is sent to the remote system.
+The initial value for the kill character is taken to be
+the terminal's
+.Ic kill
+character.
+.It Ic lnext
+If
+.Nm telnet
+is operating in
+.Dv LINEMODE
+or \*(Lqold line by line\*(Lq mode, then this character is taken to
+be the terminal's
+.Ic lnext
+character.
+The initial value for the lnext character is taken to be
+the terminal's
+.Ic lnext
+character.
+.It Ic quit
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below)
+and the
+.Ic quit
+character is typed, a
+.Dv TELNET BRK
+sequence (see
+.Ic send
+.Ic brk
+above)
+is sent to the remote host.
+The initial value for the quit character is taken to be
+the terminal's
+.Ic quit
+character.
+.It Ic reprint
+If
+.Nm telnet
+is operating in
+.Dv LINEMODE
+or \*(Lqold line by line\*(Lq mode, then this character is taken to
+be the terminal's
+.Ic reprint
+character.
+The initial value for the reprint character is taken to be
+the terminal's
+.Ic reprint
+character.
+.It Ic rlogin
+This is the rlogin escape character.
+If set, the normal
+.Tn TELNET
+escape character is ignored unless it is
+preceded by this character at the beginning of a line.
+This character, at the beginning of a line followed by
+a "."  closes the connection; when followed by a ^Z it
+suspends the telnet command.  The initial state is to
+disable the rlogin escape character.
+.It Ic start
+If the
+.Dv TELNET TOGGLE-FLOW-CONTROL
+option has been enabled,
+then this character is taken to
+be the terminal's
+.Ic start
+character.
+The initial value for the kill character is taken to be
+the terminal's
+.Ic start
+character.
+.It Ic stop
+If the
+.Dv TELNET TOGGLE-FLOW-CONTROL
+option has been enabled,
+then this character is taken to
+be the terminal's
+.Ic stop
+character.
+The initial value for the kill character is taken to be
+the terminal's
+.Ic stop
+character.
+.It Ic susp
+If
+.Nm telnet
+is in
+.Ic localchars
+mode, or
+.Dv LINEMODE
+is enabled, and the
+.Ic suspend
+character is typed, a
+.Dv TELNET SUSP
+sequence (see
+.Ic send
+.Ic susp
+above)
+is sent to the remote host.
+The initial value for the suspend character is taken to be
+the terminal's
+.Ic suspend
+character.
+.ne 1i
+.It Ic tracefile
+This is the file to which the output, caused by
+.Ic netdata
+or
+.Ic option
+tracing being
+.Dv TRUE ,
+will be written.  If it is set to
+.Dq Fl ,
+then tracing information will be written to standard output (the default).
+.It Ic worderase
+If
+.Nm telnet
+is operating in
+.Dv LINEMODE
+or \*(Lqold line by line\*(Lq mode, then this character is taken to
+be the terminal's
+.Ic worderase
+character.
+The initial value for the worderase character is taken to be
+the terminal's
+.Ic worderase
+character.
+.It Ic \&?
+Displays the legal
+.Ic set
+.Pq Ic unset
+commands.
+.El
+.It Ic slc Ar state 
+The
+.Ic slc
+command (Set Local Characters) is used to set
+or change the state of the the special
+characters when the 
+.Dv TELNET LINEMODE
+option has
+been enabled.  Special characters are characters that get
+mapped to 
+.Tn TELNET
+commands sequences (like
+.Ic ip
+or
+.Ic quit  )
+or line editing characters (like
+.Ic erase
+and
+.Ic kill  ) .
+By default, the local special characters are exported.
+.Bl -tag -width Fl
+.It Ic check
+Verify the current settings for the current special characters.
+The remote side is requested to send all the current special
+character settings, and if there are any discrepancies with
+the local side, the local side will switch to the remote value.
+.It Ic export
+Switch to the local defaults for the special characters.  The
+local default characters are those of the local terminal at
+the time when
+.Nm telnet
+was started.
+.It Ic import
+Switch to the remote defaults for the special characters.
+The remote default characters are those of the remote system
+at the time when the 
+.Tn TELNET
+connection was established.
+.It Ic \&?
+Prints out help information for the
+.Ic slc
+command.
+.El
+.It Ic status
+Show the current status of
+.Nm telnet  .
+This includes the peer one is connected to, as well
+as the current mode.
+.It Ic toggle Ar arguments ... 
+Toggle (between
+.Dv TRUE
+and
+.Dv FALSE )
+various flags that control how
+.Nm telnet
+responds to events.
+These flags may be set explicitly to
+.Dv TRUE
+or
+.Dv FALSE
+using the
+.Ic set
+and
+.Ic unset
+commands listed above.
+More than one argument may be specified.
+The state of these flags may be interrogated with the
+.Ic display
+command.
+Valid arguments are:
+.Bl -tag -width Ar
+.It Ic authdebug
+Turns on debugging information for the authentication code.
+.It Ic autoflush
+If
+.Ic autoflush
+and
+.Ic localchars
+are both
+.Dv TRUE ,
+then when the
+.Ic ao  ,
+or
+.Ic quit
+characters are recognized (and transformed into
+.Tn TELNET
+sequences; see
+.Ic set
+above for details),
+.Nm telnet
+refuses to display any data on the user's terminal
+until the remote system acknowledges (via a
+.Dv TELNET TIMING MARK
+option)
+that it has processed those
+.Tn TELNET
+sequences.
+The initial value for this toggle is
+.Dv TRUE
+if the terminal user had not
+done an "stty noflsh", otherwise
+.Dv FALSE
+(see
+.Xr stty  1  ) .
+.It Ic autodecrypt
+When the
+.Dv TELNET ENCRYPT
+option is negotiated, by
+default the actual encryption (decryption) of the data
+stream does not start automatically.  The autoencrypt
+(autodecrypt) command states that encryption of the
+output (input) stream should be enabled as soon as
+possible.
+.sp
+.Pp
+Note:  Because of export controls, the
+.Dv TELNET ENCRYPT
+option is not supported outside the United States and Canada.
+.It Ic autologin
+If the remote side supports the
+.Dv TELNET AUTHENTICATION
+option
+.Tn TELNET
+attempts to use it to perform automatic authentication.  If the
+.Dv AUTHENTICATION
+option is not supported, the user's login
+name are propagated through the
+.Dv TELNET ENVIRON
+option.
+This command is the same as specifying
+.Ar a
+option on the
+.Ic open
+command.
+.It Ic autosynch
+If
+.Ic autosynch
+and
+.Ic localchars
+are both
+.Dv TRUE ,
+then when either the
+.Ic intr
+or
+.Ic quit
+characters is typed (see
+.Ic set
+above for descriptions of the
+.Ic intr
+and
+.Ic quit
+characters), the resulting
+.Tn TELNET
+sequence sent is followed by the
+.Dv TELNET SYNCH
+sequence.
+This procedure
+.Ic should
+cause the remote system to begin throwing away all previously
+typed input until both of the
+.Tn TELNET
+sequences have been read and acted upon.
+The initial value of this toggle is
+.Dv FALSE .
+.It Ic binary
+Enable or disable the
+.Dv TELNET BINARY
+option on both input and output.
+.It Ic inbinary
+Enable or disable the
+.Dv TELNET BINARY
+option on input.
+.It Ic outbinary
+Enable or disable the
+.Dv TELNET BINARY
+option on output.
+.It Ic crlf
+If this is
+.Dv TRUE ,
+then carriage returns will be sent as
+.Li <CR><LF> .
+If this is
+.Dv FALSE ,
+then carriage returns will be send as
+.Li <CR><NUL> .
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic crmod
+Toggle carriage return mode.
+When this mode is enabled, most carriage return characters received from
+the remote host will be mapped into a carriage return followed by
+a line feed.
+This mode does not affect those characters typed by the user, only
+those received from the remote host.
+This mode is not very useful unless the remote host
+only sends carriage return, but never line feed.
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic debug
+Toggles socket level debugging (useful only to the
+.Ic super user  ) .
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic encdebug
+Turns on debugging information for the encryption code.
+.It Ic localchars
+If this is
+.Dv TRUE ,
+then the
+.Ic flush  ,
+.Ic interrupt ,
+.Ic quit  ,
+.Ic erase ,
+and
+.Ic kill
+characters (see
+.Ic set
+above) are recognized locally, and transformed into (hopefully) appropriate
+.Tn TELNET
+control sequences
+(respectively
+.Ic ao  ,
+.Ic ip ,
+.Ic brk  ,
+.Ic ec ,
+and
+.Ic el  ;
+see
+.Ic send
+above).
+The initial value for this toggle is
+.Dv TRUE
+in \*(Lqold line by line\*(Rq mode,
+and
+.Dv FALSE
+in \*(Lqcharacter at a time\*(Rq mode.
+When the
+.Dv LINEMODE
+option is enabled, the value of
+.Ic localchars
+is ignored, and assumed to always be
+.Dv TRUE .
+If
+.Dv LINEMODE
+has ever been enabled, then
+.Ic quit
+is sent as
+.Ic abort  ,
+and
+.Ic eof and
+.B suspend
+are sent as
+.Ic eof and
+.Ic susp ,
+see
+.Ic send
+above).
+.It Ic netdata
+Toggles the display of all network data (in hexadecimal format).
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic options
+Toggles the display of some internal
+.Nm telnet
+protocol processing (having to do with
+.Tn TELNET
+options).
+The initial value for this toggle is
+.Dv FALSE .
+.ne 1i
+.It Ic prettydump
+When the
+.Ic netdata
+toggle is enabled, if
+.Ic prettydump
+is enabled the output from the
+.Ic netdata
+command will be formatted in a more user readable format.
+Spaces are put between each character in the output, and the
+beginning of any
+.Tn TELNET
+escape sequence is preceded by a '*' to aid in locating them.
+.It Ic skiprc
+When the skiprc toggle is
+.Dv TRUE ,
+.Tn TELNET
+skips the reading of the
+.Pa \&.telnetrc
+file in the users home
+directory when connections are opened.  The initial
+value for this toggle is
+.Dv FALSE.
+.It Ic termdata
+Toggles the display of all terminal data (in hexadecimal format).
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic verbose_encrypt
+When the
+.Ic verbose_encrypt
+toggle is
+.Dv TRUE ,
+.Tn TELNET
+prints out a message each time encryption is enabled or
+disabled.  The initial value for this toggle is
+.Dv FALSE.
+Note:  Because of export controls, data encryption
+is not supported outside of the United States and Canada.
+.It Ic \&?
+Displays the legal
+.Ic toggle
+commands.
+.El
+.It Ic z
+Suspend
+.Nm telnet  .
+This command only works when the user is using the
+.Xr csh  1  .
+.It Ic \&! Op Ar command 
+Execute a single command in a subshell on the local
+system.  If
+.Ic command
+is omitted, then an interactive
+subshell is invoked.
+.It Ic \&? Op Ar command 
+Get help.  With no arguments,
+.Nm telnet
+prints a help summary.
+If a command is specified,
+.Nm telnet
+will print the help information for just that command.
+.El
+.Sh ENVIRONMENT
+.Nm Telnet
+uses at least the
+.Ev HOME ,
+.Ev SHELL ,
+.Ev DISPLAY ,
+and
+.Ev TERM
+environment variables.
+Other environment variables may be propagated
+to the other side via the
+.Dv TELNET ENVIRON
+option.
+.Sh FILES
+.Bl -tag -width ~/.telnetrc -compact
+.It Pa ~/.telnetrc
+user customized telnet startup values
+.El
+.Sh HISTORY
+The
+.Nm Telnet
+command appeared in
+.Bx 4.2 .
+.Sh NOTES
+.Pp
+On some remote systems, echo has to be turned off manually when in
+\*(Lqold line by line\*(Rq mode.
+.Pp
+In \*(Lqold line by line\*(Rq mode or 
+.Dv LINEMODE
+the terminal's
+.Ic eof
+character is only recognized (and sent to the remote system)
+when it is the first character on a line.
diff --git a/crypto/kerberosIV/man/telnetd.8 b/crypto/kerberosIV/man/telnetd.8
new file mode 100644
index 0000000..b26d8dd
--- /dev/null
+++ b/crypto/kerberosIV/man/telnetd.8
@@ -0,0 +1,527 @@
+.\" Copyright (c) 1983, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)telnetd.8	8.4 (Berkeley) 6/1/94
+.\"
+.Dd June 1, 1994
+.Dt TELNETD 8
+.Os BSD 4.2
+.Sh NAME
+.Nm telnetd
+.Nd DARPA
+.Tn TELNET
+protocol server
+.Sh SYNOPSIS
+.Nm telnetd
+.Op Fl BUhkln
+.Op Fl D Ar debugmode
+.Op Fl S Ar tos
+.Op Fl X Ar authtype
+.Op Fl a Ar authmode
+.Op Fl r Ns Ar lowpty-highpty
+.Op Fl u Ar len
+.Op Fl debug
+.Op Fl L Ar /bin/login
+.Op Ar port
+.Sh DESCRIPTION
+The
+.Nm telnetd
+command is a server which supports the
+.Tn DARPA
+standard
+.Tn TELNET
+virtual terminal protocol.
+.Nm Telnetd
+is normally invoked by the internet server (see
+.Xr inetd 8 )
+for requests to connect to the
+.Tn TELNET
+port as indicated by the
+.Pa /etc/services
+file (see
+.Xr services 5 ) .
+The
+.Fl debug
+option may be used to start up
+.Nm telnetd
+manually, instead of through
+.Xr inetd 8 .
+If started up this way, 
+.Ar port
+may be specified to run
+.Nm telnetd
+on an alternate
+.Tn TCP
+port number.
+.Pp
+The
+.Nm telnetd
+command accepts the following options:
+.Bl -tag -width "-a authmode"
+.It Fl a Ar authmode
+This option may be used for specifying what mode should
+be used for authentication.
+Note that this option is only useful if
+.Nm telnetd
+has been compiled with support for the
+.Dv AUTHENTICATION
+option.
+There are several valid values for
+.Ar authmode:
+.Bl -tag -width debug
+.It debug
+Turns on authentication debugging code.
+.It user
+Only allow connections when the remote user
+can provide valid authentication information
+to identify the remote user,
+and is allowed access to the specified account
+without providing a password.
+.It valid
+Only allow connections when the remote user
+can provide valid authentication information
+to identify the remote user.
+The
+.Xr login 1
+command will provide any additional user verification
+needed if the remote user is not allowed automatic
+access to the specified account.
+.It other
+Only allow connections that supply some authentication information.
+This option is currently not supported
+by any of the existing authentication mechanisms,
+and is thus the same as specifying
+.Fl a
+.Cm valid .
+.It otp
+Only allow authenticated connections (as with
+.Fl a
+.Cm user )
+and also logins with one-time passwords (OTPs).  This option will call
+login with an option so that only OTPs are accepted.  The user can of
+course still type secret information at the prompt.
+.It none
+This is the default state.
+Authentication information is not required.
+If no or insufficient authentication information
+is provided, then the
+.Xr login 1
+program will provide the necessary user
+verification.
+.It off
+This disables the authentication code.
+All user verification will happen through the
+.Xr login 1
+program.
+.El
+.It Fl B
+Ignored.
+.It Fl D Ar debugmode
+This option may be used for debugging purposes.
+This allows
+.Nm telnetd
+to print out debugging information
+to the connection, allowing the user to see what
+.Nm telnetd
+is doing.
+There are several possible values for 
+.Ar debugmode:
+.Bl -tag -width exercise
+.It Cm options
+Prints information about the negotiation of
+.Tn TELNET
+options.
+.It Cm report
+Prints the 
+.Cm options
+information, plus some additional information
+about what processing is going on.
+.It Cm netdata
+Displays the data stream received by
+.Nm telnetd.
+.It Cm ptydata
+Displays data written to the pty.
+.It Cm exercise
+Has not been implemented yet.
+.El
+.It Fl h
+Disables the printing of host-specific information before
+login has been completed.
+.It Fl k
+.It Fl l
+Ignored.
+.It Fl n
+Disable
+.Dv TCP
+keep-alives.  Normally
+.Nm telnetd
+enables the
+.Tn TCP
+keep-alive mechanism to probe connections that
+have been idle for some period of time to determine
+if the client is still there, so that idle connections
+from machines that have crashed or can no longer
+be reached may be cleaned up.
+.It Fl r Ar lowpty-highpty
+This option is only enabled when
+.Nm telnetd
+is compiled for
+.Dv UNICOS.
+It specifies an inclusive range of pseudo-terminal devices to
+use.  If the system has sysconf variable
+.Dv _SC_CRAY_NPTY
+configured, the default pty search range is 0 to
+.Dv _SC_CRAY_NPTY;
+otherwise, the default range is 0 to 128.  Either
+.Ar lowpty
+or
+.Ar highpty
+may be omitted to allow changing
+either end of the search range.  If
+.Ar lowpty
+is omitted, the - character is still required so that
+.Nm telnetd
+can differentiate
+.Ar highpty
+from
+.Ar lowpty .
+.It Fl S Ar tos
+.It Fl u Ar len
+This option is used to specify the size of the field
+in the
+.Dv utmp
+structure that holds the remote host name.
+If the resolved host name is longer than
+.Ar len ,
+the dotted decimal value will be used instead.
+This allows hosts with very long host names that
+overflow this field to still be uniquely identified.
+Specifying
+.Fl u0
+indicates that only dotted decimal addresses
+should be put into the
+.Pa utmp
+file.
+.ne 1i
+.It Fl U
+This option causes
+.Nm telnetd
+to refuse connections from addresses that
+cannot be mapped back into a symbolic name
+via the
+.Xr gethostbyaddr 3
+routine.
+.It Fl X Ar authtype
+This option is only valid if
+.Nm telnetd
+has been built with support for the authentication option.
+It disables the use of
+.Ar authtype
+authentication, and
+can be used to temporarily disable
+a specific authentication type without having to recompile
+.Nm telnetd .
+.It Fl L pathname
+Specify pathname to an alternative login program.
+.El
+.Pp
+.Nm Telnetd
+operates by allocating a pseudo-terminal device (see
+.Xr pty 4 )
+for a client, then creating a login process which has
+the slave side of the pseudo-terminal as 
+.Dv stdin ,
+.Dv stdout
+and
+.Dv stderr .
+.Nm Telnetd
+manipulates the master side of the pseudo-terminal,
+implementing the
+.Tn TELNET
+protocol and passing characters
+between the remote client and the login process.
+.Pp
+When a
+.Tn TELNET
+session is started up, 
+.Nm telnetd
+sends
+.Tn TELNET
+options to the client side indicating
+a willingness to do the
+following
+.Tn TELNET
+options, which are described in more detail below:
+.Bd -literal -offset indent
+DO AUTHENTICATION
+WILL ENCRYPT
+DO TERMINAL TYPE
+DO TSPEED
+DO XDISPLOC
+DO NEW-ENVIRON
+DO ENVIRON
+WILL SUPPRESS GO AHEAD
+DO ECHO
+DO LINEMODE
+DO NAWS
+WILL STATUS
+DO LFLOW
+DO TIMING-MARK
+.Ed
+.Pp
+The pseudo-terminal allocated to the client is configured
+to operate in \*(lqcooked\*(rq mode, and with
+.Dv XTABS and
+.Dv CRMOD
+enabled (see
+.Xr tty 4 ) .
+.Pp
+.Nm Telnetd
+has support for enabling locally the following
+.Tn TELNET
+options:
+.Bl -tag -width "DO AUTHENTICATION"
+.It "WILL ECHO"
+When the
+.Dv LINEMODE
+option is enabled, a
+.Dv WILL ECHO
+or
+.Dv WONT ECHO
+will be sent to the client to indicate the
+current state of terminal echoing.
+When terminal echo is not desired, a
+.Dv WILL ECHO
+is sent to indicate that
+.Tn telnetd
+will take care of echoing any data that needs to be
+echoed to the terminal, and then nothing is echoed.
+When terminal echo is desired, a
+.Dv WONT ECHO
+is sent to indicate that
+.Tn telnetd
+will not be doing any terminal echoing, so the
+client should do any terminal echoing that is needed.
+.It "WILL BINARY"
+Indicates that the client is willing to send a
+8 bits of data, rather than the normal 7 bits
+of the Network Virtual Terminal.
+.It "WILL SGA"
+Indicates that it will not be sending
+.Dv IAC GA,
+go ahead, commands.
+.It "WILL STATUS"
+Indicates a willingness to send the client, upon
+request, of the current status of all
+.Tn TELNET
+options.
+.It "WILL TIMING-MARK"
+Whenever a
+.Dv DO TIMING-MARK
+command is received, it is always responded
+to with a
+.Dv WILL TIMING-MARK
+.ne 1i
+.It "WILL LOGOUT"
+When a
+.Dv DO LOGOUT
+is received, a
+.Dv WILL LOGOUT
+is sent in response, and the
+.Tn TELNET
+session is shut down.
+.It "WILL ENCRYPT"
+Only sent if
+.Nm telnetd
+is compiled with support for data encryption, and
+indicates a willingness to decrypt
+the data stream.
+.El
+.Pp
+.Nm Telnetd
+has support for enabling remotely the following
+.Tn TELNET
+options:
+.Bl -tag -width "DO AUTHENTICATION"
+.It "DO BINARY"
+Sent to indicate that
+.Tn telnetd
+is willing to receive an 8 bit data stream.
+.It "DO LFLOW"
+Requests that the client handle flow control
+characters remotely.
+.It "DO ECHO"
+This is not really supported, but is sent to identify a 4.2BSD
+.Xr telnet 1
+client, which will improperly respond with
+.Dv WILL ECHO.
+If a
+.Dv WILL ECHO
+is received, a
+.Dv DONT ECHO
+will be sent in response.
+.It "DO TERMINAL-TYPE"
+Indicates a desire to be able to request the
+name of the type of terminal that is attached
+to the client side of the connection.
+.It "DO SGA"
+Indicates that it does not need to receive
+.Dv IAC GA,
+the go ahead command.
+.It "DO NAWS"
+Requests that the client inform the server when
+the window (display) size changes.
+.It "DO TERMINAL-SPEED"
+Indicates a desire to be able to request information
+about the speed of the serial line to which
+the client is attached.
+.It "DO XDISPLOC"
+Indicates a desire to be able to request the name
+of the X windows display that is associated with
+the telnet client.
+.It "DO NEW-ENVIRON"
+Indicates a desire to be able to request environment
+variable information, as described in RFC 1572.
+.It "DO ENVIRON"
+Indicates a desire to be able to request environment
+variable information, as described in RFC 1408.
+.It "DO LINEMODE"
+Only sent if
+.Nm telnetd
+is compiled with support for linemode, and
+requests that the client do line by line processing.
+.It "DO TIMING-MARK"
+Only sent if
+.Nm telnetd
+is compiled with support for both linemode and
+kludge linemode, and the client responded with
+.Dv WONT LINEMODE.
+If the client responds with
+.Dv WILL TM,
+the it is assumed that the client supports
+kludge linemode.
+Note that the
+.Op Fl k
+option can be used to disable this.
+.It "DO AUTHENTICATION"
+Only sent if
+.Nm telnetd
+is compiled with support for authentication, and
+indicates a willingness to receive authentication
+information for automatic login.
+.It "DO ENCRYPT"
+Only sent if
+.Nm telnetd
+is compiled with support for data encryption, and
+indicates a willingness to decrypt
+the data stream.
+.Sh ENVIRONMENT
+.Sh FILES
+.Pa /etc/services
+.br
+.Pa /etc/inittab
+(UNICOS systems only)
+.br
+.Pa /etc/iptos
+(if supported)
+.br
+.Sh "SEE ALSO"
+.Xr telnet 1 ,
+.Xr login 1
+.Sh STANDARDS
+.Bl -tag -compact -width RFC-1572
+.It Cm RFC-854
+.Tn TELNET
+PROTOCOL SPECIFICATION
+.It Cm RFC-855
+TELNET OPTION SPECIFICATIONS
+.It Cm RFC-856
+TELNET BINARY TRANSMISSION
+.It Cm RFC-857
+TELNET ECHO OPTION
+.It Cm RFC-858
+TELNET SUPPRESS GO AHEAD OPTION
+.It Cm RFC-859
+TELNET STATUS OPTION
+.It Cm RFC-860
+TELNET TIMING MARK OPTION
+.It Cm RFC-861
+TELNET EXTENDED OPTIONS - LIST OPTION
+.It Cm RFC-885
+TELNET END OF RECORD OPTION
+.It Cm RFC-1073
+Telnet Window Size Option
+.It Cm RFC-1079
+Telnet Terminal Speed Option
+.It Cm RFC-1091
+Telnet Terminal-Type Option
+.It Cm RFC-1096
+Telnet X Display Location Option
+.It Cm RFC-1123
+Requirements for Internet Hosts -- Application and Support
+.It Cm RFC-1184
+Telnet Linemode Option
+.It Cm RFC-1372
+Telnet Remote Flow Control Option
+.It Cm RFC-1416
+Telnet Authentication Option
+.It Cm RFC-1411
+Telnet Authentication: Kerberos Version 4
+.It Cm RFC-1412
+Telnet Authentication: SPX
+.It Cm RFC-1571
+Telnet Environment Option Interoperability Issues
+.It Cm RFC-1572
+Telnet Environment Option
+.Sh BUGS
+Some
+.Tn TELNET
+commands are only partially implemented.
+.Pp
+Because of bugs in the original 4.2 BSD
+.Xr telnet 1 ,
+.Nm telnetd
+performs some dubious protocol exchanges to try to discover if the remote
+client is, in fact, a 4.2 BSD
+.Xr telnet 1 .
+.Pp
+Binary mode
+has no common interpretation except between similar operating systems
+(Unix in this case).
+.Pp
+The terminal type name received from the remote client is converted to
+lower case.
+.Pp
+.Nm Telnetd
+never sends
+.Tn TELNET
+.Dv IAC GA
+(go ahead) commands.
diff --git a/crypto/kerberosIV/man/tf_util.3 b/crypto/kerberosIV/man/tf_util.3
new file mode 100644
index 0000000..3f98321
--- /dev/null
+++ b/crypto/kerberosIV/man/tf_util.3
@@ -0,0 +1,150 @@
+.\" $Id: tf_util.3,v 1.2 1996/06/12 21:29:29 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH TF_UTIL 3 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+tf_init, tf_get_pname, tf_get_pinst, tf_get_cred, tf_close \
+\- Routines for manipulating a Kerberos ticket file
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+#include <krb.h>
+.PP
+.ft B
+extern char *krb_err_txt[];
+.PP
+.ft B
+tf_init(tf_name, rw)
+char *tf_name;
+int rw;
+.PP
+.ft B
+tf_get_pname(pname)
+char *pname;
+.PP
+.ft B
+tf_get_pinst(pinst)
+char *pinst;
+.PP
+.ft B
+tf_get_cred(c)
+CREDENTIALS *c;
+.PP
+.ft B
+tf_close()
+.PP
+.fi
+.SH DESCRIPTION
+This group of routines are provided to manipulate the Kerberos tickets
+file.  A ticket file has the following format:
+.nf
+.in +4
+.sp
+principal's name          (null-terminated string)
+principal's instance      (null-terminated string)
+CREDENTIAL_1
+CREDENTIAL_2
+  ...
+CREDENTIAL_n
+EOF
+.sp
+.in -4
+.LP
+Where "CREDENTIAL_x" consists of the following fixed-length
+fields from the CREDENTIALS structure (defined in <krb.h>):
+.nf
+.sp
+.in +4
+	char		service[ANAME_SZ]
+	char		instance[INST_SZ]
+	char		realm[REALM_SZ]
+	des_cblock	session
+	int		lifetime
+	int		kvno
+	KTEXT_ST	ticket_st
+	long		issue_date
+.in -4
+.sp
+.fi
+.PP
+.I tf_init
+must be called before the other ticket file
+routines.
+It takes the name of the ticket file to use,
+and a read/write flag as arguments.
+It tries to open the ticket file, checks the mode and if
+everything is okay, locks the file.  If it's opened for
+reading, the lock is shared.  If it's opened for writing,
+the lock is exclusive.
+KSUCCESS is returned if all went well, otherwise one of the
+following:
+.nf
+.sp
+NO_TKT_FIL	- file wasn't there
+TKT_FIL_ACC	- file was in wrong mode, etc.
+TKT_FIL_LCK	- couldn't lock the file, even after a retry
+.sp
+.fi
+.PP
+The
+.I tf_get_pname
+reads the principal's name from a ticket file.
+It should only be called after tf_init has been called.  The
+principal's name is filled into the 
+.I pname
+parameter.  If all goes
+well, KSUCCESS is returned.
+If tf_init wasn't called, TKT_FIL_INI
+is returned.
+If the principal's name was null, or EOF was encountered, or the
+name was longer than ANAME_SZ, TKT_FIL_FMT is returned.
+.PP
+The
+.I tf_get_pinst
+reads the principal's instance from a ticket file.
+It should only be called after tf_init and tf_get_pname
+have been called.
+The principal's instance is filled into the 
+.I pinst
+parameter.
+If all goes
+well, KSUCCESS is returned.
+If tf_init wasn't called, TKT_FIL_INI
+is returned.
+If EOF was encountered, or the
+name was longer than INST_SZ, TKT_FIL_FMT is returned.
+Note that, unlike the principal name, the instance name may be null.
+.PP
+The
+.I tf_get_cred
+routine reads a CREDENTIALS record from a ticket file and
+fills in the given structure.
+It should only be called after
+tf_init, tf_get_pname, and tf_get_pinst have been called.
+If all goes well, KSUCCESS is returned.  Possible error codes
+are:
+.nf
+.sp
+TKT_FIL_INI	- tf_init wasn't called first
+TKT_FIL_FMT	- bad format
+EOF		- end of file encountered
+.sp
+.fi
+.PP
+.I tf_close
+closes the ticket file and releases the lock on it.
+.SH "SEE ALSO"
+krb(3)
+.SH DIAGNOSTICS
+.SH BUGS
+The ticket file routines have to be called in a certain order.
+.SH AUTHORS
+Jennifer Steiner, MIT Project Athena
+.br
+Bill Bryant, MIT Project Athena
+.SH RESTRICTIONS
+Copyright 1987 Massachusetts Institute of Technology
diff --git a/crypto/kerberosIV/mkinstalldirs b/crypto/kerberosIV/mkinstalldirs
new file mode 100644
index 0000000..1c13a50
--- /dev/null
+++ b/crypto/kerberosIV/mkinstalldirs
@@ -0,0 +1,40 @@
+#! /bin/sh
+# mkinstalldirs --- make directory hierarchy
+# Author: Noah Friedman <friedman@prep.ai.mit.edu>
+# Created: 1993-05-16
+# Public domain
+
+# $Id: mkinstalldirs,v 1.1 1996/06/27 01:12:51 joda Exp $
+
+errstatus=0
+
+for file
+do
+   set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
+   shift
+
+   pathcomp=
+   for d
+   do
+     pathcomp="$pathcomp$d"
+     case "$pathcomp" in
+       -* ) pathcomp=./$pathcomp ;;
+     esac
+
+     if test ! -d "$pathcomp"; then
+        echo "mkdir $pathcomp" 1>&2
+
+        mkdir "$pathcomp" || lasterr=$?
+
+        if test ! -d "$pathcomp"; then
+  	  errstatus=$lasterr
+        fi
+     fi
+
+     pathcomp="$pathcomp/"
+   done
+done
+
+exit $errstatus
+
+# mkinstalldirs ends here
diff --git a/crypto/kerberosIV/server/Makefile.in b/crypto/kerberosIV/server/Makefile.in
new file mode 100644
index 0000000..42bfaff
--- /dev/null
+++ b/crypto/kerberosIV/server/Makefile.in
@@ -0,0 +1,77 @@
+# $Id: Makefile.in,v 1.30 1999/03/10 19:01:17 joda Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+LIBS = @LIBS@
+LIB_DBM = @LIB_DBM@
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROGS = kerberos$(EXECSUFFIX)
+
+SOURCES = kerberos.c
+
+OBJECTS = kerberos.o
+
+all: $(PROGS)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../include -I$(srcdir) $(CPPFLAGS) $(CFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
+	for x in $(PROGS); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(PROGS); do \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+kerberos$(EXECSUFFIX): kerberos.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kerberos.o -L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIB_DBM) $(LIBS) -lroken
+
+$(OBJECTS): ../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/server/kerberos.c b/crypto/kerberosIV/server/kerberos.c
new file mode 100644
index 0000000..5ecc4f8
--- /dev/null
+++ b/crypto/kerberosIV/server/kerberos.c
@@ -0,0 +1,1041 @@
+/*
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ */
+
+#include "config.h"
+#include "protos.h"
+
+RCSID("$Id: kerberos.c,v 1.87 1999/11/13 06:35:39 assar Exp $");
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+#include <errno.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif /* HAVE_SYS_FILIO_H */
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#include <err.h>
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <roken.h>
+#include <base64.h>
+
+#include <des.h>
+#include <krb.h>
+#include <krb_db.h>
+#include <prot.h>
+#include <klog.h>
+
+#include <krb_log.h>
+
+#include <kdc.h>
+
+static des_key_schedule master_key_schedule;
+static des_cblock master_key;
+
+static struct timeval kerb_time;
+static u_char master_key_version;
+static char *lt;
+static int more;
+
+static int mflag;		/* Are we invoked manually? */
+static char *log_file = KRBLOG;	/* name of alt. log file */
+static int nflag;		/* don't check max age */
+static int rflag;		/* alternate realm specified */
+
+/* fields within the received request packet */
+static char *req_name_ptr;
+static char *req_inst_ptr;
+static char *req_realm_ptr;
+static u_int32_t req_time_ws;
+
+static char local_realm[REALM_SZ];
+
+/* options */
+static int max_age = -1;
+static int pause_int = -1;
+
+/*
+ * Print usage message and exit.
+ */
+static void
+usage(void)
+{
+    fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]"
+	    " [-a max_age] [-l log_file] [-i address_to_listen_on]"
+	    " [-r realm] [database_pathname]\n",
+	    __progname);
+    exit(1);
+}
+
+/*
+ * kerb_err_reply creates an error reply packet and sends it to the
+ * client. 
+ */
+
+static void
+kerb_err_reply(int f, struct sockaddr_in *client, int err, char *string)
+{
+    static KTEXT_ST e_pkt_st;
+    KTEXT   e_pkt = &e_pkt_st;
+    static char e_msg[128];
+
+    snprintf (e_msg, sizeof(e_msg),
+	      "\nKerberos error -- %s", string);
+    cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr,
+		 req_time_ws, err, e_msg);
+    sendto(f, (char*)e_pkt->dat, e_pkt->length, 0, (struct sockaddr *)client,
+	   sizeof(*client));
+}
+
+static void
+hang(void)
+{
+    if (pause_int == -1) {
+	klog(L_KRB_PERR, "Kerberos will pause so as not to loop init");
+	for (;;)
+	    pause();
+    } else {
+	char buf[256];
+	snprintf(buf, sizeof(buf),
+		 "Kerberos will wait %d seconds before dying so as not to loop init",
+		 pause_int);
+	klog(L_KRB_PERR, buf);
+	sleep(pause_int);
+	klog(L_KRB_PERR, "Do svedania....\n");
+	exit(1);
+    }
+}
+
+static int
+check_princ(char *p_name, char *instance, unsigned int lifetime, Principal *p)
+{
+    static int n;
+    static int more;
+
+    n = kerb_get_principal(p_name, instance, p, 1, &more);
+    
+    if (n < 0) {
+	lt = klog(L_KRB_PERR, "Database unavailable!");
+	hang();
+    }
+    
+    /*
+     * if more than one p_name, pick one, randomly create a session key,
+     * compute maximum lifetime, lookup authorizations if applicable,
+     * and stuff into cipher. 
+     */
+    if (n == 0) {
+	/* service unknown, log error, skip to next request */
+	lt = klog(L_ERR_UNK, "UNKNOWN %s.%s", p_name, instance);
+	return KERB_ERR_PRINCIPAL_UNKNOWN;
+    }
+    if (more) {
+	/* not unique, log error */
+	lt = klog(L_ERR_NUN, "Principal not unique %s.%s", p_name, instance);
+	return KERB_ERR_PRINCIPAL_NOT_UNIQUE;
+    }
+    /* If the user's key is null, we want to return an error */
+    if ((p->key_low == 0) && (p->key_high == 0)) {
+	/* User has a null key */
+	lt = klog(L_ERR_NKY, "Null key %s.%s", p_name, instance);
+	return KERB_ERR_NULL_KEY;
+    }
+    if (master_key_version != p->kdc_key_ver) {
+	/* log error reply */
+	lt = klog(L_ERR_MKV,
+		  "Incorrect master key version for %s.%s: %d (should be %d)",
+		  p->name, p->instance, p->kdc_key_ver, master_key_version);
+	return KERB_ERR_NAME_MAST_KEY_VER;
+    }
+    /* make sure the service hasn't expired */
+    if ((u_int32_t) p->exp_date < (u_int32_t) kerb_time.tv_sec) {
+	/* service did expire, log it */
+	time_t t = p->exp_date;
+	lt = klog(L_ERR_SEXP,
+		  "Principal %s.%s expired at %s", p->name, p->instance,
+		  krb_stime(&t));
+	return KERB_ERR_NAME_EXP;
+    }
+    /* ok is zero */
+    return 0;
+}
+
+static void
+unseal(des_cblock *key)
+{
+    kdb_encrypt_key(key, key, &master_key, master_key_schedule, DES_DECRYPT);
+}
+
+
+/* Set the key for krb_rd_req so we can check tgt */
+static int
+set_tgtkey(char *r)
+              			/* Realm for desired key */
+{
+    int     n;
+    static char lastrealm[REALM_SZ];
+    Principal p_st;
+    Principal *p = &p_st;
+    des_cblock key;
+
+    if (!strcmp(lastrealm, r))
+	return (KSUCCESS);
+
+    klog(L_ALL_REQ, "Getting key for %s", r);
+
+    n = kerb_get_principal(KRB_TICKET_GRANTING_TICKET, r, p, 1, &more);
+    if (n == 0)
+	return (KFAILURE);
+
+    /* unseal tgt key from master key */
+    copy_to_key(&p->key_low, &p->key_high, key);
+    unseal(&key);
+    krb_set_key(key, 0);
+    strlcpy (lastrealm, r, REALM_SZ);
+    return (KSUCCESS);
+}
+
+
+static int
+kerberos(unsigned char *buf, int len,
+	 char *proto, struct sockaddr_in *client,
+	 struct sockaddr_in *server,
+	 KTEXT rpkt)
+{
+    int pvno;
+    int msg_type;
+    int lsb;
+    int life;
+    int flags = 0;
+    char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
+    char service[SNAME_SZ], sinst[INST_SZ];
+    u_int32_t req_time;
+    static KTEXT_ST ticket, cipher, adat;
+    KTEXT tk = &ticket, ciph = &cipher, auth = &adat;
+    AUTH_DAT ad;
+    des_cblock session, key;
+    int err;
+    Principal a_name, s_name;
+    
+    char *msg;
+    
+    
+    unsigned char *p = buf;
+    if(len < 2){
+	strlcpy((char*)rpkt->dat,
+			"Packet too short",
+			sizeof(rpkt->dat));
+	return KFAILURE;
+    }
+
+    gettimeofday(&kerb_time, NULL);
+
+    pvno = *p++;
+    if(pvno != KRB_PROT_VERSION){
+	msg = klog(L_KRB_PERR, "KRB protocol version mismatch (%d)", pvno);
+	strlcpy((char*)rpkt->dat,
+			msg,
+			sizeof(rpkt->dat));
+	return KERB_ERR_PKT_VER;
+    }
+    msg_type = *p++;
+    lsb = msg_type & 1;
+    msg_type &= ~1;
+    switch(msg_type){
+    case AUTH_MSG_KDC_REQUEST:
+	/* XXX range check */
+	p += krb_get_nir(p, name, inst, realm);
+	p += krb_get_int(p, &req_time, 4, lsb);
+	life = *p++;
+	p += krb_get_nir(p, service, sinst, NULL);
+	klog(L_INI_REQ,
+	     "AS REQ %s.%s@%s for %s.%s from %s (%s/%u)", 
+	     name, inst, realm, service, sinst,
+	     inet_ntoa(client->sin_addr),
+	     proto, ntohs(server->sin_port));
+	if((err = check_princ(name, inst, 0, &a_name))){
+	    strlcpy((char*)rpkt->dat,
+			    krb_get_err_text(err),
+			    sizeof(rpkt->dat));
+	    return err;
+	}
+	tk->length = 0;
+	if((err = check_princ(service, sinst, 0, &s_name))){
+	    strlcpy((char*)rpkt->dat,
+			    krb_get_err_text(err),
+			    sizeof(rpkt->dat));
+	    return err;
+	}
+	life = min(life, s_name.max_life);
+	life = min(life, a_name.max_life);
+    
+	des_new_random_key(&session);
+	copy_to_key(&s_name.key_low, &s_name.key_high, key);
+	unseal(&key);
+	krb_create_ticket(tk, flags, a_name.name, a_name.instance, 
+			  local_realm, client->sin_addr.s_addr,
+			  session, 
+			  life, kerb_time.tv_sec, 
+			  s_name.name, s_name.instance, &key);
+	copy_to_key(&a_name.key_low, &a_name.key_high, key);
+	unseal(&key);
+	create_ciph(ciph, session, s_name.name, s_name.instance,
+		    local_realm, life, s_name.key_version, tk, 
+		    kerb_time.tv_sec, &key);
+	memset(&session, 0, sizeof(session));
+	memset(&key, 0, sizeof(key));
+	{
+	    KTEXT r;
+	    r = create_auth_reply(name, inst, realm, req_time, 0, 
+				  a_name.exp_date, a_name.key_version, ciph);
+	    memcpy(rpkt, r, sizeof(*rpkt));
+	}
+	return 0;
+    case AUTH_MSG_APPL_REQUEST:
+	strlcpy(realm, (char*)buf + 3, REALM_SZ);
+	if((err = set_tgtkey(realm))){
+	    msg = klog(L_ERR_UNK,
+		       "Unknown realm %s from %s (%s/%u)", 
+		       realm, inet_ntoa(client->sin_addr),
+		       proto, ntohs(server->sin_port));
+	    strlcpy((char*)rpkt->dat,
+			    msg,
+			    sizeof(rpkt->dat));
+	    return err;
+	}
+	p = buf + strlen(realm) + 4;
+	p = p + p[0] + p[1] + 2;
+	auth->length = p - buf;
+	memcpy(auth->dat, buf, auth->length);
+	err = krb_rd_req(auth, KRB_TICKET_GRANTING_TICKET,
+			 realm, client->sin_addr.s_addr, &ad, 0);
+	if(err){
+	    msg = klog(L_ERR_UNK,
+		       "krb_rd_req from %s (%s/%u): %s", 
+		       inet_ntoa(client->sin_addr),
+		       proto,
+		       ntohs(server->sin_port),
+		       krb_get_err_text(err));
+	    strlcpy((char*)rpkt->dat,
+			    msg,
+			    sizeof(rpkt->dat));
+	    return err;
+	}
+	p += krb_get_int(p, &req_time, 4, lsb);
+	life = *p++;
+	p += krb_get_nir(p, service, sinst, NULL);
+	klog(L_APPL_REQ,
+	     "APPL REQ %s.%s@%s for %s.%s from %s (%s/%u)",
+	     ad.pname, ad.pinst, ad.prealm,
+	     service, sinst,
+	     inet_ntoa(client->sin_addr),
+	     proto,
+	     ntohs(server->sin_port));
+
+	if(strcmp(ad.prealm, realm)){
+	    msg = klog(L_ERR_UNK, "Can't hop realms: %s -> %s", 
+		       realm, ad.prealm);
+	    strlcpy((char*)rpkt->dat,
+			    msg,
+			    sizeof(rpkt->dat));
+	    return KERB_ERR_PRINCIPAL_UNKNOWN;
+	}
+
+	if(!strcmp(service, "changepw")){
+	    strlcpy((char*)rpkt->dat, 
+			    "Can't authorize password changed based on TGT",
+			    sizeof(rpkt->dat));
+	    return KERB_ERR_PRINCIPAL_UNKNOWN;
+	}
+
+	err = check_princ(service, sinst, life, &s_name);
+	if(err){
+	    strlcpy((char*)rpkt->dat,
+			    krb_get_err_text(err),
+			    sizeof(rpkt->dat));
+	    return err;
+	}
+	life = min(life, 
+		   krb_time_to_life(kerb_time.tv_sec, 
+				    krb_life_to_time(ad.time_sec, 
+						     ad.life)));
+	life = min(life, s_name.max_life);
+	copy_to_key(&s_name.key_low, &s_name.key_high, key);
+	unseal(&key);
+	des_new_random_key(&session);
+	krb_create_ticket(tk, flags, ad.pname, ad.pinst, ad.prealm,
+			  client->sin_addr.s_addr, &session,
+			  life, kerb_time.tv_sec,
+			  s_name.name, s_name.instance,
+			  &key);
+	
+	memset(&key, 0, sizeof(key));
+
+	create_ciph(ciph, session, service, sinst, local_realm,
+		    life, s_name.key_version, tk,
+		    kerb_time.tv_sec, &ad.session);
+
+	memset(&session, 0, sizeof(session));
+	memset(ad.session, 0, sizeof(ad.session));
+	{
+	    KTEXT r;
+	    r =create_auth_reply(ad.pname, ad.pinst, ad.prealm, 
+				 req_time, 0, 0, 0, ciph);
+	    memcpy(rpkt, r, sizeof(*rpkt));
+	}
+	memset(&s_name, 0, sizeof(s_name));
+	return 0;
+	
+    case AUTH_MSG_ERR_REPLY:
+	return -1;
+    default:
+	msg = klog(L_KRB_PERR,
+		   "Unknown message type: %d from %s (%s/%u)", 
+		   msg_type,
+		   inet_ntoa(client->sin_addr),
+		   proto,
+		   ntohs(server->sin_port));
+	strlcpy((char*)rpkt->dat,
+			msg,
+			sizeof(rpkt->dat));
+	return KFAILURE;
+    }
+}
+
+
+static void
+kerberos_wrap(int s, KTEXT data, char *proto, struct sockaddr_in *client, 
+	      struct sockaddr_in *server)
+{
+    KTEXT_ST pkt;
+    int http_flag = strcmp(proto, "http") == 0;
+    int err = kerberos(data->dat, data->length, proto, client, server, &pkt);
+    if(err == -1)
+	return;
+    if(http_flag){
+	const char *msg = 
+	    "HTTP/1.1 200 OK\r\n"
+	    "Server: KTH-KRB/1\r\n"
+	    "Content-type: application/octet-stream\r\n"
+	    "Content-transfer-encoding: binary\r\n\r\n";
+	sendto(s, msg, strlen(msg), 0, (struct sockaddr *)client,
+	       sizeof(*client));
+    }
+    if(err){
+	kerb_err_reply(s, client, err, (char*)pkt.dat);
+	return;
+    }
+    sendto(s, pkt.dat, pkt.length, 0, (struct sockaddr *)client,
+	   sizeof(*client));
+}
+
+
+/*
+ * setup_disc 
+ *
+ * disconnect all descriptors, remove ourself from the process
+ * group that spawned us. 
+ */
+
+static void
+setup_disc(void)
+{
+    int     s;
+
+    for (s = 0; s < 3; s++) {
+	close(s);
+    }
+
+    open("/dev/null", 0);
+    dup2(0, 1);
+    dup2(0, 2);
+
+    setsid();
+
+    chdir("/tmp");
+    return;
+}
+
+/*
+ * Make sure that database isn't stale.
+ *
+ * Exit if it is; we don't want to tell lies.
+ */
+
+static void
+check_db_age(void)
+{
+    long age;
+    
+    if (max_age != -1) {
+	/* Requires existance of kerb_get_db_age() */
+	gettimeofday(&kerb_time, 0);
+	age = kerb_get_db_age();
+	if (age == 0) {
+	    klog(L_KRB_PERR, "Database currently being updated!");
+	    hang();
+	}
+	if ((age + max_age) < kerb_time.tv_sec) {
+	    klog(L_KRB_PERR, "Database out of date!");
+	    hang();
+	    /* NOTREACHED */
+	}
+    }
+}
+
+struct descr{
+    int s;
+    KTEXT_ST buf;
+    int type;
+    int timeout;
+    struct sockaddr_in addr;
+};
+
+static void
+mksocket(struct descr *d, struct in_addr addr, int type, 
+	 const char *service, int port)
+{
+    int     on = 1;
+    int sock;
+
+    memset(d, 0, sizeof(struct descr));
+    if ((sock = socket(AF_INET, type, 0)) < 0)
+	err (1, "socket");
+#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
+    if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
+		   sizeof(on)) < 0)
+	warn ("setsockopt (SO_REUSEADDR)");
+#endif
+    memset(&d->addr, 0, sizeof(d->addr));
+    d->addr.sin_family = AF_INET;
+    d->addr.sin_port   = port;
+    d->addr.sin_addr   = addr;
+    if (bind(sock, (struct sockaddr *)&d->addr, sizeof(d->addr)) < 0)
+	err (1, "bind '%s/%s' (%d)",
+	     service, (type == SOCK_DGRAM) ? "udp" : "tcp",
+	     ntohs(d->addr.sin_port));
+    
+    if(type == SOCK_STREAM)
+	listen(sock, SOMAXCONN);
+    d->s = sock;
+    d->type = type;
+}
+
+
+static void loop(struct descr *fds, int maxfd);
+
+struct port_spec {
+    int port;
+    int type;
+};
+
+static int
+add_port(struct port_spec **ports, int *num_ports, int port, int type)
+{
+    struct port_spec *tmp;
+    tmp = realloc(*ports, (*num_ports + 1) * sizeof(*tmp));
+    if(tmp == NULL)
+	return ENOMEM;
+    *ports = tmp;
+    tmp[*num_ports].port = port;
+    tmp[*num_ports].type = type;
+    (*num_ports)++;
+    return 0;
+}
+
+static void
+make_sockets(const char *port_spec, struct in_addr *i_addr, 
+	     struct descr **fds, int *nfds)
+{
+    int tp;
+    struct in_addr *a;
+    char *p, *q, *pos = NULL;
+    struct servent *sp;
+    struct port_spec *ports = NULL;
+    int num_ports = 0;
+    int i, j;
+    char *port_spec_copy = strdup (port_spec);
+
+    if (port_spec_copy == NULL)
+	err (1, "strdup");
+
+    for(p = strtok_r(port_spec_copy, ", \t", &pos); 
+	p; 
+	p = strtok_r(NULL, ", \t", &pos)){
+	if(strcmp(p, "+") == 0){
+	    add_port(&ports, &num_ports, 88, SOCK_DGRAM);
+	    add_port(&ports, &num_ports, 88, SOCK_STREAM);
+	    add_port(&ports, &num_ports, 750, SOCK_DGRAM);
+	    add_port(&ports, &num_ports, 750, SOCK_STREAM);
+	}else{
+	    q = strchr(p, '/');
+	    if(q){
+		*q = 0;
+		q++;
+	    }
+	    sp = getservbyname(p, q);
+	    if(sp)
+		tp = ntohs(sp->s_port);
+	    else if(sscanf(p, "%d", &tp) != 1) {
+		warnx("Unknown port: %s%s%s", p, q ? "/" : "", q ? q : "");
+		continue;
+	    }
+	    if(q){
+		if(strcasecmp(q, "tcp") == 0)
+		    add_port(&ports, &num_ports, tp, SOCK_STREAM);
+		else if(strcasecmp(q, "udp") == 0)
+		    add_port(&ports, &num_ports, tp, SOCK_DGRAM);
+		else
+		    warnx("Unknown protocol type: %s", q);
+	    }else{
+		add_port(&ports, &num_ports, tp, SOCK_DGRAM);
+		add_port(&ports, &num_ports, tp, SOCK_STREAM);
+	    }
+	}
+    }
+    free (port_spec_copy);
+
+    if(num_ports == 0)
+	errx(1, "No valid ports specified!");
+    
+    if (i_addr) {
+	*nfds = 1;
+	a = malloc(sizeof(*a) * *nfds);
+	if (a == NULL)
+	    errx (1, "Failed to allocate %lu bytes",
+		  (unsigned long)(sizeof(*a) * *nfds));
+	memcpy(a, i_addr, sizeof(struct in_addr));
+    } else
+	*nfds = k_get_all_addrs (&a);
+    if (*nfds < 0) {
+	struct in_addr any;
+
+	any.s_addr = INADDR_ANY;
+
+	warnx ("Could not get local addresses, binding to INADDR_ANY");
+	*nfds = 1;
+	a = malloc(sizeof(*a) * *nfds);
+	if (a == NULL)
+	    errx (1, "Failed to allocate %lu bytes",
+		  (unsigned long)(sizeof(*a) * *nfds));
+	memcpy(a, &any, sizeof(struct in_addr));
+    }
+    *fds = malloc(*nfds * num_ports * sizeof(**fds));
+    if (*fds == NULL)
+	errx (1, "Failed to allocate %lu bytes",
+	      (unsigned long)(*nfds * num_ports * sizeof(**fds)));
+    for (i = 0; i < *nfds; i++) {
+	for(j = 0; j < num_ports; j++) {
+	    mksocket(*fds + num_ports * i + j, a[i], 
+		     ports[j].type, "", htons(ports[j].port));
+	}
+    }
+    *nfds *= num_ports;
+    free(ports);
+    free (a);
+}
+
+
+int
+main(int argc, char **argv)
+{
+    int     child;
+    int c;
+    struct descr *fds;
+    int nfds;
+    int n;
+    int     kerror;
+    int i_flag = 0;
+    struct in_addr i_addr;
+    char *port_spec = "+";
+
+    umask(077);		/* Create protected files */
+
+    set_progname (argv[0]);
+
+    while ((c = getopt(argc, argv, "snmp:P:a:l:r:i:")) != -1) {
+	switch(c) {
+	case 's':
+	    /*
+	     * Set parameters to slave server defaults.
+	     */
+	    if (max_age == -1 && !nflag)
+		max_age = THREE_DAYS;	/* Survive weekend */
+	    if (pause_int == -1)
+		pause_int = FIVE_MINUTES; /* 5 minutes */
+	    break;
+	case 'n':
+	    max_age = -1;	/* don't check max age. */
+	    nflag++;
+	    break;
+	case 'm':
+	    mflag++;		/* running manually; prompt for master key */
+	    break;
+	case 'p': {
+	    /* Set pause interval. */
+	    char *tmp;
+
+	    pause_int = strtol (optarg, &tmp, 0);
+	    if (pause_int == 0 && tmp == optarg) {
+		fprintf(stderr, "pause_int `%s' not a number\n", optarg);
+		usage ();
+	    }
+
+	    if ((pause_int < 5) ||  (pause_int > ONE_HOUR)) {
+		fprintf(stderr, "pause_int must be between 5 and 3600 seconds.\n");
+		usage();
+	    }
+	    break;
+	}
+	case 'P':
+	    port_spec = optarg;
+	    break;
+	case 'a': {
+	    /* Set max age. */
+	    char *tmp;
+
+	    max_age = strtol (optarg, &tmp, 0);
+	    if (max_age == 0 && tmp == optarg) {
+		fprintf (stderr, "max_age `%s' not a number\n", optarg);
+		usage ();
+	    }
+	    if ((max_age < ONE_HOUR) || (max_age > THREE_DAYS)) {
+		fprintf(stderr, "max_age must be between one hour and "
+			"three days, in seconds\n");
+		usage();
+	    }
+	    break;
+	}
+	case 'l':
+	    /* Set alternate log file */
+	    log_file = optarg;
+	    break;
+	case 'r':
+	    /* Set realm name */
+	    rflag++;
+	    strlcpy(local_realm, optarg, sizeof(local_realm));
+	    break;
+	case 'i':
+	    /* Only listen on this address */
+	    if(inet_aton (optarg, &i_addr) == 0) {
+		fprintf (stderr, "Bad address: %s\n", optarg);
+		exit (1);
+	    }
+	    ++i_flag;
+	    break;
+	default:
+	    usage();
+	    break;
+	}
+    }
+    
+    if (optind == (argc-1)) {
+	if (kerb_db_set_name(argv[optind]) != 0) {
+	    fprintf(stderr, "Could not set alternate database name\n");
+	    exit(1);
+	}
+	optind++;
+    }
+
+    if (optind != argc)
+	usage();
+	
+    printf("Kerberos server starting\n");
+    
+    if ((!nflag) && (max_age != -1))
+	printf("\tMaximum database age: %d seconds\n", max_age);
+    if (pause_int != -1)
+	printf("\tSleep for %d seconds on error\n", pause_int);
+    else
+	printf("\tSleep forever on error\n");
+    if (mflag)
+	printf("\tMaster key will be entered manually\n");
+    
+    printf("\tLog file is %s\n", log_file);
+
+    kset_logfile(log_file);
+    
+    make_sockets(port_spec, i_flag ? &i_addr : NULL, &fds, &nfds);
+
+    /* do all the database and cache inits */
+    if ((n = kerb_init())) {
+	if (mflag) {
+	    printf("Kerberos db and cache init ");
+	    printf("failed = %d ...exiting\n", n);
+	    exit (1);
+	} else {
+	    klog(L_KRB_PERR,
+	    "Kerberos db and cache init failed = %d ...exiting", n);
+	    hang();
+	}
+    }
+
+    /* Make sure database isn't stale */
+    check_db_age();
+    
+    /* setup master key */
+    if (kdb_get_master_key (mflag, &master_key, master_key_schedule) != 0) {
+      klog (L_KRB_PERR, "kerberos: couldn't get master key.");
+      exit (1);
+    }
+    kerror = kdb_verify_master_key (&master_key, master_key_schedule, stdout);
+    if (kerror < 0) {
+      klog (L_KRB_PERR, "Can't verify master key.");
+      memset(master_key, 0, sizeof (master_key));
+      memset (master_key_schedule, 0, sizeof (master_key_schedule));
+      exit (1);
+    }
+
+    master_key_version = (u_char) kerror;
+
+    fprintf(stdout, "\nCurrent Kerberos master key version is %d\n",
+	    master_key_version);
+    des_init_random_number_generator(&master_key);
+
+    if (!rflag) {
+	/* Look up our local realm */
+	krb_get_lrealm(local_realm, 1);
+    }
+    fprintf(stdout, "Local realm: %s\n", local_realm);
+    fflush(stdout);
+
+    if (set_tgtkey(local_realm)) {
+	/* Ticket granting service unknown */
+	klog(L_KRB_PERR, "Ticket granting ticket service unknown");
+	fprintf(stderr, "Ticket granting ticket service unknown\n");
+	exit(1);
+    }
+    if (mflag) {
+	if ((child = fork()) != 0) {
+	    printf("Kerberos started, PID=%d\n", child);
+	    exit(0);
+	}
+	setup_disc();
+    }
+    
+    klog(L_ALL_REQ, "Starting Kerberos for %s (kvno %d)", 
+	 local_realm, master_key_version);
+    
+    /* receive loop */
+    loop(fds, nfds);
+    exit(1);
+}
+
+
+static void
+read_socket(struct descr *n)
+{
+    int b;
+    struct sockaddr_in from;
+    int fromlen = sizeof(from);
+    b = recvfrom(n->s, n->buf.dat + n->buf.length, 
+		 MAX_PKT_LEN - n->buf.length, 0, 
+		 (struct sockaddr *)&from, &fromlen);
+    if(b < 0){
+	if(n->type == SOCK_STREAM){
+	    close(n->s);
+	    n->s = -1;
+	}
+	n->buf.length = 0;
+	return;
+    }
+    n->buf.length += b;
+    if(n->type == SOCK_STREAM){
+	char *proto = "tcp";
+	if(n->buf.length > 4 && 
+	   strncmp((char *)n->buf.dat, "GET ", 4) == 0 &&
+	   strncmp((char *)n->buf.dat + n->buf.length - 4, 
+		   "\r\n\r\n", 4) == 0){
+	    char *p;
+	    char *save = NULL;
+
+	    n->buf.dat[n->buf.length - 1] = 0;
+	    strtok_r((char *)n->buf.dat, " \t\r\n", &save);
+	    p = strtok_r(NULL, " \t\r\n", &save);
+	    if(p == NULL)
+		p = "";
+	    if(*p == '/') p++;
+	    n->buf.length = base64_decode(p, n->buf.dat);
+	    if(n->buf.length <= 0){
+		const char *msg = 
+		    "HTTP/1.1 404 Not found\r\n"
+		    "Server: KTH-KRB/1\r\n"
+		    "Content-type: text/html\r\n"
+		    "Content-transfer-encoding: 8bit\r\n\r\n"
+		    "<TITLE>404 Not found</TITLE>\r\n"
+		    "<H1>404 Not found</H1>\r\n"
+		    "That page does not exist. Information about "
+		    "<A HREF=\"http://www.pdc.kth.se/kth-krb\">KTH-KRB</A> "
+		    "is available elsewhere.\r\n";
+		fromlen = sizeof(from);
+		if(getpeername(n->s,(struct sockaddr*)&from, &fromlen) == 0)
+		    klog(L_KRB_PERR, "Unknown HTTP request from %s", 
+			 inet_ntoa(from.sin_addr));
+		else
+		    klog(L_KRB_PERR, "Unknown HTTP request from <unknown>");
+		write(n->s, msg, strlen(msg));
+		close(n->s);
+		n->s = -1;
+		n->buf.length = 0;
+		return;
+	    }
+	    proto = "http";
+	    b = 0;
+	}
+	else if(n->buf.length >= 4 && n->buf.dat[0] == 0){
+	    /* if this is a new type of packet (with
+	       the length attached to the head of the
+	       packet), and there is no more data to
+	       be read, fake an old packet, so the
+	       code below will work */
+	    u_int32_t len;
+	    krb_get_int(n->buf.dat, &len, 4, 0);
+	    if(n->buf.length == len + 4){
+		memmove(n->buf.dat, n->buf.dat + 4, len);
+		b = 0;
+	    }
+	}
+	if(b == 0){
+	    /* handle request if there are 
+	       no more bytes to read */
+	    fromlen = sizeof(from);
+	    getpeername(n->s,(struct sockaddr*)&from, &fromlen);
+	    kerberos_wrap(n->s, &n->buf, proto, &from,
+			  &n->addr);
+	    n->buf.length = 0;
+	    close(n->s);
+	    n->s = -1;
+	}
+    }else{
+	/* udp packets are atomic */
+	kerberos_wrap(n->s, &n->buf, "udp", &from,
+		      &n->addr);
+	n->buf.length = 0;
+    }
+}
+
+static void
+loop(struct descr *fds, int nfds)
+{
+    for (;;) {
+	int ret;
+        fd_set readfds;
+	struct timeval tv;
+	int maxfd = 0;
+	struct descr *n, *minfree;
+	int accepted; /* accept at most one socket per `round' */
+	
+	FD_ZERO(&readfds);
+	gettimeofday(&tv, NULL);
+	maxfd = 0;
+	minfree = NULL;
+	/* Remove expired TCP sockets, and add all other 
+	   to the set we are selecting on */
+	for(n = fds; n < fds + nfds; n++){
+	    if(n->s >= 0 && n->timeout && tv.tv_sec > n->timeout){
+		kerb_err_reply(n->s, NULL, KERB_ERR_TIMEOUT, "Timeout");
+		close(n->s);
+		n->s = -1;
+	    }
+	    if(n->s < 0){
+		if(minfree == NULL) minfree = n;
+		continue;
+	    }
+	    FD_SET(n->s, &readfds);
+	    maxfd = max(maxfd, n->s);
+	}
+	/* add more space for sockets */
+	if(minfree == NULL){
+	    int i = nfds;
+	    struct descr *new;
+	    nfds *=2;
+	    new = realloc(fds, sizeof(struct descr) * nfds);
+	    if(new){
+		fds = new;
+		minfree = fds + i;
+		for(; i < nfds; i++) fds[i].s = -1;
+	    }
+	}
+	ret = select(maxfd + 1, &readfds, 0, 0, 0);
+	accepted = 0;
+	for (n = fds; n < fds + nfds; n++){
+	    if(n->s < 0) continue;
+	    if (FD_ISSET(n->s, &readfds)){
+		if(n->type == SOCK_STREAM && n->timeout == 0){
+		    /* add accepted socket to list of sockets we are
+                       selecting on */
+		    int s;
+		    if(accepted) continue;
+		    accepted = 1;
+		    s = accept(n->s, NULL, 0);
+		    if(minfree == NULL){
+			kerb_err_reply(s, NULL, KFAILURE, "Out of memory");
+			close(s);
+		    }else{
+			minfree->s = s;
+			minfree->type = SOCK_STREAM;
+			gettimeofday(&tv, NULL);
+			minfree->timeout = tv.tv_sec + 4; /* XXX */
+			minfree->buf.length = 0;
+			memcpy(&minfree->addr, &n->addr, sizeof(minfree->addr));
+		    }
+		}else
+		    read_socket(n);
+	    }
+	}
+    }
+}
diff --git a/crypto/kerberosIV/slave/Makefile.in b/crypto/kerberosIV/slave/Makefile.in
new file mode 100644
index 0000000..938e61c
--- /dev/null
+++ b/crypto/kerberosIV/slave/Makefile.in
@@ -0,0 +1,80 @@
+# $Id: Makefile.in,v 1.33 1999/03/10 19:01:17 joda Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@ -DSBINDIR=\"$(sbindir)\"
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+LIBS = @LIBS@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+sbindir = @sbindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROGS = kpropd$(EXECSUFFIX) \
+	kprop$(EXECSUFFIX)
+
+SOURCES = kpropd.c kprop.c
+
+OBJECTS = kpropd.o kprop.o
+
+all: $(PROGS)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../include -I$(srcdir) $(CPPFLAGS) $(CFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
+	for x in $(PROGS); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(PROGS); do \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+kprop$(EXECSUFFIX): kprop.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kprop.o -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIBS) -lroken
+
+kpropd$(EXECSUFFIX): kpropd.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kpropd.o -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIBS) -lroken
+
+$(OBJECTS): ../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/slave/kprop.c b/crypto/kerberosIV/slave/kprop.c
new file mode 100644
index 0000000..2cb1aee
--- /dev/null
+++ b/crypto/kerberosIV/slave/kprop.c
@@ -0,0 +1,543 @@
+/*
+
+Copyright 1987, 1988 by the Student Information Processing Board
+	of the Massachusetts Institute of Technology
+
+Permission to use, copy, modify, and distribute this software
+and its documentation for any purpose and without fee is
+hereby granted, provided that the above copyright notice
+appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation,
+and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+used in advertising or publicity pertaining to distribution
+of the software without specific, written prior permission.
+M.I.T. and the M.I.T. S.I.P.B. make no representations about
+the suitability of this software for any purpose.  It is
+provided "as is" without express or implied warranty.
+
+*/
+
+#include "slav_locl.h"
+
+RCSID("$Id: kprop.c,v 1.37 1999/09/16 20:41:59 assar Exp $");
+
+#include "kprop.h"
+
+static char kprop_version[KPROP_PROT_VERSION_LEN] = KPROP_PROT_VERSION;
+
+int     debug = 0;
+
+char    my_realm[REALM_SZ];
+int     princ_data_size = 3 * sizeof(int32_t) + 3 * sizeof(unsigned char);
+short   transfer_mode, net_transfer_mode;
+int force_flag;
+static char ok[] = ".dump_ok";
+
+struct slave_host {
+    u_int32_t  net_addr;
+    char   *name;
+    char   *instance;
+    char   *realm;
+    int	   not_time_yet;
+    int    succeeded;
+    struct slave_host *next;
+};
+
+static int
+get_slaves(struct slave_host **psl,
+	   const char *dir_path,
+	   const char *file,
+	   time_t ok_mtime)
+{
+    FILE   *fin;
+    char    namebuf[128], *inst;
+    char   *pc;
+    struct hostent *host;
+    struct slave_host **th;
+    char   *last_prop_path;
+    struct stat stbuf;
+
+    if ((fin = fopen(file, "r")) == NULL)
+	err (1, "open(%s)", file);
+
+    th = psl;
+    while(fgets(namebuf, sizeof(namebuf), fin)){
+	if ((pc = strchr(namebuf, '\n'))) {
+	    *pc = '\0';
+	} else {
+	    if(strlen(namebuf) == sizeof(namebuf) - 1){
+		warnx ("Hostname too long (>= %d chars) in '%s'.",
+		       (int) sizeof(namebuf), file);
+		do{
+		    if(fgets(namebuf, sizeof(namebuf), fin) == NULL)
+			break;
+		}while(strchr(namebuf, '\n') == NULL);
+		continue;
+	    }
+	}
+	if(namebuf[0] == 0 || namebuf[0] == '#')
+	    continue;
+	host = gethostbyname(namebuf);
+	if (host == NULL) {
+	    warnx ("Ignoring host '%s' in '%s': %s", 
+		   namebuf, file,
+		   hstrerror(h_errno));
+	    continue;
+	}
+	(*th) = (struct slave_host *) malloc(sizeof(struct slave_host));
+	if (!*th)
+	    errx (1, "No memory reading host list from '%s'.",
+		    file);
+	memset(*th, 0, sizeof(struct slave_host));
+	(*th)->name = strdup(namebuf);
+	if ((*th)->name == NULL)
+	    errx (1, "No memory reading host list from '%s'.",
+		  file);
+	/* get kerberos cannonical instance name */
+	inst = krb_get_phost ((*th)->name);
+	(*th)->instance = strdup(inst);
+	if ((*th)->instance == NULL)
+	    errx (1, "No memory reading host list from '%s'.",
+		  file);
+	/* what a concept, slave servers in different realms! */
+	(*th)->realm = my_realm;
+	memcpy(&(*th)->net_addr, host->h_addr, sizeof((*th)->net_addr));
+	(*th)->not_time_yet = 0;
+	(*th)->succeeded = 0;
+	(*th)->next = NULL;
+	asprintf(&last_prop_path, "%s%s-last-prop", dir_path, (*th)->name);
+	if (last_prop_path == NULL)
+	    errx (1, "malloc failed");
+	if (!force_flag
+	    && !stat(last_prop_path, &stbuf)
+	    && stbuf.st_mtime > ok_mtime) {
+	    (*th)->not_time_yet = 1;
+	    (*th)->succeeded = 1;	/* no change since last success */
+	}
+	free(last_prop_path);
+	th = &(*th)->next;
+    }
+    fclose(fin);
+    return (1);
+}
+
+/* The master -> slave protocol looks like this:
+     1) 8 byte version string
+     2) 2 bytes of "transfer mode" (net byte order of course)
+     3) ticket/authentication send by sendauth
+     4) 4 bytes of "block" length (u_int32_t)
+     5) data
+
+     4 and 5 repeat til EOF ...
+*/
+
+static int
+prop_to_slaves(struct slave_host *sl,
+	       int fd,
+	       const char *dir_path,
+	       const char *fslv)
+{
+    u_char buf[KPROP_BUFSIZ];
+    u_char obuf[KPROP_BUFSIZ + 64]; /* leave room for private msg overhead */
+    struct sockaddr_in sin, my_sin;
+    int     i, n, s;
+    struct slave_host *cs;	/* current slave */
+    char   my_host_name[MaxHostNameLen], *p_my_host_name;
+    char   kprop_service_instance[INST_SZ];
+    u_int32_t cksum;
+    u_int32_t length, nlength;
+    long   kerror;
+    KTEXT_ST     ticket;
+    CREDENTIALS  cred;
+    MSG_DAT msg_dat;
+    static char tkstring[] = "/tmp/kproptktXXXXXX";
+    des_key_schedule session_sched;
+    char   *last_prop_path;
+
+    close(mkstemp(tkstring));
+    krb_set_tkt_string(tkstring);
+    
+    memset(&sin, 0, sizeof sin);
+    sin.sin_family = AF_INET;
+    sin.sin_port = k_getportbyname ("krb_prop", "tcp", htons(KPROP_PORT));
+    sin.sin_addr.s_addr = INADDR_ANY;
+
+    for (i = 0; i < 5; i++) {	/* try each slave five times max */
+	for (cs = sl; cs; cs = cs->next) {
+	    if (!cs->succeeded) {
+		if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+		    err (1, "socket");
+		memcpy(&sin.sin_addr, &cs->net_addr, 
+		      sizeof cs->net_addr);
+
+		if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) {
+		    warn ("connect(%s)", cs->name);
+		    close(s);
+		    continue;	/*** NEXT SLAVE ***/
+		}
+		
+		/* for krb_mk_{priv, safe} */
+		memset(&my_sin, 0, sizeof my_sin);
+		n = sizeof my_sin;
+		if (getsockname (s, (struct sockaddr *) &my_sin, &n) != 0) {
+		    warn ("getsockname(%s)", cs->name);
+		    close (s);
+		    continue;	/*** NEXT SLAVE ***/
+		}
+		if (n != sizeof (my_sin)) {
+		    warnx ("can't get socketname %s length", cs->name);
+		    close (s);
+		    continue;	/*** NEXT SLAVE ***/
+		}
+		
+		/* Get ticket */
+		kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, 
+				     cs->instance, cs->realm, (u_int32_t) 0);
+		/* if ticket has expired try to get a new one, but
+		 * first get a TGT ...
+		 */
+		if (kerror != MK_AP_OK) {
+		    if (gethostname (my_host_name, sizeof(my_host_name)) != 0) {
+			warnx ("gethostname(%s): %s",
+			       my_host_name,
+			       hstrerror(h_errno));
+			close (s);
+			break;	/* next one can't work either! */
+		    }
+		    /* get canonical kerberos service instance name */
+		    p_my_host_name = krb_get_phost (my_host_name);
+		    /* copy it to make sure gethostbyname static doesn't
+		     * screw us. */
+		    strlcpy (kprop_service_instance,
+				     p_my_host_name,
+				     INST_SZ);
+		    kerror = krb_get_svc_in_tkt (KPROP_SERVICE_NAME, 
+#if 0
+						 kprop_service_instance,
+#else
+						 KRB_MASTER,
+#endif
+						 my_realm,
+						 KRB_TICKET_GRANTING_TICKET,
+						 my_realm,
+						 96,
+						 KPROP_SRVTAB);
+		    if (kerror != INTK_OK) {
+			warnx ("%s: %s.  While getting initial ticket\n",
+			       cs->name, krb_get_err_text(kerror));
+			close (s);
+			goto punt;
+		    }
+		    kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, 
+					 cs->instance, cs->realm,
+					 (u_int32_t) 0);
+		}
+		if (kerror != MK_AP_OK) {
+		    warnx ("%s: krb_mk_req: %s",
+			   cs->name, krb_get_err_text(kerror));
+		    close (s);
+		    continue;	/*** NEXT SLAVE ***/
+		}		    
+
+		if (write(s, kprop_version, sizeof(kprop_version))
+		    != sizeof(kprop_version)) {
+		    warn ("%s", cs->name);
+		    close (s);
+		    continue;	/*** NEXT SLAVE ***/
+		}
+
+		net_transfer_mode = htons (transfer_mode);
+		if (write(s, &net_transfer_mode, sizeof(net_transfer_mode))
+		    != sizeof(net_transfer_mode)) {
+		    warn ("write(%s)", cs->name);
+		    close (s);
+		    continue;	/*** NEXT SLAVE ***/
+		}
+
+		kerror = krb_get_cred (KPROP_SERVICE_NAME, cs->instance,
+				       cs->realm, &cred);
+		if (kerror != KSUCCESS) {
+		    warnx ("%s: %s.  Getting session key.", 
+			   cs->name, krb_get_err_text(kerror));
+		    close (s);
+		    continue;	/*** NEXT SLAVE ***/
+		}
+#ifdef NOENCRYPTION
+		memset(session_sched, 0, sizeof(session_sched));
+#else
+		if (des_key_sched (&cred.session, session_sched)) {
+		    warnx ("%s: can't make key schedule.",
+			   cs->name);
+		    close (s);
+		    continue;	/*** NEXT SLAVE ***/
+		}
+#endif
+		/* SAFE (quad_cksum) and CLEAR are just not good enough */
+		cksum = 0;
+#ifdef not_working_yet
+		if (transfer_mode != KPROP_TRANSFER_PRIVATE) {
+		    cksum = get_data_checksum(fd, session_sched);
+		    lseek(fd, 0L, 0);
+		}
+		else
+#endif
+           	{
+		    struct stat st;
+		    fstat (fd, &st);
+		    cksum = st.st_size;
+	        }
+		kerror = krb_sendauth(KOPT_DO_MUTUAL,
+				      s,
+				      &ticket,
+				      KPROP_SERVICE_NAME,
+				      cs->instance,
+				      cs->realm,
+				      cksum,
+				      &msg_dat,
+				      &cred,
+				      session_sched,
+				      &my_sin,
+				      &sin,
+				      KPROP_PROT_VERSION);
+		if (kerror != KSUCCESS) {
+		    warnx ("%s: krb_sendauth: %s.",
+			   cs->name, krb_get_err_text(kerror));
+		    close (s);
+		    continue;	/*** NEXT SLAVE ***/
+		}
+
+		lseek(fd, 0L, SEEK_SET); /* Rewind file before rereading it. */
+		while ((n = read(fd, buf, sizeof buf))) {
+		    if (n < 0)
+			err (1, "read");
+		    switch (transfer_mode) {
+		    case KPROP_TRANSFER_PRIVATE:
+		    case KPROP_TRANSFER_SAFE:
+			if (transfer_mode == KPROP_TRANSFER_PRIVATE)
+			    length = krb_mk_priv (buf, obuf, n, 
+						  session_sched, &cred.session,
+						  &my_sin, &sin);
+			else
+			    length = krb_mk_safe (buf, obuf, n,
+						  &cred.session,
+						  &my_sin, &sin);
+			if (length == -1) {
+			    warnx ("%s: %s failed.",
+				   cs->name,
+				   (transfer_mode == KPROP_TRANSFER_PRIVATE) 
+				   ? "krb_rd_priv" : "krb_rd_safe");
+			    close (s);
+			    continue; /*** NEXT SLAVE ***/
+			}
+			nlength = htonl(length);
+			if (write(s, &nlength, sizeof nlength)
+			    != sizeof nlength) {
+			    warn ("write(%s)", cs->name);
+			    close (s);
+			    continue; /*** NEXT SLAVE ***/
+			}
+			if (write(s, obuf, length) != length) {
+			    warn ("write(%s)", cs->name);
+			    close(s);
+			    continue; /*** NEXT SLAVE ***/
+			}
+			break;
+		    case KPROP_TRANSFER_CLEAR:
+			if (write(s, buf, n) != n) {
+			    warn ("write(%s)", cs->name);
+			    close(s);
+			    continue; /*** NEXT SLAVE ***/
+			}
+			break;
+		    }
+		}
+		close(s);
+		cs->succeeded = 1;
+		printf("%s: success.\n", cs->name);
+
+		asprintf(&last_prop_path,
+			 "%s%s-last-prop",
+			 dir_path,
+			 cs->name);
+		if (last_prop_path == NULL)
+		    errx (1, "malloc failed");
+
+		unlink(last_prop_path);
+		close(creat(last_prop_path, 0600));
+	    }
+	}
+    }
+punt:
+    
+    dest_tkt();
+    for (cs = sl; cs; cs = cs->next) {
+	if (!cs->succeeded)
+	    return (0);		/* didn't get this slave */
+    }
+    return (1);
+}
+
+static void
+usage(void)
+{
+    /* already got floc and fslv, what is this? */
+    fprintf(stderr,
+	    "\nUsage: kprop [-force] [-realm realm] [-private"
+#ifdef not_safe_yet
+	    "|-safe|-clear"
+#endif
+	    "] [data_file [slaves_file]]\n\n");
+    exit(1);
+}
+
+
+int
+main(int argc, char **argv)
+{
+    int     fd, i;
+    char   *floc, *floc_ok;
+    char   *fslv;
+    char   *dir_path;
+    struct stat stbuf, stbuf_ok;
+    time_t   l_init, l_final;
+    char   *pc;
+    int    l_diff;
+    static struct slave_host *slave_host_list = NULL;
+    struct slave_host *sh;
+
+    set_progname (argv[0]);
+
+    transfer_mode = KPROP_TRANSFER_PRIVATE;
+
+    time(&l_init);
+    pc = ctime(&l_init);
+    pc[strlen(pc) - 1] = '\0';
+    printf("\nStart slave propagation: %s\n", pc);
+ 
+    floc = NULL;
+    fslv = NULL;
+
+    if (krb_get_lrealm(my_realm,1) != KSUCCESS)
+      errx (1, "Getting my kerberos realm.  Check krb.conf");
+
+    for (i = 1; i < argc; i++) 
+      switch (argv[i][0]) {
+      case '-':
+	if (strcmp (argv[i], "-private") == 0) 
+	  transfer_mode = KPROP_TRANSFER_PRIVATE;
+#ifdef not_safe_yet
+	else if (strcmp (argv[i], "-safe") == 0) 
+	  transfer_mode = KPROP_TRANSFER_SAFE;
+	else if (strcmp (argv[i], "-clear") == 0) 
+	  transfer_mode = KPROP_TRANSFER_CLEAR;
+#endif
+	else if (strcmp (argv[i], "-realm") == 0) {
+	    i++;
+	    if (i < argc)
+		strlcpy(my_realm, argv[i], REALM_SZ);
+	    else
+		usage();
+	} else if (strcmp (argv[i], "-force") == 0)
+	    force_flag++;
+	else {
+	    warnx("unknown control argument %s.", argv[i]);
+	    usage ();
+	}
+	break;
+      default:
+	/* positional arguments are marginal at best ... */
+	if (floc == NULL)
+	  floc = argv[i];
+	else {
+	  if (fslv == NULL)
+	    fslv = argv[i];
+	  else 
+	      usage();
+	}
+      }
+    if(floc == NULL)
+	floc = DB_DIR "/slave_dump";
+    if(fslv == NULL)
+	fslv = DB_DIR "/slaves";
+	
+    asprintf (&floc_ok, "%s%s", floc, ok);
+    if (floc_ok == NULL)
+	errx (1, "out of memory in copying %s", floc);
+
+    dir_path = strdup(fslv);
+    if(dir_path == NULL)
+	errx (1, "malloc failed");
+    pc = strrchr(dir_path, '/');
+    if (pc != NULL)
+	++pc;
+    else
+	pc = dir_path;
+    *pc = '\0';
+
+    if ((fd = open(floc, O_RDONLY)) < 0)
+	err (1, "open(%s)", floc);
+    if (flock(fd, LOCK_SH | LOCK_NB))
+	err (1, "flock(%s)", floc);
+    if (stat(floc, &stbuf))
+	err (1, "stat(%s)", floc);
+    if (stat(floc_ok, &stbuf_ok))
+	err (1, "stat(%s)", floc_ok);
+    if (stbuf.st_mtime > stbuf_ok.st_mtime)
+	errx (1, "'%s' more recent than '%s'.", floc, floc_ok);
+    if (!get_slaves(&slave_host_list, dir_path, fslv, stbuf_ok.st_mtime))
+	errx (1, "can't read slave host file '%s'.", fslv);
+#ifdef KPROP_DBG
+    {
+	struct slave_host *sh;
+	int     i;
+	fprintf(stderr, "\n\n");
+	fflush(stderr);
+	for (sh = slave_host_list; sh; sh = sh->next) {
+	    fprintf(stderr, "slave %d: %s, %s", i++, sh->name,
+		    inet_ntoa(sh->net_addr));
+	    fflush(stderr);
+	}
+    }
+#endif				/* KPROP_DBG */
+
+    if (!prop_to_slaves(slave_host_list, fd, dir_path, fslv))
+	errx (1, "propagation failed.");
+    if (flock(fd, LOCK_UN))
+	err (1, "flock(%s, LOCK_UN)", floc);
+    printf("\n\n");
+    for (sh = slave_host_list; sh; sh = sh->next) {
+        if (sh->not_time_yet)
+	    printf(         "%s:\t\tNot time yet\n", sh->name);
+	else if (sh->succeeded)
+	    printf(         "%s:\t\tSucceeded\n", sh->name);
+	else
+	    fprintf(stderr, "%s:\t\tFAILED\n", sh->name);
+	fflush(stdout);
+    }
+
+    time(&l_final);
+    l_diff = l_final - l_init;
+    printf("propagation finished, %d:%02d:%02d elapsed\n",
+	   l_diff / 3600, (l_diff % 3600) / 60, l_diff % 60);
+
+    exit(0);
+}
+
+#ifdef doesnt_work_yet
+u_long get_data_checksum(fd, key_sched)
+     int fd;
+     des_key_schedule key_sched;
+{
+	u_int32_t cksum = 0;
+	int n;
+	char buf[BUFSIZ];
+	u_int32_t obuf[2];
+
+	while (n = read(fd, buf, sizeof buf)) {
+	    if (n < 0)
+		err (1, "read");
+	    cksum = cbc_cksum(buf, obuf, n, key_sched, key_sched);
+	}
+	return cksum;
+}
+#endif
diff --git a/crypto/kerberosIV/slave/kprop.h b/crypto/kerberosIV/slave/kprop.h
new file mode 100644
index 0000000..d66f63f
--- /dev/null
+++ b/crypto/kerberosIV/slave/kprop.h
@@ -0,0 +1,19 @@
+/* 
+ * Copyright 1987 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information,
+ * please see the file <mit-copyright.h>.
+ *
+ * $Id: kprop.h,v 1.5 1997/02/07 21:39:52 assar Exp $
+ *
+ */
+
+#define KPROP_SERVICE_NAME "rcmd"
+#define KPROP_SRVTAB "/etc/srvtab"
+#define KPROP_PROT_VERSION_LEN 8
+#define KPROP_PROT_VERSION "kprop01"
+#define KPROP_TRANSFER_PRIVATE 1
+#define KPROP_TRANSFER_SAFE 2
+#define KPROP_TRANSFER_CLEAR 3
+#define KPROP_BUFSIZ 32768
+#define KPROP_PORT 754
diff --git a/crypto/kerberosIV/slave/kpropd.c b/crypto/kerberosIV/slave/kpropd.c
new file mode 100644
index 0000000..db74509
--- /dev/null
+++ b/crypto/kerberosIV/slave/kpropd.c
@@ -0,0 +1,318 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "slav_locl.h"
+
+#include "kprop.h"
+
+RCSID("$Id: kpropd.c,v 2.32 1999/12/02 16:58:56 joda Exp $");
+
+#ifndef SBINDIR
+#define SBINDIR "/usr/athena/sbin"
+#endif
+
+struct sockaddr_in master, slave;
+
+char *database = DBM_FILE;
+
+char *lockfile = DB_DIR "/slave_propagation";
+
+char *logfile = K_LOGFIL;
+
+char *kdb_util = SBINDIR "/kdb_util";
+
+char *kdb_util_command = "load";
+
+char *srvtab = "";
+
+char realm[REALM_SZ];
+
+static
+int
+copy_data(int from, int to, des_cblock *session, des_key_schedule schedule)
+{
+    unsigned char tmp[4];
+    char buf[KPROP_BUFSIZ + 26];
+    u_int32_t length;
+    int n;
+    
+    int kerr;
+    MSG_DAT m;
+
+    while(1){
+	n = krb_net_read(from, tmp, 4);
+	if(n == 0)
+	    break;
+	if(n < 0){
+	    klog(L_KRB_PERR, "krb_net_read: %s", strerror(errno));
+	    return -1;
+	}
+	if(n != 4){
+	    klog(L_KRB_PERR, "Premature end of data");
+	    return -1;
+	}
+	length = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
+	if(length > sizeof(buf)){
+	    klog(L_KRB_PERR, "Giant packet received: %d", length);
+	    return -1;
+	}
+	if(krb_net_read(from, buf, length) != length){
+	    klog(L_KRB_PERR, "Premature end of data");
+	    return -1;
+	}
+	kerr = krb_rd_priv (buf, length, schedule, session,
+			    &master, &slave, &m);
+	if(kerr != KSUCCESS){
+	    klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr));
+	    return -1;
+	}
+	write(to, m.app_data, m.app_length);
+    }
+    return 0;
+}
+
+
+static
+int
+kprop(int s)
+{
+    char buf[128];
+    int n;
+    KTEXT_ST ticket;
+    AUTH_DAT ad;
+    char sinst[INST_SZ];
+    des_key_schedule schedule;
+    int mode;
+    int kerr;
+    int lock;
+    
+    n = sizeof(master);
+    if(getpeername(s, (struct sockaddr*)&master, &n) < 0){
+	klog(L_KRB_PERR, "getpeername: %s", strerror(errno));
+	return 1;
+    }
+    
+    n = sizeof(slave);
+    if(getsockname(s, (struct sockaddr*)&slave, &n) < 0){
+	klog(L_KRB_PERR, "getsockname: %s", strerror(errno));
+	return 1;
+    }
+
+    klog(L_KRB_PERR, "Connection from %s", inet_ntoa(master.sin_addr));
+
+    n = krb_net_read(s, buf, KPROP_PROT_VERSION_LEN + 2);
+    if(n < KPROP_PROT_VERSION_LEN + 2){
+	klog(L_KRB_PERR, "Premature end of data");
+	return 1;
+    }
+    if(memcmp(buf, KPROP_PROT_VERSION, KPROP_PROT_VERSION_LEN) != 0){
+	klog(L_KRB_PERR, "Bad protocol version string received");
+	return 1;
+    }
+    mode = (buf[n-2] << 8) | buf[n-1];
+    if(mode != KPROP_TRANSFER_PRIVATE){
+	klog(L_KRB_PERR, "Bad transfer mode received: %d", mode);
+	return 1;
+    }
+    k_getsockinst(s, sinst, sizeof(sinst));
+    kerr = krb_recvauth(KOPT_DO_MUTUAL, s, &ticket,
+			KPROP_SERVICE_NAME, sinst,
+			&master, &slave,
+			&ad, srvtab, schedule, 
+			buf);
+    if(kerr != KSUCCESS){
+	klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr));
+	return 1;
+    }
+
+    if(strcmp(ad.pname, KPROP_SERVICE_NAME) ||
+#if 0
+       strcmp(ad.pinst, /* XXX remote host */) ||
+#else
+       strcmp(ad.pinst, KRB_MASTER) ||
+#endif
+       strcmp(ad.prealm, realm)){
+	klog(L_KRB_PERR, "Connection from unauthorized client: %s", 
+	     krb_unparse_name_long(ad.pname, ad.pinst, ad.prealm));
+	return 1;
+    }
+
+    des_set_key(&ad.session, schedule);
+    
+    lock = open(lockfile, O_WRONLY|O_CREAT, 0600);
+    if(lock < 0){
+	klog(L_KRB_PERR, "Failed to open file: %s", strerror(errno));
+	return 1;
+    }
+    if(flock(lock, LOCK_EX | LOCK_NB)){
+	close(lock);
+	klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno));
+	return 1;
+    }
+    
+    if(ftruncate(lock, 0) < 0){
+	close(lock);
+	klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno));
+	return 1;
+    }
+
+    if(copy_data(s, lock, &ad.session, schedule)){
+	close(lock);
+	return 1;
+    }
+    close(lock);
+    
+    if(simple_execlp(kdb_util, "kdb_util", kdb_util_command, 
+		     lockfile, database, NULL) != 0) {
+	klog(L_KRB_PERR, "*** Propagation failed ***");
+	return 1;
+    }else{
+	klog(L_KRB_PERR, "Propagation finished successfully");
+	return 0;
+    }
+}
+
+static int
+doit(void)
+{
+    return kprop(0);
+}
+
+static int
+doit_interactive(void)
+{
+    struct sockaddr_in sa;
+    int salen;
+    int s, s2;
+    int ret;
+
+    s = socket(AF_INET, SOCK_STREAM, 0);
+    if(s < 0){
+      klog(L_KRB_PERR, "socket: %s", strerror(errno));
+      return 1;
+    }
+    memset(&sa, 0, sizeof(sa));
+    sa.sin_family = AF_INET;
+    sa.sin_port = k_getportbyname ("krb_prop", "tcp", htons(KPROP_PORT));
+    ret = bind(s, (struct sockaddr*)&sa, sizeof(sa));
+    if (ret < 0) {
+      klog(L_KRB_PERR, "bind: %s", strerror(errno));
+      return 1;
+    }
+    ret = listen(s, SOMAXCONN);
+    if (ret < 0) {
+      klog(L_KRB_PERR, "listen: %s", strerror(errno));
+      return 1;
+    }
+    for(;;) {
+      salen = sizeof(sa);
+      s2 = accept(s, (struct sockaddr*)&sa, &salen);
+      switch(fork()){
+      case -1:
+	klog(L_KRB_PERR, "fork: %s", strerror(errno));
+	return 1;
+      case 0:
+	close(s);
+	kprop(s2);
+	return 1;
+      default: {
+	  int status;
+	  close(s2);
+	  wait(&status);
+	}
+      }
+    }
+}
+
+static void
+usage (void)
+{
+     fprintf (stderr, 
+	      "Usage: kpropd [-i] [-d database] [-l log] [-m] [-[p|P] program]"
+	      " [-r realm] [-s srvtab]\n");
+     exit (1);
+}
+
+int
+main(int argc, char **argv)
+{
+    int opt;
+    int interactive = 0;
+
+    krb_get_lrealm(realm, 1);
+    
+    while((opt = getopt(argc, argv, ":d:l:mp:P:r:s:i")) >= 0){
+	switch(opt){
+	case 'd':
+	    database = optarg;
+	    break;
+	case 'l':
+	    logfile = optarg;
+	    break;
+	case 'm':
+	    kdb_util_command = "merge";
+	    break;
+	case 'p':
+	case 'P':
+	    kdb_util = optarg;
+	    break;
+	case 'r':
+	    strlcpy(realm, optarg, REALM_SZ);
+	    break;
+	case 's':
+	    srvtab = optarg;
+	    break;
+	case 'i':
+	    interactive = 1;
+	    break;
+	default:
+	    klog(L_KRB_PERR, "Bad option: -%c", optopt);
+	    usage ();
+	    exit(1);
+	}
+    }
+    if (!interactive) {
+      /* Use logfile as stderr so we don't lose error messages. */
+      int fd = open(logfile, O_CREAT | O_WRONLY | O_APPEND, 0600);
+      if (fd == -1)
+	klog(L_KRB_PERR, "Can't open logfile %s: %s", logfile,strerror(errno));
+      else
+	dup2(fd, 2);
+      close(fd);
+    }
+    kset_logfile(logfile);
+    if (interactive)
+      return doit_interactive ();
+    else
+      return doit ();
+}
diff --git a/crypto/kerberosIV/slave/slav_locl.h b/crypto/kerberosIV/slave/slav_locl.h
new file mode 100644
index 0000000..2772ed9
--- /dev/null
+++ b/crypto/kerberosIV/slave/slav_locl.h
@@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: slav_locl.h,v 1.14 1999/12/02 16:58:56 joda Exp $ */
+
+#ifndef __slav_locl_h
+#define __slav_locl_h
+
+#include "config.h"
+#include "protos.h"
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+#include <errno.h>
+#include <unistd.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <time.h>
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#include <err.h>
+
+#ifdef SOCKS
+#include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
+#endif
+
+#include <roken.h>
+
+#include <krb.h>
+#include <krb_db.h>
+#include <klog.h>
+#include <prot.h>
+#include <kdc.h>
+
+#include <krb_log.h>
+
+#include "kprop.h"
+
+#endif /*  __slav_locl_h */
diff --git a/crypto/libdes/COPYRIGHT b/crypto/libdes/COPYRIGHT
new file mode 100644
index 0000000..5469e1e
--- /dev/null
+++ b/crypto/libdes/COPYRIGHT
@@ -0,0 +1,50 @@
+Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+All rights reserved.
+
+This package is an DES implementation written by Eric Young (eay@cryptsoft.com).
+The implementation was written so as to conform with MIT's libdes.
+
+This library is free for commercial and non-commercial use as long as
+the following conditions are aheared to.  The following conditions
+apply to all code found in this distribution.
+
+Copyright remains Eric Young's, and as such any Copyright notices in
+the code are not to be removed.
+If this package is used in a product, Eric Young should be given attribution
+as the author of that the SSL library.  This can be in the form of a textual
+message at program startup or in documentation (online or textual) provided
+with the package.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+   This product includes software developed by Eric Young (eay@cryptsoft.com)
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+The license and distribution terms for any publically available version or
+derivative of this code cannot be changed.  i.e. this code cannot simply be
+copied and put under another distrubution license
+[including the GNU Public License.]
+
+The reason behind this being stated in this direct manner is past
+experience in code simply being copied and the attribution removed
+from it and then being distributed as part of other packages. This
+implementation was a non-trivial and unpaid effort.
diff --git a/crypto/libdes/ChangeLog b/crypto/libdes/ChangeLog
new file mode 100644
index 0000000..95d5157
--- /dev/null
+++ b/crypto/libdes/ChangeLog
@@ -0,0 +1,66 @@
+1999-07-26  Johan Danielsson  <joda@pdc.kth.se>
+
+	* Makefile.am: bump version number (changes to md*, sha)
+
+1999-06-15  Assar Westerlund  <assar@sics.se>
+
+	* sha.c (swap_u_int32_t): add _CRAY
+
+Sat Apr 10 23:02:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* destest.c: fixes for crays
+
+Thu Apr  1 11:26:38 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: noinst_PROGRAMS -> check_PROGRAMS; add TESTS; don't
+ 	build rpw, and speed
+
+Mon Mar 22 20:16:26 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: hash.h
+
+	* sha.c: use hash.h; fixes for crays
+
+	* md5.c: use hash.h; fixes for crays
+
+	* md4.c: use hash.h; fixes for crays
+
+	* hash.h: common stuff from md4, md5, and sha1
+
+Sat Mar 20 00:16:53 1999  Assar Westerlund  <assar@sics.se>
+
+	* rnd_keys.c (des_rand_data): move declaration to get rid of
+ 	warning
+
+Thu Mar 18 11:22:28 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: include Makefile.am.common
+
+Mon Mar 15 17:36:41 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* rnd_keys.c (des_rand_data): if not using setitimer, block
+ 	SIGCHLD around fork(), also make sure we get the status of the
+ 	child process
+	(fake_signal): emulate signal using sigaction
+
+Tue Jan 12 05:06:54 1999  Assar Westerlund  <assar@sics.se>
+
+	* des.h: sparcv9 is also 64 bits, use `unsigned int' instead of
+ 	`unsigned long'
+
+Sun Nov 22 10:40:09 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (WFLAGS): set
+
+Mon May 25 05:24:56 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (clean): try to remove shared library debris
+
+Sun Apr 19 09:50:53 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: add symlink magic for linux
+
+Sun Nov  9 07:14:45 1997  Assar Westerlund  <assar@sics.se>
+
+	* mdtest.c: print out old and new string
+
diff --git a/crypto/libdes/DES.pm b/crypto/libdes/DES.pm
new file mode 100644
index 0000000..6a175b6
--- /dev/null
+++ b/crypto/libdes/DES.pm
@@ -0,0 +1,19 @@
+package DES;
+
+require Exporter;
+require DynaLoader;
+@ISA = qw(Exporter DynaLoader);
+# Items to export into callers namespace by default
+# (move infrequently used names to @EXPORT_OK below)
+@EXPORT = qw(
+);
+# Other items we are prepared to export if requested
+@EXPORT_OK = qw(
+crypt
+);
+
+# Preloaded methods go here.  Autoload methods go after __END__, and are
+# processed by the autosplit program.
+bootstrap DES;
+1;
+__END__
diff --git a/crypto/libdes/DES.pod b/crypto/libdes/DES.pod
new file mode 100644
index 0000000..8a739e7
--- /dev/null
+++ b/crypto/libdes/DES.pod
@@ -0,0 +1,16 @@
+crypt	<= 	crypt(buf,salt)
+key	<=	set_odd_parity(key)
+int	<=	is_weak_key(key)
+keysched<=	set_key(key)
+key	<=	ecb_encrypt(string8,ks,enc)
+key	<=	ecb3_encrypt(input,ks1,ks2,enc)
+string	<=	cbc_encrypt(input,ks,ivec,enc)			=> ivec 
+string	<=	cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,enc)	=> ivec1&ivec2 
+ck1,ck2	<=	cbc_cksum(input,ks,ivec)			=> ivec
+string	<=	pcbc_encrypt(input,ks,ivec,enc)			=> ivec 
+string	<=	ofb_encrypt(input,numbits,ks,ivec)		=> ivec
+string	<=	cfb_encrypt(input,numbits,ks,ivec,enc)		=> ivec
+key	<=	random_key()
+key	<=	string_to_key(string)
+key1,key2<=	string_to_2keys(string)
+
diff --git a/crypto/libdes/DES.xs b/crypto/libdes/DES.xs
new file mode 100644
index 0000000..b8050b9
--- /dev/null
+++ b/crypto/libdes/DES.xs
@@ -0,0 +1,268 @@
+#include "EXTERN.h"
+#include "perl.h"
+#include "XSUB.h"
+#include "des.h"
+
+#define deschar	char
+static STRLEN len;
+
+static int
+not_here(s)
+char *s;
+{
+    croak("%s not implemented on this architecture", s);
+    return -1;
+}
+
+MODULE = DES	PACKAGE = DES	PREFIX = des_
+
+char *
+des_crypt(buf,salt)
+	char *	buf
+	char *	salt
+
+void
+des_set_odd_parity(key)
+	des_cblock *	key
+PPCODE:
+	{
+	SV *s;
+
+	s=sv_newmortal();
+	sv_setpvn(s,(char *)key,8);
+	des_set_odd_parity((des_cblock *)SvPV(s,na));
+	PUSHs(s);
+	}
+
+int
+des_is_weak_key(key)
+	des_cblock *	key
+
+des_key_schedule
+des_set_key(key)
+	des_cblock *	key
+CODE:
+	des_set_key(key,RETVAL);
+OUTPUT:
+RETVAL
+
+des_cblock
+des_ecb_encrypt(input,ks,encrypt)
+	des_cblock *	input
+	des_key_schedule *	ks
+	int	encrypt
+CODE:
+	des_ecb_encrypt(input,&RETVAL,*ks,encrypt);
+OUTPUT:
+RETVAL
+
+void
+des_cbc_encrypt(input,ks,ivec,encrypt)
+	char *	input
+	des_key_schedule *	ks
+	des_cblock *	ivec
+	int	encrypt
+PPCODE:
+	{
+	SV *s;
+	STRLEN len,l;
+	char *c;
+
+	l=SvCUR(ST(0));
+	len=((((unsigned long)l)+7)/8)*8;
+	s=sv_newmortal();
+	sv_setpvn(s,"",0);
+	SvGROW(s,len);
+	SvCUR_set(s,len);
+	c=(char *)SvPV(s,na);
+	des_cbc_encrypt((des_cblock *)input,(des_cblock *)c,
+		l,*ks,ivec,encrypt);
+	sv_setpvn(ST(2),(char *)c[len-8],8);
+	PUSHs(s);
+	}
+
+void
+des_cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,encrypt)
+	char *	input
+	des_key_schedule *	ks1
+	des_key_schedule *	ks2
+	des_cblock *	ivec1
+	des_cblock *	ivec2
+	int	encrypt
+PPCODE:
+	{
+	SV *s;
+	STRLEN len,l;
+
+	l=SvCUR(ST(0));
+	len=((((unsigned long)l)+7)/8)*8;
+	s=sv_newmortal();
+	sv_setpvn(s,"",0);
+	SvGROW(s,len);
+	SvCUR_set(s,len);
+	des_3cbc_encrypt((des_cblock *)input,(des_cblock *)SvPV(s,na),
+		l,*ks1,*ks2,ivec1,ivec2,encrypt);
+	sv_setpvn(ST(3),(char *)ivec1,8);
+	sv_setpvn(ST(4),(char *)ivec2,8);
+	PUSHs(s);
+	}
+
+void
+des_cbc_cksum(input,ks,ivec)
+	char *	input
+	des_key_schedule *	ks
+	des_cblock *	ivec
+PPCODE:
+	{
+	SV *s1,*s2;
+	STRLEN len,l;
+	des_cblock c;
+	unsigned long i1,i2;
+
+	s1=sv_newmortal();
+	s2=sv_newmortal();
+	l=SvCUR(ST(0));
+	des_cbc_cksum((des_cblock *)input,(des_cblock *)c,
+		l,*ks,ivec);
+	i1=c[4]|(c[5]<<8)|(c[6]<<16)|(c[7]<<24);
+	i2=c[0]|(c[1]<<8)|(c[2]<<16)|(c[3]<<24);
+	sv_setiv(s1,i1);
+	sv_setiv(s2,i2);
+	sv_setpvn(ST(2),(char *)c,8);
+	PUSHs(s1);
+	PUSHs(s2);
+	}
+
+void
+des_cfb_encrypt(input,numbits,ks,ivec,encrypt)
+	char *	input
+	int	numbits
+	des_key_schedule *	ks
+	des_cblock *	ivec
+	int	encrypt
+PPCODE:
+	{
+	SV *s;
+	STRLEN len;
+	char *c;
+
+	len=SvCUR(ST(0));
+	s=sv_newmortal();
+	sv_setpvn(s,"",0);
+	SvGROW(s,len);
+	SvCUR_set(s,len);
+	c=(char *)SvPV(s,na);
+	des_cfb_encrypt((unsigned char *)input,(unsigned char *)c,
+		(int)numbits,(long)len,*ks,ivec,encrypt);
+	sv_setpvn(ST(3),(char *)ivec,8);
+	PUSHs(s);
+	}
+
+des_cblock *
+des_ecb3_encrypt(input,ks1,ks2,encrypt)
+	des_cblock *	input
+	des_key_schedule *	ks1
+	des_key_schedule *	ks2
+	int	encrypt
+CODE:
+	{
+	des_cblock c;
+
+	des_ecb3_encrypt((des_cblock *)input,(des_cblock *)&c,
+		*ks1,*ks2,encrypt);
+	RETVAL= &c;
+	}
+OUTPUT:
+RETVAL
+
+void
+des_ofb_encrypt(input,numbits,ks,ivec)
+	unsigned char *	input
+	int	numbits
+	des_key_schedule *	ks
+	des_cblock *	ivec
+PPCODE:
+	{
+	SV *s;
+	STRLEN len,l;
+	unsigned char *c;
+
+	len=SvCUR(ST(0));
+	s=sv_newmortal();
+	sv_setpvn(s,"",0);
+	SvGROW(s,len);
+	SvCUR_set(s,len);
+	c=(unsigned char *)SvPV(s,na);
+	des_ofb_encrypt((unsigned char *)input,(unsigned char *)c,
+		numbits,len,*ks,ivec);
+	sv_setpvn(ST(3),(char *)ivec,8);
+	PUSHs(s);
+	}
+
+void
+des_pcbc_encrypt(input,ks,ivec,encrypt)
+	char *	input
+	des_key_schedule *	ks
+	des_cblock *	ivec
+	int	encrypt
+PPCODE:
+	{
+	SV *s;
+	STRLEN len,l;
+	char *c;
+
+	l=SvCUR(ST(0));
+	len=((((unsigned long)l)+7)/8)*8;
+	s=sv_newmortal();
+	sv_setpvn(s,"",0);
+	SvGROW(s,len);
+	SvCUR_set(s,len);
+	c=(char *)SvPV(s,na);
+	des_pcbc_encrypt((des_cblock *)input,(des_cblock *)c,
+		l,*ks,ivec,encrypt);
+	sv_setpvn(ST(2),(char *)c[len-8],8);
+	PUSHs(s);
+	}
+
+des_cblock *
+des_random_key()
+CODE:
+	{
+	des_cblock c;
+
+	des_random_key(c);
+	RETVAL=&c;
+	}
+OUTPUT:
+RETVAL
+
+des_cblock *
+des_string_to_key(str)
+char *	str
+CODE:
+	{
+	des_cblock c;
+
+	des_string_to_key(str,&c);
+	RETVAL=&c;
+	}
+OUTPUT:
+RETVAL
+
+void
+des_string_to_2keys(str)
+char *	str
+PPCODE:
+	{
+	des_cblock c1,c2;
+	SV *s1,*s2;
+
+	des_string_to_2keys(str,&c1,&c2);
+	EXTEND(sp,2);
+	s1=sv_newmortal();
+	sv_setpvn(s1,(char *)c1,8);
+	s2=sv_newmortal();
+	sv_setpvn(s2,(char *)c2,8);
+	PUSHs(s1);
+	PUSHs(s2);
+	}
diff --git a/crypto/libdes/FILES b/crypto/libdes/FILES
new file mode 100644
index 0000000..4c7ea2d
--- /dev/null
+++ b/crypto/libdes/FILES
@@ -0,0 +1,96 @@
+/* General stuff */
+COPYRIGHT	- Copyright info.
+MODES.DES	- A description of the features of the different modes of DES.
+FILES		- This file.
+INSTALL		- How to make things compile.
+Imakefile	- For use with kerberos.
+README		- What this package is.
+VERSION		- Which version this is and what was changed.
+KERBEROS	- Kerberos version 4 notes.
+Makefile.PL	- An old makefile to build with perl5, not current.
+Makefile.ssl	- The SSLeay makefile
+Makefile.uni	- The normal unix makefile.
+GNUmakefile	- The makefile for use with glibc.
+makefile.bc	- A Borland C makefile
+times		- Some outputs from 'speed' on some machines.
+vms.com		- For use when compiling under VMS
+
+/* My SunOS des(1) replacement */
+des.c		- des(1) source code.
+des.man		- des(1) manual.
+
+/* Testing and timing programs. */
+destest.c	- Source for libdes.a test program.
+speed.c		- Source for libdes.a timing program.
+rpw.c		- Source for libdes.a testing password reading routines.
+
+/* libdes.a source code */
+des_crypt.man	- libdes.a manual page.
+des.h		- Public libdes.a header file.
+ecb_enc.c	- des_ecb_encrypt() source, this contains the basic DES code.
+ecb3_enc.c	- des_ecb3_encrypt() source.
+cbc_ckm.c	- des_cbc_cksum() source.
+cbc_enc.c	- des_cbc_encrypt() source.
+ncbc_enc.c	- des_cbc_encrypt() that is 'normal' in that it copies
+		  the new iv values back in the passed iv vector.
+ede_enc.c	- des_ede3_cbc_encrypt() cbc mode des using triple DES.
+cbc3_enc.c	- des_3cbc_encrypt() source, don't use this function.
+cfb_enc.c	- des_cfb_encrypt() source.
+cfb64enc.c	- des_cfb64_encrypt() cfb in 64 bit mode but setup to be
+		  used as a stream cipher.
+cfb64ede.c	- des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be
+		  used as a stream cipher and using triple DES.
+ofb_enc.c	- des_cfb_encrypt() source.
+ofb64_enc.c	- des_ofb_encrypt() ofb in 64 bit mode but setup to be
+		  used as a stream cipher.
+ofb64ede.c	- des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be
+		  used as a stream cipher and using triple DES.
+enc_read.c	- des_enc_read() source.
+enc_writ.c	- des_enc_write() source.
+pcbc_enc.c	- des_pcbc_encrypt() source.
+qud_cksm.c	- quad_cksum() source.
+rand_key.c	- des_random_key() source.
+read_pwd.c	- Source for des_read_password() plus related functions.
+set_key.c	- Source for des_set_key().
+str2key.c	- Covert a string of any length into a key.
+fcrypt.c	- A small, fast version of crypt(3).
+des_locl.h	- Internal libdes.a header file.
+podd.h		- Odd parity tables - used in des_set_key().
+sk.h		- Lookup tables used in des_set_key().
+spr.h		- What is left of the S tables - used in ecb_encrypt().
+des_ver.h	- header file for the external definition of the
+		  version string.
+des.doc		- SSLeay documentation for the library.
+
+/* The perl scripts - you can ignore these files they are only
+ * included for the curious */
+des.pl		- des in perl anyone? des_set_key and des_ecb_encrypt
+		  both done in a perl library.
+testdes.pl	- Testing program for des.pl
+doIP		- Perl script used to develop IP xor/shift code.
+doPC1		- Perl script used to develop PC1 xor/shift code.
+doPC2		- Generates sk.h.
+PC1		- Output of doPC1 should be the same as output from PC1.
+PC2		- used in development of doPC2.
+shifts.pl	- Perl library used by my perl scripts.
+
+/* I started making a perl5 dynamic library for libdes
+ * but did not fully finish, these files are part of that effort. */
+DES.pm
+DES.pod
+DES.xs
+t
+typemap
+
+/* The following are for use with sun RPC implementaions. */
+rpc_des.h
+rpc_enc.c
+
+/* The following are contibuted by Mark Murray <mark@grondar.za>.  They
+ * are not normally built into libdes due to machine specific routines
+ * contained in them.  They are for use in the most recent incarnation of
+ * export kerberos v 4 (eBones). */
+supp.c
+new_rkey.c
+
+
diff --git a/crypto/libdes/INSTALL b/crypto/libdes/INSTALL
new file mode 100644
index 0000000..32457d7
--- /dev/null
+++ b/crypto/libdes/INSTALL
@@ -0,0 +1,69 @@
+Check the CC and CFLAGS lines in the makefile
+
+If your C library does not support the times(3) function, change the
+#define TIMES to
+#undef TIMES in speed.c
+If it does, check the HZ value for the times(3) function.
+If your system does not define CLK_TCK it will be assumed to
+be 100.0.
+
+If possible use gcc v 2.7.?
+Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc)
+In recent times, some system compilers give better performace.
+
+type 'make'
+
+run './destest' to check things are ok.
+run './rpw' to check the tty code for reading passwords works.
+run './speed' to see how fast those optimisations make the library run :-)
+run './des_opts' to determin the best compile time options.
+
+The output from des_opts should be put in the makefile options and des_enc.c
+should be rebuilt.  For 64 bit computers, do not use the DES_PTR option.
+For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int'
+and then you can use the 'DES_PTR' option.
+
+The file options.txt has the options listed for best speed on quite a
+few systems.  Look and the options (UNROLL, PTR, RISC2 etc) and then
+turn on the relevent option in the Makefile
+
+There are some special Makefile targets that make life easier.
+make cc		- standard cc build
+make gcc	- standard gcc build
+make x86-elf	- x86 assembler (elf), linux-elf.
+make x86-out	- x86 assembler (a.out), FreeBSD
+make x86-solaris- x86 assembler
+make x86-bsdi	- x86 assembler (a.out with primative assembler).
+
+If at all possible use the assembler (for Windows NT/95, use
+asm/win32.obj to link with).  The x86 assembler is very very fast.
+
+A make install will by default install
+libdes.a      in /usr/local/lib/libdes.a
+des           in /usr/local/bin/des
+des_crypt.man in /usr/local/man/man3/des_crypt.3
+des.man       in /usr/local/man/man1/des.1
+des.h         in /usr/include/des.h
+
+des(1) should be compatible with sunOS's but I have been unable to
+test it.
+
+These routines should compile on MSDOS, most 32bit and 64bit version
+of Unix (BSD and SYSV) and VMS, without modification.
+The only problems should be #include files that are in the wrong places.
+
+These routines can be compiled under MSDOS.
+I have successfully encrypted files using des(1) under MSDOS and then
+decrypted the files on a SparcStation.
+I have been able to compile and test the routines with
+Microsoft C v 5.1 and Turbo C v 2.0.
+The code in this library is in no way optimised for the 16bit
+operation of MSDOS.
+
+When building for glibc, ignore all of the above and just unpack into
+glibc-1.??/des and then gmake as per normal.
+
+As a final note on performace.  Certain CPUs like sparcs and Alpha often give
+a %10 speed difference depending on the link order.  It is rather anoying
+when one program reports 'x' DES encrypts a second and another reports
+'x*0.9' the speed.
diff --git a/crypto/libdes/Imakefile b/crypto/libdes/Imakefile
new file mode 100644
index 0000000..1b9b562
--- /dev/null
+++ b/crypto/libdes/Imakefile
@@ -0,0 +1,35 @@
+# This Imakefile has not been tested for a while but it should still
+# work when placed in the correct directory in the kerberos v 4 distribution
+
+SRCS=   cbc_cksm.c cbc_enc.c ecb_enc.c pcbc_enc.c \
+        qud_cksm.c rand_key.c read_pwd.c set_key.c str2key.c \
+        enc_read.c enc_writ.c fcrypt.c cfb_enc.c \
+	ecb3_enc.c ofb_enc.c ofb64enc.c
+
+OBJS=   cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
+	qud_cksm.o rand_key.o read_pwd.o set_key.o str2key.o \
+	enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
+	ecb3_enc.o ofb_enc.o ofb64enc.o
+
+GENERAL=COPYRIGHT FILES INSTALL Imakefile README VERSION makefile times \
+	vms.com KERBEROS
+DES=    des.c des.man
+TESTING=destest.c speed.c rpw.c
+LIBDES= des_crypt.man des.h des_locl.h podd.h sk.h spr.h
+
+PERL=   des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+
+CODE=    $(GENERAL) $(DES) $(TESTING) $(SRCS) $(LIBDES) $(PERL)
+
+SRCDIR=$(SRCTOP)/lib/des
+
+DBG= -O
+INCLUDE= -I$(SRCDIR)
+CC= cc
+
+library_obj_rule()
+
+install_library_target(des,$(OBJS),$(SRCS),)
+
+test(destest,libdes.a,)
+test(rpw,libdes.a,)
diff --git a/crypto/libdes/KERBEROS b/crypto/libdes/KERBEROS
new file mode 100644
index 0000000..f401b10
--- /dev/null
+++ b/crypto/libdes/KERBEROS
@@ -0,0 +1,41 @@
+ [ This is an old file, I don't know if it is true anymore
+   but I will leave the file here - eay 21/11/95 ]
+
+To use this library with Bones (kerberos without DES):
+1) Get my modified Bones - eBones.  It can be found on
+   gondwana.ecr.mu.oz.au (128.250.1.63) /pub/athena/eBones-p9.tar.Z
+   and
+   nic.funet.fi (128.214.6.100) /pub/unix/security/Kerberos/eBones-p9.tar.Z
+
+2) Unpack this library in src/lib/des, makeing sure it is version
+   3.00 or greater (libdes.tar.93-10-07.Z).  This versions differences
+   from the version in comp.sources.misc volume 29 patchlevel2.
+   The primarily difference is that it should compile under kerberos :-).
+   It can be found at.
+   ftp.psy.uq.oz.au (130.102.32.1) /pub/DES/libdes.tar.93-10-07.Z
+
+Now do a normal kerberos build and things should work.
+
+One problem I found when I was build on my local sun.
+---
+For sunOS 4.1.1 apply the following patch to src/util/ss/make_commands.c
+
+*** make_commands.c.orig	Fri Jul  3 04:18:35 1987
+--- make_commands.c	Wed May 20 08:47:42 1992
+***************
+*** 98,104 ****
+       if (!rename(o_file, z_file)) {
+  	  if (!vfork()) {
+  	       chdir("/tmp");
+! 	       execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", "-n",
+  		     z_file+5, 0);
+  	       perror("/bin/ld");
+  	       _exit(1);
+--- 98,104 ----
+       if (!rename(o_file, z_file)) {
+  	  if (!vfork()) {
+  	       chdir("/tmp");
+! 	       execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r",
+  		     z_file+5, 0);
+  	       perror("/bin/ld");
+  	       _exit(1);
diff --git a/crypto/libdes/MODES.DES b/crypto/libdes/MODES.DES
new file mode 100644
index 0000000..0cbc44f
--- /dev/null
+++ b/crypto/libdes/MODES.DES
@@ -0,0 +1,84 @@
+Modes of DES
+Quite a bit of the following information has been taken from
+	AS 2805.5.2
+	Australian Standard
+	Electronic funds transfer - Requirements for interfaces,
+	Part 5.2: Modes of operation for an n-bit block cipher algorithm
+	Appendix A
+
+There are several different modes in which DES can be used, they are
+as follows.
+
+Electronic Codebook Mode (ECB) (des_ecb_encrypt())
+- 64 bits are enciphered at a time.
+- The order of the blocks can be rearranged without detection.
+- The same plaintext block always produces the same ciphertext block
+  (for the same key) making it vulnerable to a 'dictionary attack'.
+- An error will only affect one ciphertext block.
+
+Cipher Block Chaining Mode (CBC) (des_cbc_encrypt())
+- a multiple of 64 bits are enciphered at a time.
+- The CBC mode produces the same ciphertext whenever the same
+  plaintext is encrypted using the same key and starting variable.
+- The chaining operation makes the ciphertext blocks dependent on the
+  current and all preceding plaintext blocks and therefore blocks can not
+  be rearranged.
+- The use of different starting variables prevents the same plaintext
+  enciphering to the same ciphertext.
+- An error will affect the current and the following ciphertext blocks.
+
+Cipher Feedback Mode (CFB) (des_cfb_encrypt())
+- a number of bits (j) <= 64 are enciphered at a time.
+- The CFB mode produces the same ciphertext whenever the same
+  plaintext is encrypted using the same key and starting variable.
+- The chaining operation makes the ciphertext variables dependent on the
+  current and all preceding variables and therefore j-bit variables are
+  chained together and con not be rearranged.
+- The use of different starting variables prevents the same plaintext
+  enciphering to the same ciphertext.
+- The strength of the CFB mode depends on the size of k (maximal if
+  j == k).  In my implementation this is always the case.
+- Selection of a small value for j will require more cycles through
+  the encipherment algorithm per unit of plaintext and thus cause
+  greater processing overheads.
+- Only multiples of j bits can be enciphered.
+- An error will affect the current and the following ciphertext variables.
+
+Output Feedback Mode (OFB) (des_ofb_encrypt())
+- a number of bits (j) <= 64 are enciphered at a time.
+- The OFB mode produces the same ciphertext whenever the same
+  plaintext enciphered using the same key and starting variable.  More
+  over, in the OFB mode the same key stream is produced when the same
+  key and start variable are used.  Consequently, for security reasons
+  a specific start variable should be used only once for a given key.
+- The absence of chaining makes the OFB more vulnerable to specific attacks.
+- The use of different start variables values prevents the same
+  plaintext enciphering to the same ciphertext, by producing different
+  key streams.
+- Selection of a small value for j will require more cycles through
+  the encipherment algorithm per unit of plaintext and thus cause
+  greater processing overheads.
+- Only multiples of j bits can be enciphered.
+- OFB mode of operation does not extend ciphertext errors in the
+  resultant plaintext output.  Every bit error in the ciphertext causes
+  only one bit to be in error in the deciphered plaintext.
+- OFB mode is not self-synchronising.  If the two operation of
+  encipherment and decipherment get out of synchronism, the system needs
+  to be re-initialised.
+- Each re-initialisation should use a value of the start variable
+different from the start variable values used before with the same
+key.  The reason for this is that an identical bit stream would be
+produced each time from the same parameters.  This would be
+susceptible to a 'known plaintext' attack.
+
+Triple ECB Mode (des_ecb3_encrypt())
+- Encrypt with key1, decrypt with key2 and encrypt with key1 again.
+- As for ECB encryption but increases the effective key length to 112 bits.
+- If both keys are the same it is equivalent to encrypting once with
+  just one key.
+
+Triple CBC Mode (des_3cbc_encrypt())
+- Encrypt with key1, decrypt with key2 and encrypt with key1 again.
+- As for CBC encryption but increases the effective key length to 112 bits.
+- If both keys are the same it is equivalent to encrypting once with
+  just one key.
diff --git a/crypto/libdes/Makefile.PL b/crypto/libdes/Makefile.PL
new file mode 100644
index 0000000..b54a243
--- /dev/null
+++ b/crypto/libdes/Makefile.PL
@@ -0,0 +1,14 @@
+use ExtUtils::MakeMaker;
+# See lib/ExtUtils/MakeMaker.pm for details of how to influence
+# the contents of the Makefile being created.
+&writeMakefile(
+	'potential_libs' => '',   # e.g., '-lm' 
+	'INC' => '',     # e.g., '-I/usr/include/other' 
+	'DISTNAME' => 'DES',
+	'VERSION' => '0.1',
+	'DEFINE' => '-DPERL5',
+	'OBJECT' => 'DES.o cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
+	rand_key.o set_key.o str2key.o \
+	enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
+	ecb3_enc.o ofb_enc.o cbc3_enc.o des_enc.o',
+	);
diff --git a/crypto/libdes/Makefile.am b/crypto/libdes/Makefile.am
new file mode 100644
index 0000000..915482b
--- /dev/null
+++ b/crypto/libdes/Makefile.am
@@ -0,0 +1,112 @@
+# $Id: Makefile.am,v 1.16 1999/07/26 12:38:01 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+lib_LTLIBRARIES = libdes.la
+libdes_la_LDFLAGS = -version-info 0:1:0
+
+include_HEADERS = des.h md4.h md5.h sha.h
+
+build_HEADERZ = $(include_HEADERS)
+
+check_PROGRAMS = destest mdtest
+
+TESTS = destest mdtest
+CHECK_LOCAL = 
+bin_PROGRAMS = des #rpw speed
+
+des_SOURCES = des.c des_ver.h
+
+LDADD = $(lib_LTLIBRARIES)
+
+libdes_la_SOURCES =	\
+	cbc3_enc.c	\
+	cbc_cksm.c	\
+	cbc_enc.c	\
+	cfb64ede.c	\
+	cfb64enc.c	\
+	cfb_enc.c	\
+	des_enc.c	\
+	des_locl.h	\
+	ecb3_enc.c	\
+	ecb_enc.c	\
+	ede_enc.c	\
+	enc_read.c	\
+	enc_writ.c	\
+	fcrypt.c	\
+	hash.h		\
+	key_par.c	\
+	md4.c		\
+	md5.c		\
+	ncbc_enc.c	\
+	ofb64ede.c	\
+	ofb64enc.c	\
+	ofb_enc.c	\
+	pcbc_enc.c	\
+	podd.h		\
+	qud_cksm.c	\
+	read_pwd.c	\
+	rnd_keys.c	\
+	set_key.c	\
+	sha.c		\
+	sk.h		\
+	spr.h		\
+	str2key.c	\
+	xcbc_enc.c
+
+EXTRA_libdes_la_SOURCES = dllmain.c passwd_dialog.aps passwd_dialog.clw \
+	passwd_dialog.rc passwd_dialog.res passwd_dlg.c passwd_dlg.h resource.h
+
+## this is an awful lot of junk, but it's just as well to include everything
+EXTRA_DIST =		\
+	COPYRIGHT	\
+	DES.pm		\
+	DES.pod		\
+	DES.xs		\
+	FILES		\
+	Imakefile	\
+	KERBEROS	\
+	MODES.DES	\
+	Makefile.PL	\
+	Makefile.ssl	\
+	Makefile.uni	\
+	PC1		\
+	PC2		\
+	VERSION		\
+	des.def		\
+	des.dsp		\
+	des.doc		\
+	des.mak		\
+	des.man		\
+	des.org		\
+	des.pl		\
+	des_crypt.man	\
+	des_locl.org	\
+	des_opts.c	\
+	doIP		\
+	doPC1		\
+	doPC2		\
+	makefile.bc	\
+	rand_key.c	\
+	rpc_des.h	\
+	rpc_enc.c	\
+	shifts.pl	\
+	supp.c		\
+	testdes.pl	\
+	times		\
+	typemap		\
+	version.h	\
+	vms.com
+
+asm_files = des-som2.pl des-som3.pl des586.pl des686.pl desboth.pl \
+	dx86-cpp.s dx86unix.cpp readme win32.asm win32.obj win32.uu x86ms.pl \
+	x86unix.pl
+
+dist-hook:
+	$(mkinstalldirs) $(distdir)/t
+	$(INSTALL_DATA) $(srcdir)/t/perl $(distdir)/t
+	$(INSTALL_DATA) $(srcdir)/t/test $(distdir)/t
+	$(mkinstalldirs) $(distdir)/asm
+	(cd $(srcdir)/asm && tar cf - $(asm_files)) \
+		| (cd $(distdir)/asm; tar xf -)
+
diff --git a/crypto/libdes/Makefile.in b/crypto/libdes/Makefile.in
new file mode 100644
index 0000000..a03def5
--- /dev/null
+++ b/crypto/libdes/Makefile.in
@@ -0,0 +1,777 @@
+# Makefile.in generated automatically by automake 1.4 from Makefile.am
+
+# Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+# $Id: Makefile.am,v 1.16 1999/07/26 12:38:01 joda Exp $
+
+
+# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
+
+
+# $Id: Makefile.am.common,v 1.12 1999/07/28 00:54:29 assar Exp $
+
+
+SHELL = @SHELL@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+
+bindir = @bindir@
+sbindir = @sbindir@
+libexecdir = @libexecdir@
+datadir = @datadir@
+sysconfdir = @sysconfdir@
+sharedstatedir = @sharedstatedir@
+localstatedir = @localstatedir@
+libdir = @libdir@
+infodir = @infodir@
+mandir = @mandir@
+includedir = @includedir@
+oldincludedir = /usr/include
+
+DESTDIR =
+
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+
+top_builddir = ../..
+
+ACLOCAL = @ACLOCAL@
+AUTOCONF = @AUTOCONF@
+AUTOMAKE = @AUTOMAKE@
+AUTOHEADER = @AUTOHEADER@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS)
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+transform = @program_transform_name@
+
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+host_alias = @host_alias@
+host_triplet = @host@
+AFS_EXTRA_LD = @AFS_EXTRA_LD@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+DBLIB = @DBLIB@
+EXEEXT = @EXEEXT@
+EXTRA_LIB45 = @EXTRA_LIB45@
+GROFF = @GROFF@
+INCLUDE_ = @INCLUDE_@
+LD = @LD@
+LEX = @LEX@
+LIBOBJS = @LIBOBJS@
+LIBTOOL = @LIBTOOL@
+LIB_ = @LIB_@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_kdb = @LIB_kdb@
+LIB_otp = @LIB_otp@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MAKE_X_PROGS_BIN_PROGS = @MAKE_X_PROGS_BIN_PROGS@
+MAKE_X_PROGS_BIN_SCRPTS = @MAKE_X_PROGS_BIN_SCRPTS@
+MAKE_X_PROGS_LIBEXEC_PROGS = @MAKE_X_PROGS_LIBEXEC_PROGS@
+NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
+NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
+NM = @NM@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+RANLIB = @RANLIB@
+VERSION = @VERSION@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+YACC = @YACC@
+
+AUTOMAKE_OPTIONS = foreign no-dependencies
+
+SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
+
+INCLUDES = -I$(top_builddir)/include
+
+AM_CFLAGS =  $(WFLAGS)
+
+COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
+
+buildinclude = $(top_builddir)/include
+
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_crypt = @LIB_crypt@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_el_init = @LIB_el_init@
+LIB_getattr = @LIB_getattr@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_readline = @LIB_readline@
+LIB_res_search = @LIB_res_search@
+LIB_setpcred = @LIB_setpcred@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+LIB_hesiod = @LIB_hesiod@
+
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
+
+INCLUDE_readline = @INCLUDE_readline@
+
+LEXLIB = @LEXLIB@
+
+cat1dir = $(mandir)/cat1
+cat3dir = $(mandir)/cat3
+cat5dir = $(mandir)/cat5
+cat8dir = $(mandir)/cat8
+
+MANRX = \(.*\)\.\([0-9]\)
+CATSUFFIX = @CATSUFFIX@
+
+NROFF_MAN = groff -mandoc -Tascii
+
+@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+
+@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la 	$(top_builddir)/lib/asn1/libasn1.la
+@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+CHECK_LOCAL = 
+
+lib_LTLIBRARIES = libdes.la
+libdes_la_LDFLAGS = -version-info 0:1:0
+
+include_HEADERS = des.h md4.h md5.h sha.h
+
+build_HEADERZ = $(include_HEADERS)
+
+check_PROGRAMS = destest mdtest
+
+TESTS = destest mdtest
+bin_PROGRAMS = des #rpw speed
+
+des_SOURCES = des.c des_ver.h
+
+LDADD = $(lib_LTLIBRARIES)
+
+libdes_la_SOURCES =  	cbc3_enc.c		cbc_cksm.c		cbc_enc.c		cfb64ede.c		cfb64enc.c		cfb_enc.c		des_enc.c		des_locl.h		ecb3_enc.c		ecb_enc.c		ede_enc.c		enc_read.c		enc_writ.c		fcrypt.c		hash.h			key_par.c		md4.c			md5.c			ncbc_enc.c		ofb64ede.c		ofb64enc.c		ofb_enc.c		pcbc_enc.c		podd.h			qud_cksm.c		read_pwd.c		rnd_keys.c		set_key.c		sha.c			sk.h			spr.h			str2key.c		xcbc_enc.c
+
+
+EXTRA_libdes_la_SOURCES = dllmain.c passwd_dialog.aps passwd_dialog.clw 	passwd_dialog.rc passwd_dialog.res passwd_dlg.c passwd_dlg.h resource.h
+
+
+EXTRA_DIST =  	COPYRIGHT		DES.pm			DES.pod			DES.xs			FILES			Imakefile		KERBEROS		MODES.DES		Makefile.PL		Makefile.ssl		Makefile.uni		PC1			PC2			VERSION			des.def			des.dsp			des.doc			des.mak			des.man			des.org			des.pl			des_crypt.man		des_locl.org		des_opts.c		doIP			doPC1			doPC2			makefile.bc		rand_key.c		rpc_des.h		rpc_enc.c		shifts.pl		supp.c			testdes.pl		times			typemap			version.h		vms.com
+
+
+asm_files = des-som2.pl des-som3.pl des586.pl des686.pl desboth.pl 	dx86-cpp.s dx86unix.cpp readme win32.asm win32.obj win32.uu x86ms.pl 	x86unix.pl
+
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = ../../include/config.h
+CONFIG_CLEAN_FILES = 
+LTLIBRARIES =  $(lib_LTLIBRARIES)
+
+
+DEFS = @DEFS@ -I. -I$(srcdir) -I../../include
+CPPFLAGS = @CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBS = @LIBS@
+X_CFLAGS = @X_CFLAGS@
+X_LIBS = @X_LIBS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+libdes_la_LIBADD = 
+libdes_la_OBJECTS =  cbc3_enc.lo cbc_cksm.lo cbc_enc.lo cfb64ede.lo \
+cfb64enc.lo cfb_enc.lo des_enc.lo ecb3_enc.lo ecb_enc.lo ede_enc.lo \
+enc_read.lo enc_writ.lo fcrypt.lo key_par.lo md4.lo md5.lo ncbc_enc.lo \
+ofb64ede.lo ofb64enc.lo ofb_enc.lo pcbc_enc.lo qud_cksm.lo read_pwd.lo \
+rnd_keys.lo set_key.lo sha.lo str2key.lo xcbc_enc.lo
+bin_PROGRAMS =  des$(EXEEXT)
+check_PROGRAMS =  destest$(EXEEXT) mdtest$(EXEEXT)
+PROGRAMS =  $(bin_PROGRAMS)
+
+des_OBJECTS =  des.$(OBJEXT)
+des_LDADD = $(LDADD)
+des_DEPENDENCIES =  libdes.la
+des_LDFLAGS = 
+destest_SOURCES = destest.c
+destest_OBJECTS =  destest.$(OBJEXT)
+destest_LDADD = $(LDADD)
+destest_DEPENDENCIES =  libdes.la
+destest_LDFLAGS = 
+mdtest_SOURCES = mdtest.c
+mdtest_OBJECTS =  mdtest.$(OBJEXT)
+mdtest_LDADD = $(LDADD)
+mdtest_DEPENDENCIES =  libdes.la
+mdtest_LDFLAGS = 
+CFLAGS = @CFLAGS@
+COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@
+HEADERS =  $(include_HEADERS)
+
+DIST_COMMON =  README ChangeLog INSTALL Makefile.am Makefile.in
+
+
+DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+
+TAR = tar
+GZIP_ENV = --best
+SOURCES = $(libdes_la_SOURCES) $(EXTRA_libdes_la_SOURCES) $(des_SOURCES) destest.c mdtest.c
+OBJECTS = $(libdes_la_OBJECTS) $(des_OBJECTS) destest.$(OBJEXT) mdtest.$(OBJEXT)
+
+all: all-redirect
+.SUFFIXES:
+.SUFFIXES: .1 .3 .5 .8 .S .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .s .x
+$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
+	cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/des/Makefile
+
+Makefile: $(srcdir)/Makefile.in  $(top_builddir)/config.status
+	cd $(top_builddir) \
+	  && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
+
+
+mostlyclean-libLTLIBRARIES:
+
+clean-libLTLIBRARIES:
+	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+
+distclean-libLTLIBRARIES:
+
+maintainer-clean-libLTLIBRARIES:
+
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	$(mkinstalldirs) $(DESTDIR)$(libdir)
+	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+	  if test -f $$p; then \
+	    echo "$(LIBTOOL)  --mode=install $(INSTALL) $$p $(DESTDIR)$(libdir)/$$p"; \
+	    $(LIBTOOL)  --mode=install $(INSTALL) $$p $(DESTDIR)$(libdir)/$$p; \
+	  else :; fi; \
+	done
+
+uninstall-libLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+	  $(LIBTOOL)  --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
+	done
+
+.c.o:
+	$(COMPILE) -c $<
+
+# FIXME: We should only use cygpath when building on Windows,
+# and only if it is available.
+.c.obj:
+	$(COMPILE) -c `cygpath -w $<`
+
+.s.o:
+	$(COMPILE) -c $<
+
+.S.o:
+	$(COMPILE) -c $<
+
+mostlyclean-compile:
+	-rm -f *.o core *.core
+	-rm -f *.$(OBJEXT)
+
+clean-compile:
+
+distclean-compile:
+	-rm -f *.tab.c
+
+maintainer-clean-compile:
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(COMPILE) -c $<
+
+.s.lo:
+	$(LIBTOOL) --mode=compile $(COMPILE) -c $<
+
+.S.lo:
+	$(LIBTOOL) --mode=compile $(COMPILE) -c $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+distclean-libtool:
+
+maintainer-clean-libtool:
+
+libdes.la: $(libdes_la_OBJECTS) $(libdes_la_DEPENDENCIES)
+	$(LINK) -rpath $(libdir) $(libdes_la_LDFLAGS) $(libdes_la_OBJECTS) $(libdes_la_LIBADD) $(LIBS)
+
+mostlyclean-binPROGRAMS:
+
+clean-binPROGRAMS:
+	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
+
+distclean-binPROGRAMS:
+
+maintainer-clean-binPROGRAMS:
+
+install-binPROGRAMS: $(bin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	$(mkinstalldirs) $(DESTDIR)$(bindir)
+	@list='$(bin_PROGRAMS)'; for p in $$list; do \
+	  if test -f $$p; then \
+	    echo " $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \
+	    $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \
+	  else :; fi; \
+	done
+
+uninstall-binPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	list='$(bin_PROGRAMS)'; for p in $$list; do \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \
+	done
+
+mostlyclean-checkPROGRAMS:
+
+clean-checkPROGRAMS:
+	-test -z "$(check_PROGRAMS)" || rm -f $(check_PROGRAMS)
+
+distclean-checkPROGRAMS:
+
+maintainer-clean-checkPROGRAMS:
+
+des$(EXEEXT): $(des_OBJECTS) $(des_DEPENDENCIES)
+	@rm -f des$(EXEEXT)
+	$(LINK) $(des_LDFLAGS) $(des_OBJECTS) $(des_LDADD) $(LIBS)
+
+destest$(EXEEXT): $(destest_OBJECTS) $(destest_DEPENDENCIES)
+	@rm -f destest$(EXEEXT)
+	$(LINK) $(destest_LDFLAGS) $(destest_OBJECTS) $(destest_LDADD) $(LIBS)
+
+mdtest$(EXEEXT): $(mdtest_OBJECTS) $(mdtest_DEPENDENCIES)
+	@rm -f mdtest$(EXEEXT)
+	$(LINK) $(mdtest_LDFLAGS) $(mdtest_OBJECTS) $(mdtest_LDADD) $(LIBS)
+
+install-includeHEADERS: $(include_HEADERS)
+	@$(NORMAL_INSTALL)
+	$(mkinstalldirs) $(DESTDIR)$(includedir)
+	@list='$(include_HEADERS)'; for p in $$list; do \
+	  if test -f "$$p"; then d= ; else d="$(srcdir)/"; fi; \
+	  echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$p"; \
+	  $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$p; \
+	done
+
+uninstall-includeHEADERS:
+	@$(NORMAL_UNINSTALL)
+	list='$(include_HEADERS)'; for p in $$list; do \
+	  rm -f $(DESTDIR)$(includedir)/$$p; \
+	done
+
+tags: TAGS
+
+ID: $(HEADERS) $(SOURCES) $(LISP)
+	list='$(SOURCES) $(HEADERS)'; \
+	unique=`for i in $$list; do echo $$i; done | \
+	  awk '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	here=`pwd` && cd $(srcdir) \
+	  && mkid -f$$here/ID $$unique $(LISP)
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)'; \
+	unique=`for i in $$list; do echo $$i; done | \
+	  awk '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
+	  || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags  $$unique $(LISP) -o $$here/TAGS)
+
+mostlyclean-tags:
+
+clean-tags:
+
+distclean-tags:
+	-rm -f TAGS ID
+
+maintainer-clean-tags:
+
+distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
+
+subdir = lib/des
+
+distdir: $(DISTFILES)
+	@for file in $(DISTFILES); do \
+	  d=$(srcdir); \
+	  if test -d $$d/$$file; then \
+	    cp -pr $$/$$file $(distdir)/$$file; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || ln $$d/$$file $(distdir)/$$file 2> /dev/null \
+	    || cp -p $$d/$$file $(distdir)/$$file || :; \
+	  fi; \
+	done
+	$(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
+check-TESTS: $(TESTS)
+	@failed=0; all=0; \
+	srcdir=$(srcdir); export srcdir; \
+	for tst in $(TESTS); do \
+	  if test -f $$tst; then dir=.; \
+	  else dir="$(srcdir)"; fi; \
+	  if $(TESTS_ENVIRONMENT) $$dir/$$tst; then \
+	    all=`expr $$all + 1`; \
+	    echo "PASS: $$tst"; \
+	  elif test $$? -ne 77; then \
+	    all=`expr $$all + 1`; \
+	    failed=`expr $$failed + 1`; \
+	    echo "FAIL: $$tst"; \
+	  fi; \
+	done; \
+	if test "$$failed" -eq 0; then \
+	  banner="All $$all tests passed"; \
+	else \
+	  banner="$$failed of $$all tests failed"; \
+	fi; \
+	dashes=`echo "$$banner" | sed s/./=/g`; \
+	echo "$$dashes"; \
+	echo "$$banner"; \
+	echo "$$dashes"; \
+	test "$$failed" -eq 0
+info-am:
+info: info-am
+dvi-am:
+dvi: dvi-am
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
+check: check-am
+installcheck-am:
+installcheck: installcheck-am
+install-exec-am: install-libLTLIBRARIES install-binPROGRAMS
+	@$(NORMAL_INSTALL)
+	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-exec: install-exec-am
+
+install-data-am: install-includeHEADERS install-data-local
+install-data: install-data-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+install: install-am
+uninstall-am: uninstall-libLTLIBRARIES uninstall-binPROGRAMS \
+		uninstall-includeHEADERS
+uninstall: uninstall-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
+all-redirect: all-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install
+installdirs:
+	$(mkinstalldirs)  $(DESTDIR)$(libdir) $(DESTDIR)$(bindir) \
+		$(DESTDIR)$(includedir)
+
+
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-rm -f Makefile $(CONFIG_CLEAN_FILES)
+	-rm -f config.cache config.log stamp-h stamp-h[0-9]*
+
+maintainer-clean-generic:
+mostlyclean-am:  mostlyclean-libLTLIBRARIES mostlyclean-compile \
+		mostlyclean-libtool mostlyclean-binPROGRAMS \
+		mostlyclean-checkPROGRAMS mostlyclean-tags \
+		mostlyclean-generic
+
+mostlyclean: mostlyclean-am
+
+clean-am:  clean-libLTLIBRARIES clean-compile clean-libtool \
+		clean-binPROGRAMS clean-checkPROGRAMS clean-tags \
+		clean-generic mostlyclean-am
+
+clean: clean-am
+
+distclean-am:  distclean-libLTLIBRARIES distclean-compile \
+		distclean-libtool distclean-binPROGRAMS \
+		distclean-checkPROGRAMS distclean-tags \
+		distclean-generic clean-am
+	-rm -f libtool
+
+distclean: distclean-am
+
+maintainer-clean-am:  maintainer-clean-libLTLIBRARIES \
+		maintainer-clean-compile maintainer-clean-libtool \
+		maintainer-clean-binPROGRAMS \
+		maintainer-clean-checkPROGRAMS maintainer-clean-tags \
+		maintainer-clean-generic distclean-am
+	@echo "This command is intended for maintainers to use;"
+	@echo "it deletes files that may require special tools to rebuild."
+
+maintainer-clean: maintainer-clean-am
+
+.PHONY: mostlyclean-libLTLIBRARIES distclean-libLTLIBRARIES \
+clean-libLTLIBRARIES maintainer-clean-libLTLIBRARIES \
+uninstall-libLTLIBRARIES install-libLTLIBRARIES mostlyclean-compile \
+distclean-compile clean-compile maintainer-clean-compile \
+mostlyclean-libtool distclean-libtool clean-libtool \
+maintainer-clean-libtool mostlyclean-binPROGRAMS distclean-binPROGRAMS \
+clean-binPROGRAMS maintainer-clean-binPROGRAMS uninstall-binPROGRAMS \
+install-binPROGRAMS mostlyclean-checkPROGRAMS distclean-checkPROGRAMS \
+clean-checkPROGRAMS maintainer-clean-checkPROGRAMS \
+uninstall-includeHEADERS install-includeHEADERS tags mostlyclean-tags \
+distclean-tags clean-tags maintainer-clean-tags distdir check-TESTS \
+info-am info dvi-am dvi check-local check check-am installcheck-am \
+installcheck install-exec-am install-exec install-data-local \
+install-data-am install-data install-am install uninstall-am uninstall \
+all-local all-redirect all-am all installdirs mostlyclean-generic \
+distclean-generic clean-generic maintainer-clean-generic clean \
+mostlyclean distclean maintainer-clean
+
+
+install-suid-programs:
+	@foo='$(bin_SUIDS)'; \
+	for file in $$foo; do \
+	x=$(DESTDIR)$(bindir)/$$file; \
+	if chown 0:0 $$x && chmod u+s $$x; then :; else \
+	chmod 0 $$x; fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
+	@foo='$(include_HEADERS) $(build_HEADERZ)'; \
+	for f in $$foo; do \
+		f=`basename $$f`; \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(INSTALL_DATA) $$file $(buildinclude)/$$f"; \
+			$(INSTALL_DATA) $$file $(buildinclude)/$$f; \
+		fi ; \
+	done
+
+all-local: install-build-headers
+#NROFF_MAN = nroff -man
+.1.cat1:
+	$(NROFF_MAN) $< > $@
+.3.cat3:
+	$(NROFF_MAN) $< > $@
+.5.cat5:
+	$(NROFF_MAN) $< > $@
+.8.cat8:
+	$(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+	@foo='$(man1_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.1) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat3-mans:
+	@foo='$(man3_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.3) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat5-mans:
+	@foo='$(man5_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.5) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat8-mans:
+	@foo='$(man8_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.8) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat1-mans:
+	@ext=1;\
+	foo='$(man1_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.1) foo="$$foo $$i";; \
+	esac; done; \
+	if test "$$foo"; then \
+		$(mkinstalldirs) $(DESTDIR)$(cat1dir); \
+		for x in $$foo; do \
+			f=`echo $$x | sed 's/\.[^.]*$$/.cat1/'`; \
+			if test -f "$(srcdir)/$$f"; then \
+				b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
+				echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX)";\
+				$(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX);\
+			 fi; \
+		done ;\
+	fi
+
+install-cat3-mans:
+	@ext=3;\
+	foo='$(man3_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.3) foo="$$foo $$i";; \
+	esac; done; \
+	if test "$$foo"; then \
+		$(mkinstalldirs) $(DESTDIR)$(cat3dir); \
+		for x in $$foo; do \
+			f=`echo $$x | sed 's/\.[^.]*$$/.cat3/'`; \
+			if test -f "$(srcdir)/$$f"; then \
+				b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
+				echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX)";\
+				$(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX);\
+			 fi; \
+		done ;\
+	fi
+
+install-cat5-mans:
+	@ext=5;\
+	foo='$(man5_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.5) foo="$$foo $$i";; \
+	esac; done; \
+	if test "$$foo"; then \
+		$(mkinstalldirs) $(DESTDIR)$(cat5dir); \
+		for x in $$foo; do \
+			f=`echo $$x | sed 's/\.[^.]*$$/.cat5/'`; \
+			if test -f "$(srcdir)/$$f"; then \
+				b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
+				echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX)";\
+				$(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX);\
+			 fi; \
+		done ;\
+	fi
+
+install-cat8-mans:
+	@ext=8;\
+	foo='$(man8_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.8) foo="$$foo $$i";; \
+	esac; done; \
+	if test "$$foo"; then \
+		$(mkinstalldirs) $(DESTDIR)$(cat8dir); \
+		for x in $$foo; do \
+			f=`echo $$x | sed 's/\.[^.]*$$/.cat8/'`; \
+			if test -f "$(srcdir)/$$f"; then \
+				b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
+				echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX)";\
+				$(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX);\
+			 fi; \
+		done ;\
+	fi
+
+install-cat-mans: install-cat1-mans install-cat3-mans install-cat5-mans install-cat8-mans
+
+install-data-local: install-cat-mans
+
+.et.h:
+	$(COMPILE_ET) $<
+.et.c:
+	$(COMPILE_ET) $<
+
+.x.c:
+	@cmp -s $< $@ 2> /dev/null || cp $< $@
+
+check-local::
+	@foo='$(CHECK_LOCAL)'; \
+	  if test "$$foo"; then \
+	  failed=0; all=0; \
+	  for i in $$foo; do \
+	    all=`expr $$all + 1`; \
+	    if ./$$i --version > /dev/null 2>&1; then \
+	      echo "PASS: $$i"; \
+	    else \
+	      echo "FAIL: $$i"; \
+	      failed=`expr $$failed + 1`; \
+	    fi; \
+	  done; \
+	  if test "$$failed" -eq 0; then \
+	    banner="All $$all tests passed"; \
+	  else \
+	    banner="$$failed of $$all tests failed"; \
+	  fi; \
+	  dashes=`echo "$$banner" | sed s/./=/g`; \
+	  echo "$$dashes"; \
+	  echo "$$banner"; \
+	  echo "$$dashes"; \
+	  test "$$failed" -eq 0; \
+	fi
+
+dist-hook:
+	$(mkinstalldirs) $(distdir)/t
+	$(INSTALL_DATA) $(srcdir)/t/perl $(distdir)/t
+	$(INSTALL_DATA) $(srcdir)/t/test $(distdir)/t
+	$(mkinstalldirs) $(distdir)/asm
+	(cd $(srcdir)/asm && tar cf - $(asm_files)) \
+		| (cd $(distdir)/asm; tar xf -)
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/crypto/libdes/Makefile.lit b/crypto/libdes/Makefile.lit
new file mode 100644
index 0000000..c09f696
--- /dev/null
+++ b/crypto/libdes/Makefile.lit
@@ -0,0 +1,250 @@
+# You must select the correct terminal control system to be used to
+# turn character echo off when reading passwords.  There a 5 systems
+# SGTTY   - the old BSD system
+# TERMIO  - most system V boxes
+# TERMIOS - SGI (ala IRIX).
+# VMS     - the DEC operating system
+# MSDOS   - we all know what it is :-)
+# read_pwd.c makes a reasonable guess at what is correct.
+
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+# make x86-elf  - linux-elf etc
+# make x86-out  - linux-a.out, FreeBSD etc
+# make x86-solaris
+# make x86-bdsi
+
+# If you are on a DEC Alpha, edit des.h and change the DES_LONG
+# define to 'unsigned int'.  I have seen this give a %20 speedup.
+
+OPTS0= -DLIBDES_LIT -DRAND -DTERMIO #-DNOCONST
+
+# Version 1.94 has changed the strings_to_key function so that it is
+# now compatible with MITs when the string is longer than 8 characters.
+# If you wish to keep the old version, uncomment the following line.
+# This will affect the -E/-D options on des(1).
+#OPTS1= -DOLD_STR_TO_KEY
+
+# There are 4 possible performance options
+# -DDES_PTR
+# -DDES_RISC1
+# -DDES_RISC2 (only one of DES_RISC1 and DES_RISC2)
+# -DDES_UNROLL
+# after the initial build, run 'des_opts' to see which options are best
+# for your platform.  There are some listed in options.txt
+#OPTS2= -DDES_PTR 
+#OPTS3= -DDES_RISC1 # or DES_RISC2
+#OPTS4= -DDES_UNROLL
+
+OPTS= $(OPTS0) $(OPTS1) $(OPTS2) $(OPTS3) $(OPTS4)
+
+MAKE=make -f Makefile
+#CC=cc
+#CFLAG= -O
+
+CC=gcc
+#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
+CFLAG= -O3 -fomit-frame-pointer
+
+CFLAGS=$(OPTS) $(CFLAG)
+CPP=$(CC) -E
+AS=as
+
+# Assember version of des_encrypt*().
+DES_ENC=des_enc.o fcrypt_b.o		# normal C version
+#DES_ENC=asm/dx86-elf.o	asm/yx86-elf.o	# elf format x86
+#DES_ENC=asm/dx86-out.o	asm/yx86-out.o	# a.out format x86
+#DES_ENC=asm/dx86-sol.o	asm/yx86-sol.o	# solaris format x86 
+#DES_ENC=asm/dx86bsdi.o	asm/yx86basi.o	# bsdi format x86 
+
+LIBDIR=/usr/local/lib
+BINDIR=/usr/local/bin
+INCDIR=/usr/local/include
+MANDIR=/usr/local/man
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+OBJ_LIT=cbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
+OBJ_FULL=cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
+	xcbc_enc.o qud_cksm.o \
+	cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \
+	enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o  \
+	rand_key.o read_pwd.o read2pwd.o rpc_enc.o  str2key.o supp.o
+
+GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \
+	des.doc options.txt asm
+GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \
+	des.man DES.pm DES.pod DES.xs Makefile.PL dess.cpp des3s.cpp \
+	Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \
+	des.org des_locl.org
+TESTING_LIT=	destest speed des_opts
+TESTING_FULL=	rpw $(TESTING_LIT)
+TESTING_SRC_LIT=destest.c speed.c des_opts.c
+TESTING_SRC_FULL=rpw.c $(TESTING_SRC_LIT)
+HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h
+HEADERS_FULL= $(HEADERS_LIT) rpc_des.h
+LIBDES_LIT=cbc_enc.c ecb_enc.c fcrypt.c set_key.c des_enc.c fcrypt_b.c
+LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c \
+	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c \
+	enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c  \
+	rand_key.c rpc_enc.c  str2key.c  supp.c \
+	xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c
+
+PERL=	des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+
+OBJ=	$(OBJ_LIT)
+GENERAL=$(GENERAL_LIT)
+TESTING=$(TESTING_LIT)
+TESTING_SRC=$(TESTING_SRC_LIT)
+HEADERS=$(HEADERS_LIT)
+LIBDES=	$(LIBDES_LIT)
+
+ALL=	$(GENERAL) $(TESTING_SRC) $(LIBDES) $(PERL) $(HEADERS)
+
+DLIB=	libdes.a
+
+all: $(DLIB) $(TESTING)
+
+cc:
+	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
+
+gcc:
+	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
+
+x86-elf:
+	$(MAKE) DES_ENC='asm/dx86-elf.o asm/yx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+
+x86-out:
+	$(MAKE) DES_ENC='asm/dx86-out.o asm/yx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+
+x86-solaris:
+	$(MAKE) DES_ENC='asm/dx86-sol.o asm/yx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+
+x86-bsdi:
+	$(MAKE) DES_ENC='asm/dx86bsdi.o asm/yx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+
+# elf
+asm/dx86-elf.o: asm/dx86unix.cpp
+	$(CPP) -DELF asm/dx86unix.cpp | $(AS) -o asm/dx86-elf.o
+
+asm/yx86-elf.o: asm/yx86unix.cpp
+	$(CPP) -DELF asm/yx86unix.cpp | $(AS) -o asm/yx86-elf.o
+
+# solaris
+asm/dx86-sol.o: asm/dx86unix.cpp
+	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+	as -o asm/dx86-sol.o asm/dx86-sol.s
+	rm -f asm/dx86-sol.s
+
+asm/yx86-sol.o: asm/yx86unix.cpp
+	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+	as -o asm/yx86-sol.o asm/yx86-sol.s
+	rm -f asm/yx86-sol.s
+
+# a.out
+asm/dx86-out.o: asm/dx86unix.cpp
+	$(CPP) -DOUT asm/dx86unix.cpp | $(AS) -o asm/dx86-out.o
+
+asm/yx86-out.o: asm/yx86unix.cpp
+	$(CPP) -DOUT asm/yx86unix.cpp | $(AS) -o asm/yx86-out.o
+
+# bsdi
+asm/dx86bsdi.o: asm/dx86unix.cpp
+	$(CPP) -DBSDI asm/dx86unix.cpp | $(AS) -o asm/dx86bsdi.o
+
+asm/yx86bsdi.o: asm/yx86unix.cpp
+	$(CPP) -DBSDI asm/yx86unix.cpp | $(AS) -o asm/yx86bsdi.o
+
+asm/dx86unix.cpp:
+	(cd asm; perl des-586.pl cpp >dx86unix.cpp)
+
+asm/yx86unix.cpp:
+	(cd asm; perl crypt586.pl cpp >yx86unix.cpp)
+
+test:	all
+	./destest
+
+$(DLIB): $(OBJ)
+	/bin/rm -f $(DLIB)
+	ar cr $(DLIB) $(OBJ)
+	-if test -s /bin/ranlib; then /bin/ranlib $(DLIB); \
+	else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(DLIB); \
+	else exit 0; fi; fi
+
+des_opts: des_opts.o $(DLIB)
+	$(CC) $(CFLAGS) -o des_opts des_opts.o $(DLIB)
+
+destest: destest.o $(DLIB)
+	$(CC) $(CFLAGS) -o destest destest.o $(DLIB)
+
+rpw: rpw.o $(DLIB)
+	$(CC) $(CFLAGS) -o rpw rpw.o $(DLIB)
+
+speed: speed.o $(DLIB)
+	$(CC) $(CFLAGS) -o speed speed.o $(DLIB)
+
+des: des.o $(DLIB)
+	$(CC) $(CFLAGS) -o des des.o $(DLIB)
+
+tags:
+	ctags $(TESTING_SRC) $(LIBDES)
+
+tar_lit:
+	/bin/mv Makefile Makefile.tmp
+	/bin/cp Makefile.lit Makefile
+	tar chf libdes-l.tar $(LIBDES_LIT) $(HEADERS_LIT) \
+		$(GENERAL_LIT) $(TESTING_SRC_LIT)
+	/bin/rm -f Makefile
+	/bin/mv Makefile.tmp Makefile
+
+tar:
+	tar chf libdes.tar $(ALL)
+
+shar:
+	shar $(ALL) >libdes.shar
+
+depend:
+	makedepend $(LIBDES) $(TESTING_SRC)
+
+clean:
+	/bin/rm -f *.o tags core $(TESTING) $(DLIB) .nfs* *.old *.bak asm/*.o 
+
+dclean:
+	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
+	mv -f Makefile.new Makefile
+
+# Eric is probably going to choke when he next looks at this --tjh
+install:
+	if test $(INSTALLTOP); then \
+	    echo SSL style install; \
+	    cp $(DLIB) $(INSTALLTOP)/lib; \
+	    if test -s /bin/ranlib; then \
+	        /bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
+	    else \
+		if test -s /usr/bin/ranlib; then \
+		/usr/bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
+	    fi; fi; \
+	    chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
+	    cp des.h $(INSTALLTOP)/include; \
+	    chmod 644 $(INSTALLTOP)/include/des.h; \
+	else \
+	    echo Standalone install; \
+	    cp $(DLIB) $(LIBDIR)/$(DLIB); \
+	    if test -s /bin/ranlib; then \
+	      /bin/ranlib $(LIBDIR)/$(DLIB); \
+	    else \
+	      if test -s /usr/bin/ranlib; then \
+		/usr/bin/ranlib $(LIBDIR)/$(DLIB); \
+	      fi; \
+	    fi; \
+	    chmod 644 $(LIBDIR)/$(DLIB); \
+	    cp des_crypt.man $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+	    chmod 644 $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+	    cp des.man $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+	    chmod 644 $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+	    cp des.h $(INCDIR)/des.h; \
+	    chmod 644 $(INCDIR)/des.h; \
+	fi
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/libdes/Makefile.ssl b/crypto/libdes/Makefile.ssl
new file mode 100644
index 0000000..09fdd07
--- /dev/null
+++ b/crypto/libdes/Makefile.ssl
@@ -0,0 +1,208 @@
+#
+# SSLeay/crypto/des/Makefile
+#
+
+DIR=	des
+TOP=	../..
+CC=	cc
+CPP=	$(CC) -E
+INCLUDES=-I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+DES_ENC=	des_enc.o fcrypt_b.o
+# or use
+#DES_ENC=	dx86-elf.o yx86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=destest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+	ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
+	fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
+	qud_cksm.c rand_key.c read_pwd.c rpc_enc.c  set_key.c  \
+	des_enc.c fcrypt_b.c read2pwd.c \
+	fcrypt.c xcbc_enc.c \
+	str2key.c  cfb64ede.c ofb64ede.c supp.c ede_cbcm_enc.c
+
+LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
+	ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
+	enc_read.o enc_writ.o ofb64enc.o \
+	ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
+	${DES_ENC} read2pwd.o \
+	fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o  cbc_cksm.o supp.o \
+	ede_cbcm_enc.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= des.h
+HEADER=	des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+des: des.o cbc3_enc.o lib
+	$(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+
+# elf
+asm/dx86-elf.o: asm/dx86unix.cpp
+	$(CPP) -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
+
+asm/yx86-elf.o: asm/yx86unix.cpp
+	$(CPP) -DELF asm/yx86unix.cpp | as -o asm/yx86-elf.o
+
+# solaris
+asm/dx86-sol.o: asm/dx86unix.cpp
+	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+	as -o asm/dx86-sol.o asm/dx86-sol.s
+	rm -f asm/dx86-sol.s
+
+asm/yx86-sol.o: asm/yx86unix.cpp
+	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+	as -o asm/yx86-sol.o asm/yx86-sol.s
+	rm -f asm/yx86-sol.s
+
+# a.out
+asm/dx86-out.o: asm/dx86unix.cpp
+	$(CPP) -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+
+asm/yx86-out.o: asm/yx86unix.cpp
+	$(CPP) -DOUT asm/yx86unix.cpp | as -o asm/yx86-out.o
+
+# bsdi
+asm/dx86bsdi.o: asm/dx86unix.cpp
+	$(CPP) -DBSDI asm/dx86unix.cpp | sed 's/ :/:/' | as -o asm/dx86bsdi.o
+
+asm/yx86bsdi.o: asm/yx86unix.cpp
+	$(CPP) -DBSDI asm/yx86unix.cpp | sed 's/ :/:/' | as -o asm/yx86bsdi.o
+
+asm/dx86unix.cpp: asm/des-586.pl
+	(cd asm; $(PERL) des-586.pl cpp >dx86unix.cpp)
+
+asm/yx86unix.cpp: asm/crypt586.pl
+	(cd asm; $(PERL) crypt586.pl cpp >yx86unix.cpp)
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh ../../perlasm asm/perlasm
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install: installs
+
+installs:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f asm/dx86unix.cpp asm/yx86unix.cpp *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cbc_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cbc_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+cbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h ncbc_enc.c
+cfb64ede.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cfb64ede.o: ../../include/openssl/opensslconf.h des_locl.h
+cfb64enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cfb64enc.o: ../../include/openssl/opensslconf.h des_locl.h
+cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cfb_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+des_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+des_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_locl.h ncbc_enc.c
+ecb3_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ecb3_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ecb_enc.o: des_locl.h spr.h
+ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ede_cbcm_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+enc_read.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+enc_read.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+enc_read.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+enc_read.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+enc_read.o: ../cryptlib.h des_locl.h
+enc_writ.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+enc_writ.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+enc_writ.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+enc_writ.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+enc_writ.o: ../../include/openssl/stack.h ../cryptlib.h des_locl.h
+fcrypt.o: ../../include/openssl/des.h ../../include/openssl/des.h
+fcrypt.o: ../../include/openssl/e_os2.h ../../include/openssl/e_os2.h
+fcrypt.o: ../../include/openssl/opensslconf.h
+fcrypt.o: ../../include/openssl/opensslconf.h des_locl.h des_locl.h
+fcrypt_b.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+fcrypt_b.o: ../../include/openssl/opensslconf.h des_locl.h
+ofb64ede.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ofb64ede.o: ../../include/openssl/opensslconf.h des_locl.h
+ofb64enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ofb64enc.o: ../../include/openssl/opensslconf.h des_locl.h
+ofb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ofb_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+pcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+pcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+qud_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+rand_key.o: ../../include/openssl/opensslconf.h des_locl.h
+read2pwd.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+read2pwd.o: ../../include/openssl/opensslconf.h des_locl.h
+read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+read_pwd.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+read_pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+read_pwd.o: ../cryptlib.h des_locl.h
+rpc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
+set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+set_key.o: ../../include/openssl/opensslconf.h des_locl.h podd.h sk.h
+str2key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+str2key.o: ../../include/openssl/opensslconf.h des_locl.h
+supp.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+supp.o: ../../include/openssl/opensslconf.h des_locl.h
+xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
diff --git a/crypto/libdes/Makefile.uni b/crypto/libdes/Makefile.uni
new file mode 100644
index 0000000..ec19d75
--- /dev/null
+++ b/crypto/libdes/Makefile.uni
@@ -0,0 +1,251 @@
+# You must select the correct terminal control system to be used to
+# turn character echo off when reading passwords.  There a 5 systems
+# SGTTY   - the old BSD system
+# TERMIO  - most system V boxes
+# TERMIOS - SGI (ala IRIX).
+# VMS     - the DEC operating system
+# MSDOS   - we all know what it is :-)
+# read_pwd.c makes a reasonable guess at what is correct.
+
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+# make x86-elf  - linux-elf etc
+# make x86-out  - linux-a.out, FreeBSD etc
+# make x86-solaris
+# make x86-bdsi
+
+# If you are on a DEC Alpha, edit des.h and change the DES_LONG
+# define to 'unsigned int'.  I have seen this give a %20 speedup.
+
+OPTS0= -DRAND -DTERMIO #-DNOCONST
+
+# Version 1.94 has changed the strings_to_key function so that it is
+# now compatible with MITs when the string is longer than 8 characters.
+# If you wish to keep the old version, uncomment the following line.
+# This will affect the -E/-D options on des(1).
+#OPTS1= -DOLD_STR_TO_KEY
+
+# There are 4 possible performance options
+# -DDES_PTR
+# -DDES_RISC1
+# -DDES_RISC2 (only one of DES_RISC1 and DES_RISC2)
+# -DDES_UNROLL
+# after the initial build, run 'des_opts' to see which options are best
+# for your platform.  There are some listed in options.txt
+#OPTS2= -DDES_PTR 
+#OPTS3= -DDES_RISC1 # or DES_RISC2
+#OPTS4= -DDES_UNROLL
+
+OPTS= $(OPTS0) $(OPTS1) $(OPTS2) $(OPTS3) $(OPTS4)
+
+MAKE=make -f Makefile
+#CC=cc
+#CFLAG= -O
+
+CC=gcc
+#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
+CFLAG= -O3 -fomit-frame-pointer
+
+CFLAGS=$(OPTS) $(CFLAG)
+CPP=$(CC) -E
+AS=as
+RANLIB=ranlib
+
+# Assember version of des_encrypt*().
+DES_ENC=des_enc.o fcrypt_b.o		# normal C version
+#DES_ENC=asm/dx86-elf.o	asm/yx86-elf.o	# elf format x86
+#DES_ENC=asm/dx86-out.o	asm/yx86-out.o	# a.out format x86
+#DES_ENC=asm/dx86-sol.o	asm/yx86-sol.o	# solaris format x86 
+#DES_ENC=asm/dx86bsdi.o	asm/yx86basi.o	# bsdi format x86 
+
+LIBDIR=/usr/local/lib
+BINDIR=/usr/local/bin
+INCDIR=/usr/local/include
+MANDIR=/usr/local/man
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+OBJ_LIT=cbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
+OBJ_FULL=cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
+	xcbc_enc.o qud_cksm.o cbc3_enc.o \
+	cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \
+	enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o  \
+	rand_key.o read_pwd.o read2pwd.o rpc_enc.o  str2key.o supp.o
+
+GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \
+	des.doc options.txt asm
+GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \
+	des.man DES.pm DES.pod DES.xs Makefile.PL dess.cpp des3s.cpp \
+	Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \
+	des.org des_locl.org
+TESTING_LIT=	destest speed des_opts
+TESTING_FULL=	rpw des $(TESTING_LIT)
+TESTING_SRC_LIT=destest.c speed.c des_opts.c
+TESTING_SRC_FULL=rpw.c des.c $(TESTING_SRC_LIT)
+HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h
+HEADERS_FULL= $(HEADERS_LIT) rpc_des.h
+LIBDES_LIT=cbc_enc.c ecb_enc.c fcrypt.c set_key.c des_enc.c fcrypt_b.c
+LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c cbc3_enc.c \
+	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c \
+	enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c  \
+	rand_key.c rpc_enc.c  str2key.c  supp.c \
+	xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c
+
+PERL=	des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+
+OBJ=	$(OBJ_FULL)
+GENERAL=$(GENERAL_FULL)
+TESTING=$(TESTING_FULL)
+TESTING_SRC=$(TESTING_SRC_FULL)
+HEADERS=$(HEADERS_FULL)
+LIBDES=	$(LIBDES_FULL)
+
+ALL=	$(GENERAL) $(TESTING_SRC) $(LIBDES) $(PERL) $(HEADERS)
+
+DLIB=	libdes.a
+
+all: $(DLIB) $(TESTING)
+
+cc:
+	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
+
+gcc:
+	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
+
+x86-elf:
+	$(MAKE) DES_ENC='asm/dx86-elf.o asm/yx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+
+x86-out:
+	$(MAKE) DES_ENC='asm/dx86-out.o asm/yx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+
+x86-solaris:
+	$(MAKE) DES_ENC='asm/dx86-sol.o asm/yx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+
+x86-bsdi:
+	$(MAKE) DES_ENC='asm/dx86bsdi.o asm/yx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+
+# elf
+asm/dx86-elf.o: asm/dx86unix.cpp
+	$(CPP) -DELF asm/dx86unix.cpp | $(AS) -o asm/dx86-elf.o
+
+asm/yx86-elf.o: asm/yx86unix.cpp
+	$(CPP) -DELF asm/yx86unix.cpp | $(AS) -o asm/yx86-elf.o
+
+# solaris
+asm/dx86-sol.o: asm/dx86unix.cpp
+	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+	as -o asm/dx86-sol.o asm/dx86-sol.s
+	rm -f asm/dx86-sol.s
+
+asm/yx86-sol.o: asm/yx86unix.cpp
+	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+	as -o asm/yx86-sol.o asm/yx86-sol.s
+	rm -f asm/yx86-sol.s
+
+# a.out
+asm/dx86-out.o: asm/dx86unix.cpp
+	$(CPP) -DOUT asm/dx86unix.cpp | $(AS) -o asm/dx86-out.o
+
+asm/yx86-out.o: asm/yx86unix.cpp
+	$(CPP) -DOUT asm/yx86unix.cpp | $(AS) -o asm/yx86-out.o
+
+# bsdi
+asm/dx86bsdi.o: asm/dx86unix.cpp
+	$(CPP) -DBSDI asm/dx86unix.cpp | $(AS) -o asm/dx86bsdi.o
+
+asm/yx86bsdi.o: asm/yx86unix.cpp
+	$(CPP) -DBSDI asm/yx86unix.cpp | $(AS) -o asm/yx86bsdi.o
+
+asm/dx86unix.cpp:
+	(cd asm; perl des-586.pl cpp >dx86unix.cpp)
+
+asm/yx86unix.cpp:
+	(cd asm; perl crypt586.pl cpp >yx86unix.cpp)
+
+test:	all
+	./destest
+
+$(DLIB): $(OBJ)
+	/bin/rm -f $(DLIB)
+	ar cr $(DLIB) $(OBJ)
+	$(RANLIB) $(DLIB)
+
+des_opts: des_opts.o $(DLIB)
+	$(CC) $(CFLAGS) -o des_opts des_opts.o $(DLIB)
+
+destest: destest.o $(DLIB)
+	$(CC) $(CFLAGS) -o destest destest.o $(DLIB)
+
+rpw: rpw.o $(DLIB)
+	$(CC) $(CFLAGS) -o rpw rpw.o $(DLIB)
+
+speed: speed.o $(DLIB)
+	$(CC) $(CFLAGS) -o speed speed.o $(DLIB)
+
+des: des.o $(DLIB)
+	$(CC) $(CFLAGS) -o des des.o $(DLIB)
+
+tags:
+	ctags $(TESTING_SRC) $(LIBDES)
+
+tar_lit:
+	/bin/mv Makefile Makefile.tmp
+	/bin/cp Makefile.lit Makefile
+	for i in $(HEADERS_LIT) $(LIBDES_LIT) $(GENERAL_LIT) $(TESTING_SRC_LIT) ;\
+	do \
+		n="$$n des/$$i"; \
+	done; \
+	( cd .. ; tar chf - $$n )| gzip > libdes-l.tgz
+	/bin/rm -f Makefile
+	/bin/mv Makefile.tmp Makefile
+
+tar:
+	mv Makefile Makefile.tmp
+	/bin/cp Makefile.uni Makefile
+	for i in $(ALL) ;\
+	do \
+		n="$$n des/$$i"; \
+	done; \
+	( cd .. ; tar chf - $$n )| gzip > libdes.tgz
+	/bin/rm -f Makefile
+	/bin/mv Makefile.tmp Makefile
+
+shar:
+	shar $(ALL) >libdes.shar
+
+depend:
+	makedepend $(LIBDES) $(TESTING_SRC)
+
+clean:
+	/bin/rm -f *.o tags core $(TESTING) $(DLIB) .nfs* *.old *.bak asm/*.o 
+
+dclean:
+	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
+	mv -f Makefile.new Makefile
+
+# Eric is probably going to choke when he next looks at this --tjh
+install: des
+	if test $(INSTALLTOP); then \
+	    echo SSL style install; \
+	    cp $(DLIB) $(INSTALLTOP)/lib; \
+		$(RANLIB) $(DLIB); \
+	    chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
+	    cp des.h $(INSTALLTOP)/include; \
+	    chmod 644 $(INSTALLTOP)/include/des.h; \
+	else \
+	    echo Standalone install; \
+	    cp $(DLIB) $(LIBDIR)/$(DLIB); \
+		$(RANLIB) $(DLIB); \
+	    chmod 644 $(LIBDIR)/$(DLIB); \
+	    cp des $(BINDIR)/des; \
+	    chmod 711 $(BINDIR)/des; \
+	    cp des_crypt.man $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+	    chmod 644 $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+	    cp des.man $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+	    chmod 644 $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+	    cp des.h $(INCDIR)/des.h; \
+	    chmod 644 $(INCDIR)/des.h; \
+	fi
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/libdes/PC1 b/crypto/libdes/PC1
new file mode 100755
index 0000000..efb8348
--- /dev/null
+++ b/crypto/libdes/PC1
@@ -0,0 +1,28 @@
+#!/usr/local/bin/perl
+
+@PC1=(  57,49,41,33,25,17, 9,
+	 1,58,50,42,34,26,18,
+	10, 2,59,51,43,35,27,
+	19,11, 3,60,52,44,36,
+	"-","-","-","-",
+	63,55,47,39,31,23,15,
+	 7,62,54,46,38,30,22,
+	14, 6,61,53,45,37,29,
+	21,13, 5,28,20,12, 4,
+	"-","-","-","-",
+	);
+
+foreach (@PC1)
+	{
+	if ($_ ne "-")
+		{
+		$_--;
+		$_=int($_/8)*8+7-($_%8);
+		printf "%2d  ",$_;
+		}
+	else
+		{ print "--  "; }
+	print "\n" if (((++$i) % 8) == 0);
+	print "\n" if ((($i) % 32) == 0);
+	}
+
diff --git a/crypto/libdes/PC2 b/crypto/libdes/PC2
new file mode 100755
index 0000000..2d56027
--- /dev/null
+++ b/crypto/libdes/PC2
@@ -0,0 +1,57 @@
+#!/usr/local/bin/perl
+
+@PC2_C=(14,17,11,24, 1, 5,
+	 3,28,15, 6,21,10,
+	23,19,12, 4,26, 8,
+	16, 7,27,20,13, 2,
+	);
+
+@PC2_D=(41,52,31,37,47,55,
+	30,40,51,45,33,48,
+	44,49,39,56,34,53,
+	46,42,50,36,29,32,
+	);
+
+foreach (@PC2_C) {
+	if ($_ ne "-")
+		{
+		$_--;
+		printf "%2d  ",$_; }
+	else { print "--  "; }
+	$C{$_}=1;
+	print "\n" if (((++$i) % 8) == 0);
+	}
+$i=0;
+print "\n";
+foreach (@PC2_D) {
+	if ($_ ne "-")
+		{
+		$_-=29;
+		printf "%2d  ",$_; }
+	else { print "--  "; }
+	$D{$_}=1;
+	print "\n" if (((++$i) % 8) == 0); }
+
+print "\n";
+foreach $i (0 .. 27)
+	{
+	$_=$C{$i};
+	if ($_ ne "-") {printf "%2d ",$_;}
+	else { print "--  "; }
+	print "\n" if (((++$i) % 8) == 0);
+	}
+print "\n";
+
+print "\n";
+foreach $i (0 .. 27)
+	{
+	$_=$D{$i};
+	if ($_ ne "-") {printf "%2d  ",$_;}
+	else { print "--  "; }
+	print "\n" if (((++$i) % 8) == 0);
+	}
+print "\n";
+sub numsort
+	{
+	$a-$b;
+	}
diff --git a/crypto/libdes/README b/crypto/libdes/README
new file mode 100644
index 0000000..621a5ab
--- /dev/null
+++ b/crypto/libdes/README
@@ -0,0 +1,54 @@
+
+		libdes, Version 4.01 10-Jan-97
+
+		Copyright (c) 1997, Eric Young
+			  All rights reserved.
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms specified in COPYRIGHT.
+    
+--
+The primary ftp site for this library is
+ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz
+libdes is now also shipped with SSLeay.  Primary ftp site of
+ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
+
+The best way to build this library is to build it as part of SSLeay.
+
+This kit builds a DES encryption library and a DES encryption program.
+It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb,
+triple cfb, desx, and MIT's pcbc encryption modes and also has a fast
+implementation of crypt(3).
+It contains support routines to read keys from a terminal,
+generate a random key, generate a key from an arbitrary length string,
+read/write encrypted data from/to a file descriptor.
+
+The implementation was written so as to conform with the manual entry
+for the des_crypt(3) library routines from MIT's project Athena.
+
+destest should be run after compilation to test the des routines.
+rpw should be run after compilation to test the read password routines.
+The des program is a replacement for the sun des command.  I believe it
+conforms to the sun version.
+
+The Imakefile is setup for use in the kerberos distribution.
+
+These routines are best compiled with gcc or any other good
+optimising compiler.
+Just turn you optimiser up to the highest settings and run destest
+after the build to make sure everything works.
+
+I believe these routines are close to the fastest and most portable DES
+routines that use small lookup tables (4.5k) that are publicly available.
+The fcrypt routine is faster than ufc's fcrypt (when compiling with
+gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines
+(on a sun3/260 168 vs 336).  It is a function of CPU on chip cache size.
+[ 10-Jan-97 and a function of an incorrect speed testing program in
+  ufc which gave much better test figures that reality ].
+
+It is worth noting that on sparc and Alpha CPUs, performance of the DES
+library can vary by upto %10 due to the positioning of files after application
+linkage.
+
+Eric Young (eay@cryptsoft.com)
+
diff --git a/crypto/libdes/VERSION b/crypto/libdes/VERSION
new file mode 100644
index 0000000..c7d0154
--- /dev/null
+++ b/crypto/libdes/VERSION
@@ -0,0 +1,412 @@
+	Fixed the weak key values which were wrong :-(
+	Defining SIGACTION causes sigaction() to be used instead of signal().
+	SIGUSR1/SIGUSR2 are no longer mapped in the read tty stuff because it
+	can cause problems.  This should hopefully not affect normal
+	applications.
+
+Version 4.04
+	Fixed a few tests in destest.  Also added x86 assember for
+	des_ncbc_encrypt() which is the standard cbc mode function.
+	This makes a very very large performace difference.
+	Ariel Glenn ariel@columbia.edu reports that the terminal
+	'turn echo off' can return (errno == EINVAL) under solaris
+	when redirection is used.  So I now catch that as well as ENOTTY.
+
+
+Version 4.03
+	Left a static out of enc_write.c, which caused to buffer to be
+	continiously malloc()ed.  Does anyone use these functions?  I keep
+	on feeling like removing them since I only had these in there
+	for a version of kerberised login.  Anyway, this was pointed out
+	by Theo de Raadt <deraadt@cvs.openbsd.org>
+	The 'n' bit ofb code was wrong, it was not shifting the shift
+	register. It worked correctly for n == 64.  Thanks to
+	Gigi Ankeny <Gigi.Ankeny@Eng.Sun.COM> for pointing this one out.
+
+Version 4.02
+	I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)'
+	when checking for weak keys which is wrong :-(, pointed out by
+	Markus F.X.J. Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>.
+
+Version 4.01
+	Even faster inner loop in the DES assembler for x86 and a modification
+	for IP/FP which is faster on x86.  Both of these changes are
+	from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  His
+	changes make the assembler run %40 faster on a pentium.  This is just
+	a case of getting the instruction sequence 'just right'.
+	All credit to 'Svend' :-)
+	Quite a few special x86 'make' targets.
+	A libdes-l (lite) distribution.
+
+Version 4.00
+	After a bit of a pause, I'll up the major version number since this
+	is mostly a performace release.  I've added x86 assembler and
+	added more options for performance.  A %28 speedup for gcc 
+	on a pentium and the assembler is a %50 speedup.
+	MIPS CPU's, sparc and Alpha are the main CPU's with speedups.
+	Run des_opts to work out which options should be used.
+	DES_RISC1/DES_RISC2 use alternative inner loops which use
+	more registers but should give speedups on any CPU that does
+	dual issue (pentium).  DES_UNROLL unrolls the inner loop,
+	which costs in code size.
+
+Version 3.26
+	I've finally removed one of the shifts in D_ENCRYPT.  This
+	meant I've changed the des_SPtrans table (spr.h), the set_key()
+	function and some things in des_enc.c.  This has definitly
+	made things faster :-).  I've known about this one for some
+	time but I've been too lazy to follow it up :-).
+	Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^..
+	instead of L^=((..)|(..)|(..)..  This should save a register at
+	least.
+	Assember for x86.  The file to replace is des_enc.c, which is replaced
+	by one of the assembler files found in asm.  Look at des/asm/readme
+	for more info.
+
+	/* Modification to fcrypt so it can be compiled to support
+	HPUX 10.x's long password format, define -DLONGCRYPT to use this.
+	Thanks to Jens Kupferschmidt <bt1cu@hpboot.rz.uni-leipzig.de>. */
+
+	SIGWINCH case put in des_read_passwd() so the function does not
+	'exit' if this function is recieved.
+
+Version 3.25 17/07/96
+	Modified read_pwd.c so that stdin can be read if not a tty.
+	Thanks to Jeff Barber <jeffb@issl.atl.hp.com> for the patches.
+	des_init_random_number_generator() shortened due to VMS linker
+	limits.
+	Added RSA's DESX cbc mode.  It is a form of cbc encryption, with 2
+	8 byte quantites xored before and after encryption.
+	des_xcbc_encryption() - the name is funny to preserve the des_
+	prefix on all functions.
+
+Version 3.24 20/04/96
+	The DES_PTR macro option checked and used by SSLeay configuration
+
+Version 3.23 11/04/96
+	Added DES_LONG.  If defined to 'unsigned int' on the DEC Alpha,
+	it gives a %20 speedup :-)
+	Fixed the problem with des.pl under perl5.  The patches were
+	sent by Ed Kubaitis (ejk@uiuc.edu).
+	if fcrypt.c, changed values to handle illegal salt values the way
+	normal crypt() implementations do.  Some programs apparently use
+	them :-(. The patch was sent by Bjorn Gronvall <bg@sics.se>
+
+Version 3.22 29/11/95
+	Bug in des(1), an error with the uuencoding stuff when the
+	'data' is small, thanks to Geoff Keating <keagchon@mehta.anu.edu.au>
+	for the patch.
+
+Version 3.21 22/11/95
+	After some emailing back and forth with 
+	Colin Plumb <colin@nyx10.cs.du.edu>, I've tweaked a few things
+	and in a future version I will probably put in some of the
+	optimisation he suggested for use with the DES_USE_PTR option.
+	Extra routines from Mark Murray <mark@grondar.za> for use in
+	freeBSD.  They mostly involve random number generation for use
+	with kerberos.  They involve evil machine specific system calls
+	etc so I would normally suggest pushing this stuff into the
+	application and/or using RAND_seed()/RAND_bytes() if you are
+	using this DES library as part of SSLeay.
+	Redone the read_pw() function so that it is cleaner and
+	supports termios, thanks to Sameer Parekh <sameer@c2.org>
+	for the initial patches for this.
+	Renamed 3ecb_encrypt() to ecb3_encrypt().  This has been
+	 done just to make things more consistent.
+	I have also now added triple DES versions of cfb and ofb.
+
+Version 3.20
+	Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com,
+	my des_random_seed() function was only copying 4 bytes of the
+	passed seed into the init structure.  It is now fixed to copy 8.
+	My own suggestion is to used something like MD5 :-)
+
+Version 3.19 
+	While looking at my code one day, I though, why do I keep on
+	calling des_encrypt(in,out,ks,enc) when every function that
+	calls it has in and out the same.  So I dropped the 'out'
+	parameter, people should not be using this function.
+
+Version 3.18 30/08/95
+	Fixed a few bit with the distribution and the filenames.
+	3.17 had been munged via a move to DOS and back again.
+	NO CODE CHANGES
+
+Version 3.17 14/07/95
+	Fixed ede3 cbc which I had broken in 3.16.  I have also
+	removed some unneeded variables in 7-8 of the routines.
+
+Version 3.16 26/06/95
+	Added des_encrypt2() which does not use IP/FP, used by triple
+	des routines.  Tweaked things a bit elsewhere. %13 speedup on
+	sparc and %6 on a R4400 for ede3 cbc mode.
+
+Version 3.15 06/06/95
+	Added des_ncbc_encrypt(), it is des_cbc mode except that it is
+	'normal' and copies the new iv value back over the top of the
+	passed parameter.
+	CHANGED des_ede3_cbc_encrypt() so that it too now overwrites
+	the iv.  THIS WILL BREAK EXISTING CODE, but since this function
+	only new, I feel I can change it, not so with des_cbc_encrypt :-(.
+	I need to update the documentation.
+
+Version 3.14 31/05/95
+	New release upon the world, as part of my SSL implementation.
+	New copyright and usage stuff.  Basically free for all to use
+	as long as you say it came from me :-)
+
+Version 3.13 31/05/95
+	A fix in speed.c, if HZ is not defined, I set it to 100.0
+	which is reasonable for most unixes except SunOS 4.x.
+	I now have a #ifdef sun but timing for SunOS 4.x looked very
+	good :-(.  At my last job where I used SunOS 4.x, it was
+	defined to be 60.0 (look at the old INSTALL documentation), at
+	the last release had it changed to 100.0 since I now work with
+	Solaris2 and SVR4 boxes.
+	Thanks to  Rory Chisholm <rchishol@math.ethz.ch> for pointing this
+	one out.
+
+Version 3.12 08/05/95
+	As pointed out by The Crypt Keeper <tck@bend.UCSD.EDU>,
+	my D_ENCRYPT macro in crypt() had an un-necessary variable.
+	It has been removed.
+
+Version 3.11 03/05/95
+	Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys
+	and one iv.  It is a standard and I needed it for my SSL code.
+	It makes more sense to use this for triple DES than
+	3cbc_encrypt().  I have also added (or should I say tested :-)
+	cfb64_encrypt() which is cfb64 but it will encrypt a partial
+	number of bytes - 3 bytes in 3 bytes out.  Again this is for
+	my SSL library, as a form of encryption to use with SSL
+	telnet.
+
+Version 3.10 22/03/95
+	Fixed a bug in 3cbc_encrypt() :-(.  When making repeated calls
+	to cbc3_encrypt, the 2 iv values that were being returned to
+	be used in the next call were reversed :-(.
+	Many thanks to Bill Wade <wade@Stoner.COM> for pointing out
+	this error.
+
+Version 3.09 01/02/95
+	Fixed des_random_key to far more random, it was rather feeble
+	with regards to picking the initial seed.  The problem was
+	pointed out by Olaf Kirch <okir@monad.swb.de>.
+
+Version 3.08 14/12/94
+	Added Makefile.PL so libdes can be built into perl5.
+	Changed des_locl.h so RAND is always defined.
+
+Version 3.07 05/12/94
+	Added GNUmake and stuff so the library can be build with
+	glibc.
+
+Version 3.06 30/08/94
+	Added rpc_enc.c which contains _des_crypt.  This is for use in
+	secure_rpc v 4.0
+	Finally fixed the cfb_enc problems.
+	Fixed a few parameter parsing bugs in des (-3 and -b), thanks
+	to Rob McMillan <R.McMillan@its.gu.edu.au>
+
+Version 3.05 21/04/94
+	for unsigned long l; gcc does not produce ((l>>34) == 0)
+	This causes bugs in cfb_enc.
+	Thanks to Hadmut Danisch <danisch@ira.uka.de>
+
+Version 3.04 20/04/94
+	Added a version number to des.c and libdes.a
+
+Version 3.03 12/01/94
+	Fixed a bug in non zero iv in 3cbc_enc.
+
+Version 3.02 29/10/93
+	I now work in a place where there are 6+ architectures and 14+
+	OS versions :-).
+	Fixed TERMIO definition so the most sys V boxes will work :-)
+
+Release upon comp.sources.misc
+Version 3.01 08/10/93
+	Added des_3cbc_encrypt()
+
+Version 3.00 07/10/93
+	Fixed up documentation.
+	quad_cksum definitely compatible with MIT's now.
+
+Version 2.30 24/08/93
+	Triple DES now defaults to triple cbc but can do triple ecb
+	 with the -b flag.
+	Fixed some MSDOS uuen/uudecoding problems, thanks to
+	Added prototypes.
+	
+Version 2.22 29/06/93
+	Fixed a bug in des_is_weak_key() which stopped it working :-(
+	thanks to engineering@MorningStar.Com.
+
+Version 2.21 03/06/93
+	des(1) with no arguments gives quite a bit of help.
+	Added -c (generate ckecksum) flag to des(1).
+	Added -3 (triple DES) flag to des(1).
+	Added cfb and ofb routines to the library.
+
+Version 2.20 11/03/93
+	Added -u (uuencode) flag to des(1).
+	I have been playing with byte order in quad_cksum to make it
+	 compatible with MIT's version.  All I can say is avid this
+	 function if possible since MIT's output is endian dependent.
+
+Version 2.12 14/10/92
+	Added MSDOS specific macro in ecb_encrypt which gives a %70
+	 speed up when the code is compiled with turbo C.
+
+Version 2.11 12/10/92
+	Speedup in set_key (recoding of PC-1)
+	 I now do it in 47 simple operations, down from 60.
+	 Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+	 for motivating me to look for a faster system :-)
+	 The speedup is probably less that 1% but it is still 13
+	 instructions less :-).
+
+Version 2.10 06/10/92
+	The code now works on the 64bit ETA10 and CRAY without modifications or
+	 #defines.  I believe the code should work on any machine that
+	 defines long, int or short to be 8 bytes long.
+	Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu)
+	 for helping me fix the code to run on 64bit machines (he had
+	 access to an ETA10).
+	Thanks also to John Fletcher <john_fletcher@lccmail.ocf.llnl.gov>
+	 for testing the routines on a CRAY.
+	read_password.c has been renamed to read_passwd.c
+	string_to_key.c has been renamed to string2key.c
+
+Version 2.00 14/09/92
+	Made mods so that the library should work on 64bit CPU's.
+	Removed all my uchar and ulong defs.  To many different
+	 versions of unix define them in their header files in too many
+	 different combinations :-)
+	IRIX - Sillicon Graphics mods (mostly in read_password.c).
+	 Thanks to Andrew Daviel (advax@erich.triumf.ca)
+
+Version 1.99 26/08/92
+	Fixed a bug or 2 in enc_read.c
+	Fixed a bug in enc_write.c
+	Fixed a pseudo bug in fcrypt.c (very obscure).
+
+Version 1.98 31/07/92
+	Support for the ETA10.  This is a strange machine that defines
+	longs and ints as 8 bytes and shorts as 4 bytes.
+	Since I do evil things with long * that assume that they are 4
+	bytes.  Look in the Makefile for the option to compile for
+	this machine.  quad_cksum appears to have problems but I
+	will don't have the time to fix it right now, and this is not
+	a function that uses DES and so will not effect the main uses
+	of the library.
+
+Version 1.97 20/05/92 eay
+	Fixed the Imakefile and made some changes to des.h to fix some
+	problems when building this package with Kerberos v 4.
+
+Version 1.96 18/05/92 eay
+	Fixed a small bug in string_to_key() where problems could
+	occur if des_check_key was set to true and the string
+	generated a weak key.
+
+Patch2 posted to comp.sources.misc
+Version 1.95 13/05/92 eay
+	Added an alternative version of the D_ENCRYPT macro in
+	ecb_encrypt and fcrypt.  Depending on the compiler, one version or the
+	other will be faster.  This was inspired by 
+	Dana How <how@isl.stanford.edu>, and her pointers about doing the
+	*(ulong *)((uchar *)ptr+(value&0xfc))
+	vs
+	ptr[value&0x3f]
+	to stop the C compiler doing a <<2 to convert the long array index.
+
+Version 1.94 05/05/92 eay
+	Fixed an incompatibility between my string_to_key and the MIT
+	 version.  When the key is longer than 8 chars, I was wrapping
+	 with a different method.  To use the old version, define
+	 OLD_STR_TO_KEY in the makefile.  Thanks to
+	 viktor@newsu.shearson.com (Viktor Dukhovni).
+
+Version 1.93 28/04/92 eay
+	Fixed the VMS mods so that echo is now turned off in
+	 read_password.  Thanks again to brennan@coco.cchs.su.oz.AU.
+	MSDOS support added.  The routines can be compiled with
+	 Turbo C (v2.0) and MSC (v5.1).  Make sure MSDOS is defined.
+
+Patch1 posted to comp.sources.misc
+Version 1.92 13/04/92 eay
+	Changed D_ENCRYPT so that the rotation of R occurs outside of
+	 the loop.  This required rotating all the longs in sp.h (now
+	 called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+	speed.c has been changed so it will work without SIGALRM.  If
+	 times(3) is not present it will try to use ftime() instead.
+
+Version 1.91 08/04/92 eay
+	Added -E/-D options to des(1) so it can use string_to_key.
+	Added SVR4 mods suggested by witr@rwwa.COM
+	Added VMS mods suggested by brennan@coco.cchs.su.oz.AU.  If
+	anyone knows how to turn of tty echo in VMS please tell me or
+	implement it yourself :-).
+	Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS
+	does not like IN/OUT being used.
+
+Libdes posted to comp.sources.misc
+Version 1.9 24/03/92 eay
+	Now contains a fast small crypt replacement.
+	Added des(1) command.
+	Added des_rw_mode so people can use cbc encryption with
+	enc_read and enc_write.
+
+Version 1.8 15/10/91 eay
+	Bug in cbc_cksum.
+	Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this
+	one out.
+
+Version 1.7 24/09/91 eay
+	Fixed set_key :-)
+	set_key is 4 times faster and takes less space.
+	There are a few minor changes that could be made.
+
+Version 1.6 19/09/1991 eay
+	Finally go IP and FP finished.
+	Now I need to fix set_key.
+	This version is quite a bit faster that 1.51
+
+Version 1.52 15/06/1991 eay
+	20% speedup in ecb_encrypt by changing the E bit selection
+	to use 2 32bit words.  This also required modification of the
+	sp table.  There is still a way to speedup the IP and IP-1
+	(hints from outer@sq.com) still working on this one :-(.
+
+Version 1.51 07/06/1991 eay
+	Faster des_encrypt by loop unrolling
+	Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu)
+
+Version 1.50 28/05/1991 eay
+	Optimised the code a bit more for the sparc.  I have improved the
+	speed of the inner des_encrypt by speeding up the initial and
+	final permutations.
+
+Version 1.40 23/10/1990 eay
+	Fixed des_random_key, it did not produce a random key :-(
+
+Version 1.30  2/10/1990 eay
+	Have made des_quad_cksum the same as MIT's, the full package
+	should be compatible with MIT's
+	Have tested on a DECstation 3100
+	Still need to fix des_set_key (make it faster).
+	Does des_cbc_encrypts at 70.5k/sec on a 3100.
+
+Version 1.20 18/09/1990 eay
+	Fixed byte order dependencies.
+	Fixed (I hope) all the word alignment problems.
+	Speedup in des_ecb_encrypt.
+
+Version 1.10 11/09/1990 eay
+	Added des_enc_read and des_enc_write.
+	Still need to fix des_quad_cksum.
+	Still need to document des_enc_read and des_enc_write.
+
+Version 1.00 27/08/1990 eay
+
diff --git a/crypto/libdes/asm/crypt586.pl b/crypto/libdes/asm/crypt586.pl
new file mode 100644
index 0000000..197c413
--- /dev/null
+++ b/crypto/libdes/asm/crypt586.pl
@@ -0,0 +1,204 @@
+#!/usr/local/bin/perl
+#
+# The inner loop instruction sequence and the IP/FP modifications are from
+# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+# I've added the stuff needed for crypt() but I've not worried about making
+# things perfect.
+#
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],"crypt586.pl");
+
+$L="edi";
+$R="esi";
+
+&external_label("des_SPtrans");
+&fcrypt_body("fcrypt_body");
+&asm_finish();
+
+sub fcrypt_body
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin($name,"EXTRN   _des_SPtrans:DWORD");
+
+	&comment("");
+	&comment("Load the 2 words");
+	$ks="ebp";
+
+	&xor(	$L,	$L);
+	&xor(	$R,	$R);
+	&mov($ks,&wparam(1));
+
+	&push(&DWC(25)); # add a variable
+
+	&set_label("start");
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+	 &mov("ebx",	&swtmp(0));
+	&mov("eax",	$L);
+	 &dec("ebx");
+	&mov($L,	$R);
+	 &mov($R,	"eax");
+	&mov(&swtmp(0),	"ebx");
+	 &jnz(&label("start"));
+
+	&comment("");
+	&comment("FP");
+	&mov("edx",&wparam(0));
+
+	&FP_new($R,$L,"eax",3);
+	&mov(&DWP(0,"edx","",0),"eax");
+	&mov(&DWP(4,"edx","",0),$L);
+
+	&pop("ecx");	# remove variable
+
+	&function_end($name);
+	}
+
+sub D_ENCRYPT
+	{
+	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
+
+	&mov(	$u,		&wparam(2));			# 2
+	&mov(	$t,		$R);
+	&shr(	$t,		16);				# 1
+	&mov(	$tmp2,		&wparam(3));			# 2
+	&xor(	$t,		$R);				# 1
+
+	&and(	$u,		$t);				# 2
+	&and(	$t,		$tmp2);				# 2
+
+	&mov(	$tmp1,		$u);
+	&shl(	$tmp1,		16); 				# 1
+	&mov(	$tmp2,		$t);
+	&shl(	$tmp2,		16); 				# 1
+	&xor(	$u,		$tmp1);				# 2
+	&xor(	$t,		$tmp2);				# 2
+	&mov(	$tmp1,		&DWP(&n2a($S*4),$ks,"",0));	# 2
+	&xor(	$u,		$tmp1);
+	&mov(	$tmp2,		&DWP(&n2a(($S+1)*4),$ks,"",0));	# 2
+	&xor(	$u,		$R);
+	&xor(	$t,		$R);
+	&xor(	$t,		$tmp2);
+
+	&and(	$u,		"0xfcfcfcfc"	);		# 2
+	&xor(	$tmp1,		$tmp1);				# 1
+	&and(	$t,		"0xcfcfcfcf"	);		# 2
+	&xor(	$tmp2,		$tmp2);	
+	&movb(	&LB($tmp1),	&LB($u)	);
+	&movb(	&LB($tmp2),	&HB($u)	);
+	&rotr(	$t,		4		);
+	&mov(	$ks,		&DWP("      $desSP",$tmp1,"",0));
+	&movb(	&LB($tmp1),	&LB($t)	);
+	&xor(	$L,		$ks);
+	&mov(	$ks,		&DWP("0x200+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks);
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&shr(	$u,		16);
+	&mov(	$ks,		&DWP("0x100+$desSP",$tmp1,"",0));
+	&xor(	$L,		$ks); 
+	&movb(	&LB($tmp1),	&HB($u)	);
+	&shr(	$t,		16);
+	&mov(	$ks,		&DWP("0x300+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks);
+	&mov(	$ks,		&wparam(1));
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&and(	$u,		"0xff"	);
+	&and(	$t,		"0xff"	);
+	&mov(	$tmp1,		&DWP("0x600+$desSP",$tmp1,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x700+$desSP",$tmp2,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x400+$desSP",$u,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x500+$desSP",$t,"",0));
+	&xor(	$L,		$tmp1);
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask,$last)=@_;
+
+	&rotl(	$a,		$shift		) if ($shift != 0);
+	&mov(	$tt,		$a		);
+	&xor(	$a,		$b		);
+	&and(	$a,		$mask		);
+	if ($notlast eq $b)
+		{
+		&xor(	$b,		$a		);
+		&xor(	$tt,		$a		);
+		}
+	else
+		{
+		&xor(	$tt,		$a		);
+		&xor(	$b,		$a		);
+		}
+	&comment("");
+	}
+
+sub IP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
+	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+	
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotr($tt,	3-$lr); }
+		else	{ &rotl($tt,	$lr-3); }
+		}
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotr($r,	2-$lr); }
+		else	{ &rotl($r,	$lr-2); }
+		}
+	}
+
+sub FP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotl($r,	2-$lr); }
+		else	{ &rotr($r,	$lr-2); }
+		}
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotl($l,	3-$lr); }
+		else	{ &rotr($l,	$lr-3); }
+		}
+
+	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
+	&rotr($tt	, 4);
+	}
+
diff --git a/crypto/libdes/asm/d-win32.asm b/crypto/libdes/asm/d-win32.asm
new file mode 100644
index 0000000..9e3dc9c
--- /dev/null
+++ b/crypto/libdes/asm/d-win32.asm
@@ -0,0 +1,3132 @@
+	; Don't even think of reading this code
+	; It was automatically generated by des-586.pl
+	; Which is a perl program used to generate the x86 assember for
+	; any of elf, a.out, BSDI,Win32, or Solaris
+	; eric <eay@cryptsoft.com>
+	; 
+	TITLE	des-586.asm
+        .386
+.model FLAT
+_TEXT	SEGMENT
+PUBLIC	_des_encrypt
+EXTRN   _des_SPtrans:DWORD
+_des_encrypt PROC NEAR
+	push	esi
+	push	edi
+	; 
+	; Load the 2 words
+	mov	esi,		DWORD PTR 12[esp]
+	xor	ecx,		ecx
+	push	ebx
+	push	ebp
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 28[esp]
+	mov	edi,		DWORD PTR 4[esi]
+	; 
+	; IP
+	rol	eax,		4
+	mov	esi,		eax
+	xor	eax,		edi
+	and	eax,		0f0f0f0f0h
+	xor	esi,		eax
+	xor	edi,		eax
+	; 
+	rol	edi,		20
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		0fff0000fh
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	eax,		14
+	mov	edi,		eax
+	xor	eax,		esi
+	and	eax,		033333333h
+	xor	edi,		eax
+	xor	esi,		eax
+	; 
+	rol	esi,		22
+	mov	eax,		esi
+	xor	esi,		edi
+	and	esi,		003fc03fch
+	xor	eax,		esi
+	xor	edi,		esi
+	; 
+	rol	eax,		9
+	mov	esi,		eax
+	xor	eax,		edi
+	and	eax,		0aaaaaaaah
+	xor	esi,		eax
+	xor	edi,		eax
+	; 
+	rol	edi,		1
+	mov	ebp,		DWORD PTR 24[esp]
+	cmp	ebx,		0
+	je	$L000start_decrypt
+	; 
+	; Round 0
+	mov	eax,		DWORD PTR [ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 4[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 1
+	mov	eax,		DWORD PTR 8[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 12[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 2
+	mov	eax,		DWORD PTR 16[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 20[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 3
+	mov	eax,		DWORD PTR 24[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 28[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 4
+	mov	eax,		DWORD PTR 32[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 36[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 5
+	mov	eax,		DWORD PTR 40[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 44[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 6
+	mov	eax,		DWORD PTR 48[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 52[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 7
+	mov	eax,		DWORD PTR 56[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 60[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 8
+	mov	eax,		DWORD PTR 64[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 68[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 9
+	mov	eax,		DWORD PTR 72[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 76[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 10
+	mov	eax,		DWORD PTR 80[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 84[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 11
+	mov	eax,		DWORD PTR 88[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 92[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 12
+	mov	eax,		DWORD PTR 96[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 100[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 13
+	mov	eax,		DWORD PTR 104[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 108[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 14
+	mov	eax,		DWORD PTR 112[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 116[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 15
+	mov	eax,		DWORD PTR 120[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 124[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	jmp	$L001end
+$L000start_decrypt:
+	; 
+	; Round 15
+	mov	eax,		DWORD PTR 120[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 124[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 14
+	mov	eax,		DWORD PTR 112[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 116[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 13
+	mov	eax,		DWORD PTR 104[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 108[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 12
+	mov	eax,		DWORD PTR 96[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 100[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 11
+	mov	eax,		DWORD PTR 88[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 92[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 10
+	mov	eax,		DWORD PTR 80[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 84[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 9
+	mov	eax,		DWORD PTR 72[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 76[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 8
+	mov	eax,		DWORD PTR 64[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 68[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 7
+	mov	eax,		DWORD PTR 56[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 60[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 6
+	mov	eax,		DWORD PTR 48[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 52[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 5
+	mov	eax,		DWORD PTR 40[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 44[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 4
+	mov	eax,		DWORD PTR 32[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 36[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 3
+	mov	eax,		DWORD PTR 24[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 28[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 2
+	mov	eax,		DWORD PTR 16[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 20[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 1
+	mov	eax,		DWORD PTR 8[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 12[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 0
+	mov	eax,		DWORD PTR [ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 4[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+$L001end:
+	; 
+	; FP
+	mov	edx,		DWORD PTR 20[esp]
+	ror	esi,		1
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		0aaaaaaaah
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	eax,		23
+	mov	edi,		eax
+	xor	eax,		esi
+	and	eax,		003fc03fch
+	xor	edi,		eax
+	xor	esi,		eax
+	; 
+	rol	edi,		10
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		033333333h
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	esi,		18
+	mov	edi,		esi
+	xor	esi,		eax
+	and	esi,		0fff0000fh
+	xor	edi,		esi
+	xor	eax,		esi
+	; 
+	rol	edi,		12
+	mov	esi,		edi
+	xor	edi,		eax
+	and	edi,		0f0f0f0f0h
+	xor	esi,		edi
+	xor	eax,		edi
+	; 
+	ror	eax,		4
+	mov	DWORD PTR [edx],eax
+	mov	DWORD PTR 4[edx],esi
+	pop	ebp
+	pop	ebx
+	pop	edi
+	pop	esi
+	ret
+_des_encrypt ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_des_encrypt2
+EXTRN   _des_SPtrans:DWORD
+_des_encrypt2 PROC NEAR
+	push	esi
+	push	edi
+	; 
+	; Load the 2 words
+	mov	eax,		DWORD PTR 12[esp]
+	xor	ecx,		ecx
+	push	ebx
+	push	ebp
+	mov	esi,		DWORD PTR [eax]
+	mov	ebx,		DWORD PTR 28[esp]
+	rol	esi,		3
+	mov	edi,		DWORD PTR 4[eax]
+	rol	edi,		3
+	mov	ebp,		DWORD PTR 24[esp]
+	cmp	ebx,		0
+	je	$L002start_decrypt
+	; 
+	; Round 0
+	mov	eax,		DWORD PTR [ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 4[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 1
+	mov	eax,		DWORD PTR 8[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 12[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 2
+	mov	eax,		DWORD PTR 16[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 20[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 3
+	mov	eax,		DWORD PTR 24[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 28[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 4
+	mov	eax,		DWORD PTR 32[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 36[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 5
+	mov	eax,		DWORD PTR 40[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 44[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 6
+	mov	eax,		DWORD PTR 48[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 52[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 7
+	mov	eax,		DWORD PTR 56[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 60[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 8
+	mov	eax,		DWORD PTR 64[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 68[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 9
+	mov	eax,		DWORD PTR 72[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 76[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 10
+	mov	eax,		DWORD PTR 80[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 84[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 11
+	mov	eax,		DWORD PTR 88[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 92[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 12
+	mov	eax,		DWORD PTR 96[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 100[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 13
+	mov	eax,		DWORD PTR 104[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 108[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 14
+	mov	eax,		DWORD PTR 112[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 116[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 15
+	mov	eax,		DWORD PTR 120[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 124[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	jmp	$L003end
+$L002start_decrypt:
+	; 
+	; Round 15
+	mov	eax,		DWORD PTR 120[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 124[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 14
+	mov	eax,		DWORD PTR 112[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 116[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 13
+	mov	eax,		DWORD PTR 104[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 108[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 12
+	mov	eax,		DWORD PTR 96[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 100[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 11
+	mov	eax,		DWORD PTR 88[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 92[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 10
+	mov	eax,		DWORD PTR 80[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 84[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 9
+	mov	eax,		DWORD PTR 72[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 76[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 8
+	mov	eax,		DWORD PTR 64[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 68[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 7
+	mov	eax,		DWORD PTR 56[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 60[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 6
+	mov	eax,		DWORD PTR 48[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 52[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 5
+	mov	eax,		DWORD PTR 40[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 44[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 4
+	mov	eax,		DWORD PTR 32[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 36[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 3
+	mov	eax,		DWORD PTR 24[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 28[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 2
+	mov	eax,		DWORD PTR 16[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 20[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 1
+	mov	eax,		DWORD PTR 8[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 12[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 0
+	mov	eax,		DWORD PTR [ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 4[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+$L003end:
+	; 
+	; Fixup
+	ror	edi,		3
+	mov	eax,		DWORD PTR 20[esp]
+	ror	esi,		3
+	mov	DWORD PTR [eax],edi
+	mov	DWORD PTR 4[eax],esi
+	pop	ebp
+	pop	ebx
+	pop	edi
+	pop	esi
+	ret
+_des_encrypt2 ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_des_encrypt3
+
+_des_encrypt3 PROC NEAR
+	push	ebx
+	mov	ebx,		DWORD PTR 8[esp]
+	push	ebp
+	push	esi
+	push	edi
+	; 
+	; Load the data words
+	mov	edi,		DWORD PTR [ebx]
+	mov	esi,		DWORD PTR 4[ebx]
+	sub	esp,		12
+	; 
+	; IP
+	rol	edi,		4
+	mov	edx,		edi
+	xor	edi,		esi
+	and	edi,		0f0f0f0f0h
+	xor	edx,		edi
+	xor	esi,		edi
+	; 
+	rol	esi,		20
+	mov	edi,		esi
+	xor	esi,		edx
+	and	esi,		0fff0000fh
+	xor	edi,		esi
+	xor	edx,		esi
+	; 
+	rol	edi,		14
+	mov	esi,		edi
+	xor	edi,		edx
+	and	edi,		033333333h
+	xor	esi,		edi
+	xor	edx,		edi
+	; 
+	rol	edx,		22
+	mov	edi,		edx
+	xor	edx,		esi
+	and	edx,		003fc03fch
+	xor	edi,		edx
+	xor	esi,		edx
+	; 
+	rol	edi,		9
+	mov	edx,		edi
+	xor	edi,		esi
+	and	edi,		0aaaaaaaah
+	xor	edx,		edi
+	xor	esi,		edi
+	; 
+	ror	edx,		3
+	ror	esi,		2
+	mov	DWORD PTR 4[ebx],esi
+	mov	eax,		DWORD PTR 36[esp]
+	mov	DWORD PTR [ebx],edx
+	mov	edi,		DWORD PTR 40[esp]
+	mov	esi,		DWORD PTR 44[esp]
+	mov	DWORD PTR 8[esp],1
+	mov	DWORD PTR 4[esp],eax
+	mov	DWORD PTR [esp],ebx
+	call	_des_encrypt2
+	mov	DWORD PTR 8[esp],0
+	mov	DWORD PTR 4[esp],edi
+	mov	DWORD PTR [esp],ebx
+	call	_des_encrypt2
+	mov	DWORD PTR 8[esp],1
+	mov	DWORD PTR 4[esp],esi
+	mov	DWORD PTR [esp],ebx
+	call	_des_encrypt2
+	add	esp,		12
+	mov	edi,		DWORD PTR [ebx]
+	mov	esi,		DWORD PTR 4[ebx]
+	; 
+	; FP
+	rol	esi,		2
+	rol	edi,		3
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		0aaaaaaaah
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	eax,		23
+	mov	edi,		eax
+	xor	eax,		esi
+	and	eax,		003fc03fch
+	xor	edi,		eax
+	xor	esi,		eax
+	; 
+	rol	edi,		10
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		033333333h
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	esi,		18
+	mov	edi,		esi
+	xor	esi,		eax
+	and	esi,		0fff0000fh
+	xor	edi,		esi
+	xor	eax,		esi
+	; 
+	rol	edi,		12
+	mov	esi,		edi
+	xor	edi,		eax
+	and	edi,		0f0f0f0f0h
+	xor	esi,		edi
+	xor	eax,		edi
+	; 
+	ror	eax,		4
+	mov	DWORD PTR [ebx],eax
+	mov	DWORD PTR 4[ebx],esi
+	pop	edi
+	pop	esi
+	pop	ebp
+	pop	ebx
+	ret
+_des_encrypt3 ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_des_decrypt3
+
+_des_decrypt3 PROC NEAR
+	push	ebx
+	mov	ebx,		DWORD PTR 8[esp]
+	push	ebp
+	push	esi
+	push	edi
+	; 
+	; Load the data words
+	mov	edi,		DWORD PTR [ebx]
+	mov	esi,		DWORD PTR 4[ebx]
+	sub	esp,		12
+	; 
+	; IP
+	rol	edi,		4
+	mov	edx,		edi
+	xor	edi,		esi
+	and	edi,		0f0f0f0f0h
+	xor	edx,		edi
+	xor	esi,		edi
+	; 
+	rol	esi,		20
+	mov	edi,		esi
+	xor	esi,		edx
+	and	esi,		0fff0000fh
+	xor	edi,		esi
+	xor	edx,		esi
+	; 
+	rol	edi,		14
+	mov	esi,		edi
+	xor	edi,		edx
+	and	edi,		033333333h
+	xor	esi,		edi
+	xor	edx,		edi
+	; 
+	rol	edx,		22
+	mov	edi,		edx
+	xor	edx,		esi
+	and	edx,		003fc03fch
+	xor	edi,		edx
+	xor	esi,		edx
+	; 
+	rol	edi,		9
+	mov	edx,		edi
+	xor	edi,		esi
+	and	edi,		0aaaaaaaah
+	xor	edx,		edi
+	xor	esi,		edi
+	; 
+	ror	edx,		3
+	ror	esi,		2
+	mov	DWORD PTR 4[ebx],esi
+	mov	esi,		DWORD PTR 36[esp]
+	mov	DWORD PTR [ebx],edx
+	mov	edi,		DWORD PTR 40[esp]
+	mov	eax,		DWORD PTR 44[esp]
+	mov	DWORD PTR 8[esp],0
+	mov	DWORD PTR 4[esp],eax
+	mov	DWORD PTR [esp],ebx
+	call	_des_encrypt2
+	mov	DWORD PTR 8[esp],1
+	mov	DWORD PTR 4[esp],edi
+	mov	DWORD PTR [esp],ebx
+	call	_des_encrypt2
+	mov	DWORD PTR 8[esp],0
+	mov	DWORD PTR 4[esp],esi
+	mov	DWORD PTR [esp],ebx
+	call	_des_encrypt2
+	add	esp,		12
+	mov	edi,		DWORD PTR [ebx]
+	mov	esi,		DWORD PTR 4[ebx]
+	; 
+	; FP
+	rol	esi,		2
+	rol	edi,		3
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		0aaaaaaaah
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	eax,		23
+	mov	edi,		eax
+	xor	eax,		esi
+	and	eax,		003fc03fch
+	xor	edi,		eax
+	xor	esi,		eax
+	; 
+	rol	edi,		10
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		033333333h
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	esi,		18
+	mov	edi,		esi
+	xor	esi,		eax
+	and	esi,		0fff0000fh
+	xor	edi,		esi
+	xor	eax,		esi
+	; 
+	rol	edi,		12
+	mov	esi,		edi
+	xor	edi,		eax
+	and	edi,		0f0f0f0f0h
+	xor	esi,		edi
+	xor	eax,		edi
+	; 
+	ror	eax,		4
+	mov	DWORD PTR [ebx],eax
+	mov	DWORD PTR 4[ebx],esi
+	pop	edi
+	pop	esi
+	pop	ebp
+	pop	ebx
+	ret
+_des_decrypt3 ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_des_ncbc_encrypt
+
+_des_ncbc_encrypt PROC NEAR
+	; 
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	mov	ebp,		DWORD PTR 28[esp]
+	; getting iv ptr from parameter 4
+	mov	ebx,		DWORD PTR 36[esp]
+	mov	esi,		DWORD PTR [ebx]
+	mov	edi,		DWORD PTR 4[ebx]
+	push	edi
+	push	esi
+	push	edi
+	push	esi
+	mov	ebx,		esp
+	mov	esi,		DWORD PTR 36[esp]
+	mov	edi,		DWORD PTR 40[esp]
+	; getting encrypt flag from parameter 5
+	mov	ecx,		DWORD PTR 56[esp]
+	; get and push parameter 5
+	push	ecx
+	; get and push parameter 3
+	mov	eax,		DWORD PTR 52[esp]
+	push	eax
+	push	ebx
+	cmp	ecx,		0
+	jz	$L004decrypt
+	and	ebp,		4294967288
+	mov	eax,		DWORD PTR 12[esp]
+	mov	ebx,		DWORD PTR 16[esp]
+	jz	$L005encrypt_finish
+L006encrypt_loop:
+	mov	ecx,		DWORD PTR [esi]
+	mov	edx,		DWORD PTR 4[esi]
+	xor	eax,		ecx
+	xor	ebx,		edx
+	mov	DWORD PTR 12[esp],eax
+	mov	DWORD PTR 16[esp],ebx
+	call	_des_encrypt
+	mov	eax,		DWORD PTR 12[esp]
+	mov	ebx,		DWORD PTR 16[esp]
+	mov	DWORD PTR [edi],eax
+	mov	DWORD PTR 4[edi],ebx
+	add	esi,		8
+	add	edi,		8
+	sub	ebp,		8
+	jnz	L006encrypt_loop
+$L005encrypt_finish:
+	mov	ebp,		DWORD PTR 56[esp]
+	and	ebp,		7
+	jz	$L007finish
+	xor	ecx,		ecx
+	xor	edx,		edx
+	mov	ebp,		DWORD PTR $L008cbc_enc_jmp_table[ebp*4]
+	jmp	 ebp
+L009ej7:
+	mov	dh,		BYTE PTR 6[esi]
+	shl	edx,		8
+L010ej6:
+	mov	dh,		BYTE PTR 5[esi]
+L011ej5:
+	mov	dl,		BYTE PTR 4[esi]
+L012ej4:
+	mov	ecx,		DWORD PTR [esi]
+	jmp	$L013ejend
+L014ej3:
+	mov	ch,		BYTE PTR 2[esi]
+	shl	ecx,		8
+L015ej2:
+	mov	ch,		BYTE PTR 1[esi]
+L016ej1:
+	mov	cl,		BYTE PTR [esi]
+$L013ejend:
+	xor	eax,		ecx
+	xor	ebx,		edx
+	mov	DWORD PTR 12[esp],eax
+	mov	DWORD PTR 16[esp],ebx
+	call	_des_encrypt
+	mov	eax,		DWORD PTR 12[esp]
+	mov	ebx,		DWORD PTR 16[esp]
+	mov	DWORD PTR [edi],eax
+	mov	DWORD PTR 4[edi],ebx
+	jmp	$L007finish
+$L004decrypt:
+	and	ebp,		4294967288
+	mov	eax,		DWORD PTR 20[esp]
+	mov	ebx,		DWORD PTR 24[esp]
+	jz	$L017decrypt_finish
+L018decrypt_loop:
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	mov	DWORD PTR 12[esp],eax
+	mov	DWORD PTR 16[esp],ebx
+	call	_des_encrypt
+	mov	eax,		DWORD PTR 12[esp]
+	mov	ebx,		DWORD PTR 16[esp]
+	mov	ecx,		DWORD PTR 20[esp]
+	mov	edx,		DWORD PTR 24[esp]
+	xor	ecx,		eax
+	xor	edx,		ebx
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	mov	DWORD PTR [edi],ecx
+	mov	DWORD PTR 4[edi],edx
+	mov	DWORD PTR 20[esp],eax
+	mov	DWORD PTR 24[esp],ebx
+	add	esi,		8
+	add	edi,		8
+	sub	ebp,		8
+	jnz	L018decrypt_loop
+$L017decrypt_finish:
+	mov	ebp,		DWORD PTR 56[esp]
+	and	ebp,		7
+	jz	$L007finish
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	mov	DWORD PTR 12[esp],eax
+	mov	DWORD PTR 16[esp],ebx
+	call	_des_encrypt
+	mov	eax,		DWORD PTR 12[esp]
+	mov	ebx,		DWORD PTR 16[esp]
+	mov	ecx,		DWORD PTR 20[esp]
+	mov	edx,		DWORD PTR 24[esp]
+	xor	ecx,		eax
+	xor	edx,		ebx
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+L019dj7:
+	ror	edx,		16
+	mov	BYTE PTR 6[edi],dl
+	shr	edx,		16
+L020dj6:
+	mov	BYTE PTR 5[edi],dh
+L021dj5:
+	mov	BYTE PTR 4[edi],dl
+L022dj4:
+	mov	DWORD PTR [edi],ecx
+	jmp	$L023djend
+L024dj3:
+	ror	ecx,		16
+	mov	BYTE PTR 2[edi],cl
+	shl	ecx,		16
+L025dj2:
+	mov	BYTE PTR 1[esi],ch
+L026dj1:
+	mov	BYTE PTR [esi],	cl
+$L023djend:
+	jmp	$L007finish
+$L007finish:
+	mov	ecx,		DWORD PTR 64[esp]
+	add	esp,		28
+	mov	DWORD PTR [ecx],eax
+	mov	DWORD PTR 4[ecx],ebx
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+$L008cbc_enc_jmp_table:
+	DD	0
+	DD	L016ej1
+	DD	L015ej2
+	DD	L014ej3
+	DD	L012ej4
+	DD	L011ej5
+	DD	L010ej6
+	DD	L009ej7
+L027cbc_dec_jmp_table:
+	DD	0
+	DD	L026dj1
+	DD	L025dj2
+	DD	L024dj3
+	DD	L022dj4
+	DD	L021dj5
+	DD	L020dj6
+	DD	L019dj7
+_des_ncbc_encrypt ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_des_ede3_cbc_encrypt
+
+_des_ede3_cbc_encrypt PROC NEAR
+	; 
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	mov	ebp,		DWORD PTR 28[esp]
+	; getting iv ptr from parameter 6
+	mov	ebx,		DWORD PTR 44[esp]
+	mov	esi,		DWORD PTR [ebx]
+	mov	edi,		DWORD PTR 4[ebx]
+	push	edi
+	push	esi
+	push	edi
+	push	esi
+	mov	ebx,		esp
+	mov	esi,		DWORD PTR 36[esp]
+	mov	edi,		DWORD PTR 40[esp]
+	; getting encrypt flag from parameter 7
+	mov	ecx,		DWORD PTR 64[esp]
+	; get and push parameter 5
+	mov	eax,		DWORD PTR 56[esp]
+	push	eax
+	; get and push parameter 4
+	mov	eax,		DWORD PTR 56[esp]
+	push	eax
+	; get and push parameter 3
+	mov	eax,		DWORD PTR 56[esp]
+	push	eax
+	push	ebx
+	cmp	ecx,		0
+	jz	$L028decrypt
+	and	ebp,		4294967288
+	mov	eax,		DWORD PTR 16[esp]
+	mov	ebx,		DWORD PTR 20[esp]
+	jz	$L029encrypt_finish
+L030encrypt_loop:
+	mov	ecx,		DWORD PTR [esi]
+	mov	edx,		DWORD PTR 4[esi]
+	xor	eax,		ecx
+	xor	ebx,		edx
+	mov	DWORD PTR 16[esp],eax
+	mov	DWORD PTR 20[esp],ebx
+	call	_des_encrypt3
+	mov	eax,		DWORD PTR 16[esp]
+	mov	ebx,		DWORD PTR 20[esp]
+	mov	DWORD PTR [edi],eax
+	mov	DWORD PTR 4[edi],ebx
+	add	esi,		8
+	add	edi,		8
+	sub	ebp,		8
+	jnz	L030encrypt_loop
+$L029encrypt_finish:
+	mov	ebp,		DWORD PTR 60[esp]
+	and	ebp,		7
+	jz	$L031finish
+	xor	ecx,		ecx
+	xor	edx,		edx
+	mov	ebp,		DWORD PTR $L032cbc_enc_jmp_table[ebp*4]
+	jmp	 ebp
+L033ej7:
+	mov	dh,		BYTE PTR 6[esi]
+	shl	edx,		8
+L034ej6:
+	mov	dh,		BYTE PTR 5[esi]
+L035ej5:
+	mov	dl,		BYTE PTR 4[esi]
+L036ej4:
+	mov	ecx,		DWORD PTR [esi]
+	jmp	$L037ejend
+L038ej3:
+	mov	ch,		BYTE PTR 2[esi]
+	shl	ecx,		8
+L039ej2:
+	mov	ch,		BYTE PTR 1[esi]
+L040ej1:
+	mov	cl,		BYTE PTR [esi]
+$L037ejend:
+	xor	eax,		ecx
+	xor	ebx,		edx
+	mov	DWORD PTR 16[esp],eax
+	mov	DWORD PTR 20[esp],ebx
+	call	_des_encrypt3
+	mov	eax,		DWORD PTR 16[esp]
+	mov	ebx,		DWORD PTR 20[esp]
+	mov	DWORD PTR [edi],eax
+	mov	DWORD PTR 4[edi],ebx
+	jmp	$L031finish
+$L028decrypt:
+	and	ebp,		4294967288
+	mov	eax,		DWORD PTR 24[esp]
+	mov	ebx,		DWORD PTR 28[esp]
+	jz	$L041decrypt_finish
+L042decrypt_loop:
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	mov	DWORD PTR 16[esp],eax
+	mov	DWORD PTR 20[esp],ebx
+	call	_des_decrypt3
+	mov	eax,		DWORD PTR 16[esp]
+	mov	ebx,		DWORD PTR 20[esp]
+	mov	ecx,		DWORD PTR 24[esp]
+	mov	edx,		DWORD PTR 28[esp]
+	xor	ecx,		eax
+	xor	edx,		ebx
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	mov	DWORD PTR [edi],ecx
+	mov	DWORD PTR 4[edi],edx
+	mov	DWORD PTR 24[esp],eax
+	mov	DWORD PTR 28[esp],ebx
+	add	esi,		8
+	add	edi,		8
+	sub	ebp,		8
+	jnz	L042decrypt_loop
+$L041decrypt_finish:
+	mov	ebp,		DWORD PTR 60[esp]
+	and	ebp,		7
+	jz	$L031finish
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	mov	DWORD PTR 16[esp],eax
+	mov	DWORD PTR 20[esp],ebx
+	call	_des_decrypt3
+	mov	eax,		DWORD PTR 16[esp]
+	mov	ebx,		DWORD PTR 20[esp]
+	mov	ecx,		DWORD PTR 24[esp]
+	mov	edx,		DWORD PTR 28[esp]
+	xor	ecx,		eax
+	xor	edx,		ebx
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+L043dj7:
+	ror	edx,		16
+	mov	BYTE PTR 6[edi],dl
+	shr	edx,		16
+L044dj6:
+	mov	BYTE PTR 5[edi],dh
+L045dj5:
+	mov	BYTE PTR 4[edi],dl
+L046dj4:
+	mov	DWORD PTR [edi],ecx
+	jmp	$L047djend
+L048dj3:
+	ror	ecx,		16
+	mov	BYTE PTR 2[edi],cl
+	shl	ecx,		16
+L049dj2:
+	mov	BYTE PTR 1[esi],ch
+L050dj1:
+	mov	BYTE PTR [esi],	cl
+$L047djend:
+	jmp	$L031finish
+$L031finish:
+	mov	ecx,		DWORD PTR 76[esp]
+	add	esp,		32
+	mov	DWORD PTR [ecx],eax
+	mov	DWORD PTR 4[ecx],ebx
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+$L032cbc_enc_jmp_table:
+	DD	0
+	DD	L040ej1
+	DD	L039ej2
+	DD	L038ej3
+	DD	L036ej4
+	DD	L035ej5
+	DD	L034ej6
+	DD	L033ej7
+L051cbc_dec_jmp_table:
+	DD	0
+	DD	L050dj1
+	DD	L049dj2
+	DD	L048dj3
+	DD	L046dj4
+	DD	L045dj5
+	DD	L044dj6
+	DD	L043dj7
+_des_ede3_cbc_encrypt ENDP
+_TEXT	ENDS
+END
diff --git a/crypto/libdes/asm/des-586.pl b/crypto/libdes/asm/des-586.pl
new file mode 100644
index 0000000..f054071
--- /dev/null
+++ b/crypto/libdes/asm/des-586.pl
@@ -0,0 +1,253 @@
+#!/usr/local/bin/perl
+#
+# The inner loop instruction sequence and the IP/FP modifications are from
+# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+#
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+require "desboth.pl";
+
+# base code is in microsft
+# op dest, source
+# format.
+#
+
+&asm_init($ARGV[0],"des-586.pl");
+
+$L="edi";
+$R="esi";
+
+&external_label("des_SPtrans");
+&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt2",0);
+&des_encrypt3("des_encrypt3",1);
+&des_encrypt3("des_decrypt3",0);
+&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
+&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
+
+&asm_finish();
+
+sub des_encrypt
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin_B($name,"EXTRN   _des_SPtrans:DWORD");
+
+	&push("esi");
+	&push("edi");
+
+	&comment("");
+	&comment("Load the 2 words");
+	$ks="ebp";
+
+	if ($do_ip)
+		{
+		&mov($R,&wparam(0));
+		 &xor(	"ecx",		"ecx"		);
+
+		&push("ebx");
+		&push("ebp");
+
+		&mov("eax",&DWP(0,$R,"",0));
+		 &mov("ebx",&wparam(2));	# get encrypt flag
+		&mov($L,&DWP(4,$R,"",0));
+		&comment("");
+		&comment("IP");
+		&IP_new("eax",$L,$R,3);
+		}
+	else
+		{
+		&mov("eax",&wparam(0));
+		 &xor(	"ecx",		"ecx"		);
+
+		&push("ebx");
+		&push("ebp");
+
+		&mov($R,&DWP(0,"eax","",0));
+		 &mov("ebx",&wparam(2));	# get encrypt flag
+		&rotl($R,3);
+		&mov($L,&DWP(4,"eax","",0));
+		&rotl($L,3);
+		}
+
+	&mov(	$ks,		&wparam(1)	);
+	&cmp("ebx","0");
+	&je(&label("start_decrypt"));
+
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+	&jmp(&label("end"));
+
+	&set_label("start_decrypt");
+
+	for ($i=15; $i>0; $i-=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&comment("");
+		&comment("Round ".sprintf("%d",$i-1));
+		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+
+	&set_label("end");
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("FP");
+		&mov("edx",&wparam(0));
+		&FP_new($L,$R,"eax",3);
+
+		&mov(&DWP(0,"edx","",0),"eax");
+		&mov(&DWP(4,"edx","",0),$R);
+		}
+	else
+		{
+		&comment("");
+		&comment("Fixup");
+		&rotr($L,3);		# r
+		 &mov("eax",&wparam(0));
+		&rotr($R,3);		# l
+		 &mov(&DWP(0,"eax","",0),$L);
+		 &mov(&DWP(4,"eax","",0),$R);
+		}
+
+	&pop("ebp");
+	&pop("ebx");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+
+	&function_end_B($name);
+	}
+
+sub D_ENCRYPT
+	{
+	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
+
+	 &mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));
+	&xor(	$tmp1,		$tmp1);
+	 &mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));
+	&xor(	$u,		$R);
+	 &xor(	$t,		$R);
+	&and(	$u,		"0xfcfcfcfc"	);
+	 &and(	$t,		"0xcfcfcfcf"	);
+	&movb(	&LB($tmp1),	&LB($u)	);
+	 &movb(	&LB($tmp2),	&HB($u)	);
+	&rotr(	$t,		4		);
+	&mov(	$ks,		&DWP("      $desSP",$tmp1,"",0));
+	 &movb(	&LB($tmp1),	&LB($t)	);
+	&xor(	$L,		$ks);
+	 &mov(	$ks,		&DWP("0x200+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks); ######
+	 &movb(	&LB($tmp2),	&HB($t)	);
+	&shr(	$u,		16);
+	 &mov(	$ks,		&DWP("0x100+$desSP",$tmp1,"",0));
+	&xor(	$L,		$ks); ######
+	 &movb(	&LB($tmp1),	&HB($u)	);
+	&shr(	$t,		16);
+	 &mov(	$ks,		&DWP("0x300+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks);
+	 &mov(	$ks,		&wparam(1)	);
+	&movb(	&LB($tmp2),	&HB($t)	);
+	 &and(	$u,		"0xff"	);
+	&and(	$t,		"0xff"	);
+	 &mov(	$tmp1,		&DWP("0x600+$desSP",$tmp1,"",0));
+	&xor(	$L,		$tmp1);
+	 &mov(	$tmp1,		&DWP("0x700+$desSP",$tmp2,"",0));
+	&xor(	$L,		$tmp1);
+	 &mov(	$tmp1,		&DWP("0x400+$desSP",$u,"",0));
+	&xor(	$L,		$tmp1);
+	 &mov(	$tmp1,		&DWP("0x500+$desSP",$t,"",0));
+	&xor(	$L,		$tmp1);
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask,$last)=@_;
+
+	&rotl(	$a,		$shift		) if ($shift != 0);
+	&mov(	$tt,		$a		);
+	&xor(	$a,		$b		);
+	&and(	$a,		$mask		);
+	# This can never succeed, and besides it is difficult to see what the
+	# idea was - Ben 13 Feb 99
+	if (!$last eq $b)
+		{
+		&xor(	$b,		$a		);
+		&xor(	$tt,		$a		);
+		}
+	else
+		{
+		&xor(	$tt,		$a		);
+		&xor(	$b,		$a		);
+		}
+	&comment("");
+	}
+
+sub IP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
+	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+	
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotr($tt,	3-$lr); }
+		else	{ &rotl($tt,	$lr-3); }
+		}
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotr($r,	2-$lr); }
+		else	{ &rotl($r,	$lr-2); }
+		}
+	}
+
+sub FP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotl($r,	2-$lr); }
+		else	{ &rotr($r,	$lr-2); }
+		}
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotl($l,	3-$lr); }
+		else	{ &rotr($l,	$lr-3); }
+		}
+
+	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
+	&rotr($tt	, 4);
+	}
+
diff --git a/crypto/libdes/asm/des-som2.pl b/crypto/libdes/asm/des-som2.pl
new file mode 100644
index 0000000..911d985
--- /dev/null
+++ b/crypto/libdes/asm/des-som2.pl
@@ -0,0 +1,308 @@
+#!/usr/local/bin/perl
+#
+# The inner loop instruction sequence and the IP/FP modifications are from
+# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+#
+
+$prog="des-som2.pl";
+
+# base code is in microsft
+# op dest, source
+# format.
+#
+
+require "desboth.pl";
+
+if (	($ARGV[0] eq "elf"))
+	{ require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "a.out"))
+	{ $aout=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "sol"))
+	{ $sol=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "cpp"))
+	{ $cpp=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "win32"))
+	{ require "x86ms.pl"; }
+else
+	{
+	print STDERR <<"EOF";
+Pick one target type from
+	elf	- linux, FreeBSD etc
+	a.out	- old linux
+	sol	- x86 solaris
+	cpp	- format so x86unix.cpp can be used
+	win32	- Windows 95/Windows NT
+EOF
+	exit(1);
+	}
+
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $prog");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of elf, a.out, Win32, or Solaris");
+&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");
+&comment("eric <eay\@mincom.oz.au>");
+&comment("The inner loop instruction sequence and the IP/FP modifications");
+&comment("are from Svend Olaf Mikkelsen <svolaf\@inet.uni-c.dk>");
+
+&comment("");
+
+&file("dx86xxxx");
+
+$L="edi";
+$R="esi";
+
+&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt2",0);
+
+&des_encrypt3("des_encrypt3",1);
+&des_encrypt3("des_decrypt3",0);
+
+&file_end();
+
+sub des_encrypt
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin($name,3);
+
+	&comment("");
+	&comment("Load the 2 words");
+	&mov("eax",&wparam(0));
+	&mov($R,&DWP(0,"eax","",0));
+	&mov($L,&DWP(4,"eax","",0));
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("IP");
+		&IP_new($R,$L,"eax",3);
+#		&comment("");
+#		&comment("fixup rotate");
+#		&rotl($R,3);
+#		&rotl($L,3);
+		}
+	else
+		{
+		&comment("");
+		&comment("fixup rotate");
+		&rotl($R,3);
+		&rotl($L,3);
+		}
+
+	&comment("");
+	&comment("load counter, key_schedule and enc flag");
+
+	# encrypting part
+
+	$ks="ebp";
+#	&xor(	"ebx",		"ebx"		);
+	&mov("eax",&wparam(2));	# get encrypt flag
+	&xor(	"ecx",		"ecx"		);
+	&cmp("eax","0");
+	&mov(	$ks,		&wparam(1)	);
+	&je(&label("start_decrypt"));
+
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+	&jmp(&label("end"));
+
+	&set_label("start_decrypt");
+
+	for ($i=15; $i>0; $i-=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&comment("");
+		&comment("Round ".sprintf("%d",$i-1));
+		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+
+	&set_label("end");
+
+	if ($do_ip)
+		{
+#		&comment("");
+#		&comment("Fixup");
+#		&rotr($L,3);		# r
+#		&rotr($R,3);		# l
+		&comment("");
+		&comment("FP");
+		&FP_new($R,$L,"eax",3);
+		}
+	else
+		{
+		&comment("");
+		&comment("Fixup");
+		&rotr($L,3);		# r
+		&rotr($R,3);		# l
+		}
+
+	&mov("eax",&wparam(0));
+	&mov(&DWP(0,"eax","",0),$L);
+	&mov(&DWP(4,"eax","",0),$R);
+
+	&function_end($name);
+	}
+
+sub D_ENCRYPT
+	{
+	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
+
+	&mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));
+	&xor(	$tmp1,		$tmp1);
+	&mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));
+	&xor(	$u,		$R);
+	&xor(	$t,		$R);
+	&and(	$u,		"0xfcfcfcfc"	);
+	&and(	$t,		"0xcfcfcfcf"	);
+	&movb(	&LB($tmp1),	&LB($u)	);
+	&movb(	&LB($tmp2),	&HB($u)	);
+	&rotr(	$t,		4		);
+	&mov(	$ks,		&DWP("      $desSP",$tmp1,"",0));
+	&movb(	&LB($tmp1),	&LB($t)	);
+	&xor(	$L,		$ks);
+	&mov(	$ks,		&DWP("0x200+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks); ######
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&shr(	$u,		16);
+	&mov(	$ks,		&DWP("0x100+$desSP",$tmp1,"",0));
+	&xor(	$L,		$ks); ######
+	&movb(	&LB($tmp1),	&HB($u)	);
+	&shr(	$t,		16);
+	&mov(	$ks,		&DWP("0x300+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks);
+	&mov(	$ks,		&DWP(24,"esp","",0)); ####
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&and(	$u,		"0xff"	);
+	&and(	$t,		"0xff"	);
+	&mov(	$tmp1,		&DWP("0x600+$desSP",$tmp1,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x700+$desSP",$tmp2,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x400+$desSP",$u,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x500+$desSP",$t,"",0));
+	&xor(	$L,		$tmp1);
+	}
+
+sub PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask)=@_;
+
+	&mov(	$tt,		$a		);
+	&shr(	$tt,		$shift		);
+	&xor(	$tt,		$b		);
+	&and(	$tt,		$mask		);
+	&xor(	$b,		$tt		);
+	&shl(	$tt,		$shift		);
+	&xor(	$a,		$tt		);
+	}
+
+sub IP
+	{
+	local($l,$r,$tt)=@_;
+
+	&PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");
+	&PERM_OP($l,$r,$tt,16,"0x0000ffff");
+	&PERM_OP($r,$l,$tt, 2,"0x33333333");
+	&PERM_OP($l,$r,$tt, 8,"0x00ff00ff");
+	&PERM_OP($r,$l,$tt, 1,"0x55555555");
+	}
+
+sub FP
+	{
+	local($l,$r,$tt)=@_;
+
+	&PERM_OP($l,$r,$tt, 1,"0x55555555");
+        &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");
+        &PERM_OP($l,$r,$tt, 2,"0x33333333");
+        &PERM_OP($r,$l,$tt,16,"0x0000ffff");
+        &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask,$last)=@_;
+
+	&rotl(	$a,		$shift		) if ($shift != 0);
+	&mov(	$tt,		$b		);
+	&xor(	$tt,		$a		);
+	&and(	$tt,		$mask		);
+	if ($last eq $b)
+		{
+		&xor(	$a,		$tt		);
+		&xor(	$b,		$tt		);
+		}
+	else
+		{
+		&xor(	$b,		$tt		);
+		&xor(	$a,		$tt		);
+		}
+	&comment("");
+	}
+
+sub IP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+	&R_PERM_OP($r,$l,$tt,20,"0xfff0000f",$l);
+	&R_PERM_OP($r,$l,$tt,14,"0x33333333",$r);
+	&R_PERM_OP($l,$r,$tt,22,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+	
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotr($l,	3-$lr); }
+		else	{ &rotl($l,	$lr-3); }
+		}
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotr($r,	2-$lr); }
+		else	{ &rotl($r,	$lr-2); }
+		}
+	}
+
+sub FP_new
+	{
+	local($r,$l,$tt,$lr)=@_;
+
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotl($r,	2-$lr); }
+		else	{ &rotr($r,	$lr-2); }
+		}
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotl($l,	3-$lr); }
+		else	{ &rotr($l,	$lr-3); }
+		}
+
+	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+	&R_PERM_OP($l,$r,$tt,23,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+	&R_PERM_OP($r,$l,$tt,18,"0xfff0000f",$l);
+	&R_PERM_OP($r,$l,$tt,12,"0xf0f0f0f0",$r);
+	&rotr($l	, 4);
+	}
+
diff --git a/crypto/libdes/asm/des-som3.pl b/crypto/libdes/asm/des-som3.pl
new file mode 100644
index 0000000..e1ba3bc
--- /dev/null
+++ b/crypto/libdes/asm/des-som3.pl
@@ -0,0 +1,266 @@
+#!/usr/local/bin/perl
+#
+# The inner loop instruction sequence and the IP/FP modifications are from
+# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+#
+
+$prog="des-som3.pl";
+
+# base code is in microsft
+# op dest, source
+# format.
+#
+
+require "desboth.pl";
+
+if (	($ARGV[0] eq "elf"))
+	{ require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "a.out"))
+	{ $aout=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "sol"))
+	{ $sol=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "cpp"))
+	{ $cpp=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "win32"))
+	{ require "x86ms.pl"; }
+else
+	{
+	print STDERR <<"EOF";
+Pick one target type from
+	elf	- linux, FreeBSD etc
+	a.out	- old linux
+	sol	- x86 solaris
+	cpp	- format so x86unix.cpp can be used
+	win32	- Windows 95/Windows NT
+EOF
+	exit(1);
+	}
+
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $prog");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of elf, a.out, Win32, or Solaris");
+&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");
+&comment("eric <eay\@mincom.oz.au>");
+&comment("The inner loop instruction sequence and the IP/FP modifications");
+&comment("are from Svend Olaf Mikkelsen <svolaf\@inet.uni-c.dk>");
+
+&comment("");
+
+&file("dx86xxxx");
+
+$L="edi";
+$R="esi";
+
+&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt2",0);
+
+&des_encrypt3("des_encrypt3",1);
+&des_encrypt3("des_decrypt3",0);
+
+&file_end();
+
+sub des_encrypt
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin($name,3);
+
+	&comment("");
+	&comment("Load the 2 words");
+	$ks="ebp";
+
+	if ($do_ip)
+		{
+		&mov($R,&wparam(0));
+		 &xor(	"ecx",		"ecx"		);
+		&mov("eax",&DWP(0,$R,"",0));
+		 &mov("ebx",&wparam(2));	# get encrypt flag
+		&mov($L,&DWP(4,$R,"",0));
+		&comment("");
+		&comment("IP");
+		&IP_new("eax",$L,$R,3);
+		}
+	else
+		{
+		&mov("eax",&wparam(0));
+		 &xor(	"ecx",		"ecx"		);
+		&mov($R,&DWP(0,"eax","",0));
+		 &mov("ebx",&wparam(2));	# get encrypt flag
+		&rotl($R,3);
+		&mov($L,&DWP(4,"eax","",0));
+		&rotl($L,3);
+		}
+
+	&cmp("ebx","0");
+	&mov(	$ks,		&wparam(1)	);
+	&je(&label("start_decrypt"));
+
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+	&jmp(&label("end"));
+
+	&set_label("start_decrypt");
+
+	for ($i=15; $i>0; $i-=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&comment("");
+		&comment("Round ".sprintf("%d",$i-1));
+		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+
+	&set_label("end");
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("FP");
+		&mov("edx",&wparam(0));
+		&FP_new($L,$R,"eax",3);
+
+		&mov(&DWP(0,"edx","",0),"eax");
+		&mov(&DWP(4,"edx","",0),$R);
+		}
+	else
+		{
+		&comment("");
+		&comment("Fixup");
+		&rotr($L,3);		# r
+		 &mov("eax",&wparam(0));
+		&rotr($R,3);		# l
+		 &mov(&DWP(0,"eax","",0),$L);
+		 &mov(&DWP(4,"eax","",0),$R);
+		}
+
+
+	&function_end($name);
+	}
+
+sub D_ENCRYPT
+	{
+	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
+
+	&mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));
+	&xor(	$tmp1,		$tmp1);
+	&mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));
+	&xor(	$u,		$R);
+	&xor(	$t,		$R);
+	&and(	$u,		"0xfcfcfcfc"	);
+	&and(	$t,		"0xcfcfcfcf"	);
+	&movb(	&LB($tmp1),	&LB($u)	);
+	&movb(	&LB($tmp2),	&HB($u)	);
+	&rotr(	$t,		4		);
+	&mov(	$ks,		&DWP("      $desSP",$tmp1,"",0));
+	&movb(	&LB($tmp1),	&LB($t)	);
+	&xor(	$L,		$ks);
+	&mov(	$ks,		&DWP("0x200+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks); ######
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&shr(	$u,		16);
+	&mov(	$ks,		&DWP("0x100+$desSP",$tmp1,"",0));
+	&xor(	$L,		$ks); ######
+	&movb(	&LB($tmp1),	&HB($u)	);
+	&shr(	$t,		16);
+	&mov(	$ks,		&DWP("0x300+$desSP",$tmp2,"",0));
+	&xor(	$L,		$ks);
+	&mov(	$ks,		&DWP(24,"esp","",0)); ####
+	&movb(	&LB($tmp2),	&HB($t)	);
+	&and(	$u,		"0xff"	);
+	&and(	$t,		"0xff"	);
+	&mov(	$tmp1,		&DWP("0x600+$desSP",$tmp1,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x700+$desSP",$tmp2,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x400+$desSP",$u,"",0));
+	&xor(	$L,		$tmp1);
+	&mov(	$tmp1,		&DWP("0x500+$desSP",$t,"",0));
+	&xor(	$L,		$tmp1);
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
+
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask,$last)=@_;
+
+	&rotl(	$a,		$shift		) if ($shift != 0);
+	&mov(	$tt,		$a		);
+	&xor(	$a,		$b		);
+	&and(	$a,		$mask		);
+	if ($notlast eq $b)
+		{
+		&xor(	$b,		$a		);
+		&xor(	$tt,		$a		);
+		}
+	else
+		{
+		&xor(	$tt,		$a		);
+		&xor(	$b,		$a		);
+		}
+	&comment("");
+	}
+
+sub IP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
+	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+	
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotr($tt,	3-$lr); }
+		else	{ &rotl($tt,	$lr-3); }
+		}
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotr($r,	2-$lr); }
+		else	{ &rotl($r,	$lr-2); }
+		}
+	}
+
+sub FP_new
+	{
+	local($l,$r,$tt,$lr)=@_;
+
+	if ($lr != 2)
+		{
+		if (($lr-2) < 0)
+			{ &rotl($r,	2-$lr); }
+		else	{ &rotr($r,	$lr-2); }
+		}
+	if ($lr != 3)
+		{
+		if (($lr-3) < 0)
+			{ &rotl($l,	3-$lr); }
+		else	{ &rotr($l,	$lr-3); }
+		}
+
+	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
+	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
+	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
+	&rotr($tt	, 4);
+	}
+
diff --git a/crypto/libdes/asm/des586.pl b/crypto/libdes/asm/des586.pl
new file mode 100644
index 0000000..c2bee84
--- /dev/null
+++ b/crypto/libdes/asm/des586.pl
@@ -0,0 +1,210 @@
+#!/usr/local/bin/perl
+
+$prog="des586.pl";
+
+# base code is in microsft
+# op dest, source
+# format.
+#
+
+# WILL NOT WORK ANYMORE WITH desboth.pl
+require "desboth.pl";
+
+if (	($ARGV[0] eq "elf"))
+	{ require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "a.out"))
+	{ $aout=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "sol"))
+	{ $sol=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "cpp"))
+	{ $cpp=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "win32"))
+	{ require "x86ms.pl"; }
+else
+	{
+	print STDERR <<"EOF";
+Pick one target type from
+	elf	- linux, FreeBSD etc
+	a.out	- old linux
+	sol	- x86 solaris
+	cpp	- format so x86unix.cpp can be used
+	win32	- Windows 95/Windows NT
+EOF
+	exit(1);
+	}
+
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $prog");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of elf, a.out, Win32, or Solaris");
+&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");
+&comment("eric <eay\@mincom.oz.au>");
+&comment("");
+
+&file("dx86xxxx");
+
+$L="edi";
+$R="esi";
+
+&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt2",0);
+
+&des_encrypt3("des_encrypt3",1);
+&des_encrypt3("des_decrypt3",0);
+
+&file_end();
+
+sub des_encrypt
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin($name,3);
+
+	&comment("");
+	&comment("Load the 2 words");
+	&mov("eax",&wparam(0));
+	&mov($R,&DWP(0,"eax","",0));
+	&mov($L,&DWP(4,"eax","",0));
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("IP");
+		&IP($R,$L,"eax");
+		}
+
+	&comment("");
+	&comment("fixup rotate");
+	&rotl($R,3);
+	&rotl($L,3);
+
+	&comment("");
+	&comment("load counter, key_schedule and enc flag");
+
+	# encrypting part
+
+	$ks="ebp";
+	&xor(	"ebx",		"ebx"		);
+	&mov("eax",&wparam(2));	# get encrypt flag
+	&xor(	"ecx",		"ecx"		);
+	&cmp("eax","0");
+	&mov(	$ks,		&wparam(1)	);
+	&je(&label("start_decrypt"));
+
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+	&jmp(&label("end"));
+
+	&set_label("start_decrypt");
+
+	for ($i=15; $i>0; $i-=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&comment("");
+		&comment("Round ".sprintf("%d",$i-1));
+		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		}
+
+	&set_label("end");
+
+	&comment("");
+	&comment("Fixup");
+	&rotr($L,3);		# r
+	&rotr($R,3);		# l
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("FP");
+		&FP($R,$L,"eax");
+		}
+
+	&mov("eax",&wparam(0));
+	&mov(&DWP(0,"eax","",0),$L);
+	&mov(&DWP(4,"eax","",0),$R);
+
+	&function_end($name);
+	}
+
+sub D_ENCRYPT
+	{
+	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
+
+	 &mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));
+	&mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));
+	 &xor(	$t,		$R);
+	&xor(	$u,		$R);
+	 &rotr(	$t,		4		);
+	&and(	$u,		"0xfcfcfcfc"	);
+	 &and(	$t,		"0xfcfcfcfc"	);
+	&movb(	&LB($tmp1),	&LB($u)	);
+	&movb(	&LB($tmp2),	&HB($u)	);
+	&xor(	$L,		&DWP("      $desSP",$tmp1,"",0));
+	&shr(	$u,		16);
+	&xor(	$L,		&DWP("0x200+$desSP",$tmp2,"",0));
+	&movb(	&LB($tmp1),	&LB($u)	);
+	&movb(	&LB($tmp2),	&HB($u)	);
+	&xor(	$L,		&DWP("0x400+$desSP",$tmp1,"",0));
+	&mov(	$u,		&DWP("0x600+$desSP",$tmp2,"",0));
+
+	 &movb(	&LB($tmp1),	&LB($t)	);
+	 &movb(	&LB($tmp2),	&HB($t)	);
+	 &xor(	$L,		&DWP("0x100+$desSP",$tmp1,"",0));
+	 &shr(	$t,		16);
+	 &xor(	$u,		&DWP("0x300+$desSP",$tmp2,"",0));
+	 &movb(	&LB($tmp1),	&LB($t)	);
+	 &movb(	&LB($tmp2),	&HB($t)	);
+	 &xor(	$L,		&DWP("0x500+$desSP",$tmp1,"",0));
+	 &xor(	$u,		&DWP("0x700+$desSP",$tmp2,"",0));
+	 &xor(  $L,	$u);
+	}
+
+sub PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask)=@_;
+
+	&mov(	$tt,		$a		);
+	&shr(	$tt,		$shift		);
+	&xor(	$tt,		$b		);
+	&and(	$tt,		$mask		);
+	&xor(	$b,		$tt		);
+	&shl(	$tt,		$shift		);
+	&xor(	$a,		$tt		);
+	}
+
+sub IP
+	{
+	local($l,$r,$tt)=@_;
+
+	&PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");
+	&PERM_OP($l,$r,$tt,16,"0x0000ffff");
+	&PERM_OP($r,$l,$tt, 2,"0x33333333");
+	&PERM_OP($l,$r,$tt, 8,"0x00ff00ff");
+	&PERM_OP($r,$l,$tt, 1,"0x55555555");
+	}
+
+sub FP
+	{
+	local($l,$r,$tt)=@_;
+
+	&PERM_OP($l,$r,$tt, 1,"0x55555555");
+        &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");
+        &PERM_OP($l,$r,$tt, 2,"0x33333333");
+        &PERM_OP($r,$l,$tt,16,"0x0000ffff");
+        &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
diff --git a/crypto/libdes/asm/des686.pl b/crypto/libdes/asm/des686.pl
new file mode 100644
index 0000000..77dc5b5
--- /dev/null
+++ b/crypto/libdes/asm/des686.pl
@@ -0,0 +1,230 @@
+#!/usr/local/bin/perl
+
+$prog="des686.pl";
+
+# base code is in microsft
+# op dest, source
+# format.
+#
+
+# WILL NOT WORK ANYMORE WITH desboth.pl
+require "desboth.pl";
+
+if (	($ARGV[0] eq "elf"))
+	{ require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "a.out"))
+	{ $aout=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "sol"))
+	{ $sol=1; require "x86unix.pl"; }
+elsif ( ($ARGV[0] eq "cpp"))
+	{ $cpp=1; require "x86unix.pl"; }
+elsif (	($ARGV[0] eq "win32"))
+	{ require "x86ms.pl"; }
+else
+	{
+	print STDERR <<"EOF";
+Pick one target type from
+	elf	- linux, FreeBSD etc
+	a.out	- old linux
+	sol	- x86 solaris
+	cpp	- format so x86unix.cpp can be used
+	win32	- Windows 95/Windows NT
+EOF
+	exit(1);
+	}
+
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $prog");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of elf, a.out, Win32, or Solaris");
+&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");
+&comment("eric <eay\@cryptsoft.com>");
+&comment("");
+
+&file("dx86xxxx");
+
+$L="edi";
+$R="esi";
+
+&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt2",0);
+
+&des_encrypt3("des_encrypt3",1);
+&des_encrypt3("des_decrypt3",0);
+
+&file_end();
+
+sub des_encrypt
+	{
+	local($name,$do_ip)=@_;
+
+	&function_begin($name,"EXTRN   _des_SPtrans:DWORD");
+
+	&comment("");
+	&comment("Load the 2 words");
+	&mov("eax",&wparam(0));
+	&mov($L,&DWP(0,"eax","",0));
+	&mov($R,&DWP(4,"eax","",0));
+
+	$ksp=&wparam(1);
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("IP");
+		&IP_new($L,$R,"eax");
+		}
+
+	&comment("");
+	&comment("fixup rotate");
+	&rotl($R,3);
+	&rotl($L,3);
+	&exch($L,$R);
+
+	&comment("");
+	&comment("load counter, key_schedule and enc flag");
+	&mov("eax",&wparam(2));	# get encrypt flag
+	&mov("ebp",&wparam(1));	# get ks
+	&cmp("eax","0");
+	&je(&label("start_decrypt"));
+
+	# encrypting part
+
+	for ($i=0; $i<16; $i+=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+
+		&comment("");
+		&comment("Round ".sprintf("%d",$i+1));
+		&D_ENCRYPT($R,$L,($i+1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		}
+	&jmp(&label("end"));
+
+	&set_label("start_decrypt");
+
+	for ($i=15; $i>0; $i-=2)
+		{
+		&comment("");
+		&comment("Round $i");
+		&D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		&comment("");
+		&comment("Round ".sprintf("%d",$i-1));
+		&D_ENCRYPT($R,$L,($i-1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		}
+
+	&set_label("end");
+
+	&comment("");
+	&comment("Fixup");
+	&rotr($L,3);		# r
+	&rotr($R,3);		# l
+
+	if ($do_ip)
+		{
+		&comment("");
+		&comment("FP");
+		&FP_new($R,$L,"eax");
+		}
+
+	&mov("eax",&wparam(0));
+	&mov(&DWP(0,"eax","",0),$L);
+	&mov(&DWP(4,"eax","",0),$R);
+
+	&function_end($name);
+	}
+
+
+# The logic is to load R into 2 registers and operate on both at the same time.
+# We also load the 2 R's into 2 more registers so we can do the 'move word down a byte'
+# while also masking the other copy and doing a lookup.  We then also accumulate the
+# L value in 2 registers then combine them at the end.
+sub D_ENCRYPT
+	{
+	local($L,$R,$S,$ks,$desSP,$u,$t,$tmp1,$tmp2,$tmp3)=@_;
+
+	&mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));
+	&mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));
+	&xor(	$u,		$R		);
+	&xor(	$t,		$R		);
+	&rotr(	$t,		4		);
+
+	# the numbers at the end of the line are origional instruction order
+	&mov(	$tmp2,		$u		);			# 1 2
+	&mov(	$tmp1,		$t		);			# 1 1
+	&and(	$tmp2,		"0xfc"		);			# 1 4
+	&and(	$tmp1,		"0xfc"		);			# 1 3
+	&shr(	$t,		8		);			# 1 5
+	&xor(	$L,		&DWP("0x100+$desSP",$tmp1,"",0));	# 1 7
+	&shr(	$u,		8		);			# 1 6
+	&mov(	$tmp1,		&DWP("      $desSP",$tmp2,"",0));	# 1 8
+
+	&mov(	$tmp2,		$u		);			# 2 2
+	&xor(	$L,		$tmp1		);			# 1 9
+	&and(	$tmp2,		"0xfc"		);			# 2 4
+	&mov(	$tmp1,		$t		);			# 2 1
+	&and(	$tmp1,		"0xfc"		);			# 2 3
+	&shr(	$t,		8		);			# 2 5
+	&xor(	$L,		&DWP("0x300+$desSP",$tmp1,"",0));	# 2 7
+	&shr(	$u,		8		);			# 2 6
+	&mov(	$tmp1,		&DWP("0x200+$desSP",$tmp2,"",0));	# 2 8
+	&mov(	$tmp2,		$u		);			# 3 2
+
+	&xor(	$L,		$tmp1		);			# 2 9
+	&and(	$tmp2,		"0xfc"		);			# 3 4
+
+	&mov(	$tmp1,		$t		);			# 3 1 
+	&shr(	$u,		8		);			# 3 6
+	&and(	$tmp1,		"0xfc"		);			# 3 3
+	&shr(	$t,		8		);			# 3 5
+	&xor(	$L,		&DWP("0x500+$desSP",$tmp1,"",0));	# 3 7
+	&mov(	$tmp1,		&DWP("0x400+$desSP",$tmp2,"",0));	# 3 8
+
+	&and(	$t,		"0xfc"		);			# 4 1
+	&xor(	$L,		$tmp1		);			# 3 9
+
+	&and(	$u,		"0xfc"		);			# 4 2
+	&xor(	$L,		&DWP("0x700+$desSP",$t,"",0));		# 4 3
+	&xor(	$L,		&DWP("0x600+$desSP",$u,"",0));		# 4 4
+	}
+
+sub PERM_OP
+	{
+	local($a,$b,$tt,$shift,$mask)=@_;
+
+	&mov(	$tt,		$a		);
+	&shr(	$tt,		$shift		);
+	&xor(	$tt,		$b		);
+	&and(	$tt,		$mask		);
+	&xor(	$b,		$tt		);
+	&shl(	$tt,		$shift		);
+	&xor(	$a,		$tt		);
+	}
+
+sub IP_new
+	{
+	local($l,$r,$tt)=@_;
+
+	&PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");
+	&PERM_OP($l,$r,$tt,16,"0x0000ffff");
+	&PERM_OP($r,$l,$tt, 2,"0x33333333");
+	&PERM_OP($l,$r,$tt, 8,"0x00ff00ff");
+	&PERM_OP($r,$l,$tt, 1,"0x55555555");
+	}
+
+sub FP_new
+	{
+	local($l,$r,$tt)=@_;
+
+	&PERM_OP($l,$r,$tt, 1,"0x55555555");
+        &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");
+        &PERM_OP($l,$r,$tt, 2,"0x33333333");
+        &PERM_OP($r,$l,$tt,16,"0x0000ffff");
+        &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");
+	}
+
+sub n2a
+	{
+	sprintf("%d",$_[0]);
+	}
diff --git a/crypto/libdes/asm/desboth.pl b/crypto/libdes/asm/desboth.pl
new file mode 100644
index 0000000..d510641
--- /dev/null
+++ b/crypto/libdes/asm/desboth.pl
@@ -0,0 +1,79 @@
+#!/usr/local/bin/perl
+
+$L="edi";
+$R="esi";
+
+sub des_encrypt3
+	{
+	local($name,$enc)=@_;
+
+	&function_begin_B($name,"");
+	&push("ebx");
+	&mov("ebx",&wparam(0));
+
+	&push("ebp");
+	&push("esi");
+
+	&push("edi");
+
+	&comment("");
+	&comment("Load the data words");
+	&mov($L,&DWP(0,"ebx","",0));
+	&mov($R,&DWP(4,"ebx","",0));
+	&stack_push(3);
+
+	&comment("");
+	&comment("IP");
+	&IP_new($L,$R,"edx",0);
+
+	# put them back
+	
+	if ($enc)
+		{
+		&mov(&DWP(4,"ebx","",0),$R);
+		 &mov("eax",&wparam(1));
+		&mov(&DWP(0,"ebx","",0),"edx");
+		 &mov("edi",&wparam(2));
+		 &mov("esi",&wparam(3));
+		}
+	else
+		{
+		&mov(&DWP(4,"ebx","",0),$R);
+		 &mov("esi",&wparam(1));
+		&mov(&DWP(0,"ebx","",0),"edx");
+		 &mov("edi",&wparam(2));
+		 &mov("eax",&wparam(3));
+		}
+	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
+	&mov(&swtmp(1),	"eax");
+	&mov(&swtmp(0),	"ebx");
+	&call("des_encrypt2");
+	&mov(&swtmp(2),	(DWC(($enc)?"0":"1")));
+	&mov(&swtmp(1),	"edi");
+	&mov(&swtmp(0),	"ebx");
+	&call("des_encrypt2");
+	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
+	&mov(&swtmp(1),	"esi");
+	&mov(&swtmp(0),	"ebx");
+	&call("des_encrypt2");
+
+	&stack_pop(3);
+	&mov($L,&DWP(0,"ebx","",0));
+	&mov($R,&DWP(4,"ebx","",0));
+
+	&comment("");
+	&comment("FP");
+	&FP_new($L,$R,"eax",0);
+
+	&mov(&DWP(0,"ebx","",0),"eax");
+	&mov(&DWP(4,"ebx","",0),$R);
+
+	&pop("edi");
+	&pop("esi");
+	&pop("ebp");
+	&pop("ebx");
+	&ret();
+	&function_end_B($name);
+	}
+
+
diff --git a/crypto/libdes/asm/dx86-cpp.s b/crypto/libdes/asm/dx86-cpp.s
new file mode 100644
index 0000000..4741452
--- /dev/null
+++ b/crypto/libdes/asm/dx86-cpp.s
@@ -0,0 +1,2781 @@
+	/* Don't even think of reading this code */
+	/* It was automatically generated by des-som2.pl */
+	/* Which is a perl program used to generate the x86 assember for */
+	/* any of elf, a.out, Win32, or Solaris */
+	/* It can be found in SSLeay 0.6.5+ or in libdes 3.26+ */
+	/* eric <eay@cryptsoft.com> */
+	/* The inner loop instruction sequence and the IP/FP modifications */
+	/* are from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> */
+	/* $FreeBSD$ */
+
+	.file	"dx86xxxx.s"
+	.version	"01.01"
+gcc2_compiled.:
+.text
+	.align ALIGN
+.globl des_encrypt
+	TYPE(des_encrypt,@function)
+des_encrypt:
+	pushl	%ebp
+	pushl	%ebx
+	pushl	%esi
+	pushl	%edi
+
+
+	/* Load the 2 words */
+	movl	20(%esp),	%esi
+	xorl	%ecx,		%ecx
+	movl	(%esi),		%eax
+	movl	28(%esp),	%ebx
+	movl	4(%esi),	%edi
+
+	/* IP */
+	roll	$4,		%eax
+	movl	%eax,		%esi
+	xorl	%edi,		%eax
+	andl	$0xf0f0f0f0,	%eax
+	xorl	%eax,		%esi
+	xorl	%eax,		%edi
+
+	roll	$20,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0xfff0000f,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$14,		%eax
+	movl	%eax,		%edi
+	xorl	%esi,		%eax
+	andl	$0x33333333,	%eax
+	xorl	%eax,		%edi
+	xorl	%eax,		%esi
+
+	roll	$22,		%esi
+	movl	%esi,		%eax
+	xorl	%edi,		%esi
+	andl	$0x03fc03fc,	%esi
+	xorl	%esi,		%eax
+	xorl	%esi,		%edi
+
+	roll	$9,		%eax
+	movl	%eax,		%esi
+	xorl	%edi,		%eax
+	andl	$0xaaaaaaaa,	%eax
+	xorl	%eax,		%esi
+	xorl	%eax,		%edi
+
+	roll	$1,		%edi
+	cmpl	$0,		%ebx
+	movl	24(%esp),	%ebp
+	je	.L000start_decrypt
+
+	/* Round 0 */
+	movl	(%ebp),		%eax
+	xorl	%ebx,		%ebx
+	movl	4(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 1 */
+	movl	8(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	12(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 2 */
+	movl	16(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	20(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 3 */
+	movl	24(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	28(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 4 */
+	movl	32(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	36(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 5 */
+	movl	40(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	44(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 6 */
+	movl	48(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	52(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 7 */
+	movl	56(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	60(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 8 */
+	movl	64(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	68(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 9 */
+	movl	72(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	76(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 10 */
+	movl	80(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	84(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 11 */
+	movl	88(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	92(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 12 */
+	movl	96(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	100(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 13 */
+	movl	104(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	108(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 14 */
+	movl	112(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	116(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 15 */
+	movl	120(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	124(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+	jmp	.L001end
+.align ALIGN
+.L000start_decrypt:
+
+	/* Round 15 */
+	movl	120(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	124(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 14 */
+	movl	112(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	116(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 13 */
+	movl	104(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	108(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 12 */
+	movl	96(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	100(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 11 */
+	movl	88(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	92(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 10 */
+	movl	80(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	84(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 9 */
+	movl	72(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	76(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 8 */
+	movl	64(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	68(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 7 */
+	movl	56(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	60(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 6 */
+	movl	48(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	52(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 5 */
+	movl	40(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	44(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 4 */
+	movl	32(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	36(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 3 */
+	movl	24(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	28(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 2 */
+	movl	16(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	20(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 1 */
+	movl	8(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	12(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 0 */
+	movl	(%ebp),		%eax
+	xorl	%ebx,		%ebx
+	movl	4(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+.align ALIGN
+.L001end:
+
+	/* FP */
+	movl	20(%esp),	%edx
+	rorl	$1,		%esi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0xaaaaaaaa,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$23,		%eax
+	movl	%eax,		%edi
+	xorl	%esi,		%eax
+	andl	$0x03fc03fc,	%eax
+	xorl	%eax,		%edi
+	xorl	%eax,		%esi
+
+	roll	$10,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0x33333333,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$18,		%esi
+	movl	%esi,		%edi
+	xorl	%eax,		%esi
+	andl	$0xfff0000f,	%esi
+	xorl	%esi,		%edi
+	xorl	%esi,		%eax
+
+	roll	$12,		%edi
+	movl	%edi,		%esi
+	xorl	%eax,		%edi
+	andl	$0xf0f0f0f0,	%edi
+	xorl	%edi,		%esi
+	xorl	%edi,		%eax
+
+	rorl	$4,		%eax
+	movl	%eax,		(%edx)
+	movl	%esi,		4(%edx)
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.des_encrypt_end:
+	SIZE(des_encrypt,.des_encrypt_end-des_encrypt)
+.ident	"desasm.pl"
+.text
+	.align ALIGN
+.globl des_encrypt2
+	TYPE(des_encrypt2,@function)
+des_encrypt2:
+	pushl	%ebp
+	pushl	%ebx
+	pushl	%esi
+	pushl	%edi
+
+
+	/* Load the 2 words */
+	movl	20(%esp),	%eax
+	xorl	%ecx,		%ecx
+	movl	(%eax),		%esi
+	movl	28(%esp),	%ebx
+	roll	$3,		%esi
+	movl	4(%eax),	%edi
+	roll	$3,		%edi
+	cmpl	$0,		%ebx
+	movl	24(%esp),	%ebp
+	je	.L002start_decrypt
+
+	/* Round 0 */
+	movl	(%ebp),		%eax
+	xorl	%ebx,		%ebx
+	movl	4(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 1 */
+	movl	8(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	12(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 2 */
+	movl	16(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	20(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 3 */
+	movl	24(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	28(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 4 */
+	movl	32(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	36(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 5 */
+	movl	40(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	44(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 6 */
+	movl	48(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	52(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 7 */
+	movl	56(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	60(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 8 */
+	movl	64(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	68(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 9 */
+	movl	72(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	76(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 10 */
+	movl	80(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	84(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 11 */
+	movl	88(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	92(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 12 */
+	movl	96(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	100(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 13 */
+	movl	104(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	108(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 14 */
+	movl	112(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	116(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 15 */
+	movl	120(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	124(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+	jmp	.L003end
+.align ALIGN
+.L002start_decrypt:
+
+	/* Round 15 */
+	movl	120(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	124(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 14 */
+	movl	112(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	116(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 13 */
+	movl	104(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	108(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 12 */
+	movl	96(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	100(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 11 */
+	movl	88(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	92(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 10 */
+	movl	80(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	84(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 9 */
+	movl	72(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	76(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 8 */
+	movl	64(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	68(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 7 */
+	movl	56(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	60(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 6 */
+	movl	48(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	52(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 5 */
+	movl	40(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	44(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 4 */
+	movl	32(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	36(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 3 */
+	movl	24(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	28(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 2 */
+	movl	16(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	20(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+
+	/* Round 1 */
+	movl	8(%ebp),	%eax
+	xorl	%ebx,		%ebx
+	movl	12(%ebp),	%edx
+	xorl	%esi,		%eax
+	xorl	%esi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%edi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%edi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%edi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%edi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%edi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%edi
+
+	/* Round 0 */
+	movl	(%ebp),		%eax
+	xorl	%ebx,		%ebx
+	movl	4(%ebp),	%edx
+	xorl	%edi,		%eax
+	xorl	%edi,		%edx
+	andl	$0xfcfcfcfc,	%eax
+	andl	$0xcfcfcfcf,	%edx
+	movb	%al,		%bl
+	movb	%ah,		%cl
+	rorl	$4,		%edx
+	movl	      des_SPtrans(%ebx),%ebp
+	movb	%dl,		%bl
+	xorl	%ebp,		%esi
+	movl	0x200+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movb	%dh,		%cl
+	shrl	$16,		%eax
+	movl	0x100+des_SPtrans(%ebx),%ebp
+	xorl	%ebp,		%esi
+	movb	%ah,		%bl
+	shrl	$16,		%edx
+	movl	0x300+des_SPtrans(%ecx),%ebp
+	xorl	%ebp,		%esi
+	movl	24(%esp),	%ebp
+	movb	%dh,		%cl
+	andl	$0xff,		%eax
+	andl	$0xff,		%edx
+	movl	0x600+des_SPtrans(%ebx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x700+des_SPtrans(%ecx),%ebx
+	xorl	%ebx,		%esi
+	movl	0x400+des_SPtrans(%eax),%ebx
+	xorl	%ebx,		%esi
+	movl	0x500+des_SPtrans(%edx),%ebx
+	xorl	%ebx,		%esi
+.align ALIGN
+.L003end:
+
+	/* Fixup */
+	rorl	$3,		%edi
+	movl	20(%esp),	%eax
+	rorl	$3,		%esi
+	movl	%edi,		(%eax)
+	movl	%esi,		4(%eax)
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.des_encrypt2_end:
+	SIZE(des_encrypt2,.des_encrypt2_end-des_encrypt2)
+.ident	"desasm.pl"
+.text
+	.align ALIGN
+.globl des_encrypt3
+	TYPE(des_encrypt3,@function)
+des_encrypt3:
+	pushl	%ebp
+	pushl	%ebx
+	pushl	%esi
+	pushl	%edi
+
+
+	/* Load the data words */
+	movl	20(%esp),	%ebx
+	movl	(%ebx),		%edi
+	movl	4(%ebx),	%esi
+
+	/* IP */
+	roll	$4,		%edi
+	movl	%edi,		%edx
+	xorl	%esi,		%edi
+	andl	$0xf0f0f0f0,	%edi
+	xorl	%edi,		%edx
+	xorl	%edi,		%esi
+
+	roll	$20,		%esi
+	movl	%esi,		%edi
+	xorl	%edx,		%esi
+	andl	$0xfff0000f,	%esi
+	xorl	%esi,		%edi
+	xorl	%esi,		%edx
+
+	roll	$14,		%edi
+	movl	%edi,		%esi
+	xorl	%edx,		%edi
+	andl	$0x33333333,	%edi
+	xorl	%edi,		%esi
+	xorl	%edi,		%edx
+
+	roll	$22,		%edx
+	movl	%edx,		%edi
+	xorl	%esi,		%edx
+	andl	$0x03fc03fc,	%edx
+	xorl	%edx,		%edi
+	xorl	%edx,		%esi
+
+	roll	$9,		%edi
+	movl	%edi,		%edx
+	xorl	%esi,		%edi
+	andl	$0xaaaaaaaa,	%edi
+	xorl	%edi,		%edx
+	xorl	%edi,		%esi
+
+	rorl	$3,		%edx
+	rorl	$2,		%esi
+	movl	%esi,		4(%ebx)
+	movl	24(%esp),	%eax
+	movl	%edx,		(%ebx)
+	movl	28(%esp),	%edi
+	movl	32(%esp),	%esi
+	pushl	$1
+	pushl	%eax
+	pushl	%ebx
+	call	des_encrypt2
+	pushl	$0
+	pushl	%edi
+	pushl	%ebx
+	call	des_encrypt2
+	pushl	$1
+	pushl	%esi
+	pushl	%ebx
+	call	des_encrypt2
+	movl	(%ebx),		%edi
+	addl	$36,		%esp
+	movl	4(%ebx),	%esi
+
+	/* FP */
+	roll	$2,		%esi
+	roll	$3,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0xaaaaaaaa,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$23,		%eax
+	movl	%eax,		%edi
+	xorl	%esi,		%eax
+	andl	$0x03fc03fc,	%eax
+	xorl	%eax,		%edi
+	xorl	%eax,		%esi
+
+	roll	$10,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0x33333333,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$18,		%esi
+	movl	%esi,		%edi
+	xorl	%eax,		%esi
+	andl	$0xfff0000f,	%esi
+	xorl	%esi,		%edi
+	xorl	%esi,		%eax
+
+	roll	$12,		%edi
+	movl	%edi,		%esi
+	xorl	%eax,		%edi
+	andl	$0xf0f0f0f0,	%edi
+	xorl	%edi,		%esi
+	xorl	%edi,		%eax
+
+	rorl	$4,		%eax
+	movl	%eax,		(%ebx)
+	movl	%esi,		4(%ebx)
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.des_encrypt3_end:
+	SIZE(des_encrypt3,.des_encrypt3_end-des_encrypt3)
+.ident	"desasm.pl"
+.text
+	.align ALIGN
+.globl des_decrypt3
+	TYPE(des_decrypt3,@function)
+des_decrypt3:
+	pushl	%ebp
+	pushl	%ebx
+	pushl	%esi
+	pushl	%edi
+
+
+	/* Load the data words */
+	movl	20(%esp),	%ebx
+	movl	(%ebx),		%edi
+	movl	4(%ebx),	%esi
+
+	/* IP */
+	roll	$4,		%edi
+	movl	%edi,		%edx
+	xorl	%esi,		%edi
+	andl	$0xf0f0f0f0,	%edi
+	xorl	%edi,		%edx
+	xorl	%edi,		%esi
+
+	roll	$20,		%esi
+	movl	%esi,		%edi
+	xorl	%edx,		%esi
+	andl	$0xfff0000f,	%esi
+	xorl	%esi,		%edi
+	xorl	%esi,		%edx
+
+	roll	$14,		%edi
+	movl	%edi,		%esi
+	xorl	%edx,		%edi
+	andl	$0x33333333,	%edi
+	xorl	%edi,		%esi
+	xorl	%edi,		%edx
+
+	roll	$22,		%edx
+	movl	%edx,		%edi
+	xorl	%esi,		%edx
+	andl	$0x03fc03fc,	%edx
+	xorl	%edx,		%edi
+	xorl	%edx,		%esi
+
+	roll	$9,		%edi
+	movl	%edi,		%edx
+	xorl	%esi,		%edi
+	andl	$0xaaaaaaaa,	%edi
+	xorl	%edi,		%edx
+	xorl	%edi,		%esi
+
+	rorl	$3,		%edx
+	rorl	$2,		%esi
+	movl	%esi,		4(%ebx)
+	movl	24(%esp),	%esi
+	movl	%edx,		(%ebx)
+	movl	28(%esp),	%edi
+	movl	32(%esp),	%eax
+	pushl	$0
+	pushl	%eax
+	pushl	%ebx
+	call	des_encrypt2
+	pushl	$1
+	pushl	%edi
+	pushl	%ebx
+	call	des_encrypt2
+	pushl	$0
+	pushl	%esi
+	pushl	%ebx
+	call	des_encrypt2
+	movl	(%ebx),		%edi
+	addl	$36,		%esp
+	movl	4(%ebx),	%esi
+
+	/* FP */
+	roll	$2,		%esi
+	roll	$3,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0xaaaaaaaa,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$23,		%eax
+	movl	%eax,		%edi
+	xorl	%esi,		%eax
+	andl	$0x03fc03fc,	%eax
+	xorl	%eax,		%edi
+	xorl	%eax,		%esi
+
+	roll	$10,		%edi
+	movl	%edi,		%eax
+	xorl	%esi,		%edi
+	andl	$0x33333333,	%edi
+	xorl	%edi,		%eax
+	xorl	%edi,		%esi
+
+	roll	$18,		%esi
+	movl	%esi,		%edi
+	xorl	%eax,		%esi
+	andl	$0xfff0000f,	%esi
+	xorl	%esi,		%edi
+	xorl	%esi,		%eax
+
+	roll	$12,		%edi
+	movl	%edi,		%esi
+	xorl	%eax,		%edi
+	andl	$0xf0f0f0f0,	%edi
+	xorl	%edi,		%esi
+	xorl	%edi,		%eax
+
+	rorl	$4,		%eax
+	movl	%eax,		(%ebx)
+	movl	%esi,		4(%ebx)
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.des_decrypt3_end:
+	SIZE(des_decrypt3,.des_decrypt3_end-des_decrypt3)
+.ident	"desasm.pl"
diff --git a/crypto/libdes/asm/dx86unix.cpp b/crypto/libdes/asm/dx86unix.cpp
new file mode 100644
index 0000000..b4eb397
--- /dev/null
+++ b/crypto/libdes/asm/dx86unix.cpp
@@ -0,0 +1,39 @@
+
+#define TYPE(a,b)	.type	a,b
+#define SIZE(a,b)	.size	a,b
+
+#ifdef OUT
+#define OK		1
+#define des_SPtrans	_des_SPtrans
+#define des_encrypt	_des_encrypt
+#define des_encrypt2	_des_encrypt2
+#define des_encrypt3	_des_encrypt3
+#define ALIGN		4
+#endif
+
+#ifdef BSDI
+#define OK		1
+#define des_SPtrans	_des_SPtrans
+#define des_encrypt	_des_encrypt
+#define des_encrypt2	_des_encrypt2
+#define des_encrypt3	_des_encrypt3
+#define ALIGN		4
+#undef SIZE
+#undef TYPE
+#endif
+
+#if defined(ELF) || defined(SOL)
+#define OK		1
+#define ALIGN		16
+#endif
+
+#ifndef OK
+You need to define one of
+ELF - elf systems - linux-elf, NetBSD and DG-UX
+OUT - a.out systems - linux-a.out and FreeBSD
+SOL - solaris systems, which are elf with strange comment lines
+BSDI - a.out with a very primative version of as.
+#endif
+
+#include "dx86-cpp.s" 
+
diff --git a/crypto/libdes/asm/readme b/crypto/libdes/asm/readme
new file mode 100644
index 0000000..f8529d9
--- /dev/null
+++ b/crypto/libdes/asm/readme
@@ -0,0 +1,131 @@
+First up, let me say I don't like writing in assembler.  It is not portable,
+dependant on the particular CPU architecture release and is generally a pig
+to debug and get right.  Having said that, the x86 architecture is probably
+the most important for speed due to number of boxes and since
+it appears to be the worst architecture to to get
+good C compilers for.  So due to this, I have lowered myself to do
+assembler for the inner DES routines in libdes :-).
+
+The file to implement in assembler is des_enc.c.  Replace the following
+4 functions
+des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+
+They encrypt/decrypt the 64 bits held in 'data' using
+the 'ks' key schedules.   The only difference between the 4 functions is that
+des_encrypt2() does not perform IP() or FP() on the data (this is an
+optimization for when doing triple DES and des_encrypt3() and des_decrypt3()
+perform triple des.  The triple DES routines are in here because it does
+make a big difference to have them located near the des_encrypt2 function
+at link time..
+
+Now as we all know, there are lots of different operating systems running on
+x86 boxes, and unfortunately they normally try to make sure their assembler
+formating is not the same as the other peoples.
+The 4 main formats I know of are
+Microsoft	Windows 95/Windows NT
+Elf		Includes Linux and FreeBSD(?).
+a.out		The older Linux.
+Solaris		Same as Elf but different comments :-(.
+
+Now I was not overly keen to write 4 different copies of the same code,
+so I wrote a few perl routines to output the correct assembler, given
+a target assembler type.  This code is ugly and is just a hack.
+The libraries are x86unix.pl and x86ms.pl.
+des586.pl, des686.pl and des-som[23].pl are the programs to actually
+generate the assembler.
+
+So to generate elf assembler
+perl des-som3.pl elf >dx86-elf.s
+For Windows 95/NT
+perl des-som2.pl win32 >win32.asm
+
+[ update 4 Jan 1996 ]
+I have added another way to do things.
+perl des-som3.pl cpp >dx86-cpp.s
+generates a file that will be included by dx86unix.cpp when it is compiled.
+To build for elf, a.out, solaris, bsdi etc,
+cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
+cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o
+cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
+This was done to cut down the number of files in the distribution.
+
+Now the ugly part.  I acquired my copy of Intels
+"Optimization's For Intel's 32-Bit Processors" and found a few interesting
+things.  First, the aim of the exersize is to 'extract' one byte at a time
+from a word and do an array lookup.  This involves getting the byte from
+the 4 locations in the word and moving it to a new word and doing the lookup.
+The most obvious way to do this is
+xor	eax,	eax				# clear word
+movb	al,	cl				# get low byte
+xor	edi	DWORD PTR 0x100+des_SP[eax] 	# xor in word
+movb	al,	ch				# get next byte
+xor	edi	DWORD PTR 0x300+des_SP[eax] 	# xor in word
+shr	ecx	16
+which seems ok.  For the pentium, this system appears to be the best.
+One has to do instruction interleaving to keep both functional units
+operating, but it is basically very efficient.
+
+Now the crunch.  When a full register is used after a partial write, eg.
+mov	al,	cl
+xor	edi,	DWORD PTR 0x100+des_SP[eax]
+386	- 1 cycle stall
+486	- 1 cycle stall
+586	- 0 cycle stall
+686	- at least 7 cycle stall (page 22 of the above mentioned document).
+
+So the technique that produces the best results on a pentium, according to
+the documentation, will produce hideous results on a pentium pro.
+
+To get around this, des686.pl will generate code that is not as fast on
+a pentium, should be very good on a pentium pro.
+mov	eax,	ecx				# copy word 
+shr	ecx,	8				# line up next byte
+and	eax,	0fch				# mask byte
+xor	edi	DWORD PTR 0x100+des_SP[eax] 	# xor in array lookup
+mov	eax,	ecx				# get word
+shr	ecx	8				# line up next byte
+and	eax,	0fch				# mask byte
+xor	edi	DWORD PTR 0x300+des_SP[eax] 	# xor in array lookup
+
+Due to the execution units in the pentium, this actually works quite well.
+For a pentium pro it should be very good.  This is the type of output
+Visual C++ generates.
+
+There is a third option.  instead of using
+mov	al,	ch
+which is bad on the pentium pro, one may be able to use
+movzx	eax,	ch
+which may not incur the partial write penalty.  On the pentium,
+this instruction takes 4 cycles so is not worth using but on the
+pentium pro it appears it may be worth while.  I need access to one to
+experiment :-).
+
+eric (20 Oct 1996)
+
+22 Nov 1996 - I have asked people to run the 2 different version on pentium
+pros and it appears that the intel documentation is wrong.  The
+mov al,bh is still faster on a pentium pro, so just use the des586.pl
+install des686.pl
+
+3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these
+functions into des_enc.c because it does make a massive performance
+difference on some boxes to have the functions code located close to
+the des_encrypt2() function.
+
+9 Jan 1997 - des-som2.pl is now the correct perl script to use for
+pentiums.  It contains an inner loop from
+Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> which does raw ecb DES calls at
+273,000 per second.  He had a previous version at 250,000 and the best
+I was able to get was 203,000.  The content has not changed, this is all
+due to instruction sequencing (and actual instructions choice) which is able
+to keep both functional units of the pentium going.
+We may have lost the ugly register usage restrictions when x86 went 32 bit
+but for the pentium it has been replaced by evil instruction ordering tricks.
+
+13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.
+raw DES at 281,000 per second on a pentium 100.
+
diff --git a/crypto/libdes/asm/win32.asm b/crypto/libdes/asm/win32.asm
new file mode 100644
index 0000000..508b511
--- /dev/null
+++ b/crypto/libdes/asm/win32.asm
@@ -0,0 +1,2767 @@
+	; Don't even think of reading this code
+	; It was automatically generated by des-som2.pl
+	; Which is a perl program used to generate the x86 assember for
+	; any of elf, a.out, Win32, or Solaris
+	; It can be found in SSLeay 0.6.5+ or in libdes 3.26+
+	; eric <eay@cryptsoft.com>
+	; The inner loop instruction sequence and the IP/FP modifications
+	; are from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+	; $FreeBSD$
+
+	; 
+	TITLE	dx86xxxx.asm
+        .386
+.model FLAT
+_TEXT	SEGMENT
+PUBLIC	_des_encrypt
+EXTRN	_des_SPtrans:DWORD
+_des_encrypt PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	; 
+	; Load the 2 words
+	mov	esi,		DWORD PTR 20[esp]
+	xor	ecx,		ecx
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 28[esp]
+	mov	edi,		DWORD PTR 4[esi]
+	; 
+	; IP
+	rol	eax,		4
+	mov	esi,		eax
+	xor	eax,		edi
+	and	eax,		0f0f0f0f0h
+	xor	esi,		eax
+	xor	edi,		eax
+	; 
+	rol	edi,		20
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		0fff0000fh
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	eax,		14
+	mov	edi,		eax
+	xor	eax,		esi
+	and	eax,		033333333h
+	xor	edi,		eax
+	xor	esi,		eax
+	; 
+	rol	esi,		22
+	mov	eax,		esi
+	xor	esi,		edi
+	and	esi,		003fc03fch
+	xor	eax,		esi
+	xor	edi,		esi
+	; 
+	rol	eax,		9
+	mov	esi,		eax
+	xor	eax,		edi
+	and	eax,		0aaaaaaaah
+	xor	esi,		eax
+	xor	edi,		eax
+	; 
+	rol	edi,		1
+	cmp	ebx,		0
+	mov	ebp,		DWORD PTR 24[esp]
+	je	$L000start_decrypt
+	; 
+	; Round 0
+	mov	eax,		DWORD PTR [ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 4[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 1
+	mov	eax,		DWORD PTR 8[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 12[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 2
+	mov	eax,		DWORD PTR 16[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 20[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 3
+	mov	eax,		DWORD PTR 24[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 28[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 4
+	mov	eax,		DWORD PTR 32[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 36[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 5
+	mov	eax,		DWORD PTR 40[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 44[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 6
+	mov	eax,		DWORD PTR 48[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 52[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 7
+	mov	eax,		DWORD PTR 56[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 60[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 8
+	mov	eax,		DWORD PTR 64[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 68[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 9
+	mov	eax,		DWORD PTR 72[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 76[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 10
+	mov	eax,		DWORD PTR 80[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 84[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 11
+	mov	eax,		DWORD PTR 88[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 92[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 12
+	mov	eax,		DWORD PTR 96[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 100[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 13
+	mov	eax,		DWORD PTR 104[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 108[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 14
+	mov	eax,		DWORD PTR 112[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 116[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 15
+	mov	eax,		DWORD PTR 120[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 124[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	jmp	$L001end
+$L000start_decrypt:
+	; 
+	; Round 15
+	mov	eax,		DWORD PTR 120[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 124[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 14
+	mov	eax,		DWORD PTR 112[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 116[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 13
+	mov	eax,		DWORD PTR 104[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 108[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 12
+	mov	eax,		DWORD PTR 96[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 100[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 11
+	mov	eax,		DWORD PTR 88[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 92[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 10
+	mov	eax,		DWORD PTR 80[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 84[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 9
+	mov	eax,		DWORD PTR 72[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 76[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 8
+	mov	eax,		DWORD PTR 64[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 68[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 7
+	mov	eax,		DWORD PTR 56[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 60[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 6
+	mov	eax,		DWORD PTR 48[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 52[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 5
+	mov	eax,		DWORD PTR 40[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 44[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 4
+	mov	eax,		DWORD PTR 32[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 36[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 3
+	mov	eax,		DWORD PTR 24[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 28[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 2
+	mov	eax,		DWORD PTR 16[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 20[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 1
+	mov	eax,		DWORD PTR 8[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 12[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 0
+	mov	eax,		DWORD PTR [ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 4[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+$L001end:
+	; 
+	; FP
+	mov	edx,		DWORD PTR 20[esp]
+	ror	esi,		1
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		0aaaaaaaah
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	eax,		23
+	mov	edi,		eax
+	xor	eax,		esi
+	and	eax,		003fc03fch
+	xor	edi,		eax
+	xor	esi,		eax
+	; 
+	rol	edi,		10
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		033333333h
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	esi,		18
+	mov	edi,		esi
+	xor	esi,		eax
+	and	esi,		0fff0000fh
+	xor	edi,		esi
+	xor	eax,		esi
+	; 
+	rol	edi,		12
+	mov	esi,		edi
+	xor	edi,		eax
+	and	edi,		0f0f0f0f0h
+	xor	esi,		edi
+	xor	eax,		edi
+	; 
+	ror	eax,		4
+	mov	DWORD PTR [edx],eax
+	mov	DWORD PTR 4[edx],esi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_des_encrypt ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_des_encrypt2
+EXTRN	_des_SPtrans:DWORD
+_des_encrypt2 PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	; 
+	; Load the 2 words
+	mov	eax,		DWORD PTR 20[esp]
+	xor	ecx,		ecx
+	mov	esi,		DWORD PTR [eax]
+	mov	ebx,		DWORD PTR 28[esp]
+	rol	esi,		3
+	mov	edi,		DWORD PTR 4[eax]
+	rol	edi,		3
+	cmp	ebx,		0
+	mov	ebp,		DWORD PTR 24[esp]
+	je	$L002start_decrypt
+	; 
+	; Round 0
+	mov	eax,		DWORD PTR [ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 4[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 1
+	mov	eax,		DWORD PTR 8[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 12[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 2
+	mov	eax,		DWORD PTR 16[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 20[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 3
+	mov	eax,		DWORD PTR 24[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 28[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 4
+	mov	eax,		DWORD PTR 32[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 36[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 5
+	mov	eax,		DWORD PTR 40[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 44[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 6
+	mov	eax,		DWORD PTR 48[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 52[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 7
+	mov	eax,		DWORD PTR 56[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 60[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 8
+	mov	eax,		DWORD PTR 64[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 68[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 9
+	mov	eax,		DWORD PTR 72[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 76[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 10
+	mov	eax,		DWORD PTR 80[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 84[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 11
+	mov	eax,		DWORD PTR 88[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 92[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 12
+	mov	eax,		DWORD PTR 96[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 100[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 13
+	mov	eax,		DWORD PTR 104[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 108[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 14
+	mov	eax,		DWORD PTR 112[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 116[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 15
+	mov	eax,		DWORD PTR 120[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 124[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	jmp	$L003end
+$L002start_decrypt:
+	; 
+	; Round 15
+	mov	eax,		DWORD PTR 120[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 124[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 14
+	mov	eax,		DWORD PTR 112[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 116[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 13
+	mov	eax,		DWORD PTR 104[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 108[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 12
+	mov	eax,		DWORD PTR 96[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 100[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 11
+	mov	eax,		DWORD PTR 88[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 92[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 10
+	mov	eax,		DWORD PTR 80[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 84[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 9
+	mov	eax,		DWORD PTR 72[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 76[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 8
+	mov	eax,		DWORD PTR 64[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 68[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 7
+	mov	eax,		DWORD PTR 56[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 60[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 6
+	mov	eax,		DWORD PTR 48[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 52[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 5
+	mov	eax,		DWORD PTR 40[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 44[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 4
+	mov	eax,		DWORD PTR 32[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 36[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 3
+	mov	eax,		DWORD PTR 24[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 28[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 2
+	mov	eax,		DWORD PTR 16[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 20[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 1
+	mov	eax,		DWORD PTR 8[ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 12[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 0
+	mov	eax,		DWORD PTR [ebp]
+	xor	ebx,		ebx
+	mov	edx,		DWORD PTR 4[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	and	eax,		0fcfcfcfch
+	and	edx,		0cfcfcfcfh
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 24[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+$L003end:
+	; 
+	; Fixup
+	ror	edi,		3
+	mov	eax,		DWORD PTR 20[esp]
+	ror	esi,		3
+	mov	DWORD PTR [eax],edi
+	mov	DWORD PTR 4[eax],esi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_des_encrypt2 ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_des_encrypt3
+EXTRN	_des_SPtrans:DWORD
+_des_encrypt3 PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	; 
+	; Load the data words
+	mov	ebx,		DWORD PTR 20[esp]
+	mov	edi,		DWORD PTR [ebx]
+	mov	esi,		DWORD PTR 4[ebx]
+	; 
+	; IP
+	rol	edi,		4
+	mov	edx,		edi
+	xor	edi,		esi
+	and	edi,		0f0f0f0f0h
+	xor	edx,		edi
+	xor	esi,		edi
+	; 
+	rol	esi,		20
+	mov	edi,		esi
+	xor	esi,		edx
+	and	esi,		0fff0000fh
+	xor	edi,		esi
+	xor	edx,		esi
+	; 
+	rol	edi,		14
+	mov	esi,		edi
+	xor	edi,		edx
+	and	edi,		033333333h
+	xor	esi,		edi
+	xor	edx,		edi
+	; 
+	rol	edx,		22
+	mov	edi,		edx
+	xor	edx,		esi
+	and	edx,		003fc03fch
+	xor	edi,		edx
+	xor	esi,		edx
+	; 
+	rol	edi,		9
+	mov	edx,		edi
+	xor	edi,		esi
+	and	edi,		0aaaaaaaah
+	xor	edx,		edi
+	xor	esi,		edi
+	; 
+	ror	edx,		3
+	ror	esi,		2
+	mov	DWORD PTR 4[ebx],esi
+	mov	eax,		DWORD PTR 24[esp]
+	mov	DWORD PTR [ebx],edx
+	mov	edi,		DWORD PTR 28[esp]
+	mov	esi,		DWORD PTR 32[esp]
+	push	1
+	push	eax
+	push	ebx
+	call	_des_encrypt2
+	push	0
+	push	edi
+	push	ebx
+	call	_des_encrypt2
+	push	1
+	push	esi
+	push	ebx
+	call	_des_encrypt2
+	mov	edi,		DWORD PTR [ebx]
+	add	esp,		36
+	mov	esi,		DWORD PTR 4[ebx]
+	; 
+	; FP
+	rol	esi,		2
+	rol	edi,		3
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		0aaaaaaaah
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	eax,		23
+	mov	edi,		eax
+	xor	eax,		esi
+	and	eax,		003fc03fch
+	xor	edi,		eax
+	xor	esi,		eax
+	; 
+	rol	edi,		10
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		033333333h
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	esi,		18
+	mov	edi,		esi
+	xor	esi,		eax
+	and	esi,		0fff0000fh
+	xor	edi,		esi
+	xor	eax,		esi
+	; 
+	rol	edi,		12
+	mov	esi,		edi
+	xor	edi,		eax
+	and	edi,		0f0f0f0f0h
+	xor	esi,		edi
+	xor	eax,		edi
+	; 
+	ror	eax,		4
+	mov	DWORD PTR [ebx],eax
+	mov	DWORD PTR 4[ebx],esi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_des_encrypt3 ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_des_decrypt3
+EXTRN	_des_SPtrans:DWORD
+_des_decrypt3 PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	; 
+	; Load the data words
+	mov	ebx,		DWORD PTR 20[esp]
+	mov	edi,		DWORD PTR [ebx]
+	mov	esi,		DWORD PTR 4[ebx]
+	; 
+	; IP
+	rol	edi,		4
+	mov	edx,		edi
+	xor	edi,		esi
+	and	edi,		0f0f0f0f0h
+	xor	edx,		edi
+	xor	esi,		edi
+	; 
+	rol	esi,		20
+	mov	edi,		esi
+	xor	esi,		edx
+	and	esi,		0fff0000fh
+	xor	edi,		esi
+	xor	edx,		esi
+	; 
+	rol	edi,		14
+	mov	esi,		edi
+	xor	edi,		edx
+	and	edi,		033333333h
+	xor	esi,		edi
+	xor	edx,		edi
+	; 
+	rol	edx,		22
+	mov	edi,		edx
+	xor	edx,		esi
+	and	edx,		003fc03fch
+	xor	edi,		edx
+	xor	esi,		edx
+	; 
+	rol	edi,		9
+	mov	edx,		edi
+	xor	edi,		esi
+	and	edi,		0aaaaaaaah
+	xor	edx,		edi
+	xor	esi,		edi
+	; 
+	ror	edx,		3
+	ror	esi,		2
+	mov	DWORD PTR 4[ebx],esi
+	mov	esi,		DWORD PTR 24[esp]
+	mov	DWORD PTR [ebx],edx
+	mov	edi,		DWORD PTR 28[esp]
+	mov	eax,		DWORD PTR 32[esp]
+	push	0
+	push	eax
+	push	ebx
+	call	_des_encrypt2
+	push	1
+	push	edi
+	push	ebx
+	call	_des_encrypt2
+	push	0
+	push	esi
+	push	ebx
+	call	_des_encrypt2
+	mov	edi,		DWORD PTR [ebx]
+	add	esp,		36
+	mov	esi,		DWORD PTR 4[ebx]
+	; 
+	; FP
+	rol	esi,		2
+	rol	edi,		3
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		0aaaaaaaah
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	eax,		23
+	mov	edi,		eax
+	xor	eax,		esi
+	and	eax,		003fc03fch
+	xor	edi,		eax
+	xor	esi,		eax
+	; 
+	rol	edi,		10
+	mov	eax,		edi
+	xor	edi,		esi
+	and	edi,		033333333h
+	xor	eax,		edi
+	xor	esi,		edi
+	; 
+	rol	esi,		18
+	mov	edi,		esi
+	xor	esi,		eax
+	and	esi,		0fff0000fh
+	xor	edi,		esi
+	xor	eax,		esi
+	; 
+	rol	edi,		12
+	mov	esi,		edi
+	xor	edi,		eax
+	and	edi,		0f0f0f0f0h
+	xor	esi,		edi
+	xor	eax,		edi
+	; 
+	ror	eax,		4
+	mov	DWORD PTR [ebx],eax
+	mov	DWORD PTR 4[ebx],esi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_des_decrypt3 ENDP
+_TEXT	ENDS
+END
diff --git a/crypto/libdes/asm/win32.uu b/crypto/libdes/asm/win32.uu
new file mode 100644
index 0000000..b8fc770
--- /dev/null
+++ b/crypto/libdes/asm/win32.uu
@@ -0,0 +1,319 @@
+begin 644 win32.obj
+M3`$"`&*'V3)`-@``#``````````N=&5X=```````````````W"$``&0```!`
+M(@`````````"```@`#!@+F1A=&$```#<(0````````````!`-@``````````
+M````````0``PP%535E>+="04,\F+!HM<)!R+?@3!P`2+\#/')?#P\/`S\#/X
+MP<<4B\<S_H'G#P#P_S/',_?!P`Z+^#/&)3,S,S,S^#/PP<86B\8S]X'F_`/\
+M`S/&,_[!P`F+\#/'):JJJJHS\#/XT<>#^P"+;"08#X2U!P``BT4`,]N+500S
+MQC/6)?S\_/R!XL_/S\^*V(K,P<H$BZL`````BMHS_8NI``(``#/]BL[!Z!"+
+MJP`!```S_8K<P>H0BZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[
+MBYD`!P``,_N+F``$```S^XN:``4``#/[BT4(,]N+50PSQS/7)?S\_/R!XL_/
+MS\^*V(K,P<H$BZL`````BMHS]8NI``(``#/UBL[!Z!"+JP`!```S]8K<P>H0
+MBZD``P``,_6+;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$
+M```S\XN:``4``#/SBT40,]N+510SQC/6)?S\_/R!XL_/S\^*V(K,P<H$BZL`
+M````BMHS_8NI``(``#/]BL[!Z!"+JP`!```S_8K<P>H0BZD``P``,_V+;"08
+MBLXE_P```('B_P```(N;``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[
+MBT48,]N+51PSQS/7)?S\_/R!XL_/S\^*V(K,P<H$BZL`````BMHS]8NI``(`
+M`#/UBL[!Z!"+JP`!```S]8K<P>H0BZD``P``,_6+;"08BLXE_P```('B_P``
+M`(N;``8``#/SBYD`!P``,_.+F``$```S\XN:``4``#/SBT4@,]N+520SQC/6
+M)?S\_/R!XL_/S\^*V(K,P<H$BZL`````BMHS_8NI``(``#/]BL[!Z!"+JP`!
+M```S_8K<P>H0BZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`
+M!P``,_N+F``$```S^XN:``4``#/[BT4H,]N+52PSQS/7)?S\_/R!XL_/S\^*
+MV(K,P<H$BZL`````BMHS]8NI``(``#/UBL[!Z!"+JP`!```S]8K<P>H0BZD`
+M`P``,_6+;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S
+M\XN:``4``#/SBT4P,]N+530SQC/6)?S\_/R!XL_/S\^*V(K,P<H$BZL`````
+MBMHS_8NI``(``#/]BL[!Z!"+JP`!```S_8K<P>H0BZD``P``,_V+;"08BLXE
+M_P```('B_P```(N;``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[BT4X
+M,]N+53PSQS/7)?S\_/R!XL_/S\^*V(K,P<H$BZL`````BMHS]8NI``(``#/U
+MBL[!Z!"+JP`!```S]8K<P>H0BZD``P``,_6+;"08BLXE_P```('B_P```(N;
+M``8``#/SBYD`!P``,_.+F``$```S\XN:``4``#/SBT5`,]N+540SQC/6)?S\
+M_/R!XL_/S\^*V(K,P<H$BZL`````BMHS_8NI``(``#/]BL[!Z!"+JP`!```S
+M_8K<P>H0BZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`!P``
+M,_N+F``$```S^XN:``4``#/[BT5(,]N+54PSQS/7)?S\_/R!XL_/S\^*V(K,
+MP<H$BZL`````BMHS]8NI``(``#/UBL[!Z!"+JP`!```S]8K<P>H0BZD``P``
+M,_6+;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S\XN:
+M``4``#/SBT50,]N+550SQC/6)?S\_/R!XL_/S\^*V(K,P<H$BZL`````BMHS
+M_8NI``(``#/]BL[!Z!"+JP`!```S_8K<P>H0BZD``P``,_V+;"08BLXE_P``
+M`('B_P```(N;``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[BT58,]N+
+M55PSQS/7)?S\_/R!XL_/S\^*V(K,P<H$BZL`````BMHS]8NI``(``#/UBL[!
+MZ!"+JP`!```S]8K<P>H0BZD``P``,_6+;"08BLXE_P```('B_P```(N;``8`
+M`#/SBYD`!P``,_.+F``$```S\XN:``4``#/SBT5@,]N+560SQC/6)?S\_/R!
+MXL_/S\^*V(K,P<H$BZL`````BMHS_8NI``(``#/]BL[!Z!"+JP`!```S_8K<
+MP>H0BZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`!P``,_N+
+MF``$```S^XN:``4``#/[BT5H,]N+56PSQS/7)?S\_/R!XL_/S\^*V(K,P<H$
+MBZL`````BMHS]8NI``(``#/UBL[!Z!"+JP`!```S]8K<P>H0BZD``P``,_6+
+M;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S\XN:``4`
+M`#/SBT5P,]N+570SQC/6)?S\_/R!XL_/S\^*V(K,P<H$BZL`````BMHS_8NI
+M``(``#/]BL[!Z!"+JP`!```S_8K<P>H0BZD``P``,_V+;"08BLXE_P```('B
+M_P```(N;``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[BT5X,]N+57PS
+MQS/7)?S\_/R!XL_/S\^*V(K,P<H$BZL`````BMHS]8NI``(``#/UBL[!Z!"+
+MJP`!```S]8K<P>H0BZD``P``,_6+;"08BLXE_P```('B_P```(N;``8``#/S
+MBYD`!P``,_.+F``$```S\XN:``4``#/SZ;`'``"+17@SVXM5?#/&,]8E_/S\
+M_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]
+MBMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S
+M^XN8``0``#/[BYH`!0``,_N+17`SVXM5=#/',]<E_/S\_('BS\_/SXK8BLS!
+MR@2+JP````"*VC/UBZD``@``,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#```S
+M]8ML)!B*SB7_````@>+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`
+M!0``,_.+16@SVXM5;#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]
+MBZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````
+M@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+16`SVXM5
+M9#/',]<E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/UBZD``@``,_6*SL'H
+M$(NK``$``#/UBMS!ZA"+J0`#```S]8ML)!B*SB7_````@>+_````BYL`!@``
+M,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+15@SVXM57#/&,]8E_/S\_('B
+MS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!
+MZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8
+M``0``#/[BYH`!0``,_N+15`SVXM55#/',]<E_/S\_('BS\_/SXK8BLS!R@2+
+MJP````"*VC/UBZD``@``,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#```S]8ML
+M)!B*SB7_````@>+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``
+M,_.+14@SVXM53#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD`
+M`@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_
+M````BYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+14`SVXM51#/'
+M,]<E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/UBZD``@``,_6*SL'H$(NK
+M``$``#/UBMS!ZA"+J0`#```S]8ML)!B*SB7_````@>+_````BYL`!@``,_.+
+MF0`'```S\XN8``0``#/SBYH`!0``,_.+13@SVXM5/#/&,]8E_/S\_('BS\_/
+MSXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+
+MJ0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0`
+M`#/[BYH`!0``,_N+13`SVXM5-#/',]<E_/S\_('BS\_/SXK8BLS!R@2+JP``
+M``"*VC/UBZD``@``,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#```S]8ML)!B*
+MSB7_````@>+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+
+M12@SVXM5+#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``
+M,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````
+MBYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+12`SVXM5)#/',]<E
+M_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/UBZD``@``,_6*SL'H$(NK``$`
+M`#/UBMS!ZA"+J0`#```S]8ML)!B*SB7_````@>+_````BYL`!@``,_.+F0`'
+M```S\XN8``0``#/SBYH`!0``,_.+11@SVXM5'#/&,]8E_/S\_('BS\_/SXK8
+MBLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#
+M```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[
+MBYH`!0``,_N+11`SVXM5%#/',]<E_/S\_('BS\_/SXK8BLS!R@2+JP````"*
+MVC/UBZD``@``,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#```S]8ML)!B*SB7_
+M````@>+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+10@S
+MVXM5##/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*
+MSL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`
+M!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+10`SVXM5!#/',]<E_/S\
+M_('BS\_/SXK8BLS!R@2+JP````"*VC/UBZD``@``,_6*SL'H$(NK``$``#/U
+MBMS!ZA"+J0`#```S]8ML)!B*SB7_````@>+_````BYL`!@``,_.+F0`'```S
+M\XN8``0``#/SBYH`!0``,_.+5"04T<Z+QS/^@>>JJJJJ,\<S]\'`%XOX,\8E
+M_`/\`S/X,_#!QPJ+QS/^@><S,S,S,\<S]\'&$HO^,_"!Y@\`\/\S_C/&P<<,
+MB_<S^('G\/#P\#/W,\?!R`2)`HER!%]>6UW#55-65XM$)!0SR8LPBUPD','&
+M`XMX!,''`X/[`(ML)!@/A+4'``"+10`SVXM5!#/&,]8E_/S\_('BS\_/SXK8
+MBLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#
+M```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[
+MBYH`!0``,_N+10@SVXM5##/',]<E_/S\_('BS\_/SXK8BLS!R@2+JP````"*
+MVC/UBZD``@``,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#```S]8ML)!B*SB7_
+M````@>+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+11`S
+MVXM5%#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*
+MSL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`
+M!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+11@SVXM5'#/',]<E_/S\
+M_('BS\_/SXK8BLS!R@2+JP````"*VC/UBZD``@``,_6*SL'H$(NK``$``#/U
+MBMS!ZA"+J0`#```S]8ML)!B*SB7_````@>+_````BYL`!@``,_.+F0`'```S
+M\XN8``0``#/SBYH`!0``,_.+12`SVXM5)#/&,]8E_/S\_('BS\_/SXK8BLS!
+MR@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S
+M_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`
+M!0``,_N+12@SVXM5+#/',]<E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/U
+MBZD``@``,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#```S]8ML)!B*SB7_````
+M@>+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+13`SVXM5
+M-#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H
+M$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``
+M,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+13@SVXM5/#/',]<E_/S\_('B
+MS\_/SXK8BLS!R@2+JP````"*VC/UBZD``@``,_6*SL'H$(NK``$``#/UBMS!
+MZA"+J0`#```S]8ML)!B*SB7_````@>+_````BYL`!@``,_.+F0`'```S\XN8
+M``0``#/SBYH`!0``,_.+14`SVXM51#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+
+MJP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML
+M)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``
+M,_N+14@SVXM53#/',]<E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/UBZD`
+M`@``,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#```S]8ML)!B*SB7_````@>+_
+M````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+15`SVXM55#/&
+M,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK
+M``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+
+MF0`'```S^XN8``0``#/[BYH`!0``,_N+15@SVXM57#/',]<E_/S\_('BS\_/
+MSXK8BLS!R@2+JP````"*VC/UBZD``@``,_6*SL'H$(NK``$``#/UBMS!ZA"+
+MJ0`#```S]8ML)!B*SB7_````@>+_````BYL`!@``,_.+F0`'```S\XN8``0`
+M`#/SBYH`!0``,_.+16`SVXM59#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP``
+M``"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*
+MSB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+
+M16@SVXM5;#/',]<E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/UBZD``@``
+M,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#```S]8ML)!B*SB7_````@>+_````
+MBYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+17`SVXM5=#/&,]8E
+M_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$`
+M`#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'
+M```S^XN8``0``#/[BYH`!0``,_N+17@SVXM5?#/',]<E_/S\_('BS\_/SXK8
+MBLS!R@2+JP````"*VC/UBZD``@``,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#
+M```S]8ML)!B*SB7_````@>+_````BYL`!@``,_.+F0`'```S\XN8``0``#/S
+MBYH`!0``,_/IL`<``(M%>#/;BU5\,\8SUB7\_/S\@>+/S\_/BMB*S,'*!(NK
+M`````(K:,_V+J0`"```S_8K.P>@0BZL``0``,_V*W,'J$(NI``,``#/]BVPD
+M&(K.)?\```"!XO\```"+FP`&```S^XN9``<``#/[BY@`!```,_N+F@`%```S
+M^XM%<#/;BU5T,\<SUR7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_6+J0`"
+M```S]8K.P>@0BZL``0``,_6*W,'J$(NI``,``#/UBVPD&(K.)?\```"!XO\`
+M``"+FP`&```S\XN9``<``#/SBY@`!```,_.+F@`%```S\XM%:#/;BU5L,\8S
+MUB7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_V+J0`"```S_8K.P>@0BZL`
+M`0``,_V*W,'J$(NI``,``#/]BVPD&(K.)?\```"!XO\```"+FP`&```S^XN9
+M``<``#/[BY@`!```,_N+F@`%```S^XM%8#/;BU5D,\<SUR7\_/S\@>+/S\_/
+MBMB*S,'*!(NK`````(K:,_6+J0`"```S]8K.P>@0BZL``0``,_6*W,'J$(NI
+M``,``#/UBVPD&(K.)?\```"!XO\```"+FP`&```S\XN9``<``#/SBY@`!```
+M,_.+F@`%```S\XM%6#/;BU5<,\8SUB7\_/S\@>+/S\_/BMB*S,'*!(NK````
+M`(K:,_V+J0`"```S_8K.P>@0BZL``0``,_V*W,'J$(NI``,``#/]BVPD&(K.
+M)?\```"!XO\```"+FP`&```S^XN9``<``#/[BY@`!```,_N+F@`%```S^XM%
+M4#/;BU54,\<SUR7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_6+J0`"```S
+M]8K.P>@0BZL``0``,_6*W,'J$(NI``,``#/UBVPD&(K.)?\```"!XO\```"+
+MFP`&```S\XN9``<``#/SBY@`!```,_.+F@`%```S\XM%2#/;BU5,,\8SUB7\
+M_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_V+J0`"```S_8K.P>@0BZL``0``
+M,_V*W,'J$(NI``,``#/]BVPD&(K.)?\```"!XO\```"+FP`&```S^XN9``<`
+M`#/[BY@`!```,_N+F@`%```S^XM%0#/;BU5$,\<SUR7\_/S\@>+/S\_/BMB*
+MS,'*!(NK`````(K:,_6+J0`"```S]8K.P>@0BZL``0``,_6*W,'J$(NI``,`
+M`#/UBVPD&(K.)?\```"!XO\```"+FP`&```S\XN9``<``#/SBY@`!```,_.+
+MF@`%```S\XM%.#/;BU4\,\8SUB7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:
+M,_V+J0`"```S_8K.P>@0BZL``0``,_V*W,'J$(NI``,``#/]BVPD&(K.)?\`
+M``"!XO\```"+FP`&```S^XN9``<``#/[BY@`!```,_N+F@`%```S^XM%,#/;
+MBU4T,\<SUR7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_6+J0`"```S]8K.
+MP>@0BZL``0``,_6*W,'J$(NI``,``#/UBVPD&(K.)?\```"!XO\```"+FP`&
+M```S\XN9``<``#/SBY@`!```,_.+F@`%```S\XM%*#/;BU4L,\8SUB7\_/S\
+M@>+/S\_/BMB*S,'*!(NK`````(K:,_V+J0`"```S_8K.P>@0BZL``0``,_V*
+MW,'J$(NI``,``#/]BVPD&(K.)?\```"!XO\```"+FP`&```S^XN9``<``#/[
+MBY@`!```,_N+F@`%```S^XM%(#/;BU4D,\<SUR7\_/S\@>+/S\_/BMB*S,'*
+M!(NK`````(K:,_6+J0`"```S]8K.P>@0BZL``0``,_6*W,'J$(NI``,``#/U
+MBVPD&(K.)?\```"!XO\```"+FP`&```S\XN9``<``#/SBY@`!```,_.+F@`%
+M```S\XM%&#/;BU4<,\8SUB7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_V+
+MJ0`"```S_8K.P>@0BZL``0``,_V*W,'J$(NI``,``#/]BVPD&(K.)?\```"!
+MXO\```"+FP`&```S^XN9``<``#/[BY@`!```,_N+F@`%```S^XM%$#/;BU44
+M,\<SUR7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_6+J0`"```S]8K.P>@0
+MBZL``0``,_6*W,'J$(NI``,``#/UBVPD&(K.)?\```"!XO\```"+FP`&```S
+M\XN9``<``#/SBY@`!```,_.+F@`%```S\XM%"#/;BU4,,\8SUB7\_/S\@>+/
+MS\_/BMB*S,'*!(NK`````(K:,_V+J0`"```S_8K.P>@0BZL``0``,_V*W,'J
+M$(NI``,``#/]BVPD&(K.)?\```"!XO\```"+FP`&```S^XN9``<``#/[BY@`
+M!```,_N+F@`%```S^XM%`#/;BU4$,\<SUR7\_/S\@>+/S\_/BMB*S,'*!(NK
+M`````(K:,_6+J0`"```S]8K.P>@0BZL``0``,_6*W,'J$(NI``,``#/UBVPD
+M&(K.)?\```"!XO\```"+FP`&```S\XN9``<``#/SBY@`!```,_.+F@`%```S
+M\\'/`XM$)!3!S@.).(EP!%]>6UW#55-65XM<)!2+.XMS!,''!(O7,_Z!Y_#P
+M\/`SUS/WP<84B_XS\H'F#P#P_S/^,];!QPZ+]S/Z@><S,S,S,_<SU\'"%HOZ
+M,]:!XOP#_`,S^C/RP<<)B]<S_H'GJJJJJC/7,_?!R@/!S@*)<P2+1"08B1.+
+M?"0<BW0D(&H!4%/HW^___VH`5U/HUN___VH!5E/HS>___XL[@\0DBW,$P<8"
+MP<<#B\<S_H'GJJJJJC/',_?!P!>+^#/&)?P#_`,S^#/PP<<*B\<S_H'G,S,S
+M,S/',_?!QA*+_C/P@>8/`/#_,_XSQL''#(OW,_B!Y_#P\/`S]S/'P<@$B0.)
+M<P1?7EM=PU535E>+7"04BSN+<P3!QP2+US/^@>?P\/#P,]<S]\'&%(O^,_*!
+MY@\`\/\S_C/6P<<.B_<S^H'G,S,S,S/W,]?!PA:+^C/6@>+\`_P#,_HS\L''
+M"8O7,_Z!YZJJJJHSUS/WP<H#P<X"B7,$BW0D&(D3BWPD'(M$)"!J`%!3Z-_N
+M__]J`5=3Z-;N__]J`%93Z,WN__^+.X/$)(MS!,'&`L''`XO',_Z!YZJJJJHS
+MQS/WP<`7B_@SQB7\`_P#,_@S\,''"HO',_Z!YS,S,S,SQS/WP<82B_XS\('F
+M#P#P_S/^,\;!QPR+]S/X@>?P\/#P,_<SQ\'(!(D#B7,$7UY;7<.4````!P``
+M``8`G@````<````&`*L````'````!@"X````!P````8`T0````<````&`-D`
+M```'````!@#A````!P````8`Z0````<````&``\!```'````!@`9`0``!P``
+M``8`)@$```<````&`#,!```'````!@!,`0``!P````8`5`$```<````&`%P!
+M```'````!@!D`0``!P````8`B@$```<````&`)0!```'````!@"A`0``!P``
+M``8`K@$```<````&`,<!```'````!@#/`0``!P````8`UP$```<````&`-\!
+M```'````!@`%`@``!P````8`#P(```<````&`!P"```'````!@`I`@``!P``
+M``8`0@(```<````&`$H"```'````!@!2`@``!P````8`6@(```<````&`(`"
+M```'````!@"*`@``!P````8`EP(```<````&`*0"```'````!@"]`@``!P``
+M``8`Q0(```<````&`,T"```'````!@#5`@``!P````8`^P(```<````&``4#
+M```'````!@`2`P``!P````8`'P,```<````&`#@#```'````!@!``P``!P``
+M``8`2`,```<````&`%`#```'````!@!V`P``!P````8`@`,```<````&`(T#
+M```'````!@":`P``!P````8`LP,```<````&`+L#```'````!@##`P``!P``
+M``8`RP,```<````&`/$#```'````!@#[`P``!P````8`"`0```<````&`!4$
+M```'````!@`N!```!P````8`-@0```<````&`#X$```'````!@!&!```!P``
+M``8`;`0```<````&`'8$```'````!@"#!```!P````8`D`0```<````&`*D$
+M```'````!@"Q!```!P````8`N00```<````&`,$$```'````!@#G!```!P``
+M``8`\00```<````&`/X$```'````!@`+!0``!P````8`)`4```<````&`"P%
+M```'````!@`T!0``!P````8`/`4```<````&`&(%```'````!@!L!0``!P``
+M``8`>04```<````&`(8%```'````!@"?!0``!P````8`IP4```<````&`*\%
+M```'````!@"W!0``!P````8`W04```<````&`.<%```'````!@#T!0``!P``
+M``8``08```<````&`!H&```'````!@`B!@``!P````8`*@8```<````&`#(&
+M```'````!@!8!@``!P````8`8@8```<````&`&\&```'````!@!\!@``!P``
+M``8`E08```<````&`)T&```'````!@"E!@``!P````8`K08```<````&`-,&
+M```'````!@#=!@``!P````8`Z@8```<````&`/<&```'````!@`0!P``!P``
+M``8`&`<```<````&`"`'```'````!@`H!P``!P````8`3@<```<````&`%@'
+M```'````!@!E!P``!P````8`<@<```<````&`(L'```'````!@"3!P``!P``
+M``8`FP<```<````&`*,'```'````!@#)!P``!P````8`TP<```<````&`.`'
+M```'````!@#M!P``!P````8`!@@```<````&``X(```'````!@`6"```!P``
+M``8`'@@```<````&`$D(```'````!@!3"```!P````8`8`@```<````&`&T(
+M```'````!@"&"```!P````8`C@@```<````&`)8(```'````!@">"```!P``
+M``8`Q`@```<````&`,X(```'````!@#;"```!P````8`Z`@```<````&``$)
+M```'````!@`)"0``!P````8`$0D```<````&`!D)```'````!@`_"0``!P``
+M``8`20D```<````&`%8)```'````!@!C"0``!P````8`?`D```<````&`(0)
+M```'````!@","0``!P````8`E`D```<````&`+H)```'````!@#$"0``!P``
+M``8`T0D```<````&`-X)```'````!@#W"0``!P````8`_PD```<````&``<*
+M```'````!@`/"@``!P````8`-0H```<````&`#\*```'````!@!,"@``!P``
+M``8`60H```<````&`'(*```'````!@!Z"@``!P````8`@@H```<````&`(H*
+M```'````!@"P"@``!P````8`N@H```<````&`,<*```'````!@#4"@``!P``
+M``8`[0H```<````&`/4*```'````!@#]"@``!P````8`!0L```<````&`"L+
+M```'````!@`U"P``!P````8`0@L```<````&`$\+```'````!@!H"P``!P``
+M``8`<`L```<````&`'@+```'````!@"`"P``!P````8`I@L```<````&`+`+
+M```'````!@"]"P``!P````8`R@L```<````&`.,+```'````!@#K"P``!P``
+M``8`\PL```<````&`/L+```'````!@`A#```!P````8`*PP```<````&`#@,
+M```'````!@!%#```!P````8`7@P```<````&`&8,```'````!@!N#```!P``
+M``8`=@P```<````&`)P,```'````!@"F#```!P````8`LPP```<````&`,`,
+M```'````!@#9#```!P````8`X0P```<````&`.D,```'````!@#Q#```!P``
+M``8`%PT```<````&`"$-```'````!@`N#0``!P````8`.PT```<````&`%0-
+M```'````!@!<#0``!P````8`9`T```<````&`&P-```'````!@"2#0``!P``
+M``8`G`T```<````&`*D-```'````!@"V#0``!P````8`SPT```<````&`-<-
+M```'````!@#?#0``!P````8`YPT```<````&``T.```'````!@`7#@``!P``
+M``8`)`X```<````&`#$.```'````!@!*#@``!P````8`4@X```<````&`%H.
+M```'````!@!B#@``!P````8`B`X```<````&`)(.```'````!@"?#@``!P``
+M``8`K`X```<````&`,4.```'````!@#-#@``!P````8`U0X```<````&`-T.
+M```'````!@`##P``!P````8`#0\```<````&`!H/```'````!@`G#P``!P``
+M``8`0`\```<````&`$@/```'````!@!0#P``!P````8`6`\```<````&`'X/
+M```'````!@"(#P``!P````8`E0\```<````&`*(/```'````!@"[#P``!P``
+M``8`PP\```<````&`,L/```'````!@#3#P``!P````8`@Q````<````&`(T0
+M```'````!@":$```!P````8`IQ````<````&`,`0```'````!@#($```!P``
+M``8`T!````<````&`-@0```'````!@#^$```!P````8`"!$```<````&`!41
+M```'````!@`B$0``!P````8`.Q$```<````&`$,1```'````!@!+$0``!P``
+M``8`4Q$```<````&`'D1```'````!@"#$0``!P````8`D!$```<````&`)T1
+M```'````!@"V$0``!P````8`OA$```<````&`,81```'````!@#.$0``!P``
+M``8`]!$```<````&`/X1```'````!@`+$@``!P````8`&!(```<````&`#$2
+M```'````!@`Y$@``!P````8`01(```<````&`$D2```'````!@!O$@``!P``
+M``8`>1(```<````&`(82```'````!@"3$@``!P````8`K!(```<````&`+02
+M```'````!@"\$@``!P````8`Q!(```<````&`.H2```'````!@#T$@``!P``
+M``8``1,```<````&``X3```'````!@`G$P``!P````8`+Q,```<````&`#<3
+M```'````!@`_$P``!P````8`91,```<````&`&\3```'````!@!\$P``!P``
+M``8`B1,```<````&`*(3```'````!@"J$P``!P````8`LA,```<````&`+H3
+M```'````!@#@$P``!P````8`ZA,```<````&`/<3```'````!@`$%```!P``
+M``8`'10```<````&`"44```'````!@`M%```!P````8`-10```<````&`%L4
+M```'````!@!E%```!P````8`<A0```<````&`'\4```'````!@"8%```!P``
+M``8`H!0```<````&`*@4```'````!@"P%```!P````8`UA0```<````&`.`4
+M```'````!@#M%```!P````8`^A0```<````&`!,5```'````!@`;%0``!P``
+M``8`(Q4```<````&`"L5```'````!@!1%0``!P````8`6Q4```<````&`&@5
+M```'````!@!U%0``!P````8`CA4```<````&`)85```'````!@">%0``!P``
+M``8`IA4```<````&`,P5```'````!@#6%0``!P````8`XQ4```<````&`/`5
+M```'````!@`)%@``!P````8`$18```<````&`!D6```'````!@`A%@``!P``
+M``8`1Q8```<````&`%$6```'````!@!>%@``!P````8`:Q8```<````&`(06
+M```'````!@",%@``!P````8`E!8```<````&`)P6```'````!@#"%@``!P``
+M``8`S!8```<````&`-D6```'````!@#F%@``!P````8`_Q8```<````&``<7
+M```'````!@`/%P``!P````8`%Q<```<````&`#T7```'````!@!'%P``!P``
+M``8`5!<```<````&`&$7```'````!@!Z%P``!P````8`@A<```<````&`(H7
+M```'````!@"2%P``!P````8`N!<```<````&`,(7```'````!@#/%P``!P``
+M``8`W!<```<````&`/47```'````!@#]%P``!P````8`!1@```<````&``T8
+M```'````!@`X&```!P````8`0A@```<````&`$\8```'````!@!<&```!P``
+M``8`=1@```<````&`'T8```'````!@"%&```!P````8`C1@```<````&`+,8
+M```'````!@"]&```!P````8`RA@```<````&`-<8```'````!@#P&```!P``
+M``8`^!@```<````&```9```'````!@`(&0``!P````8`+AD```<````&`#@9
+M```'````!@!%&0``!P````8`4AD```<````&`&L9```'````!@!S&0``!P``
+M``8`>QD```<````&`(,9```'````!@"I&0``!P````8`LQD```<````&`,`9
+M```'````!@#-&0``!P````8`YAD```<````&`.X9```'````!@#V&0``!P``
+M``8`_AD```<````&`"0:```'````!@`N&@``!P````8`.QH```<````&`$@:
+M```'````!@!A&@``!P````8`:1H```<````&`'$:```'````!@!Y&@``!P``
+M``8`GQH```<````&`*D:```'````!@"V&@``!P````8`PQH```<````&`-P:
+M```'````!@#D&@``!P````8`[!H```<````&`/0:```'````!@`:&P``!P``
+M``8`)!L```<````&`#$;```'````!@`^&P``!P````8`5QL```<````&`%\;
+M```'````!@!G&P``!P````8`;QL```<````&`)4;```'````!@"?&P``!P``
+M``8`K!L```<````&`+D;```'````!@#2&P``!P````8`VAL```<````&`.(;
+M```'````!@#J&P``!P````8`$!P```<````&`!H<```'````!@`G'```!P``
+M``8`-!P```<````&`$T<```'````!@!5'```!P````8`71P```<````&`&4<
+M```'````!@"+'```!P````8`E1P```<````&`*(<```'````!@"O'```!P``
+M``8`R!P```<````&`-`<```'````!@#8'```!P````8`X!P```<````&``8=
+M```'````!@`0'0``!P````8`'1T```<````&`"H=```'````!@!#'0``!P``
+M``8`2QT```<````&`%,=```'````!@!;'0``!P````8`@1T```<````&`(L=
+M```'````!@"8'0``!P````8`I1T```<````&`+X=```'````!@#&'0``!P``
+M``8`SAT```<````&`-8=```'````!@#\'0``!P````8`!AX```<````&`!,>
+M```'````!@`@'@``!P````8`.1X```<````&`$$>```'````!@!)'@``!P``
+M``8`41X```<````&`'<>```'````!@"!'@``!P````8`CAX```<````&`)L>
+M```'````!@"T'@``!P````8`O!X```<````&`,0>```'````!@#,'@``!P``
+M``8`\AX```<````&`/P>```'````!@`)'P``!P````8`%A\```<````&`"\?
+M```'````!@`W'P``!P````8`/Q\```<````&`$<?```'````!@!M'P``!P``
+M``8`=Q\```<````&`(0?```'````!@"1'P``!P````8`JA\```<````&`+(?
+M```'````!@"Z'P``!P````8`PA\```<````&`"YF:6QE`````````/[_``!G
+M`BY<8W)Y<'1O7&1E<UQA<VU<=VEN,S(N87-M`````````````"YT97AT````
+M``````$````#`=PA`````@```````````````"YD871A``````````(````#
+M`0`````````````````````````````$```````````````"```````1````
+M``````$`(``"```````>````/1````$`(``"```````L````W!\```$`(``"
+M```````Z````W"````$`(``"`$@```!?9&5S7U-0=')A;G,`7V1E<U]E;F-R
+M>7!T`%]D97-?96YC<GEP=#(`7V1E<U]E;F-R>7!T,P!?9&5S7V1E8W)Y<'0S
+!````
+`
+end
diff --git a/crypto/libdes/asm/x86ms.pl b/crypto/libdes/asm/x86ms.pl
new file mode 100644
index 0000000..18b1186
--- /dev/null
+++ b/crypto/libdes/asm/x86ms.pl
@@ -0,0 +1,223 @@
+#!/usr/local/bin/perl
+
+package x86ms;
+
+$label="L000";
+
+%lb=(	'eax',	'al',
+	'ebx',	'bl',
+	'ecx',	'cl',
+	'edx',	'dl',
+	'ax',	'al',
+	'bx',	'bl',
+	'cx',	'cl',
+	'dx',	'dl',
+	);
+
+%hb=(	'eax',	'ah',
+	'ebx',	'bh',
+	'ecx',	'ch',
+	'edx',	'dh',
+	'ax',	'ah',
+	'bx',	'bh',
+	'cx',	'ch',
+	'dx',	'dh',
+	);
+
+sub main'LB
+	{
+	(defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+	return($lb{$_[0]});
+	}
+
+sub main'HB
+	{
+	(defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+	return($hb{$_[0]});
+	}
+
+sub main'DWP
+	{
+	local($addr,$reg1,$reg2,$idx)=@_;
+	local($t);
+	local($ret)="DWORD PTR ";
+
+	$addr =~ s/^\s+//;
+	if ($addr =~ /^(.+)\+(.+)$/)
+		{
+		$reg2=&conv($1);
+		$addr="_$2";
+		}
+	elsif ($addr =~ /^[_a-zA-Z]/)
+		{
+		$addr="_$addr";
+		}
+
+	$reg1="$regs{$reg1}" if defined($regs{$reg1});
+	$reg2="$regs{$reg2}" if defined($regs{$reg2});
+	$ret.=$addr if ($addr ne "") && ($addr ne 0);
+	if ($reg2 ne "")
+		{
+		$t="";
+		$t="*$idx" if ($idx != 0);
+		$ret.="[$reg2$t+$reg1]";
+		}
+	else
+		{
+		$ret.="[$reg1]"
+		}
+	return($ret);
+	}
+
+sub main'mov	{ &out2("mov",@_); }
+sub main'movb	{ &out2("mov",@_); }
+sub main'and	{ &out2("and",@_); }
+sub main'or	{ &out2("or",@_); }
+sub main'shl	{ &out2("shl",@_); }
+sub main'shr	{ &out2("shr",@_); }
+sub main'xor	{ &out2("xor",@_); }
+sub main'add	{ &out2("add",@_); }
+sub main'sub	{ &out2("sub",@_); }
+sub main'rotl	{ &out2("rol",@_); }
+sub main'rotr	{ &out2("ror",@_); }
+sub main'exch	{ &out2("xchg",@_); }
+sub main'cmp	{ &out2("cmp",@_); }
+sub main'dec	{ &out1("dec",@_); }
+sub main'jmp	{ &out1("jmp",@_); }
+sub main'je	{ &out1("je",@_); }
+sub main'jz	{ &out1("jz",@_); }
+sub main'push	{ &out1("push",@_); }
+sub main'call	{ &out1("call",'_'.$_[0]); }
+
+
+sub out2
+	{
+	local($name,$p1,$p2)=@_;
+	local($l,$t);
+
+	print "\t$name\t";
+	$t=&conv($p1).",";
+	$l=length($t);
+	print $t;
+	$l=4-($l+9)/8;
+	print "\t" x $l;
+	print &conv($p2);
+	print "\n";
+	}
+
+sub out1
+	{
+	local($name,$p1)=@_;
+	local($l,$t);
+
+	print "\t$name\t";
+	print &conv($p1);
+	print "\n";
+	}
+
+sub conv
+	{
+	local($p)=@_;
+
+	$p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+	return $p;
+	}
+
+sub main'file
+	{
+	local($file)=@_;
+
+	print <<"EOF";
+	TITLE	$file.asm
+        .386
+.model FLAT
+EOF
+	}
+
+sub main'function_begin
+	{
+	local($func,$num)=@_;
+
+	$params=$num*4;
+
+	print <<"EOF";
+_TEXT	SEGMENT
+PUBLIC	_$func
+EXTRN	_des_SPtrans:DWORD
+_$func PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+EOF
+	$stack=20;
+	}
+
+sub main'function_end
+	{
+	local($func)=@_;
+
+	print <<"EOF";
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_$func ENDP
+_TEXT	ENDS
+EOF
+	$stack=0;
+	%label=();
+	}
+
+sub main'file_end
+	{
+	print "END\n"
+	}
+
+sub main'wparam
+	{
+	local($num)=@_;
+
+	return(&main'DWP($stack+$num*4,"esp","",0));
+	}
+
+sub main'wtmp
+	{
+	local($num)=@_;
+
+	return(&main'DWP($stack+$params+$num*4,"esp","",0));
+	}
+
+sub main'comment
+	{
+	foreach (@_)
+		{
+		print "\t; $_\n";
+		}
+	}
+
+sub main'label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}="\$${label}${_[0]}";
+		$label++;
+		}
+	return($label{$_[0]});
+	}
+
+sub main'set_label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}="${label}${_[0]}";
+		$label++;
+		}
+	print "$label{$_[0]}:\n";
+	}
+
+sub main'file_end
+        {
+	print "END\n";
+        }
diff --git a/crypto/libdes/asm/x86unix.pl b/crypto/libdes/asm/x86unix.pl
new file mode 100644
index 0000000..2048a9c
--- /dev/null
+++ b/crypto/libdes/asm/x86unix.pl
@@ -0,0 +1,253 @@
+#!/usr/local/bin/perl
+
+package x86ms;
+
+$label="L000";
+
+$align=($main'aout)?"4":"16";
+$under=($main'aout)?"_":"";
+$com_start=($main'sol)?"/":"#";
+
+if ($main'cpp)
+	{
+	$align="ALIGN";
+	$under="";
+	$com_start='/*';
+	$com_end='*/';
+	}
+
+%lb=(	'eax',	'%al',
+	'ebx',	'%bl',
+	'ecx',	'%cl',
+	'edx',	'%dl',
+	'ax',	'%al',
+	'bx',	'%bl',
+	'cx',	'%cl',
+	'dx',	'%dl',
+	);
+
+%hb=(	'eax',	'%ah',
+	'ebx',	'%bh',
+	'ecx',	'%ch',
+	'edx',	'%dh',
+	'ax',	'%ah',
+	'bx',	'%bh',
+	'cx',	'%ch',
+	'dx',	'%dh',
+	);
+
+%regs=(	'eax',	'%eax',
+	'ebx',	'%ebx',
+	'ecx',	'%ecx',
+	'edx',	'%edx',
+	'esi',	'%esi',
+	'edi',	'%edi',
+	'ebp',	'%ebp',
+	'esp',	'%esp',
+	);
+
+sub main'LB
+	{
+	(defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+	return($lb{$_[0]});
+	}
+
+sub main'HB
+	{
+	(defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+	return($hb{$_[0]});
+	}
+
+sub main'DWP
+	{
+	local($addr,$reg1,$reg2,$idx)=@_;
+
+
+	$ret="";
+
+	$addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
+
+	$reg1="$regs{$reg1}" if defined($regs{$reg1});
+	$reg2="$regs{$reg2}" if defined($regs{$reg2});
+	$ret.=$addr if ($addr ne "") && ($addr ne 0);
+	if ($reg2 ne "")
+		{
+		$ret.="($reg1,$reg2,$idx)";
+		}
+	else
+		{
+		$ret.="($reg1)"
+		}
+	return($ret);
+	}
+
+sub main'mov	{ &out2("movl",@_); }
+sub main'movb	{ &out2("movb",@_); }
+sub main'and	{ &out2("andl",@_); }
+sub main'or	{ &out2("orl",@_); }
+sub main'shl	{ &out2("shll",@_); }
+sub main'shr	{ &out2("shrl",@_); }
+sub main'xor	{ &out2("xorl",@_); }
+sub main'add	{ &out2("addl",@_); }
+sub main'sub	{ &out2("subl",@_); }
+sub main'rotl	{ &out2("roll",@_); }
+sub main'rotr	{ &out2("rorl",@_); }
+sub main'exch	{ &out2("xchg",@_); }
+sub main'cmp	{ &out2("cmpl",@_); }
+sub main'jmp	{ &out1("jmp",@_); }
+sub main'je	{ &out1("je",@_); }
+sub main'jne	{ &out1("jne",@_); }
+sub main'jnz	{ &out1("jnz",@_); }
+sub main'dec	{ &out1("decl",@_); }
+sub main'push	{ &out1("pushl",@_); }
+sub main'call	{ &out1("call",$under.$_[0]); }
+
+
+sub out2
+	{
+	local($name,$p1,$p2)=@_;
+	local($l,$ll,$t);
+
+	print "\t$name\t";
+	$t=&conv($p2).",";
+	$l=length($t);
+	print $t;
+	$ll=4-($l+9)/8;
+	print "\t" x $ll;
+	print &conv($p1);
+	print "\n";
+	}
+
+sub out1
+	{
+	local($name,$p1)=@_;
+	local($l,$t);
+
+	print "\t$name\t";
+	print &conv($p1);
+	print "\n";
+	}
+
+sub conv
+	{
+	local($p)=@_;
+
+#	$p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+
+	$p=$regs{$p} if (defined($regs{$p}));
+
+	$p =~ s/^([0-9A-Fa-f]+)$/\$$1/;
+	$p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/;
+	return $p;
+	}
+
+sub main'file
+	{
+	local($file)=@_;
+
+	print <<"EOF";
+	.file	"$file.s"
+	.version	"01.01"
+gcc2_compiled.:
+EOF
+	}
+
+sub main'function_begin
+	{
+	local($func,$num)=@_;
+
+	$params=$num*4;
+
+	$func=$under.$func;
+
+	print <<"EOF";
+.text
+	.align $align
+.globl $func
+EOF
+	if ($main'cpp)
+		{ printf("\tTYPE($func,\@function)\n"); }
+	else	{ printf("\t.type	$func,\@function\n"); }
+	print <<"EOF";
+$func:
+	pushl	%ebp
+	pushl	%ebx
+	pushl	%esi
+	pushl	%edi
+
+EOF
+	$stack=20;
+	}
+
+sub main'function_end
+	{
+	local($func)=@_;
+
+	$func=$under.$func;
+
+	print <<"EOF";
+	popl	%edi
+	popl	%esi
+	popl	%ebx
+	popl	%ebp
+	ret
+.${func}_end:
+EOF
+	if ($main'cpp)
+		{ printf("\tSIZE($func,.${func}_end-$func)\n"); }
+	else	{ printf("\t.size\t$func,.${func}_end-$func\n"); }
+	print ".ident	\"desasm.pl\"\n";
+	$stack=0;
+	%label=();
+	}
+
+
+sub main'wparam
+	{
+	local($num)=@_;
+
+	return(&main'DWP($stack+$num*4,"esp","",0));
+	}
+
+sub main'wtmp
+	{
+	local($num)=@_;
+
+	return(&main'DWP(-($num+1)*4,"esp","",0));
+	}
+
+sub main'comment
+	{
+	foreach (@_)
+		{
+		if (/^\s*$/)
+			{ print "\n"; }
+		else
+			{ print "\t$com_start $_ $com_end\n"; }
+		}
+	}
+
+sub main'label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}=".${label}${_[0]}";
+		$label++;
+		}
+	return($label{$_[0]});
+	}
+
+sub main'set_label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}=".${label}${_[0]}";
+		$label++;
+		}
+	print ".align $align\n";
+	print "$label{$_[0]}:\n";
+	}
+
+sub main'file_end
+	{
+	}
diff --git a/crypto/libdes/asm/y-win32.asm b/crypto/libdes/asm/y-win32.asm
new file mode 100644
index 0000000..af5c102
--- /dev/null
+++ b/crypto/libdes/asm/y-win32.asm
@@ -0,0 +1,929 @@
+	; Don't even think of reading this code
+	; It was automatically generated by crypt586.pl
+	; Which is a perl program used to generate the x86 assember for
+	; any of elf, a.out, BSDI,Win32, or Solaris
+	; eric <eay@cryptsoft.com>
+	; 
+	TITLE	crypt586.asm
+        .386
+.model FLAT
+_TEXT	SEGMENT
+PUBLIC	_fcrypt_body
+EXTRN   _des_SPtrans:DWORD
+_fcrypt_body PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	; 
+	; Load the 2 words
+	xor	edi,		edi
+	xor	esi,		esi
+	mov	ebp,		DWORD PTR 24[esp]
+	push	25
+L000start:
+	; 
+	; Round 0
+	mov	eax,		DWORD PTR 32[esp]
+	mov	edx,		esi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 36[esp]
+	xor	edx,		esi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR [ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 4[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 28[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 1
+	mov	eax,		DWORD PTR 32[esp]
+	mov	edx,		edi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 36[esp]
+	xor	edx,		edi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 8[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 12[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 28[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 2
+	mov	eax,		DWORD PTR 32[esp]
+	mov	edx,		esi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 36[esp]
+	xor	edx,		esi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 16[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 20[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 28[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 3
+	mov	eax,		DWORD PTR 32[esp]
+	mov	edx,		edi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 36[esp]
+	xor	edx,		edi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 24[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 28[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 28[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 4
+	mov	eax,		DWORD PTR 32[esp]
+	mov	edx,		esi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 36[esp]
+	xor	edx,		esi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 32[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 36[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 28[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 5
+	mov	eax,		DWORD PTR 32[esp]
+	mov	edx,		edi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 36[esp]
+	xor	edx,		edi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 40[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 44[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 28[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 6
+	mov	eax,		DWORD PTR 32[esp]
+	mov	edx,		esi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 36[esp]
+	xor	edx,		esi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 48[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 52[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 28[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 7
+	mov	eax,		DWORD PTR 32[esp]
+	mov	edx,		edi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 36[esp]
+	xor	edx,		edi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 56[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 60[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 28[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 8
+	mov	eax,		DWORD PTR 32[esp]
+	mov	edx,		esi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 36[esp]
+	xor	edx,		esi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 64[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 68[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 28[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 9
+	mov	eax,		DWORD PTR 32[esp]
+	mov	edx,		edi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 36[esp]
+	xor	edx,		edi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 72[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 76[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 28[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 10
+	mov	eax,		DWORD PTR 32[esp]
+	mov	edx,		esi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 36[esp]
+	xor	edx,		esi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 80[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 84[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 28[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 11
+	mov	eax,		DWORD PTR 32[esp]
+	mov	edx,		edi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 36[esp]
+	xor	edx,		edi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 88[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 92[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 28[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 12
+	mov	eax,		DWORD PTR 32[esp]
+	mov	edx,		esi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 36[esp]
+	xor	edx,		esi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 96[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 100[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 28[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 13
+	mov	eax,		DWORD PTR 32[esp]
+	mov	edx,		edi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 36[esp]
+	xor	edx,		edi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 104[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 108[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 28[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	; 
+	; Round 14
+	mov	eax,		DWORD PTR 32[esp]
+	mov	edx,		esi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 36[esp]
+	xor	edx,		esi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 112[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 116[ebp]
+	xor	eax,		esi
+	xor	edx,		esi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	edi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	edi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	edi,		ebp
+	mov	ebp,		DWORD PTR 28[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	edi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	edi,		ebx
+	; 
+	; Round 15
+	mov	eax,		DWORD PTR 32[esp]
+	mov	edx,		edi
+	shr	edx,		16
+	mov	ecx,		DWORD PTR 36[esp]
+	xor	edx,		edi
+	and	eax,		edx
+	and	edx,		ecx
+	mov	ebx,		eax
+	shl	ebx,		16
+	mov	ecx,		edx
+	shl	ecx,		16
+	xor	eax,		ebx
+	xor	edx,		ecx
+	mov	ebx,		DWORD PTR 120[ebp]
+	xor	eax,		ebx
+	mov	ecx,		DWORD PTR 124[ebp]
+	xor	eax,		edi
+	xor	edx,		edi
+	xor	edx,		ecx
+	and	eax,		0fcfcfcfch
+	xor	ebx,		ebx
+	and	edx,		0cfcfcfcfh
+	xor	ecx,		ecx
+	mov	bl,		al
+	mov	cl,		ah
+	ror	edx,		4
+	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
+	mov	bl,		dl
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
+	xor	esi,		ebp
+	mov	cl,		dh
+	shr	eax,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
+	xor	esi,		ebp
+	mov	bl,		ah
+	shr	edx,		16
+	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
+	xor	esi,		ebp
+	mov	ebp,		DWORD PTR 28[esp]
+	mov	cl,		dh
+	and	eax,		0ffh
+	and	edx,		0ffh
+	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
+	xor	esi,		ebx
+	mov	ebx,		DWORD PTR [esp]
+	mov	eax,		edi
+	dec	ebx
+	mov	edi,		esi
+	mov	esi,		eax
+	mov	DWORD PTR [esp],ebx
+	jnz	L000start
+	; 
+	; FP
+	mov	edx,		DWORD PTR 24[esp]
+	ror	edi,		1
+	mov	eax,		esi
+	xor	esi,		edi
+	and	esi,		0aaaaaaaah
+	xor	eax,		esi
+	xor	edi,		esi
+	; 
+	rol	eax,		23
+	mov	esi,		eax
+	xor	eax,		edi
+	and	eax,		003fc03fch
+	xor	esi,		eax
+	xor	edi,		eax
+	; 
+	rol	esi,		10
+	mov	eax,		esi
+	xor	esi,		edi
+	and	esi,		033333333h
+	xor	eax,		esi
+	xor	edi,		esi
+	; 
+	rol	edi,		18
+	mov	esi,		edi
+	xor	edi,		eax
+	and	edi,		0fff0000fh
+	xor	esi,		edi
+	xor	eax,		edi
+	; 
+	rol	esi,		12
+	mov	edi,		esi
+	xor	esi,		eax
+	and	esi,		0f0f0f0f0h
+	xor	edi,		esi
+	xor	eax,		esi
+	; 
+	ror	eax,		4
+	mov	DWORD PTR [edx],eax
+	mov	DWORD PTR 4[edx],edi
+	pop	ecx
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_fcrypt_body ENDP
+_TEXT	ENDS
+END
diff --git a/crypto/libdes/cbc3_enc.c b/crypto/libdes/cbc3_enc.c
new file mode 100644
index 0000000..a96f23c5
--- /dev/null
+++ b/crypto/libdes/cbc3_enc.c
@@ -0,0 +1,95 @@
+/* crypto/des/cbc3_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+#include "des_locl.h"
+
+/* HAS BUGS? DON'T USE - this is only present for use in des.c */
+void des_3cbc_encrypt(des_cblock *input, des_cblock *output, long length,
+	     des_key_schedule ks1, des_key_schedule ks2, des_cblock *iv1,
+	     des_cblock *iv2, int enc)
+	{
+	int off=((int)length-1)/8;
+	long l8=((length+7)/8)*8;
+	des_cblock niv1,niv2;
+
+	if (enc == DES_ENCRYPT)
+		{
+		des_cbc_encrypt((void*)input,(void*)output,length,ks1,iv1,enc);
+		if (length >= sizeof(des_cblock))
+			memcpy(niv1,output[off],sizeof(des_cblock));
+		des_cbc_encrypt((void*)output,(void*)output,l8,ks2,iv1,!enc);
+		des_cbc_encrypt((void*)output,(void*)output,l8,ks1,iv2, enc);
+		if (length >= sizeof(des_cblock))
+			memcpy(niv2,output[off],sizeof(des_cblock));
+		}
+	else
+		{
+		if (length >= sizeof(des_cblock))
+			memcpy(niv2,input[off],sizeof(des_cblock));
+		des_cbc_encrypt((void*)input,(void*)output,l8,ks1,iv2,enc);
+		des_cbc_encrypt((void*)output,(void*)output,l8,ks2,iv1,!enc);
+		if (length >= sizeof(des_cblock))
+			memcpy(niv1,output[off],sizeof(des_cblock));
+		des_cbc_encrypt((void*)output,(void*)output,length,ks1,iv1, enc);
+		}
+	memcpy(*iv1,niv1,sizeof(des_cblock));
+	memcpy(*iv2,niv2,sizeof(des_cblock));
+	}
+
diff --git a/crypto/libdes/cbc_cksm.c b/crypto/libdes/cbc_cksm.c
new file mode 100644
index 0000000..1e543cb
--- /dev/null
+++ b/crypto/libdes/cbc_cksm.c
@@ -0,0 +1,97 @@
+/* crypto/des/cbc_cksm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+DES_LONG des_cbc_cksum(const unsigned char *in, des_cblock *output,
+		long length,
+		des_key_schedule schedule, const_des_cblock *ivec)
+	{
+	register DES_LONG tout0,tout1,tin0,tin1;
+	register long l=length;
+	DES_LONG tin[2];
+	unsigned char *out = &(*output)[0];
+	const unsigned char *iv = &(*ivec)[0];
+
+	c2l(iv,tout0);
+	c2l(iv,tout1);
+	for (; l>0; l-=8)
+		{
+		if (l >= 8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			}
+		else
+			c2ln(in,tin0,tin1,l);
+			
+		tin0^=tout0; tin[0]=tin0;
+		tin1^=tout1; tin[1]=tin1;
+		des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+		/* fix 15/10/91 eay - thanks to keithr@sco.COM */
+		tout0=tin[0];
+		tout1=tin[1];
+		}
+	if (out != NULL)
+		{
+		l2c(tout0,out);
+		l2c(tout1,out);
+		}
+	tout0=tin0=tin1=tin[0]=tin[1]=0;
+	return(tout1);
+	}
diff --git a/crypto/libdes/cbc_enc.c b/crypto/libdes/cbc_enc.c
new file mode 100644
index 0000000..677903a
--- /dev/null
+++ b/crypto/libdes/cbc_enc.c
@@ -0,0 +1,61 @@
+/* crypto/des/cbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define CBC_ENC_C__DONT_UPDATE_IV
+
+#include "ncbc_enc.c" /* des_cbc_encrypt */
diff --git a/crypto/libdes/cfb64ede.c b/crypto/libdes/cfb64ede.c
new file mode 100644
index 0000000..5362a55
--- /dev/null
+++ b/crypto/libdes/cfb64ede.c
@@ -0,0 +1,141 @@
+/* crypto/des/cfb64ede.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+	     long length, des_key_schedule ks1, des_key_schedule ks2,
+	     des_key_schedule ks3, des_cblock *ivec, int *num, int enc)
+	{
+	register DES_LONG v0,v1;
+	register long l=length;
+	register int n= *num;
+	DES_LONG ti[2];
+	unsigned char *iv,c,cc;
+
+	iv=&(*ivec)[0];
+	if (enc)
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				c2l(iv,v0);
+				c2l(iv,v1);
+
+				ti[0]=v0;
+				ti[1]=v1;
+				des_encrypt3(ti,ks1,ks2,ks3);
+				v0=ti[0];
+				v1=ti[1];
+
+				iv = &(*ivec)[0];
+				l2c(v0,iv);
+				l2c(v1,iv);
+				iv = &(*ivec)[0];
+				}
+			c= *(in++)^iv[n];
+			*(out++)=c;
+			iv[n]=c;
+			n=(n+1)&0x07;
+			}
+		}
+	else
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				c2l(iv,v0);
+				c2l(iv,v1);
+
+				ti[0]=v0;
+				ti[1]=v1;
+				des_encrypt3(ti,ks1,ks2,ks3);
+				v0=ti[0];
+				v1=ti[1];
+
+				iv = &(*ivec)[0];
+				l2c(v0,iv);
+				l2c(v1,iv);
+				iv = &(*ivec)[0];
+				}
+			cc= *(in++);
+			c=iv[n];
+			iv[n]=cc;
+			*(out++)=c^cc;
+			n=(n+1)&0x07;
+			}
+		}
+	v0=v1=ti[0]=ti[1]=c=cc=0;
+	*num=n;
+	}
+
+#ifdef undef /* MACRO */
+void des_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     des_key_schedule ks1, des_key_schedule ks2, des_cblock (*ivec),
+	     int *num, int enc)
+	{
+	des_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
+	}
+#endif
diff --git a/crypto/libdes/cfb64enc.c b/crypto/libdes/cfb64enc.c
new file mode 100644
index 0000000..389a232
--- /dev/null
+++ b/crypto/libdes/cfb64enc.c
@@ -0,0 +1,121 @@
+/* crypto/des/cfb64enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+	     long length, des_key_schedule schedule, des_cblock *ivec,
+	     int *num, int enc)
+	{
+	register DES_LONG v0,v1;
+	register long l=length;
+	register int n= *num;
+	DES_LONG ti[2];
+	unsigned char *iv,c,cc;
+
+	iv = &(*ivec)[0];
+	if (enc)
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				c2l(iv,v0); ti[0]=v0;
+				c2l(iv,v1); ti[1]=v1;
+				des_encrypt(ti,schedule,DES_ENCRYPT);
+				iv = &(*ivec)[0];
+				v0=ti[0]; l2c(v0,iv);
+				v0=ti[1]; l2c(v0,iv);
+				iv = &(*ivec)[0];
+				}
+			c= *(in++)^iv[n];
+			*(out++)=c;
+			iv[n]=c;
+			n=(n+1)&0x07;
+			}
+		}
+	else
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				c2l(iv,v0); ti[0]=v0;
+				c2l(iv,v1); ti[1]=v1;
+				des_encrypt(ti,schedule,DES_ENCRYPT);
+				iv = &(*ivec)[0];
+				v0=ti[0]; l2c(v0,iv);
+				v0=ti[1]; l2c(v0,iv);
+				iv = &(*ivec)[0];
+				}
+			cc= *(in++);
+			c=iv[n];
+			iv[n]=cc;
+			*(out++)=c^cc;
+			n=(n+1)&0x07;
+			}
+		}
+	v0=v1=ti[0]=ti[1]=c=cc=0;
+	*num=n;
+	}
+
diff --git a/crypto/libdes/cfb_enc.c b/crypto/libdes/cfb_enc.c
new file mode 100644
index 0000000..cca34dd
--- /dev/null
+++ b/crypto/libdes/cfb_enc.c
@@ -0,0 +1,165 @@
+/* crypto/des/cfb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output are loaded in multiples of 8 bits.
+ * What this means is that if you hame numbits=12 and length=2
+ * the first 12 bits will be retrieved from the first byte and half
+ * the second.  The second 12 bits will come from the 3rd and half the 4th
+ * byte.
+ */
+void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+	     long length, des_key_schedule schedule, des_cblock *ivec, int enc)
+	{
+	register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
+	register DES_LONG mask0,mask1;
+	register unsigned long l=length;
+	register int num=numbits;
+	DES_LONG ti[2];
+	unsigned char *iv;
+
+	if (num > 64) return;
+	if (num > 32)
+		{
+		mask0=0xffffffffL;
+		if (num == 64)
+			mask1=mask0;
+		else	mask1=(1L<<(num-32))-1;
+		}
+	else
+		{
+		if (num == 32)
+			mask0=0xffffffffL;
+		else	mask0=(1L<<num)-1;
+		mask1=0x00000000L;
+		}
+
+	iv = &(*ivec)[0];
+	c2l(iv,v0);
+	c2l(iv,v1);
+	if (enc)
+		{
+		while (l >= n)
+			{
+			l-=n;
+			ti[0]=v0;
+			ti[1]=v1;
+			des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+			c2ln(in,d0,d1,n);
+			in+=n;
+			d0=(d0^ti[0])&mask0;
+			d1=(d1^ti[1])&mask1;
+			l2cn(d0,d1,out,n);
+			out+=n;
+			/* 30-08-94 - eay - changed because l>>32 and
+			 * l<<32 are bad under gcc :-( */
+			if (num == 32)
+				{ v0=v1; v1=d0; }
+			else if (num == 64)
+				{ v0=d0; v1=d1; }
+			else if (num > 32) /* && num != 64 */
+				{
+				v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
+				v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
+				}
+			else /* num < 32 */
+				{
+				v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
+				v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
+				}
+			}
+		}
+	else
+		{
+		while (l >= n)
+			{
+			l-=n;
+			ti[0]=v0;
+			ti[1]=v1;
+			des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+			c2ln(in,d0,d1,n);
+			in+=n;
+			/* 30-08-94 - eay - changed because l>>32 and
+			 * l<<32 are bad under gcc :-( */
+			if (num == 32)
+				{ v0=v1; v1=d0; }
+			else if (num == 64)
+				{ v0=d0; v1=d1; }
+			else if (num > 32) /* && num != 64 */
+				{
+				v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
+				v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
+				}
+			else /* num < 32 */
+				{
+				v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
+				v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
+				}
+			d0=(d0^ti[0])&mask0;
+			d1=(d1^ti[1])&mask1;
+			l2cn(d0,d1,out,n);
+			out+=n;
+			}
+		}
+	iv = &(*ivec)[0];
+	l2c(v0,iv);
+	l2c(v1,iv);
+	v0=v1=d0=d1=ti[0]=ti[1]=0;
+	}
+
diff --git a/crypto/libdes/des-lib.com b/crypto/libdes/des-lib.com
new file mode 100644
index 0000000..2aea7a0
--- /dev/null
+++ b/crypto/libdes/des-lib.com
@@ -0,0 +1,1003 @@
+$!
+$!  DES-LIB.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!  Changes by Richard Levitte <richard@levitte.org>
+$!
+$!  This command files compiles and creates the 
+$!  "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library.  The "xxx" denotes the machine 
+$!  architecture of AXP or VAX.
+$!
+$!  It was re-written to try to determine which "C" compiler to try to use
+$!  or the user can specify a compiler in P3.
+$!
+$!  Specify one of the following to build just that part, specify "ALL" to
+$!  just build everything.
+$!
+$!         ALL       To Just Build "Everything".
+$!         LIBRARY   To Just Build The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library.
+$!         DESTEST   To Just Build The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program.
+$!         SPEED     To Just Build The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program.
+$!         RPW       To Just Build The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program.
+$!         DES       To Just Build The [.xxx.EXE.CRYPTO.DES]DES.EXE Program.
+$!         DES_OPTS  To Just Build The [.xxx.EXE.CRYPTO.DES]DES_OPTS.EXE Program.
+$!
+$!  Specify either DEBUG or NODEBUG as P2 to compile with or without
+$!  debugging information.
+$!
+$!  Specify which compiler at P3 to try to compile under.
+$!
+$!	   VAXC	 For VAX C.
+$!	   DECC	 For DEC C.
+$!	   GNUC	 For GNU C.
+$!
+$!  If you don't speficy a compiler, it will try to determine which
+$!  "C" compiler to try to use.
+$!
+$!  P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!
+$! Make sure we know what architecture we run on.
+$!
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").GE.128)
+$ THEN
+$!
+$!  The Architecture Is AXP.
+$!
+$   ARCH := AXP
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is VAX.
+$!
+$   ARCH := VAX
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Define The OBJ Directory Name.
+$!
+$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES]
+$!
+$! Check To See If The Architecture Specific OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'OBJ_DIR'
+$!
+$! End The Architecture Specific OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The EXE Directory Name.
+$!
+$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES]
+$!
+$! Check To See If The Architecture Specific Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'EXE_DIR'
+$!
+$! End The Architecture Specific Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The Library Name.
+$!
+$ LIB_NAME := 'EXE_DIR'LIBDES.OLB
+$!
+$! Check To See What We Are To Do.
+$!
+$ IF (BUILDALL.EQS."TRUE")
+$ THEN
+$!
+$!  Since Nothing Special Was Specified, Do Everything.
+$!
+$   GOSUB LIBRARY
+$   GOSUB DESTEST
+$   GOSUB SPEED
+$   GOSUB RPW
+$   GOSUB DES
+$   GOSUB DES_OPTS
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!    Build Just What The User Wants Us To Build.
+$!
+$     GOSUB 'BUILDALL'
+$!
+$! End The BUILDALL Check.
+$!
+$ ENDIF
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$ LIBRARY:
+$!
+$! Tell The User That We Are Compiling.
+$!
+$ WRITE SYS$OUTPUT "Compiling The ",LIB_NAME," Files."
+$!
+$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" Library...
+$!
+$ IF (F$SEARCH(LIB_NAME).EQS."")
+$ THEN
+$!
+$! Guess Not, Create The Library.
+$!
+$   LIBRARY/CREATE/OBJECT 'LIB_NAME'
+$!
+$! End The Library Exist Check.
+$!
+$ ENDIF
+$!
+$! Define The DES Library Files.
+$!
+$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
+		"ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
+		"enc_read,enc_writ,ofb64enc,"+ -
+		"ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
+		"des_enc,fcrypt_b,read2pwd,"+ -
+		"fcrypt,xcbc_enc,read_pwd,rpc_enc,cbc_cksm,supp"
+$!
+$!  Define A File Counter And Set It To "0".
+$!
+$ FILE_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! O.K, Extract The File Name From The File List.
+$!
+$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_DES)
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$!
+$!  Tell The User We Are Compiling The Source File.
+$!
+$ WRITE SYS$OUTPUT "	",FILE_NAME,".C"
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + FILE_NAME + "." + ARCH + "OBJ"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The File Exists Check.
+$!
+$ ENDIF
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$!
+$! Add It To The Library.
+$!
+$ LIBRARY/REPLACE/OBJECT 'LIB_NAME' 'OBJECT_FILE'
+$!
+$! Time To Clean Up The Object File.
+$!
+$ DELETE 'OBJECT_FILE';*
+$!
+$! Go Back And Do It Again.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This Library Part.
+$!
+$ FILE_DONE:
+$!
+$! Tell The User That We Are All Done.
+$!
+$ WRITE SYS$OUTPUT "Library ",LIB_NAME," Built."
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The DESTEST Program.
+$!
+$ DESTEST:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]DESTEST.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File DESTEST.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The DESTEST.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DESTEST.EXE"
+$!
+$! Compile The DESTEST Program.
+$!
+$ CC/OBJECT='OBJ_DIR'DESTEST.OBJ SYS$DISK:[]DESTEST.C
+$!
+$! Link The DESTEST Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DESTEST.EXE -
+      'OBJ_DIR'DESTEST.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The SPEED Program.
+$!
+$ SPEED:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]SPEED.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File SPEED.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The SPEED.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"SPEED.EXE"
+$!
+$! Compile The SPEED Program.
+$!
+$ CC/OBJECT='OBJ_DIR'SPEED.OBJ SYS$DISK:[]SPEED.C
+$!
+$! Link The SPEED Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'SPEED.EXE -
+      'OBJ_DIR'SPEED.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The RPW Program.
+$!
+$ RPW:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]RPW.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File RPW.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The RPW.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"RPW.EXE"
+$!
+$! Compile The RPW Program.
+$!
+$ CC/OBJECT='OBJ_DIR'RPW.OBJ SYS$DISK:[]RPW.C
+$!
+$! Link The RPW Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'RPW.EXE -
+      'OBJ_DIR'RPW.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The DES Program.
+$!
+$ DES:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]DES.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File DES.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The DES.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES.EXE"
+$!
+$! Compile The DES Program.
+$!
+$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]DES.C
+$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]CBC3_ENC.C
+$!
+$! Link The DES Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES.EXE -
+      'OBJ_DIR'DES.OBJ,'OBJ_DIR'CBC3_ENC.OBJ,-
+      'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The DES_OPTS Program.
+$!
+$ DES_OPTS:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]DES_OPTS.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File DES_OPTS.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The DES_OPTS.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES_OPTS.EXE"
+$!
+$! Compile The DES_OPTS Program.
+$!
+$ CC/OBJECT='OBJ_DIR'DES_OPTS.OBJ SYS$DISK:[]DES_OPTS.C
+$!
+$! Link The DES_OPTS Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES_OPTS.EXE -
+      'OBJ_DIR'DES_OPTS.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$!  Check To See If We Already Have A VAX C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A VAX C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If We Already Have A GNU C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A GNU C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$!  Check To See If We Already Have A DEC C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!
+$     IF (F$GETSYI("CPU").LT.128)
+$     THEN
+$!
+$!      We Need A DEC C Linker Option File For VAX.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Create The AXP Linker Option File.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For AXP To Link Agianst 
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$!    End The VAX/AXP DEC C Option File Check.
+$!
+$     ENDIF
+$!
+$!  End The Option File Search.
+$!
+$   ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."	
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Library Check.
+$!
+$ LIB_CHECK:
+$!
+$!  Look For The Library LIBDES.OLB.
+$!
+$ IF (F$SEARCH(LIB_NAME).EQS."")
+$ THEN
+$!
+$!    Tell The User We Can't Find The [.xxx.CRYPTO.DES]LIBDES.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",LIB_NAME,"."
+$   WRITE SYS$OUTPUT "We Can't Link Without It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!    Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If We Are To "Just Build Everything".
+$!
+$ IF (P1.EQS."ALL")
+$ THEN
+$!
+$!   P1 Is "ALL", So Build Everything.
+$!
+$    BUILDALL = "TRUE"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Else, Check To See If P1 Has A Valid Arguement.
+$!
+$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") -
+       .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS")
+$   THEN
+$!
+$!    A Valid Arguement.
+$!
+$     BUILDALL = P1
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything.
+$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library."
+$     WRITE SYS$OUTPUT "    DESTEST  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program."
+$     WRITE SYS$OUTPUT "    SPEED    :  To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program."
+$     WRITE SYS$OUTPUT "    RPW      :  To Compile Just The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program."
+$     WRITE SYS$OUTPUT "    DES      :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DES.EXE Program."
+$     WRITE SYS$OUTPUT "    DES_OPTS :  To Compile Just The [.xxx.EXE.CRYTPO.DES]DES_OPTS.EXE Program."
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT " Where 'xxx' Stands For: "
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "        AXP  :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "        VAX  :  VAX Architecture."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Are To Compile Without Debugger Information.
+$!
+$ IF (P2.EQS."NODEBUG")
+$ THEN
+$!
+$!   P2 Is Blank, So Compile Without Debugger Information.
+$!
+$    DEBUGGER  = "NODEBUG"
+$    TRACEBACK = "NOTRACEBACK" 
+$    GCC_OPTIMIZE = "OPTIMIZE"
+$    CC_OPTIMIZE = "OPTIMIZE"
+$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P2.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER  = "DEBUG"
+$     TRACEBACK = "TRACEBACK"
+$     GCC_OPTIMIZE = "NOOPTIMIZE"
+$     CC_OPTIMIZE = "NOOPTIMIZE"
+$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later.
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN := ""
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P4 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     P3 = "GNUC"
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Check To See If We Have VAXC Or DECC.
+$!
+$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     THEN 
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       P3 = "DECC"
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       P3 = "VAXC"
+$!
+$!    End The VAXC Compiler Check.
+$!
+$     ENDIF
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$!  End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "VMS=1"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = ""
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+	CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
+$ THEN
+$!
+$!    Check To See If The User Wanted DECC.
+$!
+$   IF (P3.EQS."DECC")
+$   THEN
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    Use DECC...
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+	 THEN CC = "CC/DECC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+           "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$!
+$!  End DECC Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use VAXC.
+$!
+$   IF (P3.EQS."VAXC")
+$   THEN
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$!
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    Compile Using VAXC.
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."AXP"
+$     THEN
+$	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$	EXIT
+$     ENDIF
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
+$     CCDEFS = """VAXC""," + CCDEFS
+$!
+$!    Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$!
+$!  End VAXC Check
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use GNU C.
+$!
+$   IF (P3.EQS."GNUC")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    Use GNU C...
+$!
+$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$!
+$!  End The GNU C Check.
+$!
+$   ENDIF
+$!
+$!  Set up default defines
+$!
+$   CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$!  Finish up the definition of CC.
+$!
+$   IF COMPILER .EQS. "DECC"
+$   THEN
+$     IF CCDISABLEWARNINGS .EQS. ""
+$     THEN
+$       CC4DISABLEWARNINGS = "DOLLARID"
+$     ELSE
+$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$     ENDIF
+$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$   ELSE
+$     CCDISABLEWARNINGS = ""
+$     CC4DISABLEWARNINGS = ""
+$   ENDIF
+$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$!
+$!  Show user the result
+$!
+$   WRITE SYS$OUTPUT "Main Compiling Command: ",CC
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$! End The P3 Check.
+$!
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
diff --git a/crypto/libdes/des.c b/crypto/libdes/des.c
new file mode 100644
index 0000000..eafadbc
--- /dev/null
+++ b/crypto/libdes/des.c
@@ -0,0 +1,933 @@
+/* crypto/des/des.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ *
+ * $FreeBSD$
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifndef MSDOS
+#ifndef VMS
+#include <openssl/opensslconf.h>
+#include OPENSSL_UNISTD
+#else /* VMS */
+#ifdef __DECC
+#include <unistd.h>
+#else /* not __DECC */
+#include <math.h>
+#endif /* __DECC */
+#endif /* VMS */
+#else
+#include <io.h>
+#endif
+
+#include <time.h>
+#include "des_ver.h"
+
+#ifdef VMS
+#include <types.h>
+#include <stat.h>
+#else
+#ifndef _IRIX
+#include <sys/types.h>
+#endif
+#include <sys/stat.h>
+#endif
+#include <openssl/des.h>
+#include <openssl/rand.h>
+
+#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
+#include <string.h>
+#endif
+
+void usage(void);
+void doencryption(void);
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);
+void uufwriteEnd(FILE *fp);
+int uufread(unsigned char *out,int size,unsigned int num,FILE *fp);
+int uuencode(unsigned char *in,int num,unsigned char *out);
+int uudecode(unsigned char *in,int num,unsigned char *out);
+void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule sk1,des_key_schedule sk2,
+	des_cblock *ivec1,des_cblock *ivec2,int enc);
+#ifdef VMS
+#define EXIT(a) exit(a&0x10000000L)
+#else
+#define EXIT(a) exit(a)
+#endif
+
+#define BUFSIZE (8*1024)
+#define VERIFY  1
+#define KEYSIZ	8
+#define KEYSIZB 1024 /* should hit tty line limit first :-) */
+char key[KEYSIZB+1];
+int do_encrypt,longk=0;
+FILE *DES_IN,*DES_OUT,*CKSUM_OUT;
+char uuname[200];
+unsigned char uubuf[50];
+int uubufnum=0;
+#define INUUBUFN	(45*100)
+#define OUTUUBUF	(65*100)
+unsigned char b[OUTUUBUF];
+unsigned char bb[300];
+des_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+char cksumname[200]="";
+
+int vflag,cflag,eflag,dflag,kflag,bflag,fflag,sflag,uflag,flag3,hflag,error;
+
+int main(int argc, char **argv)
+	{
+	int i;
+	struct stat ins,outs;
+	char *p;
+	char *in=NULL,*out=NULL;
+
+	vflag=cflag=eflag=dflag=kflag=hflag=bflag=fflag=sflag=uflag=flag3=0;
+	error=0;
+	memset(key,0,sizeof(key));
+
+	for (i=1; i<argc; i++)
+		{
+		p=argv[i];
+		if ((p[0] == '-') && (p[1] != '\0'))
+			{
+			p++;
+			while (*p)
+				{
+				switch (*(p++))
+					{
+				case '3':
+					flag3=1;
+					longk=1;
+					break;
+				case 'c':
+					cflag=1;
+					strncpy(cksumname,p,200);
+					p+=strlen(cksumname);
+					break;
+				case 'C':
+					cflag=1;
+					longk=1;
+					strncpy(cksumname,p,200);
+					p+=strlen(cksumname);
+					break;
+				case 'e':
+					eflag=1;
+					break;
+				case 'v':
+					vflag=1;
+					break;
+				case 'E':
+					eflag=1;
+					longk=1;
+					break;
+				case 'd':
+					dflag=1;
+					break;
+				case 'D':
+					dflag=1;
+					longk=1;
+					break;
+				case 'b':
+					bflag=1;
+					break;
+				case 'f':
+					fflag=1;
+					break;
+				case 's':
+					sflag=1;
+					break;
+				case 'u':
+					uflag=1;
+					strncpy(uuname,p,200);
+					p+=strlen(uuname);
+					break;
+				case 'h':
+					hflag=1;
+					break;
+				case 'k':
+					kflag=1;
+					if ((i+1) == argc)
+						{
+						fputs("must have a key with the -k option\n",stderr);
+						error=1;
+						}
+					else
+						{
+						int j;
+
+						i++;
+						strncpy(key,argv[i],KEYSIZB);
+						for (j=strlen(argv[i])-1; j>=0; j--)
+							argv[i][j]='\0';
+						}
+					break;
+				default:
+					fprintf(stderr,"'%c' unknown flag\n",p[-1]);
+					error=1;
+					break;
+					}
+				}
+			}
+		else
+			{
+			if (in == NULL)
+				in=argv[i];
+			else if (out == NULL)
+				out=argv[i];
+			else
+				error=1;
+			}
+		}
+	if (error) usage();
+	/* We either
+	 * do checksum or
+	 * do encrypt or
+	 * do decrypt or
+	 * do decrypt then ckecksum or
+	 * do checksum then encrypt
+	 */
+	if (((eflag+dflag) == 1) || cflag)
+		{
+		if (eflag) do_encrypt=DES_ENCRYPT;
+		if (dflag) do_encrypt=DES_DECRYPT;
+		}
+	else
+		{
+		if (vflag) 
+			{
+#ifndef _Windows			
+			fprintf(stderr,"des(1) built with %s\n",libdes_version);
+#endif			
+			EXIT(1);
+			}
+		else usage();
+		}
+
+#ifndef _Windows			
+	if (vflag) fprintf(stderr,"des(1) built with %s\n",libdes_version);
+#endif			
+	if (	(in != NULL) &&
+		(out != NULL) &&
+#ifndef MSDOS
+		(stat(in,&ins) != -1) &&
+		(stat(out,&outs) != -1) &&
+		(ins.st_dev == outs.st_dev) &&
+		(ins.st_ino == outs.st_ino))
+#else /* MSDOS */
+		(strcmp(in,out) == 0))
+#endif
+			{
+			fputs("input and output file are the same\n",stderr);
+			EXIT(3);
+			}
+
+	if (!kflag)
+		if (des_read_pw_string(key,KEYSIZB+1,"Enter key:",eflag?VERIFY:0))
+			{
+			fputs("password error\n",stderr);
+			EXIT(2);
+			}
+
+	if (in == NULL)
+		DES_IN=stdin;
+	else if ((DES_IN=fopen(in,"r")) == NULL)
+		{
+		perror("opening input file");
+		EXIT(4);
+		}
+
+	CKSUM_OUT=stdout;
+	if (out == NULL)
+		{
+		DES_OUT=stdout;
+		CKSUM_OUT=stderr;
+		}
+	else if ((DES_OUT=fopen(out,"w")) == NULL)
+		{
+		perror("opening output file");
+		EXIT(5);
+		}
+
+#ifdef MSDOS
+	/* This should set the file to binary mode. */
+	{
+#include <fcntl.h>
+	if (!(uflag && dflag))
+		setmode(fileno(DES_IN),O_BINARY);
+	if (!(uflag && eflag))
+		setmode(fileno(DES_OUT),O_BINARY);
+	}
+#endif
+
+	doencryption();
+	fclose(DES_IN);
+	fclose(DES_OUT);
+	EXIT(0);
+	}
+
+void usage(void)
+	{
+	char **u;
+	static const char *Usage[]={
+"des <options> [input-file [output-file]]",
+"options:",
+"-v         : des(1) version number",
+"-e         : encrypt using sunOS compatible user key to DES key conversion.",
+"-E         : encrypt ",
+"-d         : decrypt using sunOS compatible user key to DES key conversion.",
+"-D         : decrypt ",
+"-c[ckname] : generate a cbc_cksum using sunOS compatible user key to",
+"             DES key conversion and output to ckname (stdout default,",
+"             stderr if data being output on stdout).  The checksum is",
+"             generated before encryption and after decryption if used",
+"             in conjunction with -[eEdD].",
+"-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].",
+"-k key     : use key 'key'",
+"-h         : the key that is entered will be a hexidecimal number",
+"             that is used directly as the des key",
+"-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
+"             (uuname is the filename to put in the uuencode header).",
+"-b         : encrypt using DES in ecb encryption mode, the defaut is cbc mode.",
+"-3         : encrypt using tripple DES encryption.  This uses 2 keys",
+"             generated from the input key.  If the input key is less",
+"             than 8 characters long, this is equivelent to normal",
+"             encryption.  Default is triple cbc, -b makes it triple ecb.",
+NULL
+};
+	for (u=(char **)Usage; *u; u++)
+		{
+		fputs(*u,stderr);
+		fputc('\n',stderr);
+		}
+
+	EXIT(1);
+	}
+
+void doencryption(void)
+	{
+#ifdef _LIBC
+	extern unsigned long time();
+#endif
+
+	register int i;
+	des_key_schedule ks,ks2;
+	des_cblock iv,iv2;
+	char *p;
+	int num=0,j,k,l,rem,ll,len,last,ex=0;
+	des_cblock kk,k2;
+	FILE *O;
+	int Exit=0;
+#ifndef MSDOS
+	static unsigned char buf[BUFSIZE+8],obuf[BUFSIZE+8];
+#else
+	static unsigned char *buf=NULL,*obuf=NULL;
+
+	if (buf == NULL)
+		{
+		if (    (( buf=malloc(BUFSIZE+8)) == NULL) ||
+			((obuf=malloc(BUFSIZE+8)) == NULL))
+			{
+			fputs("Not enough memory\n",stderr);
+			Exit=10;
+			goto problems;
+			}
+		}
+#endif
+
+	if (hflag)
+		{
+		j=(flag3?16:8);
+		p=key;
+		for (i=0; i<j; i++)
+			{
+			k=0;
+			if ((*p <= '9') && (*p >= '0'))
+				k=(*p-'0')<<4;
+			else if ((*p <= 'f') && (*p >= 'a'))
+				k=(*p-'a'+10)<<4;
+			else if ((*p <= 'F') && (*p >= 'A'))
+				k=(*p-'A'+10)<<4;
+			else
+				{
+				fputs("Bad hex key\n",stderr);
+				Exit=9;
+				goto problems;
+				}
+			p++;
+			if ((*p <= '9') && (*p >= '0'))
+				k|=(*p-'0');
+			else if ((*p <= 'f') && (*p >= 'a'))
+				k|=(*p-'a'+10);
+			else if ((*p <= 'F') && (*p >= 'A'))
+				k|=(*p-'A'+10);
+			else
+				{
+				fputs("Bad hex key\n",stderr);
+				Exit=9;
+				goto problems;
+				}
+			p++;
+			if (i < 8)
+				kk[i]=k;
+			else
+				k2[i-8]=k;
+			}
+		des_set_key(&k2,ks2);
+		memset(k2,0,sizeof(k2));
+		}
+	else if (longk || flag3)
+		{
+		if (flag3)
+			{
+			des_string_to_2keys(key,&kk,&k2);
+			des_set_key(&k2,ks2);
+			memset(k2,0,sizeof(k2));
+			}
+		else
+			des_string_to_key(key,&kk);
+		}
+	else
+		for (i=0; i<KEYSIZ; i++)
+			{
+			l=0;
+			k=key[i];
+			for (j=0; j<8; j++)
+				{
+				if (k&1) l++;
+				k>>=1;
+				}
+			if (l & 1)
+				kk[i]=key[i]&0x7f;
+			else
+				kk[i]=key[i]|0x80;
+			}
+
+	des_set_key(&kk,ks);
+	memset(key,0,sizeof(key));
+	memset(kk,0,sizeof(kk));
+	/* woops - A bug that does not showup under unix :-( */
+	memset(iv,0,sizeof(iv));
+	memset(iv2,0,sizeof(iv2));
+
+	l=1;
+	rem=0;
+	/* first read */
+	if (eflag || (!dflag && cflag))
+		{
+		for (;;)
+			{
+			num=l=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
+			l+=rem;
+			num+=rem;
+			if (l < 0)
+				{
+				perror("read error");
+				Exit=6;
+				goto problems;
+				}
+
+			rem=l%8;
+			len=l-rem;
+			if (feof(DES_IN))
+				{
+				for (i=7-rem; i>0; i--)
+					des_rand_data(buf + l++, 1);
+				buf[l++]=rem;
+				ex=1;
+				len+=rem;
+				}
+			else
+				l-=rem;
+
+			if (cflag)
+				{
+				des_cbc_cksum(buf,&cksum,
+					(long)len,ks,&cksum);
+				if (!eflag)
+					{
+					if (feof(DES_IN)) break;
+					else continue;
+					}
+				}
+
+			if (bflag && !flag3)
+				for (i=0; i<l; i+=8)
+					des_ecb_encrypt(
+						(des_cblock *)&(buf[i]),
+						(des_cblock *)&(obuf[i]),
+						ks,do_encrypt);
+			else if (flag3 && bflag)
+				for (i=0; i<l; i+=8)
+					des_ecb2_encrypt(
+						(des_cblock *)&(buf[i]),
+						(des_cblock *)&(obuf[i]),
+						ks,ks2,do_encrypt);
+			else if (flag3 && !bflag)
+				{
+				char tmpbuf[8];
+
+				if (rem) memcpy(tmpbuf,&(buf[l]),
+					(unsigned int)rem);
+				des_3cbc_encrypt(
+					(des_cblock *)buf,(des_cblock *)obuf,
+					(long)l,ks,ks2,&iv,
+					&iv2,do_encrypt);
+				if (rem) memcpy(&(buf[l]),tmpbuf,
+					(unsigned int)rem);
+				}
+			else
+				{
+				des_cbc_encrypt(
+					buf,obuf,
+					(long)l,ks,&iv,do_encrypt);
+				if (l >= 8) memcpy(iv,&(obuf[l-8]),8);
+				}
+			if (rem) memcpy(buf,&(buf[l]),(unsigned int)rem);
+
+			i=0;
+			while (i < l)
+				{
+				if (uflag)
+					j=uufwrite(obuf,1,(unsigned int)l-i,
+						DES_OUT);
+				else
+					j=fwrite(obuf,1,(unsigned int)l-i,
+						DES_OUT);
+				if (j == -1)
+					{
+					perror("Write error");
+					Exit=7;
+					goto problems;
+					}
+				i+=j;
+				}
+			if (feof(DES_IN))
+				{
+				if (uflag) uufwriteEnd(DES_OUT);
+				break;
+				}
+			}
+		}
+	else /* decrypt */
+		{
+		ex=1;
+		for (;;)
+			{
+			if (ex) {
+				if (uflag)
+					l=uufread(buf,1,BUFSIZE,DES_IN);
+				else
+					l=fread(buf,1,BUFSIZE,DES_IN);
+				ex=0;
+				rem=l%8;
+				l-=rem;
+				}
+			if (l < 0)
+				{
+				perror("read error");
+				Exit=6;
+				goto problems;
+				}
+
+			if (bflag && !flag3)
+				for (i=0; i<l; i+=8)
+					des_ecb_encrypt(
+						(des_cblock *)&(buf[i]),
+						(des_cblock *)&(obuf[i]),
+						ks,do_encrypt);
+			else if (flag3 && bflag)
+				for (i=0; i<l; i+=8)
+					des_ecb2_encrypt(
+						(des_cblock *)&(buf[i]),
+						(des_cblock *)&(obuf[i]),
+						ks,ks2,do_encrypt);
+			else if (flag3 && !bflag)
+				{
+				des_3cbc_encrypt(
+					(des_cblock *)buf,(des_cblock *)obuf,
+					(long)l,ks,ks2,&iv,
+					&iv2,do_encrypt);
+				}
+			else
+				{
+				des_cbc_encrypt(
+					buf,obuf,
+				 	(long)l,ks,&iv,do_encrypt);
+				if (l >= 8) memcpy(iv,&(buf[l-8]),8);
+				}
+
+			if (uflag)
+				ll=uufread(&(buf[rem]),1,BUFSIZE,DES_IN);
+			else
+				ll=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
+			ll+=rem;
+			rem=ll%8;
+			ll-=rem;
+			if (feof(DES_IN) && (ll == 0))
+				{
+				last=obuf[l-1];
+
+				if ((last > 7) || (last < 0))
+					{
+					fputs("The file was not decrypted correctly.\n",
+						stderr);
+					Exit=8;
+					last=0;
+					}
+				l=l-8+last;
+				}
+			i=0;
+			if (cflag) des_cbc_cksum(obuf,
+				(des_cblock *)cksum,(long)l/8*8,ks,
+				(des_cblock *)cksum);
+			while (i != l)
+				{
+				j=fwrite(obuf,1,(unsigned int)l-i,DES_OUT);
+				if (j == -1)
+					{
+					perror("Write error");
+					Exit=7;
+					goto problems;
+					}
+				i+=j;
+				}
+			l=ll;
+			if ((l == 0) && feof(DES_IN)) break;
+			}
+		}
+	if (cflag)
+		{
+		l=0;
+		if (cksumname[0] != '\0')
+			{
+			if ((O=fopen(cksumname,"w")) != NULL)
+				{
+				CKSUM_OUT=O;
+				l=1;
+				}
+			}
+		for (i=0; i<8; i++)
+			fprintf(CKSUM_OUT,"%02X",cksum[i]);
+		fprintf(CKSUM_OUT,"\n");
+		if (l) fclose(CKSUM_OUT);
+		}
+problems:
+	memset(buf,0,sizeof(buf));
+	memset(obuf,0,sizeof(obuf));
+	memset(ks,0,sizeof(ks));
+	memset(ks2,0,sizeof(ks2));
+	memset(iv,0,sizeof(iv));
+	memset(iv2,0,sizeof(iv2));
+	memset(kk,0,sizeof(kk));
+	memset(k2,0,sizeof(k2));
+	memset(uubuf,0,sizeof(uubuf));
+	memset(b,0,sizeof(b));
+	memset(bb,0,sizeof(bb));
+	memset(cksum,0,sizeof(cksum));
+	if (Exit) EXIT(Exit);
+	}
+
+/*    We ignore this parameter but it should be > ~50 I believe    */
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp)
+	{
+	int i,j,left,rem,ret=num;
+	static int start=1;
+
+	if (start)
+		{
+		fprintf(fp,"begin 600 %s\n",
+			(uuname[0] == '\0')?"text.d":uuname);
+		start=0;
+		}
+
+	if (uubufnum)
+		{
+		if (uubufnum+num < 45)
+			{
+			memcpy(&(uubuf[uubufnum]),data,(unsigned int)num);
+			uubufnum+=num;
+			return(num);
+			}
+		else
+			{
+			i=45-uubufnum;
+			memcpy(&(uubuf[uubufnum]),data,(unsigned int)i);
+			j=uuencode((unsigned char *)uubuf,45,b);
+			fwrite(b,1,(unsigned int)j,fp);
+			uubufnum=0;
+			data+=i;
+			num-=i;
+			}
+		}
+
+	for (i=0; i<(((int)num)-INUUBUFN); i+=INUUBUFN)
+		{
+		j=uuencode(&(data[i]),INUUBUFN,b);
+		fwrite(b,1,(unsigned int)j,fp);
+		}
+	rem=(num-i)%45;
+	left=(num-i-rem);
+	if (left)
+		{
+		j=uuencode(&(data[i]),left,b);
+		fwrite(b,1,(unsigned int)j,fp);
+		i+=left;
+		}
+	if (i != num)
+		{
+		memcpy(uubuf,&(data[i]),(unsigned int)rem);
+		uubufnum=rem;
+		}
+	return(ret);
+	}
+
+void uufwriteEnd(FILE *fp)
+	{
+	int j;
+	static const char *end=" \nend\n";
+
+	if (uubufnum != 0)
+		{
+		uubuf[uubufnum]='\0';
+		uubuf[uubufnum+1]='\0';
+		uubuf[uubufnum+2]='\0';
+		j=uuencode(uubuf,uubufnum,b);
+		fwrite(b,1,(unsigned int)j,fp);
+		}
+	fwrite(end,1,strlen(end),fp);
+	}
+
+/* int size:  should always be > ~ 60; I actually ignore this parameter :-)    */
+int uufread(unsigned char *out, int size, unsigned int num, FILE *fp)
+	{
+	int i,j,tot;
+	static int done=0;
+	static int valid=0;
+	static int start=1;
+
+	if (start)
+		{
+		for (;;)
+			{
+			b[0]='\0';
+			fgets((char *)b,300,fp);
+			if (b[0] == '\0')
+				{
+				fprintf(stderr,"no 'begin' found in uuencoded input\n");
+				return(-1);
+				}
+			if (strncmp((char *)b,"begin ",6) == 0) break;
+			}
+		start=0;
+		}
+	if (done) return(0);
+	tot=0;
+	if (valid)
+		{
+		memcpy(out,bb,(unsigned int)valid);
+		tot=valid;
+		valid=0;
+		}
+	for (;;)
+		{
+		b[0]='\0';
+		fgets((char *)b,300,fp);
+		if (b[0] == '\0') break;
+		i=strlen((char *)b);
+		if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd'))
+			{
+			done=1;
+			while (!feof(fp))
+				{
+				fgets((char *)b,300,fp);
+				}
+			break;
+			}
+		i=uudecode(b,i,bb);
+		if (i < 0) break;
+		if ((i+tot+8) > num)
+			{
+			/* num to copy to make it a multiple of 8 */
+			j=(num/8*8)-tot-8;
+			memcpy(&(out[tot]),bb,(unsigned int)j);
+			tot+=j;
+			memcpy(bb,&(bb[j]),(unsigned int)i-j);
+			valid=i-j;
+			break;
+			}
+		memcpy(&(out[tot]),bb,(unsigned int)i);
+		tot+=i;
+		}
+	return(tot);
+	}
+
+#define ccc2l(c,l)      (l =((DES_LONG)(*((c)++)))<<16, \
+			 l|=((DES_LONG)(*((c)++)))<< 8, \
+		 	 l|=((DES_LONG)(*((c)++))))
+
+#define l2ccc(l,c)      (*((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                    *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                    *((c)++)=(unsigned char)(((l)    )&0xff))
+
+
+int uuencode(unsigned char *in, int num, unsigned char *out)
+	{
+	int j,i,n,tot=0;
+	DES_LONG l;
+	register unsigned char *p;
+	p=out;
+
+	for (j=0; j<num; j+=45)
+		{
+		if (j+45 > num)
+			i=(num-j);
+		else	i=45;
+		*(p++)=i+' ';
+		for (n=0; n<i; n+=3)
+			{
+			ccc2l(in,l);
+			*(p++)=((l>>18)&0x3f)+' ';
+			*(p++)=((l>>12)&0x3f)+' ';
+			*(p++)=((l>> 6)&0x3f)+' ';
+			*(p++)=((l    )&0x3f)+' ';
+			tot+=4;
+			}
+		*(p++)='\n';
+		tot+=2;
+		}
+	*p='\0';
+	l=0;
+	return(tot);
+	}
+
+int uudecode(unsigned char *in, int num, unsigned char *out)
+	{
+	int j,i,k;
+	unsigned int n=0,space=0;
+	DES_LONG l;
+	DES_LONG w,x,y,z;
+	unsigned int blank=(unsigned int)'\n'-' ';
+
+	for (j=0; j<num; )
+		{
+		n= *(in++)-' ';
+		if (n == blank)
+			{
+			n=0;
+			in--;
+			}
+		if (n > 60)
+			{
+			fprintf(stderr,"uuencoded line length too long\n");
+			return(-1);
+			}
+		j++;
+
+		for (i=0; i<n; j+=4,i+=3)
+			{
+			/* the following is for cases where spaces are
+			 * removed from lines.
+			 */
+			if (space)
+				{
+				w=x=y=z=0;
+				}
+			else
+				{
+				w= *(in++)-' ';
+				x= *(in++)-' ';
+				y= *(in++)-' ';
+				z= *(in++)-' ';
+				}
+			if ((w > 63) || (x > 63) || (y > 63) || (z > 63))
+				{
+				k=0;
+				if (w == blank) k=1;
+				if (x == blank) k=2;
+				if (y == blank) k=3;
+				if (z == blank) k=4;
+				space=1;
+				switch (k) {
+				case 1:	w=0; in--;
+				case 2: x=0; in--;
+				case 3: y=0; in--;
+				case 4: z=0; in--;
+					break;
+				case 0:
+					space=0;
+					fprintf(stderr,"bad uuencoded data values\n");
+					w=x=y=z=0;
+					return(-1);
+					break;
+					}
+				}
+			l=(w<<18)|(x<<12)|(y<< 6)|(z    );
+			l2ccc(l,out);
+			}
+		if (*(in++) != '\n')
+			{
+			fprintf(stderr,"missing nl in uuencoded line\n");
+			w=x=y=z=0;
+			return(-1);
+			}
+		j++;
+		}
+	*out='\0';
+	w=x=y=z=0;
+	return(n);
+	}
diff --git a/crypto/libdes/des.def b/crypto/libdes/des.def
new file mode 100644
index 0000000..24b1de2
--- /dev/null
+++ b/crypto/libdes/des.def
@@ -0,0 +1,37 @@
+LIBRARY	des BASE=0x06000000
+EXPORTS
+	des_ecb3_encrypt
+	des_cbc_cksum
+	des_cbc_encrypt
+	des_ncbc_encrypt
+	des_3cbc_encrypt
+	des_cfb_encrypt
+	des_ede3_cfb64_encrypt
+	des_ede3_ofb64_encrypt
+	des_ecb_encrypt
+	des_encrypt
+	des_encrypt2
+	des_ede3_cbc_encrypt
+	des_enc_read
+	des_enc_write
+	crypt
+	des_ofb_encrypt
+	des_pcbc_encrypt
+	des_quad_cksum
+	des_read_password
+	des_read_2passwords
+	des_read_pw_string
+	des_set_odd_parity
+	des_is_weak_key
+	des_set_key
+	des_key_sched
+	des_string_to_key
+	des_string_to_2keys
+	des_cfb64_encrypt
+	des_ofb64_encrypt
+	des_cblock_print_file
+	des_new_random_key
+	des_init_random_number_generator
+	des_set_random_generator_seed
+	des_set_sequence_number
+	des_generate_random_block
diff --git a/crypto/libdes/des.doc b/crypto/libdes/des.doc
new file mode 100644
index 0000000..1e30158
--- /dev/null
+++ b/crypto/libdes/des.doc
@@ -0,0 +1,505 @@
+The DES library.
+
+Please note that this library was originally written to operate with
+eBones, a version of Kerberos that had had encryption removed when it left
+the USA and then put back in.  As such there are some routines that I will
+advise not using but they are still in the library for historical reasons.
+For all calls that have an 'input' and 'output' variables, they can be the
+same.
+
+This library requires the inclusion of 'des.h'.
+
+All of the encryption functions take what is called a des_key_schedule as an 
+argument.  A des_key_schedule is an expanded form of the des key.
+A des_key is 8 bytes of odd parity, the type used to hold the key is a
+des_cblock.  A des_cblock is an array of 8 bytes, often in this library
+description I will refer to input bytes when the function specifies
+des_cblock's as input or output, this just means that the variable should
+be a multiple of 8 bytes.
+
+The define DES_ENCRYPT is passed to specify encryption, DES_DECRYPT to
+specify decryption.  The functions and global variable are as follows:
+
+int des_check_key;
+	DES keys are supposed to be odd parity.  If this variable is set to
+	a non-zero value, des_set_key() will check that the key has odd
+	parity and is not one of the known weak DES keys.  By default this
+	variable is turned off;
+	
+void des_set_odd_parity(
+des_cblock *key );
+	This function takes a DES key (8 bytes) and sets the parity to odd.
+	
+int des_is_weak_key(
+des_cblock *key );
+	This function returns a non-zero value if the DES key passed is a
+	weak, DES key.  If it is a weak key, don't use it, try a different
+	one.  If you are using 'random' keys, the chances of hitting a weak
+	key are 1/2^52 so it is probably not worth checking for them.
+	
+int des_set_key(
+des_cblock *key,
+des_key_schedule schedule);
+	Des_set_key converts an 8 byte DES key into a des_key_schedule.
+	A des_key_schedule is an expanded form of the key which is used to
+	perform actual encryption.  It can be regenerated from the DES key
+	so it only needs to be kept when encryption or decryption is about
+	to occur.  Don't save or pass around des_key_schedule's since they
+	are CPU architecture dependent, DES keys are not.  If des_check_key
+	is non zero, zero is returned if the key has the wrong parity or
+	the key is a weak key, else 1 is returned.
+	
+int des_key_sched(
+des_cblock *key,
+des_key_schedule schedule);
+	An alternative name for des_set_key().
+
+int des_rw_mode;		/* defaults to DES_PCBC_MODE */
+	This flag holds either DES_CBC_MODE or DES_PCBC_MODE (default).
+	This specifies the function to use in the enc_read() and enc_write()
+	functions.
+
+void des_encrypt(
+unsigned long *data,
+des_key_schedule ks,
+int enc);
+	This is the DES encryption function that gets called by just about
+	every other DES routine in the library.  You should not use this
+	function except to implement 'modes' of DES.  I say this because the
+	functions that call this routine do the conversion from 'char *' to
+	long, and this needs to be done to make sure 'non-aligned' memory
+	access do not occur.  The characters are loaded 'little endian',
+	have a look at my source code for more details on how I use this
+	function.
+	Data is a pointer to 2 unsigned long's and ks is the
+	des_key_schedule to use.  enc, is non zero specifies encryption,
+	zero if decryption.
+
+void des_encrypt2(
+unsigned long *data,
+des_key_schedule ks,
+int enc);
+	This functions is the same as des_encrypt() except that the DES
+	initial permutation (IP) and final permutation (FP) have been left
+	out.  As for des_encrypt(), you should not use this function.
+	It is used by the routines in my library that implement triple DES.
+	IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
+	as des_encrypt() des_encrypt() des_encrypt() except faster :-).
+
+void des_ecb_encrypt(
+des_cblock *input,
+des_cblock *output,
+des_key_schedule ks,
+int enc);
+	This is the basic Electronic Code Book form of DES, the most basic
+	form.  Input is encrypted into output using the key represented by
+	ks.  If enc is non zero (DES_ENCRYPT), encryption occurs, otherwise
+	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
+	(the des_cblock structure is 8 chars).
+	
+void des_ecb3_encrypt(
+des_cblock *input,
+des_cblock *output,
+des_key_schedule ks1,
+des_key_schedule ks2,
+des_key_schedule ks3,
+int enc);
+	This is the 3 key EDE mode of ECB DES.  What this means is that 
+	the 8 bytes of input is encrypted with ks1, decrypted with ks2 and
+	then encrypted again with ks3, before being put into output;
+	C=E(ks3,D(ks2,E(ks1,M))).  There is a macro, des_ecb2_encrypt()
+	that only takes 2 des_key_schedules that implements,
+	C=E(ks1,D(ks2,E(ks1,M))) in that the final encrypt is done with ks1.
+	
+void des_cbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int enc);
+	This routine implements DES in Cipher Block Chaining mode.
+	Input, which should be a multiple of 8 bytes is encrypted
+	(or decrypted) to output which will also be a multiple of 8 bytes.
+	The number of bytes is in length (and from what I've said above,
+	should be a multiple of 8).  If length is not a multiple of 8, I'm
+	not being held responsible :-).  ivec is the initialisation vector.
+	This function does not modify this variable.  To correctly implement
+	cbc mode, you need to do one of 2 things; copy the last 8 bytes of
+	cipher text for use as the next ivec in your application,
+	or use des_ncbc_encrypt(). 
+	Only this routine has this problem with updating the ivec, all
+	other routines that are implementing cbc mode update ivec.
+	
+void des_ncbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule sk,
+des_cblock *ivec,
+int enc);
+	For historical reasons, des_cbc_encrypt() did not update the
+	ivec with the value requires so that subsequent calls to
+	des_cbc_encrypt() would 'chain'.  This was needed so that the same
+	'length' values would not need to be used when decrypting.
+	des_ncbc_encrypt() does the right thing.  It is the same as
+	des_cbc_encrypt accept that ivec is updates with the correct value
+	to pass in subsequent calls to des_ncbc_encrypt().  I advise using
+	des_ncbc_encrypt() instead of des_cbc_encrypt();
+
+void des_xcbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule sk,
+des_cblock *ivec,
+des_cblock *inw,
+des_cblock *outw,
+int enc);
+	This is RSA's DESX mode of DES.  It uses inw and outw to
+	'whiten' the encryption.  inw and outw are secret (unlike the iv)
+	and are as such, part of the key.  So the key is sort of 24 bytes.
+	This is much better than cbc des.
+	
+void des_3cbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule sk1,
+des_key_schedule sk2,
+des_cblock *ivec1,
+des_cblock *ivec2,
+int enc);
+	This function is flawed, do not use it.  I have left it in the
+	library because it is used in my des(1) program and will function
+	correctly when used by des(1).  If I removed the function, people
+	could end up unable to decrypt files.
+	This routine implements outer triple cbc encryption using 2 ks and
+	2 ivec's.  Use des_ede2_cbc_encrypt() instead.
+	
+void des_ede3_cbc_encrypt(
+des_cblock *input,
+des_cblock *output, 
+long length,
+des_key_schedule ks1,
+des_key_schedule ks2, 
+des_key_schedule ks3, 
+des_cblock *ivec,
+int enc);
+	This function implements inner triple CBC DES encryption with 3
+	keys.  What this means is that each 'DES' operation
+	inside the cbc mode is really an C=E(ks3,D(ks2,E(ks1,M))).
+	Again, this is cbc mode so an ivec is requires.
+	This mode is used by SSL.
+	There is also a des_ede2_cbc_encrypt() that only uses 2
+	des_key_schedule's, the first being reused for the final
+	encryption.  C=E(ks1,D(ks2,E(ks1,M))).  This form of triple DES
+	is used by the RSAref library.
+	
+void des_pcbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int enc);
+	This is Propagating Cipher Block Chaining mode of DES.  It is used
+	by Kerberos v4.  It's parameters are the same as des_ncbc_encrypt().
+	
+void des_cfb_encrypt(
+unsigned char *in,
+unsigned char *out,
+int numbits,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int enc);
+	Cipher Feedback Back mode of DES.  This implementation 'feeds back'
+	in numbit blocks.  The input (and output) is in multiples of numbits
+	bits.  numbits should to be a multiple of 8 bits.  Length is the
+	number of bytes input.  If numbits is not a multiple of 8 bits,
+	the extra bits in the bytes will be considered padding.  So if
+	numbits is 12, for each 2 input bytes, the 4 high bits of the
+	second byte will be ignored.  So to encode 72 bits when using
+	a numbits of 12 take 12 bytes.  To encode 72 bits when using
+	numbits of 9 will take 16 bytes.  To encode 80 bits when using
+	numbits of 16 will take 10 bytes. etc, etc.  This padding will
+	apply to both input and output.
+
+	
+void des_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int *num,
+int enc);
+	This is one of the more useful functions in this DES library, it
+	implements CFB mode of DES with 64bit feedback.  Why is this
+	useful you ask?  Because this routine will allow you to encrypt an
+	arbitrary number of bytes, no 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  num contains 'how far' we are though ivec.  If this does
+	not make much sense, read more about cfb mode of DES :-).
+	
+void des_ede3_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks1,
+des_key_schedule ks2,
+des_key_schedule ks3,
+des_cblock *ivec,
+int *num,
+int enc);
+	Same as des_cfb64_encrypt() accept that the DES operation is
+	triple DES.  As usual, there is a macro for
+	des_ede2_cfb64_encrypt() which reuses ks1.
+
+void des_ofb_encrypt(
+unsigned char *in,
+unsigned char *out,
+int numbits,
+long length,
+des_key_schedule ks,
+des_cblock *ivec);
+	This is a implementation of Output Feed Back mode of DES.  It is
+	the same as des_cfb_encrypt() in that numbits is the size of the
+	units dealt with during input and output (in bits).
+	
+void des_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int *num);
+	The same as des_cfb64_encrypt() except that it is Output Feed Back
+	mode.
+
+void des_ede3_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks1,
+des_key_schedule ks2,
+des_key_schedule ks3,
+des_cblock *ivec,
+int *num);
+	Same as des_ofb64_encrypt() accept that the DES operation is
+	triple DES.  As usual, there is a macro for
+	des_ede2_ofb64_encrypt() which reuses ks1.
+
+int des_read_pw_string(
+char *buf,
+int length,
+char *prompt,
+int verify);
+	This routine is used to get a password from the terminal with echo
+	turned off.  Buf is where the string will end up and length is the
+	size of buf.  Prompt is a string presented to the 'user' and if
+	verify is set, the key is asked for twice and unless the 2 copies
+	match, an error is returned.  A return code of -1 indicates a
+	system error, 1 failure due to use interaction, and 0 is success.
+
+unsigned long des_cbc_cksum(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule ks,
+des_cblock *ivec);
+	This function produces an 8 byte checksum from input that it puts in
+	output and returns the last 4 bytes as a long.  The checksum is
+	generated via cbc mode of DES in which only the last 8 byes are
+	kept.  I would recommend not using this function but instead using
+	the EVP_Digest routines, or at least using MD5 or SHA.  This
+	function is used by Kerberos v4 so that is why it stays in the
+	library.
+	
+char *des_fcrypt(
+const char *buf,
+const char *salt
+char *ret);
+	This is my fast version of the unix crypt(3) function.  This version
+	takes only a small amount of space relative to other fast
+	crypt() implementations.  This is different to the normal crypt
+	in that the third parameter is the buffer that the return value
+	is written into.  It needs to be at least 14 bytes long.  This
+	function is thread safe, unlike the normal crypt.
+
+char *crypt(
+const char *buf,
+const char *salt);
+	This function calls des_fcrypt() with a static array passed as the
+	third parameter.  This emulates the normal non-thread safe semantics
+	of crypt(3).
+
+void des_string_to_key(
+char *str,
+des_cblock *key);
+	This function takes str and converts it into a DES key.  I would
+	recommend using MD5 instead and use the first 8 bytes of output.
+	When I wrote the first version of these routines back in 1990, MD5
+	did not exist but I feel these routines are still sound.  This
+	routines is compatible with the one in MIT's libdes.
+	
+void des_string_to_2keys(
+char *str,
+des_cblock *key1,
+des_cblock *key2);
+	This function takes str and converts it into 2 DES keys.
+	I would recommend using MD5 and using the 16 bytes as the 2 keys.
+	I have nothing against these 2 'string_to_key' routines, it's just
+	that if you say that your encryption key is generated by using the
+	16 bytes of an MD5 hash, every-one knows how you generated your
+	keys.
+
+int des_read_password(
+des_cblock *key,
+char *prompt,
+int verify);
+	This routine combines des_read_pw_string() with des_string_to_key().
+
+int des_read_2passwords(
+des_cblock *key1,
+des_cblock *key2,
+char *prompt,
+int verify);
+	This routine combines des_read_pw_string() with des_string_to_2key().
+
+void des_random_seed(
+des_cblock key);
+	This routine sets a starting point for des_random_key().
+	
+void des_random_key(
+des_cblock ret);
+	This function return a random key.  Make sure to 'seed' the random
+	number generator (with des_random_seed()) before using this function.
+	I personally now use a MD5 based random number system.
+
+int des_enc_read(
+int fd,
+char *buf,
+int len,
+des_key_schedule ks,
+des_cblock *iv);
+	This function will write to a file descriptor the encrypted data
+	from buf.  This data will be preceded by a 4 byte 'byte count' and
+	will be padded out to 8 bytes.  The encryption is either CBC of
+	PCBC depending on the value of des_rw_mode.  If it is DES_PCBC_MODE,
+	pcbc is used, if DES_CBC_MODE, cbc is used.  The default is to use
+	DES_PCBC_MODE.
+
+int des_enc_write(
+int fd,
+char *buf,
+int len,
+des_key_schedule ks,
+des_cblock *iv);
+	This routines read stuff written by des_enc_read() and decrypts it.
+	I have used these routines quite a lot but I don't believe they are
+	suitable for non-blocking io.  If you are after a full
+	authentication/encryption over networks, have a look at SSL instead.
+
+unsigned long des_quad_cksum(
+des_cblock *input,
+des_cblock *output,
+long length,
+int out_count,
+des_cblock *seed);
+	This is a function from Kerberos v4 that is not anything to do with
+	DES but was needed.  It is a cksum that is quicker to generate than
+	des_cbc_cksum();  I personally would use MD5 routines now.
+=====
+Modes of DES
+Quite a bit of the following information has been taken from
+	AS 2805.5.2
+	Australian Standard
+	Electronic funds transfer - Requirements for interfaces,
+	Part 5.2: Modes of operation for an n-bit block cipher algorithm
+	Appendix A
+
+There are several different modes in which DES can be used, they are
+as follows.
+
+Electronic Codebook Mode (ECB) (des_ecb_encrypt())
+- 64 bits are enciphered at a time.
+- The order of the blocks can be rearranged without detection.
+- The same plaintext block always produces the same ciphertext block
+  (for the same key) making it vulnerable to a 'dictionary attack'.
+- An error will only affect one ciphertext block.
+
+Cipher Block Chaining Mode (CBC) (des_cbc_encrypt())
+- a multiple of 64 bits are enciphered at a time.
+- The CBC mode produces the same ciphertext whenever the same
+  plaintext is encrypted using the same key and starting variable.
+- The chaining operation makes the ciphertext blocks dependent on the
+  current and all preceding plaintext blocks and therefore blocks can not
+  be rearranged.
+- The use of different starting variables prevents the same plaintext
+  enciphering to the same ciphertext.
+- An error will affect the current and the following ciphertext blocks.
+
+Cipher Feedback Mode (CFB) (des_cfb_encrypt())
+- a number of bits (j) <= 64 are enciphered at a time.
+- The CFB mode produces the same ciphertext whenever the same
+  plaintext is encrypted using the same key and starting variable.
+- The chaining operation makes the ciphertext variables dependent on the
+  current and all preceding variables and therefore j-bit variables are
+  chained together and can not be rearranged.
+- The use of different starting variables prevents the same plaintext
+  enciphering to the same ciphertext.
+- The strength of the CFB mode depends on the size of k (maximal if
+  j == k).  In my implementation this is always the case.
+- Selection of a small value for j will require more cycles through
+  the encipherment algorithm per unit of plaintext and thus cause
+  greater processing overheads.
+- Only multiples of j bits can be enciphered.
+- An error will affect the current and the following ciphertext variables.
+
+Output Feedback Mode (OFB) (des_ofb_encrypt())
+- a number of bits (j) <= 64 are enciphered at a time.
+- The OFB mode produces the same ciphertext whenever the same
+  plaintext enciphered using the same key and starting variable.  More
+  over, in the OFB mode the same key stream is produced when the same
+  key and start variable are used.  Consequently, for security reasons
+  a specific start variable should be used only once for a given key.
+- The absence of chaining makes the OFB more vulnerable to specific attacks.
+- The use of different start variables values prevents the same
+  plaintext enciphering to the same ciphertext, by producing different
+  key streams.
+- Selection of a small value for j will require more cycles through
+  the encipherment algorithm per unit of plaintext and thus cause
+  greater processing overheads.
+- Only multiples of j bits can be enciphered.
+- OFB mode of operation does not extend ciphertext errors in the
+  resultant plaintext output.  Every bit error in the ciphertext causes
+  only one bit to be in error in the deciphered plaintext.
+- OFB mode is not self-synchronising.  If the two operation of
+  encipherment and decipherment get out of synchronism, the system needs
+  to be re-initialised.
+- Each re-initialisation should use a value of the start variable
+ different from the start variable values used before with the same
+ key.  The reason for this is that an identical bit stream would be
+ produced each time from the same parameters.  This would be
+ susceptible to a ' known plaintext' attack.
+
+Triple ECB Mode (des_ecb3_encrypt())
+- Encrypt with key1, decrypt with key2 and encrypt with key3 again.
+- As for ECB encryption but increases the key length to 168 bits.
+  There are theoretic attacks that can be used that make the effective
+  key length 112 bits, but this attack also requires 2^56 blocks of
+  memory, not very likely, even for the NSA.
+- If both keys are the same it is equivalent to encrypting once with
+  just one key.
+- If the first and last key are the same, the key length is 112 bits.
+  There are attacks that could reduce the key space to 55 bit's but it
+  requires 2^56 blocks of memory.
+- If all 3 keys are the same, this is effectively the same as normal
+  ecb mode.
+
+Triple CBC Mode (des_ede3_cbc_encrypt())
+- Encrypt with key1, decrypt with key2 and then encrypt with key3.
+- As for CBC encryption but increases the key length to 168 bits with
+  the same restrictions as for triple ecb mode.
diff --git a/crypto/libdes/des.dsp b/crypto/libdes/des.dsp
new file mode 100644
index 0000000..628742b
--- /dev/null
+++ b/crypto/libdes/des.dsp
@@ -0,0 +1,258 @@
+# Microsoft Developer Studio Project File - Name="des" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 5.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=des - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE 
+!MESSAGE NMAKE /f "des.mak".
+!MESSAGE 
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "des.mak" CFG="des - Win32 Release"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "des - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "des - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE 
+
+# Begin Project
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "des - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir ".\Release"
+# PROP BASE Intermediate_Dir ".\Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir ".\Release"
+# PROP Intermediate_Dir ".\Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c
+# ADD CPP /nologo /MT /W3 /GX /O2 /I "..\roken" /I "." /I "..\..\include" /I "..\..\include\win32" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386
+# ADD LINK32 ..\roken\Release\roken.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll /machine:I386
+
+!ELSEIF  "$(CFG)" == "des - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir ".\Debug"
+# PROP BASE Intermediate_Dir ".\Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir ".\Debug"
+# PROP Intermediate_Dir ".\Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /Zi /Od /I "..\roken" /I "." /I "..\..\include" /I "..\..\include\win32" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386
+# ADD LINK32 ..\roken\Debug\roken.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll /debug /machine:I386
+
+!ENDIF 
+
+# Begin Target
+
+# Name "des - Win32 Release"
+# Name "des - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;hpj;bat;for;f90"
+# Begin Source File
+
+SOURCE=.\cbc3_enc.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\cbc_cksm.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\cbc_enc.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\cfb64ede.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\cfb64enc.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\cfb_enc.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\des.def
+# End Source File
+# Begin Source File
+
+SOURCE=.\des_enc.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\dllmain.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\ecb3_enc.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\ecb_enc.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\ede_enc.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\enc_read.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\enc_writ.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\fcrypt.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\key_par.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\ncbc_enc.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\ofb64ede.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\ofb64enc.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\ofb_enc.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\passwd_dlg.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\pcbc_enc.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\qud_cksm.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\read_pwd.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\rnd_keys.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\rpc_enc.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\set_key.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\str2key.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\supp.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl;fi;fd"
+# Begin Source File
+
+SOURCE=.\des.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\des_locl.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\des_ver.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\md5.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\passwd_dlg.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\podd.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\rpc_des.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\sk.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\spr.h
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;cnt;rtf;gif;jpg;jpeg;jpe"
+# Begin Source File
+
+SOURCE=.\passwd_dialog.rc
+# End Source File
+# End Group
+# End Target
+# End Project
diff --git a/crypto/libdes/des.h b/crypto/libdes/des.h
new file mode 100644
index 0000000..4f451dc
--- /dev/null
+++ b/crypto/libdes/des.h
@@ -0,0 +1,265 @@
+/* crypto/des/des.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+#ifndef HEADER_DES_H
+#define HEADER_DES_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef NO_DES
+#error DES is disabled.
+#endif
+
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#if defined(__alpha) || defined(__sparcv9)
+#define DES_LONG unsigned int
+#else /* Not a 64 bit machine */
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#include <stdio.h>
+
+typedef unsigned char des_cblock[8];
+typedef /* const */ unsigned char const_des_cblock[8];
+/* With "const", gcc 2.8.1 on Solaris thinks that des_cblock *
+ * and const_des_cblock * are incompatible pointer types.
+ * I haven't seen that warning on other systems ... I'll look
+ * what the standard says. */
+
+
+typedef struct des_ks_struct
+	{
+	union	{
+		des_cblock cblock;
+		/* make sure things are correct size on machines with
+		 * 8 byte longs */
+		DES_LONG deslong[2];
+		} ks;
+	int weak_key;
+	} des_key_schedule[16];
+
+#define DES_KEY_SZ 	(sizeof(des_cblock))
+#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
+
+#define DES_ENCRYPT	1
+#define DES_DECRYPT	0
+
+#define DES_CBC_MODE	0
+#define DES_PCBC_MODE	1
+
+#define des_ecb2_encrypt(i,o,k1,k2,e) \
+	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+extern int des_check_key;	/* defaults to false */
+extern int des_rw_mode;		/* defaults to DES_PCBC_MODE */
+extern int des_set_weak_key_flag; /* set the weak key flag */
+
+#define C_Block des_cblock
+#define Key_schedule des_key_schedule
+#ifdef KERBEROS
+#define ENCRYPT DES_ENCRYPT
+#define DECRYPT DES_DECRYPT
+#endif
+
+const char *des_options(void);
+void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output,
+		      des_key_schedule ks1,des_key_schedule ks2,
+		      des_key_schedule ks3, int enc);
+DES_LONG des_cbc_cksum(const unsigned char *input,des_cblock *output,
+		       long length,des_key_schedule schedule,
+		       const_des_cblock *ivec);
+/* des_cbc_encrypt does not update the IV!  Use des_ncbc_encrypt instead. */
+void des_cbc_encrypt(const unsigned char *input,unsigned char *output,
+		     long length,des_key_schedule schedule,des_cblock *ivec,
+		     int enc);
+void des_ncbc_encrypt(const unsigned char *input,unsigned char *output,
+		      long length,des_key_schedule schedule,des_cblock *ivec,
+		      int enc);
+void des_xcbc_encrypt(const unsigned char *input,unsigned char *output,
+		      long length,des_key_schedule schedule,des_cblock *ivec,
+		      const_des_cblock *inw,const_des_cblock *outw,int enc);
+void des_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
+		     long length,des_key_schedule schedule,des_cblock *ivec,
+		     int enc);
+void des_ecb_encrypt(const_des_cblock *input,des_cblock *output,
+		     des_key_schedule ks,int enc);
+void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3);
+void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3);
+void des_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, 
+			  long length,
+			  des_key_schedule ks1,des_key_schedule ks2,
+			  des_key_schedule ks3,des_cblock *ivec,int enc);
+void des_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
+			   long length,
+			   des_key_schedule ks1,des_key_schedule ks2,
+			   des_key_schedule ks3,
+			   des_cblock *ivec1,des_cblock *ivec2,
+			   int enc);
+void des_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
+			    long length,des_key_schedule ks1,
+			    des_key_schedule ks2,des_key_schedule ks3,
+			    des_cblock *ivec,int *num,int enc);
+void des_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
+			    long length,des_key_schedule ks1,
+			    des_key_schedule ks2,des_key_schedule ks3,
+			    des_cblock *ivec,int *num);
+
+void des_xwhite_in2out(const_des_cblock *des_key,const_des_cblock *in_white,
+		       des_cblock *out_white);
+
+int des_enc_read(int fd,void *buf,int len,des_key_schedule sched,
+		 des_cblock *iv);
+int des_enc_write(int fd,const void *buf,int len,des_key_schedule sched,
+		  des_cblock *iv);
+char *des_fcrypt(const char *buf,const char *salt, char *ret);
+char *des_crypt(const char *buf,const char *salt);
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
+char *crypt(const char *buf,const char *salt);
+#endif
+void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
+		     long length,des_key_schedule schedule,des_cblock *ivec);
+void des_pcbc_encrypt(const unsigned char *input,unsigned char *output,
+		      long length,des_key_schedule schedule,des_cblock *ivec,
+		      int enc);
+DES_LONG des_quad_cksum(const unsigned char *input,des_cblock output[],
+			long length,int out_count,des_cblock *seed);
+void des_random_seed(des_cblock *key);
+void des_random_key(des_cblock *ret);
+void des_init_random_number_generator(des_cblock *seed);
+void des_rand_data(unsigned char *data, int size);
+int des_read_password(des_cblock *key,const char *prompt,int verify);
+int des_read_2passwords(des_cblock *key1,des_cblock *key2,
+			const char *prompt,int verify);
+int des_read_pw_string(char *buf,int length,const char *prompt,int verify);
+void des_set_odd_parity(des_cblock *key);
+int des_is_weak_key(const_des_cblock *key);
+int des_set_key(const_des_cblock *key,des_key_schedule schedule);
+int des_key_sched(const_des_cblock *key,des_key_schedule schedule);
+void des_string_to_key(const char *str,des_cblock *key);
+void des_string_to_2keys(const char *str,des_cblock *key1,des_cblock *key2);
+void des_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+		       des_key_schedule schedule,des_cblock *ivec,int *num,
+		       int enc);
+void des_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+		       des_key_schedule schedule,des_cblock *ivec,int *num);
+int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
+
+/* Extra functions from Mark Murray <mark@grondar.za> */
+int des_new_random_key(des_cblock *key);
+void des_cblock_print_file(const_des_cblock *cb, FILE *fp);
+
+/* The following definitions provide compatibility with the MIT Kerberos
+ * library. The des_key_schedule structure is not binary compatible. */
+
+#define _KERBEROS_DES_H
+
+#define KRBDES_ENCRYPT DES_ENCRYPT
+#define KRBDES_DECRYPT DES_DECRYPT
+
+#ifdef KERBEROS
+#  define ENCRYPT DES_ENCRYPT
+#  define DECRYPT DES_DECRYPT
+#endif
+
+#ifndef NCOMPAT
+#  define C_Block des_cblock
+#  define Key_schedule des_key_schedule
+#  define KEY_SZ DES_KEY_SZ
+#  define string_to_key des_string_to_key
+#  define read_pw_string des_read_pw_string
+#  define random_key des_random_key
+#  define pcbc_encrypt des_pcbc_encrypt
+#  define set_key des_set_key
+#  define key_sched des_key_sched
+#  define ecb_encrypt des_ecb_encrypt
+#  define cbc_encrypt des_cbc_encrypt
+#  define ncbc_encrypt des_ncbc_encrypt
+#  define xcbc_encrypt des_xcbc_encrypt
+#  define cbc_cksum des_cbc_cksum
+#  define quad_cksum des_quad_cksum
+#endif
+
+typedef des_key_schedule bit_64;
+#define des_fixup_key_parity des_set_odd_parity
+#define des_check_key_parity check_parity
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/libdes/des.mak b/crypto/libdes/des.mak
new file mode 100644
index 0000000..c200527
--- /dev/null
+++ b/crypto/libdes/des.mak
@@ -0,0 +1,659 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on des.dsp
+!IF "$(CFG)" == ""
+CFG=des - Win32 Release
+!MESSAGE No configuration specified. Defaulting to des - Win32 Release.
+!ENDIF 
+
+!IF "$(CFG)" != "des - Win32 Release" && "$(CFG)" != "des - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line.  For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "des.mak" CFG="des - Win32 Release"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "des - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "des - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE 
+!ERROR An invalid configuration is specified.
+!ENDIF 
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE 
+NULL=nul
+!ENDIF 
+
+!IF  "$(CFG)" == "des - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+# Begin Custom Macros
+OutDir=.\.\Release
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0" 
+
+ALL : "$(OUTDIR)\des.dll"
+
+!ELSE 
+
+ALL : "roken - Win32 Release" "$(OUTDIR)\des.dll"
+
+!ENDIF 
+
+!IF "$(RECURSE)" == "1" 
+CLEAN :"roken - Win32 ReleaseCLEAN" 
+!ELSE 
+CLEAN : 
+!ENDIF 
+	-@erase "$(INTDIR)\cbc3_enc.obj"
+	-@erase "$(INTDIR)\cbc_cksm.obj"
+	-@erase "$(INTDIR)\cbc_enc.obj"
+	-@erase "$(INTDIR)\cfb64ede.obj"
+	-@erase "$(INTDIR)\cfb64enc.obj"
+	-@erase "$(INTDIR)\cfb_enc.obj"
+	-@erase "$(INTDIR)\des_enc.obj"
+	-@erase "$(INTDIR)\dllmain.obj"
+	-@erase "$(INTDIR)\ecb3_enc.obj"
+	-@erase "$(INTDIR)\ecb_enc.obj"
+	-@erase "$(INTDIR)\ede_enc.obj"
+	-@erase "$(INTDIR)\enc_read.obj"
+	-@erase "$(INTDIR)\enc_writ.obj"
+	-@erase "$(INTDIR)\fcrypt.obj"
+	-@erase "$(INTDIR)\key_par.obj"
+	-@erase "$(INTDIR)\ncbc_enc.obj"
+	-@erase "$(INTDIR)\ofb64ede.obj"
+	-@erase "$(INTDIR)\ofb64enc.obj"
+	-@erase "$(INTDIR)\ofb_enc.obj"
+	-@erase "$(INTDIR)\passwd_dialog.res"
+	-@erase "$(INTDIR)\passwd_dlg.obj"
+	-@erase "$(INTDIR)\pcbc_enc.obj"
+	-@erase "$(INTDIR)\qud_cksm.obj"
+	-@erase "$(INTDIR)\read_pwd.obj"
+	-@erase "$(INTDIR)\rnd_keys.obj"
+	-@erase "$(INTDIR)\rpc_enc.obj"
+	-@erase "$(INTDIR)\set_key.obj"
+	-@erase "$(INTDIR)\str2key.obj"
+	-@erase "$(INTDIR)\supp.obj"
+	-@erase "$(INTDIR)\vc50.idb"
+	-@erase "$(OUTDIR)\des.dll"
+	-@erase "$(OUTDIR)\des.exp"
+	-@erase "$(OUTDIR)\des.lib"
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "..\roken" /I "." /I "..\..\include" /I\
+ "..\..\include\win32" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "HAVE_CONFIG_H"\
+ /Fp"$(INTDIR)\des.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_OBJS=.\Release/
+CPP_SBRS=.
+
+.c{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+MTL=midl.exe
+MTL_PROJ=/nologo /D "NDEBUG" /mktyplib203 /win32 
+RSC=rc.exe
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\passwd_dialog.res" /d "NDEBUG" 
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\des.bsc" 
+BSC32_SBRS= \
+	
+LINK32=link.exe
+LINK32_FLAGS=..\roken\Release\roken.lib kernel32.lib user32.lib gdi32.lib\
+ winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib\
+ uuid.lib /nologo /subsystem:windows /dll /incremental:no\
+ /pdb:"$(OUTDIR)\des.pdb" /machine:I386 /def:".\des.def"\
+ /out:"$(OUTDIR)\des.dll" /implib:"$(OUTDIR)\des.lib" 
+DEF_FILE= \
+	".\des.def"
+LINK32_OBJS= \
+	"$(INTDIR)\cbc3_enc.obj" \
+	"$(INTDIR)\cbc_cksm.obj" \
+	"$(INTDIR)\cbc_enc.obj" \
+	"$(INTDIR)\cfb64ede.obj" \
+	"$(INTDIR)\cfb64enc.obj" \
+	"$(INTDIR)\cfb_enc.obj" \
+	"$(INTDIR)\des_enc.obj" \
+	"$(INTDIR)\dllmain.obj" \
+	"$(INTDIR)\ecb3_enc.obj" \
+	"$(INTDIR)\ecb_enc.obj" \
+	"$(INTDIR)\ede_enc.obj" \
+	"$(INTDIR)\enc_read.obj" \
+	"$(INTDIR)\enc_writ.obj" \
+	"$(INTDIR)\fcrypt.obj" \
+	"$(INTDIR)\key_par.obj" \
+	"$(INTDIR)\ncbc_enc.obj" \
+	"$(INTDIR)\ofb64ede.obj" \
+	"$(INTDIR)\ofb64enc.obj" \
+	"$(INTDIR)\ofb_enc.obj" \
+	"$(INTDIR)\passwd_dialog.res" \
+	"$(INTDIR)\passwd_dlg.obj" \
+	"$(INTDIR)\pcbc_enc.obj" \
+	"$(INTDIR)\qud_cksm.obj" \
+	"$(INTDIR)\read_pwd.obj" \
+	"$(INTDIR)\rnd_keys.obj" \
+	"$(INTDIR)\rpc_enc.obj" \
+	"$(INTDIR)\set_key.obj" \
+	"$(INTDIR)\str2key.obj" \
+	"$(INTDIR)\supp.obj" \
+	"..\roken\Release\roken.lib"
+
+"$(OUTDIR)\des.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+
+!ELSEIF  "$(CFG)" == "des - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\.\Debug
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0" 
+
+ALL : "$(OUTDIR)\des.dll"
+
+!ELSE 
+
+ALL : "roken - Win32 Debug" "$(OUTDIR)\des.dll"
+
+!ENDIF 
+
+!IF "$(RECURSE)" == "1" 
+CLEAN :"roken - Win32 DebugCLEAN" 
+!ELSE 
+CLEAN : 
+!ENDIF 
+	-@erase "$(INTDIR)\cbc3_enc.obj"
+	-@erase "$(INTDIR)\cbc_cksm.obj"
+	-@erase "$(INTDIR)\cbc_enc.obj"
+	-@erase "$(INTDIR)\cfb64ede.obj"
+	-@erase "$(INTDIR)\cfb64enc.obj"
+	-@erase "$(INTDIR)\cfb_enc.obj"
+	-@erase "$(INTDIR)\des_enc.obj"
+	-@erase "$(INTDIR)\dllmain.obj"
+	-@erase "$(INTDIR)\ecb3_enc.obj"
+	-@erase "$(INTDIR)\ecb_enc.obj"
+	-@erase "$(INTDIR)\ede_enc.obj"
+	-@erase "$(INTDIR)\enc_read.obj"
+	-@erase "$(INTDIR)\enc_writ.obj"
+	-@erase "$(INTDIR)\fcrypt.obj"
+	-@erase "$(INTDIR)\key_par.obj"
+	-@erase "$(INTDIR)\ncbc_enc.obj"
+	-@erase "$(INTDIR)\ofb64ede.obj"
+	-@erase "$(INTDIR)\ofb64enc.obj"
+	-@erase "$(INTDIR)\ofb_enc.obj"
+	-@erase "$(INTDIR)\passwd_dialog.res"
+	-@erase "$(INTDIR)\passwd_dlg.obj"
+	-@erase "$(INTDIR)\pcbc_enc.obj"
+	-@erase "$(INTDIR)\qud_cksm.obj"
+	-@erase "$(INTDIR)\read_pwd.obj"
+	-@erase "$(INTDIR)\rnd_keys.obj"
+	-@erase "$(INTDIR)\rpc_enc.obj"
+	-@erase "$(INTDIR)\set_key.obj"
+	-@erase "$(INTDIR)\str2key.obj"
+	-@erase "$(INTDIR)\supp.obj"
+	-@erase "$(INTDIR)\vc50.idb"
+	-@erase "$(INTDIR)\vc50.pdb"
+	-@erase "$(OUTDIR)\des.dll"
+	-@erase "$(OUTDIR)\des.exp"
+	-@erase "$(OUTDIR)\des.ilk"
+	-@erase "$(OUTDIR)\des.lib"
+	-@erase "$(OUTDIR)\des.pdb"
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /Zi /Od /I "..\roken" /I "." /I\
+ "..\..\include" /I "..\..\include\win32" /D "WIN32" /D "_DEBUG" /D "_WINDOWS"\
+ /D "HAVE_CONFIG_H" /Fp"$(INTDIR)\des.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\"\
+ /FD /c 
+CPP_OBJS=.\Debug/
+CPP_SBRS=.
+
+.c{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+MTL=midl.exe
+MTL_PROJ=/nologo /D "_DEBUG" /mktyplib203 /win32 
+RSC=rc.exe
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\passwd_dialog.res" /d "_DEBUG" 
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\des.bsc" 
+BSC32_SBRS= \
+	
+LINK32=link.exe
+LINK32_FLAGS=..\roken\Debug\roken.lib kernel32.lib user32.lib gdi32.lib\
+ winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib\
+ uuid.lib /nologo /subsystem:windows /dll /incremental:yes\
+ /pdb:"$(OUTDIR)\des.pdb" /debug /machine:I386 /def:".\des.def"\
+ /out:"$(OUTDIR)\des.dll" /implib:"$(OUTDIR)\des.lib" 
+DEF_FILE= \
+	".\des.def"
+LINK32_OBJS= \
+	"$(INTDIR)\cbc3_enc.obj" \
+	"$(INTDIR)\cbc_cksm.obj" \
+	"$(INTDIR)\cbc_enc.obj" \
+	"$(INTDIR)\cfb64ede.obj" \
+	"$(INTDIR)\cfb64enc.obj" \
+	"$(INTDIR)\cfb_enc.obj" \
+	"$(INTDIR)\des_enc.obj" \
+	"$(INTDIR)\dllmain.obj" \
+	"$(INTDIR)\ecb3_enc.obj" \
+	"$(INTDIR)\ecb_enc.obj" \
+	"$(INTDIR)\ede_enc.obj" \
+	"$(INTDIR)\enc_read.obj" \
+	"$(INTDIR)\enc_writ.obj" \
+	"$(INTDIR)\fcrypt.obj" \
+	"$(INTDIR)\key_par.obj" \
+	"$(INTDIR)\ncbc_enc.obj" \
+	"$(INTDIR)\ofb64ede.obj" \
+	"$(INTDIR)\ofb64enc.obj" \
+	"$(INTDIR)\ofb_enc.obj" \
+	"$(INTDIR)\passwd_dialog.res" \
+	"$(INTDIR)\passwd_dlg.obj" \
+	"$(INTDIR)\pcbc_enc.obj" \
+	"$(INTDIR)\qud_cksm.obj" \
+	"$(INTDIR)\read_pwd.obj" \
+	"$(INTDIR)\rnd_keys.obj" \
+	"$(INTDIR)\rpc_enc.obj" \
+	"$(INTDIR)\set_key.obj" \
+	"$(INTDIR)\str2key.obj" \
+	"$(INTDIR)\supp.obj" \
+	"..\roken\Debug\roken.lib"
+
+"$(OUTDIR)\des.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+
+!ENDIF 
+
+
+!IF "$(CFG)" == "des - Win32 Release" || "$(CFG)" == "des - Win32 Debug"
+SOURCE=.\cbc3_enc.c
+DEP_CPP_CBC3_=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+
+
+"$(INTDIR)\cbc3_enc.obj" : $(SOURCE) $(DEP_CPP_CBC3_) "$(INTDIR)"
+
+
+SOURCE=.\cbc_cksm.c
+DEP_CPP_CBC_C=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\cbc_cksm.obj" : $(SOURCE) $(DEP_CPP_CBC_C) "$(INTDIR)"
+
+
+SOURCE=.\cbc_enc.c
+DEP_CPP_CBC_E=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\cbc_enc.obj" : $(SOURCE) $(DEP_CPP_CBC_E) "$(INTDIR)"
+
+
+SOURCE=.\cfb64ede.c
+DEP_CPP_CFB64=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\cfb64ede.obj" : $(SOURCE) $(DEP_CPP_CFB64) "$(INTDIR)"
+
+
+SOURCE=.\cfb64enc.c
+DEP_CPP_CFB64E=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\cfb64enc.obj" : $(SOURCE) $(DEP_CPP_CFB64E) "$(INTDIR)"
+
+
+SOURCE=.\cfb_enc.c
+DEP_CPP_CFB_E=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\cfb_enc.obj" : $(SOURCE) $(DEP_CPP_CFB_E) "$(INTDIR)"
+
+
+SOURCE=.\des_enc.c
+DEP_CPP_DES_E=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\des_enc.obj" : $(SOURCE) $(DEP_CPP_DES_E) "$(INTDIR)"
+
+
+SOURCE=.\dllmain.c
+DEP_CPP_DLLMA=\
+	"..\..\include\win32\config.h"\
+	
+
+"$(INTDIR)\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)"
+
+
+SOURCE=.\ecb3_enc.c
+DEP_CPP_ECB3_=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+
+
+"$(INTDIR)\ecb3_enc.obj" : $(SOURCE) $(DEP_CPP_ECB3_) "$(INTDIR)"
+
+
+SOURCE=.\ecb_enc.c
+DEP_CPP_ECB_E=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	".\spr.h"\
+	
+
+"$(INTDIR)\ecb_enc.obj" : $(SOURCE) $(DEP_CPP_ECB_E) "$(INTDIR)"
+
+
+SOURCE=.\ede_enc.c
+DEP_CPP_EDE_E=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\ede_enc.obj" : $(SOURCE) $(DEP_CPP_EDE_E) "$(INTDIR)"
+
+
+SOURCE=.\enc_read.c
+DEP_CPP_ENC_R=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\enc_read.obj" : $(SOURCE) $(DEP_CPP_ENC_R) "$(INTDIR)"
+
+
+SOURCE=.\enc_writ.c
+DEP_CPP_ENC_W=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\enc_writ.obj" : $(SOURCE) $(DEP_CPP_ENC_W) "$(INTDIR)"
+
+
+SOURCE=.\fcrypt.c
+DEP_CPP_FCRYP=\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	".\md5.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\fcrypt.obj" : $(SOURCE) $(DEP_CPP_FCRYP) "$(INTDIR)"
+
+
+SOURCE=.\key_par.c
+DEP_CPP_KEY_P=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\key_par.obj" : $(SOURCE) $(DEP_CPP_KEY_P) "$(INTDIR)"
+
+
+SOURCE=.\ncbc_enc.c
+DEP_CPP_NCBC_=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\ncbc_enc.obj" : $(SOURCE) $(DEP_CPP_NCBC_) "$(INTDIR)"
+
+
+SOURCE=.\ofb64ede.c
+DEP_CPP_OFB64=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\ofb64ede.obj" : $(SOURCE) $(DEP_CPP_OFB64) "$(INTDIR)"
+
+
+SOURCE=.\ofb64enc.c
+DEP_CPP_OFB64E=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\ofb64enc.obj" : $(SOURCE) $(DEP_CPP_OFB64E) "$(INTDIR)"
+
+
+SOURCE=.\ofb_enc.c
+DEP_CPP_OFB_E=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\ofb_enc.obj" : $(SOURCE) $(DEP_CPP_OFB_E) "$(INTDIR)"
+
+
+SOURCE=.\passwd_dlg.c
+DEP_CPP_PASSW=\
+	"..\..\include\win32\config.h"\
+	".\passwd_dlg.h"\
+	
+
+"$(INTDIR)\passwd_dlg.obj" : $(SOURCE) $(DEP_CPP_PASSW) "$(INTDIR)"
+
+
+SOURCE=.\pcbc_enc.c
+DEP_CPP_PCBC_=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\pcbc_enc.obj" : $(SOURCE) $(DEP_CPP_PCBC_) "$(INTDIR)"
+
+
+SOURCE=.\qud_cksm.c
+DEP_CPP_QUD_C=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\qud_cksm.obj" : $(SOURCE) $(DEP_CPP_QUD_C) "$(INTDIR)"
+
+
+SOURCE=.\read_pwd.c
+DEP_CPP_READ_=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\read_pwd.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)"
+
+
+SOURCE=.\rnd_keys.c
+DEP_CPP_RND_K=\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
+
+"$(INTDIR)\rnd_keys.obj" : $(SOURCE) $(DEP_CPP_RND_K) "$(INTDIR)"
+
+
+SOURCE=.\rpc_enc.c
+DEP_CPP_RPC_E=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	".\des_ver.h"\
+	".\rpc_des.h"\
+	
+
+"$(INTDIR)\rpc_enc.obj" : $(SOURCE) $(DEP_CPP_RPC_E) "$(INTDIR)"
+
+
+SOURCE=.\set_key.c
+DEP_CPP_SET_K=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	".\podd.h"\
+	".\sk.h"\
+	
+
+"$(INTDIR)\set_key.obj" : $(SOURCE) $(DEP_CPP_SET_K) "$(INTDIR)"
+
+
+SOURCE=.\str2key.c
+DEP_CPP_STR2K=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)"
+
+
+SOURCE=.\supp.c
+DEP_CPP_SUPP_=\
+	"..\..\include\win32\config.h"\
+	".\des.h"\
+	".\des_locl.h"\
+	
+
+"$(INTDIR)\supp.obj" : $(SOURCE) $(DEP_CPP_SUPP_) "$(INTDIR)"
+
+
+SOURCE=.\passwd_dialog.rc
+
+"$(INTDIR)\passwd_dialog.res" : $(SOURCE) "$(INTDIR)"
+	$(RSC) $(RSC_PROJ) $(SOURCE)
+	
+
+!IF  "$(CFG)" == "des - Win32 Release"
+
+"roken - Win32 Release" : 
+   cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\roken"
+   $(MAKE) /$(MAKEFLAGS) /F ".\roken.mak" CFG="roken - Win32 Release" 
+   cd "..\des"
+
+"roken - Win32 ReleaseCLEAN" : 
+   cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\roken"
+   $(MAKE) /$(MAKEFLAGS) CLEAN /F ".\roken.mak" CFG="roken - Win32 Release"\
+ RECURSE=1 
+   cd "..\des"
+
+!ELSEIF  "$(CFG)" == "des - Win32 Debug"
+
+"roken - Win32 Debug" : 
+   cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\roken"
+   $(MAKE) /$(MAKEFLAGS) /F ".\roken.mak" CFG="roken - Win32 Debug" 
+   cd "..\des"
+
+"roken - Win32 DebugCLEAN" : 
+   cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\roken"
+   $(MAKE) /$(MAKEFLAGS) CLEAN /F ".\roken.mak" CFG="roken - Win32 Debug"\
+ RECURSE=1 
+   cd "..\des"
+
+!ENDIF 
+
+
+!ENDIF 
+
diff --git a/crypto/libdes/des.man b/crypto/libdes/des.man
new file mode 100644
index 0000000..7e06a18
--- /dev/null
+++ b/crypto/libdes/des.man
@@ -0,0 +1,186 @@
+.TH DES 1 
+.SH NAME
+des - encrypt or decrypt data using Data Encryption Standard
+.SH SYNOPSIS
+.B des
+(
+.B \-e
+|
+.B \-E
+) | (
+.B \-d
+|
+.B \-D
+) | (
+.B \-\fR[\fPcC\fR][\fPckname\fR]\fP
+) |
+[
+.B \-b3hfs
+] [
+.B \-k
+.I key
+]
+] [
+.B \-u\fR[\fIuuname\fR]
+[
+.I input-file
+[
+.I output-file
+] ]
+.SH DESCRIPTION
+.B des
+encrypts and decrypts data using the
+Data Encryption Standard algorithm.
+One of
+.B \-e, \-E
+(for encrypt) or
+.B \-d, \-D
+(for decrypt) must be specified.
+It is also possible to use
+.B \-c
+or
+.B \-C
+in conjunction or instead of the a encrypt/decrypt option to generate
+a 16 character hexadecimal checksum, generated via the
+.I des_cbc_cksum.
+.LP
+Two standard encryption modes are supported by the
+.B des
+program, Cipher Block Chaining (the default) and Electronic Code Book
+(specified with
+.B \-b
+).
+.LP
+The key used for the DES
+algorithm is obtained by prompting the user unless the
+.B `\-k
+.I key'
+option is given.
+If the key is an argument to the
+.B des
+command, it is potentially visible to users executing
+.BR ps (1)
+or a derivative.  To minimise this possibility,
+.B des
+takes care to destroy the key argument immediately upon entry.
+If your shell keeps a history file be careful to make sure it is not
+world readable.
+.LP
+Since this program attempts to maintain compatability with sunOS's
+des(1) command, there are 2 different methods used to convert the user
+supplied key to a des key.
+Whenever and one or more of
+.B \-E, \-D, \-C
+or
+.B \-3
+options are used, the key conversion procedure will not be compatible
+with the sunOS des(1) version but will use all the user supplied
+character to generate the des key.
+.B des
+command reads from standard input unless
+.I input-file
+is specified and writes to standard output unless
+.I output-file
+is given.
+.SH OPTIONS
+.TP
+.B \-b
+Select ECB
+(eight bytes at a time) encryption mode.
+.TP
+.B \-3
+Encrypt using triple encryption.
+By default triple cbc encryption is used but if the
+.B \-b
+option is used then triple ecb encryption is performed.
+If the key is less than 8 characters long, the flag has no effect.
+.TP
+.B \-e
+Encrypt data using an 8 byte key in a manner compatible with sunOS
+des(1).
+.TP
+.B \-E
+Encrypt data using a key of nearly unlimited length (1024 bytes).
+This will product a more secure encryption.
+.TP
+.B \-d
+Decrypt data that was encrypted with the \-e option.
+.TP
+.B \-D
+Decrypt data that was encrypted with the \-E option.
+.TP
+.B \-c
+Generate a 16 character hexadecimal cbc checksum and output this to
+stderr.
+If a filename was specified after the
+.B \-c
+option, the checksum is output to that file.
+The checksum is generated using a key generated in a sunOS compatible
+manner.
+.TP
+.B \-C
+A cbc checksum is generated in the same manner as described for the
+.B \-c
+option but the DES key is generated in the same manner as used for the
+.B \-E
+and
+.B \-D
+options
+.TP
+.B \-f
+Does nothing - allowed for compatibility with sunOS des(1) command.
+.TP
+.B \-s
+Does nothing - allowed for compatibility with sunOS des(1) command.
+.TP
+.B "\-k \fIkey\fP"
+Use the encryption 
+.I key
+specified.
+.TP
+.B "\-h"
+The
+.I key
+is assumed to be a 16 character hexadecimal number.
+If the
+.B "\-3"
+option is used the key is assumed to be a 32 character hexadecimal
+number.
+.TP
+.B \-u
+This flag is used to read and write uuencoded files.  If decrypting,
+the input file is assumed to contain uuencoded, DES encrypted data.
+If encrypting, the characters following the -u are used as the name of
+the uuencoded file to embed in the begin line of the uuencoded
+output.  If there is no name specified after the -u, the name text.des
+will be embedded in the header.
+.SH SEE ALSO
+.B ps (1)
+.B des_crypt(3)
+.SH BUGS
+.LP
+The problem with using the
+.B -e
+option is the short key length.
+It would be better to use a real 56-bit key rather than an
+ASCII-based 56-bit pattern.  Knowing that the key was derived from ASCII
+radically reduces the time necessary for a brute-force cryptographic attack.
+My attempt to remove this problem is to add an alternative text-key to
+DES-key function.  This alternative function (accessed via
+.B -E, -D, -S
+and
+.B -3
+)
+uses DES to help generate the key.
+.LP
+Be carefully when using the -u option.  Doing des -ud <filename> will
+not decrypt filename (the -u option will gobble the d option).
+.LP
+The VMS operating system operates in a world where files are always a
+multiple of 512 bytes.  This causes problems when encrypted data is
+send from unix to VMS since a 88 byte file will suddenly be padded
+with 424 null bytes.  To get around this problem, use the -u option
+to uuencode the data before it is send to the VMS system.
+.SH AUTHOR
+.LP
+Eric Young (eay@cryptsoft.com)
diff --git a/crypto/libdes/des.org b/crypto/libdes/des.org
new file mode 100644
index 0000000..4743b9d
--- /dev/null
+++ b/crypto/libdes/des.org
@@ -0,0 +1,293 @@
+/* crypto/des/des.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+#ifndef HEADER_DES_H
+#define HEADER_DES_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include <stdio.h>
+
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+
+typedef unsigned char des_cblock[8];
+typedef struct des_ks_struct
+	{
+	union	{
+		des_cblock _;
+		/* make sure things are correct size on machines with
+		 * 8 byte longs */
+		DES_LONG pad[2];
+		} ks;
+#undef _
+#define _	ks._
+	} des_key_schedule[16];
+
+#define DES_KEY_SZ 	(sizeof(des_cblock))
+#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
+
+#define DES_ENCRYPT	1
+#define DES_DECRYPT	0
+
+#define DES_CBC_MODE	0
+#define DES_PCBC_MODE	1
+
+#define des_ecb2_encrypt(i,o,k1,k2,e) \
+	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+#define C_Block des_cblock
+#define Key_schedule des_key_schedule
+#ifdef KERBEROS
+#define ENCRYPT DES_ENCRYPT
+#define DECRYPT DES_DECRYPT
+#endif
+#define KEY_SZ DES_KEY_SZ
+#define string_to_key des_string_to_key
+#define read_pw_string des_read_pw_string
+#define random_key des_random_key
+#define pcbc_encrypt des_pcbc_encrypt
+#define set_key des_set_key
+#define key_sched des_key_sched
+#define ecb_encrypt des_ecb_encrypt
+#define cbc_encrypt des_cbc_encrypt
+#define ncbc_encrypt des_ncbc_encrypt
+#define xcbc_encrypt des_xcbc_encrypt
+#define cbc_cksum des_cbc_cksum
+#define quad_cksum des_quad_cksum
+
+/* For compatibility with the MIT lib - eay 20/05/92 */
+typedef des_key_schedule bit_64;
+#define des_fixup_key_parity des_set_odd_parity
+#define des_check_key_parity check_parity
+
+extern int des_check_key;	/* defaults to false */
+extern int des_rw_mode;		/* defaults to DES_PCBC_MODE */
+
+/* The next line is used to disable full ANSI prototypes, if your
+ * compiler has problems with the prototypes, make sure this line always
+ * evaluates to true :-) */
+#if defined(MSDOS) || defined(__STDC__)
+#undef NOPROTO
+#endif
+#ifndef NOPROTO
+char *des_options(void);
+void des_ecb3_encrypt(des_cblock *input,des_cblock *output,
+	des_key_schedule ks1,des_key_schedule ks2,
+	des_key_schedule ks3, int enc);
+DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output,
+	long length,des_key_schedule schedule,des_cblock *ivec);
+void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule schedule,des_cblock *ivec,int enc);
+void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule schedule,des_cblock *ivec,int enc);
+void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule schedule,des_cblock *ivec,
+	des_cblock *inw,des_cblock *outw,int enc);
+void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule sk1,des_key_schedule sk2,
+	des_cblock *ivec1,des_cblock *ivec2,int enc);
+void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
+	long length,des_key_schedule schedule,des_cblock *ivec,int enc);
+void des_ecb_encrypt(des_cblock *input,des_cblock *output,
+	des_key_schedule ks,int enc);
+void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3);
+void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3);
+void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, 
+	long length, des_key_schedule ks1, des_key_schedule ks2, 
+	des_key_schedule ks3, des_cblock *ivec, int enc);
+void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, des_key_schedule ks1, des_key_schedule ks2,
+	des_key_schedule ks3, des_cblock *ivec, int *num, int encrypt);
+void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, des_key_schedule ks1, des_key_schedule ks2,
+	des_key_schedule ks3, des_cblock *ivec, int *num);
+
+int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
+	des_cblock *iv);
+int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
+	des_cblock *iv);
+char *des_fcrypt(const char *buf,const char *salt, char *ret);
+#ifdef PERL5
+char *des_crypt(const char *buf,const char *salt);
+#else
+/* some stupid compilers complain because I have declared char instead
+ * of const char */
+#ifdef HEADER_DES_LOCL_H
+char *crypt(const char *buf,const char *salt);
+#else
+char *crypt();
+#endif
+#endif
+void des_ofb_encrypt(unsigned char *in,unsigned char *out,
+	int numbits,long length,des_key_schedule schedule,des_cblock *ivec);
+void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length,
+	des_key_schedule schedule,des_cblock *ivec,int enc);
+DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output,
+	long length,int out_count,des_cblock *seed);
+void des_random_seed(des_cblock key);
+void des_random_key(des_cblock ret);
+int des_read_password(des_cblock *key,char *prompt,int verify);
+int des_read_2passwords(des_cblock *key1,des_cblock *key2,
+	char *prompt,int verify);
+int des_read_pw_string(char *buf,int length,char *prompt,int verify);
+void des_set_odd_parity(des_cblock *key);
+int des_is_weak_key(des_cblock *key);
+int des_set_key(des_cblock *key,des_key_schedule schedule);
+int des_key_sched(des_cblock *key,des_key_schedule schedule);
+void des_string_to_key(char *str,des_cblock *key);
+void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2);
+void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	des_key_schedule schedule, des_cblock *ivec, int *num, int enc);
+void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	des_key_schedule schedule, des_cblock *ivec, int *num);
+
+/* Extra functions from Mark Murray <mark@grondar.za> */
+void des_cblock_print_file(des_cblock *cb, FILE *fp);
+/* The following functions are not in the normal unix build or the
+ * SSLeay build.  When using the SSLeay build, use RAND_seed()
+ * and RAND_bytes() instead. */
+int des_new_random_key(des_cblock *key);
+void des_init_random_number_generator(des_cblock *key);
+void des_set_random_generator_seed(des_cblock *key);
+void des_set_sequence_number(des_cblock new_sequence_number);
+void des_generate_random_block(des_cblock *block);
+
+#else
+
+char *des_options();
+void des_ecb3_encrypt();
+DES_LONG des_cbc_cksum();
+void des_cbc_encrypt();
+void des_ncbc_encrypt();
+void des_xcbc_encrypt();
+void des_3cbc_encrypt();
+void des_cfb_encrypt();
+void des_ede3_cfb64_encrypt();
+void des_ede3_ofb64_encrypt();
+void des_ecb_encrypt();
+void des_encrypt();
+void des_encrypt2();
+void des_encrypt3();
+void des_decrypt3();
+void des_ede3_cbc_encrypt();
+int des_enc_read();
+int des_enc_write();
+char *des_fcrypt();
+#ifdef PERL5
+char *des_crypt();
+#else
+char *crypt();
+#endif
+void des_ofb_encrypt();
+void des_pcbc_encrypt();
+DES_LONG des_quad_cksum();
+void des_random_seed();
+void des_random_key();
+int des_read_password();
+int des_read_2passwords();
+int des_read_pw_string();
+void des_set_odd_parity();
+int des_is_weak_key();
+int des_set_key();
+int des_key_sched();
+void des_string_to_key();
+void des_string_to_2keys();
+void des_cfb64_encrypt();
+void des_ofb64_encrypt();
+
+/* Extra functions from Mark Murray <mark@grondar.za> */
+void des_cblock_print_file();
+/* The following functions are not in the normal unix build or the
+ * SSLeay build.  When using the SSLeay build, use RAND_seed()
+ * and RAND_bytes() instead. */
+#ifdef FreeBSD
+int des_new_random_key();
+void des_init_random_number_generator();
+void des_set_random_generator_seed();
+void des_set_sequence_number();
+void des_generate_random_block();
+#endif
+
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/libdes/des.pl b/crypto/libdes/des.pl
new file mode 100644
index 0000000..8a3f7e3
--- /dev/null
+++ b/crypto/libdes/des.pl
@@ -0,0 +1,552 @@
+#!/usr/local/bin/perl
+# des.pl - eric young 22/11/1991 eay@cryptsoft.com
+#
+# Copyright (C) 1993 Eric Young
+#
+# 11 April 1996 - patched to circumvent Perl 5 (through 5.002) problem
+#                 with sign-extension on right shift operations.
+#                 Ed Kubaitis - ejk@uiuc.edu
+#
+# eay - 92/08/31 - I think I have fixed all problems for 64bit
+# versions of perl but I could be wrong since I have not tested it yet :-).
+#
+# This is an implementation of DES in perl.
+# The two routines (des_set_key and des_ecb_encrypt)
+# take 8 byte objects as arguments.
+#
+# des_set_key takes an 8 byte string as a key and returns a key schedule
+# for use in calls to des_ecb_encrypt.
+# des_ecb_encrypt takes three arguments, the first is a key schedule
+# (make sure to pass it by reference with the *), the second is 1
+# to encrypt, 0 to decrypt.  The third argument is an 8 byte object
+# to encrypt.  The function returns an 8 byte object that has been
+# DES encrypted.
+#
+# example:
+# require 'des.pl'
+#
+# $key =pack("C8",0x12,0x23,0x45,0x67,0x89,0xab,0xcd,0xef);
+# @ks=  &des_set_key($key);
+#
+# $outbytes= &des_ecb_encrypt(*ks,1,$data);
+# @enc =unpack("C8",$outbytes);
+#
+                 
+package des;
+
+eval("use integer;") if (int($]) > 4);
+
+# The following 8 arrays are used in des_set_key
+@skb0=(
+# for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 
+0x00000000,0x00000010,0x20000000,0x20000010,
+0x00010000,0x00010010,0x20010000,0x20010010,
+0x00000800,0x00000810,0x20000800,0x20000810,
+0x00010800,0x00010810,0x20010800,0x20010810,
+0x00000020,0x00000030,0x20000020,0x20000030,
+0x00010020,0x00010030,0x20010020,0x20010030,
+0x00000820,0x00000830,0x20000820,0x20000830,
+0x00010820,0x00010830,0x20010820,0x20010830,
+0x00080000,0x00080010,0x20080000,0x20080010,
+0x00090000,0x00090010,0x20090000,0x20090010,
+0x00080800,0x00080810,0x20080800,0x20080810,
+0x00090800,0x00090810,0x20090800,0x20090810,
+0x00080020,0x00080030,0x20080020,0x20080030,
+0x00090020,0x00090030,0x20090020,0x20090030,
+0x00080820,0x00080830,0x20080820,0x20080830,
+0x00090820,0x00090830,0x20090820,0x20090830,
+);
+@skb1=(
+# for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 
+0x00000000,0x02000000,0x00002000,0x02002000,
+0x00200000,0x02200000,0x00202000,0x02202000,
+0x00000004,0x02000004,0x00002004,0x02002004,
+0x00200004,0x02200004,0x00202004,0x02202004,
+0x00000400,0x02000400,0x00002400,0x02002400,
+0x00200400,0x02200400,0x00202400,0x02202400,
+0x00000404,0x02000404,0x00002404,0x02002404,
+0x00200404,0x02200404,0x00202404,0x02202404,
+0x10000000,0x12000000,0x10002000,0x12002000,
+0x10200000,0x12200000,0x10202000,0x12202000,
+0x10000004,0x12000004,0x10002004,0x12002004,
+0x10200004,0x12200004,0x10202004,0x12202004,
+0x10000400,0x12000400,0x10002400,0x12002400,
+0x10200400,0x12200400,0x10202400,0x12202400,
+0x10000404,0x12000404,0x10002404,0x12002404,
+0x10200404,0x12200404,0x10202404,0x12202404,
+);
+@skb2=(
+# for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 
+0x00000000,0x00000001,0x00040000,0x00040001,
+0x01000000,0x01000001,0x01040000,0x01040001,
+0x00000002,0x00000003,0x00040002,0x00040003,
+0x01000002,0x01000003,0x01040002,0x01040003,
+0x00000200,0x00000201,0x00040200,0x00040201,
+0x01000200,0x01000201,0x01040200,0x01040201,
+0x00000202,0x00000203,0x00040202,0x00040203,
+0x01000202,0x01000203,0x01040202,0x01040203,
+0x08000000,0x08000001,0x08040000,0x08040001,
+0x09000000,0x09000001,0x09040000,0x09040001,
+0x08000002,0x08000003,0x08040002,0x08040003,
+0x09000002,0x09000003,0x09040002,0x09040003,
+0x08000200,0x08000201,0x08040200,0x08040201,
+0x09000200,0x09000201,0x09040200,0x09040201,
+0x08000202,0x08000203,0x08040202,0x08040203,
+0x09000202,0x09000203,0x09040202,0x09040203,
+);
+@skb3=(
+# for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 
+0x00000000,0x00100000,0x00000100,0x00100100,
+0x00000008,0x00100008,0x00000108,0x00100108,
+0x00001000,0x00101000,0x00001100,0x00101100,
+0x00001008,0x00101008,0x00001108,0x00101108,
+0x04000000,0x04100000,0x04000100,0x04100100,
+0x04000008,0x04100008,0x04000108,0x04100108,
+0x04001000,0x04101000,0x04001100,0x04101100,
+0x04001008,0x04101008,0x04001108,0x04101108,
+0x00020000,0x00120000,0x00020100,0x00120100,
+0x00020008,0x00120008,0x00020108,0x00120108,
+0x00021000,0x00121000,0x00021100,0x00121100,
+0x00021008,0x00121008,0x00021108,0x00121108,
+0x04020000,0x04120000,0x04020100,0x04120100,
+0x04020008,0x04120008,0x04020108,0x04120108,
+0x04021000,0x04121000,0x04021100,0x04121100,
+0x04021008,0x04121008,0x04021108,0x04121108,
+);
+@skb4=(
+# for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 
+0x00000000,0x10000000,0x00010000,0x10010000,
+0x00000004,0x10000004,0x00010004,0x10010004,
+0x20000000,0x30000000,0x20010000,0x30010000,
+0x20000004,0x30000004,0x20010004,0x30010004,
+0x00100000,0x10100000,0x00110000,0x10110000,
+0x00100004,0x10100004,0x00110004,0x10110004,
+0x20100000,0x30100000,0x20110000,0x30110000,
+0x20100004,0x30100004,0x20110004,0x30110004,
+0x00001000,0x10001000,0x00011000,0x10011000,
+0x00001004,0x10001004,0x00011004,0x10011004,
+0x20001000,0x30001000,0x20011000,0x30011000,
+0x20001004,0x30001004,0x20011004,0x30011004,
+0x00101000,0x10101000,0x00111000,0x10111000,
+0x00101004,0x10101004,0x00111004,0x10111004,
+0x20101000,0x30101000,0x20111000,0x30111000,
+0x20101004,0x30101004,0x20111004,0x30111004,
+);
+@skb5=(
+# for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 
+0x00000000,0x08000000,0x00000008,0x08000008,
+0x00000400,0x08000400,0x00000408,0x08000408,
+0x00020000,0x08020000,0x00020008,0x08020008,
+0x00020400,0x08020400,0x00020408,0x08020408,
+0x00000001,0x08000001,0x00000009,0x08000009,
+0x00000401,0x08000401,0x00000409,0x08000409,
+0x00020001,0x08020001,0x00020009,0x08020009,
+0x00020401,0x08020401,0x00020409,0x08020409,
+0x02000000,0x0A000000,0x02000008,0x0A000008,
+0x02000400,0x0A000400,0x02000408,0x0A000408,
+0x02020000,0x0A020000,0x02020008,0x0A020008,
+0x02020400,0x0A020400,0x02020408,0x0A020408,
+0x02000001,0x0A000001,0x02000009,0x0A000009,
+0x02000401,0x0A000401,0x02000409,0x0A000409,
+0x02020001,0x0A020001,0x02020009,0x0A020009,
+0x02020401,0x0A020401,0x02020409,0x0A020409,
+);
+@skb6=(
+# for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 
+0x00000000,0x00000100,0x00080000,0x00080100,
+0x01000000,0x01000100,0x01080000,0x01080100,
+0x00000010,0x00000110,0x00080010,0x00080110,
+0x01000010,0x01000110,0x01080010,0x01080110,
+0x00200000,0x00200100,0x00280000,0x00280100,
+0x01200000,0x01200100,0x01280000,0x01280100,
+0x00200010,0x00200110,0x00280010,0x00280110,
+0x01200010,0x01200110,0x01280010,0x01280110,
+0x00000200,0x00000300,0x00080200,0x00080300,
+0x01000200,0x01000300,0x01080200,0x01080300,
+0x00000210,0x00000310,0x00080210,0x00080310,
+0x01000210,0x01000310,0x01080210,0x01080310,
+0x00200200,0x00200300,0x00280200,0x00280300,
+0x01200200,0x01200300,0x01280200,0x01280300,
+0x00200210,0x00200310,0x00280210,0x00280310,
+0x01200210,0x01200310,0x01280210,0x01280310,
+);
+@skb7=(
+# for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 
+0x00000000,0x04000000,0x00040000,0x04040000,
+0x00000002,0x04000002,0x00040002,0x04040002,
+0x00002000,0x04002000,0x00042000,0x04042000,
+0x00002002,0x04002002,0x00042002,0x04042002,
+0x00000020,0x04000020,0x00040020,0x04040020,
+0x00000022,0x04000022,0x00040022,0x04040022,
+0x00002020,0x04002020,0x00042020,0x04042020,
+0x00002022,0x04002022,0x00042022,0x04042022,
+0x00000800,0x04000800,0x00040800,0x04040800,
+0x00000802,0x04000802,0x00040802,0x04040802,
+0x00002800,0x04002800,0x00042800,0x04042800,
+0x00002802,0x04002802,0x00042802,0x04042802,
+0x00000820,0x04000820,0x00040820,0x04040820,
+0x00000822,0x04000822,0x00040822,0x04040822,
+0x00002820,0x04002820,0x00042820,0x04042820,
+0x00002822,0x04002822,0x00042822,0x04042822,
+);
+
+@shifts2=(0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0);
+
+# used in ecb_encrypt
+@SP0=(
+0x00410100, 0x00010000, 0x40400000, 0x40410100,
+0x00400000, 0x40010100, 0x40010000, 0x40400000,
+0x40010100, 0x00410100, 0x00410000, 0x40000100,
+0x40400100, 0x00400000, 0x00000000, 0x40010000,
+0x00010000, 0x40000000, 0x00400100, 0x00010100,
+0x40410100, 0x00410000, 0x40000100, 0x00400100,
+0x40000000, 0x00000100, 0x00010100, 0x40410000,
+0x00000100, 0x40400100, 0x40410000, 0x00000000,
+0x00000000, 0x40410100, 0x00400100, 0x40010000,
+0x00410100, 0x00010000, 0x40000100, 0x00400100,
+0x40410000, 0x00000100, 0x00010100, 0x40400000,
+0x40010100, 0x40000000, 0x40400000, 0x00410000,
+0x40410100, 0x00010100, 0x00410000, 0x40400100,
+0x00400000, 0x40000100, 0x40010000, 0x00000000,
+0x00010000, 0x00400000, 0x40400100, 0x00410100,
+0x40000000, 0x40410000, 0x00000100, 0x40010100,
+);
+@SP1=(
+0x08021002, 0x00000000, 0x00021000, 0x08020000,
+0x08000002, 0x00001002, 0x08001000, 0x00021000,
+0x00001000, 0x08020002, 0x00000002, 0x08001000,
+0x00020002, 0x08021000, 0x08020000, 0x00000002,
+0x00020000, 0x08001002, 0x08020002, 0x00001000,
+0x00021002, 0x08000000, 0x00000000, 0x00020002,
+0x08001002, 0x00021002, 0x08021000, 0x08000002,
+0x08000000, 0x00020000, 0x00001002, 0x08021002,
+0x00020002, 0x08021000, 0x08001000, 0x00021002,
+0x08021002, 0x00020002, 0x08000002, 0x00000000,
+0x08000000, 0x00001002, 0x00020000, 0x08020002,
+0x00001000, 0x08000000, 0x00021002, 0x08001002,
+0x08021000, 0x00001000, 0x00000000, 0x08000002,
+0x00000002, 0x08021002, 0x00021000, 0x08020000,
+0x08020002, 0x00020000, 0x00001002, 0x08001000,
+0x08001002, 0x00000002, 0x08020000, 0x00021000,
+);
+@SP2=(
+0x20800000, 0x00808020, 0x00000020, 0x20800020,
+0x20008000, 0x00800000, 0x20800020, 0x00008020,
+0x00800020, 0x00008000, 0x00808000, 0x20000000,
+0x20808020, 0x20000020, 0x20000000, 0x20808000,
+0x00000000, 0x20008000, 0x00808020, 0x00000020,
+0x20000020, 0x20808020, 0x00008000, 0x20800000,
+0x20808000, 0x00800020, 0x20008020, 0x00808000,
+0x00008020, 0x00000000, 0x00800000, 0x20008020,
+0x00808020, 0x00000020, 0x20000000, 0x00008000,
+0x20000020, 0x20008000, 0x00808000, 0x20800020,
+0x00000000, 0x00808020, 0x00008020, 0x20808000,
+0x20008000, 0x00800000, 0x20808020, 0x20000000,
+0x20008020, 0x20800000, 0x00800000, 0x20808020,
+0x00008000, 0x00800020, 0x20800020, 0x00008020,
+0x00800020, 0x00000000, 0x20808000, 0x20000020,
+0x20800000, 0x20008020, 0x00000020, 0x00808000,
+);
+@SP3=(
+0x00080201, 0x02000200, 0x00000001, 0x02080201,
+0x00000000, 0x02080000, 0x02000201, 0x00080001,
+0x02080200, 0x02000001, 0x02000000, 0x00000201,
+0x02000001, 0x00080201, 0x00080000, 0x02000000,
+0x02080001, 0x00080200, 0x00000200, 0x00000001,
+0x00080200, 0x02000201, 0x02080000, 0x00000200,
+0x00000201, 0x00000000, 0x00080001, 0x02080200,
+0x02000200, 0x02080001, 0x02080201, 0x00080000,
+0x02080001, 0x00000201, 0x00080000, 0x02000001,
+0x00080200, 0x02000200, 0x00000001, 0x02080000,
+0x02000201, 0x00000000, 0x00000200, 0x00080001,
+0x00000000, 0x02080001, 0x02080200, 0x00000200,
+0x02000000, 0x02080201, 0x00080201, 0x00080000,
+0x02080201, 0x00000001, 0x02000200, 0x00080201,
+0x00080001, 0x00080200, 0x02080000, 0x02000201,
+0x00000201, 0x02000000, 0x02000001, 0x02080200,
+);
+@SP4=(
+0x01000000, 0x00002000, 0x00000080, 0x01002084,
+0x01002004, 0x01000080, 0x00002084, 0x01002000,
+0x00002000, 0x00000004, 0x01000004, 0x00002080,
+0x01000084, 0x01002004, 0x01002080, 0x00000000,
+0x00002080, 0x01000000, 0x00002004, 0x00000084,
+0x01000080, 0x00002084, 0x00000000, 0x01000004,
+0x00000004, 0x01000084, 0x01002084, 0x00002004,
+0x01002000, 0x00000080, 0x00000084, 0x01002080,
+0x01002080, 0x01000084, 0x00002004, 0x01002000,
+0x00002000, 0x00000004, 0x01000004, 0x01000080,
+0x01000000, 0x00002080, 0x01002084, 0x00000000,
+0x00002084, 0x01000000, 0x00000080, 0x00002004,
+0x01000084, 0x00000080, 0x00000000, 0x01002084,
+0x01002004, 0x01002080, 0x00000084, 0x00002000,
+0x00002080, 0x01002004, 0x01000080, 0x00000084,
+0x00000004, 0x00002084, 0x01002000, 0x01000004,
+);
+@SP5=(
+0x10000008, 0x00040008, 0x00000000, 0x10040400,
+0x00040008, 0x00000400, 0x10000408, 0x00040000,
+0x00000408, 0x10040408, 0x00040400, 0x10000000,
+0x10000400, 0x10000008, 0x10040000, 0x00040408,
+0x00040000, 0x10000408, 0x10040008, 0x00000000,
+0x00000400, 0x00000008, 0x10040400, 0x10040008,
+0x10040408, 0x10040000, 0x10000000, 0x00000408,
+0x00000008, 0x00040400, 0x00040408, 0x10000400,
+0x00000408, 0x10000000, 0x10000400, 0x00040408,
+0x10040400, 0x00040008, 0x00000000, 0x10000400,
+0x10000000, 0x00000400, 0x10040008, 0x00040000,
+0x00040008, 0x10040408, 0x00040400, 0x00000008,
+0x10040408, 0x00040400, 0x00040000, 0x10000408,
+0x10000008, 0x10040000, 0x00040408, 0x00000000,
+0x00000400, 0x10000008, 0x10000408, 0x10040400,
+0x10040000, 0x00000408, 0x00000008, 0x10040008,
+);
+@SP6=(
+0x00000800, 0x00000040, 0x00200040, 0x80200000,
+0x80200840, 0x80000800, 0x00000840, 0x00000000,
+0x00200000, 0x80200040, 0x80000040, 0x00200800,
+0x80000000, 0x00200840, 0x00200800, 0x80000040,
+0x80200040, 0x00000800, 0x80000800, 0x80200840,
+0x00000000, 0x00200040, 0x80200000, 0x00000840,
+0x80200800, 0x80000840, 0x00200840, 0x80000000,
+0x80000840, 0x80200800, 0x00000040, 0x00200000,
+0x80000840, 0x00200800, 0x80200800, 0x80000040,
+0x00000800, 0x00000040, 0x00200000, 0x80200800,
+0x80200040, 0x80000840, 0x00000840, 0x00000000,
+0x00000040, 0x80200000, 0x80000000, 0x00200040,
+0x00000000, 0x80200040, 0x00200040, 0x00000840,
+0x80000040, 0x00000800, 0x80200840, 0x00200000,
+0x00200840, 0x80000000, 0x80000800, 0x80200840,
+0x80200000, 0x00200840, 0x00200800, 0x80000800,
+);
+@SP7=(
+0x04100010, 0x04104000, 0x00004010, 0x00000000,
+0x04004000, 0x00100010, 0x04100000, 0x04104010,
+0x00000010, 0x04000000, 0x00104000, 0x00004010,
+0x00104010, 0x04004010, 0x04000010, 0x04100000,
+0x00004000, 0x00104010, 0x00100010, 0x04004000,
+0x04104010, 0x04000010, 0x00000000, 0x00104000,
+0x04000000, 0x00100000, 0x04004010, 0x04100010,
+0x00100000, 0x00004000, 0x04104000, 0x00000010,
+0x00100000, 0x00004000, 0x04000010, 0x04104010,
+0x00004010, 0x04000000, 0x00000000, 0x00104000,
+0x04100010, 0x04004010, 0x04004000, 0x00100010,
+0x04104000, 0x00000010, 0x00100010, 0x04004000,
+0x04104010, 0x00100000, 0x04100000, 0x04000010,
+0x00104000, 0x00004010, 0x04004010, 0x04100000,
+0x00000010, 0x04104000, 0x00104010, 0x00000000,
+0x04000000, 0x04100010, 0x00004000, 0x00104010,
+);
+
+sub main'des_set_key
+	{
+	local($param)=@_;
+	local(@key);
+	local($c,$d,$i,$s,$t);
+	local(@ks)=();
+
+	# Get the bytes in the order we want.
+	@key=unpack("C8",$param);
+
+	$c=	($key[0]    )|
+		($key[1]<< 8)|
+		($key[2]<<16)|
+		($key[3]<<24);
+	$d=	($key[4]    )|
+		($key[5]<< 8)|
+		($key[6]<<16)|
+		($key[7]<<24);
+
+	&doPC1(*c,*d);
+
+	for $i (@shifts2)
+		{
+		if ($i)
+			{
+			$c=($c>>2)|($c<<26);
+			$d=($d>>2)|($d<<26);
+			}
+		else
+			{
+			$c=($c>>1)|($c<<27);
+			$d=($d>>1)|($d<<27);
+			}
+		$c&=0x0fffffff;
+		$d&=0x0fffffff;
+		$s=	$skb0[ ($c    )&0x3f                 ]|
+			$skb1[(($c>> 6)&0x03)|(($c>> 7)&0x3c)]|
+			$skb2[(($c>>13)&0x0f)|(($c>>14)&0x30)]|
+			$skb3[(($c>>20)&0x01)|(($c>>21)&0x06) |
+					     (($c>>22)&0x38)];
+		$t=     $skb4[ ($d    )&0x3f                ]|
+			$skb5[(($d>> 7)&0x03)|(($d>> 8)&0x3c)]|
+			$skb6[ ($d>>15)&0x3f                 ]|
+			$skb7[(($d>>21)&0x0f)|(($d>>22)&0x30)];
+		push(@ks,(($t<<16)|($s&0x0000ffff))&0xffffffff);
+		$s=      (($s>>16)&0x0000ffff)|($t&0xffff0000) ;
+		push(@ks,(($s<<4)|(($s>>28)&0xf))&0xffffffff);
+		}
+	@ks;
+	}
+
+sub doPC1
+	{
+	local(*a,*b)=@_;
+	local($t);
+
+	$t=(($b>>4)^$a)&0x0f0f0f0f;
+	$b^=($t<<4); $a^=$t;
+	# do $a first 
+	$t=(($a<<18)^$a)&0xcccc0000;
+	$a=$a^$t^(($t>>18)&0x00003fff);
+	$t=(($a<<17)^$a)&0xaaaa0000;
+	$a=$a^$t^(($t>>17)&0x00007fff);
+	$t=(($a<< 8)^$a)&0x00ff0000;
+	$a=$a^$t^(($t>> 8)&0x00ffffff);
+	$t=(($a<<17)^$a)&0xaaaa0000;
+	$a=$a^$t^(($t>>17)&0x00007fff);
+
+	# now do $b
+	$t=(($b<<24)^$b)&0xff000000;
+	$b=$b^$t^(($t>>24)&0x000000ff);
+	$t=(($b<< 8)^$b)&0x00ff0000;
+	$b=$b^$t^(($t>> 8)&0x00ffffff);
+	$t=(($b<<14)^$b)&0x33330000;
+	$b=$b^$t^(($t>>14)&0x0003ffff);
+	$b=(($b&0x00aa00aa)<<7)|(($b&0x55005500)>>7)|($b&0xaa55aa55);
+	$b=(($b>>8)&0x00ffffff)|((($a&0xf0000000)>>4)&0x0fffffff);
+	$a&=0x0fffffff;
+	}
+
+sub doIP
+	{
+	local(*a,*b)=@_;
+	local($t);
+
+	$t=(($b>> 4)^$a)&0x0f0f0f0f;
+	$b^=($t<< 4); $a^=$t;
+	$t=(($a>>16)^$b)&0x0000ffff;
+	$a^=($t<<16); $b^=$t;
+	$t=(($b>> 2)^$a)&0x33333333;
+	$b^=($t<< 2); $a^=$t;
+	$t=(($a>> 8)^$b)&0x00ff00ff;
+	$a^=($t<< 8); $b^=$t;
+	$t=(($b>> 1)^$a)&0x55555555;
+	$b^=($t<< 1); $a^=$t;
+	$t=$a;
+	$a=$b&0xffffffff;
+	$b=$t&0xffffffff;
+	}
+
+sub doFP
+	{
+	local(*a,*b)=@_;
+	local($t);
+
+	$t=(($b>> 1)^$a)&0x55555555;
+	$b^=($t<< 1); $a^=$t;
+	$t=(($a>> 8)^$b)&0x00ff00ff;
+	$a^=($t<< 8); $b^=$t;
+	$t=(($b>> 2)^$a)&0x33333333;
+	$b^=($t<< 2); $a^=$t;
+	$t=(($a>>16)^$b)&0x0000ffff;
+	$a^=($t<<16); $b^=$t;
+	$t=(($b>> 4)^$a)&0x0f0f0f0f;
+	$b^=($t<< 4); $a^=$t;
+	$a&=0xffffffff;
+	$b&=0xffffffff;
+	}
+
+sub main'des_ecb_encrypt
+	{
+	local(*ks,$encrypt,$in)=@_;
+	local($l,$r,$i,$t,$u,@input);
+	
+	@input=unpack("C8",$in);
+	# Get the bytes in the order we want.
+	$l=	($input[0]    )|
+		($input[1]<< 8)|
+		($input[2]<<16)|
+		($input[3]<<24);
+	$r=	($input[4]    )|
+		($input[5]<< 8)|
+		($input[6]<<16)|
+		($input[7]<<24);
+
+	$l&=0xffffffff;
+	$r&=0xffffffff;
+	&doIP(*l,*r);
+	if ($encrypt)
+		{
+		for ($i=0; $i<32; $i+=4)
+			{
+			$t=((($r&0x7fffffff)<<1)|(($r>>31)&0x00000001));
+			$u=$t^$ks[$i  ];
+			$t=$t^$ks[$i+1];
+			$t2=(($t&0x0000000f)<<28);
+
+			$t=((($t>>4)&0x0fffffff)|(($t&0x0000000f)<<28));
+			$l^=	$SP1[ $t     &0x3f]|
+				$SP3[($t>> 8)&0x3f]|
+				$SP5[($t>>16)&0x3f]|
+				$SP7[($t>>24)&0x3f]|
+				$SP0[ $u     &0x3f]|
+				$SP2[($u>> 8)&0x3f]|
+				$SP4[($u>>16)&0x3f]|
+				$SP6[($u>>24)&0x3f];
+
+			$t=(($l<<1)|(($l>>31)&0x1))&0xffffffff;
+			$u=$t^$ks[$i+2];
+			$t=$t^$ks[$i+3];
+			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
+			$r^=	$SP1[ $t     &0x3f]|
+				$SP3[($t>> 8)&0x3f]|
+				$SP5[($t>>16)&0x3f]|
+				$SP7[($t>>24)&0x3f]|
+				$SP0[ $u     &0x3f]|
+				$SP2[($u>> 8)&0x3f]|
+				$SP4[($u>>16)&0x3f]|
+				$SP6[($u>>24)&0x3f];
+			}
+		}
+	else	
+		{
+		for ($i=30; $i>0; $i-=4)
+			{
+			$t=(($r<<1)|(($r>>31)&0x1))&0xffffffff;
+			$u=$t^$ks[$i  ];
+			$t=$t^$ks[$i+1];
+			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
+			$l^=	$SP1[ $t     &0x3f]|
+				$SP3[($t>> 8)&0x3f]|
+				$SP5[($t>>16)&0x3f]|
+				$SP7[($t>>24)&0x3f]|
+				$SP0[ $u     &0x3f]|
+				$SP2[($u>> 8)&0x3f]|
+				$SP4[($u>>16)&0x3f]|
+				$SP6[($u>>24)&0x3f];
+
+			$t=(($l<<1)|(($l>>31)&0x1))&0xffffffff;
+			$u=$t^$ks[$i-2];
+			$t=$t^$ks[$i-1];
+			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
+			$r^=	$SP1[ $t     &0x3f]|
+				$SP3[($t>> 8)&0x3f]|
+				$SP5[($t>>16)&0x3f]|
+				$SP7[($t>>24)&0x3f]|
+				$SP0[ $u     &0x3f]|
+				$SP2[($u>> 8)&0x3f]|
+				$SP4[($u>>16)&0x3f]|
+				$SP6[($u>>24)&0x3f];
+			}
+		}
+	&doFP(*l,*r);
+	pack("C8",$l&0xff, 
+	          ($l>> 8)&0x00ffffff,
+	          ($l>>16)&0x0000ffff,
+		  ($l>>24)&0x000000ff,
+		  $r&0xff,
+	          ($r>> 8)&0x00ffffff,
+	          ($r>>16)&0x0000ffff,
+		  ($r>>24)&0x000000ff);
+	}
diff --git a/crypto/libdes/des3s.cpp b/crypto/libdes/des3s.cpp
new file mode 100644
index 0000000..02d527c
--- /dev/null
+++ b/crypto/libdes/des3s.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/des.h>
+
+void main(int argc,char *argv[])
+	{
+	des_key_schedule key1,key2,key3;
+	unsigned long s1,s2,e1,e2;
+	unsigned long data[2];
+	int i,j;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<1000; i++) /**/
+			{
+			des_encrypt3(&data[0],key1,key2,key3);
+			GetTSC(s1);
+			des_encrypt3(&data[0],key1,key2,key3);
+			des_encrypt3(&data[0],key1,key2,key3);
+			des_encrypt3(&data[0],key1,key2,key3);
+			GetTSC(e1);
+			GetTSC(s2);
+			des_encrypt3(&data[0],key1,key2,key3);
+			des_encrypt3(&data[0],key1,key2,key3);
+			des_encrypt3(&data[0],key1,key2,key3);
+			des_encrypt3(&data[0],key1,key2,key3);
+			GetTSC(e2);
+			des_encrypt3(&data[0],key1,key2,key3);
+			}
+
+		printf("des %d %d (%d)\n",
+			e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+		}
+	}
+
diff --git a/crypto/libdes/des_crypt.man b/crypto/libdes/des_crypt.man
new file mode 100644
index 0000000..0ecc416
--- /dev/null
+++ b/crypto/libdes/des_crypt.man
@@ -0,0 +1,508 @@
+.TH DES_CRYPT 3 
+.SH NAME
+des_read_password, des_read_2password,
+des_string_to_key, des_string_to_2key, des_read_pw_string,
+des_random_key, des_set_key,
+des_key_sched, des_ecb_encrypt, des_ecb3_encrypt, des_cbc_encrypt,
+des_3cbc_encrypt,
+des_pcbc_encrypt, des_cfb_encrypt, des_ofb_encrypt,
+des_cbc_cksum, des_quad_cksum,
+des_enc_read, des_enc_write, des_set_odd_parity,
+des_is_weak_key, crypt \- (non USA) DES encryption
+.SH SYNOPSIS
+.nf
+.nj
+.ft B
+#include <des.h>
+.PP
+.B int des_read_password(key,prompt,verify)
+des_cblock *key;
+char *prompt;
+int verify;
+.PP
+.B int des_read_2password(key1,key2,prompt,verify)
+des_cblock *key1,*key2;
+char *prompt;
+int verify;
+.PP
+.B int des_string_to_key(str,key)
+char *str;
+des_cblock *key;
+.PP
+.B int des_string_to_2keys(str,key1,key2)
+char *str;
+des_cblock *key1,*key2;
+.PP
+.B int des_read_pw_string(buf,length,prompt,verify)
+char *buf;
+int length;
+char *prompt;
+int verify;
+.PP
+.B int des_random_key(key)
+des_cblock *key;
+.PP
+.B int des_set_key(key,schedule)
+des_cblock *key;
+des_key_schedule schedule;
+.PP
+.B int des_key_sched(key,schedule)
+des_cblock *key;
+des_key_schedule schedule;
+.PP
+.B int des_ecb_encrypt(input,output,schedule,encrypt)
+des_cblock *input;
+des_cblock *output;
+des_key_schedule schedule;
+int encrypt;
+.PP
+.B int des_ecb3_encrypt(input,output,ks1,ks2,encrypt)
+des_cblock *input;
+des_cblock *output;
+des_key_schedule ks1,ks2;
+int encrypt;
+.PP
+.B int des_cbc_encrypt(input,output,length,schedule,ivec,encrypt)
+des_cblock *input;
+des_cblock *output;
+long length;
+des_key_schedule schedule;
+des_cblock *ivec;
+int encrypt;
+.PP
+.B int des_3cbc_encrypt(input,output,length,sk1,sk2,ivec1,ivec2,encrypt)
+des_cblock *input;
+des_cblock *output;
+long length;
+des_key_schedule sk1;
+des_key_schedule sk2;
+des_cblock *ivec1;
+des_cblock *ivec2;
+int encrypt;
+.PP
+.B int des_pcbc_encrypt(input,output,length,schedule,ivec,encrypt)
+des_cblock *input;
+des_cblock *output;
+long length;
+des_key_schedule schedule;
+des_cblock *ivec;
+int encrypt;
+.PP
+.B int des_cfb_encrypt(input,output,numbits,length,schedule,ivec,encrypt)
+unsigned char *input;
+unsigned char *output;
+int numbits;
+long length;
+des_key_schedule schedule;
+des_cblock *ivec;
+int encrypt;
+.PP
+.B int des_ofb_encrypt(input,output,numbits,length,schedule,ivec)
+unsigned char *input,*output;
+int numbits;
+long length;
+des_key_schedule schedule;
+des_cblock *ivec;
+.PP
+.B unsigned long des_cbc_cksum(input,output,length,schedule,ivec)
+des_cblock *input;
+des_cblock *output;
+long length;
+des_key_schedule schedule;
+des_cblock *ivec;
+.PP
+.B unsigned long des_quad_cksum(input,output,length,out_count,seed)
+des_cblock *input;
+des_cblock *output;
+long length;
+int out_count;
+des_cblock *seed;
+.PP
+.B int des_check_key;
+.PP
+.B int des_enc_read(fd,buf,len,sched,iv)
+int fd;
+char *buf;
+int len;
+des_key_schedule sched;
+des_cblock *iv;
+.PP
+.B int des_enc_write(fd,buf,len,sched,iv)
+int fd;
+char *buf;
+int len;
+des_key_schedule sched;
+des_cblock *iv;
+.PP
+.B extern int des_rw_mode;
+.PP
+.B void des_set_odd_parity(key)
+des_cblock *key;
+.PP
+.B int des_is_weak_key(key)
+des_cblock *key;
+.PP
+.B char *crypt(passwd,salt)
+char *passwd;
+char *salt;
+.PP
+.fi
+.SH DESCRIPTION
+This library contains a fast implementation of the DES encryption
+algorithm.
+.PP
+There are two phases to the use of DES encryption.
+The first is the generation of a
+.I des_key_schedule
+from a key,
+the second is the actual encryption.
+A des key is of type
+.I des_cblock.
+This type is made from 8 characters with odd parity.
+The least significant bit in the character is the parity bit.
+The key schedule is an expanded form of the key; it is used to speed the
+encryption process.
+.PP
+.I des_read_password
+writes the string specified by prompt to the standard output,
+turns off echo and reads an input string from standard input
+until terminated with a newline.
+If verify is non-zero, it prompts and reads the input again and verifies
+that both entered passwords are the same.
+The entered string is converted into a des key by using the
+.I des_string_to_key
+routine.
+The new key is placed in the
+.I des_cblock
+that was passed (by reference) to the routine.
+If there were no errors,
+.I des_read_password
+returns 0,
+-1 is returned if there was a terminal error and 1 is returned for
+any other error.
+.PP
+.I des_read_2password
+operates in the same way as
+.I des_read_password
+except that it generates 2 keys by using the
+.I des_string_to_2key
+function.
+.PP
+.I des_read_pw_string
+is called by
+.I des_read_password
+to read and verify a string from a terminal device.
+The string is returned in
+.I buf.
+The size of
+.I buf
+is passed to the routine via the
+.I length
+parameter.
+.PP
+.I des_string_to_key
+converts a string into a valid des key.
+.PP
+.I des_string_to_2key
+converts a string into 2 valid des keys.
+This routine is best suited for used to generate keys for use with
+.I des_ecb3_encrypt.
+.PP
+.I des_random_key
+returns a random key that is made of a combination of process id,
+time and an increasing counter.
+.PP
+Before a des key can be used it is converted into a
+.I des_key_schedule
+via the
+.I des_set_key
+routine.
+If the
+.I des_check_key
+flag is non-zero,
+.I des_set_key
+will check that the key passed is of odd parity and is not a week or
+semi-weak key.
+If the parity is wrong,
+then -1 is returned.
+If the key is a weak key,
+then -2 is returned.
+If an error is returned,
+the key schedule is not generated.
+.PP
+.I des_key_sched
+is another name for the
+.I des_set_key
+function.
+.PP
+The following routines mostly operate on an input and output stream of
+.I des_cblock's.
+.PP
+.I des_ecb_encrypt
+is the basic DES encryption routine that encrypts or decrypts a single 8-byte
+.I des_cblock
+in
+.I electronic code book
+mode.
+It always transforms the input data, pointed to by
+.I input,
+into the output data,
+pointed to by the
+.I output
+argument.
+If the
+.I encrypt
+argument is non-zero (DES_ENCRYPT),
+the
+.I input
+(cleartext) is encrypted in to the
+.I output
+(ciphertext) using the key_schedule specified by the
+.I schedule
+argument,
+previously set via
+.I des_set_key.
+If
+.I encrypt
+is zero (DES_DECRYPT),
+the
+.I input
+(now ciphertext)
+is decrypted into the
+.I output
+(now cleartext).
+Input and output may overlap.
+No meaningful value is returned.
+.PP
+.I des_ecb3_encrypt
+encrypts/decrypts the
+.I input
+block by using triple ecb DES encryption.
+This involves encrypting the input with 
+.I ks1,
+decryption with the key schedule
+.I ks2,
+and then encryption with the first again.
+This routine greatly reduces the chances of brute force breaking of
+DES and has the advantage of if
+.I ks1
+and
+.I ks2
+are the same, it is equivalent to just encryption using ecb mode and
+.I ks1
+as the key.
+.PP
+.I des_cbc_encrypt
+encrypts/decrypts using the
+.I cipher-block-chaining
+mode of DES.
+If the
+.I encrypt
+argument is non-zero,
+the routine cipher-block-chain encrypts the cleartext data pointed to by the
+.I input
+argument into the ciphertext pointed to by the
+.I output
+argument,
+using the key schedule provided by the
+.I schedule
+argument,
+and initialisation vector provided by the
+.I ivec
+argument.
+If the
+.I length
+argument is not an integral multiple of eight bytes, 
+the last block is copied to a temporary area and zero filled.
+The output is always
+an integral multiple of eight bytes.
+To make multiple cbc encrypt calls on a large amount of data appear to
+be one 
+.I des_cbc_encrypt
+call, the
+.I ivec
+of subsequent calls should be the last 8 bytes of the output.
+.PP
+.I des_3cbc_encrypt
+encrypts/decrypts the
+.I input
+block by using triple cbc DES encryption.
+This involves encrypting the input with key schedule
+.I ks1,
+decryption with the key schedule
+.I ks2,
+and then encryption with the first again.
+2 initialisation vectors are required,
+.I ivec1
+and
+.I ivec2.
+Unlike
+.I des_cbc_encrypt,
+these initialisation vectors are modified by the subroutine.
+This routine greatly reduces the chances of brute force breaking of
+DES and has the advantage of if
+.I ks1
+and
+.I ks2
+are the same, it is equivalent to just encryption using cbc mode and
+.I ks1
+as the key.
+.PP
+.I des_pcbc_encrypt
+encrypt/decrypts using a modified block chaining mode.
+It provides better error propagation characteristics than cbc
+encryption.
+.PP
+.I des_cfb_encrypt
+encrypt/decrypts using cipher feedback mode.  This method takes an
+array of characters as input and outputs and array of characters.  It
+does not require any padding to 8 character groups.  Note: the ivec
+variable is changed and the new changed value needs to be passed to
+the next call to this function.  Since this function runs a complete
+DES ecb encryption per numbits, this function is only suggested for
+use when sending small numbers of characters.
+.PP
+.I des_ofb_encrypt
+encrypt using output feedback mode.  This method takes an
+array of characters as input and outputs and array of characters.  It
+does not require any padding to 8 character groups.  Note: the ivec
+variable is changed and the new changed value needs to be passed to
+the next call to this function.  Since this function runs a complete
+DES ecb encryption per numbits, this function is only suggested for
+use when sending small numbers of characters.
+.PP
+.I des_cbc_cksum
+produces an 8 byte checksum based on the input stream (via cbc encryption).
+The last 4 bytes of the checksum is returned and the complete 8 bytes is
+placed in
+.I output.
+.PP
+.I des_quad_cksum
+returns a 4 byte checksum from the input bytes.
+The algorithm can be iterated over the input,
+depending on
+.I out_count,
+1, 2, 3 or 4 times.
+If
+.I output
+is non-NULL,
+the 8 bytes generated by each pass are written into
+.I output.
+.PP
+.I des_enc_write
+is used to write
+.I len
+bytes
+to file descriptor
+.I fd
+from buffer
+.I buf.
+The data is encrypted via
+.I pcbc_encrypt
+(default) using
+.I sched
+for the key and
+.I iv
+as a starting vector.
+The actual data send down
+.I fd
+consists of 4 bytes (in network byte order) containing the length of the
+following encrypted data.  The encrypted data then follows, padded with random
+data out to a multiple of 8 bytes.
+.PP
+.I des_enc_read
+is used to read
+.I len
+bytes
+from file descriptor
+.I fd
+into buffer
+.I buf.
+The data being read from
+.I fd
+is assumed to have come from
+.I des_enc_write
+and is decrypted using
+.I sched
+for the key schedule and
+.I iv
+for the initial vector.
+The
+.I des_enc_read/des_enc_write
+pair can be used to read/write to files, pipes and sockets.
+I have used them in implementing a version of rlogin in which all
+data is encrypted.
+.PP
+.I des_rw_mode
+is used to specify the encryption mode to use with 
+.I des_enc_read
+and 
+.I des_end_write.
+If set to
+.I DES_PCBC_MODE
+(the default), des_pcbc_encrypt is used.
+If set to
+.I DES_CBC_MODE
+des_cbc_encrypt is used.
+These two routines and the variable are not part of the normal MIT library.
+.PP
+.I des_set_odd_parity
+sets the parity of the passed
+.I key
+to odd.  This routine is not part of the standard MIT library.
+.PP
+.I des_is_weak_key
+returns 1 is the passed key is a weak key (pick again :-),
+0 if it is ok.
+This routine is not part of the standard MIT library.
+.PP
+.I crypt
+is a replacement for the normal system crypt.
+It is much faster than the system crypt.
+.PP
+.SH FILES
+/usr/include/des.h
+.br
+/usr/lib/libdes.a
+.PP
+The encryption routines have been tested on 16bit, 32bit and 64bit
+machines of various endian and even works under VMS.
+.PP
+.SH BUGS
+.PP
+If you think this manual is sparse,
+read the des_crypt(3) manual from the MIT kerberos (or bones outside
+of the USA) distribution.
+.PP
+.I des_cfb_encrypt
+and
+.I des_ofb_encrypt
+operates on input of 8 bits.  What this means is that if you set
+numbits to 12, and length to 2, the first 12 bits will come from the 1st
+input byte and the low half of the second input byte.  The second 12
+bits will have the low 8 bits taken from the 3rd input byte and the
+top 4 bits taken from the 4th input byte.  The same holds for output.
+This function has been implemented this way because most people will
+be using a multiple of 8 and because once you get into pulling bytes input
+bytes apart things get ugly!
+.PP
+.I des_read_pw_string
+is the most machine/OS dependent function and normally generates the
+most problems when porting this code.
+.PP
+.I des_string_to_key
+is probably different from the MIT version since there are lots
+of fun ways to implement one-way encryption of a text string.
+.PP
+The routines are optimised for 32 bit machines and so are not efficient
+on IBM PCs.
+.PP
+NOTE: extensive work has been done on this library since this document
+was origionally written.  Please try to read des.doc from the libdes
+distribution since it is far more upto date and documents more of the
+functions.  Libdes is now also being shipped as part of SSLeay, a
+general cryptographic library that amonst other things implements
+netscapes SSL protocoll.  The most recent version can be found in
+SSLeay distributions.
+.SH AUTHOR
+Eric Young (eay@cryptsoft.com)
diff --git a/crypto/libdes/des_enc.c b/crypto/libdes/des_enc.c
new file mode 100644
index 0000000..ed42ab6
--- /dev/null
+++ b/crypto/libdes/des_enc.c
@@ -0,0 +1,407 @@
+/* crypto/des/des_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+#include "des_locl.h"
+
+void des_encrypt(DES_LONG *data, des_key_schedule ks, int enc)
+	{
+	register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+	register const unsigned char *des_SP=(const unsigned char *)des_SPtrans;
+#endif
+#ifndef DES_UNROLL
+	register int i;
+#endif
+	register DES_LONG *s;
+
+	r=data[0];
+	l=data[1];
+
+	IP(r,l);
+	/* Things have been modified so that the initial rotate is
+	 * done outside the loop.  This required the
+	 * des_SPtrans values in sp.h to be rotated 1 bit to the right.
+	 * One perl script later and things have a 5% speed up on a sparc2.
+	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+	 * for pointing this out. */
+	/* clear the top bits on machines with 8byte longs */
+	/* shift left by 2 */
+	r=ROTATE(r,29)&0xffffffffL;
+	l=ROTATE(l,29)&0xffffffffL;
+
+	s=ks->ks.deslong;
+	/* I don't know if it is worth the effort of loop unrolling the
+	 * inner loop */
+	if (enc)
+		{
+#ifdef DES_UNROLL
+		D_ENCRYPT(l,r, 0); /*  1 */
+		D_ENCRYPT(r,l, 2); /*  2 */
+		D_ENCRYPT(l,r, 4); /*  3 */
+		D_ENCRYPT(r,l, 6); /*  4 */
+		D_ENCRYPT(l,r, 8); /*  5 */
+		D_ENCRYPT(r,l,10); /*  6 */
+		D_ENCRYPT(l,r,12); /*  7 */
+		D_ENCRYPT(r,l,14); /*  8 */
+		D_ENCRYPT(l,r,16); /*  9 */
+		D_ENCRYPT(r,l,18); /*  10 */
+		D_ENCRYPT(l,r,20); /*  11 */
+		D_ENCRYPT(r,l,22); /*  12 */
+		D_ENCRYPT(l,r,24); /*  13 */
+		D_ENCRYPT(r,l,26); /*  14 */
+		D_ENCRYPT(l,r,28); /*  15 */
+		D_ENCRYPT(r,l,30); /*  16 */
+#else
+		for (i=0; i<32; i+=8)
+			{
+			D_ENCRYPT(l,r,i+0); /*  1 */
+			D_ENCRYPT(r,l,i+2); /*  2 */
+			D_ENCRYPT(l,r,i+4); /*  3 */
+			D_ENCRYPT(r,l,i+6); /*  4 */
+			}
+#endif
+		}
+	else
+		{
+#ifdef DES_UNROLL
+		D_ENCRYPT(l,r,30); /* 16 */
+		D_ENCRYPT(r,l,28); /* 15 */
+		D_ENCRYPT(l,r,26); /* 14 */
+		D_ENCRYPT(r,l,24); /* 13 */
+		D_ENCRYPT(l,r,22); /* 12 */
+		D_ENCRYPT(r,l,20); /* 11 */
+		D_ENCRYPT(l,r,18); /* 10 */
+		D_ENCRYPT(r,l,16); /*  9 */
+		D_ENCRYPT(l,r,14); /*  8 */
+		D_ENCRYPT(r,l,12); /*  7 */
+		D_ENCRYPT(l,r,10); /*  6 */
+		D_ENCRYPT(r,l, 8); /*  5 */
+		D_ENCRYPT(l,r, 6); /*  4 */
+		D_ENCRYPT(r,l, 4); /*  3 */
+		D_ENCRYPT(l,r, 2); /*  2 */
+		D_ENCRYPT(r,l, 0); /*  1 */
+#else
+		for (i=30; i>0; i-=8)
+			{
+			D_ENCRYPT(l,r,i-0); /* 16 */
+			D_ENCRYPT(r,l,i-2); /* 15 */
+			D_ENCRYPT(l,r,i-4); /* 14 */
+			D_ENCRYPT(r,l,i-6); /* 13 */
+			}
+#endif
+		}
+
+	/* rotate and clear the top bits on machines with 8byte longs */
+	l=ROTATE(l,3)&0xffffffffL;
+	r=ROTATE(r,3)&0xffffffffL;
+
+	FP(r,l);
+	data[0]=l;
+	data[1]=r;
+	l=r=t=u=0;
+	}
+
+void des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc)
+	{
+	register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+	register const unsigned char *des_SP=(const unsigned char *)des_SPtrans;
+#endif
+#ifndef DES_UNROLL
+	register int i;
+#endif
+	register DES_LONG *s;
+
+	r=data[0];
+	l=data[1];
+
+	/* Things have been modified so that the initial rotate is
+	 * done outside the loop.  This required the
+	 * des_SPtrans values in sp.h to be rotated 1 bit to the right.
+	 * One perl script later and things have a 5% speed up on a sparc2.
+	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+	 * for pointing this out. */
+	/* clear the top bits on machines with 8byte longs */
+	r=ROTATE(r,29)&0xffffffffL;
+	l=ROTATE(l,29)&0xffffffffL;
+
+	s=ks->ks.deslong;
+	/* I don't know if it is worth the effort of loop unrolling the
+	 * inner loop */
+	if (enc)
+		{
+#ifdef DES_UNROLL
+		D_ENCRYPT(l,r, 0); /*  1 */
+		D_ENCRYPT(r,l, 2); /*  2 */
+		D_ENCRYPT(l,r, 4); /*  3 */
+		D_ENCRYPT(r,l, 6); /*  4 */
+		D_ENCRYPT(l,r, 8); /*  5 */
+		D_ENCRYPT(r,l,10); /*  6 */
+		D_ENCRYPT(l,r,12); /*  7 */
+		D_ENCRYPT(r,l,14); /*  8 */
+		D_ENCRYPT(l,r,16); /*  9 */
+		D_ENCRYPT(r,l,18); /*  10 */
+		D_ENCRYPT(l,r,20); /*  11 */
+		D_ENCRYPT(r,l,22); /*  12 */
+		D_ENCRYPT(l,r,24); /*  13 */
+		D_ENCRYPT(r,l,26); /*  14 */
+		D_ENCRYPT(l,r,28); /*  15 */
+		D_ENCRYPT(r,l,30); /*  16 */
+#else
+		for (i=0; i<32; i+=8)
+			{
+			D_ENCRYPT(l,r,i+0); /*  1 */
+			D_ENCRYPT(r,l,i+2); /*  2 */
+			D_ENCRYPT(l,r,i+4); /*  3 */
+			D_ENCRYPT(r,l,i+6); /*  4 */
+			}
+#endif
+		}
+	else
+		{
+#ifdef DES_UNROLL
+		D_ENCRYPT(l,r,30); /* 16 */
+		D_ENCRYPT(r,l,28); /* 15 */
+		D_ENCRYPT(l,r,26); /* 14 */
+		D_ENCRYPT(r,l,24); /* 13 */
+		D_ENCRYPT(l,r,22); /* 12 */
+		D_ENCRYPT(r,l,20); /* 11 */
+		D_ENCRYPT(l,r,18); /* 10 */
+		D_ENCRYPT(r,l,16); /*  9 */
+		D_ENCRYPT(l,r,14); /*  8 */
+		D_ENCRYPT(r,l,12); /*  7 */
+		D_ENCRYPT(l,r,10); /*  6 */
+		D_ENCRYPT(r,l, 8); /*  5 */
+		D_ENCRYPT(l,r, 6); /*  4 */
+		D_ENCRYPT(r,l, 4); /*  3 */
+		D_ENCRYPT(l,r, 2); /*  2 */
+		D_ENCRYPT(r,l, 0); /*  1 */
+#else
+		for (i=30; i>0; i-=8)
+			{
+			D_ENCRYPT(l,r,i-0); /* 16 */
+			D_ENCRYPT(r,l,i-2); /* 15 */
+			D_ENCRYPT(l,r,i-4); /* 14 */
+			D_ENCRYPT(r,l,i-6); /* 13 */
+			}
+#endif
+		}
+	/* rotate and clear the top bits on machines with 8byte longs */
+	data[0]=ROTATE(l,3)&0xffffffffL;
+	data[1]=ROTATE(r,3)&0xffffffffL;
+	l=r=t=u=0;
+	}
+
+void des_encrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2,
+	     des_key_schedule ks3)
+	{
+	register DES_LONG l,r;
+
+	l=data[0];
+	r=data[1];
+	IP(l,r);
+	data[0]=l;
+	data[1]=r;
+	des_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
+	des_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
+	des_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
+	l=data[0];
+	r=data[1];
+	FP(r,l);
+	data[0]=l;
+	data[1]=r;
+	}
+
+void des_decrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2,
+	     des_key_schedule ks3)
+	{
+	register DES_LONG l,r;
+
+	l=data[0];
+	r=data[1];
+	IP(l,r);
+	data[0]=l;
+	data[1]=r;
+	des_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
+	des_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
+	des_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
+	l=data[0];
+	r=data[1];
+	FP(r,l);
+	data[0]=l;
+	data[1]=r;
+	}
+
+#ifndef DES_DEFAULT_OPTIONS
+
+#undef CBC_ENC_C__DONT_UPDATE_IV
+
+void des_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+	     long length, des_key_schedule ks1, des_key_schedule ks2,
+	     des_key_schedule ks3, des_cblock *ivec, int enc)
+	{
+	register DES_LONG tin0,tin1;
+	register DES_LONG tout0,tout1,xor0,xor1;
+	register const unsigned char *in;
+	unsigned char *out;
+	register long l=length;
+	DES_LONG tin[2];
+	unsigned char *iv;
+
+	in=input;
+	out=output;
+	iv = &(*ivec)[0];
+
+	if (enc)
+		{
+		c2l(iv,tout0);
+		c2l(iv,tout1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			tin0^=tout0;
+			tin1^=tout1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			l2c(tout0,out);
+			l2c(tout1,out);
+			}
+		if (l != -8)
+			{
+			c2ln(in,tin0,tin1,l+8);
+			tin0^=tout0;
+			tin1^=tout1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			l2c(tout0,out);
+			l2c(tout1,out);
+			}
+		iv = &(*ivec)[0];
+		l2c(tout0,iv);
+		l2c(tout1,iv);
+		}
+	else
+		{
+		register DES_LONG t0,t1;
+
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+
+			t0=tin0;
+			t1=tin1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			tout0^=xor0;
+			tout1^=xor1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			xor0=t0;
+			xor1=t1;
+			}
+		if (l != -8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			
+			t0=tin0;
+			t1=tin1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+		
+			tout0^=xor0;
+			tout1^=xor1;
+			l2cn(tout0,tout1,out,l+8);
+			xor0=t0;
+			xor1=t1;
+			}
+
+		iv = &(*ivec)[0];
+		l2c(xor0,iv);
+		l2c(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
+
+#endif /* DES_DEFAULT_OPTIONS */
diff --git a/crypto/libdes/des_locl.h b/crypto/libdes/des_locl.h
new file mode 100644
index 0000000..8514cd6
--- /dev/null
+++ b/crypto/libdes/des_locl.h
@@ -0,0 +1,402 @@
+/* crypto/des/des_locl.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+#ifndef HEADER_DES_LOCL_H
+#define HEADER_DES_LOCL_H
+
+#if defined(WIN32) || defined(WIN16)
+#ifndef MSDOS
+#define MSDOS
+#endif
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#ifdef MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
+#include <stdlib.h>
+#include <errno.h>
+#include <time.h>
+#include <io.h>
+#endif
+
+#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
+#include <string.h>
+#endif
+
+#include "des.h"
+
+#define ITERATIONS 16
+#define HALF_ITERATIONS 8
+
+/* used in des_read and des_write */
+#define MAXWRITE	(1024*16)
+#define BSIZE		(MAXWRITE+4)
+
+#define c2l(c,l)	(l =((DES_LONG)(*((c)++)))    , \
+			 l|=((DES_LONG)(*((c)++)))<< 8L, \
+			 l|=((DES_LONG)(*((c)++)))<<16L, \
+			 l|=((DES_LONG)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#define c2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
+			case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
+			case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
+			case 5: l2|=((DES_LONG)(*(--(c))));     \
+			case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
+			case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
+			case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
+			case 1: l1|=((DES_LONG)(*(--(c))));     \
+				} \
+			}
+
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* replacements for htonl and ntohl since I have no idea what to do
+ * when faced with machines with 8 byte longs. */
+#define HDRSIZE 4
+
+#define n2l(c,l)	(l =((DES_LONG)(*((c)++)))<<24L, \
+			 l|=((DES_LONG)(*((c)++)))<<16L, \
+			 l|=((DES_LONG)(*((c)++)))<< 8L, \
+			 l|=((DES_LONG)(*((c)++))))
+
+#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#define l2cn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+				} \
+			}
+
+#if defined(WIN32)
+#define	ROTATE(a,n)	(_lrotr(a,n))
+#else
+#define	ROTATE(a,n)	(((a)>>(n))+((a)<<(32-(n))))
+#endif
+
+/* Don't worry about the LOAD_DATA() stuff, that is used by
+ * fcrypt() to add it's little bit to the front */
+
+#ifdef DES_FCRYPT
+
+#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
+	{ DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
+
+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+	t=R^(R>>16L); \
+	u=t&E0; t&=E1; \
+	tmp=(u<<16); u^=R^s[S  ]; u^=tmp; \
+	tmp=(t<<16); t^=R^s[S+1]; t^=tmp
+#else
+#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+	u=R^s[S  ]; \
+	t=R^s[S+1]
+#endif
+
+/* The changes to this macro may help or hinder, depending on the
+ * compiler and the achitecture.  gcc2 always seems to do well :-).
+ * Inspired by Dana How <how@isl.stanford.edu>
+ * DO NOT use the alternative version on machines with 8 byte longs.
+ * It does not seem to work on the Alpha, even when DES_LONG is 4
+ * bytes, probably an issue of accessing non-word aligned objects :-( */
+#ifdef DES_PTR
+
+/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there
+ * is no reason to not xor all the sub items together.  This potentially
+ * saves a register since things can be xored directly into L */
+
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+#define D_ENCRYPT(LL,R,S) { \
+	unsigned int u1,u2,u3; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0xfc; \
+	u2&=0xfc; \
+	t=ROTATE(t,4); \
+	u>>=16L; \
+	LL^= *(const DES_LONG *)(des_SP      +u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
+	u3=(int)(u>>8L); \
+	u1=(int)u&0xfc; \
+	u3&=0xfc; \
+	LL^= *(const DES_LONG *)(des_SP+0x400+u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x600+u3); \
+	u2=(int)t>>8L; \
+	u1=(int)t&0xfc; \
+	u2&=0xfc; \
+	t>>=16L; \
+	LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
+	u3=(int)t>>8L; \
+	u1=(int)t&0xfc; \
+	u3&=0xfc; \
+	LL^= *(const DES_LONG *)(des_SP+0x500+u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x700+u3); }
+#endif
+#ifdef DES_RISC2
+#define D_ENCRYPT(LL,R,S) { \
+	unsigned int u1,u2,s1,s2; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0xfc; \
+	u2&=0xfc; \
+	t=ROTATE(t,4); \
+	LL^= *(const DES_LONG *)(des_SP      +u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
+	s1=(int)(u>>16L); \
+	s2=(int)(u>>24L); \
+	s1&=0xfc; \
+	s2&=0xfc; \
+	LL^= *(const DES_LONG *)(des_SP+0x400+s1); \
+	LL^= *(const DES_LONG *)(des_SP+0x600+s2); \
+	u2=(int)t>>8L; \
+	u1=(int)t&0xfc; \
+	u2&=0xfc; \
+	LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
+	s1=(int)(t>>16L); \
+	s2=(int)(t>>24L); \
+	s1&=0xfc; \
+	s2&=0xfc; \
+	LL^= *(const DES_LONG *)(des_SP+0x500+s1); \
+	LL^= *(const DES_LONG *)(des_SP+0x700+s2); }
+#endif
+#else
+#define D_ENCRYPT(LL,R,S) { \
+	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+	t=ROTATE(t,4); \
+	LL^= \
+	*(const DES_LONG *)(des_SP      +((u     )&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x100+((t     )&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }
+#endif
+
+#else /* original version */
+
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+#define D_ENCRYPT(LL,R,S) {\
+	unsigned int u1,u2,u3; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u>>=2L; \
+	t=ROTATE(t,6); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0x3f; \
+	u2&=0x3f; \
+	u>>=16L; \
+	LL^=des_SPtrans[0][u1]; \
+	LL^=des_SPtrans[2][u2]; \
+	u3=(int)u>>8L; \
+	u1=(int)u&0x3f; \
+	u3&=0x3f; \
+	LL^=des_SPtrans[4][u1]; \
+	LL^=des_SPtrans[6][u3]; \
+	u2=(int)t>>8L; \
+	u1=(int)t&0x3f; \
+	u2&=0x3f; \
+	t>>=16L; \
+	LL^=des_SPtrans[1][u1]; \
+	LL^=des_SPtrans[3][u2]; \
+	u3=(int)t>>8L; \
+	u1=(int)t&0x3f; \
+	u3&=0x3f; \
+	LL^=des_SPtrans[5][u1]; \
+	LL^=des_SPtrans[7][u3]; }
+#endif
+#ifdef DES_RISC2
+#define D_ENCRYPT(LL,R,S) {\
+	unsigned int u1,u2,s1,s2; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u>>=2L; \
+	t=ROTATE(t,6); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0x3f; \
+	u2&=0x3f; \
+	LL^=des_SPtrans[0][u1]; \
+	LL^=des_SPtrans[2][u2]; \
+	s1=(int)u>>16L; \
+	s2=(int)u>>24L; \
+	s1&=0x3f; \
+	s2&=0x3f; \
+	LL^=des_SPtrans[4][s1]; \
+	LL^=des_SPtrans[6][s2]; \
+	u2=(int)t>>8L; \
+	u1=(int)t&0x3f; \
+	u2&=0x3f; \
+	LL^=des_SPtrans[1][u1]; \
+	LL^=des_SPtrans[3][u2]; \
+	s1=(int)t>>16; \
+	s2=(int)t>>24L; \
+	s1&=0x3f; \
+	s2&=0x3f; \
+	LL^=des_SPtrans[5][s1]; \
+	LL^=des_SPtrans[7][s2]; }
+#endif
+
+#else
+
+#define D_ENCRYPT(LL,R,S) {\
+	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+	t=ROTATE(t,4); \
+	LL^=\
+		des_SPtrans[0][(u>> 2L)&0x3f]^ \
+		des_SPtrans[2][(u>>10L)&0x3f]^ \
+		des_SPtrans[4][(u>>18L)&0x3f]^ \
+		des_SPtrans[6][(u>>26L)&0x3f]^ \
+		des_SPtrans[1][(t>> 2L)&0x3f]^ \
+		des_SPtrans[3][(t>>10L)&0x3f]^ \
+		des_SPtrans[5][(t>>18L)&0x3f]^ \
+		des_SPtrans[7][(t>>26L)&0x3f]; }
+#endif
+#endif
+
+	/* IP and FP
+	 * The problem is more of a geometric problem that random bit fiddling.
+	 0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
+	 8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
+	16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
+	24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
+
+	32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
+	40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
+	48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
+	56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
+
+	The output has been subject to swaps of the form
+	0 1 -> 3 1 but the odd and even bits have been put into
+	2 3    2 0
+	different words.  The main trick is to remember that
+	t=((l>>size)^r)&(mask);
+	r^=t;
+	l^=(t<<size);
+	can be used to swap and move bits between words.
+
+	So l =  0  1  2  3  r = 16 17 18 19
+	        4  5  6  7      20 21 22 23
+	        8  9 10 11      24 25 26 27
+	       12 13 14 15      28 29 30 31
+	becomes (for size == 2 and mask == 0x3333)
+	   t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
+		 6^20  7^21 -- --        4  5 20 21       6  7 22 23
+		10^24 11^25 -- --        8  9 24 25      10 11 24 25
+		14^28 15^29 -- --       12 13 28 29      14 15 28 29
+
+	Thanks for hints from Richard Outerbridge - he told me IP&FP
+	could be done in 15 xor, 10 shifts and 5 ands.
+	When I finally started to think of the problem in 2D
+	I first got ~42 operations without xors.  When I remembered
+	how to use xors :-) I got it to its final state.
+	*/
+#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+	(b)^=(t),\
+	(a)^=((t)<<(n)))
+
+#define IP(l,r) \
+	{ \
+	register DES_LONG tt; \
+	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
+	PERM_OP(l,r,tt,16,0x0000ffffL); \
+	PERM_OP(r,l,tt, 2,0x33333333L); \
+	PERM_OP(l,r,tt, 8,0x00ff00ffL); \
+	PERM_OP(r,l,tt, 1,0x55555555L); \
+	}
+
+#define FP(l,r) \
+	{ \
+	register DES_LONG tt; \
+	PERM_OP(l,r,tt, 1,0x55555555L); \
+	PERM_OP(r,l,tt, 8,0x00ff00ffL); \
+	PERM_OP(l,r,tt, 2,0x33333333L); \
+	PERM_OP(r,l,tt,16,0x0000ffffL); \
+	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
+	}
+
+extern const DES_LONG des_SPtrans[8][64];
+
+void fcrypt_body(DES_LONG *out,des_key_schedule ks,
+	DES_LONG Eswap0, DES_LONG Eswap1);
+#endif
diff --git a/crypto/libdes/des_locl.org b/crypto/libdes/des_locl.org
new file mode 100644
index 0000000..844d765
--- /dev/null
+++ b/crypto/libdes/des_locl.org
@@ -0,0 +1,503 @@
+/* crypto/des/des_locl.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+#ifndef HEADER_DES_LOCL_H
+#define HEADER_DES_LOCL_H
+
+#if defined(WIN32) || defined(WIN16)
+#ifndef MSDOS
+#define MSDOS
+#endif
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifndef MSDOS
+#include <unistd.h>
+#endif
+#include "des.h"
+
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )		/* Newer Sparc's */
+  #define DES_PTR
+  #define DES_RISC1
+  #define DES_UNROLL
+#elif defined( __ultrix )	/* Older MIPS */
+  #define DES_PTR
+  #define DES_RISC2
+  #define DES_UNROLL
+#elif defined( __osf1__ )	/* Alpha */
+  #define DES_PTR
+  #define DES_RISC2
+#elif defined ( _AIX )		/* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )		/* HP-PA */
+  /* Unknown */
+#elif defined( __aux )		/* 68K */
+  /* Unknown */
+#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
+  #define DES_UNROLL
+#elif defined( __sgi )		/* Newer MIPS */
+  #define DES_PTR
+  #define DES_RISC2
+  #define DES_UNROLL
+#elif defined( i386 )		/* x86 boxes, should be gcc */
+  #define DES_PTR
+  #define DES_RISC1
+  #define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+
+#ifdef MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
+#include <stdlib.h>
+#include <errno.h>
+#include <time.h>
+#include <io.h>
+#ifndef RAND
+#define RAND
+#endif
+#undef NOPROTO
+#endif
+
+#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
+#include <string.h>
+#endif
+
+#ifndef RAND
+#define RAND
+#endif
+
+#ifdef linux
+#undef RAND
+#endif
+
+#ifdef MSDOS
+#define getpid() 2
+#define RAND
+#undef NOPROTO
+#endif
+
+#if defined(NOCONST)
+#define const
+#endif
+
+#ifdef __STDC__
+#undef NOPROTO
+#endif
+
+#ifdef RAND
+#define srandom(s) srand(s)
+#define random rand
+#endif
+
+#define ITERATIONS 16
+#define HALF_ITERATIONS 8
+
+/* used in des_read and des_write */
+#define MAXWRITE	(1024*16)
+#define BSIZE		(MAXWRITE+4)
+
+#define c2l(c,l)	(l =((DES_LONG)(*((c)++)))    , \
+			 l|=((DES_LONG)(*((c)++)))<< 8L, \
+			 l|=((DES_LONG)(*((c)++)))<<16L, \
+			 l|=((DES_LONG)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#define c2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
+			case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
+			case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
+			case 5: l2|=((DES_LONG)(*(--(c))));     \
+			case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
+			case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
+			case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
+			case 1: l1|=((DES_LONG)(*(--(c))));     \
+				} \
+			}
+
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* replacements for htonl and ntohl since I have no idea what to do
+ * when faced with machines with 8 byte longs. */
+#define HDRSIZE 4
+
+#define n2l(c,l)	(l =((DES_LONG)(*((c)++)))<<24L, \
+			 l|=((DES_LONG)(*((c)++)))<<16L, \
+			 l|=((DES_LONG)(*((c)++)))<< 8L, \
+			 l|=((DES_LONG)(*((c)++))))
+
+#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#define l2cn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+				} \
+			}
+
+#if defined(WIN32)
+#define	ROTATE(a,n)	(_lrotr(a,n))
+#else
+#define	ROTATE(a,n)	(((a)>>(n))+((a)<<(32-(n))))
+#endif
+
+/* Don't worry about the LOAD_DATA() stuff, that is used by
+ * fcrypt() to add it's little bit to the front */
+
+#ifdef DES_FCRYPT
+
+#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
+	{ DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
+
+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+	t=R^(R>>16L); \
+	u=t&E0; t&=E1; \
+	tmp=(u<<16); u^=R^s[S  ]; u^=tmp; \
+	tmp=(t<<16); t^=R^s[S+1]; t^=tmp
+#else
+#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+	u=R^s[S  ]; \
+	t=R^s[S+1]
+#endif
+
+/* The changes to this macro may help or hinder, depending on the
+ * compiler and the achitecture.  gcc2 always seems to do well :-).
+ * Inspired by Dana How <how@isl.stanford.edu>
+ * DO NOT use the alternative version on machines with 8 byte longs.
+ * It does not seem to work on the Alpha, even when DES_LONG is 4
+ * bytes, probably an issue of accessing non-word aligned objects :-( */
+#ifdef DES_PTR
+
+/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there
+ * is no reason to not xor all the sub items together.  This potentially
+ * saves a register since things can be xored directly into L */
+
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+#define D_ENCRYPT(LL,R,S) { \
+	unsigned int u1,u2,u3; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0xfc; \
+	u2&=0xfc; \
+	t=ROTATE(t,4); \
+	u>>=16L; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP      +u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
+	u3=(int)(u>>8L); \
+	u1=(int)u&0xfc; \
+	u3&=0xfc; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+u3); \
+	u2=(int)t>>8L; \
+	u1=(int)t&0xfc; \
+	u2&=0xfc; \
+	t>>=16L; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
+	u3=(int)t>>8L; \
+	u1=(int)t&0xfc; \
+	u3&=0xfc; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+u3); }
+#endif
+#ifdef DES_RISC2
+#define D_ENCRYPT(LL,R,S) { \
+	unsigned int u1,u2,s1,s2; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0xfc; \
+	u2&=0xfc; \
+	t=ROTATE(t,4); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP      +u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
+	s1=(int)(u>>16L); \
+	s2=(int)(u>>24L); \
+	s1&=0xfc; \
+	s2&=0xfc; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+s1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+s2); \
+	u2=(int)t>>8L; \
+	u1=(int)t&0xfc; \
+	u2&=0xfc; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
+	s1=(int)(t>>16L); \
+	s2=(int)(t>>24L); \
+	s1&=0xfc; \
+	s2&=0xfc; \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+s1); \
+	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+s2); }
+#endif
+#else
+#define D_ENCRYPT(LL,R,S) { \
+	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+	t=ROTATE(t,4); \
+	LL^= \
+	*(DES_LONG *)((unsigned char *)des_SP      +((u     )&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x200+((u>> 8L)&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x400+((u>>16L)&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x600+((u>>24L)&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x100+((t     )&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x300+((t>> 8L)&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x500+((t>>16L)&0xfc))^ \
+	*(DES_LONG *)((unsigned char *)des_SP+0x700+((t>>24L)&0xfc)); }
+#endif
+
+#else /* original version */
+
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+#define D_ENCRYPT(LL,R,S) {\
+	unsigned int u1,u2,u3; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u>>=2L; \
+	t=ROTATE(t,6); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0x3f; \
+	u2&=0x3f; \
+	u>>=16L; \
+	LL^=des_SPtrans[0][u1]; \
+	LL^=des_SPtrans[2][u2]; \
+	u3=(int)u>>8L; \
+	u1=(int)u&0x3f; \
+	u3&=0x3f; \
+	LL^=des_SPtrans[4][u1]; \
+	LL^=des_SPtrans[6][u3]; \
+	u2=(int)t>>8L; \
+	u1=(int)t&0x3f; \
+	u2&=0x3f; \
+	t>>=16L; \
+	LL^=des_SPtrans[1][u1]; \
+	LL^=des_SPtrans[3][u2]; \
+	u3=(int)t>>8L; \
+	u1=(int)t&0x3f; \
+	u3&=0x3f; \
+	LL^=des_SPtrans[5][u1]; \
+	LL^=des_SPtrans[7][u3]; }
+#endif
+#ifdef DES_RISC2
+#define D_ENCRYPT(LL,R,S) {\
+	unsigned int u1,u2,s1,s2; \
+	LOAD_DATA(R,S,u,t,E0,E1,u1); \
+	u>>=2L; \
+	t=ROTATE(t,6); \
+	u2=(int)u>>8L; \
+	u1=(int)u&0x3f; \
+	u2&=0x3f; \
+	LL^=des_SPtrans[0][u1]; \
+	LL^=des_SPtrans[2][u2]; \
+	s1=(int)u>>16L; \
+	s2=(int)u>>24L; \
+	s1&=0x3f; \
+	s2&=0x3f; \
+	LL^=des_SPtrans[4][s1]; \
+	LL^=des_SPtrans[6][s2]; \
+	u2=(int)t>>8L; \
+	u1=(int)t&0x3f; \
+	u2&=0x3f; \
+	LL^=des_SPtrans[1][u1]; \
+	LL^=des_SPtrans[3][u2]; \
+	s1=(int)t>>16; \
+	s2=(int)t>>24L; \
+	s1&=0x3f; \
+	s2&=0x3f; \
+	LL^=des_SPtrans[5][s1]; \
+	LL^=des_SPtrans[7][s2]; }
+#endif
+
+#else
+
+#define D_ENCRYPT(LL,R,S) {\
+	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+	t=ROTATE(t,4); \
+	LL^=\
+		des_SPtrans[0][(u>> 2L)&0x3f]^ \
+		des_SPtrans[2][(u>>10L)&0x3f]^ \
+		des_SPtrans[4][(u>>18L)&0x3f]^ \
+		des_SPtrans[6][(u>>26L)&0x3f]^ \
+		des_SPtrans[1][(t>> 2L)&0x3f]^ \
+		des_SPtrans[3][(t>>10L)&0x3f]^ \
+		des_SPtrans[5][(t>>18L)&0x3f]^ \
+		des_SPtrans[7][(t>>26L)&0x3f]; }
+#endif
+#endif
+
+	/* IP and FP
+	 * The problem is more of a geometric problem that random bit fiddling.
+	 0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
+	 8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
+	16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
+	24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
+
+	32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
+	40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
+	48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
+	56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
+
+	The output has been subject to swaps of the form
+	0 1 -> 3 1 but the odd and even bits have been put into
+	2 3    2 0
+	different words.  The main trick is to remember that
+	t=((l>>size)^r)&(mask);
+	r^=t;
+	l^=(t<<size);
+	can be used to swap and move bits between words.
+
+	So l =  0  1  2  3  r = 16 17 18 19
+	        4  5  6  7      20 21 22 23
+	        8  9 10 11      24 25 26 27
+	       12 13 14 15      28 29 30 31
+	becomes (for size == 2 and mask == 0x3333)
+	   t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
+		 6^20  7^21 -- --        4  5 20 21       6  7 22 23
+		10^24 11^25 -- --        8  9 24 25      10 11 24 25
+		14^28 15^29 -- --       12 13 28 29      14 15 28 29
+
+	Thanks for hints from Richard Outerbridge - he told me IP&FP
+	could be done in 15 xor, 10 shifts and 5 ands.
+	When I finally started to think of the problem in 2D
+	I first got ~42 operations without xors.  When I remembered
+	how to use xors :-) I got it to its final state.
+	*/
+#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+	(b)^=(t),\
+	(a)^=((t)<<(n)))
+
+#define IP(l,r) \
+	{ \
+	register DES_LONG tt; \
+	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
+	PERM_OP(l,r,tt,16,0x0000ffffL); \
+	PERM_OP(r,l,tt, 2,0x33333333L); \
+	PERM_OP(l,r,tt, 8,0x00ff00ffL); \
+	PERM_OP(r,l,tt, 1,0x55555555L); \
+	}
+
+#define FP(l,r) \
+	{ \
+	register DES_LONG tt; \
+	PERM_OP(l,r,tt, 1,0x55555555L); \
+	PERM_OP(r,l,tt, 8,0x00ff00ffL); \
+	PERM_OP(l,r,tt, 2,0x33333333L); \
+	PERM_OP(r,l,tt,16,0x0000ffffL); \
+	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
+	}
+
+extern const DES_LONG des_SPtrans[8][64];
+
+#endif
diff --git a/crypto/libdes/des_opts.c b/crypto/libdes/des_opts.c
new file mode 100644
index 0000000..746c456
--- /dev/null
+++ b/crypto/libdes/des_opts.c
@@ -0,0 +1,604 @@
+/* crypto/des/des_opts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#include <stdio.h>
+#ifndef MSDOS
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD
+#else
+#include <io.h>
+extern void exit();
+#endif
+#include <signal.h>
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/des.h>
+#include "spr.h"
+
+#define DES_DEFAULT_OPTIONS
+
+#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4)
+#define PART1
+#define PART2
+#define PART3
+#define PART4
+#endif
+
+#ifdef PART1
+
+#undef DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#define des_encrypt  des_encrypt_u4_cisc_idx
+#define des_encrypt2 des_encrypt2_u4_cisc_idx
+#define des_encrypt3 des_encrypt3_u4_cisc_idx
+#define des_decrypt3 des_decrypt3_u4_cisc_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_cisc_idx
+#define des_encrypt2 des_encrypt2_u16_cisc_idx
+#define des_encrypt3 des_encrypt3_u16_cisc_idx
+#define des_decrypt3 des_decrypt3_u16_cisc_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#undef DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc1_idx
+#define des_encrypt2 des_encrypt2_u4_risc1_idx
+#define des_encrypt3 des_encrypt3_u4_risc1_idx
+#define des_decrypt3 des_decrypt3_u4_risc1_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#endif
+
+#ifdef PART2
+
+#undef DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc2_idx
+#define des_encrypt2 des_encrypt2_u4_risc2_idx
+#define des_encrypt3 des_encrypt3_u4_risc2_idx
+#define des_decrypt3 des_decrypt3_u4_risc2_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc1_idx
+#define des_encrypt2 des_encrypt2_u16_risc1_idx
+#define des_encrypt3 des_encrypt3_u16_risc1_idx
+#define des_decrypt3 des_decrypt3_u16_risc1_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc2_idx
+#define des_encrypt2 des_encrypt2_u16_risc2_idx
+#define des_encrypt3 des_encrypt3_u16_risc2_idx
+#define des_decrypt3 des_decrypt3_u16_risc2_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#endif
+
+#ifdef PART3
+
+#undef DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_cisc_ptr
+#define des_encrypt2 des_encrypt2_u4_cisc_ptr
+#define des_encrypt3 des_encrypt3_u4_cisc_ptr
+#define des_decrypt3 des_decrypt3_u4_cisc_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_cisc_ptr
+#define des_encrypt2 des_encrypt2_u16_cisc_ptr
+#define des_encrypt3 des_encrypt3_u16_cisc_ptr
+#define des_decrypt3 des_decrypt3_u16_cisc_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#undef DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc1_ptr
+#define des_encrypt2 des_encrypt2_u4_risc1_ptr
+#define des_encrypt3 des_encrypt3_u4_risc1_ptr
+#define des_decrypt3 des_decrypt3_u4_risc1_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#endif
+
+#ifdef PART4
+
+#undef DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u4_risc2_ptr
+#define des_encrypt2 des_encrypt2_u4_risc2_ptr
+#define des_encrypt3 des_encrypt3_u4_risc2_ptr
+#define des_decrypt3 des_decrypt3_u4_risc2_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc1_ptr
+#define des_encrypt2 des_encrypt2_u16_risc1_ptr
+#define des_encrypt3 des_encrypt3_u16_risc1_ptr
+#define des_decrypt3 des_decrypt3_u16_risc1_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef des_encrypt
+#undef des_encrypt2
+#undef des_encrypt3
+#undef des_decrypt3
+#define des_encrypt  des_encrypt_u16_risc2_ptr
+#define des_encrypt2 des_encrypt2_u16_risc2_ptr
+#define des_encrypt3 des_encrypt3_u16_risc2_ptr
+#define des_decrypt3 des_decrypt3_u16_risc2_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#endif
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   define HZ	100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#define BUFSIZE	((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+double Time_F(int s)
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#endif
+	}
+
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+	
+#define time_it(func,name,index) \
+	print_name(name); \
+	Time_F(START); \
+	for (count=0,run=1; COND(cb); count++) \
+		{ \
+		unsigned long d[2]; \
+		func(d,&(sch[0]),DES_ENCRYPT); \
+		} \
+	tm[index]=Time_F(STOP); \
+	fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+	tm[index]=((double)COUNT(cb))/tm[index];
+
+#define print_it(name,index) \
+	fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+		tm[index]*8,1.0e6/tm[index]);
+
+int main(int argc, char **argv)
+	{
+	long count;
+	static unsigned char buf[BUFSIZE];
+	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	des_key_schedule sch,sch2,sch3;
+	double d,tm[16],max=0;
+	int rank[16];
+	char *str[16];
+	int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+	long ca,cb,cc,cd,ce;
+#endif
+
+	for (i=0; i<12; i++)
+		{
+		tm[i]=0.0;
+		rank[i]=0;
+		}
+
+#ifndef TIMES
+	fprintf(stderr,"To get the most acurate results, try to run this\n");
+	fprintf(stderr,"program when this computer is idle.\n");
+#endif
+
+	des_set_key(&key,sch);
+	des_set_key(&key2,sch2);
+	des_set_key(&key3,sch3);
+
+#ifndef SIGALRM
+	fprintf(stderr,"First we calculate the approximate speed ...\n");
+	des_set_key(&key,sch);
+	count=10;
+	do	{
+		long i;
+		unsigned long data[2];
+
+		count*=2;
+		Time_F(START);
+		for (i=count; i; i--)
+			des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+		d=Time_F(STOP);
+		} while (d < 3.0);
+	ca=count;
+	cb=count*3;
+	cc=count*3*8/BUFSIZE+1;
+	cd=count*8/BUFSIZE+1;
+
+	ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+
+#ifdef PART1
+	time_it(des_encrypt_u4_cisc_idx,  "des_encrypt_u4_cisc_idx  ", 0);
+	time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1);
+	time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2);
+	num+=3;
+#endif
+#ifdef PART2
+	time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3);
+	time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4);
+	time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5);
+	num+=3;
+#endif
+#ifdef PART3
+	time_it(des_encrypt_u4_cisc_ptr,  "des_encrypt_u4_cisc_ptr  ", 6);
+	time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7);
+	time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8);
+	num+=3;
+#endif
+#ifdef PART4
+	time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9);
+	time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10);
+	time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11);
+	num+=3;
+#endif
+
+#ifdef PART1
+	str[0]=" 4  c i";
+	print_it("des_encrypt_u4_cisc_idx  ",0);
+	max=tm[0];
+	max_idx=0;
+	str[1]="16  c i";
+	print_it("des_encrypt_u16_cisc_idx ",1);
+	if (max < tm[1]) { max=tm[1]; max_idx=1; }
+	str[2]=" 4 r1 i";
+	print_it("des_encrypt_u4_risc1_idx ",2);
+	if (max < tm[2]) { max=tm[2]; max_idx=2; }
+#endif
+#ifdef PART2
+	str[3]="16 r1 i";
+	print_it("des_encrypt_u16_risc1_idx",3);
+	if (max < tm[3]) { max=tm[3]; max_idx=3; }
+	str[4]=" 4 r2 i";
+	print_it("des_encrypt_u4_risc2_idx ",4);
+	if (max < tm[4]) { max=tm[4]; max_idx=4; }
+	str[5]="16 r2 i";
+	print_it("des_encrypt_u16_risc2_idx",5);
+	if (max < tm[5]) { max=tm[5]; max_idx=5; }
+#endif
+#ifdef PART3
+	str[6]=" 4  c p";
+	print_it("des_encrypt_u4_cisc_ptr  ",6);
+	if (max < tm[6]) { max=tm[6]; max_idx=6; }
+	str[7]="16  c p";
+	print_it("des_encrypt_u16_cisc_ptr ",7);
+	if (max < tm[7]) { max=tm[7]; max_idx=7; }
+	str[8]=" 4 r1 p";
+	print_it("des_encrypt_u4_risc1_ptr ",8);
+	if (max < tm[8]) { max=tm[8]; max_idx=8; }
+#endif
+#ifdef PART4
+	str[9]="16 r1 p";
+	print_it("des_encrypt_u16_risc1_ptr",9);
+	if (max < tm[9]) { max=tm[9]; max_idx=9; }
+	str[10]=" 4 r2 p";
+	print_it("des_encrypt_u4_risc2_ptr ",10);
+	if (max < tm[10]) { max=tm[10]; max_idx=10; }
+	str[11]="16 r2 p";
+	print_it("des_encrypt_u16_risc2_ptr",11);
+	if (max < tm[11]) { max=tm[11]; max_idx=11; }
+#endif
+	printf("options    des ecb/s\n");
+	printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+	d=tm[max_idx];
+	tm[max_idx]= -2.0;
+	max= -1.0;
+	for (;;)
+		{
+		for (i=0; i<12; i++)
+			{
+			if (max < tm[i]) { max=tm[i]; j=i; }
+			}
+		if (max < 0.0) break;
+		printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+		tm[j]= -2.0;
+		max= -1.0;
+		}
+
+	switch (max_idx)
+		{
+	case 0:
+		printf("-DDES_DEFAULT_OPTIONS\n");
+		break;
+	case 1:
+		printf("-DDES_UNROLL\n");
+		break;
+	case 2:
+		printf("-DDES_RISC1\n");
+		break;
+	case 3:
+		printf("-DDES_UNROLL -DDES_RISC1\n");
+		break;
+	case 4:
+		printf("-DDES_RISC2\n");
+		break;
+	case 5:
+		printf("-DDES_UNROLL -DDES_RISC2\n");
+		break;
+	case 6:
+		printf("-DDES_PTR\n");
+		break;
+	case 7:
+		printf("-DDES_UNROLL -DDES_PTR\n");
+		break;
+	case 8:
+		printf("-DDES_RISC1 -DDES_PTR\n");
+		break;
+	case 9:
+		printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n");
+		break;
+	case 10:
+		printf("-DDES_RISC2 -DDES_PTR\n");
+		break;
+	case 11:
+		printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n");
+		break;
+		}
+	exit(0);
+#if defined(LINT) || defined(MSDOS)
+	return(0);
+#endif
+	}
diff --git a/crypto/libdes/des_ver.h b/crypto/libdes/des_ver.h
new file mode 100644
index 0000000..70477a7
--- /dev/null
+++ b/crypto/libdes/des_ver.h
@@ -0,0 +1,62 @@
+/* crypto/des/des_ver.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+extern char *DES_version;	/* SSLeay version string */
+extern char *libdes_version;	/* old libdes version string */
diff --git a/crypto/libdes/dess.cpp b/crypto/libdes/dess.cpp
new file mode 100644
index 0000000..753e67a
--- /dev/null
+++ b/crypto/libdes/dess.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/des.h>
+
+void main(int argc,char *argv[])
+	{
+	des_key_schedule key;
+	unsigned long s1,s2,e1,e2;
+	unsigned long data[2];
+	int i,j;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<1000; i++) /**/
+			{
+			des_encrypt(&data[0],key,1);
+			GetTSC(s1);
+			des_encrypt(&data[0],key,1);
+			des_encrypt(&data[0],key,1);
+			des_encrypt(&data[0],key,1);
+			GetTSC(e1);
+			GetTSC(s2);
+			des_encrypt(&data[0],key,1);
+			des_encrypt(&data[0],key,1);
+			des_encrypt(&data[0],key,1);
+			des_encrypt(&data[0],key,1);
+			GetTSC(e2);
+			des_encrypt(&data[0],key,1);
+			}
+
+		printf("des %d %d (%d)\n",
+			e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+		}
+	}
+
diff --git a/crypto/libdes/destest.c b/crypto/libdes/destest.c
new file mode 100644
index 0000000..5a04fc9
--- /dev/null
+++ b/crypto/libdes/destest.c
@@ -0,0 +1,923 @@
+/* crypto/des/destest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#if defined(WIN32) || defined(WIN16) || defined(WINDOWS)
+#ifndef MSDOS
+#define MSDOS
+#endif
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifndef MSDOS
+#if !defined(VMS) || defined(__DECC)
+#include <openssl/opensslconf.h>
+#include OPENSSL_UNISTD
+#endif /* VMS */
+#else
+#include <io.h>
+#endif
+#include <string.h>
+
+#ifdef NO_DES
+int main(int argc, char *argv[])
+{
+    printf("No DES support\n");
+    return(0);
+}
+#else
+#include <openssl/des.h>
+
+#if defined(PERL5) || defined(__FreeBSD__)
+#define crypt(c,s) (des_crypt((c),(s)))
+#endif
+
+/* tisk tisk - the test keys don't all have odd parity :-( */
+/* test data */
+#define NUM_TESTS 34
+static unsigned char key_data[NUM_TESTS][8]={
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
+	{0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
+	{0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
+	{0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
+	{0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
+	{0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
+	{0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
+	{0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
+	{0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
+	{0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
+	{0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
+	{0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
+	{0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
+	{0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
+	{0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
+	{0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
+	{0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
+	{0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
+	{0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
+	{0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
+	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
+
+static unsigned char plain_data[NUM_TESTS][8]={
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
+	{0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
+	{0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
+	{0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
+	{0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
+	{0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
+	{0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
+	{0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
+	{0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
+	{0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
+	{0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
+	{0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
+	{0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
+	{0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
+	{0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
+	{0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
+	{0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
+	{0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
+	{0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
+
+static unsigned char cipher_data[NUM_TESTS][8]={
+	{0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
+	{0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58},
+	{0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B},
+	{0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33},
+	{0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D},
+	{0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD},
+	{0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
+	{0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4},
+	{0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B},
+	{0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71},
+	{0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A},
+	{0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A},
+	{0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95},
+	{0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B},
+	{0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09},
+	{0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A},
+	{0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F},
+	{0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88},
+	{0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77},
+	{0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A},
+	{0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56},
+	{0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56},
+	{0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56},
+	{0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC},
+	{0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A},
+	{0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41},
+	{0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93},
+	{0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00},
+	{0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06},
+	{0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7},
+	{0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51},
+	{0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE},
+	{0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D},
+	{0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}};
+
+static unsigned char cipher_ecb2[NUM_TESTS-1][8]={
+	{0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E},
+	{0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16},
+	{0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27},
+	{0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6},
+	{0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25},
+	{0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A},
+	{0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74},
+	{0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6},
+	{0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67},
+	{0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10},
+	{0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85},
+	{0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA},
+	{0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3},
+	{0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3},
+	{0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A},
+	{0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69},
+	{0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1},
+	{0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7},
+	{0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F},
+	{0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87},
+	{0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A},
+	{0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE},
+	{0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3},
+	{0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD},
+	{0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84},
+	{0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85},
+	{0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC},
+	{0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89},
+	{0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E},
+	{0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89},
+	{0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7},
+	{0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8},
+	{0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};
+
+static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static unsigned char cbc_iv  [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+/* Changed the following text constant to binary so it will work on ebcdic
+ * machines :-) */
+/* static char cbc_data[40]="7654321 Now is the time for \0001"; */
+static unsigned char cbc_data[40]={
+	0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x20,
+	0x4E,0x6F,0x77,0x20,0x69,0x73,0x20,0x74,
+	0x68,0x65,0x20,0x74,0x69,0x6D,0x65,0x20,
+	0x66,0x6F,0x72,0x20,0x00,0x31,0x00,0x00,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	};
+
+static unsigned char cbc_ok[32]={
+	0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
+	0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb,
+	0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
+	0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+
+static unsigned char xcbc_ok[32]={
+	0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,
+	0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,
+	0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,
+	0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,
+	};
+
+static unsigned char cbc3_ok[32]={
+	0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
+	0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC,
+	0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4,
+	0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75};
+
+static unsigned char pcbc_ok[32]={
+	0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
+	0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15,
+	0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f,
+	0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88};
+
+static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+static unsigned char plain[24]=
+	{
+	0x4e,0x6f,0x77,0x20,0x69,0x73,
+	0x20,0x74,0x68,0x65,0x20,0x74,
+	0x69,0x6d,0x65,0x20,0x66,0x6f,
+	0x72,0x20,0x61,0x6c,0x6c,0x20
+	};
+static unsigned char cfb_cipher8[24]= {
+	0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8,
+	0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 };
+static unsigned char cfb_cipher16[24]={
+	0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70,
+	0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B };
+static unsigned char cfb_cipher32[24]={
+	0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD,
+	0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 };
+static unsigned char cfb_cipher48[24]={
+	0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85,
+	0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F };
+static unsigned char cfb_cipher64[24]={
+	0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B,
+	0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 };
+
+static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
+static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8];
+static unsigned char ofb_cipher[24]=
+	{
+	0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51,
+	0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f,
+	0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
+	};
+
+DES_LONG cbc_cksum_ret=0xB462FEF7L;
+unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+
+static char *pt(unsigned char *p);
+static int cfb_test(int bits, unsigned char *cfb_cipher);
+static int cfb64_test(unsigned char *cfb_cipher);
+static int ede_cfb64_test(unsigned char *cfb_cipher);
+int main(int argc, char *argv[])
+	{
+	int i,j,err=0;
+	des_cblock in,out,outin,iv3,iv2;
+	des_key_schedule ks,ks2,ks3;
+	unsigned char cbc_in[40];
+	unsigned char cbc_out[40];
+	DES_LONG cs;
+	unsigned char qret[4][4],cret[8];
+	DES_LONG lqret[4];
+	int num;
+	char *str;
+
+#ifndef NO_DESCBCM
+	printf("Doing cbcm\n");
+	if ((j=des_key_sched(&cbc_key,ks)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	if ((j=des_key_sched(&cbc2_key,ks2)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	if ((j=des_key_sched(&cbc3_key,ks3)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	memset(cbc_out,0,40);
+	memset(cbc_in,0,40);
+	i=strlen((char *)cbc_data)+1;
+	/* i=((i+7)/8)*8; */
+	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+	memset(iv2,'\0',sizeof iv2);
+
+	des_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,&iv2,
+			      DES_ENCRYPT);
+	des_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,ks,ks2,ks3,
+			      &iv3,&iv2,DES_ENCRYPT);
+	/*	if (memcmp(cbc_out,cbc3_ok,
+		(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
+		{
+		printf("des_ede3_cbc_encrypt encrypt error\n");
+		err=1;
+		}
+	*/
+	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+	memset(iv2,'\0',sizeof iv2);
+	des_ede3_cbcm_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,&iv2,DES_DECRYPT);
+	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+		{
+		int n;
+
+		printf("des_ede3_cbcm_encrypt decrypt error\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_data[n]);
+		printf("\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_in[n]);
+		printf("\n");
+		err=1;
+		}
+#endif
+
+	printf("Doing ecb\n");
+	for (i=0; i<NUM_TESTS; i++)
+		{
+		if ((j=des_key_sched(&key_data[i],ks)) != 0)
+			{
+			printf("Key error %2d:%d\n",i+1,j);
+			err=1;
+			}
+		memcpy(in,plain_data[i],8);
+		memset(out,0,8);
+		memset(outin,0,8);
+		des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT);
+		des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT);
+
+		if (memcmp(out,cipher_data[i],8) != 0)
+			{
+			printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
+				i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]),
+				pt(out));
+			err=1;
+			}
+		if (memcmp(in,outin,8) != 0)
+			{
+			printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
+				i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
+			err=1;
+			}
+		}
+
+#ifndef LIBDES_LIT
+	printf("Doing ede ecb\n");
+	for (i=0; i<(NUM_TESTS-1); i++)
+		{
+		if ((j=des_key_sched(&key_data[i],ks)) != 0)
+			{
+			err=1;
+			printf("Key error %2d:%d\n",i+1,j);
+			}
+		if ((j=des_key_sched(&key_data[i+1],ks2)) != 0)
+			{
+			printf("Key error %2d:%d\n",i+2,j);
+			err=1;
+			}
+		if ((j=des_key_sched(&key_data[i+2],ks3)) != 0)
+			{
+			printf("Key error %2d:%d\n",i+3,j);
+			err=1;
+			}
+		memcpy(in,plain_data[i],8);
+		memset(out,0,8);
+		memset(outin,0,8);
+		des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT);
+		des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT);
+
+		if (memcmp(out,cipher_ecb2[i],8) != 0)
+			{
+			printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
+				i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]),
+				pt(out));
+			err=1;
+			}
+		if (memcmp(in,outin,8) != 0)
+			{
+			printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
+				i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
+			err=1;
+			}
+		}
+#endif
+
+	printf("Doing cbc\n");
+	if ((j=des_key_sched(&cbc_key,ks)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	memset(cbc_out,0,40);
+	memset(cbc_in,0,40);
+	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+	des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+			 &iv3,DES_ENCRYPT);
+	if (memcmp(cbc_out,cbc_ok,32) != 0)
+		printf("cbc_encrypt encrypt error\n");
+
+	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+	des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
+			 &iv3,DES_DECRYPT);
+	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
+		{
+		printf("cbc_encrypt decrypt error\n");
+		err=1;
+		}
+
+#ifndef LIBDES_LIT
+	printf("Doing desx cbc\n");
+	if ((j=des_key_sched(&cbc_key,ks)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	memset(cbc_out,0,40);
+	memset(cbc_in,0,40);
+	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+	des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+			 &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT);
+	if (memcmp(cbc_out,xcbc_ok,32) != 0)
+		{
+		printf("des_xcbc_encrypt encrypt error\n");
+		}
+	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+	des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
+			 &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT);
+	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+		{
+		printf("des_xcbc_encrypt decrypt error\n");
+		err=1;
+		}
+#endif
+
+	printf("Doing ede cbc\n");
+	if ((j=des_key_sched(&cbc_key,ks)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	if ((j=des_key_sched(&cbc2_key,ks2)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	if ((j=des_key_sched(&cbc3_key,ks3)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	memset(cbc_out,0,40);
+	memset(cbc_in,0,40);
+	i=strlen((char *)cbc_data)+1;
+	/* i=((i+7)/8)*8; */
+	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+
+	des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,DES_ENCRYPT);
+	des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3,
+			     &iv3,DES_ENCRYPT);
+	if (memcmp(cbc_out,cbc3_ok,
+		(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
+		{
+		printf("des_ede3_cbc_encrypt encrypt error\n");
+		err=1;
+		}
+
+	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+	des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT);
+	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+		{
+		printf("des_ede3_cbc_encrypt decrypt error\n");
+		err=1;
+		}
+
+#ifndef LIBDES_LIT
+	printf("Doing pcbc\n");
+	if ((j=des_key_sched(&cbc_key,ks)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	memset(cbc_out,0,40);
+	memset(cbc_in,0,40);
+	des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+			 &cbc_iv,DES_ENCRYPT);
+	if (memcmp(cbc_out,pcbc_ok,32) != 0)
+		{
+		printf("pcbc_encrypt encrypt error\n");
+		err=1;
+		}
+	des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,&cbc_iv,
+			 DES_DECRYPT);
+	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+		{
+		printf("pcbc_encrypt decrypt error\n");
+		err=1;
+		}
+
+	printf("Doing ");
+	printf("cfb8 ");
+	err+=cfb_test(8,cfb_cipher8);
+	printf("cfb16 ");
+	err+=cfb_test(16,cfb_cipher16);
+	printf("cfb32 ");
+	err+=cfb_test(32,cfb_cipher32);
+	printf("cfb48 ");
+	err+=cfb_test(48,cfb_cipher48);
+	printf("cfb64 ");
+	err+=cfb_test(64,cfb_cipher64);
+
+	printf("cfb64() ");
+	err+=cfb64_test(cfb_cipher64);
+
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	for (i=0; i<sizeof(plain); i++)
+		des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
+			8,1,ks,&cfb_tmp,DES_ENCRYPT);
+	if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
+		{
+		printf("cfb_encrypt small encrypt error\n");
+		err=1;
+		}
+
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	for (i=0; i<sizeof(plain); i++)
+		des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
+			8,1,ks,&cfb_tmp,DES_DECRYPT);
+	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+		{
+		printf("cfb_encrypt small decrypt error\n");
+		err=1;
+		}
+
+	printf("ede_cfb64() ");
+	err+=ede_cfb64_test(cfb_cipher64);
+
+	printf("done\n");
+
+	printf("Doing ofb\n");
+	des_key_sched(&ofb_key,ks);
+	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+	des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,ks,&ofb_tmp);
+	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+		{
+		printf("ofb_encrypt encrypt error\n");
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3],
+ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]);
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3],
+ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
+		err=1;
+		}
+	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+	des_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,ks,&ofb_tmp);
+	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+		{
+		printf("ofb_encrypt decrypt error\n");
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3],
+ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]);
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+plain[8+0], plain[8+1], plain[8+2], plain[8+3],
+plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
+		err=1;
+		}
+
+	printf("Doing ofb64\n");
+	des_key_sched(&ofb_key,ks);
+	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+	memset(ofb_buf1,0,sizeof(ofb_buf1));
+	memset(ofb_buf2,0,sizeof(ofb_buf1));
+	num=0;
+	for (i=0; i<sizeof(plain); i++)
+		{
+		des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,&ofb_tmp,
+				  &num);
+		}
+	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+		{
+		printf("ofb64_encrypt encrypt error\n");
+		err=1;
+		}
+	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+	num=0;
+	des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,&num);
+	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+		{
+		printf("ofb64_encrypt decrypt error\n");
+		err=1;
+		}
+
+	printf("Doing ede_ofb64\n");
+	des_key_sched(&ofb_key,ks);
+	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+	memset(ofb_buf1,0,sizeof(ofb_buf1));
+	memset(ofb_buf2,0,sizeof(ofb_buf1));
+	num=0;
+	for (i=0; i<sizeof(plain); i++)
+		{
+		des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks,
+				       &ofb_tmp,&num);
+		}
+	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+		{
+		printf("ede_ofb64_encrypt encrypt error\n");
+		err=1;
+		}
+	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+	num=0;
+	des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,
+			       ks,ks,&ofb_tmp,&num);
+	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+		{
+		printf("ede_ofb64_encrypt decrypt error\n");
+		err=1;
+		}
+
+	printf("Doing cbc_cksum\n");
+	des_key_sched(&cbc_key,ks);
+	cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),ks,&cbc_iv);
+	if (cs != cbc_cksum_ret)
+		{
+		printf("bad return value (%08lX), should be %08lX\n",
+			(unsigned long)cs,(unsigned long)cbc_cksum_ret);
+		err=1;
+		}
+	if (memcmp(cret,cbc_cksum_data,8) != 0)
+		{
+		printf("bad cbc_cksum block returned\n");
+		err=1;
+		}
+
+	printf("Doing quad_cksum\n");
+	/* This is obviously done this way especially to puzzle me. Although
+	   quad_cksum returns up to 4 groups of 8 bytes, this test gets it to
+	   produce 2 groups then treats them as 4 groups of 4 bytes.
+	   Ben 13 Feb 1999 */
+	cs=quad_cksum(cbc_data,(des_cblock *)qret,strlen((char *)cbc_data),2,
+		      &cbc_iv);
+
+	{ /* Big-endian fix */
+	static DES_LONG l=1;
+	static unsigned char *c=(unsigned char *)&l;
+	DES_LONG ll;
+
+	j=sizeof(lqret[0])-4;
+	for (i=0; i<4; i++)
+		{
+		lqret[i]=0;
+		memcpy(&(lqret[i]),&(qret[i][0]),4);
+		if (!c[0] && (j > 0))
+			lqret[i]=lqret[i]>>(j*8); /* For Cray */
+		}
+
+	if (!c[0])
+		{
+		ll=lqret[0]^lqret[3];
+		lqret[0]^=ll;
+		lqret[3]^=ll;
+		ll=lqret[1]^lqret[2];
+		lqret[1]^=ll;
+		lqret[2]^=ll;
+		}
+	}
+	if (cs != 0x70d7a63aL)
+		{
+		printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
+			(unsigned long)cs);
+		err=1;
+		}
+	if (lqret[0] != 0x327eba8dL)
+		{
+		printf("quad_cksum error, out[0] %08lx is not %08lx\n",
+			(unsigned long)lqret[0],0x327eba8dUL);
+		err=1;
+		}
+	if (lqret[1] != 0x201a49ccL)
+		{
+		printf("quad_cksum error, out[1] %08lx is not %08lx\n",
+			(unsigned long)lqret[1],0x201a49ccUL);
+		err=1;
+		}
+	if (lqret[2] != 0x70d7a63aL)
+		{
+		printf("quad_cksum error, out[2] %08lx is not %08lx\n",
+			(unsigned long)lqret[2],0x70d7a63aUL);
+		err=1;
+		}
+	if (lqret[3] != 0x501c2c26L)
+		{
+		printf("quad_cksum error, out[3] %08lx is not %08lx\n",
+			(unsigned long)lqret[3],0x501c2c26UL);
+		err=1;
+		}
+#endif
+
+	printf("input word alignment test");
+	for (i=0; i<4; i++)
+		{
+		printf(" %d",i);
+		des_ncbc_encrypt(&(cbc_out[i]),cbc_in,
+				 strlen((char *)cbc_data)+1,ks,
+				 &cbc_iv,DES_ENCRYPT);
+		}
+	printf("\noutput word alignment test");
+	for (i=0; i<4; i++)
+		{
+		printf(" %d",i);
+		des_ncbc_encrypt(cbc_out,&(cbc_in[i]),
+				 strlen((char *)cbc_data)+1,ks,
+				 &cbc_iv,DES_ENCRYPT);
+		}
+	printf("\n");
+	printf("fast crypt test ");
+	str=crypt("testing","ef");
+	if (strcmp("efGnQx2725bI2",str) != 0)
+		{
+		printf("fast crypt error, %s should be efGnQx2725bI2\n",str);
+		err=1;
+		}
+	str=crypt("bca76;23","yA");
+	if (strcmp("yA1Rp/1hZXIJk",str) != 0)
+		{
+		printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);
+		err=1;
+		}
+	printf("\n");
+	exit(err);
+	return(0);
+	}
+
+static char *pt(unsigned char *p)
+	{
+	static char bufs[10][20];
+	static int bnum=0;
+	char *ret;
+	int i;
+	static char *f="0123456789ABCDEF";
+
+	ret= &(bufs[bnum++][0]);
+	bnum%=10;
+	for (i=0; i<8; i++)
+		{
+		ret[i*2]=f[(p[i]>>4)&0xf];
+		ret[i*2+1]=f[p[i]&0xf];
+		}
+	ret[16]='\0';
+	return(ret);
+	}
+
+#ifndef LIBDES_LIT
+
+static int cfb_test(int bits, unsigned char *cfb_cipher)
+	{
+	des_key_schedule ks;
+	int i,err=0;
+
+	des_key_sched(&cfb_key,ks);
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	des_cfb_encrypt(plain,cfb_buf1,bits,sizeof(plain),ks,&cfb_tmp,
+			DES_ENCRYPT);
+	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("cfb_encrypt encrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf1[i])));
+		}
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,sizeof(plain),ks,&cfb_tmp,
+			DES_DECRYPT);
+	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("cfb_encrypt decrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf1[i])));
+		}
+	return(err);
+	}
+
+static int cfb64_test(unsigned char *cfb_cipher)
+	{
+	des_key_schedule ks;
+	int err=0,i,n;
+
+	des_key_sched(&cfb_key,ks);
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	n=0;
+	des_cfb64_encrypt(plain,cfb_buf1,12,ks,&cfb_tmp,&n,DES_ENCRYPT);
+	des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),sizeof(plain)-12,ks,
+			  &cfb_tmp,&n,DES_ENCRYPT);
+	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("cfb_encrypt encrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf1[i])));
+		}
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	n=0;
+	des_cfb64_encrypt(cfb_buf1,cfb_buf2,17,ks,&cfb_tmp,&n,DES_DECRYPT);
+	des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+			  sizeof(plain)-17,ks,&cfb_tmp,&n,DES_DECRYPT);
+	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("cfb_encrypt decrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf2[i])));
+		}
+	return(err);
+	}
+
+static int ede_cfb64_test(unsigned char *cfb_cipher)
+	{
+	des_key_schedule ks;
+	int err=0,i,n;
+
+	des_key_sched(&cfb_key,ks);
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	n=0;
+	des_ede3_cfb64_encrypt(plain,cfb_buf1,12,ks,ks,ks,&cfb_tmp,&n,
+			       DES_ENCRYPT);
+	des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+			       sizeof(plain)-12,ks,ks,ks,
+			       &cfb_tmp,&n,DES_ENCRYPT);
+	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("ede_cfb_encrypt encrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf1[i])));
+		}
+	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+	n=0;
+	des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
+			       &cfb_tmp,&n,DES_DECRYPT);
+	des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+			       sizeof(plain)-17,ks,ks,ks,
+			       &cfb_tmp,&n,DES_DECRYPT);
+	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+		{
+		err=1;
+		printf("ede_cfb_encrypt decrypt error\n");
+		for (i=0; i<24; i+=8)
+			printf("%s\n",pt(&(cfb_buf2[i])));
+		}
+	return(err);
+	}
+
+#endif
+#endif
diff --git a/crypto/libdes/dllmain.c b/crypto/libdes/dllmain.c
new file mode 100644
index 0000000..4eed1f2
--- /dev/null
+++ b/crypto/libdes/dllmain.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      H�gskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: dllmain.c,v 1.5 1997/04/20 06:21:24 assar Exp $");
+#endif
+
+#include <Windows.h>
+
+BOOL WINAPI
+DllMain (HANDLE hInst, 
+	 ULONG reason,
+	 LPVOID lpReserved)
+{
+    switch(reason) {
+    case DLL_PROCESS_ATTACH:
+    case DLL_PROCESS_DETACH:
+    default:
+	return TRUE;
+    }
+}
diff --git a/crypto/libdes/doIP b/crypto/libdes/doIP
new file mode 100755
index 0000000..18cf231
--- /dev/null
+++ b/crypto/libdes/doIP
@@ -0,0 +1,46 @@
+#!/usr/local/bin/perl
+
+@l=(
+	 0, 1, 2, 3, 4, 5, 6, 7,
+	 8, 9,10,11,12,13,14,15,
+	16,17,18,19,20,21,22,23,
+	24,25,26,27,28,29,30,31
+	);
+@r=(
+	32,33,34,35,36,37,38,39,
+	40,41,42,43,44,45,46,47,
+	48,49,50,51,52,53,54,55,
+	56,57,58,59,60,61,62,63
+	);
+
+require 'shifts.pl';
+
+sub PERM_OP
+	{
+	local(*a,*b,*t,$n,$m)=@_;
+
+	@z=&shift(*a,-$n);
+	@z=&xor(*b,*z);
+	@z=&and(*z,$m);
+	@b=&xor(*b,*z);
+	@z=&shift(*z,$n);
+	@a=&xor(*a,*z);
+	}
+
+
+@L=@l;
+@R=@r;
+&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
+&PERM_OP(*L,*R,*T,16,0x0000ffff);
+&PERM_OP(*R,*L,*T,2,0x33333333);
+&PERM_OP(*L,*R,*T,8,0x00ff00ff);
+&PERM_OP(*R,*L,*T,1,0x55555555);
+	&printit(@L);
+	&printit(@R);
+&PERM_OP(*R,*L,*T,1,0x55555555);
+&PERM_OP(*L,*R,*T,8,0x00ff00ff);
+&PERM_OP(*R,*L,*T,2,0x33333333);
+&PERM_OP(*L,*R,*T,16,0x0000ffff);
+&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
+	&printit(@L);
+	&printit(@R);
diff --git a/crypto/libdes/doPC1 b/crypto/libdes/doPC1
new file mode 100755
index 0000000..096afd8
--- /dev/null
+++ b/crypto/libdes/doPC1
@@ -0,0 +1,110 @@
+#!/usr/local/bin/perl
+
+@l=(
+	 0, 1, 2, 3, 4, 5, 6, 7,
+	 8, 9,10,11,12,13,14,15,
+	16,17,18,19,20,21,22,23,
+	24,25,26,27,28,29,30,31
+	);
+@r=(
+	32,33,34,35,36,37,38,39,
+	40,41,42,43,44,45,46,47,
+	48,49,50,51,52,53,54,55,
+	56,57,58,59,60,61,62,63
+	);
+
+require 'shifts.pl';
+
+sub PERM_OP
+	{
+	local(*a,*b,*t,$n,$m)=@_;
+
+	@z=&shift(*a,-$n);
+	@z=&xor(*b,*z);
+	@z=&and(*z,$m);
+	@b=&xor(*b,*z);
+	@z=&shift(*z,$n);
+	@a=&xor(*a,*z);
+	}
+
+sub HPERM_OP2
+	{
+	local(*a,*t,$n,$m)=@_;
+	local(@x,@y,$i);
+
+	@z=&shift(*a,16-$n);
+	@z=&xor(*a,*z);
+	@z=&and(*z,$m);
+	@a=&xor(*a,*z);
+	@z=&shift(*z,$n-16);
+	@a=&xor(*a,*z);
+	}
+
+sub HPERM_OP
+        {
+        local(*a,*t,$n,$m)=@_;
+        local(@x,@y,$i);
+
+        for ($i=0; $i<16; $i++)
+                {
+                $x[$i]=$a[$i];
+                $y[$i]=$a[16+$i];
+                }
+        @z=&shift(*x,-$n);
+        @z=&xor(*y,*z);
+        @z=&and(*z,$m);
+        @y=&xor(*y,*z);
+        @z=&shift(*z,$n);
+        @x=&xor(*x,*z);
+        for ($i=0; $i<16; $i++)
+                {
+                $a[$i]=$x[$i];
+                $a[16+$i]=$y[$i];
+                }
+        }
+
+@L=@l;
+@R=@r;
+
+	print "---\n"; &printit(@R);
+&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
+	print "---\n"; &printit(@R);
+&HPERM_OP2(*L,*T,-2,0xcccc0000);
+&HPERM_OP2(*R,*T,-2,0xcccc0000);
+	print "---\n"; &printit(@R);
+&PERM_OP(*R,*L,*T,1,0x55555555);
+	print "---\n"; &printit(@R);
+&PERM_OP(*L,*R,*T,8,0x00ff00ff);
+	print "---\n"; &printit(@R);
+&PERM_OP(*R,*L,*T,1,0x55555555);
+	print "---\n"; &printit(@R);
+#	&printit(@L);
+	&printit(@R);
+print <<"EOF";
+==============================
+63  55  47  39  31  23  15   7  
+62  54  46  38  30  22  14   6  
+61  53  45  37  29  21  13   5  
+60  52  44  36  --  --  --  --  
+
+57  49  41  33  25  17   9   1  
+58  50  42  34  26  18  10   2  
+59  51  43  35  27  19  11   3  
+28  20  12   4  --  --  --  --  
+EOF
+exit(1);
+@A=&and(*R,0x000000ff);
+@A=&shift(*A,16);
+@B=&and(*R,0x0000ff00);
+@C=&and(*R,0x00ff0000);
+@C=&shift(*C,-16);
+@D=&and(*L,0xf0000000);
+@D=&shift(*D,-4);
+@A=&or(*A,*B);
+@B=&or(*D,*C);
+@R=&or(*A,*B);
+@L=&and(*L,0x0fffffff);
+
+	&printit(@L);
+	&printit(@R);
+
diff --git a/crypto/libdes/doPC2 b/crypto/libdes/doPC2
new file mode 100755
index 0000000..fa5cf74
--- /dev/null
+++ b/crypto/libdes/doPC2
@@ -0,0 +1,94 @@
+#!/usr/local/bin/perl
+
+@PC2_C=(14,17,11,24, 1, 5,
+	 3,28,15, 6,21,10,
+	23,19,12, 4,26, 8,
+	16, 7,27,20,13, 2,
+	);
+
+@PC2_D=(41,52,31,37,47,55,
+	30,40,51,45,33,48,
+	44,49,39,56,34,53,
+	46,42,50,36,29,32,
+	);
+
+$i=0;
+foreach (@PC2_C) {
+	$_--;
+#	printf "%2d,",$_;
+	$C{$_}=$i;
+	++$i;
+#	print "\n" if ((($i) % 8) == 0);
+	}
+$i=0;
+#print "\n";
+foreach (@PC2_D) {
+	$_-=28;
+	$_--;
+#	printf "%2d,",$_;
+	$D{$_}=$i;
+	$i++;
+#	print "\n" if ((($i) % 8) == 0);
+	}
+
+#print "\n";
+foreach $i (0 .. 27)
+	{
+	$_=$C{$i};
+#	printf "%2d,",$_;
+	$i++;
+#	print "\n" if ((($i) % 8) == 0);
+	}
+#print "\n";
+
+#print "\n";
+foreach $i (0 .. 27)
+	{
+	$_=$D{$i};
+#	printf "%2d,",$_;
+	$i++;
+#	print "\n" if ((($i) % 8) == 0);
+	}
+#print "\n";
+
+print "static ulong skb[8][64]={\n";
+&doit("C",*C, 0, 1, 2, 3, 4, 5);
+&doit("C",*C, 6, 7, 9,10,11,12);
+&doit("C",*C,13,14,15,16,18,19);
+&doit("C",*C,20,22,23,25,26,27);
+
+&doit("D",*D, 0, 1, 2, 3, 4, 5);
+&doit("D",*D, 7, 8,10,11,12,13);
+&doit("D",*D,15,16,17,18,19,20);
+&doit("D",*D,21,22,23,24,26,27);
+print "};\n";
+
+sub doit
+	{
+	local($l,*A,@b)=@_;
+	local(@out);
+
+	printf("/* for $l bits (numbered as per FIPS 46) %d %d %d %d %d %d */\n",
+		$b[0]+1, $b[1]+1, $b[2]+1, $b[3]+1, $b[4]+1, $b[5]+1);
+	for ($i=0; $i<64; $i++)
+		{
+		$out[$i]=0;
+		$j=1;
+#print "\n";
+		for ($k=0; $k<6; $k++)
+			{
+			$l=$A{$b[$k]};
+#print"$l - ";
+			if ((1<<$k) & $i)
+				{
+				$ll=int($l/6)*8+($l%6);
+				$out[$i]|=1<<($ll);
+				}
+			}
+		$pp=$out[$i];
+		$pp=($pp&0xff0000ff)|   (($pp&0x00ff0000)>>8)|
+					(($pp&0x0000ff00)<<8);
+		printf("0x%08X,",$pp);
+		print "\n" if (($i+1) % 4 == 0);
+		}
+	}
diff --git a/crypto/libdes/ecb3_enc.c b/crypto/libdes/ecb3_enc.c
new file mode 100644
index 0000000..fb28b97
--- /dev/null
+++ b/crypto/libdes/ecb3_enc.c
@@ -0,0 +1,82 @@
+/* crypto/des/ecb3_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output,
+	     des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3,
+	     int enc)
+	{
+	register DES_LONG l0,l1;
+	DES_LONG ll[2];
+	const unsigned char *in = &(*input)[0];
+	unsigned char *out = &(*output)[0];
+
+	c2l(in,l0);
+	c2l(in,l1);
+	ll[0]=l0;
+	ll[1]=l1;
+	if (enc)
+		des_encrypt3(ll,ks1,ks2,ks3);
+	else
+		des_decrypt3(ll,ks1,ks2,ks3);
+	l0=ll[0];
+	l1=ll[1];
+	l2c(l0,out);
+	l2c(l1,out);
+	}
diff --git a/crypto/libdes/ecb_enc.c b/crypto/libdes/ecb_enc.c
new file mode 100644
index 0000000..17e33fa
--- /dev/null
+++ b/crypto/libdes/ecb_enc.c
@@ -0,0 +1,123 @@
+/* crypto/des/ecb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+#include "des_locl.h"
+#include "spr.h"
+
+const char *libdes_version="libdes" " 0_9_4";
+const char *DES_version="DES" " 0_9_4";
+
+const char *des_options(void)
+	{
+	static int init=1;
+	static char buf[32];
+
+	if (init)
+		{
+		const char *ptr,*unroll,*risc,*size;
+
+#ifdef DES_PTR
+		ptr="ptr";
+#else
+		ptr="idx";
+#endif
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+		risc="risc1";
+#endif
+#ifdef DES_RISC2
+		risc="risc2";
+#endif
+#else
+		risc="cisc";
+#endif
+#ifdef DES_UNROLL
+		unroll="16";
+#else
+		unroll="4";
+#endif
+		if (sizeof(DES_LONG) != sizeof(long))
+			size="int";
+		else
+			size="long";
+		sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size);
+		init=0;
+		}
+	return(buf);
+	}
+		
+
+void des_ecb_encrypt(const_des_cblock *input, des_cblock *output,
+	     des_key_schedule ks,
+	     int enc)
+	{
+	register DES_LONG l;
+	DES_LONG ll[2];
+	const unsigned char *in = &(*input)[0];
+	unsigned char *out = &(*output)[0];
+
+	c2l(in,l); ll[0]=l;
+	c2l(in,l); ll[1]=l;
+	des_encrypt(ll,ks,enc);
+	l=ll[0]; l2c(l,out);
+	l=ll[1]; l2c(l,out);
+	l=ll[0]=ll[1]=0;
+	}
+
diff --git a/crypto/libdes/ede_cbcm_enc.c b/crypto/libdes/ede_cbcm_enc.c
new file mode 100644
index 0000000..c530624
--- /dev/null
+++ b/crypto/libdes/ede_cbcm_enc.c
@@ -0,0 +1,197 @@
+/* ede_cbcm_enc.c */
+/* Written by Ben Laurie <ben@algroup.co.uk> for the OpenSSL
+ * project 13 Feb 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+
+This is an implementation of Triple DES Cipher Block Chaining with Output
+Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
+
+Note that there is a known attack on this by Biham and Knudsen but it takes
+a lot of work:
+
+http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
+
+*/
+
+#ifndef NO_DESCBCM
+#include "des_locl.h"
+
+void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
+	     long length, des_key_schedule ks1, des_key_schedule ks2,
+	     des_key_schedule ks3, des_cblock *ivec1, des_cblock *ivec2,
+	     int enc)
+    {
+    register DES_LONG tin0,tin1;
+    register DES_LONG tout0,tout1,xor0,xor1,m0,m1;
+    register long l=length;
+    DES_LONG tin[2];
+    unsigned char *iv1,*iv2;
+
+    iv1 = &(*ivec1)[0];
+    iv2 = &(*ivec2)[0];
+
+    if (enc)
+	{
+	c2l(iv1,m0);
+	c2l(iv1,m1);
+	c2l(iv2,tout0);
+	c2l(iv2,tout1);
+	for (l-=8; l>=-7; l-=8)
+	    {
+	    tin[0]=m0;
+	    tin[1]=m1;
+	    des_encrypt(tin,ks3,1);
+	    m0=tin[0];
+	    m1=tin[1];
+
+	    if(l < 0)
+		{
+		c2ln(in,tin0,tin1,l+8);
+		}
+	    else
+		{
+		c2l(in,tin0);
+		c2l(in,tin1);
+		}
+	    tin0^=tout0;
+	    tin1^=tout1;
+
+	    tin[0]=tin0;
+	    tin[1]=tin1;
+	    des_encrypt(tin,ks1,1);
+	    tin[0]^=m0;
+	    tin[1]^=m1;
+	    des_encrypt(tin,ks2,0);
+	    tin[0]^=m0;
+	    tin[1]^=m1;
+	    des_encrypt(tin,ks1,1);
+	    tout0=tin[0];
+	    tout1=tin[1];
+
+	    l2c(tout0,out);
+	    l2c(tout1,out);
+	    }
+	iv1=&(*ivec1)[0];
+	l2c(m0,iv1);
+	l2c(m1,iv1);
+
+	iv2=&(*ivec2)[0];
+	l2c(tout0,iv2);
+	l2c(tout1,iv2);
+	}
+    else
+	{
+	register DES_LONG t0,t1;
+
+	c2l(iv1,m0);
+	c2l(iv1,m1);
+	c2l(iv2,xor0);
+	c2l(iv2,xor1);
+	for (l-=8; l>=-7; l-=8)
+	    {
+	    tin[0]=m0;
+	    tin[1]=m1;
+	    des_encrypt(tin,ks3,1);
+	    m0=tin[0];
+	    m1=tin[1];
+
+	    c2l(in,tin0);
+	    c2l(in,tin1);
+
+	    t0=tin0;
+	    t1=tin1;
+
+	    tin[0]=tin0;
+	    tin[1]=tin1;
+	    des_encrypt(tin,ks1,0);
+	    tin[0]^=m0;
+	    tin[1]^=m1;
+	    des_encrypt(tin,ks2,1);
+	    tin[0]^=m0;
+	    tin[1]^=m1;
+	    des_encrypt(tin,ks1,0);
+	    tout0=tin[0];
+	    tout1=tin[1];
+
+	    tout0^=xor0;
+	    tout1^=xor1;
+	    if(l < 0)
+		{
+		l2cn(tout0,tout1,out,l+8);
+		}
+	    else
+		{
+		l2c(tout0,out);
+		l2c(tout1,out);
+		}
+	    xor0=t0;
+	    xor1=t1;
+	    }
+
+	iv1=&(*ivec1)[0];
+	l2c(m0,iv1);
+	l2c(m1,iv1);
+
+	iv2=&(*ivec2)[0];
+	l2c(xor0,iv2);
+	l2c(xor1,iv2);
+	}
+    tin0=tin1=tout0=tout1=xor0=xor1=0;
+    tin[0]=tin[1]=0;
+    }
+#endif
diff --git a/crypto/libdes/ede_enc.c b/crypto/libdes/ede_enc.c
new file mode 100644
index 0000000..50441db
--- /dev/null
+++ b/crypto/libdes/ede_enc.c
@@ -0,0 +1,191 @@
+/* crypto/des/ede_enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+#include "des_locl.h"
+
+void des_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, encrypt)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule ks1;
+des_key_schedule ks2;
+des_key_schedule ks3;
+des_cblock (*ivec);
+int encrypt;
+	{
+	register DES_LONG tin0,tin1;
+	register DES_LONG tout0,tout1,xor0,xor1;
+	register unsigned char *in,*out;
+	register long l=length;
+	DES_LONG tin[2];
+	unsigned char *iv;
+
+	in=(unsigned char *)input;
+	out=(unsigned char *)output;
+	iv=(unsigned char *)ivec;
+
+	if (encrypt)
+		{
+		c2l(iv,tout0);
+		c2l(iv,tout1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			tin0^=tout0;
+			tin1^=tout1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			l2c(tout0,out);
+			l2c(tout1,out);
+			}
+		if (l != -8)
+			{
+			c2ln(in,tin0,tin1,l+8);
+			tin0^=tout0;
+			tin1^=tout1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			l2c(tout0,out);
+			l2c(tout1,out);
+			}
+		iv=(unsigned char *)ivec;
+		l2c(tout0,iv);
+		l2c(tout1,iv);
+		}
+	else
+		{
+		register DES_LONG t0,t1;
+
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+
+			t0=tin0;
+			t1=tin1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			tout0^=xor0;
+			tout1^=xor1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			xor0=t0;
+			xor1=t1;
+			}
+		if (l != -8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+
+			t0=tin0;
+			t1=tin1;
+
+			tin[0]=tin0;
+			tin[1]=tin1;
+			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			tout0=tin[0];
+			tout1=tin[1];
+
+			tout0^=xor0;
+			tout1^=xor1;
+			l2cn(tout0,tout1,out,l+8);
+			xor0=t0;
+			xor1=t1;
+			}
+		iv=(unsigned char *)ivec;
+		l2c(xor0,iv);
+		l2c(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
+
+#ifdef undef /* MACRO */
+void des_ede2_cbc_encrypt(input, output, length, ks1, ks2, ivec, enc)
+des_cblock (*input);
+des_cblock (*output);
+long length;
+des_key_schedule ks1;
+des_key_schedule ks2;
+des_cblock (*ivec);
+int enc;
+	{
+	des_ede3_cbc_encrypt(input,output,length,ks1,ks2,ks1,ivec,enc);
+	}
+#endif
+
diff --git a/crypto/libdes/enc_read.c b/crypto/libdes/enc_read.c
new file mode 100644
index 0000000..8bccda5
--- /dev/null
+++ b/crypto/libdes/enc_read.c
@@ -0,0 +1,231 @@
+/* crypto/des/enc_read.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+
+#include "des_locl.h"
+
+/* This has some uglies in it but it works - even over sockets. */
+int des_rw_mode=DES_PCBC_MODE;
+
+/*
+ * WARNINGS:
+ *
+ *  -  The data format used by des_enc_write() and des_enc_read()
+ *     has a cryptographic weakness: When asked to write more
+ *     than MAXWRITE bytes, des_enc_write will split the data
+ *     into several chunks that are all encrypted
+ *     using the same IV.  So don't use these functions unless you
+ *     are sure you know what you do (in which case you might
+ *     not want to use them anyway).
+ *
+ *  -  This code cannot handle non-blocking sockets.
+ *
+ *  -  This function uses an internal state and thus cannot be
+ *     used on multiple files.
+ */
+
+
+int des_enc_read(int fd, void *buf, int len, des_key_schedule sched,
+		 des_cblock *iv)
+	{
+	/* data to be unencrypted */
+	int net_num=0;
+	static unsigned char *net=NULL;
+	/* extra unencrypted data 
+	 * for when a block of 100 comes in but is des_read one byte at
+	 * a time. */
+	static unsigned char *unnet=NULL;
+	static int unnet_start=0;
+	static int unnet_left=0;
+	static unsigned char *tmpbuf=NULL;
+	int i;
+	long num=0,rnum;
+	unsigned char *p;
+
+	if (tmpbuf == NULL)
+		{
+		tmpbuf=malloc(BSIZE);
+		if (tmpbuf == NULL) return(-1);
+		}
+	if (net == NULL)
+		{
+		net=malloc(BSIZE);
+		if (net == NULL) return(-1);
+		}
+	if (unnet == NULL)
+		{
+		unnet=malloc(BSIZE);
+		if (unnet == NULL) return(-1);
+		}
+	/* left over data from last decrypt */
+	if (unnet_left != 0)
+		{
+		if (unnet_left < len)
+			{
+			/* we still still need more data but will return
+			 * with the number of bytes we have - should always
+			 * check the return value */
+			memcpy(buf,&(unnet[unnet_start]),
+			       unnet_left);
+			/* eay 26/08/92 I had the next 2 lines
+			 * reversed :-( */
+			i=unnet_left;
+			unnet_start=unnet_left=0;
+			}
+		else
+			{
+			memcpy(buf,&(unnet[unnet_start]),len);
+			unnet_start+=len;
+			unnet_left-=len;
+			i=len;
+			}
+		return(i);
+		}
+
+	/* We need to get more data. */
+	if (len > MAXWRITE) len=MAXWRITE;
+
+	/* first - get the length */
+	while (net_num < HDRSIZE) 
+		{
+		i=read(fd,&(net[net_num]),HDRSIZE-net_num);
+#ifdef EINTR
+		if ((i == -1) && (errno == EINTR)) continue;
+#endif
+		if (i <= 0) return(0);
+		net_num+=i;
+		}
+
+	/* we now have at net_num bytes in net */
+	p=net;
+	/* num=0;  */
+	n2l(p,num);
+	/* num should be rounded up to the next group of eight
+	 * we make sure that we have read a multiple of 8 bytes from the net.
+	 */
+	if ((num > MAXWRITE) || (num < 0)) /* error */
+		return(-1);
+	rnum=(num < 8)?8:((num+7)/8*8);
+
+	net_num=0;
+	while (net_num < rnum)
+		{
+		i=read(fd,&(net[net_num]),rnum-net_num);
+#ifdef EINTR
+		if ((i == -1) && (errno == EINTR)) continue;
+#endif
+		if (i <= 0) return(0);
+		net_num+=i;
+		}
+
+	/* Check if there will be data left over. */
+	if (len < num)
+		{
+		if (des_rw_mode & DES_PCBC_MODE)
+			des_pcbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
+		else
+			des_cbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
+		memcpy(buf,unnet,len);
+		unnet_start=len;
+		unnet_left=num-len;
+
+		/* The following line is done because we return num
+		 * as the number of bytes read. */
+		num=len;
+		}
+	else
+		{
+		/* >output is a multiple of 8 byes, if len < rnum
+		 * >we must be careful.  The user must be aware that this
+		 * >routine will write more bytes than he asked for.
+		 * >The length of the buffer must be correct.
+		 * FIXED - Should be ok now 18-9-90 - eay */
+		if (len < rnum)
+			{
+
+			if (des_rw_mode & DES_PCBC_MODE)
+				des_pcbc_encrypt(net,tmpbuf,num,sched,iv,
+						 DES_DECRYPT);
+			else
+				des_cbc_encrypt(net,tmpbuf,num,sched,iv,
+						DES_DECRYPT);
+
+			/* eay 26/08/92 fix a bug that returned more
+			 * bytes than you asked for (returned len bytes :-( */
+			memcpy(buf,tmpbuf,num);
+			}
+		else
+			{
+			if (des_rw_mode & DES_PCBC_MODE)
+				des_pcbc_encrypt(net,buf,num,sched,iv,
+						 DES_DECRYPT);
+			else
+				des_cbc_encrypt(net,buf,num,sched,iv,
+						DES_DECRYPT);
+			}
+		}
+	return num;
+	}
+
diff --git a/crypto/libdes/enc_writ.c b/crypto/libdes/enc_writ.c
new file mode 100644
index 0000000..302baaa
--- /dev/null
+++ b/crypto/libdes/enc_writ.c
@@ -0,0 +1,172 @@
+/* crypto/des/enc_writ.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <errno.h>
+#include <stdio.h>
+#include <time.h>
+#include <unistd.h>
+
+#include "des_locl.h"
+
+/*
+ * WARNINGS:
+ *
+ *  -  The data format used by des_enc_write() and des_enc_read()
+ *     has a cryptographic weakness: When asked to write more
+ *     than MAXWRITE bytes, des_enc_write will split the data
+ *     into several chunks that are all encrypted
+ *     using the same IV.  So don't use these functions unless you
+ *     are sure you know what you do (in which case you might
+ *     not want to use them anyway).
+ *
+ *  -  This code cannot handle non-blocking sockets.
+ */
+
+int des_enc_write(int fd, const void *_buf, int len,
+		  des_key_schedule sched, des_cblock *iv)
+	{
+#ifdef _LIBC
+	extern unsigned long time();
+	extern int write();
+#endif
+	const unsigned char *buf=_buf;
+	long rnum;
+	int i,j,k,outnum;
+	static unsigned char *outbuf=NULL;
+	unsigned char shortbuf[8];
+	unsigned char *p;
+	const unsigned char *cp;
+	static int start=1;
+
+	if (outbuf == NULL)
+		{
+		outbuf=malloc(BSIZE+HDRSIZE);
+		if (outbuf == NULL) return(-1);
+		}
+	/* If we are sending less than 8 bytes, the same char will look
+	 * the same if we don't pad it out with random bytes */
+	if (start)
+		{
+		start=0;
+		}
+
+	/* lets recurse if we want to send the data in small chunks */
+	if (len > MAXWRITE)
+		{
+		j=0;
+		for (i=0; i<len; i+=k)
+			{
+			k=des_enc_write(fd,&(buf[i]),
+				((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv);
+			if (k < 0)
+				return(k);
+			else
+				j+=k;
+			}
+		return(j);
+		}
+
+	/* write length first */
+	p=outbuf;
+	l2n(len,p);
+
+	/* pad short strings */
+	if (len < 8)
+		{
+		cp=shortbuf;
+		memcpy(shortbuf,buf,len);
+		des_rand_data(shortbuf+len, 8-len);
+		rnum=8;
+		}
+	else
+		{
+		cp=(unsigned char*)buf;
+		rnum=((len+7)/8*8); /* round up to nearest eight */
+		}
+
+	if (des_rw_mode & DES_PCBC_MODE)
+		des_pcbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
+				 DES_ENCRYPT); 
+	else
+		des_cbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
+				DES_ENCRYPT); 
+
+	/* output */
+	outnum=rnum+HDRSIZE;
+
+	for (j=0; j<outnum; j+=i)
+		{
+		/* eay 26/08/92 I was not doing writing from where we
+		 * got upto. */
+		i=write(fd,&(outbuf[j]),outnum-j);
+		if (i == -1)
+			{
+			if (errno == EINTR)
+				i=0;
+			else 	/* This is really a bad error - very bad
+				 * It will stuff-up both ends. */
+				return(-1);
+			}
+		}
+
+	return(len);
+	}
diff --git a/crypto/libdes/fcrypt.c b/crypto/libdes/fcrypt.c
new file mode 100644
index 0000000..a3ddd0e
--- /dev/null
+++ b/crypto/libdes/fcrypt.c
@@ -0,0 +1,240 @@
+/* crypto/des/fcrypt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+#include <stdio.h>
+#ifdef _OSD_POSIX
+#ifndef CHARSET_EBCDIC
+#define CHARSET_EBCDIC 1
+#endif
+#endif
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+/* This version of crypt has been developed from my MIT compatable
+ * DES library.
+ * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
+ * Eric Young (eay@cryptsoft.com)
+ */
+
+/* Modification by Jens Kupferschmidt (Cu)
+ * I have included directive PARA for shared memory computers.
+ * I have included a directive LONGCRYPT to using this routine to cipher
+ * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN
+ * definition is the maximum of lenght of password and can changed. I have
+ * defined 24.
+ */
+
+#include "des_locl.h"
+
+/* Added more values to handle illegal salt values the way normal
+ * crypt() implementations do.  The patch was sent by 
+ * Bjorn Gronvall <bg@sics.se>
+ */
+static unsigned const char con_salt[128]={
+0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9,
+0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1,
+0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9,
+0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1,
+0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9,
+0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01,
+0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
+0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A,
+0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,
+0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
+0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,
+0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24,
+0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C,
+0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,
+0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,
+0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44,
+};
+
+static unsigned const char cov_2char[64]={
+0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
+0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
+0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
+0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
+0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
+0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
+0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
+0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
+};
+
+void fcrypt_body(DES_LONG *out,des_key_schedule ks,
+	DES_LONG Eswap0, DES_LONG Eswap1);
+
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
+char *crypt(const char *buf, const char *salt)
+	{
+	return(des_crypt(buf, salt));
+	}
+#endif
+
+char *des_crypt(const char *buf, const char *salt)
+	{
+	static char buff[14];
+
+#ifndef CHARSET_EBCDIC
+	return(des_fcrypt(buf,salt,buff));
+#else
+	char e_salt[2+1];
+	char e_buf[32+1];	/* replace 32 by 8 ? */
+	char *ret;
+
+	/* Copy at most 2 chars of salt */
+	if ((e_salt[0] = salt[0]) != '\0')
+	    e_salt[1] = salt[1];
+
+	/* Copy at most 32 chars of password */
+	strncpy (e_buf, buf, sizeof(e_buf));
+
+	/* Make sure we have a delimiter */
+	e_salt[sizeof(e_salt)-1] = e_buf[sizeof(e_buf)-1] = '\0';
+
+	/* Convert the e_salt to ASCII, as that's what des_fcrypt works on */
+	ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
+
+	/* Convert the cleartext password to ASCII */
+	ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
+
+	/* Encrypt it (from/to ASCII) */
+	ret = des_fcrypt(e_buf,e_salt,buff);
+
+	/* Convert the result back to EBCDIC */
+	ascii2ebcdic(ret, ret, strlen(ret));
+	
+	return ret;
+#endif
+	}
+
+
+char *des_fcrypt(const char *buf, const char *salt, char *ret)
+	{
+	unsigned int i,j,x,y;
+	DES_LONG Eswap0,Eswap1;
+	DES_LONG out[2],ll;
+	des_cblock key;
+	des_key_schedule ks;
+	unsigned char bb[9];
+	unsigned char *b=bb;
+	unsigned char c,u;
+
+	/* eay 25/08/92
+	 * If you call crypt("pwd","*") as often happens when you
+	 * have * as the pwd field in /etc/passwd, the function
+	 * returns *\0XXXXXXXXX
+	 * The \0 makes the string look like * so the pwd "*" would
+	 * crypt to "*".  This was found when replacing the crypt in
+	 * our shared libraries.  People found that the disbled
+	 * accounts effectivly had no passwd :-(. */
+#ifndef CHARSET_EBCDIC
+	x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
+	Eswap0=con_salt[x]<<2;
+	x=ret[1]=((salt[1] == '\0')?'A':salt[1]);
+	Eswap1=con_salt[x]<<6;
+#else
+	x=ret[0]=((salt[0] == '\0')?os_toascii['A']:salt[0]);
+	Eswap0=con_salt[x]<<2;
+	x=ret[1]=((salt[1] == '\0')?os_toascii['A']:salt[1]);
+	Eswap1=con_salt[x]<<6;
+#endif
+
+/* EAY
+r=strlen(buf);
+r=(r+7)/8;
+*/
+	for (i=0; i<8; i++)
+		{
+		c= *(buf++);
+		if (!c) break;
+		key[i]=(c<<1);
+		}
+	for (; i<8; i++)
+		key[i]=0;
+
+	des_set_key(&key,ks);
+	fcrypt_body(&(out[0]),ks,Eswap0,Eswap1);
+
+	ll=out[0]; l2c(ll,b);
+	ll=out[1]; l2c(ll,b);
+	y=0;
+	u=0x80;
+	bb[8]=0;
+	for (i=2; i<13; i++)
+		{
+		c=0;
+		for (j=0; j<6; j++)
+			{
+			c<<=1;
+			if (bb[y] & u) c|=1;
+			u>>=1;
+			if (!u)
+				{
+				y++;
+				u=0x80;
+				}
+			}
+		ret[i]=cov_2char[c];
+		}
+	ret[13]='\0';
+	return(ret);
+	}
+
diff --git a/crypto/libdes/fcrypt_b.c b/crypto/libdes/fcrypt_b.c
new file mode 100644
index 0000000..9cbea97
--- /dev/null
+++ b/crypto/libdes/fcrypt_b.c
@@ -0,0 +1,145 @@
+/* crypto/des/fcrypt_b.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+
+/* This version of crypt has been developed from my MIT compatable
+ * DES library.
+ * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
+ * Eric Young (eay@cryptsoft.com)
+ */
+
+#define DES_FCRYPT
+#include "des_locl.h"
+#undef DES_FCRYPT
+
+#undef PERM_OP
+#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+	(b)^=(t),\
+	(a)^=((t)<<(n)))
+
+#undef HPERM_OP
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+	(a)=(a)^(t)^(t>>(16-(n))))\
+
+void fcrypt_body(DES_LONG *out, des_key_schedule ks, DES_LONG Eswap0,
+	     DES_LONG Eswap1)
+	{
+	register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+	register const unsigned char *des_SP=(const unsigned char *)des_SPtrans;
+#endif
+	register DES_LONG *s;
+	register int j;
+	register DES_LONG E0,E1;
+
+	l=0;
+	r=0;
+
+	s=(DES_LONG *)ks;
+	E0=Eswap0;
+	E1=Eswap1;
+
+	for (j=0; j<25; j++)
+		{
+#ifdef DES_UNROLL
+		register int i;
+
+		for (i=0; i<32; i+=8)
+			{
+			D_ENCRYPT(l,r,i+0); /*  1 */
+			D_ENCRYPT(r,l,i+2); /*  2 */
+			D_ENCRYPT(l,r,i+4); /*  1 */
+			D_ENCRYPT(r,l,i+6); /*  2 */
+			}
+#else
+		D_ENCRYPT(l,r, 0); /*  1 */
+		D_ENCRYPT(r,l, 2); /*  2 */
+		D_ENCRYPT(l,r, 4); /*  3 */
+		D_ENCRYPT(r,l, 6); /*  4 */
+		D_ENCRYPT(l,r, 8); /*  5 */
+		D_ENCRYPT(r,l,10); /*  6 */
+		D_ENCRYPT(l,r,12); /*  7 */
+		D_ENCRYPT(r,l,14); /*  8 */
+		D_ENCRYPT(l,r,16); /*  9 */
+		D_ENCRYPT(r,l,18); /*  10 */
+		D_ENCRYPT(l,r,20); /*  11 */
+		D_ENCRYPT(r,l,22); /*  12 */
+		D_ENCRYPT(l,r,24); /*  13 */
+		D_ENCRYPT(r,l,26); /*  14 */
+		D_ENCRYPT(l,r,28); /*  15 */
+		D_ENCRYPT(r,l,30); /*  16 */
+#endif
+
+		t=l;
+		l=r;
+		r=t;
+		}
+	l=ROTATE(l,3)&0xffffffffL;
+	r=ROTATE(r,3)&0xffffffffL;
+
+	PERM_OP(l,r,t, 1,0x55555555L);
+	PERM_OP(r,l,t, 8,0x00ff00ffL);
+	PERM_OP(l,r,t, 2,0x33333333L);
+	PERM_OP(r,l,t,16,0x0000ffffL);
+	PERM_OP(l,r,t, 4,0x0f0f0f0fL);
+
+	out[0]=r;
+	out[1]=l;
+	}
+
diff --git a/crypto/libdes/hash.h b/crypto/libdes/hash.h
new file mode 100644
index 0000000..6761d7f
--- /dev/null
+++ b/crypto/libdes/hash.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+/* $Id: hash.h,v 1.1 1999/03/22 19:16:25 joda Exp $ */
+
+/* stuff in common between md4, md5, and sha1 */
+
+#ifndef __hash_h__
+#define __hash_h__
+
+#include <stdlib.h>
+#include <string.h>
+
+#ifndef min
+#define min(a,b) (((a)>(b))?(b):(a))
+#endif
+
+/* Vector Crays doesn't have a good 32-bit type, or more precisely,
+   int32_t as defined by <bind/bitypes.h> isn't 32 bits, and we don't
+   want to depend in being able to redefine this type.  To cope with
+   this we have to clamp the result in some places to [0,2^32); no
+   need to do this on other machines.  Did I say this was a mess?
+   */
+
+#ifdef _CRAY
+#define CRAYFIX(X) ((X) & 0xffffffff)
+#else
+#define CRAYFIX(X) (X)
+#endif
+
+static inline u_int32_t
+cshift (u_int32_t x, unsigned int n)
+{
+    x = CRAYFIX(x);
+    return CRAYFIX((x << n) | (x >> (32 - n)));
+}
+
+#endif /* __hash_h__ */
diff --git a/crypto/libdes/key_par.c b/crypto/libdes/key_par.c
new file mode 100644
index 0000000..e2e43c1
--- /dev/null
+++ b/crypto/libdes/key_par.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      H�gskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "des_locl.h"
+
+/* MIT Link and source compatibility */
+
+#ifdef des_fixup_key_parity
+#undef des_fixup_key_parity
+#endif /* des_fixup_key_parity */
+
+void des_fixup_key_parity(des_cblock *key);
+
+void
+des_fixup_key_parity(des_cblock *key)
+{
+  des_set_odd_parity(key);
+}
diff --git a/crypto/libdes/makefile.bc b/crypto/libdes/makefile.bc
new file mode 100644
index 0000000..1fe6d49
--- /dev/null
+++ b/crypto/libdes/makefile.bc
@@ -0,0 +1,50 @@
+#
+# Origional BC Makefile from Teun <Teun.Nijssen@kub.nl>
+#
+#
+CC      = bcc
+TLIB    = tlib /0 /C
+# note: the -3 flag produces code for 386, 486, Pentium etc; omit it for 286s
+OPTIMIZE= -3 -O2
+#WINDOWS= -W
+CFLAGS  = -c -ml -d $(OPTIMIZE) $(WINDOWS) -DMSDOS
+LFLAGS  = -ml $(WINDOWS)
+
+.c.obj:
+	$(CC) $(CFLAGS) $*.c
+
+.obj.exe:
+	$(CC) $(LFLAGS) -e$*.exe $*.obj libdes.lib  
+
+all: $(LIB) destest.exe rpw.exe des.exe speed.exe
+
+# "make clean": use a directory containing only libdes .exe and .obj files...
+clean:
+	del *.exe
+	del *.obj
+	del libdes.lib
+	del libdes.rsp
+
+OBJS=   cbc_cksm.obj cbc_enc.obj  ecb_enc.obj  pcbc_enc.obj \
+	qud_cksm.obj rand_key.obj set_key.obj  str2key.obj \
+	enc_read.obj enc_writ.obj fcrypt.obj   cfb_enc.obj \
+	ecb3_enc.obj ofb_enc.obj  cbc3_enc.obj read_pwd.obj\
+	cfb64enc.obj ofb64enc.obj ede_enc.obj  cfb64ede.obj\
+	ofb64ede.obj supp.obj
+
+LIB=    libdes.lib
+
+$(LIB): $(OBJS)
+	del $(LIB)
+	makersp "+%s &\n" &&|
+	$(OBJS)
+|       >libdes.rsp
+	$(TLIB) libdes.lib @libdes.rsp,nul
+	del libdes.rsp
+
+destest.exe: destest.obj libdes.lib
+rpw.exe:     rpw.obj libdes.lib
+speed.exe:   speed.obj libdes.lib
+des.exe:     des.obj libdes.lib
+
+
diff --git a/crypto/libdes/mdtest.c b/crypto/libdes/mdtest.c
new file mode 100644
index 0000000..d3e5486
--- /dev/null
+++ b/crypto/libdes/mdtest.c
@@ -0,0 +1,193 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      H�gskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: mdtest.c,v 1.11 1997/11/09 06:14:43 assar Exp $");
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <md4.h>
+#include <md5.h>
+#include <sha.h>
+
+static
+int
+md4_tests (void)
+{
+  struct test {
+    char *str;
+    unsigned char hash[16];
+  } tests[] = {
+    {"", 
+     {0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31, 0xb7, 0x3c, 0x59, 
+      0xd7, 0xe0, 0xc0, 0x89, 0xc0}},
+    {"a",
+     {0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46, 0x24, 0x5e, 0x05,
+      0xfb, 0xdb, 0xd6, 0xfb, 0x24}},
+    {"abc",
+     {0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52, 0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d}},
+    {"message digest",
+     {0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8, 0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b}},
+    {"abcdefghijklmnopqrstuvwxyz", {0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd, 0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9, }},
+    {"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+     {0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35, 0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4}},
+    {"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+     {0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19, 0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36, }},
+    {NULL, { 0x0 }}};
+  struct test *t;
+
+  printf ("md4... ");
+  for (t = tests; t->str; ++t) {
+    struct md4 md4;
+    char res[16];
+    int i;
+
+    md4_init (&md4);
+    md4_update (&md4, (unsigned char *)t->str, strlen(t->str));
+    md4_finito (&md4, res);
+    if (memcmp (res, t->hash, 16) != 0) {
+      printf ("MD4(\"%s\") failed\n", t->str);
+      printf("should be: ");
+      for(i = 0; i < 16; ++i)
+	  printf("%02x ", t->hash[i]);
+      printf("\nresult was: ");
+      for(i = 0; i < 16; ++i)
+	  printf("%02x ", res[i]);
+      printf("\n");
+      return 1;
+    }
+  }
+  printf ("success\n");
+  return 0;
+}
+
+static
+int
+md5_tests (void)
+{
+  struct test {
+    char *str;
+    unsigned char hash[16];
+  } tests[] = {
+    {"", {0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e}}, 
+    {"a", {0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8, 0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61}}, 
+    {"abc", {0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0, 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72}}, 
+    {"message digest", {0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d, 0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0}}, 
+    {"abcdefghijklmnopqrstuvwxyz", {0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00, 0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b}}, 
+    {"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", {0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5, 0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f}}, 
+    {"12345678901234567890123456789012345678901234567890123456789012345678901234567890", {0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55, 0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a}}, 
+    {NULL, { 0x0 }}};
+  struct test *t;
+
+  printf ("md5... ");
+  for (t = tests; t->str; ++t) {
+    struct md5 md5;
+    char res[16];
+
+    md5_init (&md5);
+    md5_update (&md5, (unsigned char *)t->str, strlen(t->str));
+    md5_finito (&md5, res);
+    if (memcmp (res, t->hash, 16) != 0) {
+      int i;
+
+      printf ("MD5(\"%s\") failed\n", t->str);
+      printf("should be: ");
+      for(i = 0; i < 16; ++i)
+	  printf("%02x ", t->hash[i]);
+      printf("\nresult was: ");
+      for(i = 0; i < 16; ++i)
+	  printf("%02x ", res[i]);
+      printf("\n");
+      return 1;
+    }
+  }
+  printf ("success\n");
+  return 0;
+}
+
+static
+int
+sha_tests (void)
+{
+  struct test {
+    char *str;
+    unsigned char hash[20];
+  } tests[] = {
+    {"abc", {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A,
+	     0xBA, 0x3E, 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C,
+	     0x9C, 0xD0, 0xD8, 0x9D}},
+    {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+     {0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E,
+      0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5,
+      0xE5, 0x46, 0x70, 0xF1}},
+    {NULL, { 0x0 }}};
+  struct test *t;
+
+  printf ("sha... ");
+  for (t = tests; t->str; ++t) {
+    struct sha sha;
+    char res[20];
+
+    sha_init (&sha);
+    sha_update (&sha, (unsigned char *)t->str, strlen(t->str));
+    sha_finito (&sha, res);
+    if (memcmp (res, t->hash, 20) != 0) {
+      int i;
+
+      printf ("SHA(\"%s\") failed\n", t->str);
+      printf("should be: ");
+      for(i = 0; i < 20; ++i)
+	  printf("%02x ", t->hash[i]);
+      printf("\nresult was: ");
+      for(i = 0; i < 20; ++i)
+	  printf("%02x ", res[i]);
+      printf("\n");
+      return 1;
+    }
+  }
+  printf ("success\n");
+  return 0;
+}
+
+int
+main (void)
+{
+  return md4_tests() + md5_tests() + sha_tests();
+}
diff --git a/crypto/libdes/ncbc_enc.c b/crypto/libdes/ncbc_enc.c
new file mode 100644
index 0000000..e0e67a4
--- /dev/null
+++ b/crypto/libdes/ncbc_enc.c
@@ -0,0 +1,143 @@
+/* crypto/des/ncbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+#ifdef CBC_ENC_C__DONT_UPDATE_IV
+void des_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+	     des_key_schedule schedule, des_cblock *ivec, int enc)
+#else
+void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+	     des_key_schedule schedule, des_cblock *ivec, int enc)
+#endif
+	{
+	register DES_LONG tin0,tin1;
+	register DES_LONG tout0,tout1,xor0,xor1;
+	register long l=length;
+	DES_LONG tin[2];
+	unsigned char *iv;
+
+	iv = &(*ivec)[0];
+
+	if (enc)
+		{
+		c2l(iv,tout0);
+		c2l(iv,tout1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			tin0^=tout0; tin[0]=tin0;
+			tin1^=tout1; tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			tout0=tin[0]; l2c(tout0,out);
+			tout1=tin[1]; l2c(tout1,out);
+			}
+		if (l != -8)
+			{
+			c2ln(in,tin0,tin1,l+8);
+			tin0^=tout0; tin[0]=tin0;
+			tin1^=tout1; tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			tout0=tin[0]; l2c(tout0,out);
+			tout1=tin[1]; l2c(tout1,out);
+			}
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+		iv = &(*ivec)[0];
+		l2c(tout0,iv);
+		l2c(tout1,iv);
+#endif
+		}
+	else
+		{
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0); tin[0]=tin0;
+			c2l(in,tin1); tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		if (l != -8)
+			{
+			c2l(in,tin0); tin[0]=tin0;
+			c2l(in,tin1); tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2cn(tout0,tout1,out,l+8);
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+			xor0=tin0;
+			xor1=tin1;
+#endif
+			}
+#ifndef CBC_ENC_C__DONT_UPDATE_IV 
+		iv = &(*ivec)[0];
+		l2c(xor0,iv);
+		l2c(xor1,iv);
+#endif
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
diff --git a/crypto/libdes/ofb64ede.c b/crypto/libdes/ofb64ede.c
new file mode 100644
index 0000000..6eafe90
--- /dev/null
+++ b/crypto/libdes/ofb64ede.c
@@ -0,0 +1,124 @@
+/* crypto/des/ofb64ede.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void des_ede3_ofb64_encrypt(register const unsigned char *in,
+	     register unsigned char *out, long length, des_key_schedule k1,
+	     des_key_schedule k2, des_key_schedule k3, des_cblock *ivec,
+	     int *num)
+	{
+	register DES_LONG v0,v1;
+	register int n= *num;
+	register long l=length;
+	des_cblock d;
+	register char *dp;
+	DES_LONG ti[2];
+	unsigned char *iv;
+	int save=0;
+
+	iv = &(*ivec)[0];
+	c2l(iv,v0);
+	c2l(iv,v1);
+	ti[0]=v0;
+	ti[1]=v1;
+	dp=(char *)d;
+	l2c(v0,dp);
+	l2c(v1,dp);
+	while (l--)
+		{
+		if (n == 0)
+			{
+			/* ti[0]=v0; */
+			/* ti[1]=v1; */
+			des_encrypt3(ti,k1,k2,k3);
+			v0=ti[0];
+			v1=ti[1];
+
+			dp=(char *)d;
+			l2c(v0,dp);
+			l2c(v1,dp);
+			save++;
+			}
+		*(out++)= *(in++)^d[n];
+		n=(n+1)&0x07;
+		}
+	if (save)
+		{
+/*		v0=ti[0];
+		v1=ti[1];*/
+		iv = &(*ivec)[0];
+		l2c(v0,iv);
+		l2c(v1,iv);
+		}
+	v0=v1=ti[0]=ti[1]=0;
+	*num=n;
+	}
+
+#ifdef undef /* MACRO */
+void des_ede2_ofb64_encrypt(register unsigned char *in,
+	     register unsigned char *out, long length, des_key_schedule k1,
+	     des_key_schedule k2, des_cblock (*ivec), int *num)
+	{
+	des_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num);
+	}
+#endif
diff --git a/crypto/libdes/ofb64enc.c b/crypto/libdes/ofb64enc.c
new file mode 100644
index 0000000..6495395
--- /dev/null
+++ b/crypto/libdes/ofb64enc.c
@@ -0,0 +1,110 @@
+/* crypto/des/ofb64enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void des_ofb64_encrypt(register const unsigned char *in,
+	     register unsigned char *out, long length, des_key_schedule schedule,
+	     des_cblock *ivec, int *num)
+	{
+	register DES_LONG v0,v1,t;
+	register int n= *num;
+	register long l=length;
+	des_cblock d;
+	register unsigned char *dp;
+	DES_LONG ti[2];
+	unsigned char *iv;
+	int save=0;
+
+	iv = &(*ivec)[0];
+	c2l(iv,v0);
+	c2l(iv,v1);
+	ti[0]=v0;
+	ti[1]=v1;
+	dp=d;
+	l2c(v0,dp);
+	l2c(v1,dp);
+	while (l--)
+		{
+		if (n == 0)
+			{
+			des_encrypt(ti,schedule,DES_ENCRYPT);
+			dp=d;
+			t=ti[0]; l2c(t,dp);
+			t=ti[1]; l2c(t,dp);
+			save++;
+			}
+		*(out++)= *(in++)^d[n];
+		n=(n+1)&0x07;
+		}
+	if (save)
+		{
+		v0=ti[0];
+		v1=ti[1];
+		iv = &(*ivec)[0];
+		l2c(v0,iv);
+		l2c(v1,iv);
+		}
+	t=v0=v1=ti[0]=ti[1]=0;
+	*num=n;
+	}
+
diff --git a/crypto/libdes/ofb_enc.c b/crypto/libdes/ofb_enc.c
new file mode 100644
index 0000000..a8f425a
--- /dev/null
+++ b/crypto/libdes/ofb_enc.c
@@ -0,0 +1,134 @@
+/* crypto/des/ofb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output are loaded in multiples of 8 bits.
+ * What this means is that if you hame numbits=12 and length=2
+ * the first 12 bits will be retrieved from the first byte and half
+ * the second.  The second 12 bits will come from the 3rd and half the 4th
+ * byte.
+ */
+void des_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+	     long length, des_key_schedule schedule, des_cblock *ivec)
+	{
+	register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8;
+	register DES_LONG mask0,mask1;
+	register long l=length;
+	register int num=numbits;
+	DES_LONG ti[2];
+	unsigned char *iv;
+
+	if (num > 64) return;
+	if (num > 32)
+		{
+		mask0=0xffffffffL;
+		if (num >= 64)
+			mask1=mask0;
+		else
+			mask1=(1L<<(num-32))-1;
+		}
+	else
+		{
+		if (num == 32)
+			mask0=0xffffffffL;
+		else
+			mask0=(1L<<num)-1;
+		mask1=0x00000000L;
+		}
+
+	iv = &(*ivec)[0];
+	c2l(iv,v0);
+	c2l(iv,v1);
+	ti[0]=v0;
+	ti[1]=v1;
+	while (l-- > 0)
+		{
+		ti[0]=v0;
+		ti[1]=v1;
+		des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+		vv0=ti[0];
+		vv1=ti[1];
+		c2ln(in,d0,d1,n);
+		in+=n;
+		d0=(d0^vv0)&mask0;
+		d1=(d1^vv1)&mask1;
+		l2cn(d0,d1,out,n);
+		out+=n;
+
+		if (num == 32)
+			{ v0=v1; v1=vv0; }
+		else if (num == 64)
+				{ v0=vv0; v1=vv1; }
+		else if (num > 32) /* && num != 64 */
+			{
+			v0=((v1>>(num-32))|(vv0<<(64-num)))&0xffffffffL;
+			v1=((vv0>>(num-32))|(vv1<<(64-num)))&0xffffffffL;
+			}
+		else /* num < 32 */
+			{
+			v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
+			v1=((v1>>num)|(vv0<<(32-num)))&0xffffffffL;
+			}
+		}
+	iv = &(*ivec)[0];
+	l2c(v0,iv);
+	l2c(v1,iv);
+	v0=v1=d0=d1=ti[0]=ti[1]=vv0=vv1=0;
+	}
+
diff --git a/crypto/libdes/options.txt b/crypto/libdes/options.txt
new file mode 100644
index 0000000..6e2b50f
--- /dev/null
+++ b/crypto/libdes/options.txt
@@ -0,0 +1,39 @@
+Note that the UNROLL option makes the 'inner' des loop unroll all 16 rounds
+instead of the default 4.
+RISC1 and RISC2 are 2 alternatives for the inner loop and
+PTR means to use pointers arithmatic instead of arrays.
+
+FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - assembler		577,000 4620k/s
+IRIX 6.2 - R10000 195mhz - cc (-O3 -n32) - UNROLL RISC2 PTR	496,000 3968k/s
+solaris 2.5.1 usparc 167mhz?? - SC4.0 - UNROLL RISC1 PTR [1]	459,400 3672k/s
+FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - UNROLL RISC1	433,000 3468k/s
+solaris 2.5.1 usparc 167mhz?? - gcc 2.7.2 - UNROLL 		380,000 3041k/s
+linux - pentium 100mhz - gcc 2.7.0 - assembler			281,000 2250k/s
+NT 4.0 - pentium 100mhz - VC 4.2 - assembler			281,000 2250k/s
+AIX 4.1? - PPC604 100mhz - cc - UNROLL 				275,000 2200k/s
+IRIX 5.3 - R4400 200mhz - gcc 2.6.3 - UNROLL RISC2 PTR		235,300 1882k/s
+IRIX 5.3 - R4400 200mhz - cc - UNROLL RISC2 PTR			233,700 1869k/s
+NT 4.0 - pentium 100mhz - VC 4.2 - UNROLL RISC1 PTR		191,000 1528k/s
+DEC Alpha 165mhz??  - cc - RISC2 PTR [2]			181,000 1448k/s
+linux - pentium 100mhz - gcc 2.7.0 - UNROLL RISC1 PTR		158,500 1268k/s
+HPUX 10 - 9000/887 - cc - UNROLL [3]	 			148,000	1190k/s
+solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2 - UNROLL		123,600  989k/s
+IRIX 5.3 - R4000 100mhz - cc - UNROLL RISC2 PTR			101,000  808k/s
+DGUX - 88100 50mhz(?) - gcc 2.6.3 - UNROLL			 81,000  648k/s
+solaris 2.4 486 50mhz - gcc 2.6.3 - assembler			 65,000  522k/s
+HPUX 10 - 9000/887 - k&r cc (default compiler) - UNROLL PTR	 76,000	 608k/s
+solaris 2.4 486 50mhz - gcc 2.6.3 - UNROLL RISC2		 43,500  344k/s
+AIX - old slow one :-) - cc -					 39,000  312k/s
+
+Notes.
+[1] For the ultra sparc, SunC 4.0 
+    cc -xtarget=ultra -xarch=v8plus -Xa -xO5, running 'des_opts'
+    gives a speed of 344,000 des/s while 'speed' gives 459,000 des/s.
+    I'll record the higher since it is coming from the library but it
+    is all rather weird.
+[2] Similar to the ultra sparc ([1]), 181,000 for 'des_opts' vs 175,000.
+[3] I was unable to get access to this machine when it was not heavily loaded.
+    As such, my timing program was never able to get more that %30 of the CPU.
+    This would cause the program to give much lower speed numbers because
+    it would be 'fighting' to stay in the cache with the other CPU burning
+    processes.
diff --git a/crypto/libdes/passwd_dialog.aps b/crypto/libdes/passwd_dialog.aps
new file mode 100644
index 0000000..c90d030
--- /dev/null
+++ b/crypto/libdes/passwd_dialog.aps
diff --git a/crypto/libdes/passwd_dialog.clw b/crypto/libdes/passwd_dialog.clw
new file mode 100644
index 0000000..f3451af
--- /dev/null
+++ b/crypto/libdes/passwd_dialog.clw
@@ -0,0 +1,34 @@
+; CLW file contains information for the MFC ClassWizard
+
+[General Info]
+Version=1
+LastClass=
+LastTemplate=CDialog
+NewFileInclude1=#include "stdafx.h"
+NewFileInclude2=#include "passwd_dialog.h"
+LastPage=0
+
+ClassCount=0
+
+ResourceCount=2
+Resource1=IDD_DIALOG1
+Resource2=IDD_PASSWD_DIALOG
+
+[DLG:IDD_DIALOG1]
+Type=1
+ControlCount=6
+Control1=IDOK,button,1342242817
+Control2=IDCANCEL,button,1342242816
+Control3=IDC_STATIC,static,1342308352
+Control4=IDC_STATIC,static,1342308352
+Control5=IDC_EDIT1,edit,1350631552
+Control6=IDC_EDIT2,edit,1350631584
+
+[DLG:IDD_PASSWD_DIALOG]
+Type=1
+ControlCount=4
+Control1=IDC_PASSWD_EDIT,edit,1350631456
+Control2=IDOK,button,1342242817
+Control3=IDCANCEL,button,1342242816
+Control4=IDC_STATIC,static,1342177280
+
diff --git a/crypto/libdes/passwd_dialog.rc b/crypto/libdes/passwd_dialog.rc
new file mode 100644
index 0000000..62079f2
--- /dev/null
+++ b/crypto/libdes/passwd_dialog.rc
@@ -0,0 +1,143 @@
+//Microsoft Developer Studio generated resource script.
+//
+#include "resource.h"
+
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 2 resource.
+//
+#include "afxres.h"
+
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+/////////////////////////////////////////////////////////////////////////////
+// Swedish resources
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_SVE)
+#ifdef _WIN32
+LANGUAGE LANG_SWEDISH, SUBLANG_DEFAULT
+#pragma code_page(1252)
+#endif //_WIN32
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Dialog
+//
+
+IDD_PASSWD_DIALOG DIALOG DISCARDABLE  0, 0, 186, 66
+STYLE DS_ABSALIGN | DS_MODALFRAME | DS_SETFOREGROUND | DS_CENTER | WS_POPUP | 
+    WS_VISIBLE | WS_CAPTION
+CAPTION "Password query"
+FONT 8, "MS Sans Serif"
+BEGIN
+    EDITTEXT        IDC_PASSWD_EDIT,30,22,125,14,ES_PASSWORD
+    DEFPUSHBUTTON   "OK",IDOK,30,45,50,14
+    PUSHBUTTON      "Cancel",IDCANCEL,105,45,50,14
+    LTEXT           "Please insert password:",IDC_STATIC,30,13,87,8,NOT 
+                    WS_GROUP
+END
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// DESIGNINFO
+//
+
+#ifdef APSTUDIO_INVOKED
+GUIDELINES DESIGNINFO DISCARDABLE 
+BEGIN
+    IDD_PASSWD_DIALOG, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 179
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 59
+    END
+END
+#endif    // APSTUDIO_INVOKED
+
+
+#ifdef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// TEXTINCLUDE
+//
+
+1 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "resource.h\0"
+END
+
+2 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "#include ""afxres.h""\r\n"
+    "\0"
+END
+
+3 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "\r\n"
+    "\0"
+END
+
+#endif    // APSTUDIO_INVOKED
+
+
+#ifndef _MAC
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION 1,0,0,1
+ PRODUCTVERSION 1,0,0,1
+ FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+ FILEFLAGS 0x1L
+#else
+ FILEFLAGS 0x0L
+#endif
+ FILEOS 0x40004L
+ FILETYPE 0x2L
+ FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904b0"
+        BEGIN
+            VALUE "CompanyName", "Royal Institute of Technology (KTH)\0"
+            VALUE "FileDescription", "des\0"
+            VALUE "FileVersion", "4, 0, 9, 9\0"
+            VALUE "InternalName", "des\0"
+            VALUE "LegalCopyright", "Copyright � 1996 - 1998  Royal Institute of Technology (KTH)\0"
+            VALUE "OriginalFilename", "des.dll\0"
+            VALUE "ProductName", "KTH Kerberos\0"
+            VALUE "ProductVersion", "4,0,9,9\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
+
+#endif    // !_MAC
+
+#endif    // Swedish resources
+/////////////////////////////////////////////////////////////////////////////
+
+
+
+#ifndef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 3 resource.
+//
+
+
+/////////////////////////////////////////////////////////////////////////////
+#endif    // not APSTUDIO_INVOKED
+
diff --git a/crypto/libdes/passwd_dialog.res b/crypto/libdes/passwd_dialog.res
new file mode 100644
index 0000000..bdb2868
--- /dev/null
+++ b/crypto/libdes/passwd_dialog.res
diff --git a/crypto/libdes/passwd_dlg.c b/crypto/libdes/passwd_dlg.c
new file mode 100644
index 0000000..4f7946e
--- /dev/null
+++ b/crypto/libdes/passwd_dlg.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      H�gskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* passwd_dlg.c - Dialog boxes for Windows95/NT
+ * Author:	J�rgen Karlsson - d93-jka@nada.kth.se
+ * Date:	June 1996
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: passwd_dlg.c,v 1.6 1998/06/09 19:25:09 joda Exp $");
+#endif
+
+#ifdef WIN32	/* Visual C++ 4.0 (Windows95/NT) */
+#include <Windows.h>
+#include "passwd_dlg.h"
+#include "Resource.h"
+#define passwdBufSZ 64
+
+char passwd[passwdBufSZ];
+
+BOOL CALLBACK
+pwd_dialog_proc(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
+{
+    switch(uMsg)
+    {
+    case WM_COMMAND: 
+	switch(wParam)
+	{
+	case IDOK:
+	    if(!GetDlgItemText(hwndDlg,IDC_PASSWD_EDIT, passwd, passwdBufSZ))
+		EndDialog(hwndDlg, IDCANCEL);
+	case IDCANCEL:
+	    EndDialog(hwndDlg, wParam);
+	    return TRUE;
+	}
+    }
+    return FALSE;
+}
+
+
+/* return 0 if ok, 1 otherwise */
+int
+pwd_dialog(char *buf, int size)
+{
+    int i;
+    HWND wnd = GetActiveWindow();
+    HANDLE hInst = GetModuleHandle("des");
+    switch(DialogBox(hInst,MAKEINTRESOURCE(IDD_PASSWD_DIALOG),wnd,pwd_dialog_proc))
+    {
+    case IDOK:
+	strcpy_truncate(buf, passwd, size);
+	memset (passwd, 0, sizeof(passwd));
+	return 0;
+    case IDCANCEL:
+    default:
+	memset (passwd, 0, sizeof(passwd));
+	return 1;
+    }
+}
+
+#endif /* WIN32 */
diff --git a/crypto/libdes/passwd_dlg.h b/crypto/libdes/passwd_dlg.h
new file mode 100644
index 0000000..dbead49
--- /dev/null
+++ b/crypto/libdes/passwd_dlg.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      H�gskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* passwd_dlg.h - Dialog boxes for Windows95/NT
+ * Author:	J�rgen Karlsson - d93-jka@nada.kth.se
+ * Date:	June 1996
+ */
+
+/* $Id: passwd_dlg.h,v 1.5 1997/04/20 06:31:50 assar Exp $ */
+
+#ifndef PASSWD_DLG_H
+#define PASSWD_DLG_H
+
+int pwd_dialog(char *buf, int size);
+
+
+#endif /* PASSWD_DLG_H */
diff --git a/crypto/libdes/pcbc_enc.c b/crypto/libdes/pcbc_enc.c
new file mode 100644
index 0000000..dd69a26
--- /dev/null
+++ b/crypto/libdes/pcbc_enc.c
@@ -0,0 +1,122 @@
+/* crypto/des/pcbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+	     long length, des_key_schedule schedule, des_cblock *ivec, int enc)
+	{
+	register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1;
+	DES_LONG tin[2];
+	const unsigned char *in;
+	unsigned char *out,*iv;
+
+	in=input;
+	out=output;
+	iv = &(*ivec)[0];
+
+	if (enc)
+		{
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		for (; length>0; length-=8)
+			{
+			if (length >= 8)
+				{
+				c2l(in,sin0);
+				c2l(in,sin1);
+				}
+			else
+				c2ln(in,sin0,sin1,length);
+			tin[0]=sin0^xor0;
+			tin[1]=sin1^xor1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			tout0=tin[0];
+			tout1=tin[1];
+			xor0=sin0^tout0;
+			xor1=sin1^tout1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			}
+		}
+	else
+		{
+		c2l(iv,xor0); c2l(iv,xor1);
+		for (; length>0; length-=8)
+			{
+			c2l(in,sin0);
+			c2l(in,sin1);
+			tin[0]=sin0;
+			tin[1]=sin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			if (length >= 8)
+				{
+				l2c(tout0,out);
+				l2c(tout1,out);
+				}
+			else
+				l2cn(tout0,tout1,out,length);
+			xor0=tout0^sin0;
+			xor1=tout1^sin1;
+			}
+		}
+	tin[0]=tin[1]=0;
+	sin0=sin1=xor0=xor1=tout0=tout1=0;
+	}
diff --git a/crypto/libdes/podd.h b/crypto/libdes/podd.h
new file mode 100644
index 0000000..1b2bfe0
--- /dev/null
+++ b/crypto/libdes/podd.h
@@ -0,0 +1,75 @@
+/* crypto/des/podd.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static const unsigned char odd_parity[256]={
+  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
+ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+ 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
+112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
+128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
+145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
+161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
+176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
+193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
+208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
+224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
+241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
diff --git a/crypto/libdes/qud_cksm.c b/crypto/libdes/qud_cksm.c
new file mode 100644
index 0000000..6ce8c61
--- /dev/null
+++ b/crypto/libdes/qud_cksm.c
@@ -0,0 +1,140 @@
+/* crypto/des/qud_cksm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* From "Message Authentication"  R.R. Jueneman, S.M. Matyas, C.H. Meyer
+ * IEEE Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40
+ * This module in only based on the code in this paper and is
+ * almost definitely not the same as the MIT implementation.
+ */
+#include "des_locl.h"
+
+/* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */
+#define Q_B0(a)	(((DES_LONG)(a)))
+#define Q_B1(a)	(((DES_LONG)(a))<<8)
+#define Q_B2(a)	(((DES_LONG)(a))<<16)
+#define Q_B3(a)	(((DES_LONG)(a))<<24)
+
+/* used to scramble things a bit */
+/* Got the value MIT uses via brute force :-) 2/10/90 eay */
+#define NOISE	((DES_LONG)83653421L)
+
+DES_LONG des_quad_cksum(const unsigned char *input, des_cblock output[],
+	     long length, int out_count, des_cblock *seed)
+	{
+	DES_LONG z0,z1,t0,t1;
+	int i;
+	long l;
+	const unsigned char *cp;
+	unsigned char *lp;
+
+	if (out_count < 1) out_count=1;
+	lp = &(output[0])[0];
+
+	z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]);
+	z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]);
+
+	for (i=0; ((i<4)&&(i<out_count)); i++)
+		{
+		cp=input;
+		l=length;
+		while (l > 0)
+			{
+			if (l > 1)
+				{
+				t0= (DES_LONG)(*(cp++));
+				t0|=(DES_LONG)Q_B1(*(cp++));
+				l--;
+				}
+			else
+				t0= (DES_LONG)(*(cp++));
+			l--;
+			/* add */
+			t0+=z0;
+			t0&=0xffffffffL;
+			t1=z1;
+			/* square, well sort of square */
+			z0=((((t0*t0)&0xffffffffL)+((t1*t1)&0xffffffffL))
+				&0xffffffffL)%0x7fffffffL; 
+			z1=((t0*((t1+NOISE)&0xffffffffL))&0xffffffffL)%0x7fffffffL;
+			}
+		if (lp != NULL)
+			{
+			/* I believe I finally have things worked out.
+			 * The MIT library assumes that the checksum
+			 * is one huge number and it is returned in a
+			 * host dependant byte order.
+			 */
+			static DES_LONG ltmp=1;
+			static unsigned char *c=(unsigned char *)&ltmp;
+
+			if (c[0])
+				{
+				l2c(z0,lp);
+				l2c(z1,lp);
+				}
+			else
+				{
+				lp = &(output[out_count-i-1])[0];
+				l2n(z1,lp);
+				l2n(z0,lp);
+				}
+			}
+		}
+	return(z0);
+	}
+
diff --git a/crypto/libdes/rand_key.c b/crypto/libdes/rand_key.c
new file mode 100644
index 0000000..4e89dbc
--- /dev/null
+++ b/crypto/libdes/rand_key.c
@@ -0,0 +1,117 @@
+/* crypto/des/rand_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+#include "des_locl.h"
+#include <time.h>
+#include <unistd.h>
+
+static int seed=0;
+static des_cblock init;
+
+void des_random_seed(des_cblock *key)
+	{
+	memcpy(&init,key,sizeof(des_cblock));
+	seed=1;
+	}
+
+void des_random_key(des_cblock *ret)
+	{
+	des_key_schedule ks;
+	static DES_LONG c=0;
+	static unsigned short pid=0;
+	static des_cblock data={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+	des_cblock key;
+	unsigned char *p;
+	DES_LONG t;
+	int i;
+
+#ifdef MSDOS
+	pid=1;
+#else
+	if (!pid) pid=getpid();
+#endif
+	p=key;
+	if (seed)
+		{
+		for (i=0; i<8; i++)
+			{
+			data[i] ^= init[i];
+			init[i]=0;
+			}
+		seed=0;
+		}
+	t=(DES_LONG)time(NULL);
+	l2c(t,p);
+	t=(DES_LONG)((pid)|((c++)<<16));
+	l2c(t,p);
+
+	des_set_odd_parity(&data);
+	des_set_key(&data,ks);
+	des_cbc_cksum(key,&key,sizeof(key),ks,&data);
+
+	des_set_odd_parity(&key);
+	des_set_key(&key,ks);
+	des_cbc_cksum(key,&data,sizeof(key),ks,&key);
+
+	memcpy(ret,data,sizeof(key));
+	memset(key,0,sizeof(key));
+	memset(ks,0,sizeof(ks));
+	t=0;
+	}
diff --git a/crypto/libdes/read2pwd.c b/crypto/libdes/read2pwd.c
new file mode 100644
index 0000000..a8ceaf0
--- /dev/null
+++ b/crypto/libdes/read2pwd.c
@@ -0,0 +1,84 @@
+/* crypto/des/read2pwd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+int des_read_password(des_cblock *key, const char *prompt, int verify)
+	{
+	int ok;
+	char buf[BUFSIZ],buff[BUFSIZ];
+
+	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+		des_string_to_key(buf,key);
+	memset(buf,0,BUFSIZ);
+	memset(buff,0,BUFSIZ);
+	return(ok);
+	}
+
+int des_read_2passwords(des_cblock *key1, des_cblock *key2, const char *prompt,
+	     int verify)
+	{
+	int ok;
+	char buf[BUFSIZ],buff[BUFSIZ];
+
+	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+		des_string_to_2keys(buf,key1,key2);
+	memset(buf,0,BUFSIZ);
+	memset(buff,0,BUFSIZ);
+	return(ok);
+	}
diff --git a/crypto/libdes/read_pwd.c b/crypto/libdes/read_pwd.c
new file mode 100644
index 0000000..29d60a1
--- /dev/null
+++ b/crypto/libdes/read_pwd.c
@@ -0,0 +1,470 @@
+/* crypto/des/read_pwd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+/* #define SIGACTION */ /* Define this if you have sigaction() */
+
+#ifdef WIN16TTY
+#undef WIN16
+#undef _WINDOWS
+#include <graph.h>
+#endif
+
+/* 06-Apr-92 Luke Brennan    Support for VMS */
+#include "des_locl.h"
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
+#include <setjmp.h>
+#include <errno.h>
+
+#ifdef VMS			/* prototypes for sys$whatever */
+#include <starlet.h>
+#ifdef __DECC
+#pragma message disable DOLLARID
+#endif
+#endif
+
+#ifdef WIN_CONSOLE_BUG
+#include <windows.h>
+#include <wincon.h>
+#endif
+
+
+/* There are 5 types of terminal interface supported,
+ * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
+ */
+
+#if defined(__sgi) && !defined(TERMIOS)
+#define TERMIOS
+#undef  TERMIO
+#undef  SGTTY
+#endif
+
+#if defined(linux) && !defined(TERMIO)
+#undef  TERMIOS
+#define TERMIO
+#undef  SGTTY
+#endif
+
+#ifdef _LIBC
+#undef  TERMIOS
+#define TERMIO
+#undef  SGTTY
+#endif
+
+#if !defined(TERMIO) && !defined(TERMIOS) && !defined(VMS) && !defined(MSDOS)
+#undef  TERMIOS
+#undef  TERMIO
+#define SGTTY
+#endif
+
+#ifdef TERMIOS
+#include <termios.h>
+#define TTY_STRUCT		struct termios
+#define TTY_FLAGS		c_lflag
+#define	TTY_get(tty,data)	tcgetattr(tty,data)
+#define TTY_set(tty,data)	tcsetattr(tty,TCSANOW,data)
+#endif
+
+#ifdef TERMIO
+#include <termio.h>
+#define TTY_STRUCT		struct termio
+#define TTY_FLAGS		c_lflag
+#define TTY_get(tty,data)	ioctl(tty,TCGETA,data)
+#define TTY_set(tty,data)	ioctl(tty,TCSETA,data)
+#endif
+
+#ifdef SGTTY
+#include <sgtty.h>
+#define TTY_STRUCT		struct sgttyb
+#define TTY_FLAGS		sg_flags
+#define TTY_get(tty,data)	ioctl(tty,TIOCGETP,data)
+#define TTY_set(tty,data)	ioctl(tty,TIOCSETP,data)
+#endif
+
+#if !defined(_LIBC) && !defined(MSDOS) && !defined(VMS)
+#include <sys/ioctl.h>
+#endif
+
+#ifdef MSDOS
+#include <conio.h>
+#define fgets(a,b,c) noecho_fgets(a,b,c)
+#endif
+
+#ifdef VMS
+#include <ssdef.h>
+#include <iodef.h>
+#include <ttdef.h>
+#include <descrip.h>
+struct IOSB {
+	short iosb$w_value;
+	short iosb$w_count;
+	long  iosb$l_info;
+	};
+#endif
+
+#ifndef NX509_SIG
+#define NX509_SIG 32
+#endif
+
+static void read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+#if defined(MSDOS) && !defined(WIN16)
+static int noecho_fgets(char *buf, int size, FILE *tty);
+#endif
+#ifdef SIGACTION
+ static struct sigaction savsig[NX509_SIG];
+#else
+  static void (*savsig[NX509_SIG])(int );
+#endif
+static jmp_buf save;
+
+int des_read_pw_string(char *buf, int length, const char *prompt,
+	     int verify)
+	{
+	char buff[BUFSIZ];
+	int ret;
+
+	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+	memset(buff,0,BUFSIZ);
+	return(ret);
+	}
+
+#ifndef WIN16
+
+static void read_till_nl(FILE *in)
+	{
+#define SIZE 4
+	char buf[SIZE+1];
+
+	do	{
+		fgets(buf,SIZE,in);
+		} while (strchr(buf,'\n') == NULL);
+	}
+
+
+/* return 0 if ok, 1 (or -1) otherwise */
+int des_read_pw(char *buf, char *buff, int size, const char *prompt,
+	     int verify)
+	{
+#ifdef VMS
+	struct IOSB iosb;
+	$DESCRIPTOR(terminal,"TT");
+	long tty_orig[3], tty_new[3];
+	long status;
+	unsigned short channel = 0;
+#else
+#ifndef MSDOS
+	TTY_STRUCT tty_orig,tty_new;
+#endif
+#endif
+	int number;
+	int ok;
+	/* statics are simply to avoid warnings about longjmp clobbering
+	   things */
+	static int ps;
+	int is_a_tty;
+	static FILE *tty;
+	char *p;
+
+	if (setjmp(save))
+		{
+		ok=0;
+		goto error;
+		}
+
+	number=5;
+	ok=0;
+	ps=0;
+	is_a_tty=1;
+	tty=NULL;
+
+#ifndef MSDOS
+	if ((tty=fopen("/dev/tty","r")) == NULL)
+		tty=stdin;
+#else /* MSDOS */
+	if ((tty=fopen("con","r")) == NULL)
+		tty=stdin;
+#endif /* MSDOS */
+
+#if defined(TTY_get) && !defined(VMS)
+	if (TTY_get(fileno(tty),&tty_orig) == -1)
+		{
+#ifdef ENOTTY
+		if (errno == ENOTTY)
+			is_a_tty=0;
+		else
+#endif
+#ifdef EINVAL
+		/* Ariel Glenn ariel@columbia.edu reports that solaris
+		 * can return EINVAL instead.  This should be ok */
+		if (errno == EINVAL)
+			is_a_tty=0;
+		else
+#endif
+			return(-1);
+		}
+	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
+#endif
+#ifdef VMS
+	status = sys$assign(&terminal,&channel,0,0);
+	if (status != SS$_NORMAL)
+		return(-1);
+	status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
+	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+		return(-1);
+#endif
+
+	pushsig();
+	ps=1;
+
+#ifdef TTY_FLAGS
+	tty_new.TTY_FLAGS &= ~ECHO;
+#endif
+
+#if defined(TTY_set) && !defined(VMS)
+	if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1))
+		return(-1);
+#endif
+#ifdef VMS
+	tty_new[0] = tty_orig[0];
+	tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+	tty_new[2] = tty_orig[2];
+	status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
+	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+		return(-1);
+#endif
+	ps=2;
+
+	while ((!ok) && (number--))
+		{
+		fputs(prompt,stderr);
+		fflush(stderr);
+
+		buf[0]='\0';
+		fgets(buf,size,tty);
+		if (feof(tty)) goto error;
+		if (ferror(tty)) goto error;
+		if ((p=(char *)strchr(buf,'\n')) != NULL)
+			*p='\0';
+		else	read_till_nl(tty);
+		if (verify)
+			{
+			fprintf(stderr,"\nVerifying password - %s",prompt);
+			fflush(stderr);
+			buff[0]='\0';
+			fgets(buff,size,tty);
+			if (feof(tty)) goto error;
+			if ((p=(char *)strchr(buff,'\n')) != NULL)
+				*p='\0';
+			else	read_till_nl(tty);
+				
+			if (strcmp(buf,buff) != 0)
+				{
+				fprintf(stderr,"\nVerify failure");
+				fflush(stderr);
+				break;
+				/* continue; */
+				}
+			}
+		ok=1;
+		}
+
+error:
+	fprintf(stderr,"\n");
+#ifdef DEBUG
+	perror("fgets(tty)");
+#endif
+	/* What can we do if there is an error? */
+#if defined(TTY_set) && !defined(VMS)
+	if (ps >= 2) TTY_set(fileno(tty),&tty_orig);
+#endif
+#ifdef VMS
+	if (ps >= 2)
+		status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0
+			,tty_orig,12,0,0,0,0);
+#endif
+	
+	if (ps >= 1) popsig();
+	if (stdin != tty) fclose(tty);
+#ifdef VMS
+	status = sys$dassgn(channel);
+#endif
+	return(!ok);
+	}
+
+#else /* WIN16 */
+
+int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify)
+	{ 
+	memset(buf,0,size);
+	memset(buff,0,size);
+	return(0);
+	}
+
+#endif
+
+static void pushsig(void)
+	{
+	int i;
+#ifdef SIGACTION
+	struct sigaction sa;
+
+	memset(&sa,0,sizeof sa);
+	sa.sa_handler=recsig;
+#endif
+
+	for (i=1; i<NX509_SIG; i++)
+		{
+#ifdef SIGUSR1
+		if (i == SIGUSR1)
+			continue;
+#endif
+#ifdef SIGUSR2
+		if (i == SIGUSR2)
+			continue;
+#endif
+#ifdef SIGACTION
+		sigaction(i,&sa,&savsig[i]);
+#else
+		savsig[i]=signal(i,recsig);
+#endif
+		}
+
+#ifdef SIGWINCH
+	signal(SIGWINCH,SIG_DFL);
+#endif
+	}
+
+static void popsig(void)
+	{
+	int i;
+
+	for (i=1; i<NX509_SIG; i++)
+		{
+#ifdef SIGUSR1
+		if (i == SIGUSR1)
+			continue;
+#endif
+#ifdef SIGUSR2
+		if (i == SIGUSR2)
+			continue;
+#endif
+#ifdef SIGACTION
+		sigaction(i,&savsig[i],NULL);
+#else
+		signal(i,savsig[i]);
+#endif
+		}
+	}
+
+static void recsig(int i)
+	{
+	longjmp(save,1);
+#ifdef LINT
+	i=i;
+#endif
+	}
+
+#if defined(MSDOS) && !defined(WIN16)
+static int noecho_fgets(char *buf, int size, FILE *tty)
+	{
+	int i;
+	char *p;
+
+	p=buf;
+	for (;;)
+		{
+		if (size == 0)
+			{
+			*p='\0';
+			break;
+			}
+		size--;
+#ifdef WIN16TTY
+		i=_inchar();
+#else
+		i=getch();
+#endif
+		if (i == '\r') i='\n';
+		*(p++)=i;
+		if (i == '\n')
+			{
+			*p='\0';
+			break;
+			}
+		}
+#ifdef WIN_CONSOLE_BUG
+/* Win95 has several evil console bugs: one of these is that the
+ * last character read using getch() is passed to the next read: this is
+ * usually a CR so this can be trouble. No STDIO fix seems to work but
+ * flushing the console appears to do the trick.
+ */
+		{
+			HANDLE inh;
+			inh = GetStdHandle(STD_INPUT_HANDLE);
+			FlushConsoleInputBuffer(inh);
+		}
+#endif
+	return(strlen(buf));
+	}
+#endif
diff --git a/crypto/libdes/resource.h b/crypto/libdes/resource.h
new file mode 100644
index 0000000..02c6a7c
--- /dev/null
+++ b/crypto/libdes/resource.h
@@ -0,0 +1,18 @@
+//{{NO_DEPENDENCIES}}
+// Microsoft Developer Studio generated include file.
+// Used by passwd_dialog.rc
+//
+#define IDD_PASSWD_DIALOG               101
+#define IDC_EDIT1                       1000
+#define IDC_PASSWD_EDIT                 1001
+
+// Next default values for new objects
+// 
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_NEXT_RESOURCE_VALUE        102
+#define _APS_NEXT_COMMAND_VALUE         40001
+#define _APS_NEXT_CONTROL_VALUE         1002
+#define _APS_NEXT_SYMED_VALUE           101
+#endif
+#endif
diff --git a/crypto/libdes/rnd_keys.c b/crypto/libdes/rnd_keys.c
new file mode 100644
index 0000000..3acc9f8
--- /dev/null
+++ b/crypto/libdes/rnd_keys.c
@@ -0,0 +1,449 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1999 Kungliga Tekniska H�gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      H�gskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	$Id$
+ * $FreeBSD$
+ */
+
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <des.h>
+#include <des_locl.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+
+#ifdef HAVE_WINSOCK_H
+#include <winsock.h>
+#endif
+
+#ifndef RETSIGTYPE
+#define RETSIGTYPE void
+#define SIGRETURN(x) return
+#else
+#define SIGRETURN(x) return (RETSIGTYPE)(x)
+#endif
+
+/*
+ * Generate "random" data by checksumming a file.
+ *
+ * Returns -1 if there were any problems with permissions or I/O
+ * errors.
+ */
+static
+int
+sumFile (const char *name, int len, void *res)
+{
+  u_int32_t sum[2];
+  u_int32_t buf[1024*2];
+  int fd, i;
+
+  fd = open (name, 0);
+  if (fd < 0)
+    return -1;
+
+  while (len > 0)
+    {
+      int n = read(fd, buf, sizeof(buf));
+      if (n < 0)
+	{
+	  close(fd);
+	  return n;
+	}
+      for (i = 0; i < (n/sizeof(buf[0])); i++)
+	{
+	  sum[0] += buf[i];
+	  i++;
+	  sum[1] += buf[i];
+	}
+      len -= n;
+    }
+  close (fd);
+  memcpy (res, &sum, sizeof(sum));
+  return 0;
+}
+
+/*
+ * Create a sequence of random 64 bit blocks.
+ * The sequence is indexed with a long long and 
+ * based on an initial des key used as a seed.
+ */
+static des_key_schedule sequence_seed;
+static u_int32_t sequence_index[2];
+
+/* 
+ * Random number generator based on ideas from truerand in cryptolib
+ * as described on page 424 in Applied Cryptography 2 ed. by Bruce
+ * Schneier.
+ */
+
+static volatile int counter;
+static volatile unsigned char *gdata; /* Global data */
+static volatile int igdata;	/* Index into global data */
+static int gsize;
+
+#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
+/* Visual C++ 4.0 (Windows95/NT) */
+
+static
+RETSIGTYPE
+sigALRM(int sig)
+{
+    if (igdata < gsize)
+	gdata[igdata++] ^= counter & 0xff;
+
+#ifndef HAVE_SIGACTION
+    signal(SIGALRM, sigALRM); /* Reinstall SysV signal handler */
+#endif
+    SIGRETURN(0);
+}
+
+#endif
+
+#if !defined(HAVE_RANDOM) && defined(HAVE_RAND)
+#ifndef srandom
+#define srandom srand
+#endif
+#ifndef random
+#define random rand
+#endif
+#endif
+
+static void
+des_not_rand_data(unsigned char *data, int size)
+{
+  int i;
+
+  srandom (time (NULL));
+
+  for(i = 0; i < size; ++i)
+    data[i] ^= random() % 0x100;
+}
+
+#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
+
+#ifndef HAVE_SETITIMER
+static void
+pacemaker(struct timeval *tv)
+{
+    fd_set fds;
+    pid_t pid;
+    pid = getppid();
+    while(1){
+	FD_ZERO(&fds);
+	FD_SET(0, &fds);
+	select(1, &fds, NULL, NULL, tv);
+	kill(pid, SIGALRM);
+    }
+}
+#endif
+
+#ifdef HAVE_SIGACTION
+/* XXX ugly hack, should perhaps use function from roken */
+static RETSIGTYPE 
+(*fake_signal(int sig, RETSIGTYPE (*f)(int)))(int)
+{
+    struct sigaction sa, osa;
+    sa.sa_handler = f;
+    sa.sa_flags = 0;
+    sigemptyset(&sa.sa_mask);
+    sigaction(sig, &sa, &osa);
+    return osa.sa_handler;
+}
+#define signal(S, F) fake_signal((S), (F))
+#endif
+
+/*
+ * Generate size bytes of "random" data using timed interrupts.
+ * It takes about 40ms/byte random data.
+ * It's not neccessary to be root to run it.
+ */
+void
+des_rand_data(unsigned char *data, int size)
+{
+    struct itimerval tv;
+#ifdef HAVE_SETITIMER
+    struct itimerval otv;
+#endif
+    RETSIGTYPE (*osa)(int);
+    int i, j;
+#ifndef HAVE_SETITIMER 
+    RETSIGTYPE (*ochld)(int);
+    pid_t pid;
+#endif
+    char *rnd_devices[] = {"/dev/random",
+			   "/dev/srandom",
+			   "/dev/urandom",
+			   NULL};
+    char **p;
+
+    for(p = rnd_devices; *p; p++) {
+      int fd = open(*p, O_RDONLY | O_NDELAY);
+      
+      if(fd >= 0 && read(fd, data, size) == size) {
+	close(fd);
+	return;
+      }
+      close(fd);
+    }
+
+    /* Paranoia? Initialize data from /dev/mem if we can read it. */
+    if (size >= 8)
+      sumFile("/dev/mem", (1024*1024*2), data);
+
+    gdata = data;
+    gsize = size;
+    igdata = 0;
+
+    osa = signal(SIGALRM, sigALRM);
+  
+    /* Start timer */
+    tv.it_value.tv_sec = 0;
+    tv.it_value.tv_usec = 10 * 1000; /* 10 ms */
+    tv.it_interval = tv.it_value;
+#ifdef HAVE_SETITIMER
+    setitimer(ITIMER_REAL, &tv, &otv);
+#else
+    ochld = signal(SIGCHLD, SIG_IGN);
+    pid = fork();
+    if(pid == -1){
+	signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL);
+	des_not_rand_data(data, size);
+	return;
+    }
+    if(pid == 0)
+	pacemaker(&tv.it_interval);
+#endif
+
+    for(i = 0; i < 4; i++) {
+	for (igdata = 0; igdata < size;) /* igdata++ in sigALRM */
+	    counter++;
+	for (j = 0; j < size; j++) /* Only use 2 bits each lap */
+	    gdata[j] = (gdata[j]>>2) | (gdata[j]<<6);
+    }
+#ifdef HAVE_SETITIMER
+    setitimer(ITIMER_REAL, &otv, 0);
+#else
+    kill(pid, SIGKILL);
+    while(waitpid(pid, NULL, 0) != pid);
+    signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL);
+#endif
+    signal(SIGALRM, osa != SIG_ERR ? osa : SIG_DFL);
+}
+#else
+void
+des_rand_data(unsigned char *p, int s)
+{
+  des_not_rand_data (p, s);
+}
+#endif
+
+void
+des_generate_random_block(des_cblock *block)
+{
+  des_rand_data((unsigned char *)block, sizeof(*block));
+}
+
+/*
+ * Generate a "random" DES key.
+ */
+void
+des_rand_data_key(des_cblock *key)
+{
+    unsigned char data[8];
+    des_key_schedule sched;
+    do {
+	des_rand_data(data, sizeof(data));
+	des_rand_data((unsigned char*)key, sizeof(des_cblock));
+	des_set_odd_parity(key);
+	des_key_sched(key, sched);
+	des_ecb_encrypt(&data, key, sched, DES_ENCRYPT);
+	memset(&data, 0, sizeof(data));
+	memset(&sched, 0, sizeof(sched));
+	des_set_odd_parity(key);
+    } while(des_is_weak_key(key));
+}
+
+/*
+ * Generate "random" data by checksumming /dev/mem
+ *
+ * It's neccessary to be root to run it. Returns -1 if there were any
+ * problems with permissions.
+ */
+int
+des_mem_rand8(unsigned char *data)
+{
+  return 1;
+}
+
+/*
+ * In case the generator does not get initialized use this as fallback.
+ */
+static int initialized;
+
+static void
+do_initialize(void)
+{
+    des_cblock default_seed;
+    do {
+	des_generate_random_block(&default_seed);
+	des_set_odd_parity(&default_seed);
+    } while (des_is_weak_key(&default_seed));
+    des_init_random_number_generator(&default_seed);
+}
+
+#define zero_long_long(ll) do { ll[0] = ll[1] = 0; } while (0)
+
+#define incr_long_long(ll) do { if (++ll[0] == 0) ++ll[1]; } while (0)
+
+#define set_sequence_number(ll) \
+memcpy((char *)sequence_index, (ll), sizeof(sequence_index));
+
+/*
+ * Set the sequnce number to this value (a long long).
+ */
+void
+des_set_sequence_number(unsigned char *ll)
+{
+    set_sequence_number(ll);
+}
+
+/*
+ * Set the generator seed and reset the sequence number to 0.
+ */
+void
+des_set_random_generator_seed(des_cblock *seed)
+{
+    des_key_sched(seed, sequence_seed);
+    zero_long_long(sequence_index);
+    initialized = 1;
+}
+
+/*
+ * Generate a sequence of random des keys
+ * using the random block sequence, fixup
+ * parity and skip weak keys.
+ */
+int
+des_new_random_key(des_cblock *key)
+{
+    if (!initialized)
+	do_initialize();
+
+    do {
+	des_ecb_encrypt((des_cblock *) sequence_index,
+			key,
+			sequence_seed,
+			DES_ENCRYPT);
+	incr_long_long(sequence_index);
+	/* random key must have odd parity and not be weak */
+	des_set_odd_parity(key);
+    } while (des_is_weak_key(key));
+    return(0);
+}
+
+/*
+ * des_init_random_number_generator:
+ *
+ * Initialize the sequence of random 64 bit blocks.  The input seed
+ * can be a secret key since it should be well hidden and is also not
+ * kept.
+ *
+ */
+void 
+des_init_random_number_generator(des_cblock *seed)
+{
+    struct timeval now;
+    des_cblock uniq;
+    des_cblock new_key;
+
+    gettimeofday(&now, (struct timezone *)0);
+    des_generate_random_block(&uniq);
+
+    /* Pick a unique random key from the shared sequence. */
+    des_set_random_generator_seed(seed);
+    set_sequence_number((unsigned char *)&uniq);
+    des_new_random_key(&new_key);
+
+    /* Select a new nonshared sequence, */
+    des_set_random_generator_seed(&new_key);
+
+    /* and use the current time to pick a key for the new sequence. */
+    set_sequence_number((unsigned char *)&now);
+    des_new_random_key(&new_key);
+    des_set_random_generator_seed(&new_key);
+}
+
+#ifdef TESTRUN
+int
+main()
+{
+    unsigned char data[8];
+    int i;
+
+    while (1)
+        {
+	    if (sumFile("/dev/mem", (1024*1024*8), data) != 0)
+	      { perror("sumFile"); exit(1); }
+            for (i = 0; i < 8; i++)
+                printf("%02x", data[i]);
+            printf("\n");
+        }
+}
+#endif
+
+#ifdef TESTRUN2
+int
+main()
+{
+    des_cblock data;
+    int i;
+
+    while (1)
+        {
+	    do_initialize();
+            des_random_key(data);
+            for (i = 0; i < 8; i++)
+                printf("%02x", data[i]);
+            printf("\n");
+        }
+}
+#endif
diff --git a/crypto/libdes/rpc_des.h b/crypto/libdes/rpc_des.h
new file mode 100644
index 0000000..4cbb4d2
--- /dev/null
+++ b/crypto/libdes/rpc_des.h
@@ -0,0 +1,131 @@
+/* crypto/des/rpc_des.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*  @(#)des.h	2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI  */
+/*
+ * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
+ * unrestricted use provided that this legend is included on all tape
+ * media and as a part of the software program in whole or part.  Users
+ * may copy or modify Sun RPC without charge, but are not authorized
+ * to license or distribute it to anyone else except as part of a product or
+ * program developed by the user.
+ * 
+ * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
+ * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
+ * 
+ * Sun RPC is provided with no support and without any obligation on the
+ * part of Sun Microsystems, Inc. to assist in its use, correction,
+ * modification or enhancement.
+ * 
+ * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
+ * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
+ * OR ANY PART THEREOF.
+ * 
+ * In no event will Sun Microsystems, Inc. be liable for any lost revenue
+ * or profits or other special, indirect and consequential damages, even if
+ * Sun has been advised of the possibility of such damages.
+ * 
+ * Sun Microsystems, Inc.
+ * 2550 Garcia Avenue
+ * Mountain View, California  94043
+ */
+/*
+ * Generic DES driver interface
+ * Keep this file hardware independent!
+ * Copyright (c) 1986 by Sun Microsystems, Inc.
+ */
+
+#define DES_MAXLEN 	65536	/* maximum # of bytes to encrypt  */
+#define DES_QUICKLEN	16	/* maximum # of bytes to encrypt quickly */
+
+#ifdef HEADER_DES_H
+#undef ENCRYPT
+#undef DECRYPT
+#endif
+
+enum desdir { ENCRYPT, DECRYPT };
+enum desmode { CBC, ECB };
+
+/*
+ * parameters to ioctl call
+ */
+struct desparams {
+	unsigned char des_key[8];	/* key (with low bit parity) */
+	enum desdir des_dir;	/* direction */
+	enum desmode des_mode;	/* mode */
+	unsigned char des_ivec[8];	/* input vector */
+	unsigned des_len;	/* number of bytes to crypt */
+	union {
+		unsigned char UDES_data[DES_QUICKLEN];
+		unsigned char *UDES_buf;
+	} UDES;
+#	define des_data UDES.UDES_data	/* direct data here if quick */
+#	define des_buf	UDES.UDES_buf	/* otherwise, pointer to data */
+};
+
+/*
+ * Encrypt an arbitrary sized buffer
+ */
+#define	DESIOCBLOCK	_IOWR(d, 6, struct desparams)
+
+/* 
+ * Encrypt of small amount of data, quickly
+ */
+#define DESIOCQUICK	_IOWR(d, 7, struct desparams) 
+
diff --git a/crypto/libdes/rpc_enc.c b/crypto/libdes/rpc_enc.c
new file mode 100644
index 0000000..c96c204
--- /dev/null
+++ b/crypto/libdes/rpc_enc.c
@@ -0,0 +1,98 @@
+/* crypto/des/rpc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "rpc_des.h"
+#include "des_locl.h"
+#include "des_ver.h"
+
+int _des_crypt(char *buf,int len,struct desparams *desp);
+int _des_crypt(char *buf, int len, struct desparams *desp)
+	{
+	des_key_schedule ks;
+	int enc;
+
+	des_set_key(&desp->des_key,ks);
+	enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT;
+
+	if (desp->des_mode == CBC)
+		des_ecb_encrypt((const_des_cblock *)desp->UDES.UDES_buf,
+				(des_cblock *)desp->UDES.UDES_buf,ks,
+				enc);
+	else
+		{
+		des_ncbc_encrypt(desp->UDES.UDES_buf,desp->UDES.UDES_buf,
+				len,ks,&desp->des_ivec,enc);
+#ifdef undef
+		/* len will always be %8 if called from common_crypt
+		 * in secure_rpc.
+		 * Libdes's cbc encrypt does not copy back the iv,
+		 * so we have to do it here. */
+		/* It does now :-) eay 20/09/95 */
+
+		a=(char *)&(desp->UDES.UDES_buf[len-8]);
+		b=(char *)&(desp->des_ivec[0]);
+
+		*(a++)= *(b++); *(a++)= *(b++);
+		*(a++)= *(b++); *(a++)= *(b++);
+		*(a++)= *(b++); *(a++)= *(b++);
+		*(a++)= *(b++); *(a++)= *(b++);
+#endif
+		}
+	return(1);	
+	}
+
diff --git a/crypto/libdes/rpw.c b/crypto/libdes/rpw.c
new file mode 100644
index 0000000..96cb318
--- /dev/null
+++ b/crypto/libdes/rpw.c
@@ -0,0 +1,101 @@
+/* crypto/des/rpw.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ *
+ * $FreeBSD$
+ */
+
+#include <stdio.h>
+#include <des.h>
+
+int main(int argc, char *argv[])
+	{
+	des_cblock k,k1;
+	int i;
+
+	printf("read passwd\n");
+	if ((i=des_read_password(&k,"Enter password:",0)) == 0)
+		{
+		printf("password = ");
+		for (i=0; i<8; i++)
+			printf("%02x ",k[i]);
+		}
+	else
+		printf("error %d\n",i);
+	printf("\n");
+	printf("read 2passwds and verify\n");
+	if ((i=des_read_2passwords(&k,&k1,
+		"Enter verified password:",1)) == 0)
+		{
+		printf("password1 = ");
+		for (i=0; i<8; i++)
+			printf("%02x ",k[i]);
+		printf("\n");
+		printf("password2 = ");
+		for (i=0; i<8; i++)
+			printf("%02x ",k1[i]);
+		printf("\n");
+		exit(1);
+		}
+	else
+		{
+		printf("error %d\n",i);
+		exit(0);
+		}
+#ifdef LINT
+	return(0);
+#endif
+	}
diff --git a/crypto/libdes/set_key.c b/crypto/libdes/set_key.c
new file mode 100644
index 0000000..f4ae6d7
--- /dev/null
+++ b/crypto/libdes/set_key.c
@@ -0,0 +1,236 @@
+/* crypto/des/set_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+/* set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ */
+#include "des_locl.h"
+#include "podd.h"
+#include "sk.h"
+
+static int check_parity(const_des_cblock *key);
+int des_check_key=0;
+
+void des_set_odd_parity(des_cblock *key)
+	{
+	int i;
+
+	for (i=0; i<DES_KEY_SZ; i++)
+		(*key)[i]=odd_parity[(*key)[i]];
+	}
+
+static int check_parity(const_des_cblock *key)
+	{
+	int i;
+
+	for (i=0; i<DES_KEY_SZ; i++)
+		{
+		if ((*key)[i] != odd_parity[(*key)[i]])
+			return(0);
+		}
+	return(1);
+	}
+
+/* Weak and semi week keys as take from
+ * %A D.W. Davies
+ * %A W.L. Price
+ * %T Security for Computer Networks
+ * %I John Wiley & Sons
+ * %D 1984
+ * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
+ * (and actual cblock values).
+ */
+#define NUM_WEAK_KEY	16
+static des_cblock weak_keys[NUM_WEAK_KEY]={
+	/* weak keys */
+	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+	{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
+	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+	{0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},
+	/* semi-weak keys */
+	{0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
+	{0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
+	{0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
+	{0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
+	{0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
+	{0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
+	{0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
+	{0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
+	{0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
+	{0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
+	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+	{0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
+
+int des_is_weak_key(const_des_cblock *key)
+	{
+	int i;
+
+	for (i=0; i<NUM_WEAK_KEY; i++)
+		/* Added == 0 to comparision, I obviously don't run
+		 * this section very often :-(, thanks to
+		 * engineering@MorningStar.Com for the fix
+		 * eay 93/06/29
+		 * Another problem, I was comparing only the first 4
+		 * bytes, 97/03/18 */
+		if (memcmp(weak_keys[i],key,sizeof(des_cblock)) == 0) return(1);
+	return(0);
+	}
+
+/* NOW DEFINED IN des_local.h
+ * See ecb_encrypt.c for a pseudo description of these macros. 
+ * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+ * 	(b)^=(t),\
+ * 	(a)=((a)^((t)<<(n))))
+ */
+
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+	(a)=(a)^(t)^(t>>(16-(n))))
+
+/* return 0 if key parity is odd (correct),
+ * return -1 if key parity error,
+ * return -2 if illegal weak key.
+ */
+int des_set_key(const_des_cblock *key, des_key_schedule schedule)
+	{
+	static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
+	register DES_LONG c,d,t,s,t2;
+	register const unsigned char *in;
+	register DES_LONG *k;
+	register int i;
+
+	if (des_check_key)
+		{
+		if (!check_parity(key))
+			return(-1);
+
+		if (des_is_weak_key(key))
+			return(-2);
+		}
+
+	k = &schedule->ks.deslong[0];
+	in = &(*key)[0];
+
+	c2l(in,c);
+	c2l(in,d);
+
+	/* do PC1 in 60 simple operations */ 
+/*	PERM_OP(d,c,t,4,0x0f0f0f0fL);
+	HPERM_OP(c,t,-2, 0xcccc0000L);
+	HPERM_OP(c,t,-1, 0xaaaa0000L);
+	HPERM_OP(c,t, 8, 0x00ff0000L);
+	HPERM_OP(c,t,-1, 0xaaaa0000L);
+	HPERM_OP(d,t,-8, 0xff000000L);
+	HPERM_OP(d,t, 8, 0x00ff0000L);
+	HPERM_OP(d,t, 2, 0x33330000L);
+	d=((d&0x00aa00aaL)<<7L)|((d&0x55005500L)>>7L)|(d&0xaa55aa55L);
+	d=(d>>8)|((c&0xf0000000L)>>4);
+	c&=0x0fffffffL; */
+
+	/* I now do it in 47 simple operations :-)
+	 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+	 * for the inspiration. :-) */
+	PERM_OP (d,c,t,4,0x0f0f0f0fL);
+	HPERM_OP(c,t,-2,0xcccc0000L);
+	HPERM_OP(d,t,-2,0xcccc0000L);
+	PERM_OP (d,c,t,1,0x55555555L);
+	PERM_OP (c,d,t,8,0x00ff00ffL);
+	PERM_OP (d,c,t,1,0x55555555L);
+	d=	(((d&0x000000ffL)<<16L)| (d&0x0000ff00L)     |
+		 ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));
+	c&=0x0fffffffL;
+
+	for (i=0; i<ITERATIONS; i++)
+		{
+		if (shifts2[i])
+			{ c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }
+		else
+			{ c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }
+		c&=0x0fffffffL;
+		d&=0x0fffffffL;
+		/* could be a few less shifts but I am to lazy at this
+		 * point in time to investigate */
+		s=	des_skb[0][ (c    )&0x3f                ]|
+			des_skb[1][((c>> 6)&0x03)|((c>> 7L)&0x3c)]|
+			des_skb[2][((c>>13)&0x0f)|((c>>14L)&0x30)]|
+			des_skb[3][((c>>20)&0x01)|((c>>21L)&0x06) |
+						  ((c>>22L)&0x38)];
+		t=	des_skb[4][ (d    )&0x3f                ]|
+			des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
+			des_skb[6][ (d>>15L)&0x3f                ]|
+			des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
+
+		/* table contained 0213 4657 */
+		t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;
+		*(k++)=ROTATE(t2,30)&0xffffffffL;
+
+		t2=((s>>16L)|(t&0xffff0000L));
+		*(k++)=ROTATE(t2,26)&0xffffffffL;
+		}
+	return(0);
+	}
+
+int des_key_sched(const_des_cblock *key, des_key_schedule schedule)
+	{
+	return(des_set_key(key,schedule));
+	}
diff --git a/crypto/libdes/shifts.pl b/crypto/libdes/shifts.pl
new file mode 100644
index 0000000..ba686d8
--- /dev/null
+++ b/crypto/libdes/shifts.pl
@@ -0,0 +1,198 @@
+#!/usr/local/bin/perl
+
+sub lab_shift
+	{
+	local(*a,$n)=@_;
+	local(@r,$i,$j,$k,$d,@z);
+
+	@r=&shift(*a,$n);
+	foreach $i (0 .. 31)
+		{
+		@z=split(/\^/,$r[$i]);
+		for ($j=0; $j <= $#z; $j++)
+			{
+			($d)=($z[$j] =~ /^(..)/);
+			($k)=($z[$j] =~ /\[(.*)\]$/);
+			$k.=",$n" if ($k ne "");
+			$k="$n"	  if ($k eq "");
+			$d="$d[$k]";
+			$z[$j]=$d;
+			}
+		$r[$i]=join('^',@z);
+		}
+	return(@r);
+	}
+
+sub shift
+	{
+	local(*a,$n)=@_;
+	local(@f);
+
+	if ($n > 0)
+		{
+		@f=&shiftl(*a,$n);
+		}
+	else
+		{
+		@f=&shiftr(*a,-$n);
+		}
+	return(@f);
+	}
+
+sub rotate
+	{
+	local(*a,$n)=@_;
+	local(@f);
+
+	if ($n > 0)
+		{ @f=&rotatel(*a,$n); }
+	else
+		{ @f=&rotater(*a,-$n); }
+	return(@f);
+	}
+
+sub rotater
+	{
+	local(*a,$n)=@_;
+	local(@f,@g);
+
+	@f=&shiftr(*a,$n);
+	@g=&shiftl(*a,32-$n);
+	$#f=31;
+	$#g=31;
+	return(&or(*f,*g));
+	}
+
+sub rotatel
+	{
+	local(*a,$n)=@_;
+	local(@f,@g);
+
+	@f=&shiftl(*a,$n);
+	@g=&shiftr(*a,32-$n);
+	$#f=31;
+	$#g=31;
+	return(&or(*f,*g));
+	}
+
+sub shiftr
+	{
+	local(*a,$n)=@_;
+	local(@r,$i);
+
+	$#r=31;
+	foreach $i (0 .. 31)
+		{
+		if (($i+$n) > 31)
+			{
+			$r[$i]="--";
+			}
+		else
+			{
+			$r[$i]=$a[$i+$n];
+			}
+		}
+	return(@r);
+	}
+
+sub shiftl
+	{
+	local(*a,$n)=@_;
+	local(@r,$i);
+
+	$#r=31;
+	foreach $i (0 .. 31)
+		{
+		if ($i < $n)
+			{
+			$r[$i]="--";
+			}
+		else
+			{
+			$r[$i]=$a[$i-$n];
+			}
+		}
+	return(@r);
+	}
+
+sub printit
+	{
+	local(@a)=@_;
+	local($i);
+
+	foreach $i (0 .. 31)
+		{
+		printf "%2s  ",$a[$i];
+		print "\n" if (($i%8) == 7);
+		}
+	print "\n";
+	}
+
+sub xor
+	{
+	local(*a,*b)=@_;
+	local(@r,$i);
+
+	$#r=31;
+	foreach $i (0 .. 31)
+		{
+		$r[$i]=&compress($a[$i].'^'.$b[$i]);
+#		$r[$i]=$a[$i]."^".$b[$i];
+		}
+	return(@r);
+	}
+
+sub and
+	{
+	local(*a,$m)=@_;
+	local(@r,$i);
+
+	$#r=31;
+	foreach $i (0 .. 31)
+		{
+		$r[$i]=(($m & (1<<$i))?($a[$i]):('--'));
+		}
+	return(@r);
+	}
+
+sub or
+	{
+	local(*a,*b)=@_;
+	local(@r,$i);
+
+	$#r=31;
+	foreach $i (0 .. 31)
+		{
+		$r[$i]='--'   if (($a[$i] eq '--') && ($b[$i] eq '--'));
+		$r[$i]=$a[$i] if (($a[$i] ne '--') && ($b[$i] eq '--'));
+		$r[$i]=$b[$i] if (($a[$i] eq '--') && ($b[$i] ne '--'));
+		$r[$i]='++'   if (($a[$i] ne '--') && ($b[$i] ne '--'));
+		}
+	return(@r);
+	}
+
+sub compress
+	{
+	local($s)=@_;
+	local($_,$i,@a,%a,$r);
+
+	$s =~ s/\^\^/\^/g;
+	$s =~ s/^\^//;
+	$s =~ s/\^$//;
+	@a=split(/\^/,$s);
+
+	while ($#a >= 0)
+		{
+		$_=shift(@a);
+		next unless /\d/;
+		$a{$_}++;
+		}
+	foreach $i (sort keys %a)
+		{
+		next if ($a{$i}%2 == 0);
+		$r.="$i^";
+		}
+	chop($r);
+	return($r);
+	}
+1;
diff --git a/crypto/libdes/sk.h b/crypto/libdes/sk.h
new file mode 100644
index 0000000..f2ade88
--- /dev/null
+++ b/crypto/libdes/sk.h
@@ -0,0 +1,204 @@
+/* crypto/des/sk.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static const DES_LONG des_skb[8][64]={
+{
+/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+0x00000000L,0x00000010L,0x20000000L,0x20000010L,
+0x00010000L,0x00010010L,0x20010000L,0x20010010L,
+0x00000800L,0x00000810L,0x20000800L,0x20000810L,
+0x00010800L,0x00010810L,0x20010800L,0x20010810L,
+0x00000020L,0x00000030L,0x20000020L,0x20000030L,
+0x00010020L,0x00010030L,0x20010020L,0x20010030L,
+0x00000820L,0x00000830L,0x20000820L,0x20000830L,
+0x00010820L,0x00010830L,0x20010820L,0x20010830L,
+0x00080000L,0x00080010L,0x20080000L,0x20080010L,
+0x00090000L,0x00090010L,0x20090000L,0x20090010L,
+0x00080800L,0x00080810L,0x20080800L,0x20080810L,
+0x00090800L,0x00090810L,0x20090800L,0x20090810L,
+0x00080020L,0x00080030L,0x20080020L,0x20080030L,
+0x00090020L,0x00090030L,0x20090020L,0x20090030L,
+0x00080820L,0x00080830L,0x20080820L,0x20080830L,
+0x00090820L,0x00090830L,0x20090820L,0x20090830L,
+},{
+/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+0x00000000L,0x02000000L,0x00002000L,0x02002000L,
+0x00200000L,0x02200000L,0x00202000L,0x02202000L,
+0x00000004L,0x02000004L,0x00002004L,0x02002004L,
+0x00200004L,0x02200004L,0x00202004L,0x02202004L,
+0x00000400L,0x02000400L,0x00002400L,0x02002400L,
+0x00200400L,0x02200400L,0x00202400L,0x02202400L,
+0x00000404L,0x02000404L,0x00002404L,0x02002404L,
+0x00200404L,0x02200404L,0x00202404L,0x02202404L,
+0x10000000L,0x12000000L,0x10002000L,0x12002000L,
+0x10200000L,0x12200000L,0x10202000L,0x12202000L,
+0x10000004L,0x12000004L,0x10002004L,0x12002004L,
+0x10200004L,0x12200004L,0x10202004L,0x12202004L,
+0x10000400L,0x12000400L,0x10002400L,0x12002400L,
+0x10200400L,0x12200400L,0x10202400L,0x12202400L,
+0x10000404L,0x12000404L,0x10002404L,0x12002404L,
+0x10200404L,0x12200404L,0x10202404L,0x12202404L,
+},{
+/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+0x00000000L,0x00000001L,0x00040000L,0x00040001L,
+0x01000000L,0x01000001L,0x01040000L,0x01040001L,
+0x00000002L,0x00000003L,0x00040002L,0x00040003L,
+0x01000002L,0x01000003L,0x01040002L,0x01040003L,
+0x00000200L,0x00000201L,0x00040200L,0x00040201L,
+0x01000200L,0x01000201L,0x01040200L,0x01040201L,
+0x00000202L,0x00000203L,0x00040202L,0x00040203L,
+0x01000202L,0x01000203L,0x01040202L,0x01040203L,
+0x08000000L,0x08000001L,0x08040000L,0x08040001L,
+0x09000000L,0x09000001L,0x09040000L,0x09040001L,
+0x08000002L,0x08000003L,0x08040002L,0x08040003L,
+0x09000002L,0x09000003L,0x09040002L,0x09040003L,
+0x08000200L,0x08000201L,0x08040200L,0x08040201L,
+0x09000200L,0x09000201L,0x09040200L,0x09040201L,
+0x08000202L,0x08000203L,0x08040202L,0x08040203L,
+0x09000202L,0x09000203L,0x09040202L,0x09040203L,
+},{
+/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+0x00000000L,0x00100000L,0x00000100L,0x00100100L,
+0x00000008L,0x00100008L,0x00000108L,0x00100108L,
+0x00001000L,0x00101000L,0x00001100L,0x00101100L,
+0x00001008L,0x00101008L,0x00001108L,0x00101108L,
+0x04000000L,0x04100000L,0x04000100L,0x04100100L,
+0x04000008L,0x04100008L,0x04000108L,0x04100108L,
+0x04001000L,0x04101000L,0x04001100L,0x04101100L,
+0x04001008L,0x04101008L,0x04001108L,0x04101108L,
+0x00020000L,0x00120000L,0x00020100L,0x00120100L,
+0x00020008L,0x00120008L,0x00020108L,0x00120108L,
+0x00021000L,0x00121000L,0x00021100L,0x00121100L,
+0x00021008L,0x00121008L,0x00021108L,0x00121108L,
+0x04020000L,0x04120000L,0x04020100L,0x04120100L,
+0x04020008L,0x04120008L,0x04020108L,0x04120108L,
+0x04021000L,0x04121000L,0x04021100L,0x04121100L,
+0x04021008L,0x04121008L,0x04021108L,0x04121108L,
+},{
+/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+0x00000000L,0x10000000L,0x00010000L,0x10010000L,
+0x00000004L,0x10000004L,0x00010004L,0x10010004L,
+0x20000000L,0x30000000L,0x20010000L,0x30010000L,
+0x20000004L,0x30000004L,0x20010004L,0x30010004L,
+0x00100000L,0x10100000L,0x00110000L,0x10110000L,
+0x00100004L,0x10100004L,0x00110004L,0x10110004L,
+0x20100000L,0x30100000L,0x20110000L,0x30110000L,
+0x20100004L,0x30100004L,0x20110004L,0x30110004L,
+0x00001000L,0x10001000L,0x00011000L,0x10011000L,
+0x00001004L,0x10001004L,0x00011004L,0x10011004L,
+0x20001000L,0x30001000L,0x20011000L,0x30011000L,
+0x20001004L,0x30001004L,0x20011004L,0x30011004L,
+0x00101000L,0x10101000L,0x00111000L,0x10111000L,
+0x00101004L,0x10101004L,0x00111004L,0x10111004L,
+0x20101000L,0x30101000L,0x20111000L,0x30111000L,
+0x20101004L,0x30101004L,0x20111004L,0x30111004L,
+},{
+/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+0x00000000L,0x08000000L,0x00000008L,0x08000008L,
+0x00000400L,0x08000400L,0x00000408L,0x08000408L,
+0x00020000L,0x08020000L,0x00020008L,0x08020008L,
+0x00020400L,0x08020400L,0x00020408L,0x08020408L,
+0x00000001L,0x08000001L,0x00000009L,0x08000009L,
+0x00000401L,0x08000401L,0x00000409L,0x08000409L,
+0x00020001L,0x08020001L,0x00020009L,0x08020009L,
+0x00020401L,0x08020401L,0x00020409L,0x08020409L,
+0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
+0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
+0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
+0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
+0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
+0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
+0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
+0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
+},{
+/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+0x00000000L,0x00000100L,0x00080000L,0x00080100L,
+0x01000000L,0x01000100L,0x01080000L,0x01080100L,
+0x00000010L,0x00000110L,0x00080010L,0x00080110L,
+0x01000010L,0x01000110L,0x01080010L,0x01080110L,
+0x00200000L,0x00200100L,0x00280000L,0x00280100L,
+0x01200000L,0x01200100L,0x01280000L,0x01280100L,
+0x00200010L,0x00200110L,0x00280010L,0x00280110L,
+0x01200010L,0x01200110L,0x01280010L,0x01280110L,
+0x00000200L,0x00000300L,0x00080200L,0x00080300L,
+0x01000200L,0x01000300L,0x01080200L,0x01080300L,
+0x00000210L,0x00000310L,0x00080210L,0x00080310L,
+0x01000210L,0x01000310L,0x01080210L,0x01080310L,
+0x00200200L,0x00200300L,0x00280200L,0x00280300L,
+0x01200200L,0x01200300L,0x01280200L,0x01280300L,
+0x00200210L,0x00200310L,0x00280210L,0x00280310L,
+0x01200210L,0x01200310L,0x01280210L,0x01280310L,
+},{
+/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+0x00000000L,0x04000000L,0x00040000L,0x04040000L,
+0x00000002L,0x04000002L,0x00040002L,0x04040002L,
+0x00002000L,0x04002000L,0x00042000L,0x04042000L,
+0x00002002L,0x04002002L,0x00042002L,0x04042002L,
+0x00000020L,0x04000020L,0x00040020L,0x04040020L,
+0x00000022L,0x04000022L,0x00040022L,0x04040022L,
+0x00002020L,0x04002020L,0x00042020L,0x04042020L,
+0x00002022L,0x04002022L,0x00042022L,0x04042022L,
+0x00000800L,0x04000800L,0x00040800L,0x04040800L,
+0x00000802L,0x04000802L,0x00040802L,0x04040802L,
+0x00002800L,0x04002800L,0x00042800L,0x04042800L,
+0x00002802L,0x04002802L,0x00042802L,0x04042802L,
+0x00000820L,0x04000820L,0x00040820L,0x04040820L,
+0x00000822L,0x04000822L,0x00040822L,0x04040822L,
+0x00002820L,0x04002820L,0x00042820L,0x04042820L,
+0x00002822L,0x04002822L,0x00042822L,0x04042822L,
+}};
diff --git a/crypto/libdes/speed.c b/crypto/libdes/speed.c
new file mode 100644
index 0000000..da41abc
--- /dev/null
+++ b/crypto/libdes/speed.c
@@ -0,0 +1,310 @@
+/* crypto/des/speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#include <signal.h>
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/des.h>
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   define HZ	100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#define BUFSIZE	((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+double Time_F(int s)
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#endif
+	}
+
+int main(int argc, char **argv)
+	{
+	long count;
+	static unsigned char buf[BUFSIZE];
+	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	des_key_schedule sch,sch2,sch3;
+	double a,b,c,d,e;
+#ifndef SIGALRM
+	long ca,cb,cc,cd,ce;
+#endif
+
+#ifndef TIMES
+	printf("To get the most acurate results, try to run this\n");
+	printf("program when this computer is idle.\n");
+#endif
+
+	des_set_key(&key2,sch2);
+	des_set_key(&key3,sch3);
+
+#ifndef SIGALRM
+	printf("First we calculate the approximate speed ...\n");
+	des_set_key(&key,sch);
+	count=10;
+	do	{
+		long i;
+		DES_LONG data[2];
+
+		count*=2;
+		Time_F(START);
+		for (i=count; i; i--)
+			des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+		d=Time_F(STOP);
+		} while (d < 3.0);
+	ca=count;
+	cb=count*3;
+	cc=count*3*8/BUFSIZE+1;
+	cd=count*8/BUFSIZE+1;
+	ce=count/20+1;
+	printf("Doing set_key %ld times\n",ca);
+#define COND(d)	(count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c)	(run)
+#define COUNT(d) (count)
+	signal(SIGALRM,sig_done);
+	printf("Doing set_key for 10 seconds\n");
+	alarm(10);
+#endif
+
+	Time_F(START);
+	for (count=0,run=1; COND(ca); count++)
+		des_set_key(&key,sch);
+	d=Time_F(STOP);
+	printf("%ld set_key's in %.2f seconds\n",count,d);
+	a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+	printf("Doing des_encrypt's for 10 seconds\n");
+	alarm(10);
+#else
+	printf("Doing des_encrypt %ld times\n",cb);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cb); count++)
+		{
+		DES_LONG data[2];
+
+		des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+		}
+	d=Time_F(STOP);
+	printf("%ld des_encrypt's in %.2f second\n",count,d);
+	b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+	printf("Doing des_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+		BUFSIZE);
+	alarm(10);
+#else
+	printf("Doing des_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+		BUFSIZE);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cc); count++)
+		des_ncbc_encrypt(buf,buf,BUFSIZE,&(sch[0]),
+			&key,DES_ENCRYPT);
+	d=Time_F(STOP);
+	printf("%ld des_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+		count,BUFSIZE,d);
+	c=((double)COUNT(cc)*BUFSIZE)/d;
+
+#ifdef SIGALRM
+	printf("Doing des_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+		BUFSIZE);
+	alarm(10);
+#else
+	printf("Doing des_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,
+		BUFSIZE);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cd); count++)
+		des_ede3_cbc_encrypt(buf,buf,BUFSIZE,
+			&(sch[0]),
+			&(sch2[0]),
+			&(sch3[0]),
+			&key,
+			DES_ENCRYPT);
+	d=Time_F(STOP);
+	printf("%ld des_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+		count,BUFSIZE,d);
+	d=((double)COUNT(cd)*BUFSIZE)/d;
+
+#ifdef SIGALRM
+	printf("Doing crypt for 10 seconds\n");
+	alarm(10);
+#else
+	printf("Doing crypt %ld times\n",ce);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(ce); count++)
+		crypt("testing1","ef");
+	e=Time_F(STOP);
+	printf("%ld crypts in %.2f second\n",count,e);
+	e=((double)COUNT(ce))/e;
+
+	printf("set_key            per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+	printf("DES raw ecb bytes  per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+	printf("DES cbc bytes      per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+	printf("DES ede cbc bytes  per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d);
+	printf("crypt              per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e);
+	exit(0);
+#if defined(LINT) || defined(MSDOS)
+	return(0);
+#endif
+	}
diff --git a/crypto/libdes/spr.h b/crypto/libdes/spr.h
new file mode 100644
index 0000000..0200b5e
--- /dev/null
+++ b/crypto/libdes/spr.h
@@ -0,0 +1,206 @@
+/* crypto/des/spr.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+const DES_LONG des_SPtrans[8][64]={
+{
+/* nibble 0 */
+0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
+0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
+0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
+0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
+0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
+0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
+0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
+0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
+0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
+0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
+0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
+0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
+0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
+0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
+0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
+0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
+},{
+/* nibble 1 */
+0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
+0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
+0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
+0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
+0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
+0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
+0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
+0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
+0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
+0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
+0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
+0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
+0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
+0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
+0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
+0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
+},{
+/* nibble 2 */
+0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
+0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
+0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
+0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
+0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
+0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
+0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
+0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
+0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
+0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
+0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
+0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
+0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
+0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
+0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
+0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
+},{
+/* nibble 3 */
+0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
+0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
+0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
+0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
+0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
+0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
+0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
+0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
+0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
+0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
+0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
+0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
+0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
+0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
+0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
+0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
+},{
+/* nibble 4 */
+0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
+0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
+0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
+0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
+0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
+0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
+0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
+0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
+0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
+0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
+0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
+0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
+0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
+0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
+0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
+0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
+},{
+/* nibble 5 */
+0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
+0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
+0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
+0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
+0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
+0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
+0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
+0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
+0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
+0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
+0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
+0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
+0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
+0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
+0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
+0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
+},{
+/* nibble 6 */
+0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
+0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
+0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
+0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
+0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
+0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
+0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
+0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
+0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
+0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
+0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
+0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
+0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
+0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
+0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
+0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
+},{
+/* nibble 7 */
+0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
+0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
+0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
+0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
+0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
+0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
+0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
+0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
+0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
+0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
+0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
+0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
+0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
+0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
+0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
+0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
+}};
diff --git a/crypto/libdes/str2key.c b/crypto/libdes/str2key.c
new file mode 100644
index 0000000..afdf59a
--- /dev/null
+++ b/crypto/libdes/str2key.c
@@ -0,0 +1,165 @@
+/* crypto/des/str2key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+#include "des_locl.h"
+
+extern int des_check_key;
+
+void des_string_to_key(const char *str, des_cblock *key)
+	{
+	des_key_schedule ks;
+	int i,length;
+	register unsigned char j;
+
+	memset(key,0,8);
+	length=strlen(str);
+#ifdef OLD_STR_TO_KEY
+	for (i=0; i<length; i++)
+		(*key)[i%8]^=(str[i]<<1);
+#else /* MIT COMPATIBLE */
+	for (i=0; i<length; i++)
+		{
+		j=str[i];
+		if ((i%16) < 8)
+			(*key)[i%8]^=(j<<1);
+		else
+			{
+			/* Reverse the bit order 05/05/92 eay */
+			j=((j<<4)&0xf0)|((j>>4)&0x0f);
+			j=((j<<2)&0xcc)|((j>>2)&0x33);
+			j=((j<<1)&0xaa)|((j>>1)&0x55);
+			(*key)[7-(i%8)]^=j;
+			}
+		}
+#endif
+	des_set_odd_parity(key);
+	i=des_check_key;
+	des_check_key=0;
+	des_set_key(key,ks);
+	des_check_key=i;
+	des_cbc_cksum((unsigned char*)str,key,length,ks,key);
+	memset(ks,0,sizeof(ks));
+	des_set_odd_parity(key);
+	}
+
+void des_string_to_2keys(const char *str, des_cblock *key1, des_cblock *key2)
+	{
+	des_key_schedule ks;
+	int i,length;
+	register unsigned char j;
+
+	memset(key1,0,8);
+	memset(key2,0,8);
+	length=strlen(str);
+#ifdef OLD_STR_TO_KEY
+	if (length <= 8)
+		{
+		for (i=0; i<length; i++)
+			{
+			(*key2)[i]=(*key1)[i]=(str[i]<<1);
+			}
+		}
+	else
+		{
+		for (i=0; i<length; i++)
+			{
+			if ((i/8)&1)
+				(*key2)[i%8]^=(str[i]<<1);
+			else
+				(*key1)[i%8]^=(str[i]<<1);
+			}
+		}
+#else /* MIT COMPATIBLE */
+	for (i=0; i<length; i++)
+		{
+		j=str[i];
+		if ((i%32) < 16)
+			{
+			if ((i%16) < 8)
+				(*key1)[i%8]^=(j<<1);
+			else
+				(*key2)[i%8]^=(j<<1);
+			}
+		else
+			{
+			j=((j<<4)&0xf0)|((j>>4)&0x0f);
+			j=((j<<2)&0xcc)|((j>>2)&0x33);
+			j=((j<<1)&0xaa)|((j>>1)&0x55);
+			if ((i%16) < 8)
+				(*key1)[7-(i%8)]^=j;
+			else
+				(*key2)[7-(i%8)]^=j;
+			}
+		}
+	if (length <= 8) memcpy(key2,key1,8);
+#endif
+	des_set_odd_parity(key1);
+	des_set_odd_parity(key2);
+	i=des_check_key;
+	des_check_key=0;
+	des_set_key(key1,ks);
+	des_cbc_cksum((unsigned char*)str,key1,length,ks,key1);
+	des_set_key(key2,ks);
+	des_cbc_cksum((unsigned char*)str,key2,length,ks,key2);
+	des_check_key=i;
+	memset(ks,0,sizeof(ks));
+	des_set_odd_parity(key1);
+	des_set_odd_parity(key2);
+	}
diff --git a/crypto/libdes/supp.c b/crypto/libdes/supp.c
new file mode 100644
index 0000000..e51b36c
--- /dev/null
+++ b/crypto/libdes/supp.c
@@ -0,0 +1,107 @@
+/* crypto/des/supp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * Copyright (c) 1995
+ *	Mark Murray.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by Mark Murray
+ * 4. Neither the name of the author nor the names of any co-contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: supp.c,v 1.5 1999/05/16 12:25:45 bodo Exp $
+ */
+
+#include <stdio.h>
+#include "des_locl.h"
+
+void des_cblock_print_file(const_des_cblock *cb, FILE *fp)
+{
+	int i;
+	const unsigned int *p = (const unsigned int *)cb;
+
+	fprintf(fp, " 0x { ");
+	for (i = 0; i < 8; i++) {
+		fprintf(fp, "%x", p[i]);
+		if (i != 7) fprintf(fp, ", ");
+	}
+	fprintf(fp, " }");
+}
diff --git a/crypto/libdes/t/test b/crypto/libdes/t/test
new file mode 100644
index 0000000..97acd05
--- /dev/null
+++ b/crypto/libdes/t/test
@@ -0,0 +1,27 @@
+#!./perl
+
+BEGIN { push(@INC, qw(../../../lib ../../lib ../lib lib)); }
+
+use DES;
+
+$key='00000000';
+$ks=DES::set_key($key);
+@a=split(//,$ks);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+
+
+$key=DES::random_key();
+print "($_)\n";
+@a=split(//,$key);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+$str="this is and again into the breach";
+($k1,$k2)=DES::string_to_2keys($str);
+@a=split(//,$k1);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+@a=split(//,$k2);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+
diff --git a/crypto/libdes/testdes.pl b/crypto/libdes/testdes.pl
new file mode 100755
index 0000000..01a165a
--- /dev/null
+++ b/crypto/libdes/testdes.pl
@@ -0,0 +1,167 @@
+#!/usr/local/bin/perl
+
+# des.pl tesing code
+
+require 'des.pl';
+
+$num_tests=34;
+@key_data=(
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
+	0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57,
+	0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E,
+	0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86,
+	0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
+	0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
+	0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE,
+	0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6,
+	0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE,
+	0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16,
+	0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F,
+	0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46,
+	0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E,
+	0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76,
+	0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07,
+	0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F,
+	0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7,
+	0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF,
+	0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6,
+	0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF,
+	0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+	0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E,
+	0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
+	);
+
+@plain_data=(
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42,
+	0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA,
+	0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72,
+	0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A,
+	0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2,
+	0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A,
+	0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2,
+	0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A,
+	0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02,
+	0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A,
+	0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32,
+	0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA,
+	0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62,
+	0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2,
+	0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA,
+	0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92,
+	0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A,
+	0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2,
+	0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF);
+
+@cipher_data=(
+	0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7,
+	0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58,
+	0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B,
+	0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33,
+	0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D,
+	0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD,
+	0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7,
+	0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4,
+	0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B,
+	0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71,
+	0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A,
+	0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A,
+	0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95,
+	0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B,
+	0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09,
+	0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A,
+	0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F,
+	0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88,
+	0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77,
+	0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A,
+	0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56,
+	0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56,
+	0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56,
+	0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC,
+	0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A,
+	0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41,
+	0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93,
+	0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00,
+	0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06,
+	0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7,
+	0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51,
+	0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE,
+	0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D,
+	0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2);
+
+print "Doing ecb tests\n";
+for ($i=0; $i<$num_tests; $i++)
+	{
+	printf "Doing test $i\n";
+	$key =pack("C8",splice(@key_data   ,0,8));
+	$data=pack("C8",splice(@plain_data ,0,8));
+	$res =pack("C8",splice(@cipher_data,0,8));
+
+	@ks=  &des_set_key($key);
+	$out1= &des_ecb_encrypt(*ks,1,$data);
+	$out2= &des_ecb_encrypt(*ks,0,$out1);
+	$out3= &des_ecb_encrypt(*ks,0,$res);
+	&eprint("encryption failure",$res,$out1)
+		if ($out1 ne $res);
+	&eprint("encryption/decryption failure",$data,$out2)
+		if ($out2 ne $data);
+	&eprint("decryption failure",$data,$out3)
+		if ($data ne $out3);
+	}
+print "Done\n";
+
+print "doing speed test over 30 seconds\n";
+$SIG{'ALRM'}='done';
+sub done {$done=1;}
+$done=0;
+
+$count=0;
+$d=pack("C8",0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef);
+@ks=  &des_set_key($d);
+alarm(30);
+$start=(times)[0];
+while (!$done)
+	{
+	$count++;
+	$d=&des_ecb_encrypt(*ks,1,$d);
+	}
+$end=(times)[0];
+$t=$end-$start;
+printf "$count DESs in %.2f seconds is %.2f DESs/sec or %.2f bytes/sec\n",
+	1.0*$t,1.0*$count/$t,$count*8.0/$t;
+
+sub eprint
+	{
+	local($s,$c,$e)=@_;
+	local(@k);
+
+	@k=unpack("C8",$c);
+	printf "%02x%02x%02x%02x %02x%02x%02x%02x - ",unpack("C8",$c);
+	printf "%02x%02x%02x%02x %02x%02x%02x%02x :",unpack("C8",$e);
+	print " $s\n";
+	}
diff --git a/crypto/libdes/times b/crypto/libdes/times
new file mode 100644
index 0000000..f5080ef
--- /dev/null
+++ b/crypto/libdes/times
@@ -0,0 +1,216 @@
+existing library on a DEC 3000/500
+set_key            per sec =    256294.06 (  3.9uS)
+DES ecb bytes      per sec =   3553694.40 (  2.3uS)
+DES cbc bytes      per sec =   3661004.80 (  2.2uS)
+DES ede cbc bytes  per sec =   1353115.99 (  5.9uS)
+crypt              per sec =     16829.40 ( 59.4uS)
+
+Intel P6/200 (NEXTSTEP) - cc -O3 (cc: gcc 2.5.8)
+set_key            per sec =    219220.82 (  4.6uS)
+DES ecb bytes      per sec =   2438014.04 (  3.3uS)
+DES cbc bytes      per sec =   2467648.85 (  3.2uS)
+DES ede cbc bytes  per sec =    942121.58 (  8.5uS)
+crypt              per sec =     11398.73 ( 87.7uS)
+
+# DECstation Alpha 3000 Model 700 AXP / OSF1 V3.0
+# gcc 2.6.3 / Young libdes 3.21
+set_key            per sec =    149369.74 (  6.7uS)
+DES ecb bytes      per sec =   2011976.68 (  4.0uS)
+DES cbc bytes      per sec =   2002245.35 (  4.0uS)
+DES ede cbc bytes  per sec =    793677.19 ( 10.1uS)
+crypt              per sec =      9244.52 (108.2uS)
+
+# Sun Ultra I gcc 2.7.2 / Young libdes 3.21
+set_key            per sec =    147172.22 (  6.8uS)
+DES ecb bytes      per sec =   1815054.70 (  4.4uS)
+DES cbc bytes      per sec =   1829405.18 (  4.4uS)
+DES ede cbc bytes  per sec =    714490.23 ( 11.2uS)
+crypt              per sec =      8896.24 (112.4uS)
+
+SGI Challenge (MIPS R4400 200mhz) - gcc -O2
+set_key       per sec =    114141.13 (  8.8uS)
+DES ecb bytes per sec =   1573472.84 (  5.1uS)
+DES cbc bytes per sec =   1580418.20 (  5.1uS)
+crypt         per sec =      7137.84 (140.1uS)
+
+DEC Alpha DEC  4000/710 AXP OSF/1 v 3.0 - gcc -O2 2.6.1
+set_key       per sec =    123138.49 (  8.1uS)
+DES ecb bytes per sec =   1407546.76 (  5.7uS)
+DES cbc bytes per sec =   1404103.21 (  5.7uS)
+crypt         per sec =      7746.76 (129.1uS)
+
+DEC Alpha DEC  4000/710 AXP OSF/1 v 3.0 - cc -O4 'DEC Compiler Driver 3.11'
+set_key       per sec =    135160.83 (  7.4uS)
+DES ecb bytes per sec =   1267753.22 (  6.3uS)
+DES cbc bytes per sec =   1260564.90 (  6.3uS)
+crypt         per sec =      6479.37 (154.3uS)
+
+SGI Challenge (MIPS R4400 200mhz) - cc -O2
+set_key       per sec =    124000.10 (  8.1uS)
+DES ecb bytes per sec =   1338138.45 (  6.0uS)
+DES cbc bytes per sec =   1356515.84 (  5.9uS)
+crypt         per sec =      6223.92 (160.7uS)
+
+Intel P5/133 (NEXTSTEP) - cc -O3 (cc: gcc 2.5.8)
+set_key            per sec =     81923.10 ( 12.2uS)
+DES ecb bytes      per sec =   1104711.61 (  7.2uS)
+DES cbc bytes      per sec =   1091536.05 (  7.3uS)
+DES ede cbc bytes  per sec =    410502.62 ( 19.5uS)
+crypt              per sec =      4849.60 (206.2uS)
+
+Sun SPARC 20 (NEXTSTEP) - cc -O3 (cc: gcc 2.5.8)
+set_key            per sec =     60973.05 ( 16.4uS)
+DES ecb bytes      per sec =    806032.15 (  9.9uS)
+DES cbc bytes      per sec =    801534.95 ( 10.0uS)
+DES ede cbc bytes  per sec =    298799.73 ( 26.8uS)
+crypt              per sec =      3678.42 (271.9uS)
+
+SGI Indy (MIPS R4600 133mhz) -cc -O2
+set_key       per sec =     88470.54 ( 11.3uS)
+DES ecb bytes per sec =   1023040.33 (  7.8uS)
+DES cbc bytes per sec =   1033610.01 (  7.7uS)
+crypt         per sec =      4641.51 (215.4uS)
+
+HP-UX 9000/887 cc +O3
+set_key       per sec =     76824.30 ( 13.0uS)
+DES ecb bytes per sec =   1048911.20 (  7.6uS)
+DES cbc bytes per sec =   1072332.80 (  7.5uS)
+crypt         per sec =      4968.64 (201.3uS)
+
+IRIX 5.2 IP22 (R4000) cc -O2 (galilo)
+set_key       per sec =     60615.73 ( 16.5uS)
+DES ecb bytes per sec =    584741.32 ( 13.7uS)
+DES cbc bytes per sec =    584306.94 ( 13.7uS)
+crypt         per sec =      3049.33 (327.9uS)
+
+HP-UX 9000/867 cc -O
+set_key       per sec =     48600.00 ( 20.6uS)
+DES ecb bytes per sec =    616235.14 ( 13.0uS)
+DES cbc bytes per sec =    638669.44 ( 12.5uS)
+crypt         per sec =      3016.68 (331.5uS)
+
+HP-UX 9000/867 gcc -O2
+set_key       per sec =     52120.50 ( 19.2uS)
+DES ecb bytes per sec =    715156.55 ( 11.2uS)
+DES cbc bytes per sec =    724424.28 ( 11.0uS)
+crypt         per sec =      3295.87 (303.4uS)
+
+DGUX AViiON mc88110 gcc -O2
+set_key       per sec =     55604.91 ( 18.0uS)
+DES ecb bytes per sec =    658513.25 ( 12.1uS)
+DES cbc bytes per sec =    675552.71 ( 11.8uS)
+crypt         per sec =      3438.10 (290.9uS)
+
+Sparc 10 cc -O2 (orb)
+set_key       per sec =     53002.30 ( 18.9uS)
+DES ecb bytes per sec =    705250.40 ( 11.3uS)
+DES cbc bytes per sec =    714342.40 ( 11.2uS)
+crypt         per sec =      2943.99 (339.7uS)
+
+Sparc 10 gcc -O2 (orb)
+set_key       per sec =     58681.21 ( 17.0uS)
+DES ecb bytes per sec =    772390.20 ( 10.4uS)
+DES cbc bytes per sec =    774144.00 ( 10.3uS)
+crypt         per sec =      3606.90 (277.2uS)
+
+DEC Alpha DEC  4000/610 AXP OSF/1 v 1.3 - gcc v 2.3.3
+set_key       per sec =    101840.19 (  9.8uS)
+DES ecb bytes per sec =   1223712.35 (  6.5uS)
+DES cbc bytes per sec =   1230542.98 (  6.5uS)
+crypt         per sec =      6428.75 (155.6uS)
+
+DEC Alpha DEC 4000/610 APX OSF/1 v 1.3 - cc -O2 - OSF/1 AXP
+set_key       per sec =    114198.91 (  8.8uS)
+DES ecb bytes per sec =   1022710.93 (  7.8uS)
+DES cbc bytes per sec =   1008821.93 (  7.9uS)
+crypt         per sec =      5454.13 (183.3uS)
+
+DEC Alpha - DEC 3000/500 AXP OSF/1 - cc -O2 - 02/12/92
+set_key       per sec =     83587.04 ( 12.0uS)
+DES ecb bytes per sec =    822620.82 (  9.7uS)
+DES cbc bytes per sec =    832929.60 (  9.6uS)
+crypt         per sec =      4807.62 (208.0uS)
+
+sun sparc 10/30 - gcc -O2
+set_key       per sec =     42005.24 ( 23.8uS)
+DES ecb bytes per sec =    555949.47 ( 14.4uS)
+DES cbc bytes per sec =    549440.28 ( 14.6uS)
+crypt         per sec =      2580.25 (387.6uS)
+
+PA-RISC 1.1 HP 710
+set_key       per sec =     38916.86
+DES ecb bytes per sec =    505971.82
+DES cbc bytes per sec =    515381.13
+crypt         per sec =      2438.24
+
+iris (spike) cc -O2
+set_key       per sec =     23128.83 ( 43.2uS)
+DES ecb bytes per sec =    261577.94 ( 30.6uS)
+DES cbc bytes per sec =    261746.41 ( 30.6uS)
+crypt         per sec =      1231.76 (811.8uS)
+
+sun sparc 10/30 - cc -O4
+set_key       per sec =     38379.86 ( 26.1uS)
+DES ecb bytes per sec =    460051.34 ( 17.4uS)
+DES cbc bytes per sec =    464970.54 ( 17.2uS)
+crypt         per sec =      2092.64 (477.9uS)
+
+sun sparc 2 - gcc2 -O2
+set_key       per sec =     21559.10
+DES ecb bytes per sec =    305566.92
+DES cbc bytes per sec =    303497.50
+crypt         per sec =      1410.48
+
+RS/6000 model 320
+set_key       per sec =     14371.93
+DES ecb bytes per sec =    222231.26
+DES cbc bytes per sec =    223926.79
+crypt         per sec =       981.20
+
+80486dx/66MHz Solaris 2.1 - gcc -O2 (gcc 2.6.3)
+set_key       per sec =     26814.15 ( 37.3uS)
+DES ecb bytes per sec =    345029.95 ( 23.2uS)
+DES cbc bytes per sec =    344064.00 ( 23.3uS)
+crypt         per sec =      1551.97 (644.3uS)
+
+80486dx/50MHz Solaris 2.1 - gcc -O2 (gcc 2.5.2)
+set_key       per sec =     18558.29 ( 53.9uS)
+DES ecb bytes per sec =    240873.90 ( 33.2uS)
+DES cbc bytes per sec =    239993.37 ( 33.3uS)
+crypt         per sec =      1073.67 (931.4uS)
+
+80486dx/50MHz Solaris 2.1 - cc -xO4 (cc: PC2.0.1 30 April 1993)
+set_key       per sec =     18302.79 ( 54.6uS)
+DES ecb bytes per sec =    242640.29 ( 33.0uS)
+DES cbc bytes per sec =    239568.89 ( 33.4uS)
+crypt         per sec =      1057.92 (945.2uS)
+
+68030 HP400
+set_key       per sec =      5251.28
+DES ecb bytes per sec =     56186.56
+DES cbc bytes per sec =     58681.53
+crypt         per sec =       276.15
+
+80486sx/33MHz MSDOS Turbo C v 2.0
+set_key       per sec =      1883.22 (531.0uS)
+DES ecb bytes per sec =     63393.31 (126.2uS)
+DES cbc bytes per sec =     63416.83 (126.1uS)
+crypt         per sec =       158.71 (6300.6uS)
+
+80486sx/33MHz MSDOS djgpp gcc 1.39 (32bit compiler)
+set_key       per sec =     12603.08 (79.3)
+DES ecb bytes per sec =    158875.15 (50.4)
+DES cbc bytes per sec =    159893.85 (50.0)
+crypt         per sec =       780.24 (1281.7)
+
+Version 1.99 26/08/92
+8MHz 68000 Atari-ST gcc 2.1 -O2 MiNT 0.94
+set_key       per sec =       325.68 (3070.5uS)
+DES ecb bytes per sec =      4173.67 (1916.8uS)
+DES cbc bytes per sec =      4249.89 (1882.4uS)
+crypt         per sec =        20.19 (49521.6uS)
+
+8088/4.77mh MSDOS Turbo C v 2.0
+set_key       per sec =        35.09
+DES ecb bytes per sec =       563.63
+crypt         per sec =         2.69
diff --git a/crypto/libdes/typemap b/crypto/libdes/typemap
new file mode 100644
index 0000000..a524f53
--- /dev/null
+++ b/crypto/libdes/typemap
@@ -0,0 +1,34 @@
+#
+# DES SECTION
+#
+deschar *	T_DESCHARP
+des_cblock *	T_CBLOCK
+des_cblock	T_CBLOCK
+des_key_schedule	T_SCHEDULE
+des_key_schedule *	T_SCHEDULE
+
+INPUT
+T_CBLOCK
+	$var=(des_cblock *)SvPV($arg,len);
+	if (len < DES_KEY_SZ)
+		{
+		croak(\"$var needs to be at least %u bytes long\",DES_KEY_SZ);
+		}
+
+T_SCHEDULE
+	$var=(des_key_schedule *)SvPV($arg,len);
+	if (len < DES_SCHEDULE_SZ)
+		{
+		croak(\"$var needs to be at least %u bytes long\",
+			DES_SCHEDULE_SZ);
+		}
+
+OUTPUT
+T_CBLOCK
+	sv_setpvn($arg,(char *)$var,DES_KEY_SZ);
+
+T_SCHEDULE
+	sv_setpvn($arg,(char *)$var,DES_SCHEDULE_SZ);
+
+T_DESCHARP
+	sv_setpvn($arg,(char *)$var,len);
diff --git a/crypto/libdes/version.h b/crypto/libdes/version.h
new file mode 100644
index 0000000..0088f42
--- /dev/null
+++ b/crypto/libdes/version.h
@@ -0,0 +1,50 @@
+/* lib/des/version.h */
+/* Copyright (C) 1995 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ * 
+ * This file is part of an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification.  This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.  If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    This product includes software developed by Eric Young (eay@cryptsoft.com)
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ * 
+ * $FreeBSD$
+ */
+
+extern char *DES_version;
diff --git a/crypto/libdes/vms.com b/crypto/libdes/vms.com
new file mode 100644
index 0000000..885ea8e
--- /dev/null
+++ b/crypto/libdes/vms.com
@@ -0,0 +1,90 @@
+$! --- VMS.com ---
+$!
+$ GoSub defines
+$ GoSub linker_options
+$ If (P1 .nes. "")
+$ Then 
+$   GoSub 'P1'
+$ Else
+$   GoSub lib
+$   GoSub destest
+$   GoSub rpw
+$   GoSub speed
+$   GoSub des
+$ EndIF
+$!
+$ Exit
+$!
+$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+$!
+$DEFINES:
+$ OPT_FILE := "VAX_LINKER_OPTIONS.OPT"
+$!
+$ CC_OPTS := "/NODebug/OPTimize/NOWarn"
+$!
+$ LINK_OPTS := "/NODebug/NOTraceback/Contiguous"
+$!
+$ OBJS  = "cbc_cksm.obj,cbc_enc.obj,ecb_enc.obj,pcbc_enc.obj," + -
+          "qud_cksm.obj,rand_key.obj,read_pwd.obj,set_key.obj,"      + -
+          "str2key.obj,enc_read.obj,enc_writ.obj,fcrypt.obj,"           + -
+	  "cfb_enc.obj,3ecb_enc.obj,ofb_enc.obj"
+	   
+	   
+$!
+$ LIBDES = "cbc_cksm.c,cbc_enc.c,ecb_enc.c,enc_read.c,"           + -
+           "enc_writ.c,pcbc_enc.c,qud_cksm.c,rand_key.c,"         + -
+           "read_pwd.c,set_key.c,str2key.c,fcrypt.c,"                + -
+	   "cfb_enc.c,3ecb_enc.c,ofb_enc.c"
+$ Return
+$!
+$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+$!
+$LINKER_OPTIONS:
+$ If (f$search(OPT_FILE) .eqs. "")
+$ Then
+$   Create 'OPT_FILE'
+$DECK
+! Default system options file to link against the sharable C runtime library
+!
+Sys$Share:VAXcRTL.exe/Share
+$EOD
+$ EndIF
+$ Return
+$!
+$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+$!
+$LIB:
+$ CC 'CC_OPTS' 'LIBDES'
+$ If (f$search("LIBDES.OLB") .nes. "")
+$ Then Library /Object /Replace libdes 'OBJS'
+$ Else Library /Create /Object  libdes 'OBJS'
+$ EndIF
+$ Return
+$!
+$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+$!
+$DESTEST:
+$ CC 'CC_OPTS' destest
+$ Link 'link_opts' /Exec=destest destest.obj,libdes/LIBRARY,'opt_file'/Option
+$ Return
+$!
+$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+$!
+$RPW:
+$ CC 'CC_OPTS' rpw
+$ Link 'link_opts' /Exec=rpw  rpw.obj,libdes/LIBRARY,'opt_file'/Option
+$ Return
+$!
+$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+$!
+$SPEED:
+$ CC 'CC_OPTS' speed
+$ Link 'link_opts' /Exec=speed speed.obj,libdes/LIBRARY,'opt_file'/Option
+$ Return
+$!
+$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+$!
+$DES:
+$ CC 'CC_OPTS' des
+$ Link 'link_opts' /Exec=des des.obj,libdes/LIBRARY,'opt_file'/Option
+$ Return
diff --git a/crypto/libdes/xcbc_enc.c b/crypto/libdes/xcbc_enc.c
new file mode 100644
index 0000000..51e17e6
--- /dev/null
+++ b/crypto/libdes/xcbc_enc.c
@@ -0,0 +1,194 @@
+/* crypto/des/xcbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* RSA's DESX */
+
+static unsigned char desx_white_in2out[256]={
+0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0,
+0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A,
+0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36,
+0x3E,0xEE,0xFB,0x95,0x1A,0xFE,0xCE,0xA8,0x34,0xA9,0x13,0xF0,0xA6,0x3F,0xD8,0x0C,
+0x78,0x24,0xAF,0x23,0x52,0xC1,0x67,0x17,0xF5,0x66,0x90,0xE7,0xE8,0x07,0xB8,0x60,
+0x48,0xE6,0x1E,0x53,0xF3,0x92,0xA4,0x72,0x8C,0x08,0x15,0x6E,0x86,0x00,0x84,0xFA,
+0xF4,0x7F,0x8A,0x42,0x19,0xF6,0xDB,0xCD,0x14,0x8D,0x50,0x12,0xBA,0x3C,0x06,0x4E,
+0xEC,0xB3,0x35,0x11,0xA1,0x88,0x8E,0x2B,0x94,0x99,0xB7,0x71,0x74,0xD3,0xE4,0xBF,
+0x3A,0xDE,0x96,0x0E,0xBC,0x0A,0xED,0x77,0xFC,0x37,0x6B,0x03,0x79,0x89,0x62,0xC6,
+0xD7,0xC0,0xD2,0x7C,0x6A,0x8B,0x22,0xA3,0x5B,0x05,0x5D,0x02,0x75,0xD5,0x61,0xE3,
+0x18,0x8F,0x55,0x51,0xAD,0x1F,0x0B,0x5E,0x85,0xE5,0xC2,0x57,0x63,0xCA,0x3D,0x6C,
+0xB4,0xC5,0xCC,0x70,0xB2,0x91,0x59,0x0D,0x47,0x20,0xC8,0x4F,0x58,0xE0,0x01,0xE2,
+0x16,0x38,0xC4,0x6F,0x3B,0x0F,0x65,0x46,0xBE,0x7E,0x2D,0x7B,0x82,0xF9,0x40,0xB5,
+0x1D,0x73,0xF8,0xEB,0x26,0xC7,0x87,0x97,0x25,0x54,0xB1,0x28,0xAA,0x98,0x9D,0xA5,
+0x64,0x6D,0x7A,0xD4,0x10,0x81,0x44,0xEF,0x49,0xD6,0xAE,0x2E,0xDD,0x76,0x5C,0x2F,
+0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB,
+	};
+
+void des_xwhite_in2out(const_des_cblock *des_key, const_des_cblock *in_white,
+	     des_cblock *out_white)
+	{
+	int out0,out1;
+	int i;
+	const unsigned char *key = &(*des_key)[0];
+	const unsigned char *in = &(*in_white)[0];
+	unsigned char *out = &(*out_white)[0];
+
+	out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0;
+	out0=out1=0;
+	for (i=0; i<8; i++)
+		{
+		out[i]=key[i]^desx_white_in2out[out0^out1];
+		out0=out1;
+		out1=(int)out[i&0x07];
+		}
+
+	out0=out[0];
+	out1=out[i];
+	for (i=0; i<8; i++)
+		{
+		out[i]=in[i]^desx_white_in2out[out0^out1];
+		out0=out1;
+		out1=(int)out[i&0x07];
+		}
+	}
+
+void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
+	    long length, des_key_schedule schedule, des_cblock *ivec,
+	    const_des_cblock *inw, const_des_cblock *outw, int enc)
+	{
+	register DES_LONG tin0,tin1;
+	register DES_LONG tout0,tout1,xor0,xor1;
+	register DES_LONG inW0,inW1,outW0,outW1;
+	register const unsigned char *in2;
+	register long l=length;
+	DES_LONG tin[2];
+	unsigned char *iv;
+
+	in2 = &(*inw)[0];
+	c2l(in2,inW0);
+	c2l(in2,inW1);
+	in2 = &(*outw)[0];
+	c2l(in2,outW0);
+	c2l(in2,outW1);
+
+	iv = &(*ivec)[0];
+
+	if (enc)
+		{
+		c2l(iv,tout0);
+		c2l(iv,tout1);
+		for (l-=8; l>=0; l-=8)
+			{
+			c2l(in,tin0);
+			c2l(in,tin1);
+			tin0^=tout0^inW0; tin[0]=tin0;
+			tin1^=tout1^inW1; tin[1]=tin1;
+			des_encrypt(tin,schedule,DES_ENCRYPT);
+			tout0=tin[0]^outW0; l2c(tout0,out);
+			tout1=tin[1]^outW1; l2c(tout1,out);
+			}
+		if (l != -8)
+			{
+			c2ln(in,tin0,tin1,l+8);
+			tin0^=tout0^inW0; tin[0]=tin0;
+			tin1^=tout1^inW1; tin[1]=tin1;
+			des_encrypt(tin,schedule,DES_ENCRYPT);
+			tout0=tin[0]^outW0; l2c(tout0,out);
+			tout1=tin[1]^outW1; l2c(tout1,out);
+			}
+		iv = &(*ivec)[0];
+		l2c(tout0,iv);
+		l2c(tout1,iv);
+		}
+	else
+		{
+		c2l(iv,xor0);
+		c2l(iv,xor1);
+		for (l-=8; l>0; l-=8)
+			{
+			c2l(in,tin0); tin[0]=tin0^outW0;
+			c2l(in,tin1); tin[1]=tin1^outW1;
+			des_encrypt(tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0^inW0;
+			tout1=tin[1]^xor1^inW1;
+			l2c(tout0,out);
+			l2c(tout1,out);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		if (l != -8)
+			{
+			c2l(in,tin0); tin[0]=tin0^outW0;
+			c2l(in,tin1); tin[1]=tin1^outW1;
+			des_encrypt(tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0^inW0;
+			tout1=tin[1]^xor1^inW1;
+			l2cn(tout0,tout1,out,l+8);
+			xor0=tin0;
+			xor1=tin1;
+			}
+
+		iv = &(*ivec)[0];
+		l2c(xor0,iv);
+		l2c(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	inW0=inW1=outW0=outW1=0;
+	tin[0]=tin[1]=0;
+	}
+
diff --git a/crypto/openssh/pam_ssh/pam_ssh.c b/crypto/openssh/pam_ssh/pam_ssh.c
new file mode 100644
index 0000000..9392b9e
--- /dev/null
+++ b/crypto/openssh/pam_ssh/pam_ssh.c
@@ -0,0 +1,489 @@
+/*-
+ * Copyright (c) 1999 Andrew J. Korty
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ *
+ */
+
+
+#include <sys/param.h>
+#include <sys/queue.h>
+
+#include <fcntl.h>
+#include <paths.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define	PAM_SM_AUTH
+#define	PAM_SM_SESSION
+#include <security/pam_modules.h>
+#include <security/pam_mod_misc.h>
+
+#include "includes.h"
+#include "rsa.h"
+#include "ssh.h"
+#include "authfd.h"
+
+#define	MODULE_NAME	"pam_ssh"
+#define	NEED_PASSPHRASE	"Need passphrase for %s (%s).\nEnter passphrase: "
+#define	PATH_SSH_AGENT	"__PREFIX__/bin/ssh-agent"
+
+
+void
+rsa_cleanup(pam_handle_t *pamh, void *data, int error_status)
+{
+	if (data)
+		RSA_free(data);
+}
+
+
+void
+ssh_cleanup(pam_handle_t *pamh, void *data, int error_status)
+{
+	if (data)
+		free(data);
+}
+
+
+/*
+ * The following set of functions allow the module to manipulate the
+ * environment without calling the putenv() or setenv() stdlib functions.
+ * At least one version of these functions, on the first call, copies
+ * the environment into dynamically-allocated memory and then augments
+ * it.  On subsequent calls, the realloc() call is used to grow the
+ * previously allocated buffer.  Problems arise when the "environ"
+ * variable is changed to point to static memory after putenv()/setenv()
+ * have been called.
+ * 
+ * We don't use putenv() or setenv() in case the application subsequently
+ * manipulates environ, (e.g., to clear the environment by pointing
+ * environ at an array of one element equal to NULL).
+ */
+
+SLIST_HEAD(env_head, env_entry);
+
+struct env_entry {
+	char			*ee_env;
+	SLIST_ENTRY(env_entry)	 ee_entries;
+};
+
+typedef struct env {
+	char		**e_environ_orig;
+	char		**e_environ_new;
+	int		  e_count;
+	struct env_head	  e_head;
+	int		  e_committed;
+} ENV;
+
+extern char **environ;
+
+
+static ENV *
+env_new(void)
+{
+	ENV	*self;
+
+	if (!(self = malloc(sizeof (ENV)))) {
+		syslog(LOG_CRIT, "%m");
+		return NULL;
+	}
+	SLIST_INIT(&self->e_head);
+	self->e_count = 0;
+	self->e_committed = 0;
+	return self;
+}
+
+
+static int
+env_put(ENV *self, char *s)
+{
+	struct env_entry	*env;
+
+	if (!(env = malloc(sizeof (struct env_entry))) ||
+	    !(env->ee_env = strdup(s))) {
+		syslog(LOG_CRIT, "%m");
+		return PAM_SERVICE_ERR;
+	}
+	SLIST_INSERT_HEAD(&self->e_head, env, ee_entries);
+	++self->e_count;
+	return PAM_SUCCESS;
+}
+
+
+static void
+env_swap(ENV *self, int which)
+{
+	environ = which ? self->e_environ_new : self->e_environ_orig;
+}
+
+
+static int
+env_commit(ENV *self)
+{
+	int			  n;
+	struct env_entry	 *p;
+	char 			**v;
+
+	for (v = environ, n = 0; v && *v; v++, n++)
+		;
+	if (!(v = malloc((n + self->e_count + 1) * sizeof (char *)))) {
+		syslog(LOG_CRIT, "%m");
+		return PAM_SERVICE_ERR;
+	}
+	self->e_committed = 1;
+	(void)memcpy(v, environ, n * sizeof (char *));
+	SLIST_FOREACH(p, &self->e_head, ee_entries)
+		v[n++] = p->ee_env;
+	v[n] = NULL;
+	self->e_environ_orig = environ;
+	self->e_environ_new = v;
+	env_swap(self, 1);
+	return PAM_SUCCESS;
+}
+
+
+static void
+env_destroy(ENV *self)
+{
+	struct env_entry	 *p;
+
+	env_swap(self, 0);
+	SLIST_FOREACH(p, &self->e_head, ee_entries) {
+		free(p->ee_env);
+		free(p);
+	}
+	if (self->e_committed)
+		free(self->e_environ_new);
+	free(self);
+}
+
+
+void
+env_cleanup(pam_handle_t *pamh, void *data, int error_status)
+{
+	if (data)
+		env_destroy(data);
+}
+
+
+typedef struct passwd PASSWD;
+
+PAM_EXTERN int
+pam_sm_authenticate(
+	pam_handle_t	 *pamh,
+	int		  flags,
+	int		  argc,
+	const char	**argv)
+{
+	char		*comment_priv;		/* on private key */
+	char		*comment_pub;		/* on public key */
+	char		*identity;		/* user's identity file */
+	RSA		*key;			/* user's private key */
+	int		 options;		/* module options */
+	const char	*pass;			/* passphrase */
+	char		*prompt;		/* passphrase prompt */
+	RSA		*public_key;		/* user's public key */
+	const PASSWD	*pwent;			/* user's passwd entry */
+	PASSWD		*pwent_keep;		/* our own copy */
+	int		 retval;		/* from calls */
+	uid_t		 saved_uid;		/* caller's uid */
+	const char	*user;			/* username */
+
+	options = 0;
+	while (argc--)
+		pam_std_option(&options, *argv++);
+	if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
+		return retval;
+	if (!((pwent = getpwnam(user)) && pwent->pw_dir)) {
+		/* delay? */
+		return PAM_AUTH_ERR;
+	}
+	/* locate the user's private key file */
+	if (!asprintf(&identity, "%s/%s", pwent->pw_dir,
+	    SSH_CLIENT_IDENTITY)) {
+		syslog(LOG_CRIT, "%s: %m", MODULE_NAME);
+		return PAM_SERVICE_ERR;
+	}
+	/*
+	 * Fail unless we can load the public key.  Change to the
+	 * owner's UID to appease load_public_key().
+	 */
+	key = RSA_new();
+	public_key = RSA_new();
+	saved_uid = getuid();
+	(void)setreuid(pwent->pw_uid, saved_uid);
+	retval = load_public_key(identity, public_key, &comment_pub);
+	(void)setuid(saved_uid);
+	if (!retval) {
+		free(identity);
+		return PAM_AUTH_ERR;
+	}
+	RSA_free(public_key);
+	/* build the passphrase prompt */
+	retval = asprintf(&prompt, NEED_PASSPHRASE, identity, comment_pub);
+	free(comment_pub);
+	if (!retval) {
+		syslog(LOG_CRIT, "%s: %m", MODULE_NAME);
+		free(identity);
+		return PAM_SERVICE_ERR;
+	}
+	/* pass prompt message to application and receive passphrase */
+	retval = pam_get_pass(pamh, &pass, prompt, options);
+	free(prompt);
+	if (retval != PAM_SUCCESS) {
+		free(identity);
+		return retval;
+	}
+	/*
+	 * Try to decrypt the private key with the passphrase provided.
+	 * If success, the user is authenticated.
+	 */
+	(void)setreuid(pwent->pw_uid, saved_uid);
+	retval = load_private_key(identity, pass, key, &comment_priv);
+	free(identity);
+	(void)setuid(saved_uid);
+	if (!retval)
+		return PAM_AUTH_ERR;
+	/*
+	 * Save the key and comment to pass to ssh-agent in the session
+	 * phase.
+	 */
+	if ((retval = pam_set_data(pamh, "ssh_private_key", key,
+	    rsa_cleanup)) != PAM_SUCCESS) {
+		RSA_free(key);
+		free(comment_priv);
+		return retval;
+	}
+	if ((retval = pam_set_data(pamh, "ssh_key_comment", comment_priv,
+	    ssh_cleanup)) != PAM_SUCCESS) {
+		free(comment_priv);
+		return retval;
+	}
+	/*
+	 * Copy the passwd entry (in case successive calls are made)
+	 * and save it for the session phase.
+	 */
+	if (!(pwent_keep = malloc(sizeof *pwent))) {
+		syslog(LOG_CRIT, "%m");
+		return PAM_SERVICE_ERR;
+	}
+	(void)memcpy(pwent_keep, pwent, sizeof *pwent_keep);
+	if ((retval = pam_set_data(pamh, "ssh_passwd_entry", pwent_keep,
+	    ssh_cleanup)) != PAM_SUCCESS) {
+		free(pwent_keep);
+		return retval;
+	}
+	return PAM_SUCCESS;
+}
+
+
+PAM_EXTERN int
+pam_sm_setcred(
+	pam_handle_t	 *pamh,
+	int		  flags,
+	int		  argc,
+	const char	**argv)
+{
+	return PAM_SUCCESS;
+}
+
+
+typedef AuthenticationConnection AC;
+
+PAM_EXTERN int
+pam_sm_open_session(
+	pam_handle_t	 *pamh,
+	int		  flags,
+	int		  argc,
+	const char	**argv)
+{
+	AC		*ac;			/* to ssh-agent */
+	char		*comment;		/* on private key */
+	char		*env_end;		/* end of env */
+	char		*env_file;		/* to store env */
+	FILE		*env_fp;		/* env_file handle */
+	RSA		*key;			/* user's private key */
+	FILE		*pipe;			/* ssh-agent handle */
+	const PASSWD	*pwent;			/* user's passwd entry */
+	int		 retval;		/* from calls */
+	uid_t		 saved_uid;		/* caller's uid */
+	ENV		*ssh_env;		/* env handle */
+	const char	*tty;			/* tty or display name */
+	char		 hname[MAXHOSTNAMELEN];	/* local hostname */
+	char		 parse[BUFSIZ];		/* commands output */
+
+	/* dump output of ssh-agent in ~/.ssh */
+	if ((retval = pam_get_data(pamh, "ssh_passwd_entry",
+	    (const void **)&pwent)) != PAM_SUCCESS)
+		return retval;
+	/* use the tty or X display name in the filename */
+	if ((retval = pam_get_item(pamh, PAM_TTY, (const void **)&tty))
+	    != PAM_SUCCESS)
+		return retval;
+	if (*tty == ':' && gethostname(hname, sizeof hname) == 0) {
+		if (asprintf(&env_file, "%s/.ssh/agent-%s%s",
+		    pwent->pw_dir, hname, tty) == -1) {
+			syslog(LOG_CRIT, "%s: %m", MODULE_NAME);
+			return PAM_SERVICE_ERR;
+		}
+	} else if (asprintf(&env_file, "%s/.ssh/agent-%s", pwent->pw_dir,
+	    tty) == -1) {
+		syslog(LOG_CRIT, "%s: %m", MODULE_NAME);
+		return PAM_SERVICE_ERR;
+	}
+	/* save the filename so we can delete the file on session close */
+	if ((retval = pam_set_data(pamh, "ssh_agent_env", env_file,
+	    ssh_cleanup)) != PAM_SUCCESS) {
+		free(env_file);
+		return retval;
+	}
+	/* start the agent as the user */
+	saved_uid = geteuid();
+	(void)seteuid(pwent->pw_uid);
+	env_fp = fopen(env_file, "w");
+	pipe = popen(PATH_SSH_AGENT, "r");
+	(void)seteuid(saved_uid);
+	if (!pipe) {
+		syslog(LOG_ERR, "%s: %s: %m", MODULE_NAME, PATH_SSH_AGENT);
+		if (env_fp)
+			(void)fclose(env_fp);
+		return PAM_SESSION_ERR;
+	}
+	if (!(ssh_env = env_new()))
+		return PAM_SESSION_ERR;
+	if ((retval = pam_set_data(pamh, "ssh_env_handle", ssh_env,
+	    env_cleanup)) != PAM_SUCCESS)
+		return retval;
+	while (fgets(parse, sizeof parse, pipe)) {
+		if (env_fp)
+			(void)fputs(parse, env_fp);
+		/*
+		 * Save environment for application with pam_putenv()
+		 * but also with env_* functions for our own call to
+		 * ssh_get_authentication_connection().
+		 */
+		if (strchr(parse, '=') && (env_end = strchr(parse, ';'))) {
+			*env_end = '\0';
+			/* pass to the application ... */
+			if (!((retval = pam_putenv(pamh, parse)) ==
+			    PAM_SUCCESS)) {
+				(void)pclose(pipe);
+				if (env_fp)
+					(void)fclose(env_fp);
+				env_destroy(ssh_env);
+				return PAM_SERVICE_ERR;
+			}
+			env_put(ssh_env, parse);
+		}
+	}
+	if (env_fp)
+		(void)fclose(env_fp);
+	switch (retval = pclose(pipe)) {
+	case -1:
+		syslog(LOG_ERR, "%s: %s: %m", MODULE_NAME, PATH_SSH_AGENT);
+		env_destroy(ssh_env);
+		return PAM_SESSION_ERR;
+	case 0:
+		break;
+	case 127:
+		syslog(LOG_ERR, "%s: cannot execute %s", MODULE_NAME,
+		    PATH_SSH_AGENT);
+		env_destroy(ssh_env);
+		return PAM_SESSION_ERR;
+	default:
+		syslog(LOG_ERR, "%s: %s exited with status %d",
+		    MODULE_NAME, PATH_SSH_AGENT, WEXITSTATUS(retval));
+		env_destroy(ssh_env);
+		return PAM_SESSION_ERR;
+	}
+	/* connect to the agent and hand off the private key */
+	if ((retval = pam_get_data(pamh, "ssh_private_key",
+	    (const void **)&key)) != PAM_SUCCESS ||
+	    (retval = pam_get_data(pamh, "ssh_key_comment",
+	    (const void **)&comment)) != PAM_SUCCESS ||
+	    (retval = env_commit(ssh_env)) != PAM_SUCCESS) {
+		env_destroy(ssh_env);
+		return retval;
+	}
+	if (!(ac = ssh_get_authentication_connection())) {
+		syslog(LOG_ERR, "%s: could not connect to agent",
+		    MODULE_NAME);
+		env_destroy(ssh_env);
+		return PAM_SESSION_ERR;
+	}
+	retval = ssh_add_identity(ac, key, comment);
+	ssh_close_authentication_connection(ac);
+	env_swap(ssh_env, 0);
+	return retval ? PAM_SUCCESS : PAM_SESSION_ERR;
+}
+
+
+PAM_EXTERN int
+pam_sm_close_session(
+	pam_handle_t	 *pamh,
+	int		  flags,
+	int		  argc,
+	const char	**argv)
+{
+	const char	*env_file;	/* ssh-agent environment */
+	int	 	 retval;	/* from calls */
+	ENV		*ssh_env;	/* env handle */
+
+	if ((retval = pam_get_data(pamh, "ssh_env_handle",
+	    (const void **)&ssh_env)) != PAM_SUCCESS)
+		return retval;
+	env_swap(ssh_env, 1);
+	/* kill the agent */
+	retval = system(PATH_SSH_AGENT " -k");
+	env_destroy(ssh_env);
+	switch (retval) {
+	case -1:
+		syslog(LOG_ERR, "%s: %s -k: %m", MODULE_NAME,
+		    PATH_SSH_AGENT);
+		return PAM_SESSION_ERR;
+	case 0:
+		break;
+	case 127:
+		syslog(LOG_ERR, "%s: cannot execute %s -k", MODULE_NAME,
+		    PATH_SSH_AGENT);
+		return PAM_SESSION_ERR;
+	default:
+		syslog(LOG_ERR, "%s: %s -k exited with status %d",
+		    MODULE_NAME, PATH_SSH_AGENT, WEXITSTATUS(retval));
+		return PAM_SESSION_ERR;
+	}
+	/* retrieve environment filename, then remove the file */
+	if ((retval = pam_get_data(pamh, "ssh_agent_env",
+	    (const void **)&env_file)) != PAM_SUCCESS)
+		return retval;
+	(void)unlink(env_file);
+	return PAM_SUCCESS;
+}
+
+
+PAM_MODULE_ENTRY(MODULE_NAME);
diff --git a/crypto/openssl/crypto/idea/Makefile.ssl b/crypto/openssl/crypto/idea/Makefile.ssl
new file mode 100644
index 0000000..3bd3e53
--- /dev/null
+++ b/crypto/openssl/crypto/idea/Makefile.ssl
@@ -0,0 +1,90 @@
+#
+# SSLeay/crypto/idea/Makefile
+#
+
+DIR=	idea
+TOP=	../..
+CC=	cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ideatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= idea.h
+HEADER=	idea_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+i_cbc.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_cbc.o: idea_lcl.h
+i_cfb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_cfb64.o: idea_lcl.h
+i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_ecb.o: ../../include/openssl/opensslv.h idea_lcl.h
+i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_ofb64.o: idea_lcl.h
+i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_skey.o: idea_lcl.h
diff --git a/crypto/openssl/crypto/idea/Makefile.uni b/crypto/openssl/crypto/idea/Makefile.uni
new file mode 100644
index 0000000..c83339a
--- /dev/null
+++ b/crypto/openssl/crypto/idea/Makefile.uni
@@ -0,0 +1,73 @@
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+
+DIR=    cast
+TOP=    .
+CC=     gcc
+CFLAG=	-O3 -fomit-frame-pointer
+
+CPP=    $(CC) -E
+INCLUDES=
+INSTALLTOP=/usr/local/lib
+MAKE=           make
+MAKEDEPEND=     makedepend
+MAKEFILE=       Makefile.uni
+AR=             ar r
+RANLIB=         ranlib
+
+IDEA_ENC=i_cbc.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ideatest
+APPS=idea_spd
+
+LIB=libidea.a
+LIBSRC=i_skey.c i_ecb.c i_cbc.c i_cfb64.c i_ofb64.c
+LIBOBJ=i_skey.o i_ecb.o $(IDEA_ENC) i_cfb64.o i_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= idea.h
+HEADER= idea_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+all:    $(LIB) $(TEST) $(APPS)
+
+$(LIB):    $(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+
+test:	$(TEST)
+	./$(TEST)
+
+$(TEST): $(TEST).c $(LIB)
+	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+
+$(APPS): $(APPS).c $(LIB)
+	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+cc:
+	$(MAKE) CC="cc" CFLAG="-O" all
+
+gcc:
+	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/idea/i_cbc.c b/crypto/openssl/crypto/idea/i_cbc.c
new file mode 100644
index 0000000..891a465
--- /dev/null
+++ b/crypto/openssl/crypto/idea/i_cbc.c
@@ -0,0 +1,168 @@
+/* crypto/idea/i_cbc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+
+void idea_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+	     IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int encrypt)
+	{
+	register unsigned long tin0,tin1;
+	register unsigned long tout0,tout1,xor0,xor1;
+	register long l=length;
+	unsigned long tin[2];
+
+	if (encrypt)
+		{
+		n2l(iv,tout0);
+		n2l(iv,tout1);
+		iv-=8;
+		for (l-=8; l>=0; l-=8)
+			{
+			n2l(in,tin0);
+			n2l(in,tin1);
+			tin0^=tout0;
+			tin1^=tout1;
+			tin[0]=tin0;
+			tin[1]=tin1;
+			idea_encrypt(tin,ks);
+			tout0=tin[0]; l2n(tout0,out);
+			tout1=tin[1]; l2n(tout1,out);
+			}
+		if (l != -8)
+			{
+			n2ln(in,tin0,tin1,l+8);
+			tin0^=tout0;
+			tin1^=tout1;
+			tin[0]=tin0;
+			tin[1]=tin1;
+			idea_encrypt(tin,ks);
+			tout0=tin[0]; l2n(tout0,out);
+			tout1=tin[1]; l2n(tout1,out);
+			}
+		l2n(tout0,iv);
+		l2n(tout1,iv);
+		}
+	else
+		{
+		n2l(iv,xor0);
+		n2l(iv,xor1);
+		iv-=8;
+		for (l-=8; l>=0; l-=8)
+			{
+			n2l(in,tin0); tin[0]=tin0;
+			n2l(in,tin1); tin[1]=tin1;
+			idea_encrypt(tin,ks);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2n(tout0,out);
+			l2n(tout1,out);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		if (l != -8)
+			{
+			n2l(in,tin0); tin[0]=tin0;
+			n2l(in,tin1); tin[1]=tin1;
+			idea_encrypt(tin,ks);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2nn(tout0,tout1,out,l+8);
+			xor0=tin0;
+			xor1=tin1;
+			}
+		l2n(xor0,iv);
+		l2n(xor1,iv);
+		}
+	tin0=tin1=tout0=tout1=xor0=xor1=0;
+	tin[0]=tin[1]=0;
+	}
+
+void idea_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key)
+	{
+	register IDEA_INT *p;
+	register unsigned long x1,x2,x3,x4,t0,t1,ul;
+
+	x2=d[0];
+	x1=(x2>>16);
+	x4=d[1];
+	x3=(x4>>16);
+
+	p= &(key->data[0][0]);
+
+	E_IDEA(0);
+	E_IDEA(1);
+	E_IDEA(2);
+	E_IDEA(3);
+	E_IDEA(4);
+	E_IDEA(5);
+	E_IDEA(6);
+	E_IDEA(7);
+
+	x1&=0xffff;
+	idea_mul(x1,x1,*p,ul); p++;
+
+	t0= x3+ *(p++);
+	t1= x2+ *(p++);
+
+	x4&=0xffff;
+	idea_mul(x4,x4,*p,ul);
+
+	d[0]=(t0&0xffff)|((x1&0xffff)<<16);
+	d[1]=(x4&0xffff)|((t1&0xffff)<<16);
+	}
diff --git a/crypto/openssl/crypto/idea/i_cfb64.c b/crypto/openssl/crypto/idea/i_cfb64.c
new file mode 100644
index 0000000..dacf3f1
--- /dev/null
+++ b/crypto/openssl/crypto/idea/i_cfb64.c
@@ -0,0 +1,122 @@
+/* crypto/idea/i_cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void idea_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     IDEA_KEY_SCHEDULE *schedule, unsigned char *ivec, int *num,
+	     int encrypt)
+	{
+	register unsigned long v0,v1,t;
+	register int n= *num;
+	register long l=length;
+	unsigned long ti[2];
+	unsigned char *iv,c,cc;
+
+	iv=(unsigned char *)ivec;
+	if (encrypt)
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				n2l(iv,v0); ti[0]=v0;
+				n2l(iv,v1); ti[1]=v1;
+				idea_encrypt((unsigned long *)ti,schedule);
+				iv=(unsigned char *)ivec;
+				t=ti[0]; l2n(t,iv);
+				t=ti[1]; l2n(t,iv);
+				iv=(unsigned char *)ivec;
+				}
+			c= *(in++)^iv[n];
+			*(out++)=c;
+			iv[n]=c;
+			n=(n+1)&0x07;
+			}
+		}
+	else
+		{
+		while (l--)
+			{
+			if (n == 0)
+				{
+				n2l(iv,v0); ti[0]=v0;
+				n2l(iv,v1); ti[1]=v1;
+				idea_encrypt((unsigned long *)ti,schedule);
+				iv=(unsigned char *)ivec;
+				t=ti[0]; l2n(t,iv);
+				t=ti[1]; l2n(t,iv);
+				iv=(unsigned char *)ivec;
+				}
+			cc= *(in++);
+			c=iv[n];
+			iv[n]=cc;
+			*(out++)=c^cc;
+			n=(n+1)&0x07;
+			}
+		}
+	v0=v1=ti[0]=ti[1]=t=c=cc=0;
+	*num=n;
+	}
+
diff --git a/crypto/openssl/crypto/idea/i_ecb.c b/crypto/openssl/crypto/idea/i_ecb.c
new file mode 100644
index 0000000..93937d2
--- /dev/null
+++ b/crypto/openssl/crypto/idea/i_ecb.c
@@ -0,0 +1,85 @@
+/* crypto/idea/i_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+#include <openssl/opensslv.h>
+
+const char *IDEA_version="IDEA" OPENSSL_VERSION_PTEXT;
+
+const char *idea_options(void)
+	{
+	if (sizeof(short) != sizeof(IDEA_INT))
+		return("idea(int)");
+	else
+		return("idea(short)");
+	}
+
+void idea_ecb_encrypt(unsigned char *in, unsigned char *out,
+	     IDEA_KEY_SCHEDULE *ks)
+	{
+	unsigned long l0,l1,d[2];
+
+	n2l(in,l0); d[0]=l0;
+	n2l(in,l1); d[1]=l1;
+	idea_encrypt(d,ks);
+	l0=d[0]; l2n(l0,out);
+	l1=d[1]; l2n(l1,out);
+	l0=l1=d[0]=d[1]=0;
+	}
+
diff --git a/crypto/openssl/crypto/idea/i_ofb64.c b/crypto/openssl/crypto/idea/i_ofb64.c
new file mode 100644
index 0000000..afcbed2
--- /dev/null
+++ b/crypto/openssl/crypto/idea/i_ofb64.c
@@ -0,0 +1,110 @@
+/* crypto/idea/i_ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void idea_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     IDEA_KEY_SCHEDULE *schedule, unsigned char *ivec, int *num)
+	{
+	register unsigned long v0,v1,t;
+	register int n= *num;
+	register long l=length;
+	unsigned char d[8];
+	register char *dp;
+	unsigned long ti[2];
+	unsigned char *iv;
+	int save=0;
+
+	iv=(unsigned char *)ivec;
+	n2l(iv,v0);
+	n2l(iv,v1);
+	ti[0]=v0;
+	ti[1]=v1;
+	dp=(char *)d;
+	l2n(v0,dp);
+	l2n(v1,dp);
+	while (l--)
+		{
+		if (n == 0)
+			{
+			idea_encrypt((unsigned long *)ti,schedule);
+			dp=(char *)d;
+			t=ti[0]; l2n(t,dp);
+			t=ti[1]; l2n(t,dp);
+			save++;
+			}
+		*(out++)= *(in++)^d[n];
+		n=(n+1)&0x07;
+		}
+	if (save)
+		{
+		v0=ti[0];
+		v1=ti[1];
+		iv=(unsigned char *)ivec;
+		l2n(v0,iv);
+		l2n(v1,iv);
+		}
+	t=v0=v1=ti[0]=ti[1]=0;
+	*num=n;
+	}
+
diff --git a/crypto/openssl/crypto/idea/i_skey.c b/crypto/openssl/crypto/idea/i_skey.c
new file mode 100644
index 0000000..bbbda6b
--- /dev/null
+++ b/crypto/openssl/crypto/idea/i_skey.c
@@ -0,0 +1,156 @@
+/* crypto/idea/i_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+
+static IDEA_INT inverse(unsigned int xin);
+void idea_set_encrypt_key(unsigned char *key, IDEA_KEY_SCHEDULE *ks)
+	{
+	int i;
+	register IDEA_INT *kt,*kf,r0,r1,r2;
+
+	kt= &(ks->data[0][0]);
+	n2s(key,kt[0]); n2s(key,kt[1]); n2s(key,kt[2]); n2s(key,kt[3]);
+	n2s(key,kt[4]); n2s(key,kt[5]); n2s(key,kt[6]); n2s(key,kt[7]);
+
+	kf=kt;
+	kt+=8;
+	for (i=0; i<6; i++)
+		{
+		r2= kf[1];
+		r1= kf[2];
+		*(kt++)= ((r2<<9) | (r1>>7))&0xffff;
+		r0= kf[3];
+		*(kt++)= ((r1<<9) | (r0>>7))&0xffff;
+		r1= kf[4];
+		*(kt++)= ((r0<<9) | (r1>>7))&0xffff;
+		r0= kf[5];
+		*(kt++)= ((r1<<9) | (r0>>7))&0xffff;
+		r1= kf[6];
+		*(kt++)= ((r0<<9) | (r1>>7))&0xffff;
+		r0= kf[7];
+		*(kt++)= ((r1<<9) | (r0>>7))&0xffff;
+		r1= kf[0];
+		if (i >= 5) break;
+		*(kt++)= ((r0<<9) | (r1>>7))&0xffff;
+		*(kt++)= ((r1<<9) | (r2>>7))&0xffff;
+		kf+=8;
+		}
+	}
+
+void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk)
+	{
+	int r;
+	register IDEA_INT *fp,*tp,t;
+
+	tp= &(dk->data[0][0]);
+	fp= &(ek->data[8][0]);
+	for (r=0; r<9; r++)
+		{
+		*(tp++)=inverse(fp[0]);
+		*(tp++)=((int)(0x10000L-fp[2])&0xffff);
+		*(tp++)=((int)(0x10000L-fp[1])&0xffff);
+		*(tp++)=inverse(fp[3]);
+		if (r == 8) break;
+		fp-=6;
+		*(tp++)=fp[4];
+		*(tp++)=fp[5];
+		}
+
+	tp= &(dk->data[0][0]);
+	t=tp[1];
+	tp[1]=tp[2];
+	tp[2]=t;
+
+	t=tp[49];
+	tp[49]=tp[50];
+	tp[50]=t;
+	}
+
+/* taken directly from the 'paper' I'll have a look at it later */
+static IDEA_INT inverse(unsigned int xin)
+	{
+	long n1,n2,q,r,b1,b2,t;
+
+	if (xin == 0)
+		b2=0;
+	else
+		{
+		n1=0x10001;
+		n2=xin;
+		b2=1;
+		b1=0;
+
+		do	{
+			r=(n1%n2);
+			q=(n1-r)/n2;
+			if (r == 0)
+				{ if (b2 < 0) b2=0x10001+b2; }
+			else
+				{
+				n1=n2;
+				n2=r;
+				t=b2;
+				b2=b1-q*b2;
+				b1=t;
+				}
+			} while (r != 0);
+		}
+	return((IDEA_INT)b2);
+	}
diff --git a/crypto/openssl/crypto/idea/idea.h b/crypto/openssl/crypto/idea/idea.h
new file mode 100644
index 0000000..ae32f56
--- /dev/null
+++ b/crypto/openssl/crypto/idea/idea.h
@@ -0,0 +1,99 @@
+/* crypto/idea/idea.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_IDEA_H
+#define HEADER_IDEA_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef NO_IDEA
+#error IDEA is disabled.
+#endif
+
+#define IDEA_ENCRYPT	1
+#define IDEA_DECRYPT	0
+
+#include <openssl/opensslconf.h> /* IDEA_INT */
+#define IDEA_BLOCK	8
+#define IDEA_KEY_LENGTH	16
+
+typedef struct idea_key_st
+	{
+	IDEA_INT data[9][6];
+	} IDEA_KEY_SCHEDULE;
+
+const char *idea_options(void);
+void idea_ecb_encrypt(unsigned char *in, unsigned char *out,
+	IDEA_KEY_SCHEDULE *ks);
+void idea_set_encrypt_key(unsigned char *key, IDEA_KEY_SCHEDULE *ks);
+void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
+void idea_cbc_encrypt(unsigned char *in, unsigned char *out,
+	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);
+void idea_cfb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+	int *num,int enc);
+void idea_ofb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num);
+void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/crypto/openssl/crypto/idea/idea_lcl.h b/crypto/openssl/crypto/idea/idea_lcl.h
new file mode 100644
index 0000000..4cf256a
--- /dev/null
+++ b/crypto/openssl/crypto/idea/idea_lcl.h
@@ -0,0 +1,215 @@
+/* crypto/idea/idea_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* The new form of this macro (check if the a*b == 0) was sugested by 
+ * Colin Plumb <colin@nyx10.cs.du.edu> */
+/* Removal of the inner if from from Wei Dai 24/4/96 */
+#define idea_mul(r,a,b,ul) \
+ul=(unsigned long)a*b; \
+if (ul != 0) \
+	{ \
+	r=(ul&0xffff)-(ul>>16); \
+	r-=((r)>>16); \
+	} \
+else \
+	r=(-(int)a-b+1); /* assuming a or b is 0 and in range */ \
+
+#ifdef undef
+#define idea_mul(r,a,b,ul,sl) \
+if (a == 0) r=(0x10001-b)&0xffff; \
+else if (b == 0) r=(0x10001-a)&0xffff; \
+else	{ \
+	ul=(unsigned long)a*b; \
+	sl=(ul&0xffff)-(ul>>16); \
+	if (sl <= 0) sl+=0x10001; \
+	r=sl; \
+	} 
+#endif
+
+/*  7/12/95 - Many thanks to Rhys Weatherley <rweather@us.oracle.com>
+ * for pointing out that I was assuming little endian
+ * byte order for all quantities what idea
+ * actually used bigendian.  No where in the spec does it mention
+ * this, it is all in terms of 16 bit numbers and even the example
+ * does not use byte streams for the input example :-(.
+ * If you byte swap each pair of input, keys and iv, the functions
+ * would produce the output as the old version :-(.
+ */
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))    ; \
+			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+			case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+			case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+			case 4: l1 =((unsigned long)(*(--(c))))    ; \
+			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+			case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+			case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+				} \
+			}
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+				} \
+			}
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#undef s2n
+#define s2n(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff))
+
+#undef n2s
+#define n2s(c,l)	(l =((IDEA_INT)(*((c)++)))<< 8L, \
+			 l|=((IDEA_INT)(*((c)++)))      )
+
+#ifdef undef
+/* NOTE - c is not incremented as per c2l */
+#define c2ln(c,l1,l2,n)	{ \
+			c+=n; \
+			l1=l2=0; \
+			switch (n) { \
+			case 8: l2 =((unsigned long)(*(--(c))))<<24; \
+			case 7: l2|=((unsigned long)(*(--(c))))<<16; \
+			case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
+			case 5: l2|=((unsigned long)(*(--(c))));     \
+			case 4: l1 =((unsigned long)(*(--(c))))<<24; \
+			case 3: l1|=((unsigned long)(*(--(c))))<<16; \
+			case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
+			case 1: l1|=((unsigned long)(*(--(c))));     \
+				} \
+			}
+
+/* NOTE - c is not incremented as per l2c */
+#define l2cn(l1,l2,c,n)	{ \
+			c+=n; \
+			switch (n) { \
+			case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+			case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+			case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+			case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+			case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+			case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+			case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+			case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+				} \
+			}
+
+#undef c2s
+#define c2s(c,l)	(l =((unsigned long)(*((c)++)))    , \
+			 l|=((unsigned long)(*((c)++)))<< 8L)
+
+#undef s2c
+#define s2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff))
+
+#undef c2l
+#define c2l(c,l)	(l =((unsigned long)(*((c)++)))     , \
+			 l|=((unsigned long)(*((c)++)))<< 8L, \
+			 l|=((unsigned long)(*((c)++)))<<16L, \
+			 l|=((unsigned long)(*((c)++)))<<24L)
+
+#undef l2c
+#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
+			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+#endif
+
+#define E_IDEA(num) \
+	x1&=0xffff; \
+	idea_mul(x1,x1,*p,ul); p++; \
+	x2+= *(p++); \
+	x3+= *(p++); \
+	x4&=0xffff; \
+	idea_mul(x4,x4,*p,ul); p++; \
+	t0=(x1^x3)&0xffff; \
+	idea_mul(t0,t0,*p,ul); p++; \
+	t1=(t0+(x2^x4))&0xffff; \
+	idea_mul(t1,t1,*p,ul); p++; \
+	t0+=t1; \
+	x1^=t1; \
+	x4^=t0; \
+	ul=x2^t0; /* do the swap to x3 */ \
+	x2=x3^t1; \
+	x3=ul;
+
diff --git a/crypto/openssl/crypto/idea/idea_spd.c b/crypto/openssl/crypto/idea/idea_spd.c
new file mode 100644
index 0000000..5f79f93
--- /dev/null
+++ b/crypto/openssl/crypto/idea/idea_spd.c
@@ -0,0 +1,296 @@
+/* crypto/idea/idea_spd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#include <signal.h>
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/idea.h>
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ	100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#define BUFSIZE	((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+	{
+	signal(SIGALRM,sig_done);
+	run=0;
+#ifdef LINT
+	sig=sig;
+#endif
+	}
+#endif
+
+#define START	0
+#define STOP	1
+
+double Time_F(int s)
+	{
+	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;
+
+	if (s == START)
+		{
+		times(&tstart);
+		return(0);
+		}
+	else
+		{
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
+		{
+		ftime(&tstart);
+		return(0);
+		}
+	else
+		{
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+		return((ret == 0.0)?1e-6:ret);
+		}
+#endif
+	}
+
+int main(int argc, char **argv)
+	{
+	long count;
+	static unsigned char buf[BUFSIZE];
+	static unsigned char key[] ={
+			0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+			0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+			};
+	IDEA_KEY_SCHEDULE sch;
+	double a,aa,b,c,d;
+#ifndef SIGALRM
+	long ca,cca,cb,cc;
+#endif
+
+#ifndef TIMES
+	printf("To get the most acurate results, try to run this\n");
+	printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+	printf("First we calculate the approximate speed ...\n");
+	idea_set_encrypt_key(key,&sch);
+	count=10;
+	do	{
+		long i;
+		IDEA_INT data[2];
+
+		count*=2;
+		Time_F(START);
+		for (i=count; i; i--)
+			idea_encrypt(data,&sch);
+		d=Time_F(STOP);
+		} while (d < 3.0);
+	ca=count/4;
+	cca=count/200;
+	cb=count;
+	cc=count*8/BUFSIZE+1;
+	printf("idea_set_encrypt_key %ld times\n",ca);
+#define COND(d)	(count <= (d))
+#define COUNT(d) (d)
+#else
+#define COND(c)	(run)
+#define COUNT(d) (count)
+	signal(SIGALRM,sig_done);
+	printf("Doing idea_set_encrypt_key for 10 seconds\n");
+	alarm(10);
+#endif
+
+	Time_F(START);
+	for (count=0,run=1; COND(ca); count+=4)
+		{
+		idea_set_encrypt_key(key,&sch);
+		idea_set_encrypt_key(key,&sch);
+		idea_set_encrypt_key(key,&sch);
+		idea_set_encrypt_key(key,&sch);
+		}
+	d=Time_F(STOP);
+	printf("%ld idea idea_set_encrypt_key's in %.2f seconds\n",count,d);
+	a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+	printf("Doing idea_set_decrypt_key for 10 seconds\n");
+	alarm(10);
+#else
+	printf("Doing idea_set_decrypt_key %ld times\n",cca);
+#endif
+
+	Time_F(START);
+	for (count=0,run=1; COND(cca); count+=4)
+		{
+		idea_set_decrypt_key(&sch,&sch);
+		idea_set_decrypt_key(&sch,&sch);
+		idea_set_decrypt_key(&sch,&sch);
+		idea_set_decrypt_key(&sch,&sch);
+		}
+	d=Time_F(STOP);
+	printf("%ld idea idea_set_decrypt_key's in %.2f seconds\n",count,d);
+	aa=((double)COUNT(cca))/d;
+
+#ifdef SIGALRM
+	printf("Doing idea_encrypt's for 10 seconds\n");
+	alarm(10);
+#else
+	printf("Doing idea_encrypt %ld times\n",cb);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cb); count+=4)
+		{
+		unsigned long data[2];
+
+		idea_encrypt(data,&sch);
+		idea_encrypt(data,&sch);
+		idea_encrypt(data,&sch);
+		idea_encrypt(data,&sch);
+		}
+	d=Time_F(STOP);
+	printf("%ld idea_encrypt's in %.2f second\n",count,d);
+	b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+	printf("Doing idea_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+		BUFSIZE);
+	alarm(10);
+#else
+	printf("Doing idea_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+		BUFSIZE);
+#endif
+	Time_F(START);
+	for (count=0,run=1; COND(cc); count++)
+		idea_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+			&(key[0]),IDEA_ENCRYPT);
+	d=Time_F(STOP);
+	printf("%ld idea_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+		count,BUFSIZE,d);
+	c=((double)COUNT(cc)*BUFSIZE)/d;
+
+	printf("IDEA set_encrypt_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+	printf("IDEA set_decrypt_key per sec = %12.2f (%9.3fuS)\n",aa,1.0e6/aa);
+	printf("IDEA raw ecb bytes   per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+	printf("IDEA cbc     bytes   per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+	exit(0);
+#if defined(LINT) || defined(MSDOS)
+	return(0);
+#endif
+	}
+
diff --git a/crypto/openssl/crypto/idea/ideatest.c b/crypto/openssl/crypto/idea/ideatest.c
new file mode 100644
index 0000000..64b9353
--- /dev/null
+++ b/crypto/openssl/crypto/idea/ideatest.c
@@ -0,0 +1,230 @@
+/* crypto/idea/ideatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#ifdef NO_IDEA
+int main(int argc, char *argv[])
+{
+    printf("No IDEA support\n");
+    return(0);
+}
+#else
+#include <openssl/idea.h>
+
+unsigned char k[16]={
+	0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,
+	0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08};
+
+unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03};
+unsigned char  c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5};
+unsigned char out[80];
+
+char *text="Hello to all people out there";
+
+static unsigned char cfb_key[16]={
+	0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
+	0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
+	};
+static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+#define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
+	0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
+	0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
+	0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
+
+/*	0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+	0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+	0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+	}; 
+
+static int cfb64_test(unsigned char *cfb_cipher);
+static char *pt(unsigned char *p);
+int main(int argc, char *argv[])
+	{
+	int i,err=0;
+	IDEA_KEY_SCHEDULE key,dkey; 
+	unsigned char iv[8];
+
+	idea_set_encrypt_key(k,&key);
+	idea_ecb_encrypt(in,out,&key);
+	if (memcmp(out,c,8) != 0)
+		{
+		printf("ecb idea error encrypting\n");
+		printf("got     :");
+		for (i=0; i<8; i++)
+			printf("%02X ",out[i]);
+		printf("\n");
+		printf("expected:");
+		for (i=0; i<8; i++)
+			printf("%02X ",c[i]);
+		err=20;
+		printf("\n");
+		}
+
+	idea_set_decrypt_key(&key,&dkey);
+	idea_ecb_encrypt(c,out,&dkey);
+	if (memcmp(out,in,8) != 0)
+		{
+		printf("ecb idea error decrypting\n");
+		printf("got     :");
+		for (i=0; i<8; i++)
+			printf("%02X ",out[i]);
+		printf("\n");
+		printf("expected:");
+		for (i=0; i<8; i++)
+			printf("%02X ",in[i]);
+		printf("\n");
+		err=3;
+		}
+
+	if (err == 0) printf("ecb idea ok\n");
+
+	memcpy(iv,k,8);
+	idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1);
+	memcpy(iv,k,8);
+	idea_cbc_encrypt(out,out,8,&dkey,iv,0);
+	idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0);
+	if (memcmp(text,out,strlen(text)+1) != 0)
+		{
+		printf("cbc idea bad\n");
+		err=4;
+		}
+	else
+		printf("cbc idea ok\n");
+
+	printf("cfb64 idea ");
+	if (cfb64_test(cfb_cipher64))
+		{
+		printf("bad\n");
+		err=5;
+		}
+	else
+		printf("ok\n");
+
+	exit(err);
+	return(err);
+	}
+
+static int cfb64_test(unsigned char *cfb_cipher)
+        {
+        IDEA_KEY_SCHEDULE eks,dks;
+        int err=0,i,n;
+
+        idea_set_encrypt_key(cfb_key,&eks);
+        idea_set_decrypt_key(&eks,&dks);
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+                (long)CFB_TEST_SIZE-12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb64_encrypt encrypt error\n");
+                for (i=0; i<CFB_TEST_SIZE; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                (long)CFB_TEST_SIZE-17,&dks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+
+static char *pt(unsigned char *p)
+	{
+	static char bufs[10][20];
+	static int bnum=0;
+	char *ret;
+	int i;
+	static char *f="0123456789ABCDEF";
+
+	ret= &(bufs[bnum++][0]);
+	bnum%=10;
+	for (i=0; i<8; i++)
+		{
+		ret[i*2]=f[(p[i]>>4)&0xf];
+		ret[i*2+1]=f[p[i]&0xf];
+		}
+	ret[16]='\0';
+	return(ret);
+	}
+#endif
diff --git a/crypto/openssl/crypto/idea/version b/crypto/openssl/crypto/idea/version
new file mode 100644
index 0000000..3f22293
--- /dev/null
+++ b/crypto/openssl/crypto/idea/version
@@ -0,0 +1,12 @@
+1.1 07/12/95 - eay
+	Many thanks to Rhys Weatherley <rweather@us.oracle.com>
+	for pointing out that I was assuming little endian byte
+	order for all quantities what idea actually used
+	bigendian.  No where in the spec does it mention
+	this, it is all in terms of 16 bit numbers and even the example
+	does not use byte streams for the input example :-(.
+	If you byte swap each pair of input, keys and iv, the functions
+	would produce the output as the old version :-(.
+
+1.0 ??/??/95 - eay
+	First version.
diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c
new file mode 100644
index 0000000..7f51c42
--- /dev/null
+++ b/crypto/openssl/crypto/rsa/rsa_eay.c
@@ -0,0 +1,489 @@
+/* crypto/rsa/rsa_eay.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+static int RSA_eay_public_encrypt(int flen, unsigned char *from,
+		unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_private_encrypt(int flen, unsigned char *from,
+		unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_public_decrypt(int flen, unsigned char *from,
+		unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_private_decrypt(int flen, unsigned char *from,
+		unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
+static int RSA_eay_init(RSA *rsa);
+static int RSA_eay_finish(RSA *rsa);
+static RSA_METHOD rsa_pkcs1_eay_meth={
+	"Eric Young's PKCS#1 RSA",
+	RSA_eay_public_encrypt,
+	RSA_eay_public_decrypt,
+	RSA_eay_private_encrypt,
+	RSA_eay_private_decrypt,
+	RSA_eay_mod_exp,
+	BN_mod_exp_mont,
+	RSA_eay_init,
+	RSA_eay_finish,
+	0,
+	NULL,
+	};
+
+RSA_METHOD *RSA_PKCS1_SSLeay(void)
+	{
+	return(&rsa_pkcs1_eay_meth);
+	}
+
+static int RSA_eay_public_encrypt(int flen, unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
+	{
+	BIGNUM f,ret;
+	int i,j,k,num=0,r= -1;
+	unsigned char *buf=NULL;
+	BN_CTX *ctx=NULL;
+
+	BN_init(&f);
+	BN_init(&ret);
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+	num=BN_num_bytes(rsa->n);
+	if ((buf=(unsigned char *)Malloc(num)) == NULL)
+		{
+		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	switch (padding)
+		{
+	case RSA_PKCS1_PADDING:
+		i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
+		break;
+#ifndef NO_SHA
+	case RSA_PKCS1_OAEP_PADDING:
+	        i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
+		break;
+#endif
+	case RSA_SSLV23_PADDING:
+		i=RSA_padding_add_SSLv23(buf,num,from,flen);
+		break;
+	case RSA_NO_PADDING:
+		i=RSA_padding_add_none(buf,num,from,flen);
+		break;
+	default:
+		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+		goto err;
+		}
+	if (i <= 0) goto err;
+
+	if (BN_bin2bn(buf,num,&f) == NULL) goto err;
+	
+	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+		{
+		if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
+			if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
+			    goto err;
+		}
+
+	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+		rsa->_method_mod_n)) goto err;
+
+	/* put in leading 0 bytes if the number is less than the
+	 * length of the modulus */
+	j=BN_num_bytes(&ret);
+	i=BN_bn2bin(&ret,&(to[num-j]));
+	for (k=0; k<(num-i); k++)
+		to[k]=0;
+
+	r=num;
+err:
+	if (ctx != NULL) BN_CTX_free(ctx);
+	BN_clear_free(&f);
+	BN_clear_free(&ret);
+	if (buf != NULL) 
+		{
+		memset(buf,0,num);
+		Free(buf);
+		}
+	return(r);
+	}
+
+static int RSA_eay_private_encrypt(int flen, unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
+	{
+	BIGNUM f,ret;
+	int i,j,k,num=0,r= -1;
+	unsigned char *buf=NULL;
+	BN_CTX *ctx=NULL;
+
+	BN_init(&f);
+	BN_init(&ret);
+
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+	num=BN_num_bytes(rsa->n);
+	if ((buf=(unsigned char *)Malloc(num)) == NULL)
+		{
+		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	switch (padding)
+		{
+	case RSA_PKCS1_PADDING:
+		i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
+		break;
+	case RSA_NO_PADDING:
+		i=RSA_padding_add_none(buf,num,from,flen);
+		break;
+	case RSA_SSLV23_PADDING:
+	default:
+		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+		goto err;
+		}
+	if (i <= 0) goto err;
+
+	if (BN_bin2bn(buf,num,&f) == NULL) goto err;
+
+	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+		RSA_blinding_on(rsa,ctx);
+	if (rsa->flags & RSA_FLAG_BLINDING)
+		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+
+	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+		((rsa->p != NULL) &&
+		(rsa->q != NULL) &&
+		(rsa->dmp1 != NULL) &&
+		(rsa->dmq1 != NULL) &&
+		(rsa->iqmp != NULL)) )
+		{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+	else
+		{
+		if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
+		}
+
+	if (rsa->flags & RSA_FLAG_BLINDING)
+		if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
+
+	/* put in leading 0 bytes if the number is less than the
+	 * length of the modulus */
+	j=BN_num_bytes(&ret);
+	i=BN_bn2bin(&ret,&(to[num-j]));
+	for (k=0; k<(num-i); k++)
+		to[k]=0;
+
+	r=num;
+err:
+	if (ctx != NULL) BN_CTX_free(ctx);
+	BN_clear_free(&ret);
+	BN_clear_free(&f);
+	if (buf != NULL)
+		{
+		memset(buf,0,num);
+		Free(buf);
+		}
+	return(r);
+	}
+
+static int RSA_eay_private_decrypt(int flen, unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
+	{
+	BIGNUM f,ret;
+	int j,num=0,r= -1;
+	unsigned char *p;
+	unsigned char *buf=NULL;
+	BN_CTX *ctx=NULL;
+
+	BN_init(&f);
+	BN_init(&ret);
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+
+	num=BN_num_bytes(rsa->n);
+
+	if ((buf=(unsigned char *)Malloc(num)) == NULL)
+		{
+		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	/* This check was for equallity but PGP does evil things
+	 * and chops off the top '0' bytes */
+	if (flen > num)
+		{
+		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
+		goto err;
+		}
+
+	/* make data into a big number */
+	if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
+
+	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+		RSA_blinding_on(rsa,ctx);
+	if (rsa->flags & RSA_FLAG_BLINDING)
+		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+
+	/* do the decrypt */
+	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+		((rsa->p != NULL) &&
+		(rsa->q != NULL) &&
+		(rsa->dmp1 != NULL) &&
+		(rsa->dmq1 != NULL) &&
+		(rsa->iqmp != NULL)) )
+		{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+	else
+		{
+		if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
+			goto err;
+		}
+
+	if (rsa->flags & RSA_FLAG_BLINDING)
+		if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
+
+	p=buf;
+	j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
+
+	switch (padding)
+		{
+	case RSA_PKCS1_PADDING:
+		r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
+		break;
+#ifndef NO_SHA
+        case RSA_PKCS1_OAEP_PADDING:
+	        r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
+                break;
+#endif
+ 	case RSA_SSLV23_PADDING:
+		r=RSA_padding_check_SSLv23(to,num,buf,j,num);
+		break;
+	case RSA_NO_PADDING:
+		r=RSA_padding_check_none(to,num,buf,j,num);
+		break;
+	default:
+		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+		goto err;
+		}
+	if (r < 0)
+		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
+
+err:
+	if (ctx != NULL) BN_CTX_free(ctx);
+	BN_clear_free(&f);
+	BN_clear_free(&ret);
+	if (buf != NULL)
+		{
+		memset(buf,0,num);
+		Free(buf);
+		}
+	return(r);
+	}
+
+static int RSA_eay_public_decrypt(int flen, unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
+	{
+	BIGNUM f,ret;
+	int i,num=0,r= -1;
+	unsigned char *p;
+	unsigned char *buf=NULL;
+	BN_CTX *ctx=NULL;
+
+	BN_init(&f);
+	BN_init(&ret);
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+
+	num=BN_num_bytes(rsa->n);
+	buf=(unsigned char *)Malloc(num);
+	if (buf == NULL)
+		{
+		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	/* This check was for equallity but PGP does evil things
+	 * and chops off the top '0' bytes */
+	if (flen > num)
+		{
+		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
+		goto err;
+		}
+
+	if (BN_bin2bn(from,flen,&f) == NULL) goto err;
+	/* do the decrypt */
+	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+		{
+		if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
+			if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
+			    goto err;
+		}
+
+	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+		rsa->_method_mod_n)) goto err;
+
+	p=buf;
+	i=BN_bn2bin(&ret,p);
+
+	switch (padding)
+		{
+	case RSA_PKCS1_PADDING:
+		r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
+		break;
+	case RSA_NO_PADDING:
+		r=RSA_padding_check_none(to,num,buf,i,num);
+		break;
+	default:
+		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+		goto err;
+		}
+	if (r < 0)
+		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
+
+err:
+	if (ctx != NULL) BN_CTX_free(ctx);
+	BN_clear_free(&f);
+	BN_clear_free(&ret);
+	if (buf != NULL)
+		{
+		memset(buf,0,num);
+		Free(buf);
+		}
+	return(r);
+	}
+
+static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
+	{
+	BIGNUM r1,m1;
+	int ret=0;
+	BN_CTX *ctx;
+
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+	BN_init(&m1);
+	BN_init(&r1);
+
+	if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
+		{
+		if (rsa->_method_mod_p == NULL)
+			{
+			if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL)
+				if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p,
+						     ctx))
+					goto err;
+			}
+		if (rsa->_method_mod_q == NULL)
+			{
+			if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL)
+				if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q,
+						     ctx))
+					goto err;
+			}
+		}
+
+	if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
+	if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
+		rsa->_method_mod_q)) goto err;
+
+	if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
+	if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
+		rsa->_method_mod_p)) goto err;
+
+	if (!BN_sub(r0,r0,&m1)) goto err;
+	/* This will help stop the size of r0 increasing, which does
+	 * affect the multiply if it optimised for a power of 2 size */
+	if (r0->neg)
+		if (!BN_add(r0,r0,rsa->p)) goto err;
+
+	if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
+	if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
+	/* If p < q it is occasionally possible for the correction of
+         * adding 'p' if r0 is negative above to leave the result still
+	 * negative. This can break the private key operations: the following
+	 * second correction should *always* correct this rare occurrence.
+	 * This will *never* happen with OpenSSL generated keys because
+         * they ensure p > q [steve]
+         */
+	if (r0->neg)
+		if (!BN_add(r0,r0,rsa->p)) goto err;
+	if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
+	if (!BN_add(r0,&r1,&m1)) goto err;
+
+	ret=1;
+err:
+	BN_clear_free(&m1);
+	BN_clear_free(&r1);
+	BN_CTX_free(ctx);
+	return(ret);
+	}
+
+static int RSA_eay_init(RSA *rsa)
+	{
+	rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
+	return(1);
+	}
+
+static int RSA_eay_finish(RSA *rsa)
+	{
+	if (rsa->_method_mod_n != NULL)
+		BN_MONT_CTX_free(rsa->_method_mod_n);
+	if (rsa->_method_mod_p != NULL)
+		BN_MONT_CTX_free(rsa->_method_mod_p);
+	if (rsa->_method_mod_q != NULL)
+		BN_MONT_CTX_free(rsa->_method_mod_q);
+	return(1);
+	}
+
+
diff --git a/crypto/telnet/arpa/telnet.h b/crypto/telnet/arpa/telnet.h
new file mode 100644
index 0000000..8a17ff1
--- /dev/null
+++ b/crypto/telnet/arpa/telnet.h
@@ -0,0 +1,341 @@
+/*
+ * Copyright (c) 1983, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)telnet.h	8.2 (Berkeley) 12/15/93
+ */
+
+#ifndef _ARPA_TELNET_H_
+#define	_ARPA_TELNET_H_
+
+/*
+ * Definitions for the TELNET protocol.
+ */
+#define	IAC	255		/* interpret as command: */
+#define	DONT	254		/* you are not to use option */
+#define	DO	253		/* please, you use option */
+#define	WONT	252		/* I won't use option */
+#define	WILL	251		/* I will use option */
+#define	SB	250		/* interpret as subnegotiation */
+#define	GA	249		/* you may reverse the line */
+#define	EL	248		/* erase the current line */
+#define	EC	247		/* erase the current character */
+#define	AYT	246		/* are you there */
+#define	AO	245		/* abort output--but let prog finish */
+#define	IP	244		/* interrupt process--permanently */
+#define	BREAK	243		/* break */
+#define	DM	242		/* data mark--for connect. cleaning */
+#define	NOP	241		/* nop */
+#define	SE	240		/* end sub negotiation */
+#define EOR     239             /* end of record (transparent mode) */
+#define	ABORT	238		/* Abort process */
+#define	SUSP	237		/* Suspend process */
+#define	xEOF	236		/* End of file: EOF is already used... */
+
+#define SYNCH	242		/* for telfunc calls */
+
+#ifdef TELCMDS
+char *telcmds[] = {
+	"EOF", "SUSP", "ABORT", "EOR",
+	"SE", "NOP", "DMARK", "BRK", "IP", "AO", "AYT", "EC",
+	"EL", "GA", "SB", "WILL", "WONT", "DO", "DONT", "IAC",
+	0
+};
+#else
+extern char *telcmds[];
+#endif
+
+#define	TELCMD_FIRST	xEOF
+#define	TELCMD_LAST	IAC
+#define	TELCMD_OK(x)	((unsigned int)(x) <= TELCMD_LAST && \
+			 (unsigned int)(x) >= TELCMD_FIRST)
+#define	TELCMD(x)	telcmds[(x)-TELCMD_FIRST]
+
+/* telnet options */
+#define TELOPT_BINARY	0	/* 8-bit data path */
+#define TELOPT_ECHO	1	/* echo */
+#define	TELOPT_RCP	2	/* prepare to reconnect */
+#define	TELOPT_SGA	3	/* suppress go ahead */
+#define	TELOPT_NAMS	4	/* approximate message size */
+#define	TELOPT_STATUS	5	/* give status */
+#define	TELOPT_TM	6	/* timing mark */
+#define	TELOPT_RCTE	7	/* remote controlled transmission and echo */
+#define TELOPT_NAOL 	8	/* negotiate about output line width */
+#define TELOPT_NAOP 	9	/* negotiate about output page size */
+#define TELOPT_NAOCRD	10	/* negotiate about CR disposition */
+#define TELOPT_NAOHTS	11	/* negotiate about horizontal tabstops */
+#define TELOPT_NAOHTD	12	/* negotiate about horizontal tab disposition */
+#define TELOPT_NAOFFD	13	/* negotiate about formfeed disposition */
+#define TELOPT_NAOVTS	14	/* negotiate about vertical tab stops */
+#define TELOPT_NAOVTD	15	/* negotiate about vertical tab disposition */
+#define TELOPT_NAOLFD	16	/* negotiate about output LF disposition */
+#define TELOPT_XASCII	17	/* extended ascic character set */
+#define	TELOPT_LOGOUT	18	/* force logout */
+#define	TELOPT_BM	19	/* byte macro */
+#define	TELOPT_DET	20	/* data entry terminal */
+#define	TELOPT_SUPDUP	21	/* supdup protocol */
+#define	TELOPT_SUPDUPOUTPUT 22	/* supdup output */
+#define	TELOPT_SNDLOC	23	/* send location */
+#define	TELOPT_TTYPE	24	/* terminal type */
+#define	TELOPT_EOR	25	/* end or record */
+#define	TELOPT_TUID	26	/* TACACS user identification */
+#define	TELOPT_OUTMRK	27	/* output marking */
+#define	TELOPT_TTYLOC	28	/* terminal location number */
+#define	TELOPT_3270REGIME 29	/* 3270 regime */
+#define	TELOPT_X3PAD	30	/* X.3 PAD */
+#define	TELOPT_NAWS	31	/* window size */
+#define	TELOPT_TSPEED	32	/* terminal speed */
+#define	TELOPT_LFLOW	33	/* remote flow control */
+#define TELOPT_LINEMODE	34	/* Linemode option */
+#define TELOPT_XDISPLOC	35	/* X Display Location */
+#define TELOPT_OLD_ENVIRON 36	/* Old - Environment variables */
+#define	TELOPT_AUTHENTICATION 37/* Authenticate */
+#define	TELOPT_ENCRYPT	38	/* Encryption option */
+#define TELOPT_NEW_ENVIRON 39	/* New - Environment variables */
+#define	TELOPT_EXOPL	255	/* extended-options-list */
+
+
+#define	NTELOPTS	(1+TELOPT_NEW_ENVIRON)
+#ifdef TELOPTS
+char *telopts[NTELOPTS+1] = {
+	"BINARY", "ECHO", "RCP", "SUPPRESS GO AHEAD", "NAME",
+	"STATUS", "TIMING MARK", "RCTE", "NAOL", "NAOP",
+	"NAOCRD", "NAOHTS", "NAOHTD", "NAOFFD", "NAOVTS",
+	"NAOVTD", "NAOLFD", "EXTEND ASCII", "LOGOUT", "BYTE MACRO",
+	"DATA ENTRY TERMINAL", "SUPDUP", "SUPDUP OUTPUT",
+	"SEND LOCATION", "TERMINAL TYPE", "END OF RECORD",
+	"TACACS UID", "OUTPUT MARKING", "TTYLOC",
+	"3270 REGIME", "X.3 PAD", "NAWS", "TSPEED", "LFLOW",
+	"LINEMODE", "XDISPLOC", "OLD-ENVIRON", "AUTHENTICATION",
+	"ENCRYPT", "NEW-ENVIRON",
+	0
+};
+#define	TELOPT_FIRST	TELOPT_BINARY
+#define	TELOPT_LAST	TELOPT_NEW_ENVIRON
+#define	TELOPT_OK(x)	((unsigned int)(x) <= TELOPT_LAST)
+#define	TELOPT(x)	telopts[(x)-TELOPT_FIRST]
+#endif
+
+/* sub-option qualifiers */
+#define	TELQUAL_IS	0	/* option is... */
+#define	TELQUAL_SEND	1	/* send option */
+#define	TELQUAL_INFO	2	/* ENVIRON: informational version of IS */
+#define	TELQUAL_REPLY	2	/* AUTHENTICATION: client version of IS */
+#define	TELQUAL_NAME	3	/* AUTHENTICATION: client version of IS */
+
+#define	LFLOW_OFF		0	/* Disable remote flow control */
+#define	LFLOW_ON		1	/* Enable remote flow control */
+#define	LFLOW_RESTART_ANY	2	/* Restart output on any char */
+#define	LFLOW_RESTART_XON	3	/* Restart output only on XON */
+
+/*
+ * LINEMODE suboptions
+ */
+
+#define	LM_MODE		1
+#define	LM_FORWARDMASK	2
+#define	LM_SLC		3
+
+#define	MODE_EDIT	0x01
+#define	MODE_TRAPSIG	0x02
+#define	MODE_ACK	0x04
+#define MODE_SOFT_TAB	0x08
+#define MODE_LIT_ECHO	0x10
+
+#define	MODE_MASK	0x1f
+
+/* Not part of protocol, but needed to simplify things... */
+#define MODE_FLOW		0x0100
+#define MODE_ECHO		0x0200
+#define MODE_INBIN		0x0400
+#define MODE_OUTBIN		0x0800
+#define MODE_FORCE		0x1000
+
+#define	SLC_SYNCH	1
+#define	SLC_BRK		2
+#define	SLC_IP		3
+#define	SLC_AO		4
+#define	SLC_AYT		5
+#define	SLC_EOR		6
+#define	SLC_ABORT	7
+#define	SLC_EOF		8
+#define	SLC_SUSP	9
+#define	SLC_EC		10
+#define	SLC_EL		11
+#define	SLC_EW		12
+#define	SLC_RP		13
+#define	SLC_LNEXT	14
+#define	SLC_XON		15
+#define	SLC_XOFF	16
+#define	SLC_FORW1	17
+#define	SLC_FORW2	18
+#define SLC_MCL         19
+#define SLC_MCR         20
+#define SLC_MCWL        21
+#define SLC_MCWR        22
+#define SLC_MCBOL       23
+#define SLC_MCEOL       24
+#define SLC_INSRT       25
+#define SLC_OVER        26
+#define SLC_ECR         27
+#define SLC_EWR         28
+#define SLC_EBOL        29
+#define SLC_EEOL        30
+
+#define	NSLC		30
+
+/*
+ * For backwards compatability, we define SLC_NAMES to be the
+ * list of names if SLC_NAMES is not defined.
+ */
+#define	SLC_NAMELIST	"0", "SYNCH", "BRK", "IP", "AO", "AYT", "EOR", \
+			"ABORT", "EOF", "SUSP", "EC", "EL", "EW", "RP", \
+			"LNEXT", "XON", "XOFF", "FORW1", "FORW2",	\
+			"MCL", "MCR", "MCWL", "MCWR", "MCBOL",		\
+			"MCEOL", "INSRT", "OVER", "ECR", "EWR",		\
+			"EBOL", "EEOL",					\
+			0
+
+#ifdef	SLC_NAMES
+char *slc_names[] = {
+	SLC_NAMELIST
+};
+#else
+extern char *slc_names[];
+#define	SLC_NAMES SLC_NAMELIST
+#endif
+
+#define	SLC_NAME_OK(x)	((unsigned int)(x) <= NSLC)
+#define SLC_NAME(x)	slc_names[x]
+
+#define	SLC_NOSUPPORT	0
+#define	SLC_CANTCHANGE	1
+#define	SLC_VARIABLE	2
+#define	SLC_DEFAULT	3
+#define	SLC_LEVELBITS	0x03
+
+#define	SLC_FUNC	0
+#define	SLC_FLAGS	1
+#define	SLC_VALUE	2
+
+#define	SLC_ACK		0x80
+#define	SLC_FLUSHIN	0x40
+#define	SLC_FLUSHOUT	0x20
+
+#define	OLD_ENV_VAR	1
+#define	OLD_ENV_VALUE	0
+#define	NEW_ENV_VAR	0
+#define	NEW_ENV_VALUE	1
+#define	ENV_ESC		2
+#define ENV_USERVAR	3
+
+/*
+ * AUTHENTICATION suboptions
+ */
+
+/*
+ * Who is authenticating who ...
+ */
+#define	AUTH_WHO_CLIENT		0	/* Client authenticating server */
+#define	AUTH_WHO_SERVER		1	/* Server authenticating client */
+#define	AUTH_WHO_MASK		1
+
+/*
+ * amount of authentication done
+ */
+#define	AUTH_HOW_ONE_WAY	0
+#define	AUTH_HOW_MUTUAL		2
+#define	AUTH_HOW_MASK		2
+
+#define	AUTHTYPE_NULL		0
+#define	AUTHTYPE_KERBEROS_V4	1
+#define	AUTHTYPE_KERBEROS_V5	2
+#define	AUTHTYPE_SPX		3
+#define	AUTHTYPE_MINK		4
+#define AUTHTYPE_SRA		6
+#define	AUTHTYPE_CNT		7
+
+#define	AUTHTYPE_TEST		99
+
+#ifdef	AUTH_NAMES
+char *authtype_names[] = {
+	"NULL", "KERBEROS_V4", "KERBEROS_V5", "SPX", "MINK", NULL, "SRA",
+	0
+};
+#else
+extern char *authtype_names[];
+#endif
+
+#define	AUTHTYPE_NAME_OK(x)	((unsigned int)(x) < AUTHTYPE_CNT)
+#define	AUTHTYPE_NAME(x)	authtype_names[x]
+
+/*
+ * ENCRYPTion suboptions
+ */
+#define	ENCRYPT_IS		0	/* I pick encryption type ... */
+#define	ENCRYPT_SUPPORT		1	/* I support encryption types ... */
+#define	ENCRYPT_REPLY		2	/* Initial setup response */
+#define	ENCRYPT_START		3	/* Am starting to send encrypted */
+#define	ENCRYPT_END		4	/* Am ending encrypted */
+#define	ENCRYPT_REQSTART	5	/* Request you start encrypting */
+#define	ENCRYPT_REQEND		6	/* Request you end encrypting */
+#define	ENCRYPT_ENC_KEYID	7
+#define	ENCRYPT_DEC_KEYID	8
+#define	ENCRYPT_CNT		9
+
+#define	ENCTYPE_ANY		0
+#define	ENCTYPE_DES_CFB64	1
+#define	ENCTYPE_DES_OFB64	2
+#define	ENCTYPE_CNT		3
+
+#ifdef	ENCRYPT_NAMES
+char *encrypt_names[] = {
+	"IS", "SUPPORT", "REPLY", "START", "END",
+	"REQUEST-START", "REQUEST-END", "ENC-KEYID", "DEC-KEYID",
+	0
+};
+char *enctype_names[] = {
+	"ANY", "DES_CFB64",  "DES_OFB64",
+	0
+};
+#else
+extern char *encrypt_names[];
+extern char *enctype_names[];
+#endif
+
+
+#define	ENCRYPT_NAME_OK(x)	((unsigned int)(x) < ENCRYPT_CNT)
+#define	ENCRYPT_NAME(x)		encrypt_names[x]
+
+#define	ENCTYPE_NAME_OK(x)	((unsigned int)(x) < ENCTYPE_CNT)
+#define	ENCTYPE_NAME(x)		enctype_names[x]
+
+#endif /* !_TELNET_H_ */
diff --git a/crypto/telnet/libtelnet/auth-proto.h b/crypto/telnet/libtelnet/auth-proto.h
new file mode 100644
index 0000000..c62fe5f
--- /dev/null
+++ b/crypto/telnet/libtelnet/auth-proto.h
@@ -0,0 +1,108 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)auth-proto.h	8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#if	!defined(P)
+#ifdef	__STDC__
+#define	P(x)	x
+#else
+#define	P(x)	()
+#endif
+#endif
+
+#if	defined(AUTHENTICATION)
+Authenticator *findauthenticator P((int, int));
+
+void auth_init P((char *, int));
+int auth_cmd P((int, char **));
+void auth_request P((void));
+void auth_send P((unsigned char *, int));
+void auth_send_retry P((void));
+void auth_is P((unsigned char *, int));
+void auth_reply P((unsigned char *, int));
+void auth_finished P((Authenticator *, int));
+int auth_wait P((char *));
+void auth_disable_name P((char *));
+void auth_gen_printsub P((unsigned char *, int, unsigned char *, int));
+void auth_name P((unsigned char *, int));
+void auth_printsub P((unsigned char *, int, unsigned char *, int));
+int auth_sendname P((unsigned char *, int));
+void auth_encrypt_user P((char *));
+
+#ifdef	KRB4
+int kerberos4_init P((Authenticator *, int));
+int kerberos4_send P((Authenticator *));
+void kerberos4_is P((Authenticator *, unsigned char *, int));
+void kerberos4_reply P((Authenticator *, unsigned char *, int));
+int kerberos4_status P((Authenticator *, char *, int));
+void kerberos4_printsub P((unsigned char *, int, unsigned char *, int));
+#endif
+
+#ifdef	KRB5
+int kerberos5_init P((Authenticator *, int));
+int kerberos5_send P((Authenticator *));
+void kerberos5_is P((Authenticator *, unsigned char *, int));
+void kerberos5_reply P((Authenticator *, unsigned char *, int));
+int kerberos5_status P((Authenticator *, char *, int));
+void kerberos5_printsub P((unsigned char *, int, unsigned char *, int));
+#endif
+#ifdef SRA
+int sra_init P((Authenticator *, int));
+int sra_send P((Authenticator *));
+void sra_is P((Authenticator *, unsigned char *, int));
+void sra_reply P((Authenticator *, unsigned char *, int));
+int sra_status P((Authenticator *, char *, int));
+void sra_printsub P((unsigned char *, int, unsigned char *, int));
+#endif
+#endif
diff --git a/crypto/telnet/libtelnet/auth.c b/crypto/telnet/libtelnet/auth.c
new file mode 100644
index 0000000..d574b1e
--- /dev/null
+++ b/crypto/telnet/libtelnet/auth.c
@@ -0,0 +1,684 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char sccsid[] = "@(#)auth.c	8.3 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+
+#if	defined(AUTHENTICATION)
+#include <stdio.h>
+#include <sys/types.h>
+#include <signal.h>
+#define	AUTH_NAMES
+#include <arpa/telnet.h>
+#ifdef	__STDC__
+#include <stdlib.h>
+#include <unistd.h>
+#endif
+#ifdef	NO_STRING_H
+#include <strings.h>
+#else
+#include <string.h>
+#endif
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc-proto.h"
+#include "auth-proto.h"
+
+#define	typemask(x)		(1<<((x)-1))
+
+#ifdef	KRB4_ENCPWD
+extern krb4encpwd_init();
+extern krb4encpwd_send();
+extern krb4encpwd_is();
+extern krb4encpwd_reply();
+extern krb4encpwd_status();
+extern krb4encpwd_printsub();
+#endif
+
+#ifdef	RSA_ENCPWD
+extern rsaencpwd_init();
+extern rsaencpwd_send();
+extern rsaencpwd_is();
+extern rsaencpwd_reply();
+extern rsaencpwd_status();
+extern rsaencpwd_printsub();
+#endif
+
+int auth_debug_mode = 0;
+static 	char	*Name = "Noname";
+static	int	Server = 0;
+static	Authenticator	*authenticated = 0;
+static	int	authenticating = 0;
+static	int	validuser = 0;
+static	unsigned char	_auth_send_data[256];
+static	unsigned char	*auth_send_data;
+static	int	auth_send_cnt = 0;
+
+int auth_onoff(char *type, int on);
+void auth_encrypt_user(char *name);
+
+/*
+ * Authentication types supported.  Plese note that these are stored
+ * in priority order, i.e. try the first one first.
+ */
+Authenticator authenticators[] = {
+#ifdef	SPX
+	{ AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+				spx_init,
+				spx_send,
+				spx_is,
+				spx_reply,
+				spx_status,
+				spx_printsub },
+	{ AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+				spx_init,
+				spx_send,
+				spx_is,
+				spx_reply,
+				spx_status,
+				spx_printsub },
+#endif
+#ifdef	KRB5
+# ifdef	ENCRYPTION
+	{ AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+				kerberos5_init,
+				kerberos5_send,
+				kerberos5_is,
+				kerberos5_reply,
+				kerberos5_status,
+				kerberos5_printsub },
+# endif	/* ENCRYPTION */
+	{ AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+				kerberos5_init,
+				kerberos5_send,
+				kerberos5_is,
+				kerberos5_reply,
+				kerberos5_status,
+				kerberos5_printsub },
+#endif
+#ifdef	KRB4
+# ifdef ENCRYPTION
+	{ AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+				kerberos4_init,
+				kerberos4_send,
+				kerberos4_is,
+				kerberos4_reply,
+				kerberos4_status,
+				kerberos4_printsub },
+# endif	/* ENCRYPTION */
+	{ AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+				kerberos4_init,
+				kerberos4_send,
+				kerberos4_is,
+				kerberos4_reply,
+				kerberos4_status,
+				kerberos4_printsub },
+#endif
+#ifdef	KRB4_ENCPWD
+	{ AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+				krb4encpwd_init,
+				krb4encpwd_send,
+				krb4encpwd_is,
+				krb4encpwd_reply,
+				krb4encpwd_status,
+				krb4encpwd_printsub },
+#endif
+#ifdef	RSA_ENCPWD
+	{ AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+				rsaencpwd_init,
+				rsaencpwd_send,
+				rsaencpwd_is,
+				rsaencpwd_reply,
+				rsaencpwd_status,
+				rsaencpwd_printsub },
+#endif
+#ifdef SRA
+	{ AUTHTYPE_SRA, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+				sra_init,
+				sra_send,
+				sra_is,
+				sra_reply,
+				sra_status,
+				sra_printsub },
+
+#endif
+	{ 0, },
+};
+
+static Authenticator NoAuth = { 0 };
+
+static int	i_support = 0;
+static int	i_wont_support = 0;
+
+	Authenticator *
+findauthenticator(type, way)
+	int type;
+	int way;
+{
+	Authenticator *ap = authenticators;
+
+	while (ap->type && (ap->type != type || ap->way != way))
+		++ap;
+	return(ap->type ? ap : 0);
+}
+
+	void
+auth_init(name, server)
+	char *name;
+	int server;
+{
+	Authenticator *ap = authenticators;
+
+	Server = server;
+	Name = name;
+
+	i_support = 0;
+	authenticated = 0;
+	authenticating = 0;
+	while (ap->type) {
+		if (!ap->init || (*ap->init)(ap, server)) {
+			i_support |= typemask(ap->type);
+			if (auth_debug_mode)
+				printf(">>>%s: I support auth type %d %d\r\n",
+					Name,
+					ap->type, ap->way);
+		}
+		else if (auth_debug_mode)
+			printf(">>>%s: Init failed: auth type %d %d\r\n",
+				Name, ap->type, ap->way);
+		++ap;
+	}
+}
+
+	void
+auth_disable_name(name)
+	char *name;
+{
+	int x;
+	for (x = 0; x < AUTHTYPE_CNT; ++x) {
+		if (!strcasecmp(name, AUTHTYPE_NAME(x))) {
+			i_wont_support |= typemask(x);
+			break;
+		}
+	}
+}
+
+	int
+getauthmask(type, maskp)
+	char *type;
+	int *maskp;
+{
+	register int x;
+
+	if (!strcasecmp(type, AUTHTYPE_NAME(0))) {
+		*maskp = -1;
+		return(1);
+	}
+
+	for (x = 1; x < AUTHTYPE_CNT; ++x) {
+		if (!strcasecmp(type, AUTHTYPE_NAME(x))) {
+			*maskp = typemask(x);
+			return(1);
+		}
+	}
+	return(0);
+}
+
+	int
+auth_enable(type)
+	char *type;
+{
+	return(auth_onoff(type, 1));
+}
+
+	int
+auth_disable(type)
+	char *type;
+{
+	return(auth_onoff(type, 0));
+}
+
+	int
+auth_onoff(type, on)
+	char *type;
+	int on;
+{
+	int i, mask = -1;
+	Authenticator *ap;
+
+	if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
+		printf("auth %s 'type'\n", on ? "enable" : "disable");
+		printf("Where 'type' is one of:\n");
+		printf("\t%s\n", AUTHTYPE_NAME(0));
+		mask = 0;
+		for (ap = authenticators; ap->type; ap++) {
+			if ((mask & (i = typemask(ap->type))) != 0)
+				continue;
+			mask |= i;
+			printf("\t%s\n", AUTHTYPE_NAME(ap->type));
+		}
+		return(0);
+	}
+
+	if (!getauthmask(type, &mask)) {
+		printf("%s: invalid authentication type\n", type);
+		return(0);
+	}
+	if (on)
+		i_wont_support &= ~mask;
+	else
+		i_wont_support |= mask;
+	return(1);
+}
+
+	int
+auth_togdebug(on)
+	int on;
+{
+	if (on < 0)
+		auth_debug_mode ^= 1;
+	else
+		auth_debug_mode = on;
+	printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
+	return(1);
+}
+
+	int
+auth_status()
+{
+	Authenticator *ap;
+	int i, mask;
+
+	if (i_wont_support == -1)
+		printf("Authentication disabled\n");
+	else
+		printf("Authentication enabled\n");
+
+	mask = 0;
+	for (ap = authenticators; ap->type; ap++) {
+		if ((mask & (i = typemask(ap->type))) != 0)
+			continue;
+		mask |= i;
+		printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
+			(i_wont_support & typemask(ap->type)) ?
+					"disabled" : "enabled");
+	}
+	return(1);
+}
+
+/*
+ * This routine is called by the server to start authentication
+ * negotiation.
+ */
+	void
+auth_request()
+{
+	static unsigned char str_request[64] = { IAC, SB,
+						 TELOPT_AUTHENTICATION,
+						 TELQUAL_SEND, };
+	Authenticator *ap = authenticators;
+	unsigned char *e = str_request + 4;
+
+	if (!authenticating) {
+		authenticating = 1;
+		while (ap->type) {
+			if (i_support & ~i_wont_support & typemask(ap->type)) {
+				if (auth_debug_mode) {
+					printf(">>>%s: Sending type %d %d\r\n",
+						Name, ap->type, ap->way);
+				}
+				*e++ = ap->type;
+				*e++ = ap->way;
+			}
+			++ap;
+		}
+		*e++ = IAC;
+		*e++ = SE;
+		net_write(str_request, e - str_request);
+		printsub('>', &str_request[2], e - str_request - 2);
+	}
+}
+
+/*
+ * This is called when an AUTH SEND is received.
+ * It should never arrive on the server side (as only the server can
+ * send an AUTH SEND).
+ * You should probably respond to it if you can...
+ *
+ * If you want to respond to the types out of order (i.e. even
+ * if he sends  LOGIN KERBEROS and you support both, you respond
+ * with KERBEROS instead of LOGIN (which is against what the
+ * protocol says)) you will have to hack this code...
+ */
+	void
+auth_send(data, cnt)
+	unsigned char *data;
+	int cnt;
+{
+	Authenticator *ap;
+	static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION,
+					    TELQUAL_IS, AUTHTYPE_NULL, 0,
+					    IAC, SE };
+	if (Server) {
+		if (auth_debug_mode) {
+			printf(">>>%s: auth_send called!\r\n", Name);
+		}
+		return;
+	}
+
+	if (auth_debug_mode) {
+		printf(">>>%s: auth_send got:", Name);
+		printd(data, cnt); printf("\r\n");
+	}
+
+	/*
+	 * Save the data, if it is new, so that we can continue looking
+	 * at it if the authorization we try doesn't work
+	 */
+	if (data < _auth_send_data ||
+	    data > _auth_send_data + sizeof(_auth_send_data)) {
+		auth_send_cnt = cnt > sizeof(_auth_send_data)
+					? sizeof(_auth_send_data)
+					: cnt;
+		memmove((void *)_auth_send_data, (void *)data, auth_send_cnt);
+		auth_send_data = _auth_send_data;
+	} else {
+		/*
+		 * This is probably a no-op, but we just make sure
+		 */
+		auth_send_data = data;
+		auth_send_cnt = cnt;
+	}
+	while ((auth_send_cnt -= 2) >= 0) {
+		if (auth_debug_mode)
+			printf(">>>%s: He supports %d\r\n",
+				Name, *auth_send_data);
+		if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) {
+			ap = findauthenticator(auth_send_data[0],
+					       auth_send_data[1]);
+			if (ap && ap->send) {
+				if (auth_debug_mode)
+					printf(">>>%s: Trying %d %d\r\n",
+						Name, auth_send_data[0],
+							auth_send_data[1]);
+				if ((*ap->send)(ap)) {
+					/*
+					 * Okay, we found one we like
+					 * and did it.
+					 * we can go home now.
+					 */
+					if (auth_debug_mode)
+						printf(">>>%s: Using type %d\r\n",
+							Name, *auth_send_data);
+					auth_send_data += 2;
+					return;
+				}
+			}
+			/* else
+			 *	just continue on and look for the
+			 *	next one if we didn't do anything.
+			 */
+		}
+		auth_send_data += 2;
+	}
+	net_write(str_none, sizeof(str_none));
+	printsub('>', &str_none[2], sizeof(str_none) - 2);
+	if (auth_debug_mode)
+		printf(">>>%s: Sent failure message\r\n", Name);
+	auth_finished(0, AUTH_REJECT);
+#ifdef KANNAN
+	/*
+	 *  We requested strong authentication, however no mechanisms worked.
+	 *  Therefore, exit on client end.
+	 */
+	printf("Unable to securely authenticate user ... exit\n");
+	exit(0);
+#endif /* KANNAN */
+}
+
+	void
+auth_send_retry()
+{
+	/*
+	 * if auth_send_cnt <= 0 then auth_send will end up rejecting
+	 * the authentication and informing the other side of this.
+	 */
+	auth_send(auth_send_data, auth_send_cnt);
+}
+
+	void
+auth_is(data, cnt)
+	unsigned char *data;
+	int cnt;
+{
+	Authenticator *ap;
+
+	if (cnt < 2)
+		return;
+
+	if (data[0] == AUTHTYPE_NULL) {
+		auth_finished(0, AUTH_REJECT);
+		return;
+	}
+
+	if ((ap = findauthenticator(data[0], data[1]))) {
+		if (ap->is)
+			(*ap->is)(ap, data+2, cnt-2);
+	} else if (auth_debug_mode)
+		printf(">>>%s: Invalid authentication in IS: %d\r\n",
+			Name, *data);
+}
+
+	void
+auth_reply(data, cnt)
+	unsigned char *data;
+	int cnt;
+{
+	Authenticator *ap;
+
+	if (cnt < 2)
+		return;
+
+	if ((ap = findauthenticator(data[0], data[1]))) {
+		if (ap->reply)
+			(*ap->reply)(ap, data+2, cnt-2);
+	} else if (auth_debug_mode)
+		printf(">>>%s: Invalid authentication in SEND: %d\r\n",
+			Name, *data);
+}
+
+	void
+auth_name(data, cnt)
+	unsigned char *data;
+	int cnt;
+{
+	unsigned char savename[256];
+
+	if (cnt < 1) {
+		if (auth_debug_mode)
+			printf(">>>%s: Empty name in NAME\r\n", Name);
+		return;
+	}
+	if (cnt > sizeof(savename) - 1) {
+		if (auth_debug_mode)
+			printf(">>>%s: Name in NAME (%d) exceeds %d length\r\n",
+					Name, cnt, sizeof(savename)-1);
+		return;
+	}
+	memmove((void *)savename, (void *)data, cnt);
+	savename[cnt] = '\0';	/* Null terminate */
+	if (auth_debug_mode)
+		printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
+	auth_encrypt_user(savename);
+}
+
+	int
+auth_sendname(cp, len)
+	unsigned char *cp;
+	int len;
+{
+	static unsigned char str_request[256+6]
+			= { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, };
+	register unsigned char *e = str_request + 4;
+	register unsigned char *ee = &str_request[sizeof(str_request)-2];
+
+	while (--len >= 0) {
+		if ((*e++ = *cp++) == IAC)
+			*e++ = IAC;
+		if (e >= ee)
+			return(0);
+	}
+	*e++ = IAC;
+	*e++ = SE;
+	net_write(str_request, e - str_request);
+	printsub('>', &str_request[2], e - &str_request[2]);
+	return(1);
+}
+
+	void
+auth_finished(ap, result)
+	Authenticator *ap;
+	int result;
+{
+	if (!(authenticated = ap))
+		authenticated = &NoAuth;
+	validuser = result;
+}
+
+	/* ARGSUSED */
+	static void
+auth_intr(sig)
+	int sig;
+{
+	auth_finished(0, AUTH_REJECT);
+}
+
+	int
+auth_wait(name)
+	char *name;
+{
+	if (auth_debug_mode)
+		printf(">>>%s: in auth_wait.\r\n", Name);
+
+	if (Server && !authenticating)
+		return(0);
+
+	(void) signal(SIGALRM, auth_intr);
+	alarm(30);
+	while (!authenticated)
+		if (telnet_spin())
+			break;
+	alarm(0);
+	(void) signal(SIGALRM, SIG_DFL);
+
+	/*
+	 * Now check to see if the user is valid or not
+	 */
+	if (!authenticated || authenticated == &NoAuth)
+		return(AUTH_REJECT);
+
+	if (validuser == AUTH_VALID)
+		validuser = AUTH_USER;
+
+	if (authenticated->status)
+		validuser = (*authenticated->status)(authenticated,
+						     name, validuser);
+	return(validuser);
+}
+
+	void
+auth_debug(mode)
+	int mode;
+{
+	auth_debug_mode = mode;
+}
+
+	void
+auth_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	Authenticator *ap;
+
+	if ((ap = findauthenticator(data[1], data[2])) && ap->printsub)
+		(*ap->printsub)(data, cnt, buf, buflen);
+	else
+		auth_gen_printsub(data, cnt, buf, buflen);
+}
+
+	void
+auth_gen_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	register unsigned char *cp;
+	unsigned char tbuf[16];
+
+	cnt -= 3;
+	data += 3;
+	buf[buflen-1] = '\0';
+	buf[buflen-2] = '*';
+	buflen -= 2;
+	for (; cnt > 0; cnt--, data++) {
+		sprintf((char *)tbuf, " %d", *data);
+		for (cp = tbuf; *cp && buflen > 0; --buflen)
+			*buf++ = *cp++;
+		if (buflen <= 0)
+			return;
+	}
+	*buf = '\0';
+}
+#endif
diff --git a/crypto/telnet/libtelnet/auth.h b/crypto/telnet/libtelnet/auth.h
new file mode 100644
index 0000000..615e8a0
--- /dev/null
+++ b/crypto/telnet/libtelnet/auth.h
@@ -0,0 +1,87 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)auth.h	8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef	__AUTH__
+#define	__AUTH__
+
+#define	AUTH_REJECT	0	/* Rejected */
+#define	AUTH_UNKNOWN	1	/* We don't know who he is, but he's okay */
+#define	AUTH_OTHER	2	/* We know him, but not his name */
+#define	AUTH_USER	3	/* We know he name */
+#define	AUTH_VALID	4	/* We know him, and he needs no password */
+
+#if	!defined(P)
+#ifdef	__STDC__
+#define P(x)	x
+#else
+#define P(x)	()
+#endif
+#endif
+
+typedef struct XauthP {
+	int	type;
+	int	way;
+	int	(*init) P((struct XauthP *, int));
+	int	(*send) P((struct XauthP *));
+	void	(*is) P((struct XauthP *, unsigned char *, int));
+	void	(*reply) P((struct XauthP *, unsigned char *, int));
+	int	(*status) P((struct XauthP *, char *, int));
+	void	(*printsub) P((unsigned char *, int, unsigned char *, int));
+} Authenticator;
+
+#include "auth-proto.h"
+
+extern auth_debug_mode;
+#endif
diff --git a/crypto/telnet/libtelnet/enc-proto.h b/crypto/telnet/libtelnet/enc-proto.h
new file mode 100644
index 0000000..8cec406
--- /dev/null
+++ b/crypto/telnet/libtelnet/enc-proto.h
@@ -0,0 +1,128 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)enc-proto.h	8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+#if	!defined(P)
+#ifdef	__STDC__
+#define	P(x)	x
+#else
+#define	P(x)	()
+#endif
+#endif
+
+#ifdef	ENCRYPTION
+void encrypt_init P((char *, int));
+Encryptions *findencryption P((int));
+void encrypt_send_supprt P((void));
+void encrypt_auto P((int));
+void decrypt_auto P((int));
+void encrypt_is P((unsigned char *, int));
+void encrypt_reply P((unsigned char *, int));
+void encrypt_start_input P((int));
+void encrypt_session_key P((Session_Key *, int));
+void encrypt_end_input P((void));
+void encrypt_start_output P((int));
+void encrypt_end_output P((void));
+void encrypt_send_request_start P((void));
+void encrypt_send_request_end P((void));
+void encrypt_send_end P((void));
+void encrypt_wait P((void));
+void encrypt_send_support P((void));
+void encrypt_send_keyid P((int, unsigned char *, int, int));
+void encrypt_start P((unsigned char *, int));
+void encrypt_end P((void));
+void encrypt_support P((unsigned char *, int));
+void encrypt_request_start P((unsigned char *, int));
+void encrypt_request_end P((void));
+void encrypt_enc_keyid P((unsigned char *, int));
+void encrypt_dec_keyid P((unsigned char *, int));
+void encrypt_printsub P((unsigned char *, int, unsigned char *, int));
+int net_write P((unsigned char *, int));
+
+#ifndef	TELENTD
+int encrypt_cmd P((int, char **));
+void encrypt_display P((void));
+#endif
+
+#ifdef DES_ENCRYPTION
+void krbdes_encrypt P((unsigned char *, int));
+int krbdes_decrypt P((int));
+int krbdes_is P((unsigned char *, int));
+int krbdes_reply P((unsigned char *, int));
+void krbdes_init P((int));
+int krbdes_start P((int, int));
+void krbdes_session P((Session_Key *, int));
+void krbdes_printsub P((unsigned char *, int, unsigned char *, int));
+
+void cfb64_encrypt P((unsigned char *, int));
+int cfb64_decrypt P((int));
+void cfb64_init P((int));
+int cfb64_start P((int, int));
+int cfb64_is P((unsigned char *, int));
+int cfb64_reply P((unsigned char *, int));
+void cfb64_session P((Session_Key *, int));
+int cfb64_keyid P((int, unsigned char *, int *));
+void cfb64_printsub P((unsigned char *, int, unsigned char *, int));
+
+void ofb64_encrypt P((unsigned char *, int));
+int ofb64_decrypt P((int));
+void ofb64_init P((int));
+int ofb64_start P((int, int));
+int ofb64_is P((unsigned char *, int));
+int ofb64_reply P((unsigned char *, int));
+void ofb64_session P((Session_Key *, int));
+int ofb64_keyid P((int, unsigned char *, int *));
+void ofb64_printsub P((unsigned char *, int, unsigned char *, int));
+#endif /* DES_ENCRYPTION */
+
+#endif	/* ENCRYPTION */
diff --git a/crypto/telnet/libtelnet/enc_des.c b/crypto/telnet/libtelnet/enc_des.c
new file mode 100644
index 0000000..8e4b9a7
--- /dev/null
+++ b/crypto/telnet/libtelnet/enc_des.c
@@ -0,0 +1,720 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char sccsid[] = "@(#)enc_des.c	8.3 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+#ifdef	ENCRYPTION
+# ifdef	AUTHENTICATION
+#  ifdef DES_ENCRYPTION
+#include <arpa/telnet.h>
+#include <stdio.h>
+#ifdef	__STDC__
+#include <stdlib.h>
+#endif
+
+#include <des.h>
+#include <string.h>
+#include "encrypt.h"
+#include "key-proto.h"
+#include "misc-proto.h"
+
+extern encrypt_debug_mode;
+
+#define	CFB	0
+#define	OFB	1
+
+#define	NO_SEND_IV	1
+#define	NO_RECV_IV	2
+#define	NO_KEYID	4
+#define	IN_PROGRESS	(NO_SEND_IV|NO_RECV_IV|NO_KEYID)
+#define	SUCCESS		0
+#define	FAILED		-1
+
+
+struct fb {
+	Block krbdes_key;
+	Schedule krbdes_sched;
+	Block temp_feed;
+	unsigned char fb_feed[64];
+	int need_start;
+	int state[2];
+	int keyid[2];
+	int once;
+	struct stinfo {
+		Block		str_output;
+		Block		str_feed;
+		Block		str_iv;
+		Block		str_ikey;
+		Schedule	str_sched;
+		int		str_index;
+		int		str_flagshift;
+	} streams[2];
+};
+
+static struct fb fb[2];
+
+struct keyidlist {
+	char	*keyid;
+	int	keyidlen;
+	char	*key;
+	int	keylen;
+	int	flags;
+} keyidlist [] = {
+	{ "\0", 1, 0, 0, 0 },		/* default key of zero */
+	{ 0, 0, 0, 0, 0 }
+};
+
+#define	KEYFLAG_MASK	03
+
+#define	KEYFLAG_NOINIT	00
+#define	KEYFLAG_INIT	01
+#define	KEYFLAG_OK	02
+#define	KEYFLAG_BAD	03
+
+#define	KEYFLAG_SHIFT	2
+
+#define	SHIFT_VAL(a,b)	(KEYFLAG_SHIFT*((a)+((b)*2)))
+
+#define	FB64_IV		1
+#define	FB64_IV_OK	2
+#define	FB64_IV_BAD	3
+
+
+void fb64_stream_iv P((Block, struct stinfo *));
+void fb64_init P((struct fb *));
+static int fb64_start P((struct fb *, int, int));
+int fb64_is P((unsigned char *, int, struct fb *));
+int fb64_reply P((unsigned char *, int, struct fb *));
+static void fb64_session P((Session_Key *, int, struct fb *));
+void fb64_stream_key P((Block, struct stinfo *));
+int fb64_keyid P((int, unsigned char *, int *, struct fb *));
+
+	void
+cfb64_init(server)
+	int server;
+{
+	fb64_init(&fb[CFB]);
+	fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64;
+	fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB);
+	fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB);
+}
+
+	void
+ofb64_init(server)
+	int server;
+{
+	fb64_init(&fb[OFB]);
+	fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64;
+	fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB);
+	fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB);
+}
+
+	void
+fb64_init(fbp)
+	register struct fb *fbp;
+{
+	memset((void *)fbp, 0, sizeof(*fbp));
+	fbp->state[0] = fbp->state[1] = FAILED;
+	fbp->fb_feed[0] = IAC;
+	fbp->fb_feed[1] = SB;
+	fbp->fb_feed[2] = TELOPT_ENCRYPT;
+	fbp->fb_feed[3] = ENCRYPT_IS;
+}
+
+/*
+ * Returns:
+ *	-1: some error.  Negotiation is done, encryption not ready.
+ *	 0: Successful, initial negotiation all done.
+ *	 1: successful, negotiation not done yet.
+ *	 2: Not yet.  Other things (like getting the key from
+ *	    Kerberos) have to happen before we can continue.
+ */
+	int
+cfb64_start(dir, server)
+	int dir;
+	int server;
+{
+	return(fb64_start(&fb[CFB], dir, server));
+}
+	int
+ofb64_start(dir, server)
+	int dir;
+	int server;
+{
+	return(fb64_start(&fb[OFB], dir, server));
+}
+
+	static int
+fb64_start(fbp, dir, server)
+	struct fb *fbp;
+	int dir;
+	int server;
+{
+	int x;
+	unsigned char *p;
+	register int state;
+
+	switch (dir) {
+	case DIR_DECRYPT:
+		/*
+		 * This is simply a request to have the other side
+		 * start output (our input).  He will negotiate an
+		 * IV so we need not look for it.
+		 */
+		state = fbp->state[dir-1];
+		if (state == FAILED)
+			state = IN_PROGRESS;
+		break;
+
+	case DIR_ENCRYPT:
+		state = fbp->state[dir-1];
+		if (state == FAILED)
+			state = IN_PROGRESS;
+		else if ((state & NO_SEND_IV) == 0)
+			break;
+
+		if (!VALIDKEY(fbp->krbdes_key)) {
+			fbp->need_start = 1;
+			break;
+		}
+		state &= ~NO_SEND_IV;
+		state |= NO_RECV_IV;
+		if (encrypt_debug_mode)
+			printf("Creating new feed\r\n");
+		/*
+		 * Create a random feed and send it over.
+		 */
+		des_new_random_key((Block *)fbp->temp_feed);
+		des_ecb_encrypt((Block *)fbp->temp_feed, (Block *)fbp->temp_feed,
+				fbp->krbdes_sched, 1);
+		p = fbp->fb_feed + 3;
+		*p++ = ENCRYPT_IS;
+		p++;
+		*p++ = FB64_IV;
+		for (x = 0; x < sizeof(Block); ++x) {
+			if ((*p++ = fbp->temp_feed[x]) == IAC)
+				*p++ = IAC;
+		}
+		*p++ = IAC;
+		*p++ = SE;
+		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
+		net_write(fbp->fb_feed, p - fbp->fb_feed);
+		break;
+	default:
+		return(FAILED);
+	}
+	return(fbp->state[dir-1] = state);
+}
+
+/*
+ * Returns:
+ *	-1: some error.  Negotiation is done, encryption not ready.
+ *	 0: Successful, initial negotiation all done.
+ *	 1: successful, negotiation not done yet.
+ */
+	int
+cfb64_is(data, cnt)
+	unsigned char *data;
+	int cnt;
+{
+	return(fb64_is(data, cnt, &fb[CFB]));
+}
+	int
+ofb64_is(data, cnt)
+	unsigned char *data;
+	int cnt;
+{
+	return(fb64_is(data, cnt, &fb[OFB]));
+}
+
+	int
+fb64_is(data, cnt, fbp)
+	unsigned char *data;
+	int cnt;
+	struct fb *fbp;
+{
+	unsigned char *p;
+	register int state = fbp->state[DIR_DECRYPT-1];
+
+	if (cnt-- < 1)
+		goto failure;
+
+	switch (*data++) {
+	case FB64_IV:
+		if (cnt != sizeof(Block)) {
+			if (encrypt_debug_mode)
+				printf("CFB64: initial vector failed on size\r\n");
+			state = FAILED;
+			goto failure;
+		}
+
+		if (encrypt_debug_mode)
+			printf("CFB64: initial vector received\r\n");
+
+		if (encrypt_debug_mode)
+			printf("Initializing Decrypt stream\r\n");
+
+		fb64_stream_iv((void *)data, &fbp->streams[DIR_DECRYPT-1]);
+
+		p = fbp->fb_feed + 3;
+		*p++ = ENCRYPT_REPLY;
+		p++;
+		*p++ = FB64_IV_OK;
+		*p++ = IAC;
+		*p++ = SE;
+		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
+		net_write(fbp->fb_feed, p - fbp->fb_feed);
+
+		state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS;
+		break;
+
+	default:
+		if (encrypt_debug_mode) {
+			printf("Unknown option type: %d\r\n", *(data-1));
+			printd(data, cnt);
+			printf("\r\n");
+		}
+		/* FALL THROUGH */
+	failure:
+		/*
+		 * We failed.  Send an FB64_IV_BAD option
+		 * to the other side so it will know that
+		 * things failed.
+		 */
+		p = fbp->fb_feed + 3;
+		*p++ = ENCRYPT_REPLY;
+		p++;
+		*p++ = FB64_IV_BAD;
+		*p++ = IAC;
+		*p++ = SE;
+		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
+		net_write(fbp->fb_feed, p - fbp->fb_feed);
+
+		break;
+	}
+	return(fbp->state[DIR_DECRYPT-1] = state);
+}
+
+/*
+ * Returns:
+ *	-1: some error.  Negotiation is done, encryption not ready.
+ *	 0: Successful, initial negotiation all done.
+ *	 1: successful, negotiation not done yet.
+ */
+	int
+cfb64_reply(data, cnt)
+	unsigned char *data;
+	int cnt;
+{
+	return(fb64_reply(data, cnt, &fb[CFB]));
+}
+	int
+ofb64_reply(data, cnt)
+	unsigned char *data;
+	int cnt;
+{
+	return(fb64_reply(data, cnt, &fb[OFB]));
+}
+
+
+	int
+fb64_reply(data, cnt, fbp)
+	unsigned char *data;
+	int cnt;
+	struct fb *fbp;
+{
+	register int state = fbp->state[DIR_ENCRYPT-1];
+
+	if (cnt-- < 1)
+		goto failure;
+
+	switch (*data++) {
+	case FB64_IV_OK:
+		fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
+		if (state == FAILED)
+			state = IN_PROGRESS;
+		state &= ~NO_RECV_IV;
+		encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1);
+		break;
+
+	case FB64_IV_BAD:
+		memset(fbp->temp_feed, 0, sizeof(Block));
+		fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
+		state = FAILED;
+		break;
+
+	default:
+		if (encrypt_debug_mode) {
+			printf("Unknown option type: %d\r\n", data[-1]);
+			printd(data, cnt);
+			printf("\r\n");
+		}
+		/* FALL THROUGH */
+	failure:
+		state = FAILED;
+		break;
+	}
+	return(fbp->state[DIR_ENCRYPT-1] = state);
+}
+
+	void
+cfb64_session(key, server)
+	Session_Key *key;
+	int server;
+{
+	fb64_session(key, server, &fb[CFB]);
+}
+
+	void
+ofb64_session(key, server)
+	Session_Key *key;
+	int server;
+{
+	fb64_session(key, server, &fb[OFB]);
+}
+
+	static void
+fb64_session(key, server, fbp)
+	Session_Key *key;
+	int server;
+	struct fb *fbp;
+{
+
+	if (!key || key->type != SK_DES) {
+		if (encrypt_debug_mode)
+			printf("Can't set krbdes's session key (%d != %d)\r\n",
+				key ? key->type : -1, SK_DES);
+		return;
+	}
+	memmove((void *)fbp->krbdes_key, (void *)key->data, sizeof(Block));
+
+	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
+	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
+
+	if (fbp->once == 0) {
+		des_set_random_generator_seed((Block *)fbp->krbdes_key);
+		fbp->once = 1;
+	}
+	des_key_sched((Block *)fbp->krbdes_key, fbp->krbdes_sched);
+	/*
+	 * Now look to see if krbdes_start() was was waiting for
+	 * the key to show up.  If so, go ahead an call it now
+	 * that we have the key.
+	 */
+	if (fbp->need_start) {
+		fbp->need_start = 0;
+		fb64_start(fbp, DIR_ENCRYPT, server);
+	}
+}
+
+/*
+ * We only accept a keyid of 0.  If we get a keyid of
+ * 0, then mark the state as SUCCESS.
+ */
+	int
+cfb64_keyid(dir, kp, lenp)
+	int dir, *lenp;
+	unsigned char *kp;
+{
+	return(fb64_keyid(dir, kp, lenp, &fb[CFB]));
+}
+
+	int
+ofb64_keyid(dir, kp, lenp)
+	int dir, *lenp;
+	unsigned char *kp;
+{
+	return(fb64_keyid(dir, kp, lenp, &fb[OFB]));
+}
+
+	int
+fb64_keyid(dir, kp, lenp, fbp)
+	int dir, *lenp;
+	unsigned char *kp;
+	struct fb *fbp;
+{
+	register int state = fbp->state[dir-1];
+
+	if (*lenp != 1 || (*kp != '\0')) {
+		*lenp = 0;
+		return(state);
+	}
+
+	if (state == FAILED)
+		state = IN_PROGRESS;
+
+	state &= ~NO_KEYID;
+
+	return(fbp->state[dir-1] = state);
+}
+
+	void
+fb64_printsub(data, cnt, buf, buflen, type)
+	unsigned char *data, *buf, *type;
+	int cnt, buflen;
+{
+	char lbuf[32];
+	register int i;
+	char *cp;
+
+	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
+	buflen -= 1;
+
+	switch(data[2]) {
+	case FB64_IV:
+		sprintf(lbuf, "%s_IV", type);
+		cp = lbuf;
+		goto common;
+
+	case FB64_IV_OK:
+		sprintf(lbuf, "%s_IV_OK", type);
+		cp = lbuf;
+		goto common;
+
+	case FB64_IV_BAD:
+		sprintf(lbuf, "%s_IV_BAD", type);
+		cp = lbuf;
+		goto common;
+
+	default:
+		sprintf(lbuf, " %d (unknown)", data[2]);
+		cp = lbuf;
+	common:
+		for (; (buflen > 0) && (*buf = *cp++); buf++)
+			buflen--;
+		for (i = 3; i < cnt; i++) {
+			sprintf(lbuf, " %d", data[i]);
+			for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++)
+				buflen--;
+		}
+		break;
+	}
+}
+
+	void
+cfb64_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	fb64_printsub(data, cnt, buf, buflen, "CFB64");
+}
+
+	void
+ofb64_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	fb64_printsub(data, cnt, buf, buflen, "OFB64");
+}
+
+	void
+fb64_stream_iv(seed, stp)
+	Block seed;
+	register struct stinfo *stp;
+{
+
+	memmove((void *)stp->str_iv, (void *)seed, sizeof(Block));
+	memmove((void *)stp->str_output, (void *)seed, sizeof(Block));
+
+	des_key_sched((Block *)stp->str_ikey, stp->str_sched);
+
+	stp->str_index = sizeof(Block);
+}
+
+	void
+fb64_stream_key(key, stp)
+	Block key;
+	register struct stinfo *stp;
+{
+	memmove((void *)stp->str_ikey, (void *)key, sizeof(Block));
+	des_key_sched((Block *)key, stp->str_sched);
+
+	memmove((void *)stp->str_output, (void *)stp->str_iv, sizeof(Block));
+
+	stp->str_index = sizeof(Block);
+}
+
+/*
+ * DES 64 bit Cipher Feedback
+ *
+ *     key --->+-----+
+ *          +->| DES |--+
+ *          |  +-----+  |
+ *	    |           v
+ *  INPUT --(--------->(+)+---> DATA
+ *          |             |
+ *	    +-------------+
+ *
+ *
+ * Given:
+ *	iV: Initial vector, 64 bits (8 bytes) long.
+ *	Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
+ *	On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
+ *
+ *	V0 = DES(iV, key)
+ *	On = Dn ^ Vn
+ *	V(n+1) = DES(On, key)
+ */
+
+	void
+cfb64_encrypt(s, c)
+	register unsigned char *s;
+	int c;
+{
+	register struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1];
+	register int index;
+
+	index = stp->str_index;
+	while (c-- > 0) {
+		if (index == sizeof(Block)) {
+			Block b;
+			des_ecb_encrypt((Block *)stp->str_output, (Block *)b, stp->str_sched, 1);
+			memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
+			index = 0;
+		}
+
+		/* On encryption, we store (feed ^ data) which is cypher */
+		*s = stp->str_output[index] = (stp->str_feed[index] ^ *s);
+		s++;
+		index++;
+	}
+	stp->str_index = index;
+}
+
+	int
+cfb64_decrypt(data)
+	int data;
+{
+	register struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1];
+	int index;
+
+	if (data == -1) {
+		/*
+		 * Back up one byte.  It is assumed that we will
+		 * never back up more than one byte.  If we do, this
+		 * may or may not work.
+		 */
+		if (stp->str_index)
+			--stp->str_index;
+		return(0);
+	}
+
+	index = stp->str_index++;
+	if (index == sizeof(Block)) {
+		Block b;
+		des_ecb_encrypt((Block *)stp->str_output, (Block *)b, stp->str_sched, 1);
+		memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
+		stp->str_index = 1;	/* Next time will be 1 */
+		index = 0;		/* But now use 0 */
+	}
+
+	/* On decryption we store (data) which is cypher. */
+	stp->str_output[index] = data;
+	return(data ^ stp->str_feed[index]);
+}
+
+/*
+ * DES 64 bit Output Feedback
+ *
+ * key --->+-----+
+ *	+->| DES |--+
+ *	|  +-----+  |
+ *	+-----------+
+ *	            v
+ *  INPUT -------->(+) ----> DATA
+ *
+ * Given:
+ *	iV: Initial vector, 64 bits (8 bytes) long.
+ *	Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
+ *	On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
+ *
+ *	V0 = DES(iV, key)
+ *	V(n+1) = DES(Vn, key)
+ *	On = Dn ^ Vn
+ */
+	void
+ofb64_encrypt(s, c)
+	register unsigned char *s;
+	int c;
+{
+	register struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1];
+	register int index;
+
+	index = stp->str_index;
+	while (c-- > 0) {
+		if (index == sizeof(Block)) {
+			Block b;
+			des_ecb_encrypt((Block *)stp->str_feed, (Block *)b, stp->str_sched, 1);
+			memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
+			index = 0;
+		}
+		*s++ ^= stp->str_feed[index];
+		index++;
+	}
+	stp->str_index = index;
+}
+
+	int
+ofb64_decrypt(data)
+	int data;
+{
+	register struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1];
+	int index;
+
+	if (data == -1) {
+		/*
+		 * Back up one byte.  It is assumed that we will
+		 * never back up more than one byte.  If we do, this
+		 * may or may not work.
+		 */
+		if (stp->str_index)
+			--stp->str_index;
+		return(0);
+	}
+
+	index = stp->str_index++;
+	if (index == sizeof(Block)) {
+		Block b;
+		des_ecb_encrypt((Block *)stp->str_feed, (Block *)b, stp->str_sched, 1);
+		memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
+		stp->str_index = 1;	/* Next time will be 1 */
+		index = 0;		/* But now use 0 */
+	}
+
+	return(data ^ stp->str_feed[index]);
+}
+#  endif /* DES_ENCRYPTION */
+# endif	/* AUTHENTICATION */
+#endif	/* ENCRYPTION */
diff --git a/crypto/telnet/libtelnet/encrypt.c b/crypto/telnet/libtelnet/encrypt.c
new file mode 100644
index 0000000..e1ac1c4
--- /dev/null
+++ b/crypto/telnet/libtelnet/encrypt.c
@@ -0,0 +1,1023 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char sccsid[] = "@(#)encrypt.c	8.2 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifdef	ENCRYPTION
+
+#define	ENCRYPT_NAMES
+#include <stdio.h>
+#include <arpa/telnet.h>
+
+#include "encrypt.h"
+#include "misc.h"
+
+#ifdef	__STDC__
+#include <stdlib.h>
+#endif
+#ifdef	NO_STRING_H
+#include <strings.h>
+#else
+#include <string.h>
+#endif
+
+/*
+ * These functions pointers point to the current routines
+ * for encrypting and decrypting data.
+ */
+void	(*encrypt_output) P((unsigned char *, int));
+int	(*decrypt_input) P((int));
+
+int EncryptType(char *type, char *mode);
+int EncryptStart(char *mode);
+int EncryptStop(char *mode);
+int EncryptStartInput(void);
+int EncryptStartOutput(void);
+int EncryptStopInput(void);
+int EncryptStopOutput(void);
+
+int Ambiguous(char **s);
+int isprefix(char *s1, char *s2);
+char **genget(char *name, char **table, int stlen);
+
+int encrypt_debug_mode = 0;
+static int decrypt_mode = 0;
+static int encrypt_mode = 0;
+static int encrypt_verbose = 0;
+static int autoencrypt = 0;
+static int autodecrypt = 0;
+static int havesessionkey = 0;
+static int Server = 0;
+static char *Name = "Noname";
+
+#define	typemask(x)	((x) > 0 ? 1 << ((x)-1) : 0)
+
+static long i_support_encrypt = 0
+#ifdef DES_ENCRYPTION
+ | typemask(ENCTYPE_DES_CFB64) | typemask(ENCTYPE_DES_OFB64)
+#endif
+ |0;
+static long i_support_decrypt = 0
+#ifdef DES_ENCRYPTION
+ | typemask(ENCTYPE_DES_CFB64) | typemask(ENCTYPE_DES_OFB64)
+#endif
+ |0;
+
+static long i_wont_support_encrypt = 0;
+static long i_wont_support_decrypt = 0;
+#define	I_SUPPORT_ENCRYPT	(i_support_encrypt & ~i_wont_support_encrypt)
+#define	I_SUPPORT_DECRYPT	(i_support_decrypt & ~i_wont_support_decrypt)
+
+static long remote_supports_encrypt = 0;
+static long remote_supports_decrypt = 0;
+
+static Encryptions encryptions[] = {
+#ifdef	DES_ENCRYPTION
+    { "DES_CFB64",	ENCTYPE_DES_CFB64,
+			cfb64_encrypt,
+			cfb64_decrypt,
+			cfb64_init,
+			cfb64_start,
+			cfb64_is,
+			cfb64_reply,
+			cfb64_session,
+			cfb64_keyid,
+			cfb64_printsub },
+    { "DES_OFB64",	ENCTYPE_DES_OFB64,
+			ofb64_encrypt,
+			ofb64_decrypt,
+			ofb64_init,
+			ofb64_start,
+			ofb64_is,
+			ofb64_reply,
+			ofb64_session,
+			ofb64_keyid,
+			ofb64_printsub },
+#endif	/* DES_ENCRYPTION */
+    { 0, },
+};
+
+static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT,
+					 ENCRYPT_SUPPORT };
+static unsigned char str_suplen = 0;
+static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT };
+static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
+
+	Encryptions *
+findencryption(type)
+	int type;
+{
+	Encryptions *ep = encryptions;
+
+	if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type)))
+		return(0);
+	while (ep->type && ep->type != type)
+		++ep;
+	return(ep->type ? ep : 0);
+}
+
+	Encryptions *
+finddecryption(type)
+	int type;
+{
+	Encryptions *ep = encryptions;
+
+	if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type)))
+		return(0);
+	while (ep->type && ep->type != type)
+		++ep;
+	return(ep->type ? ep : 0);
+}
+
+#define	MAXKEYLEN 64
+
+static struct key_info {
+	unsigned char keyid[MAXKEYLEN];
+	int keylen;
+	int dir;
+	int *modep;
+	Encryptions *(*getcrypt)();
+} ki[2] = {
+	{ { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption },
+	{ { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption },
+};
+
+static void encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len);
+
+	void
+encrypt_init(name, server)
+	char *name;
+	int server;
+{
+	Encryptions *ep = encryptions;
+
+	Name = name;
+	Server = server;
+	i_support_encrypt = i_support_decrypt = 0;
+	remote_supports_encrypt = remote_supports_decrypt = 0;
+	encrypt_mode = 0;
+	decrypt_mode = 0;
+	encrypt_output = 0;
+	decrypt_input = 0;
+#ifdef notdef
+	encrypt_verbose = !server;
+#endif
+
+	str_suplen = 4;
+
+	while (ep->type) {
+		if (encrypt_debug_mode)
+			printf(">>>%s: I will support %s\r\n",
+				Name, ENCTYPE_NAME(ep->type));
+		i_support_encrypt |= typemask(ep->type);
+		i_support_decrypt |= typemask(ep->type);
+		if ((i_wont_support_decrypt & typemask(ep->type)) == 0)
+			if ((str_send[str_suplen++] = ep->type) == IAC)
+				str_send[str_suplen++] = IAC;
+		if (ep->init)
+			(*ep->init)(Server);
+		++ep;
+	}
+	str_send[str_suplen++] = IAC;
+	str_send[str_suplen++] = SE;
+}
+
+	void
+encrypt_list_types()
+{
+	Encryptions *ep = encryptions;
+
+	printf("Valid encryption types:\n");
+	while (ep->type) {
+		printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type);
+		++ep;
+	}
+}
+
+	int
+EncryptEnable(type, mode)
+	char *type, *mode;
+{
+	if (isprefix(type, "help") || isprefix(type, "?")) {
+		printf("Usage: encrypt enable <type> [input|output]\n");
+		encrypt_list_types();
+		return(0);
+	}
+	if (EncryptType(type, mode))
+		return(EncryptStart(mode));
+	return(0);
+}
+
+	int
+EncryptDisable(type, mode)
+	char *type, *mode;
+{
+	register Encryptions *ep;
+	int ret = 0;
+
+	if (isprefix(type, "help") || isprefix(type, "?")) {
+		printf("Usage: encrypt disable <type> [input|output]\n");
+		encrypt_list_types();
+	} else if ((ep = (Encryptions *)genget(type, (char **)encryptions,
+						sizeof(Encryptions))) == 0) {
+		printf("%s: invalid encryption type\n", type);
+	} else if (Ambiguous((char **)ep)) {
+		printf("Ambiguous type '%s'\n", type);
+	} else {
+		if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) {
+			if (decrypt_mode == ep->type)
+				EncryptStopInput();
+			i_wont_support_decrypt |= typemask(ep->type);
+			ret = 1;
+		}
+		if ((mode == 0) || (isprefix(mode, "output"))) {
+			if (encrypt_mode == ep->type)
+				EncryptStopOutput();
+			i_wont_support_encrypt |= typemask(ep->type);
+			ret = 1;
+		}
+		if (ret == 0)
+			printf("%s: invalid encryption mode\n", mode);
+	}
+	return(ret);
+}
+
+	int
+EncryptType(type, mode)
+	char *type;
+	char *mode;
+{
+	register Encryptions *ep;
+	int ret = 0;
+
+	if (isprefix(type, "help") || isprefix(type, "?")) {
+		printf("Usage: encrypt type <type> [input|output]\n");
+		encrypt_list_types();
+	} else if ((ep = (Encryptions *)genget(type, (char **)encryptions,
+						sizeof(Encryptions))) == 0) {
+		printf("%s: invalid encryption type\n", type);
+	} else if (Ambiguous((char **)ep)) {
+		printf("Ambiguous type '%s'\n", type);
+	} else {
+		if ((mode == 0) || isprefix(mode, "input")) {
+			decrypt_mode = ep->type;
+			i_wont_support_decrypt &= ~typemask(ep->type);
+			ret = 1;
+		}
+		if ((mode == 0) || isprefix(mode, "output")) {
+			encrypt_mode = ep->type;
+			i_wont_support_encrypt &= ~typemask(ep->type);
+			ret = 1;
+		}
+		if (ret == 0)
+			printf("%s: invalid encryption mode\n", mode);
+	}
+	return(ret);
+}
+
+	int
+EncryptStart(mode)
+	char *mode;
+{
+	register int ret = 0;
+	if (mode) {
+		if (isprefix(mode, "input"))
+			return(EncryptStartInput());
+		if (isprefix(mode, "output"))
+			return(EncryptStartOutput());
+		if (isprefix(mode, "help") || isprefix(mode, "?")) {
+			printf("Usage: encrypt start [input|output]\n");
+			return(0);
+		}
+		printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode);
+		return(0);
+	}
+	ret += EncryptStartInput();
+	ret += EncryptStartOutput();
+	return(ret);
+}
+
+	int
+EncryptStartInput()
+{
+	if (decrypt_mode) {
+		encrypt_send_request_start();
+		return(1);
+	}
+	printf("No previous decryption mode, decryption not enabled\r\n");
+	return(0);
+}
+
+	int
+EncryptStartOutput()
+{
+	if (encrypt_mode) {
+		encrypt_start_output(encrypt_mode);
+		return(1);
+	}
+	printf("No previous encryption mode, encryption not enabled\r\n");
+	return(0);
+}
+
+	int
+EncryptStop(mode)
+	char *mode;
+{
+	int ret = 0;
+	if (mode) {
+		if (isprefix(mode, "input"))
+			return(EncryptStopInput());
+		if (isprefix(mode, "output"))
+			return(EncryptStopOutput());
+		if (isprefix(mode, "help") || isprefix(mode, "?")) {
+			printf("Usage: encrypt stop [input|output]\n");
+			return(0);
+		}
+		printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode);
+		return(0);
+	}
+	ret += EncryptStopInput();
+	ret += EncryptStopOutput();
+	return(ret);
+}
+
+	int
+EncryptStopInput()
+{
+	encrypt_send_request_end();
+	return(1);
+}
+
+	int
+EncryptStopOutput()
+{
+	encrypt_send_end();
+	return(1);
+}
+
+	void
+encrypt_display()
+{
+	if (encrypt_output)
+		printf("Currently encrypting output with %s\r\n",
+			ENCTYPE_NAME(encrypt_mode));
+	if (decrypt_input)
+		printf("Currently decrypting input with %s\r\n",
+			ENCTYPE_NAME(decrypt_mode));
+}
+
+	int
+EncryptStatus()
+{
+	if (encrypt_output)
+		printf("Currently encrypting output with %s\r\n",
+			ENCTYPE_NAME(encrypt_mode));
+	else if (encrypt_mode) {
+		printf("Currently output is clear text.\r\n");
+		printf("Last encryption mode was %s\r\n",
+			ENCTYPE_NAME(encrypt_mode));
+	}
+	if (decrypt_input) {
+		printf("Currently decrypting input with %s\r\n",
+			ENCTYPE_NAME(decrypt_mode));
+	} else if (decrypt_mode) {
+		printf("Currently input is clear text.\r\n");
+		printf("Last decryption mode was %s\r\n",
+			ENCTYPE_NAME(decrypt_mode));
+	}
+	return 1;
+}
+
+	void
+encrypt_send_support()
+{
+	if (str_suplen) {
+		/*
+		 * If the user has requested that decryption start
+		 * immediatly, then send a "REQUEST START" before
+		 * we negotiate the type.
+		 */
+		if (!Server && autodecrypt)
+			encrypt_send_request_start();
+		net_write(str_send, str_suplen);
+		printsub('>', &str_send[2], str_suplen - 2);
+		str_suplen = 0;
+	}
+}
+
+	int
+EncryptDebug(on)
+	int on;
+{
+	if (on < 0)
+		encrypt_debug_mode ^= 1;
+	else
+		encrypt_debug_mode = on;
+	printf("Encryption debugging %s\r\n",
+		encrypt_debug_mode ? "enabled" : "disabled");
+	return(1);
+}
+
+	int
+EncryptVerbose(on)
+	int on;
+{
+	if (on < 0)
+		encrypt_verbose ^= 1;
+	else
+		encrypt_verbose = on;
+	printf("Encryption %s verbose\r\n",
+		encrypt_verbose ? "is" : "is not");
+	return(1);
+}
+
+	int
+EncryptAutoEnc(on)
+	int on;
+{
+	encrypt_auto(on);
+	printf("Automatic encryption of output is %s\r\n",
+		autoencrypt ? "enabled" : "disabled");
+	return(1);
+}
+
+	int
+EncryptAutoDec(on)
+	int on;
+{
+	decrypt_auto(on);
+	printf("Automatic decryption of input is %s\r\n",
+		autodecrypt ? "enabled" : "disabled");
+	return(1);
+}
+
+/*
+ * Called when ENCRYPT SUPPORT is received.
+ */
+	void
+encrypt_support(typelist, cnt)
+	unsigned char *typelist;
+	int cnt;
+{
+	register int type, use_type = 0;
+	Encryptions *ep;
+
+	/*
+	 * Forget anything the other side has previously told us.
+	 */
+	remote_supports_decrypt = 0;
+
+	while (cnt-- > 0) {
+		type = *typelist++;
+		if (encrypt_debug_mode)
+			printf(">>>%s: He is supporting %s (%d)\r\n",
+				Name,
+				ENCTYPE_NAME(type), type);
+		if ((type < ENCTYPE_CNT) &&
+		    (I_SUPPORT_ENCRYPT & typemask(type))) {
+			remote_supports_decrypt |= typemask(type);
+			if (use_type == 0)
+				use_type = type;
+		}
+	}
+	if (use_type) {
+		ep = findencryption(use_type);
+		if (!ep)
+			return;
+		type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0;
+		if (encrypt_debug_mode)
+			printf(">>>%s: (*ep->start)() returned %d\r\n",
+					Name, type);
+		if (type < 0)
+			return;
+		encrypt_mode = use_type;
+		if (type == 0)
+			encrypt_start_output(use_type);
+	}
+}
+
+	void
+encrypt_is(data, cnt)
+	unsigned char *data;
+	int cnt;
+{
+	Encryptions *ep;
+	register int type, ret;
+
+	if (--cnt < 0)
+		return;
+	type = *data++;
+	if (type < ENCTYPE_CNT)
+		remote_supports_encrypt |= typemask(type);
+	if (!(ep = finddecryption(type))) {
+		if (encrypt_debug_mode)
+			printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
+				Name,
+				ENCTYPE_NAME_OK(type)
+					? ENCTYPE_NAME(type) : "(unknown)",
+				type);
+		return;
+	}
+	if (!ep->is) {
+		if (encrypt_debug_mode)
+			printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
+				Name,
+				ENCTYPE_NAME_OK(type)
+					? ENCTYPE_NAME(type) : "(unknown)",
+				type);
+		ret = 0;
+	} else {
+		ret = (*ep->is)(data, cnt);
+		if (encrypt_debug_mode)
+			printf("(*ep->is)(%p, %d) returned %s(%d)\n", data, cnt,
+				(ret < 0) ? "FAIL " :
+				(ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
+	}
+	if (ret < 0) {
+		autodecrypt = 0;
+	} else {
+		decrypt_mode = type;
+		if (ret == 0 && autodecrypt)
+			encrypt_send_request_start();
+	}
+}
+
+	void
+encrypt_reply(data, cnt)
+	unsigned char *data;
+	int cnt;
+{
+	Encryptions *ep;
+	register int ret, type;
+
+	if (--cnt < 0)
+		return;
+	type = *data++;
+	if (!(ep = findencryption(type))) {
+		if (encrypt_debug_mode)
+			printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
+				Name,
+				ENCTYPE_NAME_OK(type)
+					? ENCTYPE_NAME(type) : "(unknown)",
+				type);
+		return;
+	}
+	if (!ep->reply) {
+		if (encrypt_debug_mode)
+			printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
+				Name,
+				ENCTYPE_NAME_OK(type)
+					? ENCTYPE_NAME(type) : "(unknown)",
+				type);
+		ret = 0;
+	} else {
+		ret = (*ep->reply)(data, cnt);
+		if (encrypt_debug_mode)
+			printf("(*ep->reply)(%p, %d) returned %s(%d)\n",
+				data, cnt,
+				(ret < 0) ? "FAIL " :
+				(ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
+	}
+	if (encrypt_debug_mode)
+		printf(">>>%s: encrypt_reply returned %d\n", Name, ret);
+	if (ret < 0) {
+		autoencrypt = 0;
+	} else {
+		encrypt_mode = type;
+		if (ret == 0 && autoencrypt)
+			encrypt_start_output(type);
+	}
+}
+
+/*
+ * Called when a ENCRYPT START command is received.
+ */
+	void
+encrypt_start(data, cnt)
+	unsigned char *data;
+	int cnt;
+{
+	Encryptions *ep;
+
+	if (!decrypt_mode) {
+		/*
+		 * Something is wrong.  We should not get a START
+		 * command without having already picked our
+		 * decryption scheme.  Send a REQUEST-END to
+		 * attempt to clear the channel...
+		 */
+		printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name);
+		encrypt_send_request_end();
+		return;
+	}
+
+	if ((ep = finddecryption(decrypt_mode))) {
+		decrypt_input = ep->input;
+		if (encrypt_verbose)
+			printf("[ Input is now decrypted with type %s ]\r\n",
+				ENCTYPE_NAME(decrypt_mode));
+		if (encrypt_debug_mode)
+			printf(">>>%s: Start to decrypt input with type %s\r\n",
+				Name, ENCTYPE_NAME(decrypt_mode));
+	} else {
+		printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n",
+				Name,
+				ENCTYPE_NAME_OK(decrypt_mode)
+					? ENCTYPE_NAME(decrypt_mode)
+					: "(unknown)",
+				decrypt_mode);
+		encrypt_send_request_end();
+	}
+}
+
+	void
+encrypt_session_key(key, server)
+	Session_Key *key;
+	int server;
+{
+	Encryptions *ep = encryptions;
+
+	havesessionkey = 1;
+
+	while (ep->type) {
+		if (ep->session)
+			(*ep->session)(key, server);
+#ifdef notdef
+		if (!encrypt_output && autoencrypt && !server)
+			encrypt_start_output(ep->type);
+		if (!decrypt_input && autodecrypt && !server)
+			encrypt_send_request_start();
+#endif
+		++ep;
+	}
+}
+
+/*
+ * Called when ENCRYPT END is received.
+ */
+	void
+encrypt_end()
+{
+	decrypt_input = 0;
+	if (encrypt_debug_mode)
+		printf(">>>%s: Input is back to clear text\r\n", Name);
+	if (encrypt_verbose)
+		printf("[ Input is now clear text ]\r\n");
+}
+
+/*
+ * Called when ENCRYPT REQUEST-END is received.
+ */
+	void
+encrypt_request_end()
+{
+	encrypt_send_end();
+}
+
+/*
+ * Called when ENCRYPT REQUEST-START is received.  If we receive
+ * this before a type is picked, then that indicates that the
+ * other side wants us to start encrypting data as soon as we
+ * can.
+ */
+	void
+encrypt_request_start(data, cnt)
+	unsigned char *data;
+	int cnt;
+{
+	if (encrypt_mode == 0)  {
+		if (Server)
+			autoencrypt = 1;
+		return;
+	}
+	encrypt_start_output(encrypt_mode);
+}
+
+static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
+
+	void
+encrypt_enc_keyid(keyid, len)
+	unsigned char *keyid;
+	int len;
+{
+	encrypt_keyid(&ki[1], keyid, len);
+}
+
+	void
+encrypt_dec_keyid(keyid, len)
+	unsigned char *keyid;
+	int len;
+{
+	encrypt_keyid(&ki[0], keyid, len);
+}
+
+	void
+encrypt_keyid(kp, keyid, len)
+	struct key_info *kp;
+	unsigned char *keyid;
+	int len;
+{
+	Encryptions *ep;
+	int dir = kp->dir;
+	register int ret = 0;
+
+	if (!(ep = (*kp->getcrypt)(*kp->modep))) {
+		if (len == 0)
+			return;
+		kp->keylen = 0;
+	} else if (len == 0) {
+		/*
+		 * Empty option, indicates a failure.
+		 */
+		if (kp->keylen == 0)
+			return;
+		kp->keylen = 0;
+		if (ep->keyid)
+			(void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
+
+	} else if ((len != kp->keylen) ||
+		   (memcmp(keyid, kp->keyid, len) != 0)) {
+		/*
+		 * Length or contents are different
+		 */
+		kp->keylen = len;
+		memmove(kp->keyid, keyid, len);
+		if (ep->keyid)
+			(void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
+	} else {
+		if (ep->keyid)
+			ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen);
+		if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt)
+			encrypt_start_output(*kp->modep);
+		return;
+	}
+
+	encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0);
+}
+
+	void
+encrypt_send_keyid(dir, keyid, keylen, saveit)
+	int dir;
+	unsigned char *keyid;
+	int keylen;
+	int saveit;
+{
+	unsigned char *strp;
+
+	str_keyid[3] = (dir == DIR_ENCRYPT)
+			? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID;
+	if (saveit) {
+		struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1];
+		memmove(kp->keyid, keyid, keylen);
+		kp->keylen = keylen;
+	}
+
+	for (strp = &str_keyid[4]; keylen > 0; --keylen) {
+		if ((*strp++ = *keyid++) == IAC)
+			*strp++ = IAC;
+	}
+	*strp++ = IAC;
+	*strp++ = SE;
+	net_write(str_keyid, strp - str_keyid);
+	printsub('>', &str_keyid[2], strp - str_keyid - 2);
+}
+
+	void
+encrypt_auto(on)
+	int on;
+{
+	if (on < 0)
+		autoencrypt ^= 1;
+	else
+		autoencrypt = on ? 1 : 0;
+}
+
+	void
+decrypt_auto(on)
+	int on;
+{
+	if (on < 0)
+		autodecrypt ^= 1;
+	else
+		autodecrypt = on ? 1 : 0;
+}
+
+	void
+encrypt_start_output(type)
+	int type;
+{
+	Encryptions *ep;
+	register unsigned char *p;
+	register int i;
+
+	if (!(ep = findencryption(type))) {
+		if (encrypt_debug_mode) {
+			printf(">>>%s: Can't encrypt with type %s (%d)\r\n",
+				Name,
+				ENCTYPE_NAME_OK(type)
+					? ENCTYPE_NAME(type) : "(unknown)",
+				type);
+		}
+		return;
+	}
+	if (ep->start) {
+		i = (*ep->start)(DIR_ENCRYPT, Server);
+		if (encrypt_debug_mode) {
+			printf(">>>%s: Encrypt start: %s (%d) %s\r\n",
+				Name,
+				(i < 0) ? "failed" :
+					"initial negotiation in progress",
+				i, ENCTYPE_NAME(type));
+		}
+		if (i)
+			return;
+	}
+	p = str_start + 3;
+	*p++ = ENCRYPT_START;
+	for (i = 0; i < ki[0].keylen; ++i) {
+		if ((*p++ = ki[0].keyid[i]) == IAC)
+			*p++ = IAC;
+	}
+	*p++ = IAC;
+	*p++ = SE;
+	net_write(str_start, p - str_start);
+	net_encrypt();
+	printsub('>', &str_start[2], p - &str_start[2]);
+	/*
+	 * If we are already encrypting in some mode, then
+	 * encrypt the ring (which includes our request) in
+	 * the old mode, mark it all as "clear text" and then
+	 * switch to the new mode.
+	 */
+	encrypt_output = ep->output;
+	encrypt_mode = type;
+	if (encrypt_debug_mode)
+		printf(">>>%s: Started to encrypt output with type %s\r\n",
+			Name, ENCTYPE_NAME(type));
+	if (encrypt_verbose)
+		printf("[ Output is now encrypted with type %s ]\r\n",
+			ENCTYPE_NAME(type));
+}
+
+	void
+encrypt_send_end()
+{
+	if (!encrypt_output)
+		return;
+
+	str_end[3] = ENCRYPT_END;
+	net_write(str_end, sizeof(str_end));
+	net_encrypt();
+	printsub('>', &str_end[2], sizeof(str_end) - 2);
+	/*
+	 * Encrypt the output buffer now because it will not be done by
+	 * netflush...
+	 */
+	encrypt_output = 0;
+	if (encrypt_debug_mode)
+		printf(">>>%s: Output is back to clear text\r\n", Name);
+	if (encrypt_verbose)
+		printf("[ Output is now clear text ]\r\n");
+}
+
+	void
+encrypt_send_request_start()
+{
+	register unsigned char *p;
+	register int i;
+
+	p = &str_start[3];
+	*p++ = ENCRYPT_REQSTART;
+	for (i = 0; i < ki[1].keylen; ++i) {
+		if ((*p++ = ki[1].keyid[i]) == IAC)
+			*p++ = IAC;
+	}
+	*p++ = IAC;
+	*p++ = SE;
+	net_write(str_start, p - str_start);
+	printsub('>', &str_start[2], p - &str_start[2]);
+	if (encrypt_debug_mode)
+		printf(">>>%s: Request input to be encrypted\r\n", Name);
+}
+
+	void
+encrypt_send_request_end()
+{
+	str_end[3] = ENCRYPT_REQEND;
+	net_write(str_end, sizeof(str_end));
+	printsub('>', &str_end[2], sizeof(str_end) - 2);
+
+	if (encrypt_debug_mode)
+		printf(">>>%s: Request input to be clear text\r\n", Name);
+}
+
+	void
+encrypt_wait()
+{
+	if (encrypt_debug_mode)
+		printf(">>>%s: in encrypt_wait\r\n", Name);
+	if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt))
+		return;
+	while (autoencrypt && !encrypt_output)
+		if (telnet_spin())
+			return;
+}
+
+	void
+encrypt_debug(mode)
+	int mode;
+{
+	encrypt_debug_mode = mode;
+}
+
+	void
+encrypt_gen_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	char tbuf[16], *cp;
+
+	cnt -= 2;
+	data += 2;
+	buf[buflen-1] = '\0';
+	buf[buflen-2] = '*';
+	buflen -= 2;;
+	for (; cnt > 0; cnt--, data++) {
+		sprintf(tbuf, " %d", *data);
+		for (cp = tbuf; *cp && buflen > 0; --buflen)
+			*buf++ = *cp++;
+		if (buflen <= 0)
+			return;
+	}
+	*buf = '\0';
+}
+
+	void
+encrypt_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	Encryptions *ep;
+	register int type = data[1];
+
+	for (ep = encryptions; ep->type && ep->type != type; ep++)
+		;
+
+	if (ep->printsub)
+		(*ep->printsub)(data, cnt, buf, buflen);
+	else
+		encrypt_gen_printsub(data, cnt, buf, buflen);
+}
+#endif	/* ENCRYPTION */
diff --git a/crypto/telnet/libtelnet/encrypt.h b/crypto/telnet/libtelnet/encrypt.h
new file mode 100644
index 0000000..14be826
--- /dev/null
+++ b/crypto/telnet/libtelnet/encrypt.h
@@ -0,0 +1,113 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)encrypt.h	8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifdef	ENCRYPTION
+# ifndef __ENCRYPTION__
+# define __ENCRYPTION__
+
+#define	DIR_DECRYPT		1
+#define	DIR_ENCRYPT		2
+
+#include <des.h>
+typedef	unsigned char Block[8];
+typedef unsigned char *BlockT;
+#if 0
+typedef struct { Block __; } Schedule[16];
+#else
+#define Schedule des_key_schedule
+#endif
+
+#define	VALIDKEY(key)	( key[0] | key[1] | key[2] | key[3] | \
+			  key[4] | key[5] | key[6] | key[7])
+
+#define	SAMEKEY(k1, k2)	(!bcmp((void *)k1, (void *)k2, sizeof(Block)))
+
+typedef	struct {
+	short		type;
+	int		length;
+	unsigned char	*data;
+} Session_Key;
+
+# if !defined(P)
+#  ifdef __STDC__
+#   define P(x)	x
+#  else
+#   define P(x)	()
+#  endif
+# endif
+
+typedef struct {
+	char	*name;
+	int	type;
+	void	(*output) P((unsigned char *, int));
+	int	(*input) P((int));
+	void	(*init) P((int));
+	int	(*start) P((int, int));
+	int	(*is) P((unsigned char *, int));
+	int	(*reply) P((unsigned char *, int));
+	void	(*session) P((Session_Key *, int));
+	int	(*keyid) P((int, unsigned char *, int *));
+	void	(*printsub) P((unsigned char *, int, unsigned char *, int));
+} Encryptions;
+
+#define	SK_DES		1	/* Matched Kerberos v5 KEYTYPE_DES */
+
+#include "enc-proto.h"
+
+extern int encrypt_debug_mode;
+extern int (*decrypt_input) P((int));
+extern void (*encrypt_output) P((unsigned char *, int));
+# endif /* __ENCRYPTION__ */
+#endif /* ENCRYPTION */
diff --git a/crypto/telnet/libtelnet/genget.c b/crypto/telnet/libtelnet/genget.c
new file mode 100644
index 0000000..8668db4
--- /dev/null
+++ b/crypto/telnet/libtelnet/genget.c
@@ -0,0 +1,104 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char sccsid[] = "@(#)genget.c	8.2 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+
+#include <ctype.h>
+
+#define	LOWER(x) (isupper(x) ? tolower(x) : (x))
+/*
+ * The prefix function returns 0 if *s1 is not a prefix
+ * of *s2.  If *s1 exactly matches *s2, the negative of
+ * the length is returned.  If *s1 is a prefix of *s2,
+ * the length of *s1 is returned.
+ */
+	int
+isprefix(s1, s2)
+	register char *s1, *s2;
+{
+	char *os1;
+	register char c1, c2;
+
+	if (*s1 == '\0')
+		return(-1);
+	os1 = s1;
+	c1 = *s1;
+	c2 = *s2;
+	while (LOWER(c1) == LOWER(c2)) {
+		if (c1 == '\0')
+			break;
+		c1 = *++s1;
+		c2 = *++s2;
+	}
+	return(*s1 ? 0 : (*s2 ? (s1 - os1) : (os1 - s1)));
+}
+
+static char *ambiguous;		/* special return value for command routines */
+
+	char **
+genget(name, table, stlen)
+	char	*name;		/* name to match */
+	char	**table;	/* name entry in table */
+	int	stlen;
+{
+	register char **c, **found;
+	register int n;
+
+	if (name == 0)
+	    return 0;
+
+	found = 0;
+	for (c = table; *c != 0; c = (char **)((char *)c + stlen)) {
+		if ((n = isprefix(name, *c)) == 0)
+			continue;
+		if (n < 0)		/* exact match */
+			return(c);
+		if (found)
+			return(&ambiguous);
+		found = c;
+	}
+	return(found);
+}
+
+/*
+ * Function call version of Ambiguous()
+ */
+	int
+Ambiguous(s)
+	char **s;
+{
+	return(s == &ambiguous);
+}
diff --git a/crypto/telnet/libtelnet/getent.c b/crypto/telnet/libtelnet/getent.c
new file mode 100644
index 0000000..5aa1049
--- /dev/null
+++ b/crypto/telnet/libtelnet/getent.c
@@ -0,0 +1,68 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char sccsid[] = "@(#)getent.c	8.2 (Berkeley) 12/15/93";
+#endif /* not lint */
+
+static char *area;
+
+/*ARGSUSED*/
+getent(cp, name)
+char *cp, *name;
+{
+#ifdef	HAS_CGETENT
+	char *dba[2];
+
+	dba[0] = "/etc/gettytab";
+	dba[1] = 0;
+	return((cgetent(&area, dba, name) == 0) ? 1 : 0);
+#else
+	return(0);
+#endif
+}
+
+#ifndef	SOLARIS
+/*ARGSUSED*/
+char *
+Getstr(id, cpp)
+char *id, **cpp;
+{
+# ifdef	HAS_CGETENT
+	char *answer;
+	return((cgetstr(area, id, &answer) > 0) ? answer : 0);
+# else
+	return(0);
+# endif
+}
+#endif
diff --git a/crypto/telnet/libtelnet/kerberos.c b/crypto/telnet/libtelnet/kerberos.c
new file mode 100644
index 0000000..738a57f
--- /dev/null
+++ b/crypto/telnet/libtelnet/kerberos.c
@@ -0,0 +1,550 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char sccsid[] = "@(#)kerberos.c	8.3 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifdef	KRB4
+#include <sys/types.h>
+#include <arpa/telnet.h>
+#include <stdio.h>
+#include <des.h>	/* BSD wont include this in krb.h, so we do it here */
+#include <krb.h>
+#ifdef	__STDC__
+#include <stdlib.h>
+#endif
+#ifdef	NO_STRING_H
+#include <strings.h>
+#else
+#include <string.h>
+#endif
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+
+int kerberos4_cksum P((unsigned char *, int));
+int kuserok P((AUTH_DAT *, char *));
+
+extern auth_debug_mode;
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+			  		AUTHTYPE_KERBEROS_V4, };
+
+#define	KRB_AUTH	0		/* Authentication data follows */
+#define	KRB_REJECT	1		/* Rejected (reason might follow) */
+#define	KRB_ACCEPT	2		/* Accepted */
+#define	KRB_CHALLENGE	3		/* Challenge for mutual auth. */
+#define	KRB_RESPONSE	4		/* Response for mutual auth. */
+
+#define KRB_SERVICE_NAME   "rcmd"
+
+static	KTEXT_ST auth;
+static	char name[ANAME_SZ];
+static	AUTH_DAT adat = { 0 };
+#ifdef	ENCRYPTION
+static Block	session_key	= { 0 };
+static des_key_schedule sched;
+static Block	challenge	= { 0 };
+#endif	/* ENCRYPTION */
+
+	static int
+Data(ap, type, d, c)
+	Authenticator *ap;
+	int type;
+	void *d;
+	int c;
+{
+	unsigned char *p = str_data + 4;
+	unsigned char *cd = (unsigned char *)d;
+
+	if (c == -1)
+		c = strlen((char *)cd);
+
+	if (auth_debug_mode) {
+		printf("%s:%d: [%d] (%d)",
+			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+			str_data[3],
+			type, c);
+		printd(d, c);
+		printf("\r\n");
+	}
+	*p++ = ap->type;
+	*p++ = ap->way;
+	*p++ = type;
+	while (c-- > 0) {
+		if ((*p++ = *cd++) == IAC)
+			*p++ = IAC;
+	}
+	*p++ = IAC;
+	*p++ = SE;
+	if (str_data[3] == TELQUAL_IS)
+		printsub('>', &str_data[2], p - (&str_data[2]));
+	return(net_write(str_data, p - str_data));
+}
+
+	int
+kerberos4_init(ap, server)
+	Authenticator *ap;
+	int server;
+{
+	FILE *fp;
+
+	if (server) {
+		str_data[3] = TELQUAL_REPLY;
+		if ((fp = fopen(KEYFILE, "r")) == NULL)
+			return(0);
+		fclose(fp);
+	} else {
+		str_data[3] = TELQUAL_IS;
+	}
+	return(1);
+}
+
+char dst_realm_buf[REALM_SZ], *dest_realm = NULL;
+int dst_realm_sz = REALM_SZ;
+
+	int
+kerberos4_send(ap)
+	Authenticator *ap;
+{
+	KTEXT_ST auth;
+	char instance[INST_SZ];
+	char *realm;
+	char *krb_realmofhost();
+	char *krb_get_phost();
+	CREDENTIALS cred;
+	int r;
+
+	printf("[ Trying KERBEROS4 ... ]\n");
+	if (!UserNameRequested) {
+		if (auth_debug_mode) {
+			printf("Kerberos V4: no user name supplied\r\n");
+		}
+		return(0);
+	}
+
+	memset(instance, 0, sizeof(instance));
+
+	if ((realm = krb_get_phost(RemoteHostName)))
+		strncpy(instance, realm, sizeof(instance));
+
+	instance[sizeof(instance)-1] = '\0';
+
+	realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName);
+
+	if (!realm) {
+		printf("Kerberos V4: no realm for %s\r\n", RemoteHostName);
+		return(0);
+	}
+	if ((r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0L))) {
+		printf("mk_req failed: %s\r\n", krb_err_txt[r]);
+		return(0);
+	}
+	if ((r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred))) {
+		printf("get_cred failed: %s\r\n", krb_err_txt[r]);
+		return(0);
+	}
+	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
+		if (auth_debug_mode)
+			printf("Not enough room for user name\r\n");
+		return(0);
+	}
+	if (auth_debug_mode)
+		printf("Sent %d bytes of authentication data\r\n", auth.length);
+	if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) {
+		if (auth_debug_mode)
+			printf("Not enough room for authentication data\r\n");
+		return(0);
+	}
+#ifdef	ENCRYPTION
+	/*
+	 * If we are doing mutual authentication, get set up to send
+	 * the challenge, and verify it when the response comes back.
+	 */
+	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+		register int i;
+
+		des_key_sched(&cred.session, sched);
+		des_init_random_number_generator(&cred.session);
+		des_new_random_key(&session_key);
+		des_ecb_encrypt(&session_key, &session_key, sched, 0);
+		des_ecb_encrypt(&session_key, &challenge, sched, 0);
+		/*
+		 * Increment the challenge by 1, and encrypt it for
+		 * later comparison.
+		 */
+		for (i = 7; i >= 0; --i) {
+			register int x;
+			x = (unsigned int)challenge[i] + 1;
+			challenge[i] = x;	/* ignore overflow */
+			if (x < 256)		/* if no overflow, all done */
+				break;
+		}
+		des_ecb_encrypt(&challenge, &challenge, sched, 1);
+	}
+#endif	/* ENCRYPTION */
+
+	if (auth_debug_mode) {
+		printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
+		printd(auth.dat, auth.length);
+		printf("\r\n");
+		printf("Sent Kerberos V4 credentials to server\r\n");
+	}
+	return(1);
+}
+
+	void
+kerberos4_is(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+#ifdef	ENCRYPTION
+	Session_Key skey;
+	Block datablock;
+#endif	/* ENCRYPTION */
+	char realm[REALM_SZ];
+	char instance[INST_SZ];
+	int r;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case KRB_AUTH:
+		if (krb_get_lrealm(realm, 1) != KSUCCESS) {
+			Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1);
+			auth_finished(ap, AUTH_REJECT);
+			if (auth_debug_mode)
+				printf("No local realm\r\n");
+			return;
+		}
+		memmove((void *)auth.dat, (void *)data, auth.length = cnt);
+		if (auth_debug_mode) {
+			printf("Got %d bytes of authentication data\r\n", cnt);
+			printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
+			printd(auth.dat, auth.length);
+			printf("\r\n");
+		}
+		instance[0] = '*'; instance[1] = 0;
+		if ((r = krb_rd_req(&auth, KRB_SERVICE_NAME,
+				   instance, 0, &adat, ""))) {
+			if (auth_debug_mode)
+				printf("Kerberos failed him as %s\r\n", name);
+			Data(ap, KRB_REJECT, (void *)krb_err_txt[r], -1);
+			auth_finished(ap, AUTH_REJECT);
+			return;
+		}
+#ifdef	ENCRYPTION
+		memmove((void *)session_key, (void *)adat.session, sizeof(Block));
+#endif	/* ENCRYPTION */
+		krb_kntoln(&adat, name);
+
+		if (UserNameRequested && !kuserok(&adat, UserNameRequested))
+			Data(ap, KRB_ACCEPT, (void *)0, 0);
+		else
+			Data(ap, KRB_REJECT,
+				(void *)"user is not authorized", -1);
+		auth_finished(ap, AUTH_USER);
+		break;
+
+	case KRB_CHALLENGE:
+#ifndef	ENCRYPTION
+		Data(ap, KRB_RESPONSE, (void *)0, 0);
+#else	/* ENCRYPTION */
+		if (!VALIDKEY(session_key)) {
+			/*
+			 * We don't have a valid session key, so just
+			 * send back a response with an empty session
+			 * key.
+			 */
+			Data(ap, KRB_RESPONSE, (void *)0, 0);
+			break;
+		}
+
+		/*
+		 * Initialize the random number generator since it's
+		 * used later on by the encryption routine.
+		 */
+		des_init_random_number_generator(&session_key);
+		des_key_sched(&session_key, sched);
+		memmove((void *)datablock, (void *)data, sizeof(Block));
+		/*
+		 * Take the received encrypted challenge, and encrypt
+		 * it again to get a unique session_key for the
+		 * ENCRYPT option.
+		 */
+		des_ecb_encrypt(&datablock, &session_key, sched, 1);
+		skey.type = SK_DES;
+		skey.length = 8;
+		skey.data = session_key;
+		encrypt_session_key(&skey, 1);
+		/*
+		 * Now decrypt the received encrypted challenge,
+		 * increment by one, re-encrypt it and send it back.
+		 */
+		des_ecb_encrypt(&datablock, &challenge, sched, 0);
+		for (r = 7; r >= 0; r--) {
+			register int t;
+			t = (unsigned int)challenge[r] + 1;
+			challenge[r] = t;	/* ignore overflow */
+			if (t < 256)		/* if no overflow, all done */
+				break;
+		}
+		des_ecb_encrypt(&challenge, &challenge, sched, 1);
+		Data(ap, KRB_RESPONSE, (void *)challenge, sizeof(challenge));
+#endif	/* ENCRYPTION */
+		break;
+
+	default:
+		if (auth_debug_mode)
+			printf("Unknown Kerberos option %d\r\n", data[-1]);
+		Data(ap, KRB_REJECT, 0, 0);
+		break;
+	}
+}
+
+	void
+kerberos4_reply(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+#ifdef	ENCRYPTION
+	Session_Key skey;
+#endif	/* ENCRYPTION */
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case KRB_REJECT:
+		if (cnt > 0) {
+			printf("[ Kerberos V4 refuses authentication because %.*s ]\r\n",
+				cnt, data);
+		} else
+			printf("[ Kerberos V4 refuses authentication ]\r\n");
+		auth_send_retry();
+		return;
+	case KRB_ACCEPT:
+		printf("[ Kerberos V4 accepts you ]\n");
+		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+			/*
+			 * Send over the encrypted challenge.
+		 	 */
+#ifndef	ENCRYPTION
+			Data(ap, KRB_CHALLENGE, (void *)0, 0);
+#else	/* ENCRYPTION */
+			Data(ap, KRB_CHALLENGE, (void *)session_key,
+						sizeof(session_key));
+			des_ecb_encrypt(&session_key, &session_key, sched, 1);
+			skey.type = SK_DES;
+			skey.length = 8;
+			skey.data = session_key;
+			encrypt_session_key(&skey, 0);
+#endif	/* ENCRYPTION */
+			return;
+		}
+		auth_finished(ap, AUTH_USER);
+		return;
+	case KRB_RESPONSE:
+#ifdef	ENCRYPTION
+		/*
+		 * Verify that the response to the challenge is correct.
+		 */
+		if ((cnt != sizeof(Block)) ||
+		    (0 != memcmp((void *)data, (void *)challenge,
+						sizeof(challenge))))
+		{
+#endif	/* ENCRYPTION */
+			printf("[ Kerberos V4 challenge failed!!! ]\r\n");
+			auth_send_retry();
+			return;
+#ifdef	ENCRYPTION
+		}
+		printf("[ Kerberos V4 challenge successful ]\r\n");
+		auth_finished(ap, AUTH_USER);
+#endif	/* ENCRYPTION */
+		break;
+	default:
+		if (auth_debug_mode)
+			printf("Unknown Kerberos option %d\r\n", data[-1]);
+		return;
+	}
+}
+
+	int
+kerberos4_status(ap, name, level)
+	Authenticator *ap;
+	char *name;
+	int level;
+{
+	if (level < AUTH_USER)
+		return(level);
+
+	if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
+		strcpy(name, UserNameRequested);
+		return(AUTH_VALID);
+	} else
+		return(AUTH_USER);
+}
+
+#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
+#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+	void
+kerberos4_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	char lbuf[32];
+	register int i;
+
+	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buflen -= 1;
+
+	switch(data[3]) {
+	case KRB_REJECT:		/* Rejected (reason might follow) */
+		strncpy((char *)buf, " REJECT ", buflen);
+		goto common;
+
+	case KRB_ACCEPT:		/* Accepted (name might follow) */
+		strncpy((char *)buf, " ACCEPT ", buflen);
+	common:
+		BUMP(buf, buflen);
+		if (cnt <= 4)
+			break;
+		ADDC(buf, buflen, '"');
+		for (i = 4; i < cnt; i++)
+			ADDC(buf, buflen, data[i]);
+		ADDC(buf, buflen, '"');
+		ADDC(buf, buflen, '\0');
+		break;
+
+	case KRB_AUTH:			/* Authentication data follows */
+		strncpy((char *)buf, " AUTH", buflen);
+		goto common2;
+
+	case KRB_CHALLENGE:
+		strncpy((char *)buf, " CHALLENGE", buflen);
+		goto common2;
+
+	case KRB_RESPONSE:
+		strncpy((char *)buf, " RESPONSE", buflen);
+		goto common2;
+
+	default:
+		sprintf(lbuf, " %d (unknown)", data[3]);
+		strncpy((char *)buf, lbuf, buflen);
+	common2:
+		BUMP(buf, buflen);
+		for (i = 4; i < cnt; i++) {
+			sprintf(lbuf, " %d", data[i]);
+			strncpy((char *)buf, lbuf, buflen);
+			BUMP(buf, buflen);
+		}
+		break;
+	}
+}
+
+	int
+kerberos4_cksum(d, n)
+	unsigned char *d;
+	int n;
+{
+	int ck = 0;
+
+	/*
+	 * A comment is probably needed here for those not
+	 * well versed in the "C" language.  Yes, this is
+	 * supposed to be a "switch" with the body of the
+	 * "switch" being a "while" statement.  The whole
+	 * purpose of the switch is to allow us to jump into
+	 * the middle of the while() loop, and then not have
+	 * to do any more switch()s.
+	 *
+	 * Some compilers will spit out a warning message
+	 * about the loop not being entered at the top.
+	 */
+	switch (n&03)
+	while (n > 0) {
+	case 0:
+		ck ^= (int)*d++ << 24;
+		--n;
+	case 3:
+		ck ^= (int)*d++ << 16;
+		--n;
+	case 2:
+		ck ^= (int)*d++ << 8;
+		--n;
+	case 1:
+		ck ^= (int)*d++;
+		--n;
+	}
+	return(ck);
+}
+#endif
+
+#ifdef notdef
+
+prkey(msg, key)
+	char *msg;
+	unsigned char *key;
+{
+	register int i;
+	printf("%s:", msg);
+	for (i = 0; i < 8; i++)
+		printf(" %3d", key[i]);
+	printf("\r\n");
+}
+#endif
diff --git a/crypto/telnet/libtelnet/kerberos5.c b/crypto/telnet/libtelnet/kerberos5.c
new file mode 100644
index 0000000..bcf1a9f
--- /dev/null
+++ b/crypto/telnet/libtelnet/kerberos5.c
@@ -0,0 +1,764 @@
+/*
+ *	$Source: /mit/krb5/.cvsroot/src/appl/telnet/libtelnet/kerberos5.c,v $
+ *	$Author: tytso $
+ *	$Id: kerberos5.c,v 1.1 1997/09/04 06:11:15 markm Exp $
+ */
+
+#if !defined(lint) && !defined(SABER)
+static
+#ifdef __STDC__
+const
+#endif
+char rcsid_kerberos5_c[] = "$Id: kerberos5.c,v 1.1 1997/09/04 06:11:15 markm Exp $";
+#endif /* lint */
+
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char sccsid[] = "@(#)kerberos5.c	8.3 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+
+#ifdef	KRB5
+#include <arpa/telnet.h>
+#include <stdio.h>
+#include <krb5/krb5.h>
+#include <krb5/asn1.h>
+#include <krb5/crc-32.h>
+#include <krb5/los-proto.h>
+#include <krb5/ext-proto.h>
+#include <com_err.h>
+#include <netdb.h>
+#include <ctype.h>
+
+/* kerberos 5 include files (ext-proto.h) will get an appropriate stdlib.h
+   and string.h/strings.h */
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+
+extern auth_debug_mode;
+
+#ifdef	FORWARD
+int forward_flags = 0;  /* Flags get set in telnet/main.c on -f and -F */
+
+/* These values need to be the same as those defined in telnet/main.c. */
+/* Either define them in both places, or put in some common header file. */
+#define OPTS_FORWARD_CREDS	0x00000002
+#define OPTS_FORWARDABLE_CREDS	0x00000001
+
+void kerberos5_forward();
+
+#endif	/* FORWARD */
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+			  		AUTHTYPE_KERBEROS_V5, };
+/*static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
+					TELQUAL_NAME, };*/
+
+#define	KRB_AUTH		0	/* Authentication data follows */
+#define	KRB_REJECT		1	/* Rejected (reason might follow) */
+#define	KRB_ACCEPT		2	/* Accepted */
+#define	KRB_RESPONSE		3	/* Response for mutual auth. */
+
+#ifdef	FORWARD
+#define KRB_FORWARD     	4       /* Forwarded credentials follow */
+#define KRB_FORWARD_ACCEPT     	5       /* Forwarded credentials accepted */
+#define KRB_FORWARD_REJECT     	6       /* Forwarded credentials rejected */
+#endif	/* FORWARD */
+
+static	krb5_data auth;
+	/* telnetd gets session key from here */
+static	krb5_tkt_authent *authdat = NULL;
+/* telnet matches the AP_REQ and AP_REP with this */
+static	krb5_authenticator authenticator;
+
+/* some compilers can't hack void *, so we use the Kerberos krb5_pointer,
+   which is either void * or char *, depending on the compiler. */
+
+#define Voidptr krb5_pointer
+
+Block	session_key;
+
+	static int
+Data(ap, type, d, c)
+	Authenticator *ap;
+	int type;
+	Voidptr d;
+	int c;
+{
+	unsigned char *p = str_data + 4;
+	unsigned char *cd = (unsigned char *)d;
+
+	if (c == -1)
+		c = strlen((char *)cd);
+
+	if (auth_debug_mode) {
+		printf("%s:%d: [%d] (%d)",
+			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+			str_data[3],
+			type, c);
+		printd(d, c);
+		printf("\r\n");
+	}
+	*p++ = ap->type;
+	*p++ = ap->way;
+	*p++ = type;
+	while (c-- > 0) {
+		if ((*p++ = *cd++) == IAC)
+			*p++ = IAC;
+	}
+	*p++ = IAC;
+	*p++ = SE;
+	if (str_data[3] == TELQUAL_IS)
+		printsub('>', &str_data[2], p - &str_data[2]);
+	return(net_write(str_data, p - str_data));
+}
+
+	int
+kerberos5_init(ap, server)
+	Authenticator *ap;
+	int server;
+{
+	if (server)
+		str_data[3] = TELQUAL_REPLY;
+	else
+		str_data[3] = TELQUAL_IS;
+	krb5_init_ets();
+	return(1);
+}
+
+	int
+kerberos5_send(ap)
+	Authenticator *ap;
+{
+	char **realms;
+	char *name;
+	char *p1, *p2;
+	krb5_checksum ksum;
+	krb5_octet sum[CRC32_CKSUM_LENGTH];
+ 	krb5_principal server;
+	krb5_error_code r;
+	krb5_ccache ccache;
+	krb5_creds creds;		/* telnet gets session key from here */
+	extern krb5_flags krb5_kdc_default_options;
+	int ap_opts;
+
+#ifdef	ENCRYPTION
+	krb5_keyblock *newkey = 0;
+#endif	/* ENCRYPTION */
+
+	ksum.checksum_type = CKSUMTYPE_CRC32;
+	ksum.contents = sum;
+	ksum.length = sizeof(sum);
+	memset((Voidptr )sum, 0, sizeof(sum));
+
+	if (!UserNameRequested) {
+		if (auth_debug_mode) {
+			printf("Kerberos V5: no user name supplied\r\n");
+		}
+		return(0);
+	}
+
+	if (r = krb5_cc_default(&ccache)) {
+		if (auth_debug_mode) {
+			printf("Kerberos V5: could not get default ccache\r\n");
+		}
+		return(0);
+	}
+
+	if ((name = malloc(strlen(RemoteHostName)+1)) == NULL) {
+		if (auth_debug_mode)
+			printf("Out of memory for hostname in Kerberos V5\r\n");
+		return(0);
+	}
+
+	if (r = krb5_get_host_realm(RemoteHostName, &realms)) {
+		if (auth_debug_mode)
+			printf("Kerberos V5: no realm for %s\r\n", RemoteHostName);
+		free(name);
+		return(0);
+	}
+
+	p1 = RemoteHostName;
+	p2 = name;
+
+	while (*p2 = *p1++) {
+		if (isupper(*p2))
+			*p2 |= 040;
+		++p2;
+	}
+
+	if (r = krb5_build_principal_ext(&server,
+					 strlen(realms[0]), realms[0],
+					 4, "host",
+					 p2 - name, name,
+					 0)) {
+		if (auth_debug_mode) {
+			printf("Kerberos V5: failure setting up principal (%s)\r\n",
+			       error_message(r));
+		}
+		free(name);
+		krb5_free_host_realm(realms);
+		return(0);
+	}
+
+
+	memset((char *)&creds, 0, sizeof(creds));
+	creds.server = server;
+
+	if (r = krb5_cc_get_principal(ccache, &creds.client)) {
+		if (auth_debug_mode) {
+			printf("Kerberos V5: failure on principal (%s)\r\n",
+				error_message(r));
+		}
+		free(name);
+		krb5_free_principal(server);
+		krb5_free_host_realm(realms);
+		return(0);
+	}
+
+	if (r = krb5_get_credentials(krb5_kdc_default_options, ccache, &creds)) {
+		if (auth_debug_mode) {
+			printf("Kerberos V5: failure on credentials(%d)\r\n",r);
+		}
+		free(name);
+		krb5_free_host_realm(realms);
+		krb5_free_principal(server);
+		return(0);
+	}
+
+	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
+	    ap_opts = AP_OPTS_MUTUAL_REQUIRED;
+	else
+	    ap_opts = 0;
+
+	r = krb5_mk_req_extended(ap_opts, &ksum, krb5_kdc_default_options, 0,
+#ifdef	ENCRYPTION
+				 &newkey,
+#else	/* ENCRYPTION */
+				 0,
+#endif	/* ENCRYPTION */
+				 ccache, &creds, &authenticator, &auth);
+	/* don't let the key get freed if we clean up the authenticator */
+	authenticator.subkey = 0;
+
+	free(name);
+	krb5_free_host_realm(realms);
+	krb5_free_principal(server);
+#ifdef	ENCRYPTION
+	if (newkey) {
+	    /* keep the key in our private storage, but don't use it
+	       yet---see kerberos5_reply() below */
+	    if (newkey->keytype != KEYTYPE_DES) {
+		if (creds.keyblock.keytype == KEYTYPE_DES)
+		    /* use the session key in credentials instead */
+		    memmove((char *)session_key,
+			   (char *)creds.keyblock.contents, sizeof(Block));
+		else
+		    /* XXX ? */;
+	    } else {
+		memmove((char *)session_key, (char *)newkey->contents,
+		       sizeof(Block));
+	    }
+	    krb5_free_keyblock(newkey);
+	}
+#endif	/* ENCRYPTION */
+	if (r) {
+		if (auth_debug_mode) {
+			printf("Kerberos V5: mk_req failed (%s)\r\n",
+			       error_message(r));
+		}
+		return(0);
+	}
+
+	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
+		if (auth_debug_mode)
+			printf("Not enough room for user name\r\n");
+		return(0);
+	}
+	if (!Data(ap, KRB_AUTH, auth.data, auth.length)) {
+		if (auth_debug_mode)
+			printf("Not enough room for authentication data\r\n");
+		return(0);
+	}
+	if (auth_debug_mode) {
+		printf("Sent Kerberos V5 credentials to server\r\n");
+	}
+	return(1);
+}
+
+	void
+kerberos5_is(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	int r;
+	struct hostent *hp;
+	char *p1, *p2;
+	static char *realm = NULL;
+	krb5_principal server;
+	krb5_ap_rep_enc_part reply;
+	krb5_data outbuf;
+#ifdef ENCRYPTION
+	Session_Key skey;
+#endif	/* ENCRYPTION */
+	char *name;
+	char *getenv();
+	krb5_data inbuf;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case KRB_AUTH:
+		auth.data = (char *)data;
+		auth.length = cnt;
+
+		if (!(hp = gethostbyname(LocalHostName))) {
+			if (auth_debug_mode)
+				printf("Cannot resolve local host name\r\n");
+			Data(ap, KRB_REJECT, "Unknown local hostname.", -1);
+			auth_finished(ap, AUTH_REJECT);
+			return;
+		}
+
+		if (!realm && (krb5_get_default_realm(&realm))) {
+			if (auth_debug_mode)
+				printf("Could not get default realm\r\n");
+			Data(ap, KRB_REJECT, "Could not get default realm.", -1);
+			auth_finished(ap, AUTH_REJECT);
+			return;
+		}
+
+		if ((name = malloc(strlen(hp->h_name)+1)) == NULL) {
+			if (auth_debug_mode)
+				printf("Out of memory for hostname in Kerberos V5\r\n");
+			Data(ap, KRB_REJECT, "Out of memory.", -1);
+			auth_finished(ap, AUTH_REJECT);
+			return;
+		}
+
+		p1 = hp->h_name;
+		p2 = name;
+
+		while (*p2 = *p1++) {
+			if (isupper(*p2))
+				*p2 |= 040;
+			++p2;
+		}
+
+		if (authdat)
+			krb5_free_tkt_authent(authdat);
+
+		r = krb5_build_principal_ext(&server,
+					     strlen(realm), realm,
+					     4, "host",
+					     p2 - name, name,
+					     0);
+		if (!r) {
+		    r = krb5_rd_req_simple(&auth, server, 0, &authdat);
+		    krb5_free_principal(server);
+		}
+		if (r) {
+			char errbuf[128];
+
+		    errout:
+			authdat = 0;
+			(void) strcpy(errbuf, "Read req failed: ");
+			(void) strcat(errbuf, error_message(r));
+			Data(ap, KRB_REJECT, errbuf, -1);
+			if (auth_debug_mode)
+				printf("%s\r\n", errbuf);
+			return;
+		}
+		free(name);
+		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+		    /* do ap_rep stuff here */
+		    reply.ctime = authdat->authenticator->ctime;
+		    reply.cusec = authdat->authenticator->cusec;
+		    reply.subkey = 0;	/* use the one he gave us, so don't
+					   need to return one here */
+		    reply.seq_number = 0; /* we don't do seq #'s. */
+
+		    if (r = krb5_mk_rep(&reply,
+					authdat->authenticator->subkey ?
+					authdat->authenticator->subkey :
+					authdat->ticket->enc_part2->session,
+					&outbuf)) {
+			goto errout;
+		    }
+		    Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length);
+		}
+		if (krb5_unparse_name(authdat->ticket->enc_part2 ->client,
+				      					&name))
+			name = 0;
+		Data(ap, KRB_ACCEPT, name, name ? -1 : 0);
+		if (auth_debug_mode) {
+			printf("Kerberos5 identifies him as ``%s''\r\n",
+							name ? name : "");
+		}
+		auth_finished(ap, AUTH_USER);
+
+		free(name);
+	    	if (authdat->authenticator->subkey &&
+		    authdat->authenticator->subkey->keytype == KEYTYPE_DES) {
+		    memmove((Voidptr )session_key,
+			   (Voidptr )authdat->authenticator->subkey->contents,
+			   sizeof(Block));
+		} else if (authdat->ticket->enc_part2->session->keytype ==
+			   KEYTYPE_DES) {
+		    memmove((Voidptr )session_key,
+			(Voidptr )authdat->ticket->enc_part2->session->contents,
+			sizeof(Block));
+		} else
+		    break;
+
+#ifdef ENCRYPTION
+		skey.type = SK_DES;
+		skey.length = 8;
+		skey.data = session_key;
+		encrypt_session_key(&skey, 1);
+#endif	/* ENCRYPTION */
+		break;
+#ifdef	FORWARD
+	case KRB_FORWARD:
+		inbuf.data = (char *)data;
+		inbuf.length = cnt;
+		if (r = rd_and_store_for_creds(&inbuf, authdat->ticket,
+					       UserNameRequested)) {
+		    char errbuf[128];
+
+		    (void) strcpy(errbuf, "Read forwarded creds failed: ");
+		    (void) strcat(errbuf, error_message(r));
+		    Data(ap, KRB_FORWARD_REJECT, errbuf, -1);
+		    if (auth_debug_mode)
+		      printf("Could not read forwarded credentials\r\n");
+		}
+		else
+		  Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
+		  if (auth_debug_mode)
+		    printf("Forwarded credentials obtained\r\n");
+		break;
+#endif	/* FORWARD */
+	default:
+		if (auth_debug_mode)
+			printf("Unknown Kerberos option %d\r\n", data[-1]);
+		Data(ap, KRB_REJECT, 0, 0);
+		break;
+	}
+}
+
+	void
+kerberos5_reply(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+	static int mutual_complete = 0;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case KRB_REJECT:
+		if (cnt > 0) {
+			printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n",
+				cnt, data);
+		} else
+			printf("[ Kerberos V5 refuses authentication ]\r\n");
+		auth_send_retry();
+		return;
+	case KRB_ACCEPT:
+		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL &&
+		    !mutual_complete) {
+		    printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\n");
+		    auth_send_retry();
+		    return;
+		}
+		if (cnt)
+		    printf("[ Kerberos V5 accepts you as ``%.*s'' ]\n", cnt, data);
+		else
+		    printf("[ Kerberos V5 accepts you ]\n");
+		auth_finished(ap, AUTH_USER);
+#ifdef	FORWARD
+		if (forward_flags & OPTS_FORWARD_CREDS)
+		  kerberos5_forward(ap);
+#endif	/* FORWARD */
+		break;
+	case KRB_RESPONSE:
+		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+		    /* the rest of the reply should contain a krb_ap_rep */
+		    krb5_ap_rep_enc_part *reply;
+		    krb5_data inbuf;
+		    krb5_error_code r;
+		    krb5_keyblock tmpkey;
+
+		    inbuf.length = cnt;
+		    inbuf.data = (char *)data;
+
+		    tmpkey.keytype = KEYTYPE_DES;
+		    tmpkey.contents = session_key;
+		    tmpkey.length = sizeof(Block);
+
+		    if (r = krb5_rd_rep(&inbuf, &tmpkey, &reply)) {
+			printf("[ Mutual authentication failed: %s ]\n",
+			       error_message(r));
+			auth_send_retry();
+			return;
+		    }
+		    if (reply->ctime != authenticator.ctime ||
+			reply->cusec != authenticator.cusec) {
+			printf("[ Mutual authentication failed (mismatched KRB_AP_REP) ]\n");
+			auth_send_retry();
+			return;
+		    }
+		    krb5_free_ap_rep_enc_part(reply);
+#ifdef	ENCRYPTION
+			skey.type = SK_DES;
+			skey.length = 8;
+			skey.data = session_key;
+			encrypt_session_key(&skey, 0);
+#endif	/* ENCRYPTION */
+		    mutual_complete = 1;
+		}
+		return;
+#ifdef	FORWARD
+	case KRB_FORWARD_ACCEPT:
+		printf("[ Kerberos V5 accepted forwarded credentials ]\n");
+		return;
+	case KRB_FORWARD_REJECT:
+		printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n",
+				cnt, data);
+		return;
+#endif	/* FORWARD */
+	default:
+		if (auth_debug_mode)
+			printf("Unknown Kerberos option %d\r\n", data[-1]);
+		return;
+	}
+}
+
+	int
+kerberos5_status(ap, name, level)
+	Authenticator *ap;
+	char *name;
+	int level;
+{
+	if (level < AUTH_USER)
+		return(level);
+
+	if (UserNameRequested &&
+	    krb5_kuserok(authdat->ticket->enc_part2->client, UserNameRequested))
+	{
+		strcpy(name, UserNameRequested);
+		return(AUTH_VALID);
+	} else
+		return(AUTH_USER);
+}
+
+#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
+#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+	void
+kerberos5_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	char lbuf[32];
+	register int i;
+
+	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buflen -= 1;
+
+	switch(data[3]) {
+	case KRB_REJECT:		/* Rejected (reason might follow) */
+		strncpy((char *)buf, " REJECT ", buflen);
+		goto common;
+
+	case KRB_ACCEPT:		/* Accepted (name might follow) */
+		strncpy((char *)buf, " ACCEPT ", buflen);
+	common:
+		BUMP(buf, buflen);
+		if (cnt <= 4)
+			break;
+		ADDC(buf, buflen, '"');
+		for (i = 4; i < cnt; i++)
+			ADDC(buf, buflen, data[i]);
+		ADDC(buf, buflen, '"');
+		ADDC(buf, buflen, '\0');
+		break;
+
+
+	case KRB_AUTH:			/* Authentication data follows */
+		strncpy((char *)buf, " AUTH", buflen);
+		goto common2;
+
+	case KRB_RESPONSE:
+		strncpy((char *)buf, " RESPONSE", buflen);
+		goto common2;
+
+#ifdef	FORWARD
+	case KRB_FORWARD:		/* Forwarded credentials follow */
+		strncpy((char *)buf, " FORWARD", buflen);
+		goto common2;
+
+	case KRB_FORWARD_ACCEPT:	/* Forwarded credentials accepted */
+		strncpy((char *)buf, " FORWARD_ACCEPT", buflen);
+		goto common2;
+
+	case KRB_FORWARD_REJECT:	/* Forwarded credentials rejected */
+					       /* (reason might follow) */
+		strncpy((char *)buf, " FORWARD_REJECT", buflen);
+		goto common2;
+#endif	/* FORWARD */
+
+	default:
+		sprintf(lbuf, " %d (unknown)", data[3]);
+		strncpy((char *)buf, lbuf, buflen);
+	common2:
+		BUMP(buf, buflen);
+		for (i = 4; i < cnt; i++) {
+			sprintf(lbuf, " %d", data[i]);
+			strncpy((char *)buf, lbuf, buflen);
+			BUMP(buf, buflen);
+		}
+		break;
+	}
+}
+
+#ifdef	FORWARD
+	void
+kerberos5_forward(ap)
+     Authenticator *ap;
+{
+    struct hostent *hp;
+    krb5_creds *local_creds;
+    krb5_error_code r;
+    krb5_data forw_creds;
+    extern krb5_cksumtype krb5_kdc_req_sumtype;
+    krb5_ccache ccache;
+    int i;
+
+    if (!(local_creds = (krb5_creds *)
+	  calloc(1, sizeof(*local_creds)))) {
+	if (auth_debug_mode)
+	  printf("Kerberos V5: could not allocate memory for credentials\r\n");
+	return;
+    }
+
+    if (r = krb5_sname_to_principal(RemoteHostName, "host", 1,
+				    &local_creds->server)) {
+	if (auth_debug_mode)
+	  printf("Kerberos V5: could not build server name - %s\r\n",
+		 error_message(r));
+	krb5_free_creds(local_creds);
+	return;
+    }
+
+    if (r = krb5_cc_default(&ccache)) {
+	if (auth_debug_mode)
+	  printf("Kerberos V5: could not get default ccache - %s\r\n",
+		 error_message(r));
+	krb5_free_creds(local_creds);
+	return;
+    }
+
+    if (r = krb5_cc_get_principal(ccache, &local_creds->client)) {
+	if (auth_debug_mode)
+	  printf("Kerberos V5: could not get default principal - %s\r\n",
+		 error_message(r));
+	krb5_free_creds(local_creds);
+	return;
+    }
+
+    /* Get ticket from credentials cache */
+    if (r = krb5_get_credentials(KRB5_GC_CACHED, ccache, local_creds)) {
+	if (auth_debug_mode)
+	  printf("Kerberos V5: could not obtain credentials - %s\r\n",
+		 error_message(r));
+	krb5_free_creds(local_creds);
+	return;
+    }
+
+    if (r = get_for_creds(ETYPE_DES_CBC_CRC,
+			  krb5_kdc_req_sumtype,
+			  RemoteHostName,
+			  local_creds->client,
+			  &local_creds->keyblock,
+			  forward_flags & OPTS_FORWARDABLE_CREDS,
+			  &forw_creds)) {
+	if (auth_debug_mode)
+	  printf("Kerberos V5: error getting forwarded creds - %s\r\n",
+		 error_message(r));
+	krb5_free_creds(local_creds);
+	return;
+    }
+
+    /* Send forwarded credentials */
+    if (!Data(ap, KRB_FORWARD, forw_creds.data, forw_creds.length)) {
+	if (auth_debug_mode)
+	  printf("Not enough room for authentication data\r\n");
+    }
+    else {
+	if (auth_debug_mode)
+	  printf("Forwarded local Kerberos V5 credentials to server\r\n");
+    }
+
+    krb5_free_creds(local_creds);
+}
+#endif	/* FORWARD */
+
+#endif /* KRB5 */
diff --git a/crypto/telnet/libtelnet/key-proto.h b/crypto/telnet/libtelnet/key-proto.h
new file mode 100644
index 0000000..9668a77
--- /dev/null
+++ b/crypto/telnet/libtelnet/key-proto.h
@@ -0,0 +1,71 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)key-proto.h	8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef	__KEY_PROTO__
+#define	__KEY_PROTO__
+
+#if	!defined(P)
+#ifdef	__STDC__
+#define	P(x)	x
+#else
+#define	P(x)	()
+#endif
+#endif
+
+int key_file_exists P((void));
+void key_lookup P((unsigned char *, Block));
+void key_stream_init P((Block, Block, int));
+unsigned char key_stream P((int, int));
+#endif
diff --git a/crypto/telnet/libtelnet/krb4encpwd.c b/crypto/telnet/libtelnet/krb4encpwd.c
new file mode 100644
index 0000000..cb9523c
--- /dev/null
+++ b/crypto/telnet/libtelnet/krb4encpwd.c
@@ -0,0 +1,445 @@
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char sccsid[] = "@(#)krb4encpwd.c	8.3 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+
+#ifdef	KRB4_ENCPWD
+/*
+ * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
+ * ALL RIGHTS RESERVED
+ *
+ * "Digital Equipment Corporation authorizes the reproduction,
+ * distribution and modification of this software subject to the following
+ * restrictions:
+ *
+ * 1.  Any partial or whole copy of this software, or any modification
+ * thereof, must include this copyright notice in its entirety.
+ *
+ * 2.  This software is supplied "as is" with no warranty of any kind,
+ * expressed or implied, for any purpose, including any warranty of fitness
+ * or merchantibility.  DIGITAL assumes no responsibility for the use or
+ * reliability of this software, nor promises to provide any form of
+ * support for it on any basis.
+ *
+ * 3.  Distribution of this software is authorized only if no profit or
+ * remuneration of any kind is received in exchange for such distribution.
+ *
+ * 4.  This software produces public key authentication certificates
+ * bearing an expiration date established by DIGITAL and RSA Data
+ * Security, Inc.  It may cease to generate certificates after the expiration
+ * date.  Any modification of this software that changes or defeats
+ * the expiration date or its effect is unauthorized.
+ *
+ * 5.  Software that will renew or extend the expiration date of
+ * authentication certificates produced by this software may be obtained
+ * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
+ * 94065, (415)595-8782, or from DIGITAL"
+ *
+ */
+
+#include <sys/types.h>
+#include <arpa/telnet.h>
+#include <pwd.h>
+#include <stdio.h>
+
+#include <des.h>
+#include <krb.h>
+#ifdef	__STDC__
+#include <stdlib.h>
+#endif
+#ifdef	NO_STRING_H
+#include <strings.h>
+#else
+#include <string.h>
+#endif
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+
+int krb_mk_encpwd_req P((KTEXT, char *, char *, char *, char *, char *, char *));
+int krb_rd_encpwd_req P((KTEXT, char *, char *, u_long, AUTH_DAT *, char *, char *, char *, char *));
+
+extern auth_debug_mode;
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+			  		AUTHTYPE_KRB4_ENCPWD, };
+static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
+					TELQUAL_NAME, };
+
+#define	KRB4_ENCPWD_AUTH	0	/* Authentication data follows */
+#define	KRB4_ENCPWD_REJECT	1	/* Rejected (reason might follow) */
+#define KRB4_ENCPWD_ACCEPT	2	/* Accepted */
+#define	KRB4_ENCPWD_CHALLENGE	3	/* Challenge for mutual auth. */
+#define	KRB4_ENCPWD_ACK		4	/* Acknowledge */
+
+#define KRB_SERVICE_NAME    "rcmd"
+
+static	KTEXT_ST auth;
+static	char name[ANAME_SZ];
+static	char user_passwd[ANAME_SZ];
+static	AUTH_DAT adat = { 0 };
+#ifdef	ENCRYPTION
+static Block	session_key	= { 0 };
+#endif	/* ENCRYPTION */
+static char  challenge[REALM_SZ];
+
+	static int
+Data(ap, type, d, c)
+	Authenticator *ap;
+	int type;
+	void *d;
+	int c;
+{
+	unsigned char *p = str_data + 4;
+	unsigned char *cd = (unsigned char *)d;
+
+	if (c == -1)
+		c = strlen((char *)cd);
+
+	if (0) {
+		printf("%s:%d: [%d] (%d)",
+			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+			str_data[3],
+			type, c);
+		printd(d, c);
+		printf("\r\n");
+	}
+	*p++ = ap->type;
+	*p++ = ap->way;
+	*p++ = type;
+	while (c-- > 0) {
+		if ((*p++ = *cd++) == IAC)
+			*p++ = IAC;
+	}
+	*p++ = IAC;
+	*p++ = SE;
+	if (str_data[3] == TELQUAL_IS)
+		printsub('>', &str_data[2], p - (&str_data[2]));
+	return(net_write(str_data, p - str_data));
+}
+
+	int
+krb4encpwd_init(ap, server)
+	Authenticator *ap;
+	int server;
+{
+	char hostname[80], *cp, *realm;
+	C_Block skey;
+
+	if (server) {
+		str_data[3] = TELQUAL_REPLY;
+	} else {
+		str_data[3] = TELQUAL_IS;
+		gethostname(hostname, sizeof(hostname));
+		realm = krb_realmofhost(hostname);
+		cp = strchr(hostname, '.');
+		if (*cp != NULL) *cp = NULL;
+		if (read_service_key(KRB_SERVICE_NAME, hostname, realm, 0,
+					KEYFILE, (char *)skey)) {
+		  return(0);
+		}
+	}
+	return(1);
+}
+
+	int
+krb4encpwd_send(ap)
+	Authenticator *ap;
+{
+
+	printf("[ Trying KRB4ENCPWD ... ]\n");
+	if (!UserNameRequested) {
+		return(0);
+	}
+	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
+		return(0);
+	}
+
+	if (!Data(ap, KRB4_ENCPWD_ACK, (void *)NULL, 0)) {
+		return(0);
+	}
+
+	return(1);
+}
+
+	void
+krb4encpwd_is(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+	Block datablock;
+	char  r_passwd[ANAME_SZ], r_user[ANAME_SZ];
+	char  lhostname[ANAME_SZ], *cp;
+	int r;
+	time_t now;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case KRB4_ENCPWD_AUTH:
+		memmove((void *)auth.dat, (void *)data, auth.length = cnt);
+
+		gethostname(lhostname, sizeof(lhostname));
+		if ((cp = strchr(lhostname, '.')) != 0)  *cp = '\0';
+
+		if (r = krb_rd_encpwd_req(&auth, KRB_SERVICE_NAME, lhostname, 0, &adat, NULL, challenge, r_user, r_passwd)) {
+			Data(ap, KRB4_ENCPWD_REJECT, (void *)"Auth failed", -1);
+			auth_finished(ap, AUTH_REJECT);
+			return;
+		}
+		auth_encrypt_userpwd(r_passwd);
+		if (passwdok(UserNameRequested, UserPassword) == 0) {
+		  /*
+		   *  illegal username and password
+		   */
+		  Data(ap, KRB4_ENCPWD_REJECT, (void *)"Illegal password", -1);
+		  auth_finished(ap, AUTH_REJECT);
+		  return;
+		}
+
+		memmove((void *)session_key, (void *)adat.session, sizeof(Block));
+		Data(ap, KRB4_ENCPWD_ACCEPT, (void *)0, 0);
+		auth_finished(ap, AUTH_USER);
+		break;
+
+	case KRB4_ENCPWD_CHALLENGE:
+		/*
+		 *  Take the received random challenge text and save
+		 *  for future authentication.
+		 */
+		memmove((void *)challenge, (void *)data, sizeof(Block));
+		break;
+
+
+	case KRB4_ENCPWD_ACK:
+		/*
+		 *  Receive ack, if mutual then send random challenge
+		 */
+
+		/*
+		 * If we are doing mutual authentication, get set up to send
+		 * the challenge, and verify it when the response comes back.
+		 */
+
+		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+		  register int i;
+
+		  time(&now);
+		  sprintf(challenge, "%x", now);
+		  Data(ap, KRB4_ENCPWD_CHALLENGE, (void *)challenge, strlen(challenge));
+		}
+		break;
+
+	default:
+		Data(ap, KRB4_ENCPWD_REJECT, 0, 0);
+		break;
+	}
+}
+
+
+	void
+krb4encpwd_reply(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+	KTEXT_ST krb_token;
+	Block enckey;
+	CREDENTIALS cred;
+	int r;
+	char	randchal[REALM_SZ], instance[ANAME_SZ], *cp;
+	char	hostname[80], *realm;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case KRB4_ENCPWD_REJECT:
+		if (cnt > 0) {
+			printf("[ KRB4_ENCPWD refuses authentication because %.*s ]\r\n",
+				cnt, data);
+		} else
+			printf("[ KRB4_ENCPWD refuses authentication ]\r\n");
+		auth_send_retry();
+		return;
+	case KRB4_ENCPWD_ACCEPT:
+		printf("[ KRB4_ENCPWD accepts you ]\n");
+		auth_finished(ap, AUTH_USER);
+		return;
+	case KRB4_ENCPWD_CHALLENGE:
+		/*
+		 * Verify that the response to the challenge is correct.
+		 */
+
+		gethostname(hostname, sizeof(hostname));
+		realm = krb_realmofhost(hostname);
+		memmove((void *)challenge, (void *)data, cnt);
+		memset(user_passwd, 0, sizeof(user_passwd));
+		local_des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
+		UserPassword = user_passwd;
+		Challenge = challenge;
+		strcpy(instance, RemoteHostName);
+		if ((cp = strchr(instance, '.')) != 0)  *cp = '\0';
+
+		if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) {
+		  krb_token.length = 0;
+		}
+
+		if (!Data(ap, KRB4_ENCPWD_AUTH, (void *)krb_token.dat, krb_token.length)) {
+		  return;
+		}
+
+		break;
+
+	default:
+		return;
+	}
+}
+
+	int
+krb4encpwd_status(ap, name, level)
+	Authenticator *ap;
+	char *name;
+	int level;
+{
+
+	if (level < AUTH_USER)
+		return(level);
+
+	if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) {
+		strcpy(name, UserNameRequested);
+		return(AUTH_VALID);
+	} else {
+		return(AUTH_USER);
+	}
+}
+
+#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
+#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+	void
+krb4encpwd_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	char lbuf[32];
+	register int i;
+
+	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buflen -= 1;
+
+	switch(data[3]) {
+	case KRB4_ENCPWD_REJECT:	/* Rejected (reason might follow) */
+		strncpy((char *)buf, " REJECT ", buflen);
+		goto common;
+
+	case KRB4_ENCPWD_ACCEPT:	/* Accepted (name might follow) */
+		strncpy((char *)buf, " ACCEPT ", buflen);
+	common:
+		BUMP(buf, buflen);
+		if (cnt <= 4)
+			break;
+		ADDC(buf, buflen, '"');
+		for (i = 4; i < cnt; i++)
+			ADDC(buf, buflen, data[i]);
+		ADDC(buf, buflen, '"');
+		ADDC(buf, buflen, '\0');
+		break;
+
+	case KRB4_ENCPWD_AUTH:		/* Authentication data follows */
+		strncpy((char *)buf, " AUTH", buflen);
+		goto common2;
+
+	case KRB4_ENCPWD_CHALLENGE:
+		strncpy((char *)buf, " CHALLENGE", buflen);
+		goto common2;
+
+	case KRB4_ENCPWD_ACK:
+		strncpy((char *)buf, " ACK", buflen);
+		goto common2;
+
+	default:
+		sprintf(lbuf, " %d (unknown)", data[3]);
+		strncpy((char *)buf, lbuf, buflen);
+	common2:
+		BUMP(buf, buflen);
+		for (i = 4; i < cnt; i++) {
+			sprintf(lbuf, " %d", data[i]);
+			strncpy((char *)buf, lbuf, buflen);
+			BUMP(buf, buflen);
+		}
+		break;
+	}
+}
+
+int passwdok(name, passwd)
+char *name, *passwd;
+{
+  char *crypt();
+  char *salt, *p;
+  struct passwd *pwd;
+  int   passwdok_status = 0;
+
+  if (pwd = getpwnam(name))
+    salt = pwd->pw_passwd;
+  else salt = "xx";
+
+  p = crypt(passwd, salt);
+
+  if (pwd && !strcmp(p, pwd->pw_passwd)) {
+    passwdok_status = 1;
+  } else passwdok_status = 0;
+  return(passwdok_status);
+}
+
+#endif
+
+#ifdef notdef
+
+prkey(msg, key)
+	char *msg;
+	unsigned char *key;
+{
+	register int i;
+	printf("%s:", msg);
+	for (i = 0; i < 8; i++)
+		printf(" %3d", key[i]);
+	printf("\r\n");
+}
+#endif
diff --git a/crypto/telnet/libtelnet/misc-proto.h b/crypto/telnet/libtelnet/misc-proto.h
new file mode 100644
index 0000000..e5f334a
--- /dev/null
+++ b/crypto/telnet/libtelnet/misc-proto.h
@@ -0,0 +1,79 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)misc-proto.h	8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef	__MISC_PROTO__
+#define	__MISC_PROTO__
+
+#if	!defined(P)
+#ifdef	__STDC__
+#define	P(x)	x
+#else
+#define	P(x)	()
+#endif
+#endif
+
+void auth_encrypt_init P((char *, char *, char *, int));
+void auth_encrypt_connect P((int));
+void printd P((unsigned char *, int));
+
+/*
+ * These functions are imported from the application
+ */
+int net_write P((unsigned char *, int));
+void net_encrypt P((void));
+int telnet_spin P((void));
+char *telnet_getenv P((char *));
+char *telnet_gets P((char *, char *, int, int));
+#endif
diff --git a/crypto/telnet/libtelnet/misc.c b/crypto/telnet/libtelnet/misc.c
new file mode 100644
index 0000000..4f8f8d5
--- /dev/null
+++ b/crypto/telnet/libtelnet/misc.c
@@ -0,0 +1,98 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char sccsid[] = "@(#)misc.c	8.1 (Berkeley) 6/4/93";
+#endif /* not lint */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "misc.h"
+#include "auth.h"
+#include "encrypt.h"
+
+char *RemoteHostName;
+char *LocalHostName;
+char *UserNameRequested = 0;
+int ConnectedCount = 0;
+
+	void
+auth_encrypt_init(local, remote, name, server)
+	char *local;
+	char *remote;
+	char *name;
+	int server;
+{
+	RemoteHostName = remote;
+	LocalHostName = local;
+#if	defined(AUTHENTICATION)
+	auth_init(name, server);
+#endif
+#ifdef	ENCRYPTION
+	encrypt_init(name, server);
+#endif	/* ENCRYPTION */
+	if (UserNameRequested) {
+		free(UserNameRequested);
+		UserNameRequested = 0;
+	}
+}
+
+	void
+auth_encrypt_user(name)
+	char *name;
+{
+	extern char *strdup();
+
+	if (UserNameRequested)
+		free(UserNameRequested);
+	UserNameRequested = name ? strdup(name) : 0;
+}
+
+	void
+auth_encrypt_connect(cnt)
+	int cnt;
+{
+}
+
+	void
+printd(data, cnt)
+	unsigned char *data;
+	int cnt;
+{
+	if (cnt > 16)
+		cnt = 16;
+	while (cnt-- > 0) {
+		printf(" %02x", *data);
+		++data;
+	}
+}
diff --git a/crypto/telnet/libtelnet/misc.h b/crypto/telnet/libtelnet/misc.h
new file mode 100644
index 0000000..41ffa7f
--- /dev/null
+++ b/crypto/telnet/libtelnet/misc.h
@@ -0,0 +1,42 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)misc.h	8.1 (Berkeley) 6/4/93
+ */
+
+extern char *UserNameRequested;
+extern char *LocalHostName;
+extern char *RemoteHostName;
+extern int ConnectedCount;
+extern int ReservedPort;
+
+#include "misc-proto.h"
diff --git a/crypto/telnet/libtelnet/pk.c b/crypto/telnet/libtelnet/pk.c
new file mode 100644
index 0000000..78e474f
--- /dev/null
+++ b/crypto/telnet/libtelnet/pk.c
@@ -0,0 +1,266 @@
+/* public key routines */
+/* functions:
+	genkeys(char *public, char *secret)
+	common_key(char *secret, char *public, desData *deskey)
+        pk_encode(char *in, *out, DesData *deskey);
+        pk_decode(char *in, *out, DesData *deskey);
+      where
+	char public[HEXKEYBYTES + 1];
+	char secret[HEXKEYBYTES + 1];
+ */
+
+#include <stdio.h>
+#include <sys/time.h>
+#include <string.h>
+#include <fcntl.h>
+#include <des.h>
+#include "mp.h"
+#include "pk.h"
+#if defined(SOLARIS2) || defined(LINUX)
+#include <stdlib.h>
+#endif
+ 
+/*
+ * Choose top 128 bits of the common key to use as our idea key.
+ */
+static
+extractideakey(ck, ideakey)
+        MINT *ck;
+        IdeaData *ideakey;
+{
+        MINT *a;
+        MINT *z;
+        short r;
+        int i;
+        short base = (1 << 8);
+        char *k;
+
+        z = itom(0);
+        a = itom(0);
+        madd(ck, z, a);
+        for (i = 0; i < ((KEYSIZE - 128) / 8); i++) {
+                sdiv(a, base, a, &r);
+        }
+        k = (char *)ideakey;
+        for (i = 0; i < 16; i++) {
+                sdiv(a, base, a, &r);
+                *k++ = r;
+        }
+	mfree(z);
+        mfree(a);
+}
+
+/*
+ * Choose middle 64 bits of the common key to use as our des key, possibly
+ * overwriting the lower order bits by setting parity. 
+ */
+static
+extractdeskey(ck, deskey)
+        MINT *ck;
+        DesData *deskey;
+{
+        MINT *a;
+        MINT *z;
+        short r;
+        int i;
+        short base = (1 << 8);
+        char *k;
+
+        z = itom(0);
+        a = itom(0);
+        madd(ck, z, a);
+        for (i = 0; i < ((KEYSIZE - 64) / 2) / 8; i++) {
+                sdiv(a, base, a, &r);
+        }
+        k = (char *)deskey;
+        for (i = 0; i < 8; i++) {
+                sdiv(a, base, a, &r);
+                *k++ = r;
+        }
+	mfree(z);
+        mfree(a);
+}
+
+/*
+ * get common key from my secret key and his public key
+ */
+void common_key(char *xsecret, char *xpublic, IdeaData *ideakey, DesData *deskey)
+{
+        MINT *public;
+        MINT *secret;
+        MINT *common;
+	MINT *modulus = xtom(HEXMODULUS);
+
+        public = xtom(xpublic);
+        secret = xtom(xsecret);
+        common = itom(0);
+        pow(public, secret, modulus, common);
+        extractdeskey(common, deskey);
+        extractideakey(common, ideakey);
+#if DES_OSTHOLM
+	des_fixup_key_parity(deskey);
+#else
+	des_set_odd_parity(deskey);
+#endif
+        mfree(common);
+        mfree(secret);
+        mfree(public);
+	mfree(modulus);
+}
+
+
+/*
+ * Generate a seed
+ */
+void getseed(seed, seedsize)
+        char *seed;
+        int seedsize;
+{
+        int i,f;
+        int rseed;
+        struct timeval tv;
+	long devrand;
+
+        (void)gettimeofday(&tv, (struct timezone *)NULL);
+        rseed = tv.tv_sec + tv.tv_usec;
+/* XXX What the hell is this?! */
+        for (i = 0; i < 8; i++) {
+                rseed ^= (rseed << 8);
+        }
+
+	f=open("/dev/random",O_NONBLOCK|O_RDONLY);
+	if (f>=0)
+	{
+		read(f,&devrand,sizeof(devrand));
+		close(f);
+	}
+        srand48((long)rseed^devrand);
+
+        for (i = 0; i < seedsize; i++) {
+                seed[i] = (lrand48() & 0xff);
+        }
+}
+
+
+/*
+ * Generate a random public/secret key pair
+ */
+void genkeys(public, secret)
+        char *public;
+        char *secret;
+{
+        int i;
+ 
+#       define BASEBITS (8*sizeof(short) - 1)
+#       define BASE (1 << BASEBITS)
+ 
+        MINT *pk = itom(0);
+        MINT *sk = itom(0);
+        MINT *tmp;
+        MINT *base = itom(BASE);
+        MINT *root = itom(PROOT);
+        MINT *modulus = xtom(HEXMODULUS);
+        short r;
+        unsigned short seed[KEYSIZE/BASEBITS + 1];
+        char *xkey;
+
+        getseed((char *)seed, sizeof(seed));    
+        for (i = 0; i < KEYSIZE/BASEBITS + 1; i++) {
+                r = seed[i] % BASE;
+                tmp = itom(r);
+                mult(sk, base, sk);
+                madd(sk, tmp, sk);
+                mfree(tmp);  
+        }
+        tmp = itom(0);
+        mdiv(sk, modulus, tmp, sk);
+        mfree(tmp);
+        pow(root, sk, modulus, pk); 
+        xkey = mtox(sk);   
+        adjust(secret, xkey);
+        xkey = mtox(pk);
+        adjust(public, xkey);
+        mfree(sk);
+        mfree(base);
+        mfree(pk);
+        mfree(root);
+        mfree(modulus);
+} 
+
+/*
+ * Adjust the input key so that it is 0-filled on the left
+ */
+adjust(keyout, keyin)
+        char keyout[HEXKEYBYTES+1];
+        char *keyin;
+{
+        char *p;
+        char *s;
+
+        for (p = keyin; *p; p++) 
+                ;
+        for (s = keyout + HEXKEYBYTES; p >= keyin; p--, s--) {
+                *s = *p;
+        }
+        while (s >= keyout) {
+                *s-- = '0';
+        }
+}
+
+static char hextab[17] = "0123456789ABCDEF";
+
+/* given a DES key, cbc encrypt and translate input to terminated hex */
+void pk_encode(in, out, key)
+char *in,*out;
+DesData *key;
+{
+	char buf[256];
+	DesData i;
+	des_key_schedule k;
+	int l,op,deslen;
+
+	memset(&i,0,sizeof(i));
+	memset(buf,0,sizeof(buf));
+	deslen = ((strlen(in) + 7)/8)*8;
+	des_key_sched(key, k);
+	des_cbc_encrypt((des_cblock *)in,(des_cblock *)buf,deslen,
+		k,&i,DES_ENCRYPT);
+	for (l=0,op=0;l<deslen;l++) {
+		out[op++] = hextab[(buf[l] & 0xf0) >> 4];
+		out[op++] = hextab[(buf[l] & 0x0f)];
+	}
+	out[op] = '\0';
+}
+
+/* given a DES key, translate input from hex and decrypt */
+void pk_decode(in, out, key)
+char *in,*out;
+DesData *key;
+{
+	char buf[256];
+	DesData i;
+	des_key_schedule k;
+	int l,n1,n2,op;
+
+	memset(&i,0,sizeof(i));
+	memset(buf,0,sizeof(buf));
+	for (l=0,op=0;l<strlen(in)/2;l++,op+=2) {
+		if(in[op] == '0' && in[op+1] == '0') {
+			buf[l] = '\0';
+			break;
+		}
+		if (in[op] > '9')
+			n1 = in[op] - 'A' + 10;
+		else
+			n1 = in[op] - '0';
+		if (in[op+1] > '9')
+			n2 = in[op+1] - 'A' + 10;
+		else
+			n2 = in[op+1] - '0';
+		buf[l] = n1*16 +n2;
+	}
+	des_key_sched(key, k);
+	des_cbc_encrypt((des_cblock *)buf,(des_cblock *)out,strlen(in)/2,
+		k,&i,DES_DECRYPT);
+	out[strlen(in)/2] = '\0';
+}
diff --git a/crypto/telnet/libtelnet/pk.h b/crypto/telnet/libtelnet/pk.h
new file mode 100644
index 0000000..b41bba5
--- /dev/null
+++ b/crypto/telnet/libtelnet/pk.h
@@ -0,0 +1,41 @@
+/* header for the des routines that we will use */
+
+typedef unsigned char byte, DesData[ 8], IdeaData[16];
+#if 0
+typedef unsigned long word, DesKeys[32];
+#else
+#define DesKeys des_key_schedule
+#endif
+
+#define DES_DECRYPT 0
+#define DES_ENCRYPT 1
+
+#if 0
+extern void des_fixup_key_parity();	/* (DesData *key) */
+extern int des_key_sched(); 	/* (DesData *key, DesKeys *m) */
+extern int des_ecb_encrypt();	/* (DesData *src, *dst, DesKeys *m, int mode) */
+extern int des_cbc_encrypt();   /* (char *src, *dst, int length,
+				    DesKeys *m, DesData *init, int mode) */
+#endif
+
+/* public key routines */
+/* functions:
+	genkeys(char *public, char *secret)
+	common_key(char *secret, char *public, desData *deskey)
+      where
+	char public[HEXKEYBYTES + 1];
+	char secret[HEXKEYBYTES + 1];
+ */
+
+#define HEXMODULUS "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b"
+#define HEXKEYBYTES 48
+#define KEYSIZE 192
+#define KEYBYTES 24
+#define PROOT 3
+
+extern void genkeys(char *public, char *secret);
+extern void common_key(char *secret, char *public, IdeaData *common,
+  DesData *deskey);
+extern void pk_encode(char *in, char *out, DesData *deskey);
+extern void pk_decode(char *in, char *out, DesData *deskey);
+
diff --git a/crypto/telnet/libtelnet/read_password.c b/crypto/telnet/libtelnet/read_password.c
new file mode 100644
index 0000000..4676ed3
--- /dev/null
+++ b/crypto/telnet/libtelnet/read_password.c
@@ -0,0 +1,145 @@
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char sccsid[] = "@(#)read_password.c	8.3 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+/*
+ * $Source: /mit/kerberos/src/lib/des/RCS/read_password.c,v $
+ * $Author: jon $
+ *
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * This routine prints the supplied string to standard
+ * output as a prompt, and reads a password string without
+ * echoing.
+ */
+
+#if	defined(RSA_ENCPWD) || defined(KRB4_ENCPWD)
+
+#include <stdio.h>
+#include <strings.h>
+#include <sys/ioctl.h>
+#include <signal.h>
+#include <setjmp.h>
+
+static jmp_buf env;
+
+/*** Routines ****************************************************** */
+/*
+ * This version just returns the string, doesn't map to key.
+ *
+ * Returns 0 on success, non-zero on failure.
+ */
+
+int
+local_des_read_pw_string(s,max,prompt,verify)
+    char *s;
+    int	max;
+    char *prompt;
+    int	verify;
+{
+    int ok = 0;
+    char *ptr;
+
+    jmp_buf old_env;
+    struct sgttyb tty_state;
+    char key_string[BUFSIZ];
+
+    if (max > BUFSIZ) {
+	return -1;
+    }
+
+    /* XXX assume jmp_buf is typedef'ed to an array */
+    memmove((char *)env, (char *)old_env, sizeof(env));
+    if (setjmp(env))
+	goto lose;
+
+    /* save terminal state*/
+    if (ioctl(0,TIOCGETP,(char *)&tty_state) == -1)
+	return -1;
+/*
+    push_signals();
+*/
+    /* Turn off echo */
+    tty_state.sg_flags &= ~ECHO;
+    if (ioctl(0,TIOCSETP,(char *)&tty_state) == -1)
+	return -1;
+    while (!ok) {
+	(void) printf(prompt);
+	(void) fflush(stdout);
+	while (!fgets(s, max, stdin));
+
+	if ((ptr = strchr(s, '\n')))
+	    *ptr = '\0';
+	if (verify) {
+	    printf("\nVerifying, please re-enter %s",prompt);
+	    (void) fflush(stdout);
+	    if (!fgets(key_string, sizeof(key_string), stdin)) {
+		clearerr(stdin);
+		continue;
+	    }
+	    if ((ptr = strchr(key_string, '\n')))
+	    *ptr = '\0';
+	    if (strcmp(s,key_string)) {
+		printf("\n\07\07Mismatch - try again\n");
+		(void) fflush(stdout);
+		continue;
+	    }
+	}
+	ok = 1;
+    }
+
+lose:
+    if (!ok)
+	memset(s, 0, max);
+    printf("\n");
+    /* turn echo back on */
+    tty_state.sg_flags |= ECHO;
+    if (ioctl(0,TIOCSETP,(char *)&tty_state))
+	ok = 0;
+/*
+    pop_signals();
+*/
+    memmove((char *)old_env, (char *)env, sizeof(env));
+    if (verify)
+	memset(key_string, 0, sizeof (key_string));
+    s[max-1] = 0;		/* force termination */
+    return !ok;			/* return nonzero if not okay */
+}
+#endif	/* defined(RSA_ENCPWD) || defined(KRB4_ENCPWD) */
diff --git a/crypto/telnet/libtelnet/rsaencpwd.c b/crypto/telnet/libtelnet/rsaencpwd.c
new file mode 100644
index 0000000..5906d99
--- /dev/null
+++ b/crypto/telnet/libtelnet/rsaencpwd.c
@@ -0,0 +1,492 @@
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char sccsid[] = "@(#)rsaencpwd.c	8.3 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+
+#ifdef	RSA_ENCPWD
+/*
+ * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
+ * ALL RIGHTS RESERVED
+ *
+ * "Digital Equipment Corporation authorizes the reproduction,
+ * distribution and modification of this software subject to the following
+ * restrictions:
+ *
+ * 1.  Any partial or whole copy of this software, or any modification
+ * thereof, must include this copyright notice in its entirety.
+ *
+ * 2.  This software is supplied "as is" with no warranty of any kind,
+ * expressed or implied, for any purpose, including any warranty of fitness
+ * or merchantibility.  DIGITAL assumes no responsibility for the use or
+ * reliability of this software, nor promises to provide any form of
+ * support for it on any basis.
+ *
+ * 3.  Distribution of this software is authorized only if no profit or
+ * remuneration of any kind is received in exchange for such distribution.
+ *
+ * 4.  This software produces public key authentication certificates
+ * bearing an expiration date established by DIGITAL and RSA Data
+ * Security, Inc.  It may cease to generate certificates after the expiration
+ * date.  Any modification of this software that changes or defeats
+ * the expiration date or its effect is unauthorized.
+ *
+ * 5.  Software that will renew or extend the expiration date of
+ * authentication certificates produced by this software may be obtained
+ * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
+ * 94065, (415)595-8782, or from DIGITAL"
+ *
+ */
+
+#include <sys/types.h>
+#include <arpa/telnet.h>
+#include <pwd.h>
+#include <stdio.h>
+
+#ifdef	__STDC__
+#include <stdlib.h>
+#endif
+#ifdef	NO_STRING_H
+#include <strings.h>
+#else
+#include <string.h>
+#endif
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+#include "cdc.h"
+
+extern auth_debug_mode;
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+			  		AUTHTYPE_RSA_ENCPWD, };
+static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
+					TELQUAL_NAME, };
+
+#define	RSA_ENCPWD_AUTH	0	/* Authentication data follows */
+#define	RSA_ENCPWD_REJECT	1	/* Rejected (reason might follow) */
+#define RSA_ENCPWD_ACCEPT	2	/* Accepted */
+#define	RSA_ENCPWD_CHALLENGEKEY	3	/* Challenge and public key */
+
+#define NAME_SZ   40
+#define CHAL_SZ   20
+#define PWD_SZ    40
+
+static	KTEXT_ST auth;
+static	char name[NAME_SZ];
+static	char user_passwd[PWD_SZ];
+static  char key_file[2*NAME_SZ];
+static  char lhostname[NAME_SZ];
+static char  challenge[CHAL_SZ];
+static int   challenge_len;
+
+	static int
+Data(ap, type, d, c)
+	Authenticator *ap;
+	int type;
+	void *d;
+	int c;
+{
+	unsigned char *p = str_data + 4;
+	unsigned char *cd = (unsigned char *)d;
+
+	if (c == -1)
+		c = strlen((char *)cd);
+
+	if (0) {
+		printf("%s:%d: [%d] (%d)",
+			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+			str_data[3],
+			type, c);
+		printd(d, c);
+		printf("\r\n");
+	}
+	*p++ = ap->type;
+	*p++ = ap->way;
+	if (type != NULL) *p++ = type;
+	while (c-- > 0) {
+		if ((*p++ = *cd++) == IAC)
+			*p++ = IAC;
+	}
+	*p++ = IAC;
+	*p++ = SE;
+	if (str_data[3] == TELQUAL_IS)
+		printsub('>', &str_data[2], p - (&str_data[2]));
+	return(net_write(str_data, p - str_data));
+}
+
+	int
+rsaencpwd_init(ap, server)
+	Authenticator *ap;
+	int server;
+{
+	char  *cp;
+	FILE  *fp;
+
+	if (server) {
+		str_data[3] = TELQUAL_REPLY;
+		memset(key_file, 0, sizeof(key_file));
+		gethostname(lhostname, sizeof(lhostname));
+		if ((cp = strchr(lhostname, '.')) != 0)  *cp = '\0';
+		strcpy(key_file, "/etc/.");
+		strcat(key_file, lhostname);
+		strcat(key_file, "_privkey");
+		if ((fp=fopen(key_file, "r"))==NULL) return(0);
+		fclose(fp);
+	} else {
+		str_data[3] = TELQUAL_IS;
+	}
+	return(1);
+}
+
+	int
+rsaencpwd_send(ap)
+	Authenticator *ap;
+{
+
+	printf("[ Trying RSAENCPWD ... ]\n");
+	if (!UserNameRequested) {
+		return(0);
+	}
+	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
+		return(0);
+	}
+	if (!Data(ap, NULL, (void *)NULL, 0)) {
+		return(0);
+	}
+
+
+	return(1);
+}
+
+	void
+rsaencpwd_is(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+	Block datablock;
+	char  r_passwd[PWD_SZ], r_user[NAME_SZ];
+	char  *cp, key[160];
+	char  chalkey[160], *ptr;
+	FILE  *fp;
+	int r, i, j, chalkey_len, len;
+	time_t now;
+
+	cnt--;
+	switch (*data++) {
+	case RSA_ENCPWD_AUTH:
+		memmove((void *)auth.dat, (void *)data, auth.length = cnt);
+
+		if ((fp=fopen(key_file, "r"))==NULL) {
+		  Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1);
+		  auth_finished(ap, AUTH_REJECT);
+		  return;
+		}
+		/*
+		 *  get privkey
+		 */
+		fscanf(fp, "%x;", &len);
+		for (i=0;i<len;i++) {
+		  j = getc(fp);  key[i]=j;
+		}
+		fclose(fp);
+
+		r = accept_rsa_encpwd(&auth, key, challenge,
+				      challenge_len, r_passwd);
+		if (r < 0) {
+		  Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1);
+		  auth_finished(ap, AUTH_REJECT);
+		  return;
+		}
+		auth_encrypt_userpwd(r_passwd);
+		if (rsaencpwd_passwdok(UserNameRequested, UserPassword) == 0) {
+		  /*
+		   *  illegal username and password
+		   */
+		  Data(ap, RSA_ENCPWD_REJECT, (void *)"Illegal password", -1);
+		  auth_finished(ap, AUTH_REJECT);
+		  return;
+		}
+
+		Data(ap, RSA_ENCPWD_ACCEPT, (void *)0, 0);
+		auth_finished(ap, AUTH_USER);
+		break;
+
+
+	case IAC:
+
+		/*
+		 * If we are doing mutual authentication, get set up to send
+		 * the challenge, and verify it when the response comes back.
+		 */
+		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_ONE_WAY) {
+		  register int i;
+
+
+		  time(&now);
+		  if ((now % 2) == 0) {
+		    sprintf(challenge, "%x", now);
+		    challenge_len = strlen(challenge);
+		  } else {
+		    strcpy(challenge, "randchal");
+		    challenge_len = 8;
+		  }
+
+		  if ((fp=fopen(key_file, "r"))==NULL) {
+		    Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1);
+		    auth_finished(ap, AUTH_REJECT);
+		    return;
+		  }
+		  /*
+		   *  skip privkey
+		   */
+		  fscanf(fp, "%x;", &len);
+		  for (i=0;i<len;i++) {
+		    j = getc(fp);
+		  }
+		  /*
+		   * get pubkey
+		   */
+		  fscanf(fp, "%x;", &len);
+		  for (i=0;i<len;i++) {
+		    j = getc(fp);  key[i]=j;
+		  }
+		  fclose(fp);
+		  chalkey[0] = 0x30;
+		  ptr = (char *) &chalkey[1];
+		  chalkey_len = 1+NumEncodeLengthOctets(i)+i+1+NumEncodeLengthOctets(challenge_len)+challenge_len;
+		  EncodeLength(ptr, chalkey_len);
+		  ptr +=NumEncodeLengthOctets(chalkey_len);
+		  *ptr++ = 0x04;  /* OCTET STRING */
+		  *ptr++ = challenge_len;
+		  memmove(ptr, challenge, challenge_len);
+		  ptr += challenge_len;
+		  *ptr++ = 0x04;  /* OCTET STRING */
+		  EncodeLength(ptr, i);
+		  ptr += NumEncodeLengthOctets(i);
+		  memmove(ptr, key, i);
+		  chalkey_len = 1+NumEncodeLengthOctets(chalkey_len)+chalkey_len;
+		  Data(ap, RSA_ENCPWD_CHALLENGEKEY, (void *)chalkey, chalkey_len);
+		}
+		break;
+
+	default:
+		Data(ap, RSA_ENCPWD_REJECT, 0, 0);
+		break;
+	}
+}
+
+
+	void
+rsaencpwd_reply(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+	KTEXT_ST token;
+	Block enckey;
+	int r, pubkey_len;
+	char	randchal[CHAL_SZ], *cp;
+	char	chalkey[160], pubkey[128], *ptr;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case RSA_ENCPWD_REJECT:
+		if (cnt > 0) {
+			printf("[ RSA_ENCPWD refuses authentication because %.*s ]\r\n",
+				cnt, data);
+		} else
+			printf("[ RSA_ENCPWD refuses authentication ]\r\n");
+		auth_send_retry();
+		return;
+	case RSA_ENCPWD_ACCEPT:
+		printf("[ RSA_ENCPWD accepts you ]\n");
+		auth_finished(ap, AUTH_USER);
+		return;
+	case RSA_ENCPWD_CHALLENGEKEY:
+		/*
+		 * Verify that the response to the challenge is correct.
+		 */
+
+		memmove((void *)chalkey, (void *)data, cnt);
+		ptr = (char *) &chalkey[0];
+		ptr += DecodeHeaderLength(chalkey);
+		if (*ptr != 0x04) {
+		  return;
+		}
+		*ptr++;
+		challenge_len = DecodeValueLength(ptr);
+		ptr += NumEncodeLengthOctets(challenge_len);
+		memmove(challenge, ptr, challenge_len);
+		ptr += challenge_len;
+		if (*ptr != 0x04) {
+		  return;
+		}
+		*ptr++;
+		pubkey_len = DecodeValueLength(ptr);
+		ptr += NumEncodeLengthOctets(pubkey_len);
+		memmove(pubkey, ptr, pubkey_len);
+		memset(user_passwd, 0, sizeof(user_passwd));
+		local_des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
+		UserPassword = user_passwd;
+		Challenge = challenge;
+		r = init_rsa_encpwd(&token, user_passwd, challenge, challenge_len, pubkey);
+		if (r < 0) {
+		  token.length = 1;
+		}
+
+		if (!Data(ap, RSA_ENCPWD_AUTH, (void *)token.dat, token.length)) {
+		  return;
+		}
+
+		break;
+
+	default:
+		return;
+	}
+}
+
+	int
+rsaencpwd_status(ap, name, level)
+	Authenticator *ap;
+	char *name;
+	int level;
+{
+
+	if (level < AUTH_USER)
+		return(level);
+
+	if (UserNameRequested && rsaencpwd_passwdok(UserNameRequested, UserPassword)) {
+		strcpy(name, UserNameRequested);
+		return(AUTH_VALID);
+	} else {
+		return(AUTH_USER);
+	}
+}
+
+#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
+#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+	void
+rsaencpwd_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	char lbuf[32];
+	register int i;
+
+	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buflen -= 1;
+
+	switch(data[3]) {
+	case RSA_ENCPWD_REJECT:	/* Rejected (reason might follow) */
+		strncpy((char *)buf, " REJECT ", buflen);
+		goto common;
+
+	case RSA_ENCPWD_ACCEPT:	/* Accepted (name might follow) */
+		strncpy((char *)buf, " ACCEPT ", buflen);
+	common:
+		BUMP(buf, buflen);
+		if (cnt <= 4)
+			break;
+		ADDC(buf, buflen, '"');
+		for (i = 4; i < cnt; i++)
+			ADDC(buf, buflen, data[i]);
+		ADDC(buf, buflen, '"');
+		ADDC(buf, buflen, '\0');
+		break;
+
+	case RSA_ENCPWD_AUTH:		/* Authentication data follows */
+		strncpy((char *)buf, " AUTH", buflen);
+		goto common2;
+
+	case RSA_ENCPWD_CHALLENGEKEY:
+		strncpy((char *)buf, " CHALLENGEKEY", buflen);
+		goto common2;
+
+	default:
+		sprintf(lbuf, " %d (unknown)", data[3]);
+		strncpy((char *)buf, lbuf, buflen);
+	common2:
+		BUMP(buf, buflen);
+		for (i = 4; i < cnt; i++) {
+			sprintf(lbuf, " %d", data[i]);
+			strncpy((char *)buf, lbuf, buflen);
+			BUMP(buf, buflen);
+		}
+		break;
+	}
+}
+
+int rsaencpwd_passwdok(name, passwd)
+char *name, *passwd;
+{
+  char *crypt();
+  char *salt, *p;
+  struct passwd *pwd;
+  int   passwdok_status = 0;
+
+  if (pwd = getpwnam(name))
+    salt = pwd->pw_passwd;
+  else salt = "xx";
+
+  p = crypt(passwd, salt);
+
+  if (pwd && !strcmp(p, pwd->pw_passwd)) {
+    passwdok_status = 1;
+  } else passwdok_status = 0;
+  return(passwdok_status);
+}
+
+#endif
+
+#ifdef notdef
+
+prkey(msg, key)
+	char *msg;
+	unsigned char *key;
+{
+	register int i;
+	printf("%s:", msg);
+	for (i = 0; i < 8; i++)
+		printf(" %3d", key[i]);
+	printf("\r\n");
+}
+#endif
diff --git a/crypto/telnet/libtelnet/spx.c b/crypto/telnet/libtelnet/spx.c
new file mode 100644
index 0000000..90c37a4
--- /dev/null
+++ b/crypto/telnet/libtelnet/spx.c
@@ -0,0 +1,587 @@
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char sccsid[] = "@(#)spx.c	8.2 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+#ifdef	SPX
+/*
+ * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
+ * ALL RIGHTS RESERVED
+ *
+ * "Digital Equipment Corporation authorizes the reproduction,
+ * distribution and modification of this software subject to the following
+ * restrictions:
+ *
+ * 1.  Any partial or whole copy of this software, or any modification
+ * thereof, must include this copyright notice in its entirety.
+ *
+ * 2.  This software is supplied "as is" with no warranty of any kind,
+ * expressed or implied, for any purpose, including any warranty of fitness
+ * or merchantibility.  DIGITAL assumes no responsibility for the use or
+ * reliability of this software, nor promises to provide any form of
+ * support for it on any basis.
+ *
+ * 3.  Distribution of this software is authorized only if no profit or
+ * remuneration of any kind is received in exchange for such distribution.
+ *
+ * 4.  This software produces public key authentication certificates
+ * bearing an expiration date established by DIGITAL and RSA Data
+ * Security, Inc.  It may cease to generate certificates after the expiration
+ * date.  Any modification of this software that changes or defeats
+ * the expiration date or its effect is unauthorized.
+ *
+ * 5.  Software that will renew or extend the expiration date of
+ * authentication certificates produced by this software may be obtained
+ * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
+ * 94065, (415)595-8782, or from DIGITAL"
+ *
+ */
+
+#include <sys/types.h>
+#include <arpa/telnet.h>
+#include <stdio.h>
+#include "gssapi_defs.h"
+#ifdef	__STDC__
+#include <stdlib.h>
+#endif
+#ifdef	NO_STRING_H
+#include <strings.h>
+#else
+#include <string.h>
+#endif
+
+#include <pwd.h>
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+
+extern auth_debug_mode;
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+			  		AUTHTYPE_SPX, };
+static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
+					TELQUAL_NAME, };
+
+#define	SPX_AUTH	0		/* Authentication data follows */
+#define	SPX_REJECT	1		/* Rejected (reason might follow) */
+#define SPX_ACCEPT	2		/* Accepted */
+
+#ifdef	ENCRYPTION
+static Block	session_key	= { 0 };
+#endif	/* ENCRYPTION */
+static Block	challenge	= { 0 };
+
+
+/*******************************************************************/
+
+gss_OID_set		actual_mechs;
+gss_OID			actual_mech_type, output_name_type;
+int			major_status, status, msg_ctx = 0, new_status;
+int			req_flags = 0, ret_flags, lifetime_rec;
+gss_cred_id_t		gss_cred_handle;
+gss_ctx_id_t		actual_ctxhandle, context_handle;
+gss_buffer_desc		output_token, input_token, input_name_buffer;
+gss_buffer_desc		status_string;
+gss_name_t		desired_targname, src_name;
+gss_channel_bindings	input_chan_bindings;
+char			lhostname[GSS_C_MAX_PRINTABLE_NAME];
+char			targ_printable[GSS_C_MAX_PRINTABLE_NAME];
+int			to_addr=0, from_addr=0;
+char			*address;
+gss_buffer_desc		fullname_buffer;
+gss_OID			fullname_type;
+gss_cred_id_t		gss_delegated_cred_handle;
+
+/*******************************************************************/
+
+
+
+	static int
+Data(ap, type, d, c)
+	Authenticator *ap;
+	int type;
+	void *d;
+	int c;
+{
+	unsigned char *p = str_data + 4;
+	unsigned char *cd = (unsigned char *)d;
+
+	if (c == -1)
+		c = strlen((char *)cd);
+
+	if (0) {
+		printf("%s:%d: [%d] (%d)",
+			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+			str_data[3],
+			type, c);
+		printd(d, c);
+		printf("\r\n");
+	}
+	*p++ = ap->type;
+	*p++ = ap->way;
+	*p++ = type;
+	while (c-- > 0) {
+		if ((*p++ = *cd++) == IAC)
+			*p++ = IAC;
+	}
+	*p++ = IAC;
+	*p++ = SE;
+	if (str_data[3] == TELQUAL_IS)
+		printsub('>', &str_data[2], p - (&str_data[2]));
+	return(net_write(str_data, p - str_data));
+}
+
+	int
+spx_init(ap, server)
+	Authenticator *ap;
+	int server;
+{
+	gss_cred_id_t	tmp_cred_handle;
+
+	if (server) {
+		str_data[3] = TELQUAL_REPLY;
+		gethostname(lhostname, sizeof(lhostname));
+		strcpy(targ_printable, "SERVICE:rcmd@");
+		strcat(targ_printable, lhostname);
+		input_name_buffer.length = strlen(targ_printable);
+		input_name_buffer.value = targ_printable;
+		major_status = gss_import_name(&status,
+					&input_name_buffer,
+					GSS_C_NULL_OID,
+					&desired_targname);
+		major_status = gss_acquire_cred(&status,
+					desired_targname,
+					0,
+					GSS_C_NULL_OID_SET,
+					GSS_C_ACCEPT,
+					&tmp_cred_handle,
+					&actual_mechs,
+					&lifetime_rec);
+		if (major_status != GSS_S_COMPLETE) return(0);
+	} else {
+		str_data[3] = TELQUAL_IS;
+	}
+	return(1);
+}
+
+	int
+spx_send(ap)
+	Authenticator *ap;
+{
+	Block enckey;
+	int r;
+
+	gss_OID	actual_mech_type, output_name_type;
+	int	msg_ctx = 0, new_status, status;
+	int	req_flags = 0, ret_flags, lifetime_rec, major_status;
+	gss_buffer_desc  output_token, input_token, input_name_buffer;
+	gss_buffer_desc  output_name_buffer, status_string;
+	gss_name_t    desired_targname;
+	gss_channel_bindings  input_chan_bindings;
+	char targ_printable[GSS_C_MAX_PRINTABLE_NAME];
+	int  from_addr=0, to_addr=0, myhostlen, j;
+	int  deleg_flag=1, mutual_flag=0, replay_flag=0, seq_flag=0;
+	char *address;
+
+	printf("[ Trying SPX ... ]\n");
+	strcpy(targ_printable, "SERVICE:rcmd@");
+	strcat(targ_printable, RemoteHostName);
+
+	input_name_buffer.length = strlen(targ_printable);
+	input_name_buffer.value = targ_printable;
+
+	if (!UserNameRequested) {
+		return(0);
+	}
+
+	major_status = gss_import_name(&status,
+					&input_name_buffer,
+					GSS_C_NULL_OID,
+					&desired_targname);
+
+
+	major_status = gss_display_name(&status,
+					desired_targname,
+					&output_name_buffer,
+					&output_name_type);
+
+	printf("target is '%s'\n", output_name_buffer.value); fflush(stdout);
+
+	major_status = gss_release_buffer(&status, &output_name_buffer);
+
+	input_chan_bindings = (gss_channel_bindings)
+	  malloc(sizeof(gss_channel_bindings_desc));
+
+	input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
+	input_chan_bindings->initiator_address.length = 4;
+	address = (char *) malloc(4);
+	input_chan_bindings->initiator_address.value = (char *) address;
+	address[0] = ((from_addr & 0xff000000) >> 24);
+	address[1] = ((from_addr & 0xff0000) >> 16);
+	address[2] = ((from_addr & 0xff00) >> 8);
+	address[3] = (from_addr & 0xff);
+	input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
+	input_chan_bindings->acceptor_address.length = 4;
+	address = (char *) malloc(4);
+	input_chan_bindings->acceptor_address.value = (char *) address;
+	address[0] = ((to_addr & 0xff000000) >> 24);
+	address[1] = ((to_addr & 0xff0000) >> 16);
+	address[2] = ((to_addr & 0xff00) >> 8);
+	address[3] = (to_addr & 0xff);
+	input_chan_bindings->application_data.length = 0;
+
+	req_flags = 0;
+	if (deleg_flag)  req_flags = req_flags | 1;
+	if (mutual_flag) req_flags = req_flags | 2;
+	if (replay_flag) req_flags = req_flags | 4;
+	if (seq_flag)    req_flags = req_flags | 8;
+
+	major_status = gss_init_sec_context(&status,         /* minor status */
+					GSS_C_NO_CREDENTIAL, /* cred handle */
+					&actual_ctxhandle,   /* ctx handle */
+					desired_targname,    /* target name */
+					GSS_C_NULL_OID,      /* mech type */
+					req_flags,           /* req flags */
+					0,                   /* time req */
+					input_chan_bindings, /* chan binding */
+					GSS_C_NO_BUFFER,     /* input token */
+					&actual_mech_type,   /* actual mech */
+					&output_token,       /* output token */
+					&ret_flags,          /* ret flags */
+					&lifetime_rec);      /* time rec */
+
+	if ((major_status != GSS_S_COMPLETE) &&
+	    (major_status != GSS_S_CONTINUE_NEEDED)) {
+	  gss_display_status(&new_status,
+				status,
+				GSS_C_MECH_CODE,
+				GSS_C_NULL_OID,
+				&msg_ctx,
+				&status_string);
+	  printf("%s\n", status_string.value);
+	  return(0);
+	}
+
+	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
+		return(0);
+	}
+
+	if (!Data(ap, SPX_AUTH, (void *)output_token.value, output_token.length)) {
+		return(0);
+	}
+
+	return(1);
+}
+
+	void
+spx_is(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+	Block datablock;
+	int r;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case SPX_AUTH:
+		input_token.length = cnt;
+		input_token.value = (char *) data;
+
+		gethostname(lhostname, sizeof(lhostname));
+
+		strcpy(targ_printable, "SERVICE:rcmd@");
+		strcat(targ_printable, lhostname);
+
+		input_name_buffer.length = strlen(targ_printable);
+		input_name_buffer.value = targ_printable;
+
+		major_status = gss_import_name(&status,
+					&input_name_buffer,
+					GSS_C_NULL_OID,
+					&desired_targname);
+
+		major_status = gss_acquire_cred(&status,
+					desired_targname,
+					0,
+					GSS_C_NULL_OID_SET,
+					GSS_C_ACCEPT,
+					&gss_cred_handle,
+					&actual_mechs,
+					&lifetime_rec);
+
+		major_status = gss_release_name(&status, desired_targname);
+
+		input_chan_bindings = (gss_channel_bindings)
+		  malloc(sizeof(gss_channel_bindings_desc));
+
+		input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
+		input_chan_bindings->initiator_address.length = 4;
+		address = (char *) malloc(4);
+		input_chan_bindings->initiator_address.value = (char *) address;
+		address[0] = ((from_addr & 0xff000000) >> 24);
+		address[1] = ((from_addr & 0xff0000) >> 16);
+		address[2] = ((from_addr & 0xff00) >> 8);
+		address[3] = (from_addr & 0xff);
+		input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
+		input_chan_bindings->acceptor_address.length = 4;
+		address = (char *) malloc(4);
+		input_chan_bindings->acceptor_address.value = (char *) address;
+		address[0] = ((to_addr & 0xff000000) >> 24);
+		address[1] = ((to_addr & 0xff0000) >> 16);
+		address[2] = ((to_addr & 0xff00) >> 8);
+		address[3] = (to_addr & 0xff);
+		input_chan_bindings->application_data.length = 0;
+
+		major_status = gss_accept_sec_context(&status,
+						&context_handle,
+						gss_cred_handle,
+						&input_token,
+						input_chan_bindings,
+						&src_name,
+						&actual_mech_type,
+						&output_token,
+						&ret_flags,
+						&lifetime_rec,
+						&gss_delegated_cred_handle);
+
+
+		if (major_status != GSS_S_COMPLETE) {
+
+		  major_status = gss_display_name(&status,
+					src_name,
+					&fullname_buffer,
+					&fullname_type);
+			Data(ap, SPX_REJECT, (void *)"auth failed", -1);
+			auth_finished(ap, AUTH_REJECT);
+			return;
+		}
+
+		major_status = gss_display_name(&status,
+					src_name,
+					&fullname_buffer,
+					&fullname_type);
+
+
+		Data(ap, SPX_ACCEPT, (void *)output_token.value, output_token.length);
+		auth_finished(ap, AUTH_USER);
+		break;
+
+	default:
+		Data(ap, SPX_REJECT, 0, 0);
+		break;
+	}
+}
+
+
+	void
+spx_reply(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case SPX_REJECT:
+		if (cnt > 0) {
+			printf("[ SPX refuses authentication because %.*s ]\r\n",
+				cnt, data);
+		} else
+			printf("[ SPX refuses authentication ]\r\n");
+		auth_send_retry();
+		return;
+	case SPX_ACCEPT:
+		printf("[ SPX accepts you ]\n");
+		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+			/*
+			 * Send over the encrypted challenge.
+		 	 */
+		  input_token.value = (char *) data;
+		  input_token.length = cnt;
+
+		  major_status = gss_init_sec_context(&status, /* minor stat */
+					GSS_C_NO_CREDENTIAL, /* cred handle */
+					&actual_ctxhandle,   /* ctx handle */
+					desired_targname,    /* target name */
+					GSS_C_NULL_OID,      /* mech type */
+					req_flags,           /* req flags */
+					0,                   /* time req */
+					input_chan_bindings, /* chan binding */
+					&input_token,        /* input token */
+					&actual_mech_type,   /* actual mech */
+					&output_token,       /* output token */
+					&ret_flags,          /* ret flags */
+					&lifetime_rec);      /* time rec */
+
+		  if (major_status != GSS_S_COMPLETE) {
+		    gss_display_status(&new_status,
+					status,
+					GSS_C_MECH_CODE,
+					GSS_C_NULL_OID,
+					&msg_ctx,
+					&status_string);
+		    printf("[ SPX mutual response fails ... '%s' ]\r\n",
+			 status_string.value);
+		    auth_send_retry();
+		    return;
+		  }
+		}
+		auth_finished(ap, AUTH_USER);
+		return;
+
+	default:
+		return;
+	}
+}
+
+	int
+spx_status(ap, name, level)
+	Authenticator *ap;
+	char *name;
+	int level;
+{
+
+	gss_buffer_desc  fullname_buffer, acl_file_buffer;
+	gss_OID          fullname_type;
+	char acl_file[160], fullname[160];
+	int major_status, status = 0;
+	struct passwd  *pwd;
+
+	/*
+	 * hard code fullname to
+	 *   "SPX:/C=US/O=Digital/OU=LKG/OU=Sphinx/OU=Users/CN=Kannan Alagappan"
+	 * and acl_file to "~kannan/.sphinx"
+	 */
+
+	pwd = getpwnam(UserNameRequested);
+	if (pwd == NULL) {
+	  return(AUTH_USER);   /*  not authenticated  */
+	}
+
+	strcpy(acl_file, pwd->pw_dir);
+	strcat(acl_file, "/.sphinx");
+	acl_file_buffer.value = acl_file;
+	acl_file_buffer.length = strlen(acl_file);
+
+	major_status = gss_display_name(&status,
+					src_name,
+					&fullname_buffer,
+					&fullname_type);
+
+	if (level < AUTH_USER)
+		return(level);
+
+	major_status = gss__check_acl(&status, &fullname_buffer,
+					&acl_file_buffer);
+
+	if (major_status == GSS_S_COMPLETE) {
+	  strcpy(name, UserNameRequested);
+	  return(AUTH_VALID);
+	} else {
+	   return(AUTH_USER);
+	}
+
+}
+
+#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
+#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+	void
+spx_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	char lbuf[32];
+	register int i;
+
+	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buflen -= 1;
+
+	switch(data[3]) {
+	case SPX_REJECT:		/* Rejected (reason might follow) */
+		strncpy((char *)buf, " REJECT ", buflen);
+		goto common;
+
+	case SPX_ACCEPT:		/* Accepted (name might follow) */
+		strncpy((char *)buf, " ACCEPT ", buflen);
+	common:
+		BUMP(buf, buflen);
+		if (cnt <= 4)
+			break;
+		ADDC(buf, buflen, '"');
+		for (i = 4; i < cnt; i++)
+			ADDC(buf, buflen, data[i]);
+		ADDC(buf, buflen, '"');
+		ADDC(buf, buflen, '\0');
+		break;
+
+	case SPX_AUTH:			/* Authentication data follows */
+		strncpy((char *)buf, " AUTH", buflen);
+		goto common2;
+
+	default:
+		sprintf(lbuf, " %d (unknown)", data[3]);
+		strncpy((char *)buf, lbuf, buflen);
+	common2:
+		BUMP(buf, buflen);
+		for (i = 4; i < cnt; i++) {
+			sprintf(lbuf, " %d", data[i]);
+			strncpy((char *)buf, lbuf, buflen);
+			BUMP(buf, buflen);
+		}
+		break;
+	}
+}
+
+#endif
+
+#ifdef notdef
+
+prkey(msg, key)
+	char *msg;
+	unsigned char *key;
+{
+	register int i;
+	printf("%s:", msg);
+	for (i = 0; i < 8; i++)
+		printf(" %3d", key[i]);
+	printf("\r\n");
+}
+#endif
diff --git a/crypto/telnet/libtelnet/sra.c b/crypto/telnet/libtelnet/sra.c
new file mode 100644
index 0000000..44a26f2
--- /dev/null
+++ b/crypto/telnet/libtelnet/sra.c
@@ -0,0 +1,478 @@
+#ifdef	SRA
+#include <sys/types.h>
+#include <arpa/telnet.h>
+#include <stdio.h>
+#ifdef	__STDC__
+#include <stdlib.h>
+#endif
+#ifdef	NO_STRING_H
+#include <strings.h>
+#else
+#include <string.h>
+#endif
+
+#include "auth.h"
+#include "misc.h"
+#include "encrypt.h"
+#include "pk.h"
+
+char pka[HEXKEYBYTES+1], ska[HEXKEYBYTES+1], pkb[HEXKEYBYTES+1];
+char *user,*pass,*xuser,*xpass;
+DesData ck;
+IdeaData ik;
+
+extern int auth_debug_mode;
+static sra_valid = 0;
+static passwd_sent = 0;
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+			  		AUTHTYPE_SRA, };
+
+#define SRA_KEY	0
+#define SRA_USER 1
+#define SRA_CONTINUE 2
+#define SRA_PASS 3
+#define SRA_ACCEPT 4
+#define SRA_REJECT 5
+
+/* support routine to send out authentication message */
+static int Data(ap, type, d, c)
+Authenticator *ap;
+int type;
+void *d;
+int c;
+{
+        unsigned char *p = str_data + 4;
+	unsigned char *cd = (unsigned char *)d;
+
+	if (c == -1)
+		c = strlen((char *)cd);
+
+        if (auth_debug_mode) {
+                printf("%s:%d: [%d] (%d)",
+                        str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+                        str_data[3],
+                        type, c);
+                printd(d, c);
+                printf("\r\n");
+        }
+	*p++ = ap->type;
+	*p++ = ap->way;
+	*p++ = type;
+        while (c-- > 0) {
+                if ((*p++ = *cd++) == IAC)
+                        *p++ = IAC;
+        }
+        *p++ = IAC;
+        *p++ = SE;
+	if (str_data[3] == TELQUAL_IS)
+		printsub('>', &str_data[2], p - (&str_data[2]));
+        return(net_write(str_data, p - str_data));
+}
+
+int sra_init(ap, server)
+Authenticator *ap;
+int server;
+{
+	if (server)
+		str_data[3] = TELQUAL_REPLY;
+	else
+		str_data[3] = TELQUAL_IS;
+
+	user = (char *)malloc(256);
+	xuser = (char *)malloc(512);
+	pass = (char *)malloc(256);
+	xpass = (char *)malloc(512);
+	passwd_sent = 0;
+	
+	genkeys(pka,ska);
+	return(1);
+}
+
+/* client received a go-ahead for sra */
+int sra_send(ap)
+Authenticator *ap;
+{
+	/* send PKA */
+
+	if (auth_debug_mode)
+		printf("Sent PKA to server.\r\n" );
+	printf("Trying SRA secure login:\r\n");
+	if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) {
+		if (auth_debug_mode)
+			printf("Not enough room for authentication data\r\n");
+		return(0);
+	}
+
+	return(1);
+}
+
+/* server received an IS -- could be SRA KEY, USER, or PASS */
+void sra_is(ap, data, cnt)
+Authenticator *ap;
+unsigned char *data;
+int cnt;
+{
+	int valid;
+	Session_Key skey;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+
+	case SRA_KEY:
+		if (cnt < HEXKEYBYTES) {
+			Data(ap, SRA_REJECT, (void *)0, 0);
+			auth_finished(ap, AUTH_USER);
+			if (auth_debug_mode) {
+				printf("SRA user rejected for bad PKB\r\n");
+			}
+			return;
+		}
+		if (auth_debug_mode)
+			printf("Sent pka\r\n");
+		if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) {
+			if (auth_debug_mode)
+				printf("Not enough room\r\n");
+			return;
+		}
+		memcpy(pkb,data,HEXKEYBYTES);
+		pkb[HEXKEYBYTES] = '\0';
+		common_key(ska,pkb,&ik,&ck);
+		break;
+
+	case SRA_USER:
+		/* decode KAB(u) */
+		memcpy(xuser,data,cnt);
+		xuser[cnt] = '\0';
+		pk_decode(xuser,user,&ck);
+		auth_encrypt_user(user);
+		Data(ap, SRA_CONTINUE, (void *)0, 0);
+
+		break;
+
+	case SRA_PASS:
+		/* decode KAB(P) */
+		memcpy(xpass,data,cnt);
+		xpass[cnt] = '\0';
+		pk_decode(xpass,pass,&ck);
+
+		/* check user's password */
+		valid = check_user(user,pass);
+
+		if(valid) {
+			Data(ap, SRA_ACCEPT, (void *)0, 0);
+#ifdef DES_ENCRYPTION
+			skey.data = ck;
+			skey.type = SK_DES;
+			skey.length = 8;
+			encrypt_session_key(&skey, 1);
+#endif
+
+			sra_valid = 1;
+			auth_finished(ap, AUTH_VALID);
+			if (auth_debug_mode) {
+				printf("SRA user accepted\r\n");
+			}
+		}
+		else {
+			Data(ap, SRA_CONTINUE, (void *)0, 0);
+/*
+			Data(ap, SRA_REJECT, (void *)0, 0);
+			sra_valid = 0;
+			auth_finished(ap, AUTH_REJECT);
+*/
+			if (auth_debug_mode) {
+				printf("SRA user failed\r\n");
+			}
+		}
+		break;
+
+	default:
+		if (auth_debug_mode)
+			printf("Unknown SRA option %d\r\n", data[-1]);
+		Data(ap, SRA_REJECT, 0, 0);
+		sra_valid = 0;
+		auth_finished(ap, AUTH_REJECT);
+		break;
+	}
+}
+
+extern char *getpass();
+
+/* client received REPLY -- could be SRA KEY, CONTINUE, ACCEPT, or REJECT */
+void sra_reply(ap, data, cnt)
+Authenticator *ap;
+unsigned char *data;
+int cnt;
+{
+	extern char *telnet_gets();
+	char uprompt[256],tuser[256];
+	Session_Key skey;
+	int i;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+
+	case SRA_KEY:
+		/* calculate common key */
+		if (cnt < HEXKEYBYTES) {
+			if (auth_debug_mode) {
+				printf("SRA user rejected for bad PKB\r\n");
+			}
+			return;
+		}
+		memcpy(pkb,data,HEXKEYBYTES);
+		pkb[HEXKEYBYTES] = '\0';		
+
+		common_key(ska,pkb,&ik,&ck);
+
+	enc_user:
+
+		/* encode user */
+		memset(tuser,0,sizeof(tuser));
+		sprintf(uprompt,"User (%s): ",UserNameRequested);
+		telnet_gets(uprompt,tuser,255,1);
+		if (tuser[0] == '\n' || tuser[0] == '\r' )
+			strcpy(user,UserNameRequested);
+		else {
+			/* telnet_gets leaves the newline on */
+			for(i=0;i<sizeof(tuser);i++) {
+				if (tuser[i] == '\n') {
+					tuser[i] = '\0';
+					break;
+				}
+			}
+			strcpy(user,tuser);
+		}
+		pk_encode(user,xuser,&ck);
+
+		/* send it off */
+		if (auth_debug_mode)
+			printf("Sent KAB(U)\r\n");
+		if (!Data(ap, SRA_USER, (void *)xuser, strlen(xuser))) {
+			if (auth_debug_mode)
+				printf("Not enough room\r\n");
+			return;
+		}
+		break;
+
+	case SRA_CONTINUE:
+		if (passwd_sent) {
+			passwd_sent = 0;
+			printf("[ SRA login failed ]\r\n");
+			goto enc_user;
+		}
+		/* encode password */
+		memset(pass,0,sizeof(pass));
+		telnet_gets("Password: ",pass,255,0);
+		pk_encode(pass,xpass,&ck);
+		/* send it off */
+		if (auth_debug_mode)
+			printf("Sent KAB(P)\r\n");
+		if (!Data(ap, SRA_PASS, (void *)xpass, strlen(xpass))) {
+			if (auth_debug_mode)
+				printf("Not enough room\r\n");
+			return;
+		}
+		passwd_sent = 1;
+		break;
+
+	case SRA_REJECT:
+		printf("[ SRA refuses authentication ]\r\n");
+		printf("Trying plaintext login:\r\n");
+		auth_finished(0,AUTH_REJECT);
+		return;
+
+	case SRA_ACCEPT:
+		printf("[ SRA accepts you ]\r\n");
+#ifdef DES_ENCRYPTION
+		skey.data = ck;
+		skey.type = SK_DES;
+		skey.length = 8;
+		encrypt_session_key(&skey, 0);
+#endif
+
+		auth_finished(ap, AUTH_VALID);
+		return;
+	default:
+		if (auth_debug_mode)
+			printf("Unknown SRA option %d\r\n", data[-1]);
+		return;
+	}
+}
+
+int sra_status(ap, name, level)
+Authenticator *ap;
+char *name;
+int level;
+{
+	if (level < AUTH_USER)
+		return(level);
+	if (UserNameRequested && sra_valid) {
+		strcpy(name, UserNameRequested);
+		return(AUTH_VALID);
+	} else
+		return(AUTH_USER);
+}
+
+#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
+#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+void sra_printsub(data, cnt, buf, buflen)
+unsigned char *data, *buf;
+int cnt, buflen;
+{
+	char lbuf[32];
+	register int i;
+
+	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buflen -= 1;
+
+	switch(data[3]) {
+
+	case SRA_CONTINUE:
+		strncpy((char *)buf, " CONTINUE ", buflen);
+		goto common;
+
+	case SRA_REJECT:		/* Rejected (reason might follow) */
+		strncpy((char *)buf, " REJECT ", buflen);
+		goto common;
+
+	case SRA_ACCEPT:		/* Accepted (name might follow) */
+		strncpy((char *)buf, " ACCEPT ", buflen);
+
+	common:
+		BUMP(buf, buflen);
+		if (cnt <= 4)
+			break;
+		ADDC(buf, buflen, '"');
+		for (i = 4; i < cnt; i++)
+			ADDC(buf, buflen, data[i]);
+		ADDC(buf, buflen, '"');
+		ADDC(buf, buflen, '\0');
+		break;
+
+	case SRA_KEY:			/* Authentication data follows */
+		strncpy((char *)buf, " KEY ", buflen);
+		goto common2;
+
+	case SRA_USER:
+		strncpy((char *)buf, " USER ", buflen);
+		goto common2;
+
+	case SRA_PASS:
+		strncpy((char *)buf, " PASS ", buflen);
+		goto common2;
+
+	default:
+		sprintf(lbuf, " %d (unknown)", data[3]);
+		strncpy((char *)buf, lbuf, buflen);
+	common2:
+		BUMP(buf, buflen);
+		for (i = 4; i < cnt; i++) {
+			sprintf(lbuf, " %d", data[i]);
+			strncpy((char *)buf, lbuf, buflen);
+			BUMP(buf, buflen);
+		}
+		break;
+	}
+}
+
+struct	passwd *pw;
+
+/*
+ * Helper function for sgetpwnam().
+ */
+char *
+sgetsave(s)
+	char *s;
+{
+	char *new = malloc((unsigned) strlen(s) + 1);
+
+	if (new == NULL) {
+		return(NULL);
+	}
+	(void) strcpy(new, s);
+	return (new);
+}
+
+#include <pwd.h>
+#include <syslog.h>
+#ifdef USE_SHADOW
+#include <shadow.h>
+#endif
+
+
+struct passwd *
+sgetpwnam(name)
+	char *name;
+{
+	static struct passwd save;
+	register struct passwd *p;
+	char *sgetsave();
+
+	if ((p = getpwnam(name)) == NULL)
+		return (p);
+	if (save.pw_name) {
+		free(save.pw_name);
+		free(save.pw_passwd);
+		free(save.pw_gecos);
+		free(save.pw_dir);
+		free(save.pw_shell);
+	}
+	save = *p;
+	save.pw_name = sgetsave(p->pw_name);
+	save.pw_passwd = sgetsave(p->pw_passwd);
+	save.pw_gecos = sgetsave(p->pw_gecos);
+	save.pw_dir = sgetsave(p->pw_dir);
+	save.pw_shell = sgetsave(p->pw_shell);
+#if 0
+syslog(LOG_WARNING,"%s\n",save.pw_name);
+syslog(LOG_WARNING,"%s\n",save.pw_passwd);
+syslog(LOG_WARNING,"%s\n",save.pw_gecos);
+syslog(LOG_WARNING,"%s\n",save.pw_dir);
+#endif
+#ifdef USE_SHADOW
+        {
+                struct spwd *sp;
+                sp = getspnam(name);
+                free(save.pw_passwd);
+                save.pw_passwd  = sgetsave(sp->sp_pwdp);
+        }
+#endif 
+	return (&save);
+}
+
+char *crypt();
+
+int check_user(name, pass)
+char *name;
+char *pass;
+{
+	register char *cp;
+	char *xpasswd, *salt;
+
+	if (pw = sgetpwnam(name)) {
+		if (pw->pw_shell == NULL) {
+			pw = (struct passwd *) NULL;
+			return(0);
+		}
+
+		salt = pw->pw_passwd;
+		xpasswd = crypt(pass, salt);
+		/* The strcmp does not catch null passwords! */
+		if (pw == NULL || *pw->pw_passwd == '\0' ||
+			strcmp(xpasswd, pw->pw_passwd)) {
+			pw = (struct passwd *) NULL;
+			return(0);
+		}
+		return(1);
+	}
+	return(0);
+}
+
+
+#endif
+
diff --git a/crypto/telnet/telnet/authenc.c b/crypto/telnet/telnet/authenc.c
new file mode 100644
index 0000000..f829b1a
--- /dev/null
+++ b/crypto/telnet/telnet/authenc.c
@@ -0,0 +1,111 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char sccsid[] = "@(#)authenc.c	8.1 (Berkeley) 6/6/93";
+#endif /* not lint */
+
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+#include <sys/types.h>
+#include <arpa/telnet.h>
+#include <libtelnet/encrypt.h>
+#include <libtelnet/misc.h>
+
+#include "general.h"
+#include "ring.h"
+#include "externs.h"
+#include "defines.h"
+#include "types.h"
+
+	int
+net_write(str, len)
+	unsigned char *str;
+	int len;
+{
+	if (NETROOM() > len) {
+		ring_supply_data(&netoring, str, len);
+		if (str[0] == IAC && str[1] == SE)
+			printsub('>', &str[2], len-2);
+		return(len);
+	}
+	return(0);
+}
+
+	void
+net_encrypt()
+{
+#ifdef	ENCRYPTION
+	if (encrypt_output)
+		ring_encrypt(&netoring, encrypt_output);
+	else
+		ring_clearto(&netoring);
+#endif	/* ENCRYPTION */
+}
+
+	int
+telnet_spin()
+{
+	return(-1);
+}
+
+	char *
+telnet_getenv(val)
+	char *val;
+{
+	return((char *)env_getvalue((unsigned char *)val));
+}
+
+	char *
+telnet_gets(prompt, result, length, echo)
+	char *prompt;
+	char *result;
+	int length;
+	int echo;
+{
+	extern char *getpass();
+	extern int globalmode;
+	int om = globalmode;
+	char *res;
+
+	TerminalNewMode(-1);
+	if (echo) {
+		printf("%s", prompt);
+		res = fgets(result, length, stdin);
+	} else if ((res = getpass(prompt))) {
+		strncpy(result, res, length);
+		res = result;
+	}
+	TerminalNewMode(om);
+	return(res);
+}
+#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION) */
diff --git a/crypto/telnet/telnet/commands.c b/crypto/telnet/telnet/commands.c
new file mode 100644
index 0000000..f6bece2
--- /dev/null
+++ b/crypto/telnet/telnet/commands.c
@@ -0,0 +1,3038 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char sccsid[] = "@(#)commands.c	8.4 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+#if	defined(unix)
+#include <sys/param.h>
+#if	defined(CRAY) || defined(sysV88)
+#include <sys/types.h>
+#endif
+#include <sys/file.h>
+#else
+#include <sys/types.h>
+#endif	/* defined(unix) */
+#include <sys/socket.h>
+#include <netinet/in.h>
+#ifdef	CRAY
+#include <fcntl.h>
+#endif	/* CRAY */
+
+#include <signal.h>
+#include <netdb.h>
+#include <ctype.h>
+#include <pwd.h>
+#include <varargs.h>
+#include <errno.h>
+#include <unistd.h>
+#include <stdlib.h>
+
+#include <arpa/telnet.h>
+
+#include "general.h"
+
+#include "ring.h"
+
+#include "externs.h"
+#include "defines.h"
+#include "types.h"
+
+#if	defined(AUTHENTICATION)
+#include <libtelnet/auth.h>
+#endif
+#if	defined(ENCRYPTION)
+#include <libtelnet/encrypt.h>
+#endif
+
+#if !defined(CRAY) && !defined(sysV88)
+#include <netinet/in_systm.h>
+# if (defined(vax) || defined(tahoe) || defined(hp300)) && !defined(ultrix)
+# include <machine/endian.h>
+# endif /* vax */
+#endif /* !defined(CRAY) && !defined(sysV88) */
+#include <netinet/ip.h>
+
+
+#ifndef	MAXHOSTNAMELEN
+#define	MAXHOSTNAMELEN 64
+#endif	MAXHOSTNAMELEN
+
+#if	defined(IPPROTO_IP) && defined(IP_TOS)
+int tos = -1;
+#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
+
+char	*hostname;
+static char _hostname[MAXHOSTNAMELEN];
+
+extern char *getenv();
+
+extern int isprefix();
+extern char **genget();
+extern int Ambiguous();
+
+static int help(int argc, char *argv[]);
+static int call();
+static void cmdrc(char *m1, char *m2);
+
+int quit(void);
+
+typedef struct {
+	char	*name;		/* command name */
+	char	*help;		/* help string (NULL for no help) */
+	int	(*handler)();	/* routine which executes command */
+	int	needconnect;	/* Do we need to be connected to execute? */
+} Command;
+
+static char line[256];
+static char saveline[256];
+static int margc;
+static char *margv[20];
+
+#if	defined(SKEY)
+#include <sys/wait.h>
+#define PATH_SKEY	"/usr/bin/key"
+    int
+skey_calc(argc, argv)
+	int argc;
+	char **argv;
+{
+	int status;
+
+	if(argc != 3) {
+		printf("%s sequence challenge\n", argv[0]);
+		return;
+	}
+
+	switch(fork()) {
+	case 0:
+		execv(PATH_SKEY, argv);
+		exit (1);
+	case -1:
+		perror("fork");
+		break;
+	default:
+		(void) wait(&status);
+		if (WIFEXITED(status))
+			return (WEXITSTATUS(status));
+		return (0);
+	}
+}
+#endif
+
+    static void
+makeargv()
+{
+    register char *cp, *cp2, c;
+    register char **argp = margv;
+
+    margc = 0;
+    cp = line;
+    if (*cp == '!') {		/* Special case shell escape */
+	strcpy(saveline, line);	/* save for shell command */
+	*argp++ = "!";		/* No room in string to get this */
+	margc++;
+	cp++;
+    }
+    while ((c = *cp)) {
+	register int inquote = 0;
+	while (isspace(c))
+	    c = *++cp;
+	if (c == '\0')
+	    break;
+	*argp++ = cp;
+	margc += 1;
+	for (cp2 = cp; c != '\0'; c = *++cp) {
+	    if (inquote) {
+		if (c == inquote) {
+		    inquote = 0;
+		    continue;
+		}
+	    } else {
+		if (c == '\\') {
+		    if ((c = *++cp) == '\0')
+			break;
+		} else if (c == '"') {
+		    inquote = '"';
+		    continue;
+		} else if (c == '\'') {
+		    inquote = '\'';
+		    continue;
+		} else if (isspace(c))
+		    break;
+	    }
+	    *cp2++ = c;
+	}
+	*cp2 = '\0';
+	if (c == '\0')
+	    break;
+	cp++;
+    }
+    *argp++ = 0;
+}
+
+/*
+ * Make a character string into a number.
+ *
+ * Todo:  1.  Could take random integers (12, 0x12, 012, 0b1).
+ */
+
+	static int
+special(s)
+	register char *s;
+{
+	register char c;
+	char b;
+
+	switch (*s) {
+	case '^':
+		b = *++s;
+		if (b == '?') {
+		    c = b | 0x40;		/* DEL */
+		} else {
+		    c = b & 0x1f;
+		}
+		break;
+	default:
+		c = *s;
+		break;
+	}
+	return c;
+}
+
+/*
+ * Construct a control character sequence
+ * for a special character.
+ */
+	static char *
+control(c)
+	register cc_t c;
+{
+	static char buf[5];
+	/*
+	 * The only way I could get the Sun 3.5 compiler
+	 * to shut up about
+	 *	if ((unsigned int)c >= 0x80)
+	 * was to assign "c" to an unsigned int variable...
+	 * Arggg....
+	 */
+	register unsigned int uic = (unsigned int)c;
+
+	if (uic == 0x7f)
+		return ("^?");
+	if (c == (cc_t)_POSIX_VDISABLE) {
+		return "off";
+	}
+	if (uic >= 0x80) {
+		buf[0] = '\\';
+		buf[1] = ((c>>6)&07) + '0';
+		buf[2] = ((c>>3)&07) + '0';
+		buf[3] = (c&07) + '0';
+		buf[4] = 0;
+	} else if (uic >= 0x20) {
+		buf[0] = c;
+		buf[1] = 0;
+	} else {
+		buf[0] = '^';
+		buf[1] = '@'+c;
+		buf[2] = 0;
+	}
+	return (buf);
+}
+
+
+
+/*
+ *	The following are data structures and routines for
+ *	the "send" command.
+ *
+ */
+
+struct sendlist {
+    char	*name;		/* How user refers to it (case independent) */
+    char	*help;		/* Help information (0 ==> no help) */
+    int		needconnect;	/* Need to be connected */
+    int		narg;		/* Number of arguments */
+    int		(*handler)();	/* Routine to perform (for special ops) */
+    int		nbyte;		/* Number of bytes to send this command */
+    int		what;		/* Character to be sent (<0 ==> special) */
+};
+
+
+static int
+	send_esc P((void)),
+	send_help P((void)),
+	send_docmd P((char *)),
+	send_dontcmd P((char *)),
+	send_willcmd P((char *)),
+	send_wontcmd P((char *));
+
+static struct sendlist Sendlist[] = {
+    { "ao",	"Send Telnet Abort output",		1, 0, 0, 2, AO },
+    { "ayt",	"Send Telnet 'Are You There'",		1, 0, 0, 2, AYT },
+    { "brk",	"Send Telnet Break",			1, 0, 0, 2, BREAK },
+    { "break",	0,					1, 0, 0, 2, BREAK },
+    { "ec",	"Send Telnet Erase Character",		1, 0, 0, 2, EC },
+    { "el",	"Send Telnet Erase Line",		1, 0, 0, 2, EL },
+    { "escape",	"Send current escape character",	1, 0, send_esc, 1, 0 },
+    { "ga",	"Send Telnet 'Go Ahead' sequence",	1, 0, 0, 2, GA },
+    { "ip",	"Send Telnet Interrupt Process",	1, 0, 0, 2, IP },
+    { "intp",	0,					1, 0, 0, 2, IP },
+    { "interrupt", 0,					1, 0, 0, 2, IP },
+    { "intr",	0,					1, 0, 0, 2, IP },
+    { "nop",	"Send Telnet 'No operation'",		1, 0, 0, 2, NOP },
+    { "eor",	"Send Telnet 'End of Record'",		1, 0, 0, 2, EOR },
+    { "abort",	"Send Telnet 'Abort Process'",		1, 0, 0, 2, ABORT },
+    { "susp",	"Send Telnet 'Suspend Process'",	1, 0, 0, 2, SUSP },
+    { "eof",	"Send Telnet End of File Character",	1, 0, 0, 2, xEOF },
+    { "synch",	"Perform Telnet 'Synch operation'",	1, 0, dosynch, 2, 0 },
+    { "getstatus", "Send request for STATUS",		1, 0, get_status, 6, 0 },
+    { "?",	"Display send options",			0, 0, send_help, 0, 0 },
+    { "help",	0,					0, 0, send_help, 0, 0 },
+    { "do",	0,					0, 1, send_docmd, 3, 0 },
+    { "dont",	0,					0, 1, send_dontcmd, 3, 0 },
+    { "will",	0,					0, 1, send_willcmd, 3, 0 },
+    { "wont",	0,					0, 1, send_wontcmd, 3, 0 },
+    { 0 }
+};
+
+#define	GETSEND(name) ((struct sendlist *) genget(name, (char **) Sendlist, \
+				sizeof(struct sendlist)))
+
+    static int
+sendcmd(argc, argv)
+    int  argc;
+    char **argv;
+{
+    int count;		/* how many bytes we are going to need to send */
+    int i;
+    struct sendlist *s;	/* pointer to current command */
+    int success = 0;
+    int needconnect = 0;
+
+    if (argc < 2) {
+	printf("need at least one argument for 'send' command\n");
+	printf("'send ?' for help\n");
+	return 0;
+    }
+    /*
+     * First, validate all the send arguments.
+     * In addition, we see how much space we are going to need, and
+     * whether or not we will be doing a "SYNCH" operation (which
+     * flushes the network queue).
+     */
+    count = 0;
+    for (i = 1; i < argc; i++) {
+	s = GETSEND(argv[i]);
+	if (s == 0) {
+	    printf("Unknown send argument '%s'\n'send ?' for help.\n",
+			argv[i]);
+	    return 0;
+	} else if (Ambiguous(s)) {
+	    printf("Ambiguous send argument '%s'\n'send ?' for help.\n",
+			argv[i]);
+	    return 0;
+	}
+	if (i + s->narg >= argc) {
+	    fprintf(stderr,
+	    "Need %d argument%s to 'send %s' command.  'send %s ?' for help.\n",
+		s->narg, s->narg == 1 ? "" : "s", s->name, s->name);
+	    return 0;
+	}
+	count += s->nbyte;
+	if (s->handler == send_help) {
+	    send_help();
+	    return 0;
+	}
+
+	i += s->narg;
+	needconnect += s->needconnect;
+    }
+    if (!connected && needconnect) {
+	printf("?Need to be connected first.\n");
+	printf("'send ?' for help\n");
+	return 0;
+    }
+    /* Now, do we have enough room? */
+    if (NETROOM() < count) {
+	printf("There is not enough room in the buffer TO the network\n");
+	printf("to process your request.  Nothing will be done.\n");
+	printf("('send synch' will throw away most data in the network\n");
+	printf("buffer, if this might help.)\n");
+	return 0;
+    }
+    /* OK, they are all OK, now go through again and actually send */
+    count = 0;
+    for (i = 1; i < argc; i++) {
+	if ((s = GETSEND(argv[i])) == 0) {
+	    fprintf(stderr, "Telnet 'send' error - argument disappeared!\n");
+	    (void) quit();
+	    /*NOTREACHED*/
+	}
+	if (s->handler) {
+	    count++;
+	    success += (*s->handler)((s->narg > 0) ? argv[i+1] : 0,
+				  (s->narg > 1) ? argv[i+2] : 0);
+	    i += s->narg;
+	} else {
+	    NET2ADD(IAC, s->what);
+	    printoption("SENT", IAC, s->what);
+	}
+    }
+    return (count == success);
+}
+
+    static int
+send_esc()
+{
+    NETADD(escape);
+    return 1;
+}
+
+    static int
+send_docmd(name)
+    char *name;
+{
+    return(send_tncmd(send_do, "do", name));
+}
+
+    static int
+send_dontcmd(name)
+    char *name;
+{
+    return(send_tncmd(send_dont, "dont", name));
+}
+    static int
+send_willcmd(name)
+    char *name;
+{
+    return(send_tncmd(send_will, "will", name));
+}
+    static int
+send_wontcmd(name)
+    char *name;
+{
+    return(send_tncmd(send_wont, "wont", name));
+}
+
+    int
+send_tncmd(func, cmd, name)
+    void	(*func)();
+    char	*cmd, *name;
+{
+    char **cpp;
+    extern char *telopts[];
+    register int val = 0;
+
+    if (isprefix(name, "help") || isprefix(name, "?")) {
+	register int col, len;
+
+	printf("Usage: send %s <value|option>\n", cmd);
+	printf("\"value\" must be from 0 to 255\n");
+	printf("Valid options are:\n\t");
+
+	col = 8;
+	for (cpp = telopts; *cpp; cpp++) {
+	    len = strlen(*cpp) + 3;
+	    if (col + len > 65) {
+		printf("\n\t");
+		col = 8;
+	    }
+	    printf(" \"%s\"", *cpp);
+	    col += len;
+	}
+	printf("\n");
+	return 0;
+    }
+    cpp = (char **)genget(name, telopts, sizeof(char *));
+    if (Ambiguous(cpp)) {
+	fprintf(stderr,"'%s': ambiguous argument ('send %s ?' for help).\n",
+					name, cmd);
+	return 0;
+    }
+    if (cpp) {
+	val = cpp - telopts;
+    } else {
+	register char *cp = name;
+
+	while (*cp >= '0' && *cp <= '9') {
+	    val *= 10;
+	    val += *cp - '0';
+	    cp++;
+	}
+	if (*cp != 0) {
+	    fprintf(stderr, "'%s': unknown argument ('send %s ?' for help).\n",
+					name, cmd);
+	    return 0;
+	} else if (val < 0 || val > 255) {
+	    fprintf(stderr, "'%s': bad value ('send %s ?' for help).\n",
+					name, cmd);
+	    return 0;
+	}
+    }
+    if (!connected) {
+	printf("?Need to be connected first.\n");
+	return 0;
+    }
+    (*func)(val, 1);
+    return 1;
+}
+
+    static int
+send_help()
+{
+    struct sendlist *s;	/* pointer to current command */
+    for (s = Sendlist; s->name; s++) {
+	if (s->help)
+	    printf("%-15s %s\n", s->name, s->help);
+    }
+    return(0);
+}
+
+/*
+ * The following are the routines and data structures referred
+ * to by the arguments to the "toggle" command.
+ */
+
+    static int
+lclchars()
+{
+    donelclchars = 1;
+    return 1;
+}
+
+    static int
+togdebug()
+{
+#ifndef	NOT43
+    if (net > 0 &&
+	(SetSockOpt(net, SOL_SOCKET, SO_DEBUG, debug)) < 0) {
+	    perror("setsockopt (SO_DEBUG)");
+    }
+#else	/* NOT43 */
+    if (debug) {
+	if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0)
+	    perror("setsockopt (SO_DEBUG)");
+    } else
+	printf("Cannot turn off socket debugging\n");
+#endif	/* NOT43 */
+    return 1;
+}
+
+
+    static int
+togcrlf()
+{
+    if (crlf) {
+	printf("Will send carriage returns as telnet <CR><LF>.\n");
+    } else {
+	printf("Will send carriage returns as telnet <CR><NUL>.\n");
+    }
+    return 1;
+}
+
+int binmode;
+
+    static int
+togbinary(val)
+    int val;
+{
+    donebinarytoggle = 1;
+
+    if (val >= 0) {
+	binmode = val;
+    } else {
+	if (my_want_state_is_will(TELOPT_BINARY) &&
+				my_want_state_is_do(TELOPT_BINARY)) {
+	    binmode = 1;
+	} else if (my_want_state_is_wont(TELOPT_BINARY) &&
+				my_want_state_is_dont(TELOPT_BINARY)) {
+	    binmode = 0;
+	}
+	val = binmode ? 0 : 1;
+    }
+
+    if (val == 1) {
+	if (my_want_state_is_will(TELOPT_BINARY) &&
+					my_want_state_is_do(TELOPT_BINARY)) {
+	    printf("Already operating in binary mode with remote host.\n");
+	} else {
+	    printf("Negotiating binary mode with remote host.\n");
+	    tel_enter_binary(3);
+	}
+    } else {
+	if (my_want_state_is_wont(TELOPT_BINARY) &&
+					my_want_state_is_dont(TELOPT_BINARY)) {
+	    printf("Already in network ascii mode with remote host.\n");
+	} else {
+	    printf("Negotiating network ascii mode with remote host.\n");
+	    tel_leave_binary(3);
+	}
+    }
+    return 1;
+}
+
+    static int
+togrbinary(val)
+    int val;
+{
+    donebinarytoggle = 1;
+
+    if (val == -1)
+	val = my_want_state_is_do(TELOPT_BINARY) ? 0 : 1;
+
+    if (val == 1) {
+	if (my_want_state_is_do(TELOPT_BINARY)) {
+	    printf("Already receiving in binary mode.\n");
+	} else {
+	    printf("Negotiating binary mode on input.\n");
+	    tel_enter_binary(1);
+	}
+    } else {
+	if (my_want_state_is_dont(TELOPT_BINARY)) {
+	    printf("Already receiving in network ascii mode.\n");
+	} else {
+	    printf("Negotiating network ascii mode on input.\n");
+	    tel_leave_binary(1);
+	}
+    }
+    return 1;
+}
+
+    static int
+togxbinary(val)
+    int val;
+{
+    donebinarytoggle = 1;
+
+    if (val == -1)
+	val = my_want_state_is_will(TELOPT_BINARY) ? 0 : 1;
+
+    if (val == 1) {
+	if (my_want_state_is_will(TELOPT_BINARY)) {
+	    printf("Already transmitting in binary mode.\n");
+	} else {
+	    printf("Negotiating binary mode on output.\n");
+	    tel_enter_binary(2);
+	}
+    } else {
+	if (my_want_state_is_wont(TELOPT_BINARY)) {
+	    printf("Already transmitting in network ascii mode.\n");
+	} else {
+	    printf("Negotiating network ascii mode on output.\n");
+	    tel_leave_binary(2);
+	}
+    }
+    return 1;
+}
+
+
+static int togglehelp P((void));
+#if	defined(AUTHENTICATION)
+extern int auth_togdebug P((int));
+#endif
+#ifdef	ENCRYPTION
+extern int EncryptAutoEnc P((int));
+extern int EncryptAutoDec P((int));
+extern int EncryptDebug P((int));
+extern int EncryptVerbose P((int));
+#endif	/* ENCRYPTION */
+
+struct togglelist {
+    char	*name;		/* name of toggle */
+    char	*help;		/* help message */
+    int		(*handler)();	/* routine to do actual setting */
+    int		*variable;
+    char	*actionexplanation;
+};
+
+static struct togglelist Togglelist[] = {
+    { "autoflush",
+	"flushing of output when sending interrupt characters",
+	    0,
+		&autoflush,
+		    "flush output when sending interrupt characters" },
+    { "autosynch",
+	"automatic sending of interrupt characters in urgent mode",
+	    0,
+		&autosynch,
+		    "send interrupt characters in urgent mode" },
+#if	defined(AUTHENTICATION)
+    { "autologin",
+	"automatic sending of login and/or authentication info",
+	    0,
+		&autologin,
+		    "send login name and/or authentication information" },
+    { "authdebug",
+	"Toggle authentication debugging",
+	    auth_togdebug,
+		0,
+		     "print authentication debugging information" },
+#endif
+#ifdef	ENCRYPTION
+    { "autoencrypt",
+	"automatic encryption of data stream",
+	    EncryptAutoEnc,
+		0,
+		    "automatically encrypt output" },
+    { "autodecrypt",
+	"automatic decryption of data stream",
+	    EncryptAutoDec,
+		0,
+		    "automatically decrypt input" },
+    { "verbose_encrypt",
+	"Toggle verbose encryption output",
+	    EncryptVerbose,
+		0,
+		    "print verbose encryption output" },
+    { "encdebug",
+	"Toggle encryption debugging",
+	    EncryptDebug,
+		0,
+		    "print encryption debugging information" },
+#endif	/* ENCRYPTION */
+    { "skiprc",
+	"don't read ~/.telnetrc file",
+	    0,
+		&skiprc,
+		    "skip reading of ~/.telnetrc file" },
+    { "binary",
+	"sending and receiving of binary data",
+	    togbinary,
+		0,
+		    0 },
+    { "inbinary",
+	"receiving of binary data",
+	    togrbinary,
+		0,
+		    0 },
+    { "outbinary",
+	"sending of binary data",
+	    togxbinary,
+		0,
+		    0 },
+    { "crlf",
+	"sending carriage returns as telnet <CR><LF>",
+	    togcrlf,
+		&crlf,
+		    0 },
+    { "crmod",
+	"mapping of received carriage returns",
+	    0,
+		&crmod,
+		    "map carriage return on output" },
+    { "localchars",
+	"local recognition of certain control characters",
+	    lclchars,
+		&localchars,
+		    "recognize certain control characters" },
+    { " ", "", 0 },		/* empty line */
+#if	defined(unix) && defined(TN3270)
+    { "apitrace",
+	"(debugging) toggle tracing of API transactions",
+	    0,
+		&apitrace,
+		    "trace API transactions" },
+    { "cursesdata",
+	"(debugging) toggle printing of hexadecimal curses data",
+	    0,
+		&cursesdata,
+		    "print hexadecimal representation of curses data" },
+#endif	/* defined(unix) && defined(TN3270) */
+    { "debug",
+	"debugging",
+	    togdebug,
+		&debug,
+		    "turn on socket level debugging" },
+    { "netdata",
+	"printing of hexadecimal network data (debugging)",
+	    0,
+		&netdata,
+		    "print hexadecimal representation of network traffic" },
+    { "prettydump",
+	"output of \"netdata\" to user readable format (debugging)",
+	    0,
+		&prettydump,
+		    "print user readable output for \"netdata\"" },
+    { "options",
+	"viewing of options processing (debugging)",
+	    0,
+		&showoptions,
+		    "show option processing" },
+#if	defined(unix)
+    { "termdata",
+	"(debugging) toggle printing of hexadecimal terminal data",
+	    0,
+		&termdata,
+		    "print hexadecimal representation of terminal traffic" },
+#endif	/* defined(unix) */
+    { "?",
+	0,
+	    togglehelp },
+    { "help",
+	0,
+	    togglehelp },
+    { 0 }
+};
+
+    static int
+togglehelp()
+{
+    struct togglelist *c;
+
+    for (c = Togglelist; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s toggle %s\n", c->name, c->help);
+	    else
+		printf("\n");
+	}
+    }
+    printf("\n");
+    printf("%-15s %s\n", "?", "display help information");
+    return 0;
+}
+
+    static void
+settogglehelp(set)
+    int set;
+{
+    struct togglelist *c;
+
+    for (c = Togglelist; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s %s %s\n", c->name, set ? "enable" : "disable",
+						c->help);
+	    else
+		printf("\n");
+	}
+    }
+}
+
+#define	GETTOGGLE(name) (struct togglelist *) \
+		genget(name, (char **) Togglelist, sizeof(struct togglelist))
+
+    static int
+toggle(argc, argv)
+    int  argc;
+    char *argv[];
+{
+    int retval = 1;
+    char *name;
+    struct togglelist *c;
+
+    if (argc < 2) {
+	fprintf(stderr,
+	    "Need an argument to 'toggle' command.  'toggle ?' for help.\n");
+	return 0;
+    }
+    argc--;
+    argv++;
+    while (argc--) {
+	name = *argv++;
+	c = GETTOGGLE(name);
+	if (Ambiguous(c)) {
+	    fprintf(stderr, "'%s': ambiguous argument ('toggle ?' for help).\n",
+					name);
+	    return 0;
+	} else if (c == 0) {
+	    fprintf(stderr, "'%s': unknown argument ('toggle ?' for help).\n",
+					name);
+	    return 0;
+	} else {
+	    if (c->variable) {
+		*c->variable = !*c->variable;		/* invert it */
+		if (c->actionexplanation) {
+		    printf("%s %s.\n", *c->variable? "Will" : "Won't",
+							c->actionexplanation);
+		}
+	    }
+	    if (c->handler) {
+		retval &= (*c->handler)(-1);
+	    }
+	}
+    }
+    return retval;
+}
+
+/*
+ * The following perform the "set" command.
+ */
+
+#ifdef	USE_TERMIO
+struct termio new_tc = { 0 };
+#endif
+
+struct setlist {
+    char *name;				/* name */
+    char *help;				/* help information */
+    void (*handler)();
+    cc_t *charp;			/* where it is located at */
+};
+
+static struct setlist Setlist[] = {
+#ifdef	KLUDGELINEMODE
+    { "echo", 	"character to toggle local echoing on/off", 0, &echoc },
+#endif
+    { "escape",	"character to escape back to telnet command mode", 0, &escape },
+    { "rlogin", "rlogin escape character", 0, &rlogin },
+    { "tracefile", "file to write trace information to", SetNetTrace, (cc_t *)NetTraceFile},
+    { " ", "" },
+    { " ", "The following need 'localchars' to be toggled true", 0, 0 },
+    { "flushoutput", "character to cause an Abort Output", 0, termFlushCharp },
+    { "interrupt", "character to cause an Interrupt Process", 0, termIntCharp },
+    { "quit",	"character to cause an Abort process", 0, termQuitCharp },
+    { "eof",	"character to cause an EOF ", 0, termEofCharp },
+    { " ", "" },
+    { " ", "The following are for local editing in linemode", 0, 0 },
+    { "erase",	"character to use to erase a character", 0, termEraseCharp },
+    { "kill",	"character to use to erase a line", 0, termKillCharp },
+    { "lnext",	"character to use for literal next", 0, termLiteralNextCharp },
+    { "susp",	"character to cause a Suspend Process", 0, termSuspCharp },
+    { "reprint", "character to use for line reprint", 0, termRprntCharp },
+    { "worderase", "character to use to erase a word", 0, termWerasCharp },
+    { "start",	"character to use for XON", 0, termStartCharp },
+    { "stop",	"character to use for XOFF", 0, termStopCharp },
+    { "forw1",	"alternate end of line character", 0, termForw1Charp },
+    { "forw2",	"alternate end of line character", 0, termForw2Charp },
+    { "ayt",	"alternate AYT character", 0, termAytCharp },
+    { 0 }
+};
+
+#if	defined(CRAY) && !defined(__STDC__)
+/* Work around compiler bug in pcc 4.1.5 */
+    void
+_setlist_init()
+{
+#ifndef	KLUDGELINEMODE
+#define	N 5
+#else
+#define	N 6
+#endif
+	Setlist[N+0].charp = &termFlushChar;
+	Setlist[N+1].charp = &termIntChar;
+	Setlist[N+2].charp = &termQuitChar;
+	Setlist[N+3].charp = &termEofChar;
+	Setlist[N+6].charp = &termEraseChar;
+	Setlist[N+7].charp = &termKillChar;
+	Setlist[N+8].charp = &termLiteralNextChar;
+	Setlist[N+9].charp = &termSuspChar;
+	Setlist[N+10].charp = &termRprntChar;
+	Setlist[N+11].charp = &termWerasChar;
+	Setlist[N+12].charp = &termStartChar;
+	Setlist[N+13].charp = &termStopChar;
+	Setlist[N+14].charp = &termForw1Char;
+	Setlist[N+15].charp = &termForw2Char;
+	Setlist[N+16].charp = &termAytChar;
+#undef	N
+}
+#endif	/* defined(CRAY) && !defined(__STDC__) */
+
+    static struct setlist *
+getset(name)
+    char *name;
+{
+    return (struct setlist *)
+		genget(name, (char **) Setlist, sizeof(struct setlist));
+}
+
+    void
+set_escape_char(s)
+    char *s;
+{
+	if (rlogin != _POSIX_VDISABLE) {
+		rlogin = (s && *s) ? special(s) : _POSIX_VDISABLE;
+		printf("Telnet rlogin escape character is '%s'.\n",
+					control(rlogin));
+	} else {
+		escape = (s && *s) ? special(s) : _POSIX_VDISABLE;
+		printf("Telnet escape character is '%s'.\n", control(escape));
+	}
+}
+
+    static int
+setcmd(argc, argv)
+    int  argc;
+    char *argv[];
+{
+    int value;
+    struct setlist *ct;
+    struct togglelist *c;
+
+    if (argc < 2 || argc > 3) {
+	printf("Format is 'set Name Value'\n'set ?' for help.\n");
+	return 0;
+    }
+    if ((argc == 2) && (isprefix(argv[1], "?") || isprefix(argv[1], "help"))) {
+	for (ct = Setlist; ct->name; ct++)
+	    printf("%-15s %s\n", ct->name, ct->help);
+	printf("\n");
+	settogglehelp(1);
+	printf("%-15s %s\n", "?", "display help information");
+	return 0;
+    }
+
+    ct = getset(argv[1]);
+    if (ct == 0) {
+	c = GETTOGGLE(argv[1]);
+	if (c == 0) {
+	    fprintf(stderr, "'%s': unknown argument ('set ?' for help).\n",
+			argv[1]);
+	    return 0;
+	} else if (Ambiguous(c)) {
+	    fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\n",
+			argv[1]);
+	    return 0;
+	}
+	if (c->variable) {
+	    if ((argc == 2) || (strcmp("on", argv[2]) == 0))
+		*c->variable = 1;
+	    else if (strcmp("off", argv[2]) == 0)
+		*c->variable = 0;
+	    else {
+		printf("Format is 'set togglename [on|off]'\n'set ?' for help.\n");
+		return 0;
+	    }
+	    if (c->actionexplanation) {
+		printf("%s %s.\n", *c->variable? "Will" : "Won't",
+							c->actionexplanation);
+	    }
+	}
+	if (c->handler)
+	    (*c->handler)(1);
+    } else if (argc != 3) {
+	printf("Format is 'set Name Value'\n'set ?' for help.\n");
+	return 0;
+    } else if (Ambiguous(ct)) {
+	fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\n",
+			argv[1]);
+	return 0;
+    } else if (ct->handler) {
+	(*ct->handler)(argv[2]);
+	printf("%s set to \"%s\".\n", ct->name, (char *)ct->charp);
+    } else {
+	if (strcmp("off", argv[2])) {
+	    value = special(argv[2]);
+	} else {
+	    value = _POSIX_VDISABLE;
+	}
+	*(ct->charp) = (cc_t)value;
+	printf("%s character is '%s'.\n", ct->name, control(*(ct->charp)));
+    }
+    slc_check();
+    return 1;
+}
+
+    static int
+unsetcmd(argc, argv)
+    int  argc;
+    char *argv[];
+{
+    struct setlist *ct;
+    struct togglelist *c;
+    register char *name;
+
+    if (argc < 2) {
+	fprintf(stderr,
+	    "Need an argument to 'unset' command.  'unset ?' for help.\n");
+	return 0;
+    }
+    if (isprefix(argv[1], "?") || isprefix(argv[1], "help")) {
+	for (ct = Setlist; ct->name; ct++)
+	    printf("%-15s %s\n", ct->name, ct->help);
+	printf("\n");
+	settogglehelp(0);
+	printf("%-15s %s\n", "?", "display help information");
+	return 0;
+    }
+
+    argc--;
+    argv++;
+    while (argc--) {
+	name = *argv++;
+	ct = getset(name);
+	if (ct == 0) {
+	    c = GETTOGGLE(name);
+	    if (c == 0) {
+		fprintf(stderr, "'%s': unknown argument ('unset ?' for help).\n",
+			name);
+		return 0;
+	    } else if (Ambiguous(c)) {
+		fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\n",
+			name);
+		return 0;
+	    }
+	    if (c->variable) {
+		*c->variable = 0;
+		if (c->actionexplanation) {
+		    printf("%s %s.\n", *c->variable? "Will" : "Won't",
+							c->actionexplanation);
+		}
+	    }
+	    if (c->handler)
+		(*c->handler)(0);
+	} else if (Ambiguous(ct)) {
+	    fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\n",
+			name);
+	    return 0;
+	} else if (ct->handler) {
+	    (*ct->handler)(0);
+	    printf("%s reset to \"%s\".\n", ct->name, (char *)ct->charp);
+	} else {
+	    *(ct->charp) = _POSIX_VDISABLE;
+	    printf("%s character is '%s'.\n", ct->name, control(*(ct->charp)));
+	}
+    }
+    return 1;
+}
+
+/*
+ * The following are the data structures and routines for the
+ * 'mode' command.
+ */
+#ifdef	KLUDGELINEMODE
+extern int kludgelinemode;
+
+    static int
+dokludgemode()
+{
+    kludgelinemode = 1;
+    send_wont(TELOPT_LINEMODE, 1);
+    send_dont(TELOPT_SGA, 1);
+    send_dont(TELOPT_ECHO, 1);
+    return 1;
+}
+#endif
+
+    static int
+dolinemode()
+{
+#ifdef	KLUDGELINEMODE
+    if (kludgelinemode)
+	send_dont(TELOPT_SGA, 1);
+#endif
+    send_will(TELOPT_LINEMODE, 1);
+    send_dont(TELOPT_ECHO, 1);
+    return 1;
+}
+
+    static int
+docharmode()
+{
+#ifdef	KLUDGELINEMODE
+    if (kludgelinemode)
+	send_do(TELOPT_SGA, 1);
+    else
+#endif
+    send_wont(TELOPT_LINEMODE, 1);
+    send_do(TELOPT_ECHO, 1);
+    return 1;
+}
+
+    static int
+dolmmode(bit, on)
+    int bit, on;
+{
+    unsigned char c;
+    extern int linemode;
+
+    if (my_want_state_is_wont(TELOPT_LINEMODE)) {
+	printf("?Need to have LINEMODE option enabled first.\n");
+	printf("'mode ?' for help.\n");
+	return 0;
+    }
+
+    if (on)
+	c = (linemode | bit);
+    else
+	c = (linemode & ~bit);
+    lm_mode(&c, 1, 1);
+    return 1;
+}
+
+    int
+setmod(bit)
+{
+    return dolmmode(bit, 1);
+}
+
+    int
+clearmode(bit)
+{
+    return dolmmode(bit, 0);
+}
+
+struct modelist {
+	char	*name;		/* command name */
+	char	*help;		/* help string */
+	int	(*handler)();	/* routine which executes command */
+	int	needconnect;	/* Do we need to be connected to execute? */
+	int	arg1;
+};
+
+extern int modehelp();
+
+static struct modelist ModeList[] = {
+    { "character", "Disable LINEMODE option",	docharmode, 1 },
+#ifdef	KLUDGELINEMODE
+    { "",	"(or disable obsolete line-by-line mode)", 0 },
+#endif
+    { "line",	"Enable LINEMODE option",	dolinemode, 1 },
+#ifdef	KLUDGELINEMODE
+    { "",	"(or enable obsolete line-by-line mode)", 0 },
+#endif
+    { "", "", 0 },
+    { "",	"These require the LINEMODE option to be enabled", 0 },
+    { "isig",	"Enable signal trapping",	setmod, 1, MODE_TRAPSIG },
+    { "+isig",	0,				setmod, 1, MODE_TRAPSIG },
+    { "-isig",	"Disable signal trapping",	clearmode, 1, MODE_TRAPSIG },
+    { "edit",	"Enable character editing",	setmod, 1, MODE_EDIT },
+    { "+edit",	0,				setmod, 1, MODE_EDIT },
+    { "-edit",	"Disable character editing",	clearmode, 1, MODE_EDIT },
+    { "softtabs", "Enable tab expansion",	setmod, 1, MODE_SOFT_TAB },
+    { "+softtabs", 0,				setmod, 1, MODE_SOFT_TAB },
+    { "-softtabs", "Disable character editing",	clearmode, 1, MODE_SOFT_TAB },
+    { "litecho", "Enable literal character echo", setmod, 1, MODE_LIT_ECHO },
+    { "+litecho", 0,				setmod, 1, MODE_LIT_ECHO },
+    { "-litecho", "Disable literal character echo", clearmode, 1, MODE_LIT_ECHO },
+    { "help",	0,				modehelp, 0 },
+#ifdef	KLUDGELINEMODE
+    { "kludgeline", 0,				dokludgemode, 1 },
+#endif
+    { "", "", 0 },
+    { "?",	"Print help information",	modehelp, 0 },
+    { 0 },
+};
+
+
+    int
+modehelp()
+{
+    struct modelist *mt;
+
+    printf("format is:  'mode Mode', where 'Mode' is one of:\n\n");
+    for (mt = ModeList; mt->name; mt++) {
+	if (mt->help) {
+	    if (*mt->help)
+		printf("%-15s %s\n", mt->name, mt->help);
+	    else
+		printf("\n");
+	}
+    }
+    return 0;
+}
+
+#define	GETMODECMD(name) (struct modelist *) \
+		genget(name, (char **) ModeList, sizeof(struct modelist))
+
+    static int
+modecmd(argc, argv)
+    int  argc;
+    char *argv[];
+{
+    struct modelist *mt;
+
+    if (argc != 2) {
+	printf("'mode' command requires an argument\n");
+	printf("'mode ?' for help.\n");
+    } else if ((mt = GETMODECMD(argv[1])) == 0) {
+	fprintf(stderr, "Unknown mode '%s' ('mode ?' for help).\n", argv[1]);
+    } else if (Ambiguous(mt)) {
+	fprintf(stderr, "Ambiguous mode '%s' ('mode ?' for help).\n", argv[1]);
+    } else if (mt->needconnect && !connected) {
+	printf("?Need to be connected first.\n");
+	printf("'mode ?' for help.\n");
+    } else if (mt->handler) {
+	return (*mt->handler)(mt->arg1);
+    }
+    return 0;
+}
+
+/*
+ * The following data structures and routines implement the
+ * "display" command.
+ */
+
+    static int
+display(argc, argv)
+    int  argc;
+    char *argv[];
+{
+    struct togglelist *tl;
+    struct setlist *sl;
+
+#define	dotog(tl)	if (tl->variable && tl->actionexplanation) { \
+			    if (*tl->variable) { \
+				printf("will"); \
+			    } else { \
+				printf("won't"); \
+			    } \
+			    printf(" %s.\n", tl->actionexplanation); \
+			}
+
+#define	doset(sl)   if (sl->name && *sl->name != ' ') { \
+			if (sl->handler == 0) \
+			    printf("%-15s [%s]\n", sl->name, control(*sl->charp)); \
+			else \
+			    printf("%-15s \"%s\"\n", sl->name, (char *)sl->charp); \
+		    }
+
+    if (argc == 1) {
+	for (tl = Togglelist; tl->name; tl++) {
+	    dotog(tl);
+	}
+	printf("\n");
+	for (sl = Setlist; sl->name; sl++) {
+	    doset(sl);
+	}
+    } else {
+	int i;
+
+	for (i = 1; i < argc; i++) {
+	    sl = getset(argv[i]);
+	    tl = GETTOGGLE(argv[i]);
+	    if (Ambiguous(sl) || Ambiguous(tl)) {
+		printf("?Ambiguous argument '%s'.\n", argv[i]);
+		return 0;
+	    } else if (!sl && !tl) {
+		printf("?Unknown argument '%s'.\n", argv[i]);
+		return 0;
+	    } else {
+		if (tl) {
+		    dotog(tl);
+		}
+		if (sl) {
+		    doset(sl);
+		}
+	    }
+	}
+    }
+/*@*/optionstatus();
+#ifdef	ENCRYPTION
+    EncryptStatus();
+#endif	/* ENCRYPTION */
+    return 1;
+#undef	doset
+#undef	dotog
+}
+
+/*
+ * The following are the data structures, and many of the routines,
+ * relating to command processing.
+ */
+
+/*
+ * Set the escape character.
+ */
+	static int
+setescape(argc, argv)
+	int argc;
+	char *argv[];
+{
+	register char *arg;
+	char buf[50];
+
+	printf(
+	    "Deprecated usage - please use 'set escape%s%s' in the future.\n",
+				(argc > 2)? " ":"", (argc > 2)? argv[1]: "");
+	if (argc > 2)
+		arg = argv[1];
+	else {
+		printf("new escape character: ");
+		(void) fgets(buf, sizeof(buf), stdin);
+		arg = buf;
+	}
+	if (arg[0] != '\0')
+		escape = arg[0];
+	if (!In3270) {
+		printf("Escape character is '%s'.\n", control(escape));
+	}
+	(void) fflush(stdout);
+	return 1;
+}
+
+    /*VARARGS*/
+    static int
+togcrmod()
+{
+    crmod = !crmod;
+    printf("Deprecated usage - please use 'toggle crmod' in the future.\n");
+    printf("%s map carriage return on output.\n", crmod ? "Will" : "Won't");
+    (void) fflush(stdout);
+    return 1;
+}
+
+    /*VARARGS*/
+    int
+suspend()
+{
+#ifdef	SIGTSTP
+    setcommandmode();
+    {
+	long oldrows, oldcols, newrows, newcols, err;
+
+	err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0;
+	(void) kill(0, SIGTSTP);
+	/*
+	 * If we didn't get the window size before the SUSPEND, but we
+	 * can get them now (?), then send the NAWS to make sure that
+	 * we are set up for the right window size.
+	 */
+	if (TerminalWindowSize(&newrows, &newcols) && connected &&
+	    (err || ((oldrows != newrows) || (oldcols != newcols)))) {
+		sendnaws();
+	}
+    }
+    /* reget parameters in case they were changed */
+    TerminalSaveState();
+    setconnmode(0);
+#else
+    printf("Suspend is not supported.  Try the '!' command instead\n");
+#endif
+    return 1;
+}
+
+#if	!defined(TN3270)
+    /*ARGSUSED*/
+    int
+shell(argc, argv)
+    int argc;
+    char *argv[];
+{
+    long oldrows, oldcols, newrows, newcols, err;
+
+    setcommandmode();
+
+    err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0;
+    switch(vfork()) {
+    case -1:
+	perror("Fork failed\n");
+	break;
+
+    case 0:
+	{
+	    /*
+	     * Fire up the shell in the child.
+	     */
+	    register char *shellp, *shellname;
+	    extern char *strrchr();
+
+	    shellp = getenv("SHELL");
+	    if (shellp == NULL)
+		shellp = "/bin/sh";
+	    if ((shellname = strrchr(shellp, '/')) == 0)
+		shellname = shellp;
+	    else
+		shellname++;
+	    if (argc > 1)
+		execl(shellp, shellname, "-c", &saveline[1], 0);
+	    else
+		execl(shellp, shellname, 0);
+	    perror("Execl");
+	    _exit(1);
+	}
+    default:
+	    (void)wait((int *)0);	/* Wait for the shell to complete */
+
+	    if (TerminalWindowSize(&newrows, &newcols) && connected &&
+		(err || ((oldrows != newrows) || (oldcols != newcols)))) {
+		    sendnaws();
+	    }
+	    break;
+    }
+    return 1;
+}
+#else	/* !defined(TN3270) */
+extern int shell();
+#endif	/* !defined(TN3270) */
+
+    /*VARARGS*/
+    static int
+bye(argc, argv)
+    int  argc;		/* Number of arguments */
+    char *argv[];	/* arguments */
+{
+    extern int resettermname;
+
+    if (connected) {
+	(void) shutdown(net, 2);
+	printf("Connection closed.\n");
+	(void) NetClose(net);
+	connected = 0;
+	resettermname = 1;
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+	auth_encrypt_connect(connected);
+#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION) */
+	/* reset options */
+	tninit();
+#if	defined(TN3270)
+	SetIn3270();		/* Get out of 3270 mode */
+#endif	/* defined(TN3270) */
+    }
+    if ((argc != 2) || (strcmp(argv[1], "fromquit") != 0)) {
+	longjmp(toplevel, 1);
+	/* NOTREACHED */
+    }
+    return 1;			/* Keep lint, etc., happy */
+}
+
+/*VARARGS*/
+	int
+quit()
+{
+	(void) call(bye, "bye", "fromquit", 0);
+	Exit(0);
+	/*NOTREACHED*/
+}
+
+/*VARARGS*/
+	int
+logout()
+{
+	send_do(TELOPT_LOGOUT, 1);
+	(void) netflush();
+	return 1;
+}
+
+
+/*
+ * The SLC command.
+ */
+
+struct slclist {
+	char	*name;
+	char	*help;
+	void	(*handler)();
+	int	arg;
+};
+
+static void slc_help();
+
+struct slclist SlcList[] = {
+    { "export",	"Use local special character definitions",
+						slc_mode_export,	0 },
+    { "import",	"Use remote special character definitions",
+						slc_mode_import,	1 },
+    { "check",	"Verify remote special character definitions",
+						slc_mode_import,	0 },
+    { "help",	0,				slc_help,		0 },
+    { "?",	"Print help information",	slc_help,		0 },
+    { 0 },
+};
+
+    static void
+slc_help()
+{
+    struct slclist *c;
+
+    for (c = SlcList; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s %s\n", c->name, c->help);
+	    else
+		printf("\n");
+	}
+    }
+}
+
+    static struct slclist *
+getslc(name)
+    char *name;
+{
+    return (struct slclist *)
+		genget(name, (char **) SlcList, sizeof(struct slclist));
+}
+
+    static int
+slccmd(argc, argv)
+    int  argc;
+    char *argv[];
+{
+    struct slclist *c;
+
+    if (argc != 2) {
+	fprintf(stderr,
+	    "Need an argument to 'slc' command.  'slc ?' for help.\n");
+	return 0;
+    }
+    c = getslc(argv[1]);
+    if (c == 0) {
+	fprintf(stderr, "'%s': unknown argument ('slc ?' for help).\n",
+    				argv[1]);
+	return 0;
+    }
+    if (Ambiguous(c)) {
+	fprintf(stderr, "'%s': ambiguous argument ('slc ?' for help).\n",
+    				argv[1]);
+	return 0;
+    }
+    (*c->handler)(c->arg);
+    slcstate();
+    return 1;
+}
+
+/*
+ * The ENVIRON command.
+ */
+
+struct envlist {
+	char	*name;
+	char	*help;
+	void	(*handler)();
+	int	narg;
+};
+
+extern struct env_lst *
+	env_define P((unsigned char *, unsigned char *));
+extern void
+	env_undefine P((unsigned char *)),
+	env_export P((unsigned char *)),
+	env_unexport P((unsigned char *)),
+	env_send P((unsigned char *)),
+#if defined(OLD_ENVIRON) && defined(ENV_HACK)
+	env_varval P((unsigned char *)),
+#endif
+	env_list P((void));
+static void
+	env_help P((void));
+
+struct envlist EnvList[] = {
+    { "define",	"Define an environment variable",
+						(void (*)())env_define,	2 },
+    { "undefine", "Undefine an environment variable",
+						env_undefine,	1 },
+    { "export",	"Mark an environment variable for automatic export",
+						env_export,	1 },
+    { "unexport", "Don't mark an environment variable for automatic export",
+						env_unexport,	1 },
+    { "send",	"Send an environment variable", env_send,	1 },
+    { "list",	"List the current environment variables",
+						env_list,	0 },
+#if defined(OLD_ENVIRON) && defined(ENV_HACK)
+    { "varval", "Reverse VAR and VALUE (auto, right, wrong, status)",
+						env_varval,    1 },
+#endif
+    { "help",	0,				env_help,		0 },
+    { "?",	"Print help information",	env_help,		0 },
+    { 0 },
+};
+
+    static void
+env_help()
+{
+    struct envlist *c;
+
+    for (c = EnvList; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s %s\n", c->name, c->help);
+	    else
+		printf("\n");
+	}
+    }
+}
+
+    static struct envlist *
+getenvcmd(name)
+    char *name;
+{
+    return (struct envlist *)
+		genget(name, (char **) EnvList, sizeof(struct envlist));
+}
+
+	int
+env_cmd(argc, argv)
+    int  argc;
+    char *argv[];
+{
+    struct envlist *c;
+
+    if (argc < 2) {
+	fprintf(stderr,
+	    "Need an argument to 'environ' command.  'environ ?' for help.\n");
+	return 0;
+    }
+    c = getenvcmd(argv[1]);
+    if (c == 0) {
+	fprintf(stderr, "'%s': unknown argument ('environ ?' for help).\n",
+    				argv[1]);
+	return 0;
+    }
+    if (Ambiguous(c)) {
+	fprintf(stderr, "'%s': ambiguous argument ('environ ?' for help).\n",
+    				argv[1]);
+	return 0;
+    }
+    if (c->narg + 2 != argc) {
+	fprintf(stderr,
+	    "Need %s%d argument%s to 'environ %s' command.  'environ ?' for help.\n",
+		c->narg < argc + 2 ? "only " : "",
+		c->narg, c->narg == 1 ? "" : "s", c->name);
+	return 0;
+    }
+    (*c->handler)(argv[2], argv[3]);
+    return 1;
+}
+
+struct env_lst {
+	struct env_lst *next;	/* pointer to next structure */
+	struct env_lst *prev;	/* pointer to previous structure */
+	unsigned char *var;	/* pointer to variable name */
+	unsigned char *value;	/* pointer to variable value */
+	int export;		/* 1 -> export with default list of variables */
+	int welldefined;	/* A well defined variable */
+};
+
+struct env_lst envlisthead;
+
+	struct env_lst *
+env_find(var)
+	unsigned char *var;
+{
+	register struct env_lst *ep;
+
+	for (ep = envlisthead.next; ep; ep = ep->next) {
+		if (strcmp((char *)ep->var, (char *)var) == 0)
+			return(ep);
+	}
+	return(NULL);
+}
+
+	void
+env_init()
+{
+	extern char **environ;
+	register char **epp, *cp;
+	register struct env_lst *ep;
+	extern char *strchr();
+
+	for (epp = environ; *epp; epp++) {
+		if ((cp = strchr(*epp, '='))) {
+			*cp = '\0';
+			ep = env_define((unsigned char *)*epp,
+					(unsigned char *)cp+1);
+			ep->export = 0;
+			*cp = '=';
+		}
+	}
+	/*
+	 * Special case for DISPLAY variable.  If it is ":0.0" or
+	 * "unix:0.0", we have to get rid of "unix" and insert our
+	 * hostname.
+	 */
+	if ((ep = env_find("DISPLAY"))
+	    && ((*ep->value == ':')
+		|| (strncmp((char *)ep->value, "unix:", 5) == 0))) {
+		char hbuf[256+1];
+		char *cp2 = strchr((char *)ep->value, ':');
+
+		gethostname(hbuf, 256);
+		hbuf[256] = '\0';
+		cp = (char *)malloc(strlen(hbuf) + strlen(cp2) + 1);
+		sprintf((char *)cp, "%s%s", hbuf, cp2);
+		free(ep->value);
+		ep->value = (unsigned char *)cp;
+	}
+	/*
+	 * If USER is not defined, but LOGNAME is, then add
+	 * USER with the value from LOGNAME.  By default, we
+	 * don't export the USER variable.
+	 */
+	if ((env_find("USER") == NULL) && (ep = env_find("LOGNAME"))) {
+		env_define((unsigned char *)"USER", ep->value);
+		env_unexport((unsigned char *)"USER");
+	}
+	env_export((unsigned char *)"DISPLAY");
+	env_export((unsigned char *)"PRINTER");
+}
+
+	struct env_lst *
+env_define(var, value)
+	unsigned char *var, *value;
+{
+	register struct env_lst *ep;
+
+	if ((ep = env_find(var))) {
+		if (ep->var)
+			free(ep->var);
+		if (ep->value)
+			free(ep->value);
+	} else {
+		ep = (struct env_lst *)malloc(sizeof(struct env_lst));
+		ep->next = envlisthead.next;
+		envlisthead.next = ep;
+		ep->prev = &envlisthead;
+		if (ep->next)
+			ep->next->prev = ep;
+	}
+	ep->welldefined = opt_welldefined(var);
+	ep->export = 1;
+	ep->var = (unsigned char *)strdup((char *)var);
+	ep->value = (unsigned char *)strdup((char *)value);
+	return(ep);
+}
+
+	void
+env_undefine(var)
+	unsigned char *var;
+{
+	register struct env_lst *ep;
+
+	if ((ep = env_find(var))) {
+		ep->prev->next = ep->next;
+		if (ep->next)
+			ep->next->prev = ep->prev;
+		if (ep->var)
+			free(ep->var);
+		if (ep->value)
+			free(ep->value);
+		free(ep);
+	}
+}
+
+	void
+env_export(var)
+	unsigned char *var;
+{
+	register struct env_lst *ep;
+
+	if ((ep = env_find(var)))
+		ep->export = 1;
+}
+
+	void
+env_unexport(var)
+	unsigned char *var;
+{
+	register struct env_lst *ep;
+
+	if ((ep = env_find(var)))
+		ep->export = 0;
+}
+
+	void
+env_send(var)
+	unsigned char *var;
+{
+	register struct env_lst *ep;
+
+	if (my_state_is_wont(TELOPT_NEW_ENVIRON)
+#ifdef	OLD_ENVIRON
+	    && my_state_is_wont(TELOPT_OLD_ENVIRON)
+#endif
+		) {
+		fprintf(stderr,
+		    "Cannot send '%s': Telnet ENVIRON option not enabled\n",
+									var);
+		return;
+	}
+	ep = env_find(var);
+	if (ep == 0) {
+		fprintf(stderr, "Cannot send '%s': variable not defined\n",
+									var);
+		return;
+	}
+	env_opt_start_info();
+	env_opt_add(ep->var);
+	env_opt_end(0);
+}
+
+	void
+env_list()
+{
+	register struct env_lst *ep;
+
+	for (ep = envlisthead.next; ep; ep = ep->next) {
+		printf("%c %-20s %s\n", ep->export ? '*' : ' ',
+					ep->var, ep->value);
+	}
+}
+
+	unsigned char *
+env_default(init, welldefined)
+	int init;
+{
+	static struct env_lst *nep = NULL;
+
+	if (init) {
+		nep = &envlisthead;
+		return(NULL);
+	}
+	if (nep) {
+		while ((nep = nep->next)) {
+			if (nep->export && (nep->welldefined == welldefined))
+				return(nep->var);
+		}
+	}
+	return(NULL);
+}
+
+	unsigned char *
+env_getvalue(var)
+	unsigned char *var;
+{
+	register struct env_lst *ep;
+
+	if ((ep = env_find(var)))
+		return(ep->value);
+	return(NULL);
+}
+
+#if defined(OLD_ENVIRON) && defined(ENV_HACK)
+	void
+env_varval(what)
+	unsigned char *what;
+{
+	extern int old_env_var, old_env_value, env_auto;
+	int len = strlen((char *)what);
+
+	if (len == 0)
+		goto unknown;
+
+	if (strncasecmp((char *)what, "status", len) == 0) {
+		if (env_auto)
+			printf("%s%s", "VAR and VALUE are/will be ",
+					"determined automatically\n");
+		if (old_env_var == OLD_ENV_VAR)
+			printf("VAR and VALUE set to correct definitions\n");
+		else
+			printf("VAR and VALUE definitions are reversed\n");
+	} else if (strncasecmp((char *)what, "auto", len) == 0) {
+		env_auto = 1;
+		old_env_var = OLD_ENV_VALUE;
+		old_env_value = OLD_ENV_VAR;
+	} else if (strncasecmp((char *)what, "right", len) == 0) {
+		env_auto = 0;
+		old_env_var = OLD_ENV_VAR;
+		old_env_value = OLD_ENV_VALUE;
+	} else if (strncasecmp((char *)what, "wrong", len) == 0) {
+		env_auto = 0;
+		old_env_var = OLD_ENV_VALUE;
+		old_env_value = OLD_ENV_VAR;
+	} else {
+unknown:
+		printf("Unknown \"varval\" command. (\"auto\", \"right\", \"wrong\", \"status\")\n");
+	}
+}
+#endif
+
+#if	defined(AUTHENTICATION)
+/*
+ * The AUTHENTICATE command.
+ */
+
+struct authlist {
+	char	*name;
+	char	*help;
+	int	(*handler)();
+	int	narg;
+};
+
+extern int
+	auth_enable P((char *)),
+	auth_disable P((char *)),
+	auth_status P((void));
+static int
+	auth_help P((void));
+
+struct authlist AuthList[] = {
+    { "status",	"Display current status of authentication information",
+						auth_status,	0 },
+    { "disable", "Disable an authentication type ('auth disable ?' for more)",
+						auth_disable,	1 },
+    { "enable", "Enable an authentication type ('auth enable ?' for more)",
+						auth_enable,	1 },
+    { "help",	0,				auth_help,		0 },
+    { "?",	"Print help information",	auth_help,		0 },
+    { 0 },
+};
+
+    static int
+auth_help()
+{
+    struct authlist *c;
+
+    for (c = AuthList; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s %s\n", c->name, c->help);
+	    else
+		printf("\n");
+	}
+    }
+    return 0;
+}
+
+	int
+auth_cmd(argc, argv)
+    int  argc;
+    char *argv[];
+{
+    struct authlist *c;
+
+    if (argc < 2) {
+	fprintf(stderr,
+	    "Need an argument to 'auth' command.  'auth ?' for help.\n");
+	return 0;
+    }
+
+    c = (struct authlist *)
+		genget(argv[1], (char **) AuthList, sizeof(struct authlist));
+    if (c == 0) {
+	fprintf(stderr, "'%s': unknown argument ('auth ?' for help).\n",
+    				argv[1]);
+	return 0;
+    }
+    if (Ambiguous(c)) {
+	fprintf(stderr, "'%s': ambiguous argument ('auth ?' for help).\n",
+    				argv[1]);
+	return 0;
+    }
+    if (c->narg + 2 != argc) {
+	fprintf(stderr,
+	    "Need %s%d argument%s to 'auth %s' command.  'auth ?' for help.\n",
+		c->narg < argc + 2 ? "only " : "",
+		c->narg, c->narg == 1 ? "" : "s", c->name);
+	return 0;
+    }
+    return((*c->handler)(argv[2], argv[3]));
+}
+#endif
+
+#ifdef	ENCRYPTION
+/*
+ * The ENCRYPT command.
+ */
+
+struct encryptlist {
+	char	*name;
+	char	*help;
+	int	(*handler)();
+	int	needconnect;
+	int	minarg;
+	int	maxarg;
+};
+
+extern int
+	EncryptEnable P((char *, char *)),
+	EncryptDisable P((char *, char *)),
+	EncryptType P((char *, char *)),
+	EncryptStart P((char *)),
+	EncryptStartInput P((void)),
+	EncryptStartOutput P((void)),
+	EncryptStop P((char *)),
+	EncryptStopInput P((void)),
+	EncryptStopOutput P((void)),
+	EncryptStatus P((void));
+static int
+	EncryptHelp P((void));
+
+struct encryptlist EncryptList[] = {
+    { "enable", "Enable encryption. ('encrypt enable ?' for more)",
+						EncryptEnable, 1, 1, 2 },
+    { "disable", "Disable encryption. ('encrypt enable ?' for more)",
+						EncryptDisable, 0, 1, 2 },
+    { "type", "Set encryption type. ('encrypt type ?' for more)",
+						EncryptType, 0, 1, 1 },
+    { "start", "Start encryption. ('encrypt start ?' for more)",
+						EncryptStart, 1, 0, 1 },
+    { "stop", "Stop encryption. ('encrypt stop ?' for more)",
+						EncryptStop, 1, 0, 1 },
+    { "input", "Start encrypting the input stream",
+						EncryptStartInput, 1, 0, 0 },
+    { "-input", "Stop encrypting the input stream",
+						EncryptStopInput, 1, 0, 0 },
+    { "output", "Start encrypting the output stream",
+						EncryptStartOutput, 1, 0, 0 },
+    { "-output", "Stop encrypting the output stream",
+						EncryptStopOutput, 1, 0, 0 },
+
+    { "status",	"Display current status of authentication information",
+						EncryptStatus,	0, 0, 0 },
+    { "help",	0,				EncryptHelp,	0, 0, 0 },
+    { "?",	"Print help information",	EncryptHelp,	0, 0, 0 },
+    { 0 },
+};
+
+    static int
+EncryptHelp()
+{
+    struct encryptlist *c;
+
+    for (c = EncryptList; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s %s\n", c->name, c->help);
+	    else
+		printf("\n");
+	}
+    }
+    return 0;
+}
+
+	int
+encrypt_cmd(argc, argv)
+    int  argc;
+    char *argv[];
+{
+    struct encryptlist *c;
+
+    if (argc < 2) {
+	fprintf(stderr,
+	    "Need an argument to 'encrypt' command.  'encrypt ?' for help.\n");
+	return 0;
+    }
+
+    c = (struct encryptlist *)
+		genget(argv[1], (char **) EncryptList, sizeof(struct encryptlist));
+    if (c == 0) {
+	fprintf(stderr, "'%s': unknown argument ('encrypt ?' for help).\n",
+    				argv[1]);
+	return 0;
+    }
+    if (Ambiguous(c)) {
+	fprintf(stderr, "'%s': ambiguous argument ('encrypt ?' for help).\n",
+    				argv[1]);
+	return 0;
+    }
+    argc -= 2;
+    if (argc < c->minarg || argc > c->maxarg) {
+	if (c->minarg == c->maxarg) {
+	    fprintf(stderr, "Need %s%d argument%s ",
+		c->minarg < argc ? "only " : "", c->minarg,
+		c->minarg == 1 ? "" : "s");
+	} else {
+	    fprintf(stderr, "Need %s%d-%d arguments ",
+		c->maxarg < argc ? "only " : "", c->minarg, c->maxarg);
+	}
+	fprintf(stderr, "to 'encrypt %s' command.  'encrypt ?' for help.\n",
+		c->name);
+	return 0;
+    }
+    if (c->needconnect && !connected) {
+	if (!(argc && (isprefix(argv[2], "help") || isprefix(argv[2], "?")))) {
+	    printf("?Need to be connected first.\n");
+	    return 0;
+	}
+    }
+    return ((*c->handler)(argc > 0 ? argv[2] : 0,
+			argc > 1 ? argv[3] : 0,
+			argc > 2 ? argv[4] : 0));
+}
+#endif	/* ENCRYPTION */
+
+#if	defined(unix) && defined(TN3270)
+    static void
+filestuff(fd)
+    int fd;
+{
+    int res;
+
+#ifdef	F_GETOWN
+    setconnmode(0);
+    res = fcntl(fd, F_GETOWN, 0);
+    setcommandmode();
+
+    if (res == -1) {
+	perror("fcntl");
+	return;
+    }
+    printf("\tOwner is %d.\n", res);
+#endif
+
+    setconnmode(0);
+    res = fcntl(fd, F_GETFL, 0);
+    setcommandmode();
+
+    if (res == -1) {
+	perror("fcntl");
+	return;
+    }
+#ifdef notdef
+    printf("\tFlags are 0x%x: %s\n", res, decodeflags(res));
+#endif
+}
+#endif /* defined(unix) && defined(TN3270) */
+
+/*
+ * Print status about the connection.
+ */
+    /*ARGSUSED*/
+    static int
+status(argc, argv)
+    int	 argc;
+    char *argv[];
+{
+    if (connected) {
+	printf("Connected to %s.\n", hostname);
+	if ((argc < 2) || strcmp(argv[1], "notmuch")) {
+	    int mode = getconnmode();
+
+	    if (my_want_state_is_will(TELOPT_LINEMODE)) {
+		printf("Operating with LINEMODE option\n");
+		printf("%s line editing\n", (mode&MODE_EDIT) ? "Local" : "No");
+		printf("%s catching of signals\n",
+					(mode&MODE_TRAPSIG) ? "Local" : "No");
+		slcstate();
+#ifdef	KLUDGELINEMODE
+	    } else if (kludgelinemode && my_want_state_is_dont(TELOPT_SGA)) {
+		printf("Operating in obsolete linemode\n");
+#endif
+	    } else {
+		printf("Operating in single character mode\n");
+		if (localchars)
+		    printf("Catching signals locally\n");
+	    }
+	    printf("%s character echo\n", (mode&MODE_ECHO) ? "Local" : "Remote");
+	    if (my_want_state_is_will(TELOPT_LFLOW))
+		printf("%s flow control\n", (mode&MODE_FLOW) ? "Local" : "No");
+#ifdef	ENCRYPTION
+	    encrypt_display();
+#endif	/* ENCRYPTION */
+	}
+    } else {
+	printf("No connection.\n");
+    }
+#   if !defined(TN3270)
+    printf("Escape character is '%s'.\n", control(escape));
+    (void) fflush(stdout);
+#   else /* !defined(TN3270) */
+    if ((!In3270) && ((argc < 2) || strcmp(argv[1], "notmuch"))) {
+	printf("Escape character is '%s'.\n", control(escape));
+    }
+#   if defined(unix)
+    if ((argc >= 2) && !strcmp(argv[1], "everything")) {
+	printf("SIGIO received %d time%s.\n",
+				sigiocount, (sigiocount == 1)? "":"s");
+	if (In3270) {
+	    printf("Process ID %d, process group %d.\n",
+					    getpid(), getpgrp(getpid()));
+	    printf("Terminal input:\n");
+	    filestuff(tin);
+	    printf("Terminal output:\n");
+	    filestuff(tout);
+	    printf("Network socket:\n");
+	    filestuff(net);
+	}
+    }
+    if (In3270 && transcom) {
+       printf("Transparent mode command is '%s'.\n", transcom);
+    }
+#   endif /* defined(unix) */
+    (void) fflush(stdout);
+    if (In3270) {
+	return 0;
+    }
+#   endif /* defined(TN3270) */
+    return 1;
+}
+
+#ifdef	SIGINFO
+/*
+ * Function that gets called when SIGINFO is received.
+ */
+	void
+ayt_status()
+{
+    (void) call(status, "status", "notmuch", 0);
+}
+#endif
+
+unsigned long inet_addr();
+
+    int
+tn(argc, argv)
+    int argc;
+    char *argv[];
+{
+    register struct hostent *host = 0;
+    struct sockaddr_in sin, src_sin;
+    struct servent *sp = 0;
+    unsigned long temp;
+    extern char *inet_ntoa();
+#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
+    char *srp = 0, *strrchr();
+    unsigned long sourceroute(), srlen;
+#endif
+    char *cmd, *hostp = 0, *portp = 0, *user = 0;
+    char *src_addr = NULL;
+
+    /* clear the socket address prior to use */
+    memset((char *)&sin, 0, sizeof(sin));
+
+    if (connected) {
+	printf("?Already connected to %s\n", hostname);
+	setuid(getuid());
+	return 0;
+    }
+    if (argc < 2) {
+	(void) strcpy(line, "open ");
+	printf("(to) ");
+	(void) fgets(&line[strlen(line)], sizeof(line) - strlen(line), stdin);
+	makeargv();
+	argc = margc;
+	argv = margv;
+    }
+    cmd = *argv;
+    --argc; ++argv;
+    while (argc) {
+	if (strcmp(*argv, "help") == 0 || isprefix(*argv, "?"))
+	    goto usage;
+	if (strcmp(*argv, "-l") == 0) {
+	    --argc; ++argv;
+	    if (argc == 0)
+		goto usage;
+	    user = *argv++;
+	    --argc;
+	    continue;
+	}
+	if (strcmp(*argv, "-a") == 0) {
+	    --argc; ++argv;
+	    autologin = 1;
+	    continue;
+	}
+	if (strcmp(*argv, "-s") == 0) {
+	    --argc; ++argv;
+	    if (argc == 0)
+		goto usage;
+	    src_addr = *argv++;
+	    --argc;
+	    continue;
+	}
+	if (hostp == 0) {
+	    hostp = *argv++;
+	    --argc;
+	    continue;
+	}
+	if (portp == 0) {
+	    portp = *argv++;
+	    --argc;
+	    continue;
+	}
+    usage:
+	printf("usage: %s [-l user] [-a] [-s src_addr] host-name [port]\n", cmd);
+	setuid(getuid());
+	return 0;
+    }
+    if (hostp == 0)
+	goto usage;
+
+    if (src_addr != NULL) {
+	bzero((char *)&src_sin, sizeof(src_sin));
+	src_sin.sin_family = AF_INET;
+	if (!inet_aton(src_addr, &src_sin.sin_addr)) {
+	    host = gethostbyname2(src_addr, AF_INET);
+	    if (host == NULL) {
+		herror(src_addr);
+		return 0;
+	    }
+	    if (host->h_length != sizeof(src_sin.sin_addr)) {
+		fprintf(stderr, "telnet: gethostbyname2: invalid address\n");
+		return 0;
+	    }
+	    memcpy((void *)&src_sin.sin_addr, (void *)host->h_addr_list[0],
+			sizeof(src_sin.sin_addr));
+	}
+    }
+
+#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
+    if (hostp[0] == '@' || hostp[0] == '!') {
+	if ((hostname = strrchr(hostp, ':')) == NULL)
+	    hostname = strrchr(hostp, '@');
+	hostname++;
+	srp = 0;
+	temp = sourceroute(hostp, &srp, &srlen);
+	if (temp == 0) {
+	    herror(srp);
+	    setuid(getuid());
+	    return 0;
+	} else if (temp == -1) {
+	    printf("Bad source route option: %s\n", hostp);
+	    setuid(getuid());
+	    return 0;
+	} else {
+	    sin.sin_addr.s_addr = temp;
+	    sin.sin_family = AF_INET;
+	}
+    } else {
+#endif
+	temp = inet_addr(hostp);
+ 	if (temp != INADDR_NONE) {
+	    sin.sin_addr.s_addr = temp;
+	    sin.sin_family = AF_INET;
+	    if (doaddrlookup)
+		host = gethostbyaddr((char *)&temp, sizeof(temp), AF_INET);
+ 	    if (host)
+ 	        (void) strncpy(_hostname, host->h_name, sizeof(_hostname));
+ 	    else
+ 		(void) strncpy(_hostname, hostp, sizeof(_hostname));
+ 	    _hostname[sizeof(_hostname)-1] = '\0';
+	    hostname = _hostname;
+	} else {
+	    host = gethostbyname(hostp);
+	    if (host) {
+		sin.sin_family = host->h_addrtype;
+#if	defined(h_addr)		/* In 4.3, this is a #define */
+		memmove((caddr_t)&sin.sin_addr,
+				host->h_addr_list[0], host->h_length);
+#else	/* defined(h_addr) */
+		memmove((caddr_t)&sin.sin_addr, host->h_addr, host->h_length);
+#endif	/* defined(h_addr) */
+		strncpy(_hostname, host->h_name, sizeof(_hostname));
+		_hostname[sizeof(_hostname)-1] = '\0';
+		hostname = _hostname;
+	    } else {
+		herror(hostp);
+		setuid(getuid());
+		return 0;
+	    }
+	}
+#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
+    }
+#endif
+    if (portp) {
+	if (*portp == '-') {
+	    portp++;
+	    telnetport = 1;
+	} else
+	    telnetport = 0;
+	sin.sin_port = atoi(portp);
+	if (sin.sin_port == 0) {
+	    sp = getservbyname(portp, "tcp");
+	    if (sp)
+		sin.sin_port = sp->s_port;
+	    else {
+		printf("%s: bad port number\n", portp);
+		setuid(getuid());
+		return 0;
+	    }
+	} else {
+#if	!defined(htons)
+	    u_short htons P((unsigned short));
+#endif	/* !defined(htons) */
+	    sin.sin_port = htons(sin.sin_port);
+	}
+    } else {
+	if (sp == 0) {
+	    sp = getservbyname("telnet", "tcp");
+	    if (sp == 0) {
+		fprintf(stderr, "telnet: tcp/telnet: unknown service\n");
+		setuid(getuid());
+		return 0;
+	    }
+	    sin.sin_port = sp->s_port;
+	}
+	telnetport = 1;
+    }
+    printf("Trying %s...\n", inet_ntoa(sin.sin_addr));
+    do {
+	net = socket(AF_INET, SOCK_STREAM, 0);
+	setuid(getuid());
+	if (net < 0) {
+	    perror("telnet: socket");
+	    return 0;
+	}
+#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
+	if (srp && setsockopt(net, IPPROTO_IP, IP_OPTIONS, (char *)srp, srlen) < 0)
+		perror("setsockopt (IP_OPTIONS)");
+#endif
+#if	defined(IPPROTO_IP) && defined(IP_TOS)
+	{
+# if	defined(HAS_GETTOS)
+	    struct tosent *tp;
+	    if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
+		tos = tp->t_tos;
+# endif
+	    if (tos < 0)
+		tos = 020;	/* Low Delay bit */
+	    if (tos
+		&& (setsockopt(net, IPPROTO_IP, IP_TOS,
+		    (char *)&tos, sizeof(int)) < 0)
+		&& (errno != ENOPROTOOPT))
+		    perror("telnet: setsockopt (IP_TOS) (ignored)");
+	}
+#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
+
+	if (debug && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) {
+		perror("setsockopt (SO_DEBUG)");
+	}
+
+	if (src_addr != NULL) {
+	    if (bind(net, (struct sockaddr *)&src_sin, sizeof(src_sin)) == -1) {
+		perror("bind");
+		return 0;
+	    }
+	}
+
+	if (connect(net, (struct sockaddr *)&sin, sizeof (sin)) < 0) {
+#if	defined(h_addr)		/* In 4.3, this is a #define */
+	    if (host && host->h_addr_list[1]) {
+		int oerrno = errno;
+
+		fprintf(stderr, "telnet: connect to address %s: ",
+						inet_ntoa(sin.sin_addr));
+		errno = oerrno;
+		perror((char *)0);
+		host->h_addr_list++;
+		memmove((caddr_t)&sin.sin_addr,
+			host->h_addr_list[0], host->h_length);
+		(void) NetClose(net);
+		continue;
+	    }
+#endif	/* defined(h_addr) */
+	    perror("telnet: Unable to connect to remote host");
+	    return 0;
+	}
+	connected++;
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+	auth_encrypt_connect(connected);
+#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION) */
+    } while (connected == 0);
+    cmdrc(hostp, hostname);
+    if (autologin && user == NULL) {
+	struct passwd *pw;
+
+	user = getenv("USER");
+	if (user == NULL ||
+	    ((pw = getpwnam(user)) && pw->pw_uid != getuid())) {
+		if ((pw = getpwuid(getuid())))
+			user = pw->pw_name;
+		else
+			user = NULL;
+	}
+    }
+    if (user) {
+	env_define((unsigned char *)"USER", (unsigned char *)user);
+	env_export((unsigned char *)"USER");
+    }
+    (void) call(status, "status", "notmuch", 0);
+    if (setjmp(peerdied) == 0)
+	telnet(user);
+    (void) NetClose(net);
+    ExitString("Connection closed by foreign host.\n",1);
+    /*NOTREACHED*/
+}
+
+#define HELPINDENT (sizeof ("connect"))
+
+static char
+	openhelp[] =	"connect to a site",
+	closehelp[] =	"close current connection",
+	logouthelp[] =	"forcibly logout remote user and close the connection",
+	quithelp[] =	"exit telnet",
+	statushelp[] =	"print status information",
+	helphelp[] =	"print help information",
+	sendhelp[] =	"transmit special characters ('send ?' for more)",
+	sethelp[] = 	"set operating parameters ('set ?' for more)",
+	unsethelp[] = 	"unset operating parameters ('unset ?' for more)",
+	togglestring[] ="toggle operating parameters ('toggle ?' for more)",
+	slchelp[] =	"change state of special charaters ('slc ?' for more)",
+	displayhelp[] =	"display operating parameters",
+#if	defined(TN3270) && defined(unix)
+	transcomhelp[] = "specify Unix command for transparent mode pipe",
+#endif	/* defined(TN3270) && defined(unix) */
+#if	defined(AUTHENTICATION)
+	authhelp[] =	"turn on (off) authentication ('auth ?' for more)",
+#endif
+#ifdef	ENCRYPTION
+	encrypthelp[] =	"turn on (off) encryption ('encrypt ?' for more)",
+#endif	/* ENCRYPTION */
+#if	defined(unix)
+	zhelp[] =	"suspend telnet",
+#endif	/* defined(unix) */
+#if	defined(SKEY)
+	skeyhelp[] =    "compute response to s/key challenge",
+#endif
+	shellhelp[] =	"invoke a subshell",
+	envhelp[] =	"change environment variables ('environ ?' for more)",
+	modestring[] = "try to enter line or character mode ('mode ?' for more)";
+
+static Command cmdtab[] = {
+	{ "close",	closehelp,	bye,		1 },
+	{ "logout",	logouthelp,	logout,		1 },
+	{ "display",	displayhelp,	display,	0 },
+	{ "mode",	modestring,	modecmd,	0 },
+	{ "open",	openhelp,	tn,		0 },
+	{ "quit",	quithelp,	quit,		0 },
+	{ "send",	sendhelp,	sendcmd,	0 },
+	{ "set",	sethelp,	setcmd,		0 },
+	{ "unset",	unsethelp,	unsetcmd,	0 },
+	{ "status",	statushelp,	status,		0 },
+	{ "toggle",	togglestring,	toggle,		0 },
+	{ "slc",	slchelp,	slccmd,		0 },
+#if	defined(TN3270) && defined(unix)
+	{ "transcom",	transcomhelp,	settranscom,	0 },
+#endif	/* defined(TN3270) && defined(unix) */
+#if	defined(AUTHENTICATION)
+	{ "auth",	authhelp,	auth_cmd,	0 },
+#endif
+#ifdef	ENCRYPTION
+	{ "encrypt",	encrypthelp,	encrypt_cmd,	0 },
+#endif	/* ENCRYPTION */
+#if	defined(unix)
+	{ "z",		zhelp,		suspend,	0 },
+#endif	/* defined(unix) */
+#if	defined(TN3270)
+	{ "!",		shellhelp,	shell,		1 },
+#else
+	{ "!",		shellhelp,	shell,		0 },
+#endif
+	{ "environ",	envhelp,	env_cmd,	0 },
+	{ "?",		helphelp,	help,		0 },
+#if	defined(SKEY)
+	{ "skey",       skeyhelp,       skey_calc,      0 },
+#endif		
+	{ 0, 0, 0, 0 }
+};
+
+static char	crmodhelp[] =	"deprecated command -- use 'toggle crmod' instead";
+static char	escapehelp[] =	"deprecated command -- use 'set escape' instead";
+
+static Command cmdtab2[] = {
+	{ "help",	0,		help,		0 },
+	{ "escape",	escapehelp,	setescape,	0 },
+	{ "crmod",	crmodhelp,	togcrmod,	0 },
+	{ 0, 0, 0, 0 }
+};
+
+
+/*
+ * Call routine with argc, argv set from args (terminated by 0).
+ */
+
+    /*VARARGS1*/
+    static int
+call(va_alist)
+    va_dcl
+{
+    va_list ap;
+    typedef int (*intrtn_t)();
+    intrtn_t routine;
+    char *args[100];
+    int argno = 0;
+
+    va_start(ap);
+    routine = (va_arg(ap, intrtn_t));
+    while ((args[argno++] = va_arg(ap, char *)) != 0) {
+	;
+    }
+    va_end(ap);
+    return (*routine)(argno-1, args);
+}
+
+
+    static Command *
+getcmd(name)
+    char *name;
+{
+    Command *cm;
+
+    if ((cm = (Command *) genget(name, (char **) cmdtab, sizeof(Command))))
+	return cm;
+    return (Command *) genget(name, (char **) cmdtab2, sizeof(Command));
+}
+
+    void
+command(top, tbuf, cnt)
+    int top;
+    char *tbuf;
+    int cnt;
+{
+    register Command *c;
+
+    setcommandmode();
+    if (!top) {
+	putchar('\n');
+#if	defined(unix)
+    } else {
+	(void) signal(SIGINT, SIG_DFL);
+	(void) signal(SIGQUIT, SIG_DFL);
+#endif	/* defined(unix) */
+    }
+    for (;;) {
+	if (rlogin == _POSIX_VDISABLE)
+		printf("%s> ", prompt);
+	if (tbuf) {
+	    register char *cp;
+	    cp = line;
+	    while (cnt > 0 && (*cp++ = *tbuf++) != '\n')
+		cnt--;
+	    tbuf = 0;
+	    if (cp == line || *--cp != '\n' || cp == line)
+		goto getline;
+	    *cp = '\0';
+	    if (rlogin == _POSIX_VDISABLE)
+		printf("%s\n", line);
+	} else {
+	getline:
+	    if (rlogin != _POSIX_VDISABLE)
+		printf("%s> ", prompt);
+	    if (fgets(line, sizeof(line), stdin) == NULL) {
+		if (feof(stdin) || ferror(stdin)) {
+		    (void) quit();
+		    /*NOTREACHED*/
+		}
+		break;
+	    }
+	}
+	if (line[0] == 0)
+	    break;
+	makeargv();
+	if (margv[0] == 0) {
+	    break;
+	}
+	c = getcmd(margv[0]);
+	if (Ambiguous(c)) {
+	    printf("?Ambiguous command\n");
+	    continue;
+	}
+	if (c == 0) {
+	    printf("?Invalid command\n");
+	    continue;
+	}
+	if (c->needconnect && !connected) {
+	    printf("?Need to be connected first.\n");
+	    continue;
+	}
+	if ((*c->handler)(margc, margv)) {
+	    break;
+	}
+    }
+    if (!top) {
+	if (!connected) {
+	    longjmp(toplevel, 1);
+	    /*NOTREACHED*/
+	}
+#if	defined(TN3270)
+	if (shell_active == 0) {
+	    setconnmode(0);
+	}
+#else	/* defined(TN3270) */
+	setconnmode(0);
+#endif	/* defined(TN3270) */
+    }
+}
+
+/*
+ * Help command.
+ */
+	static int
+help(argc, argv)
+	int argc;
+	char *argv[];
+{
+	register Command *c;
+
+	if (argc == 1) {
+		printf("Commands may be abbreviated.  Commands are:\n\n");
+		for (c = cmdtab; c->name; c++)
+			if (c->help) {
+				printf("%-*s\t%s\n", HELPINDENT, c->name,
+								    c->help);
+			}
+	}
+	else while (--argc > 0) {
+		register char *arg;
+		arg = *++argv;
+		c = getcmd(arg);
+		if (Ambiguous(c))
+			printf("?Ambiguous help command %s\n", arg);
+		else if (c == (Command *)0)
+			printf("?Invalid help command %s\n", arg);
+		else
+			printf("%s\n", c->help);
+	}
+	return(0);
+}
+
+static char *rcname = 0;
+static char rcbuf[128];
+
+	void
+cmdrc(m1, m2)
+	char *m1, *m2;
+{
+    register Command *c;
+    FILE *rcfile;
+    int gotmachine = 0;
+    int l1 = strlen(m1);
+    int l2 = strlen(m2);
+    char m1save[64];
+
+    if (skiprc)
+	return;
+
+    strcpy(m1save, m1);
+    m1 = m1save;
+
+    if (rcname == 0) {
+	rcname = getenv("HOME");
+	if (rcname && (strlen(rcname) + 10) < sizeof(rcbuf))
+	    strcpy(rcbuf, rcname);
+	else
+	    rcbuf[0] = '\0';
+	strcat(rcbuf, "/.telnetrc");
+	rcname = rcbuf;
+    }
+
+    if ((rcfile = fopen(rcname, "r")) == 0) {
+	return;
+    }
+
+    for (;;) {
+	if (fgets(line, sizeof(line), rcfile) == NULL)
+	    break;
+	if (line[0] == 0)
+	    break;
+	if (line[0] == '#')
+	    continue;
+	if (gotmachine) {
+	    if (!isspace(line[0]))
+		gotmachine = 0;
+	}
+	if (gotmachine == 0) {
+	    if (isspace(line[0]))
+		continue;
+	    if (strncasecmp(line, m1, l1) == 0)
+		strncpy(line, &line[l1], sizeof(line) - l1);
+	    else if (strncasecmp(line, m2, l2) == 0)
+		strncpy(line, &line[l2], sizeof(line) - l2);
+	    else if (strncasecmp(line, "DEFAULT", 7) == 0)
+		strncpy(line, &line[7], sizeof(line) - 7);
+	    else
+		continue;
+	    if (line[0] != ' ' && line[0] != '\t' && line[0] != '\n')
+		continue;
+	    gotmachine = 1;
+	}
+	makeargv();
+	if (margv[0] == 0)
+	    continue;
+	c = getcmd(margv[0]);
+	if (Ambiguous(c)) {
+	    printf("?Ambiguous command: %s\n", margv[0]);
+	    continue;
+	}
+	if (c == 0) {
+	    printf("?Invalid command: %s\n", margv[0]);
+	    continue;
+	}
+	/*
+	 * This should never happen...
+	 */
+	if (c->needconnect && !connected) {
+	    printf("?Need to be connected first for %s.\n", margv[0]);
+	    continue;
+	}
+	(*c->handler)(margc, margv);
+    }
+    fclose(rcfile);
+}
+
+#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
+
+/*
+ * Source route is handed in as
+ *	[!]@hop1@hop2...[@|:]dst
+ * If the leading ! is present, it is a
+ * strict source route, otherwise it is
+ * assmed to be a loose source route.
+ *
+ * We fill in the source route option as
+ *	hop1,hop2,hop3...dest
+ * and return a pointer to hop1, which will
+ * be the address to connect() to.
+ *
+ * Arguments:
+ *	arg:	pointer to route list to decipher
+ *
+ *	cpp: 	If *cpp is not equal to NULL, this is a
+ *		pointer to a pointer to a character array
+ *		that should be filled in with the option.
+ *
+ *	lenp:	pointer to an integer that contains the
+ *		length of *cpp if *cpp != NULL.
+ *
+ * Return values:
+ *
+ *	Returns the address of the host to connect to.  If the
+ *	return value is -1, there was a syntax error in the
+ *	option, either unknown characters, or too many hosts.
+ *	If the return value is 0, one of the hostnames in the
+ *	path is unknown, and *cpp is set to point to the bad
+ *	hostname.
+ *
+ *	*cpp:	If *cpp was equal to NULL, it will be filled
+ *		in with a pointer to our static area that has
+ *		the option filled in.  This will be 32bit aligned.
+ *
+ *	*lenp:	This will be filled in with how long the option
+ *		pointed to by *cpp is.
+ *
+ */
+	unsigned long
+sourceroute(arg, cpp, lenp)
+	char	*arg;
+	char	**cpp;
+	int	*lenp;
+{
+	static char lsr[44];
+#ifdef	sysV88
+	static IOPTN ipopt;
+#endif
+	char *cp, *cp2, *lsrp, *lsrep;
+	register int tmp;
+	struct in_addr sin_addr;
+	register struct hostent *host = 0;
+	register char c;
+
+	/*
+	 * Verify the arguments, and make sure we have
+	 * at least 7 bytes for the option.
+	 */
+	if (cpp == NULL || lenp == NULL)
+		return((unsigned long)-1);
+	if (*cpp != NULL && *lenp < 7)
+		return((unsigned long)-1);
+	/*
+	 * Decide whether we have a buffer passed to us,
+	 * or if we need to use our own static buffer.
+	 */
+	if (*cpp) {
+		lsrp = *cpp;
+		lsrep = lsrp + *lenp;
+	} else {
+		*cpp = lsrp = lsr;
+		lsrep = lsrp + 44;
+	}
+
+	cp = arg;
+
+	/*
+	 * Next, decide whether we have a loose source
+	 * route or a strict source route, and fill in
+	 * the begining of the option.
+	 */
+#ifndef	sysV88
+	if (*cp == '!') {
+		cp++;
+		*lsrp++ = IPOPT_SSRR;
+	} else
+		*lsrp++ = IPOPT_LSRR;
+#else
+	if (*cp == '!') {
+		cp++;
+		ipopt.io_type = IPOPT_SSRR;
+	} else
+		ipopt.io_type = IPOPT_LSRR;
+#endif
+
+	if (*cp != '@')
+		return((unsigned long)-1);
+
+#ifndef	sysV88
+	lsrp++;		/* skip over length, we'll fill it in later */
+	*lsrp++ = 4;
+#endif
+
+	cp++;
+
+	sin_addr.s_addr = 0;
+
+	for (c = 0;;) {
+		if (c == ':')
+			cp2 = 0;
+		else for (cp2 = cp; (c = *cp2); cp2++) {
+			if (c == ',') {
+				*cp2++ = '\0';
+				if (*cp2 == '@')
+					cp2++;
+			} else if (c == '@') {
+				*cp2++ = '\0';
+			} else if (c == ':') {
+				*cp2++ = '\0';
+			} else
+				continue;
+			break;
+		}
+		if (!c)
+			cp2 = 0;
+
+		if ((tmp = inet_addr(cp)) != -1) {
+			sin_addr.s_addr = tmp;
+		} else if ((host = gethostbyname(cp))) {
+#if	defined(h_addr)
+			memmove((caddr_t)&sin_addr,
+				host->h_addr_list[0], host->h_length);
+#else
+			memmove((caddr_t)&sin_addr, host->h_addr, host->h_length);
+#endif
+		} else {
+			*cpp = cp;
+			return(0);
+		}
+		memmove(lsrp, (char *)&sin_addr, 4);
+		lsrp += 4;
+		if (cp2)
+			cp = cp2;
+		else
+			break;
+		/*
+		 * Check to make sure there is space for next address
+		 */
+		if (lsrp + 4 > lsrep)
+			return((unsigned long)-1);
+	}
+#ifndef	sysV88
+	if ((*(*cpp+IPOPT_OLEN) = lsrp - *cpp) <= 7) {
+		*cpp = 0;
+		*lenp = 0;
+		return((unsigned long)-1);
+	}
+	*lsrp++ = IPOPT_NOP; /* 32 bit word align it */
+	*lenp = lsrp - *cpp;
+#else
+	ipopt.io_len = lsrp - *cpp;
+	if (ipopt.io_len <= 5) {		/* Is 3 better ? */
+		*cpp = 0;
+		*lenp = 0;
+		return((unsigned long)-1);
+	}
+	*lenp = sizeof(ipopt);
+	*cpp = (char *) &ipopt;
+#endif
+	return(sin_addr.s_addr);
+}
+#endif
diff --git a/crypto/telnet/telnet/defines.h b/crypto/telnet/telnet/defines.h
new file mode 100644
index 0000000..0978173
--- /dev/null
+++ b/crypto/telnet/telnet/defines.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)defines.h	8.1 (Berkeley) 6/6/93
+ */
+
+#define	settimer(x)	clocks.x = clocks.system++
+
+#if	!defined(TN3270)
+
+#define	SetIn3270()
+
+#endif	/* !defined(TN3270) */
+
+#define	NETADD(c)	{ *netoring.supply = c; ring_supplied(&netoring, 1); }
+#define	NET2ADD(c1,c2)	{ NETADD(c1); NETADD(c2); }
+#define	NETBYTES()	(ring_full_count(&netoring))
+#define	NETROOM()	(ring_empty_count(&netoring))
+
+#define	TTYADD(c)	if (!(SYNCHing||flushout)) { \
+				*ttyoring.supply = c; \
+				ring_supplied(&ttyoring, 1); \
+			}
+#define	TTYBYTES()	(ring_full_count(&ttyoring))
+#define	TTYROOM()	(ring_empty_count(&ttyoring))
+
+/*	Various modes */
+#define	MODE_LOCAL_CHARS(m)	((m)&(MODE_EDIT|MODE_TRAPSIG))
+#define	MODE_LOCAL_ECHO(m)	((m)&MODE_ECHO)
+#define	MODE_COMMAND_LINE(m)	((m)==-1)
+
+#define	CONTROL(x)	((x)&0x1f)		/* CTRL(x) is not portable */
diff --git a/crypto/telnet/telnet/externs.h b/crypto/telnet/telnet/externs.h
new file mode 100644
index 0000000..0c6894f
--- /dev/null
+++ b/crypto/telnet/telnet/externs.h
@@ -0,0 +1,492 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)externs.h	8.3 (Berkeley) 5/30/95
+ */
+
+#ifndef	BSD
+# define BSD 43
+#endif
+
+/*
+ * ucb stdio.h defines BSD as something wierd
+ */
+#if defined(sun) && defined(__svr4__)
+#define BSD 43
+#endif
+
+#ifndef	USE_TERMIO
+# if BSD > 43 || defined(SYSV_TERMIO)
+#  define USE_TERMIO
+# endif
+#endif
+
+#include <stdio.h>
+#include <setjmp.h>
+#if defined(CRAY) && !defined(NO_BSD_SETJMP)
+#include <bsdsetjmp.h>
+#endif
+#ifndef	FILIO_H
+#include <sys/ioctl.h>
+#else
+#include <sys/filio.h>
+#endif
+#ifdef CRAY
+# include <errno.h>
+#endif /* CRAY */
+#ifdef	USE_TERMIO
+# ifndef	VINTR
+#  ifdef SYSV_TERMIO
+#   include <sys/termio.h>
+#  else
+#   include <sys/termios.h>
+#   define termio termios
+#  endif
+# endif
+#endif
+#if defined(NO_CC_T) || !defined(USE_TERMIO)
+# if !defined(USE_TERMIO)
+typedef char cc_t;
+# else
+typedef unsigned char cc_t;
+# endif
+#endif
+
+#ifndef	NO_STRING_H
+#include <string.h>
+#else
+#include <strings.h>
+#endif
+
+#ifndef	_POSIX_VDISABLE
+# ifdef sun
+#  include <sys/param.h>	/* pick up VDISABLE definition, mayby */
+# endif
+# ifdef VDISABLE
+#  define _POSIX_VDISABLE VDISABLE
+# else
+#  define _POSIX_VDISABLE ((cc_t)'\377')
+# endif
+#endif
+
+#define	SUBBUFSIZE	256
+
+#ifndef CRAY
+extern int errno;		/* outside this world */
+#endif /* !CRAY */
+
+#if	!defined(P)
+# ifdef	__STDC__
+#  define	P(x)	x
+# else
+#  define	P(x)	()
+# endif
+#endif
+
+extern int
+    autologin,		/* Autologin enabled */
+    skiprc,		/* Don't process the ~/.telnetrc file */
+    eight,		/* use eight bit mode (binary in and/or out */
+    flushout,		/* flush output */
+    connected,		/* Are we connected to the other side? */
+    globalmode,		/* Mode tty should be in */
+    In3270,		/* Are we in 3270 mode? */
+    telnetport,		/* Are we connected to the telnet port? */
+    localflow,		/* Flow control handled locally */
+    restartany,		/* If flow control, restart output on any character */
+    localchars,		/* we recognize interrupt/quit */
+    donelclchars,	/* the user has set "localchars" */
+    showoptions,
+    net,		/* Network file descriptor */
+    tin,		/* Terminal input file descriptor */
+    tout,		/* Terminal output file descriptor */
+    crlf,		/* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
+    autoflush,		/* flush output when interrupting? */
+    autosynch,		/* send interrupt characters with SYNCH? */
+    SYNCHing,		/* Is the stream in telnet SYNCH mode? */
+    donebinarytoggle,	/* the user has put us in binary */
+    dontlecho,		/* do we suppress local echoing right now? */
+    crmod,
+    netdata,		/* Print out network data flow */
+    prettydump,		/* Print "netdata" output in user readable format */
+#if	defined(unix)
+#if	defined(TN3270)
+    cursesdata,		/* Print out curses data flow */
+    apitrace,		/* Trace API transactions */
+#endif	/* defined(TN3270) */
+    termdata,		/* Print out terminal data flow */
+#endif	/* defined(unix) */
+    debug,		/* Debug level */
+    doaddrlookup,	/* do a reverse lookup? */
+    clienteof;		/* Client received EOF */
+
+extern cc_t escape;	/* Escape to command mode */
+extern cc_t rlogin;	/* Rlogin mode escape character */
+#ifdef	KLUDGELINEMODE
+extern cc_t echoc;	/* Toggle local echoing */
+#endif
+
+extern char
+    *prompt;		/* Prompt for command. */
+
+extern char
+    doopt[],
+    dont[],
+    will[],
+    wont[],
+    options[],		/* All the little options */
+    *hostname;		/* Who are we connected to? */
+#ifdef	ENCRYPTION
+extern void (*encrypt_output) P((unsigned char *, int));
+extern int (*decrypt_input) P((int));
+#endif	/* ENCRYPTION */
+
+/*
+ * We keep track of each side of the option negotiation.
+ */
+
+#define	MY_STATE_WILL		0x01
+#define	MY_WANT_STATE_WILL	0x02
+#define	MY_STATE_DO		0x04
+#define	MY_WANT_STATE_DO	0x08
+
+/*
+ * Macros to check the current state of things
+ */
+
+#define	my_state_is_do(opt)		(options[opt]&MY_STATE_DO)
+#define	my_state_is_will(opt)		(options[opt]&MY_STATE_WILL)
+#define my_want_state_is_do(opt)	(options[opt]&MY_WANT_STATE_DO)
+#define my_want_state_is_will(opt)	(options[opt]&MY_WANT_STATE_WILL)
+
+#define	my_state_is_dont(opt)		(!my_state_is_do(opt))
+#define	my_state_is_wont(opt)		(!my_state_is_will(opt))
+#define my_want_state_is_dont(opt)	(!my_want_state_is_do(opt))
+#define my_want_state_is_wont(opt)	(!my_want_state_is_will(opt))
+
+#define	set_my_state_do(opt)		{options[opt] |= MY_STATE_DO;}
+#define	set_my_state_will(opt)		{options[opt] |= MY_STATE_WILL;}
+#define	set_my_want_state_do(opt)	{options[opt] |= MY_WANT_STATE_DO;}
+#define	set_my_want_state_will(opt)	{options[opt] |= MY_WANT_STATE_WILL;}
+
+#define	set_my_state_dont(opt)		{options[opt] &= ~MY_STATE_DO;}
+#define	set_my_state_wont(opt)		{options[opt] &= ~MY_STATE_WILL;}
+#define	set_my_want_state_dont(opt)	{options[opt] &= ~MY_WANT_STATE_DO;}
+#define	set_my_want_state_wont(opt)	{options[opt] &= ~MY_WANT_STATE_WILL;}
+
+/*
+ * Make everything symetrical
+ */
+
+#define	HIS_STATE_WILL			MY_STATE_DO
+#define	HIS_WANT_STATE_WILL		MY_WANT_STATE_DO
+#define HIS_STATE_DO			MY_STATE_WILL
+#define HIS_WANT_STATE_DO		MY_WANT_STATE_WILL
+
+#define	his_state_is_do			my_state_is_will
+#define	his_state_is_will		my_state_is_do
+#define his_want_state_is_do		my_want_state_is_will
+#define his_want_state_is_will		my_want_state_is_do
+
+#define	his_state_is_dont		my_state_is_wont
+#define	his_state_is_wont		my_state_is_dont
+#define his_want_state_is_dont		my_want_state_is_wont
+#define his_want_state_is_wont		my_want_state_is_dont
+
+#define	set_his_state_do		set_my_state_will
+#define	set_his_state_will		set_my_state_do
+#define	set_his_want_state_do		set_my_want_state_will
+#define	set_his_want_state_will		set_my_want_state_do
+
+#define	set_his_state_dont		set_my_state_wont
+#define	set_his_state_wont		set_my_state_dont
+#define	set_his_want_state_dont		set_my_want_state_wont
+#define	set_his_want_state_wont		set_my_want_state_dont
+
+
+extern FILE
+    *NetTrace;		/* Where debugging output goes */
+extern unsigned char
+    NetTraceFile[];	/* Name of file where debugging output goes */
+extern void
+    SetNetTrace P((char *));	/* Function to change where debugging goes */
+
+extern jmp_buf
+    peerdied,
+    toplevel;		/* For error conditions. */
+
+extern void
+    command P((int, char *, int)),
+    Dump P((int, unsigned char *, int)),
+    ExitString P((char *, int)),
+    init_3270 P((void)),
+    printoption P((char *, int, int)),
+    printsub P((int, unsigned char *, int)),
+    sendnaws P((void)),
+    setconnmode P((int)),
+    setcommandmode P((void)),
+    setneturg P((void)),
+    sys_telnet_init P((void)),
+    telnet P((char *)),
+    tel_enter_binary P((int)),
+    TerminalFlushOutput P((void)),
+    TerminalNewMode P((int)),
+    TerminalRestoreState P((void)),
+    TerminalSaveState P((void)),
+    tninit P((void)),
+    upcase P((char *)),
+    willoption P((int)),
+    wontoption P((int));
+
+extern void
+    send_do P((int, int)),
+    send_dont P((int, int)),
+    send_will P((int, int)),
+    send_wont P((int, int));
+
+extern void
+    lm_will P((unsigned char *, int)),
+    lm_wont P((unsigned char *, int)),
+    lm_do P((unsigned char *, int)),
+    lm_dont P((unsigned char *, int)),
+    lm_mode P((unsigned char *, int, int));
+
+extern void
+    slc_init P((void)),
+    slcstate P((void)),
+    slc_mode_export P((void)),
+    slc_mode_import P((int)),
+    slc_import P((int)),
+    slc_export P((void)),
+    slc P((unsigned char *, int)),
+    slc_check P((void)),
+    slc_start_reply P((void)),
+    slc_add_reply P((int, int, int)),
+    slc_end_reply P((void));
+extern int
+    NetClose P((int)),
+    netflush P((void)),
+    SetSockOpt P((int, int, int, int)),
+    slc_update P((void)),
+    telrcv P((void)),
+    TerminalWrite P((char *, int)),
+    TerminalAutoFlush P((void)),
+    ttyflush P((int));
+
+extern void
+    env_opt P((unsigned char *, int)),
+    env_opt_start P((void)),
+    env_opt_start_info P((void)),
+    env_opt_add P((unsigned char *)),
+    env_opt_end P((int));
+
+extern unsigned char
+    *env_default P((int, int)),
+    *env_getvalue P((unsigned char *));
+
+extern int
+    get_status P((void)),
+    dosynch P((void));
+
+extern cc_t
+    *tcval P((int));
+
+#ifndef	USE_TERMIO
+
+extern struct	tchars ntc;
+extern struct	ltchars nltc;
+extern struct	sgttyb nttyb;
+
+# define termEofChar		ntc.t_eofc
+# define termEraseChar		nttyb.sg_erase
+# define termFlushChar		nltc.t_flushc
+# define termIntChar		ntc.t_intrc
+# define termKillChar		nttyb.sg_kill
+# define termLiteralNextChar	nltc.t_lnextc
+# define termQuitChar		ntc.t_quitc
+# define termSuspChar		nltc.t_suspc
+# define termRprntChar		nltc.t_rprntc
+# define termWerasChar		nltc.t_werasc
+# define termStartChar		ntc.t_startc
+# define termStopChar		ntc.t_stopc
+# define termForw1Char		ntc.t_brkc
+extern cc_t termForw2Char;
+extern cc_t termAytChar;
+
+# define termEofCharp		(cc_t *)&ntc.t_eofc
+# define termEraseCharp		(cc_t *)&nttyb.sg_erase
+# define termFlushCharp		(cc_t *)&nltc.t_flushc
+# define termIntCharp		(cc_t *)&ntc.t_intrc
+# define termKillCharp		(cc_t *)&nttyb.sg_kill
+# define termLiteralNextCharp	(cc_t *)&nltc.t_lnextc
+# define termQuitCharp		(cc_t *)&ntc.t_quitc
+# define termSuspCharp		(cc_t *)&nltc.t_suspc
+# define termRprntCharp		(cc_t *)&nltc.t_rprntc
+# define termWerasCharp		(cc_t *)&nltc.t_werasc
+# define termStartCharp		(cc_t *)&ntc.t_startc
+# define termStopCharp		(cc_t *)&ntc.t_stopc
+# define termForw1Charp		(cc_t *)&ntc.t_brkc
+# define termForw2Charp		(cc_t *)&termForw2Char
+# define termAytCharp		(cc_t *)&termAytChar
+
+# else
+
+extern struct	termio new_tc;
+
+# define termEofChar		new_tc.c_cc[VEOF]
+# define termEraseChar		new_tc.c_cc[VERASE]
+# define termIntChar		new_tc.c_cc[VINTR]
+# define termKillChar		new_tc.c_cc[VKILL]
+# define termQuitChar		new_tc.c_cc[VQUIT]
+
+# ifndef	VSUSP
+extern cc_t termSuspChar;
+# else
+#  define termSuspChar		new_tc.c_cc[VSUSP]
+# endif
+# if	defined(VFLUSHO) && !defined(VDISCARD)
+#  define VDISCARD VFLUSHO
+# endif
+# ifndef	VDISCARD
+extern cc_t termFlushChar;
+# else
+#  define termFlushChar		new_tc.c_cc[VDISCARD]
+# endif
+# ifndef VWERASE
+extern cc_t termWerasChar;
+# else
+#  define termWerasChar		new_tc.c_cc[VWERASE]
+# endif
+# ifndef	VREPRINT
+extern cc_t termRprntChar;
+# else
+#  define termRprntChar		new_tc.c_cc[VREPRINT]
+# endif
+# ifndef	VLNEXT
+extern cc_t termLiteralNextChar;
+# else
+#  define termLiteralNextChar	new_tc.c_cc[VLNEXT]
+# endif
+# ifndef	VSTART
+extern cc_t termStartChar;
+# else
+#  define termStartChar		new_tc.c_cc[VSTART]
+# endif
+# ifndef	VSTOP
+extern cc_t termStopChar;
+# else
+#  define termStopChar		new_tc.c_cc[VSTOP]
+# endif
+# ifndef	VEOL
+extern cc_t termForw1Char;
+# else
+#  define termForw1Char		new_tc.c_cc[VEOL]
+# endif
+# ifndef	VEOL2
+extern cc_t termForw2Char;
+# else
+#  define termForw2Char		new_tc.c_cc[VEOL]
+# endif
+# ifndef	VSTATUS
+extern cc_t termAytChar;
+#else
+#  define termAytChar		new_tc.c_cc[VSTATUS]
+#endif
+
+# if !defined(CRAY) || defined(__STDC__)
+#  define termEofCharp		&termEofChar
+#  define termEraseCharp	&termEraseChar
+#  define termIntCharp		&termIntChar
+#  define termKillCharp		&termKillChar
+#  define termQuitCharp		&termQuitChar
+#  define termSuspCharp		&termSuspChar
+#  define termFlushCharp	&termFlushChar
+#  define termWerasCharp	&termWerasChar
+#  define termRprntCharp	&termRprntChar
+#  define termLiteralNextCharp	&termLiteralNextChar
+#  define termStartCharp	&termStartChar
+#  define termStopCharp		&termStopChar
+#  define termForw1Charp	&termForw1Char
+#  define termForw2Charp	&termForw2Char
+#  define termAytCharp		&termAytChar
+# else
+	/* Work around a compiler bug */
+#  define termEofCharp		0
+#  define termEraseCharp	0
+#  define termIntCharp		0
+#  define termKillCharp		0
+#  define termQuitCharp		0
+#  define termSuspCharp		0
+#  define termFlushCharp	0
+#  define termWerasCharp	0
+#  define termRprntCharp	0
+#  define termLiteralNextCharp	0
+#  define termStartCharp	0
+#  define termStopCharp		0
+#  define termForw1Charp	0
+#  define termForw2Charp	0
+#  define termAytCharp		0
+# endif
+#endif
+
+
+/* Ring buffer structures which are shared */
+
+extern Ring
+    netoring,
+    netiring,
+    ttyoring,
+    ttyiring;
+
+/* Tn3270 section */
+#if	defined(TN3270)
+
+extern int
+    HaveInput,		/* Whether an asynchronous I/O indication came in */
+    noasynchtty,	/* Don't do signals on I/O (SIGURG, SIGIO) */
+    noasynchnet,	/* Don't do signals on I/O (SIGURG, SIGIO) */
+    sigiocount,		/* Count of SIGIO receptions */
+    shell_active;	/* Subshell is active */
+
+extern char
+    *Ibackp,		/* Oldest byte of 3270 data */
+    Ibuf[],		/* 3270 buffer */
+    *Ifrontp,		/* Where next 3270 byte goes */
+    tline[],
+    *transcom;		/* Transparent command */
+
+extern int
+    settranscom P((int, char**));
+
+extern void
+    inputAvailable P((int));
+#endif	/* defined(TN3270) */
diff --git a/crypto/telnet/telnet/fdset.h b/crypto/telnet/telnet/fdset.h
new file mode 100644
index 0000000..045bb72
--- /dev/null
+++ b/crypto/telnet/telnet/fdset.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)fdset.h	8.1 (Berkeley) 6/6/93
+ */
+
+/*
+ * The following is defined just in case someone should want to run
+ * this telnet on a 4.2 system.
+ *
+ */
+
+#ifndef	FD_SETSIZE
+
+#define	FD_SET(n, p)	((p)->fds_bits[0] |= (1<<(n)))
+#define	FD_CLR(n, p)	((p)->fds_bits[0] &= ~(1<<(n)))
+#define	FD_ISSET(n, p)	((p)->fds_bits[0] & (1<<(n)))
+#define FD_ZERO(p)	((p)->fds_bits[0] = 0)
+
+#endif
diff --git a/crypto/telnet/telnet/general.h b/crypto/telnet/telnet/general.h
new file mode 100644
index 0000000..4efa951
--- /dev/null
+++ b/crypto/telnet/telnet/general.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)general.h	8.1 (Berkeley) 6/6/93
+ */
+
+/*
+ * Some general definitions.
+ */
+
+
+#define	numberof(x)	(sizeof x/sizeof x[0])
+#define	highestof(x)	(numberof(x)-1)
+
+#define	ClearElement(x)		memset((char *)&x, 0, sizeof x)
+#define	ClearArray(x)		memset((char *)x, 0, sizeof x)
diff --git a/crypto/telnet/telnet/main.c b/crypto/telnet/telnet/main.c
new file mode 100644
index 0000000..2dc05fd
--- /dev/null
+++ b/crypto/telnet/telnet/main.c
@@ -0,0 +1,350 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char copyright[] =
+"@(#) Copyright (c) 1988, 1990, 1993\n\
+	The Regents of the University of California.  All rights reserved.\n";
+#endif /* not lint */
+
+#ifndef lint
+static const char sccsid[] = "@(#)main.c	8.3 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+#include <sys/types.h>
+#include <stdlib.h>
+
+#include "ring.h"
+#include "externs.h"
+#include "defines.h"
+
+#if	defined(AUTHENTICATION)
+#include <libtelnet/auth.h>
+#endif
+#if	defined(ENCRYPTION)
+#include <libtelnet/encrypt.h>
+#endif
+
+/* These values need to be the same as defined in libtelnet/kerberos5.c */
+/* Either define them in both places, or put in some common header file. */
+#define OPTS_FORWARD_CREDS	0x00000002
+#define OPTS_FORWARDABLE_CREDS	0x00000001
+
+#if 0
+#define FORWARD
+#endif
+
+void init_terminal(void);
+void init_network(void);
+void init_telnet(void);
+void init_sys(void);
+void init_3270(void);
+
+/*
+ * Initialize variables.
+ */
+    void
+tninit()
+{
+    init_terminal();
+
+    init_network();
+
+    init_telnet();
+
+    init_sys();
+
+#if defined(TN3270)
+    init_3270();
+#endif
+}
+
+	void
+usage()
+{
+	fprintf(stderr, "Usage: %s %s%s%s%s\n",
+	    prompt,
+#ifdef	AUTHENTICATION
+	    "[-8] [-E] [-K] [-L] [-N] [-S tos] [-X atype] [-a] [-c] [-d]",
+	    "\n\t[-e char] [-k realm] [-l user] [-f/-F] [-n tracefile] ",
+#else
+	    "[-8] [-E] [-L] [-N] [-S tos] [-a] [-c] [-d] [-e char] [-l user]",
+	    "\n\t[-n tracefile] ",
+#endif
+#if defined(TN3270) && defined(unix)
+# ifdef AUTHENTICATION
+	    "[-noasynch] [-noasynctty]\n\t"
+	    "[-noasyncnet] [-r] [-s src_addr] [-t transcom] ",
+# else
+	    "[-noasynch] [-noasynctty] [-noasyncnet] [-r]\n\t"
+	    "[-s src_addr] [-t transcom]",
+# endif
+#else
+	    "[-r] [-s src_addr] ",
+#endif
+#ifdef	ENCRYPTION
+	    "[-x] [host-name [port]]"
+#else	/* ENCRYPTION */
+	    "[host-name [port]]"
+#endif	/* ENCRYPTION */
+	);
+	exit(1);
+}
+
+/*
+ * main.  Parse arguments, invoke the protocol or command parser.
+ */
+
+	int
+main(argc, argv)
+	int argc;
+	char *argv[];
+{
+	extern char *optarg;
+	extern int optind;
+	int ch;
+	char *user, *strrchr();
+	char *src_addr = NULL;
+#ifdef	FORWARD
+	extern int forward_flags;
+#endif	/* FORWARD */
+
+	tninit();		/* Clear out things */
+#if	defined(CRAY) && !defined(__STDC__)
+	_setlist_init();	/* Work around compiler bug */
+#endif
+
+	TerminalSaveState();
+
+	if ((prompt = strrchr(argv[0], '/')))
+		++prompt;
+	else
+		prompt = argv[0];
+
+	user = NULL;
+
+	rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
+	autologin = -1;
+
+	while ((ch = getopt(argc, argv, "8EKLNS:X:acde:fFk:l:n:rs:t:x")) != EOF) {
+		switch(ch) {
+		case '8':
+			eight = 3;	/* binary output and input */
+			break;
+		case 'E':
+			rlogin = escape = _POSIX_VDISABLE;
+			break;
+		case 'K':
+#ifdef	AUTHENTICATION
+			autologin = 0;
+#endif
+			break;
+		case 'L':
+			eight |= 2;	/* binary output only */
+			break;
+		case 'N':
+			doaddrlookup = 0;
+			break;
+		case 'S':
+		    {
+#ifdef	HAS_GETTOS
+			extern int tos;
+
+			if ((tos = parsetos(optarg, "tcp")) < 0)
+				fprintf(stderr, "%s%s%s%s\n",
+					prompt, ": Bad TOS argument '",
+					optarg,
+					"; will try to use default TOS");
+#else
+			fprintf(stderr,
+			   "%s: Warning: -S ignored, no parsetos() support.\n",
+								prompt);
+#endif
+		    }
+			break;
+		case 'X':
+#ifdef	AUTHENTICATION
+			auth_disable_name(optarg);
+#endif
+			break;
+		case 'a':
+			autologin = 1;
+			break;
+		case 'c':
+			skiprc = 1;
+			break;
+		case 'd':
+			debug = 1;
+			break;
+		case 'e':
+			set_escape_char(optarg);
+			break;
+		case 'f':
+#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
+			if (forward_flags & OPTS_FORWARD_CREDS) {
+			    fprintf(stderr,
+				    "%s: Only one of -f and -F allowed.\n",
+				    prompt);
+			    usage();
+			}
+			forward_flags |= OPTS_FORWARD_CREDS;
+#else
+			fprintf(stderr,
+			 "%s: Warning: -f ignored, no Kerberos V5 support.\n",
+				prompt);
+#endif
+			break;
+		case 'F':
+#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
+			if (forward_flags & OPTS_FORWARD_CREDS) {
+			    fprintf(stderr,
+				    "%s: Only one of -f and -F allowed.\n",
+				    prompt);
+			    usage();
+			}
+			forward_flags |= OPTS_FORWARD_CREDS;
+			forward_flags |= OPTS_FORWARDABLE_CREDS;
+#else
+			fprintf(stderr,
+			 "%s: Warning: -F ignored, no Kerberos V5 support.\n",
+				prompt);
+#endif
+			break;
+		case 'k':
+#if defined(AUTHENTICATION) && defined(KRB4)
+		    {
+			extern char *dest_realm, dst_realm_buf[], dst_realm_sz;
+			dest_realm = dst_realm_buf;
+			(void)strncpy(dest_realm, optarg, dst_realm_sz);
+		    }
+#else
+			fprintf(stderr,
+			   "%s: Warning: -k ignored, no Kerberos V4 support.\n",
+								prompt);
+#endif
+			break;
+		case 'l':
+			autologin = 1;
+			user = optarg;
+			break;
+		case 'n':
+#if defined(TN3270) && defined(unix)
+			/* distinguish between "-n oasynch" and "-noasynch" */
+			if (argv[optind - 1][0] == '-' && argv[optind - 1][1]
+			    == 'n' && argv[optind - 1][2] == 'o') {
+				if (!strcmp(optarg, "oasynch")) {
+					noasynchtty = 1;
+					noasynchnet = 1;
+				} else if (!strcmp(optarg, "oasynchtty"))
+					noasynchtty = 1;
+				else if (!strcmp(optarg, "oasynchnet"))
+					noasynchnet = 1;
+			} else
+#endif	/* defined(TN3270) && defined(unix) */
+				SetNetTrace(optarg);
+			break;
+		case 'r':
+			rlogin = '~';
+			break;
+		case 's':
+			src_addr = optarg;
+			break;
+		case 't':
+#if defined(TN3270) && defined(unix)
+			transcom = tline;
+			(void)strcpy(transcom, optarg);
+#else
+			fprintf(stderr,
+			   "%s: Warning: -t ignored, no TN3270 support.\n",
+								prompt);
+#endif
+			break;
+		case 'x':
+#ifdef	ENCRYPTION
+			encrypt_auto(1);
+			decrypt_auto(1);
+#else	/* ENCRYPTION */
+			fprintf(stderr,
+			    "%s: Warning: -x ignored, no ENCRYPT support.\n",
+								prompt);
+#endif	/* ENCRYPTION */
+			break;
+		case '?':
+		default:
+			usage();
+			/* NOTREACHED */
+		}
+	}
+	if (autologin == -1)
+		autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
+
+	argc -= optind;
+	argv += optind;
+
+	if (argc) {
+		char *args[9], **argp = args;
+
+		if (argc > 2)
+			usage();
+		*argp++ = prompt;
+		if (user) {
+			*argp++ = "-l";
+			*argp++ = user;
+		}
+		if (src_addr) {
+			*argp++ = "-s";
+			*argp++ = src_addr;
+		}
+		*argp++ = argv[0];		/* host */
+		if (argc > 1)
+			*argp++ = argv[1];	/* port */
+		*argp = 0;
+
+		if (setjmp(toplevel) != 0)
+			Exit(0);
+		if (tn(argp - args, args) == 1)
+			return (0);
+		else
+			return (1);
+	}
+	(void)setjmp(toplevel);
+	for (;;) {
+#ifdef TN3270
+		if (shell_active)
+			shell_continue();
+		else
+#endif
+			command(1, 0, 0);
+	}
+	return 0;
+}
diff --git a/crypto/telnet/telnet/network.c b/crypto/telnet/telnet/network.c
new file mode 100644
index 0000000..9964bc2
--- /dev/null
+++ b/crypto/telnet/telnet/network.c
@@ -0,0 +1,178 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char sccsid[] = "@(#)network.c	8.2 (Berkeley) 12/15/93";
+#endif /* not lint */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+
+#include <errno.h>
+
+#include <arpa/telnet.h>
+#include <unistd.h>
+
+#include "ring.h"
+
+#include "defines.h"
+#include "externs.h"
+#include "fdset.h"
+
+Ring		netoring, netiring;
+unsigned char	netobuf[2*BUFSIZ], netibuf[BUFSIZ];
+
+/*
+ * Initialize internal network data structures.
+ */
+
+    void
+init_network()
+{
+    if (ring_init(&netoring, netobuf, sizeof netobuf) != 1) {
+	exit(1);
+    }
+    if (ring_init(&netiring, netibuf, sizeof netibuf) != 1) {
+	exit(1);
+    }
+    NetTrace = stdout;
+}
+
+
+/*
+ * Check to see if any out-of-band data exists on a socket (for
+ * Telnet "synch" processing).
+ */
+
+    int
+stilloob()
+{
+    static struct timeval timeout = { 0 };
+    fd_set	excepts;
+    int value;
+
+    do {
+	FD_ZERO(&excepts);
+	FD_SET(net, &excepts);
+	value = select(net+1, (fd_set *)0, (fd_set *)0, &excepts, &timeout);
+    } while ((value == -1) && (errno == EINTR));
+
+    if (value < 0) {
+	perror("select");
+	(void) quit();
+	/* NOTREACHED */
+    }
+    if (FD_ISSET(net, &excepts)) {
+	return 1;
+    } else {
+	return 0;
+    }
+}
+
+
+/*
+ *  setneturg()
+ *
+ *	Sets "neturg" to the current location.
+ */
+
+    void
+setneturg()
+{
+    ring_mark(&netoring);
+}
+
+
+/*
+ *  netflush
+ *		Send as much data as possible to the network,
+ *	handling requests for urgent data.
+ *
+ *		The return value indicates whether we did any
+ *	useful work.
+ */
+
+
+    int
+netflush()
+{
+    register int n, n1;
+
+#ifdef	ENCRYPTION
+    if (encrypt_output)
+	ring_encrypt(&netoring, encrypt_output);
+#endif	/* ENCRYPTION */
+    if ((n1 = n = ring_full_consecutive(&netoring)) > 0) {
+	if (!ring_at_mark(&netoring)) {
+	    n = send(net, (char *)netoring.consume, n, 0); /* normal write */
+	} else {
+	    /*
+	     * In 4.2 (and 4.3) systems, there is some question about
+	     * what byte in a sendOOB operation is the "OOB" data.
+	     * To make ourselves compatible, we only send ONE byte
+	     * out of band, the one WE THINK should be OOB (though
+	     * we really have more the TCP philosophy of urgent data
+	     * rather than the Unix philosophy of OOB data).
+	     */
+	    n = send(net, (char *)netoring.consume, 1, MSG_OOB);/* URGENT data */
+	}
+    }
+    if (n < 0) {
+	if (errno != ENOBUFS && errno != EWOULDBLOCK) {
+	    setcommandmode();
+	    perror(hostname);
+	    (void)NetClose(net);
+	    ring_clear_mark(&netoring);
+	    longjmp(peerdied, -1);
+	    /*NOTREACHED*/
+	}
+	n = 0;
+    }
+    if (netdata && n) {
+	Dump('>', netoring.consume, n);
+    }
+    if (n) {
+	ring_consumed(&netoring, n);
+	/*
+	 * If we sent all, and more to send, then recurse to pick
+	 * up the other half.
+	 */
+	if ((n1 == n) && ring_full_consecutive(&netoring)) {
+	    (void) netflush();
+	}
+	return 1;
+    } else {
+	return 0;
+    }
+}
diff --git a/crypto/telnet/telnet/ring.c b/crypto/telnet/telnet/ring.c
new file mode 100644
index 0000000..13fe6c2
--- /dev/null
+++ b/crypto/telnet/telnet/ring.c
@@ -0,0 +1,364 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char sccsid[] = "@(#)ring.c	8.2 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+/*
+ * This defines a structure for a ring buffer.
+ *
+ * The circular buffer has two parts:
+ *(((
+ *	full:	[consume, supply)
+ *	empty:	[supply, consume)
+ *]]]
+ *
+ */
+
+#include	<stdio.h>
+#include	<errno.h>
+#include	<string.h>
+
+#ifdef	size_t
+#undef	size_t
+#endif
+
+#include	<sys/types.h>
+#ifndef	FILIO_H
+#include	<sys/ioctl.h>
+#endif
+#include	<sys/socket.h>
+
+#include	"ring.h"
+#include	"general.h"
+
+/* Internal macros */
+
+#if	!defined(MIN)
+#define	MIN(a,b)	(((a)<(b))? (a):(b))
+#endif	/* !defined(MIN) */
+
+#define	ring_subtract(d,a,b)	(((a)-(b) >= 0)? \
+					(a)-(b): (((a)-(b))+(d)->size))
+
+#define	ring_increment(d,a,c)	(((a)+(c) < (d)->top)? \
+					(a)+(c) : (((a)+(c))-(d)->size))
+
+#define	ring_decrement(d,a,c)	(((a)-(c) >= (d)->bottom)? \
+					(a)-(c) : (((a)-(c))-(d)->size))
+
+
+/*
+ * The following is a clock, used to determine full, empty, etc.
+ *
+ * There is some trickiness here.  Since the ring buffers are initialized
+ * to ZERO on allocation, we need to make sure, when interpreting the
+ * clock, that when the times are EQUAL, then the buffer is FULL.
+ */
+static u_long ring_clock = 0;
+
+
+#define	ring_empty(d) (((d)->consume == (d)->supply) && \
+				((d)->consumetime >= (d)->supplytime))
+#define	ring_full(d) (((d)->supply == (d)->consume) && \
+				((d)->supplytime > (d)->consumetime))
+
+
+
+
+
+/* Buffer state transition routines */
+
+	int
+    ring_init(ring, buffer, count)
+Ring *ring;
+    unsigned char *buffer;
+    int count;
+{
+    memset((char *)ring, 0, sizeof *ring);
+
+    ring->size = count;
+
+    ring->supply = ring->consume = ring->bottom = buffer;
+
+    ring->top = ring->bottom+ring->size;
+
+#ifdef	ENCRYPTION
+    ring->clearto = 0;
+#endif	/* ENCRYPTION */
+
+    return 1;
+}
+
+/* Mark routines */
+
+/*
+ * Mark the most recently supplied byte.
+ */
+
+    void
+ring_mark(ring)
+    Ring *ring;
+{
+    ring->mark = ring_decrement(ring, ring->supply, 1);
+}
+
+/*
+ * Is the ring pointing to the mark?
+ */
+
+    int
+ring_at_mark(ring)
+    Ring *ring;
+{
+    if (ring->mark == ring->consume) {
+	return 1;
+    } else {
+	return 0;
+    }
+}
+
+/*
+ * Clear any mark set on the ring.
+ */
+
+    void
+ring_clear_mark(ring)
+    Ring *ring;
+{
+    ring->mark = 0;
+}
+
+/*
+ * Add characters from current segment to ring buffer.
+ */
+    void
+ring_supplied(ring, count)
+    Ring *ring;
+    int count;
+{
+    ring->supply = ring_increment(ring, ring->supply, count);
+    ring->supplytime = ++ring_clock;
+}
+
+/*
+ * We have just consumed "c" bytes.
+ */
+    void
+ring_consumed(ring, count)
+    Ring *ring;
+    int count;
+{
+    if (count == 0)	/* don't update anything */
+	return;
+
+    if (ring->mark &&
+		(ring_subtract(ring, ring->mark, ring->consume) < count)) {
+	ring->mark = 0;
+    }
+#ifdef	ENCRYPTION
+    if (ring->consume < ring->clearto &&
+		ring->clearto <= ring->consume + count)
+	ring->clearto = 0;
+    else if (ring->consume + count > ring->top &&
+		ring->bottom <= ring->clearto &&
+		ring->bottom + ((ring->consume + count) - ring->top))
+	ring->clearto = 0;
+#endif	/* ENCRYPTION */
+    ring->consume = ring_increment(ring, ring->consume, count);
+    ring->consumetime = ++ring_clock;
+    /*
+     * Try to encourage "ring_empty_consecutive()" to be large.
+     */
+    if (ring_empty(ring)) {
+	ring->consume = ring->supply = ring->bottom;
+    }
+}
+
+
+
+/* Buffer state query routines */
+
+
+/* Number of bytes that may be supplied */
+    int
+ring_empty_count(ring)
+    Ring *ring;
+{
+    if (ring_empty(ring)) {	/* if empty */
+	    return ring->size;
+    } else {
+	return ring_subtract(ring, ring->consume, ring->supply);
+    }
+}
+
+/* number of CONSECUTIVE bytes that may be supplied */
+    int
+ring_empty_consecutive(ring)
+    Ring *ring;
+{
+    if ((ring->consume < ring->supply) || ring_empty(ring)) {
+			    /*
+			     * if consume is "below" supply, or empty, then
+			     * return distance to the top
+			     */
+	return ring_subtract(ring, ring->top, ring->supply);
+    } else {
+				    /*
+				     * else, return what we may.
+				     */
+	return ring_subtract(ring, ring->consume, ring->supply);
+    }
+}
+
+/* Return the number of bytes that are available for consuming
+ * (but don't give more than enough to get to cross over set mark)
+ */
+
+    int
+ring_full_count(ring)
+    Ring *ring;
+{
+    if ((ring->mark == 0) || (ring->mark == ring->consume)) {
+	if (ring_full(ring)) {
+	    return ring->size;	/* nothing consumed, but full */
+	} else {
+	    return ring_subtract(ring, ring->supply, ring->consume);
+	}
+    } else {
+	return ring_subtract(ring, ring->mark, ring->consume);
+    }
+}
+
+/*
+ * Return the number of CONSECUTIVE bytes available for consuming.
+ * However, don't return more than enough to cross over set mark.
+ */
+    int
+ring_full_consecutive(ring)
+    Ring *ring;
+{
+    if ((ring->mark == 0) || (ring->mark == ring->consume)) {
+	if ((ring->supply < ring->consume) || ring_full(ring)) {
+	    return ring_subtract(ring, ring->top, ring->consume);
+	} else {
+	    return ring_subtract(ring, ring->supply, ring->consume);
+	}
+    } else {
+	if (ring->mark < ring->consume) {
+	    return ring_subtract(ring, ring->top, ring->consume);
+	} else {	/* Else, distance to mark */
+	    return ring_subtract(ring, ring->mark, ring->consume);
+	}
+    }
+}
+
+/*
+ * Move data into the "supply" portion of of the ring buffer.
+ */
+    void
+ring_supply_data(ring, buffer, count)
+    Ring *ring;
+    unsigned char *buffer;
+    int count;
+{
+    int i;
+
+    while (count) {
+	i = MIN(count, ring_empty_consecutive(ring));
+	memmove(ring->supply, buffer, i);
+	ring_supplied(ring, i);
+	count -= i;
+	buffer += i;
+    }
+}
+
+#ifdef notdef
+
+/*
+ * Move data from the "consume" portion of the ring buffer
+ */
+    void
+ring_consume_data(ring, buffer, count)
+    Ring *ring;
+    unsigned char *buffer;
+    int count;
+{
+    int i;
+
+    while (count) {
+	i = MIN(count, ring_full_consecutive(ring));
+	memmove(buffer, ring->consume, i);
+	ring_consumed(ring, i);
+	count -= i;
+	buffer += i;
+    }
+}
+#endif
+
+#ifdef	ENCRYPTION
+    void
+ring_encrypt(ring, encryptor)
+    Ring *ring;
+    void (*encryptor)();
+{
+    unsigned char *s, *c;
+
+    if (ring_empty(ring) || ring->clearto == ring->supply)
+	return;
+
+    if (!(c = ring->clearto))
+	c = ring->consume;
+
+    s = ring->supply;
+
+    if (s <= c) {
+	(*encryptor)(c, ring->top - c);
+	(*encryptor)(ring->bottom, s - ring->bottom);
+    } else
+	(*encryptor)(c, s - c);
+
+    ring->clearto = ring->supply;
+}
+
+    void
+ring_clearto(ring)
+    Ring *ring;
+{
+    if (!ring_empty(ring))
+	ring->clearto = ring->supply;
+    else
+	ring->clearto = 0;
+}
+#endif	/* ENCRYPTION */
diff --git a/crypto/telnet/telnet/ring.h b/crypto/telnet/telnet/ring.h
new file mode 100644
index 0000000..2a36781
--- /dev/null
+++ b/crypto/telnet/telnet/ring.h
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)ring.h	8.1 (Berkeley) 6/6/93
+ */
+
+#if defined(P)
+# undef P
+#endif
+
+#if defined(__STDC__) || defined(LINT_ARGS)
+# define	P(x)	x
+#else
+# define	P(x)	()
+#endif
+
+/*
+ * This defines a structure for a ring buffer.
+ *
+ * The circular buffer has two parts:
+ *(((
+ *	full:	[consume, supply)
+ *	empty:	[supply, consume)
+ *]]]
+ *
+ */
+typedef struct {
+    unsigned char	*consume,	/* where data comes out of */
+			*supply,	/* where data comes in to */
+			*bottom,	/* lowest address in buffer */
+			*top,		/* highest address+1 in buffer */
+			*mark;		/* marker (user defined) */
+#ifdef	ENCRYPTION
+    unsigned char	*clearto;	/* Data to this point is clear text */
+    unsigned char	*encryyptedto;	/* Data is encrypted to here */
+#endif	/* ENCRYPTION */
+    int		size;		/* size in bytes of buffer */
+    u_long	consumetime,	/* help us keep straight full, empty, etc. */
+		supplytime;
+} Ring;
+
+/* Here are some functions and macros to deal with the ring buffer */
+
+/* Initialization routine */
+extern int
+	ring_init P((Ring *ring, unsigned char *buffer, int count));
+
+/* Data movement routines */
+extern void
+	ring_supply_data P((Ring *ring, unsigned char *buffer, int count));
+#ifdef notdef
+extern void
+	ring_consume_data P((Ring *ring, unsigned char *buffer, int count));
+#endif
+
+/* Buffer state transition routines */
+extern void
+	ring_supplied P((Ring *ring, int count)),
+	ring_consumed P((Ring *ring, int count));
+
+/* Buffer state query routines */
+extern int
+	ring_empty_count P((Ring *ring)),
+	ring_empty_consecutive P((Ring *ring)),
+	ring_full_count P((Ring *ring)),
+	ring_full_consecutive P((Ring *ring));
+
+#ifdef	ENCRYPTION
+extern void
+	ring_encrypt P((Ring *ring, void (*func)())),
+	ring_clearto P((Ring *ring));
+#endif	/* ENCRYPTION */
+
+extern void
+    ring_clear_mark(),
+    ring_mark();
diff --git a/crypto/telnet/telnet/sys_bsd.c b/crypto/telnet/telnet/sys_bsd.c
new file mode 100644
index 0000000..ed5f459
--- /dev/null
+++ b/crypto/telnet/telnet/sys_bsd.c
@@ -0,0 +1,1221 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char sccsid[] = "@(#)sys_bsd.c	8.4 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+/*
+ * The following routines try to encapsulate what is system dependent
+ * (at least between 4.x and dos) which is used in telnet.c.
+ */
+
+
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <signal.h>
+#include <errno.h>
+#include <arpa/telnet.h>
+#include <unistd.h>
+
+#include "ring.h"
+
+#include "fdset.h"
+
+#include "defines.h"
+#include "externs.h"
+#include "types.h"
+
+#if	defined(CRAY) || (defined(USE_TERMIO) && !defined(SYSV_TERMIO))
+#define	SIG_FUNC_RET	void
+#else
+#define	SIG_FUNC_RET	int
+#endif
+
+#ifdef	SIGINFO
+extern SIG_FUNC_RET ayt_status();
+#endif
+
+int
+	tout,			/* Output file descriptor */
+	tin,			/* Input file descriptor */
+	net;
+
+#ifndef	USE_TERMIO
+struct	tchars otc = { 0 }, ntc = { 0 };
+struct	ltchars oltc = { 0 }, nltc = { 0 };
+struct	sgttyb ottyb = { 0 }, nttyb = { 0 };
+int	olmode = 0;
+# define cfgetispeed(ptr)	(ptr)->sg_ispeed
+# define cfgetospeed(ptr)	(ptr)->sg_ospeed
+# define old_tc ottyb
+
+#else	/* USE_TERMIO */
+struct	termio old_tc = { 0 };
+extern struct termio new_tc;
+
+# ifndef	TCSANOW
+#  ifdef TCSETS
+#   define	TCSANOW		TCSETS
+#   define	TCSADRAIN	TCSETSW
+#   define	tcgetattr(f, t) ioctl(f, TCGETS, (char *)t)
+#  else
+#   ifdef TCSETA
+#    define	TCSANOW		TCSETA
+#    define	TCSADRAIN	TCSETAW
+#    define	tcgetattr(f, t) ioctl(f, TCGETA, (char *)t)
+#   else
+#    define	TCSANOW		TIOCSETA
+#    define	TCSADRAIN	TIOCSETAW
+#    define	tcgetattr(f, t) ioctl(f, TIOCGETA, (char *)t)
+#   endif
+#  endif
+#  define	tcsetattr(f, a, t) ioctl(f, a, (char *)t)
+#  define	cfgetospeed(ptr)	((ptr)->c_cflag&CBAUD)
+#  ifdef CIBAUD
+#   define	cfgetispeed(ptr)	(((ptr)->c_cflag&CIBAUD) >> IBSHIFT)
+#  else
+#   define	cfgetispeed(ptr)	cfgetospeed(ptr)
+#  endif
+# endif /* TCSANOW */
+# ifdef	sysV88
+# define TIOCFLUSH TC_PX_DRAIN
+# endif
+#endif	/* USE_TERMIO */
+
+static fd_set ibits, obits, xbits;
+
+
+    void
+init_sys()
+{
+    tout = fileno(stdout);
+    tin = fileno(stdin);
+    FD_ZERO(&ibits);
+    FD_ZERO(&obits);
+    FD_ZERO(&xbits);
+
+    errno = 0;
+}
+
+
+    int
+TerminalWrite(buf, n)
+    char *buf;
+    int  n;
+{
+    return write(tout, buf, n);
+}
+
+    int
+TerminalRead(buf, n)
+    char *buf;
+    int  n;
+{
+    return read(tin, buf, n);
+}
+
+/*
+ *
+ */
+
+    int
+TerminalAutoFlush()
+{
+#if	defined(LNOFLSH)
+    int flush;
+
+    ioctl(0, TIOCLGET, (char *)&flush);
+    return !(flush&LNOFLSH);	/* if LNOFLSH, no autoflush */
+#else	/* LNOFLSH */
+    return 1;
+#endif	/* LNOFLSH */
+}
+
+#ifdef	KLUDGELINEMODE
+extern int kludgelinemode;
+#endif
+/*
+ * TerminalSpecialChars()
+ *
+ * Look at an input character to see if it is a special character
+ * and decide what to do.
+ *
+ * Output:
+ *
+ *	0	Don't add this character.
+ *	1	Do add this character
+ */
+
+extern void xmitAO(), xmitEL(), xmitEC(), intp(), sendbrk();
+
+    int
+TerminalSpecialChars(c)
+    int	c;
+{
+    if (c == termIntChar) {
+	intp();
+	return 0;
+    } else if (c == termQuitChar) {
+#ifdef	KLUDGELINEMODE
+	if (kludgelinemode)
+	    sendbrk();
+	else
+#endif
+	    sendabort();
+	return 0;
+    } else if (c == termEofChar) {
+	if (my_want_state_is_will(TELOPT_LINEMODE)) {
+	    sendeof();
+	    return 0;
+	}
+	return 1;
+    } else if (c == termSuspChar) {
+	sendsusp();
+	return(0);
+    } else if (c == termFlushChar) {
+	xmitAO();		/* Transmit Abort Output */
+	return 0;
+    } else if (!MODE_LOCAL_CHARS(globalmode)) {
+	if (c == termKillChar) {
+	    xmitEL();
+	    return 0;
+	} else if (c == termEraseChar) {
+	    xmitEC();		/* Transmit Erase Character */
+	    return 0;
+	}
+    }
+    return 1;
+}
+
+
+/*
+ * Flush output to the terminal
+ */
+
+    void
+TerminalFlushOutput()
+{
+#ifdef	TIOCFLUSH
+    (void) ioctl(fileno(stdout), TIOCFLUSH, (char *) 0);
+#else
+    (void) ioctl(fileno(stdout), TCFLSH, (char *) 0);
+#endif
+}
+
+    void
+TerminalSaveState()
+{
+#ifndef	USE_TERMIO
+    ioctl(0, TIOCGETP, (char *)&ottyb);
+    ioctl(0, TIOCGETC, (char *)&otc);
+    ioctl(0, TIOCGLTC, (char *)&oltc);
+    ioctl(0, TIOCLGET, (char *)&olmode);
+
+    ntc = otc;
+    nltc = oltc;
+    nttyb = ottyb;
+
+#else	/* USE_TERMIO */
+    tcgetattr(0, &old_tc);
+
+    new_tc = old_tc;
+
+#ifndef	VDISCARD
+    termFlushChar = CONTROL('O');
+#endif
+#ifndef	VWERASE
+    termWerasChar = CONTROL('W');
+#endif
+#ifndef	VREPRINT
+    termRprntChar = CONTROL('R');
+#endif
+#ifndef	VLNEXT
+    termLiteralNextChar = CONTROL('V');
+#endif
+#ifndef	VSTART
+    termStartChar = CONTROL('Q');
+#endif
+#ifndef	VSTOP
+    termStopChar = CONTROL('S');
+#endif
+#ifndef	VSTATUS
+    termAytChar = CONTROL('T');
+#endif
+#endif	/* USE_TERMIO */
+}
+
+    cc_t *
+tcval(func)
+    register int func;
+{
+    switch(func) {
+    case SLC_IP:	return(&termIntChar);
+    case SLC_ABORT:	return(&termQuitChar);
+    case SLC_EOF:	return(&termEofChar);
+    case SLC_EC:	return(&termEraseChar);
+    case SLC_EL:	return(&termKillChar);
+    case SLC_XON:	return(&termStartChar);
+    case SLC_XOFF:	return(&termStopChar);
+    case SLC_FORW1:	return(&termForw1Char);
+#ifdef	USE_TERMIO
+    case SLC_FORW2:	return(&termForw2Char);
+# ifdef	VDISCARD
+    case SLC_AO:	return(&termFlushChar);
+# endif
+# ifdef	VSUSP
+    case SLC_SUSP:	return(&termSuspChar);
+# endif
+# ifdef	VWERASE
+    case SLC_EW:	return(&termWerasChar);
+# endif
+# ifdef	VREPRINT
+    case SLC_RP:	return(&termRprntChar);
+# endif
+# ifdef	VLNEXT
+    case SLC_LNEXT:	return(&termLiteralNextChar);
+# endif
+# ifdef	VSTATUS
+    case SLC_AYT:	return(&termAytChar);
+# endif
+#endif
+
+    case SLC_SYNCH:
+    case SLC_BRK:
+    case SLC_EOR:
+    default:
+	return((cc_t *)0);
+    }
+}
+
+    void
+TerminalDefaultChars()
+{
+#ifndef	USE_TERMIO
+    ntc = otc;
+    nltc = oltc;
+    nttyb.sg_kill = ottyb.sg_kill;
+    nttyb.sg_erase = ottyb.sg_erase;
+#else	/* USE_TERMIO */
+    memmove(new_tc.c_cc, old_tc.c_cc, sizeof(old_tc.c_cc));
+# ifndef	VDISCARD
+    termFlushChar = CONTROL('O');
+# endif
+# ifndef	VWERASE
+    termWerasChar = CONTROL('W');
+# endif
+# ifndef	VREPRINT
+    termRprntChar = CONTROL('R');
+# endif
+# ifndef	VLNEXT
+    termLiteralNextChar = CONTROL('V');
+# endif
+# ifndef	VSTART
+    termStartChar = CONTROL('Q');
+# endif
+# ifndef	VSTOP
+    termStopChar = CONTROL('S');
+# endif
+# ifndef	VSTATUS
+    termAytChar = CONTROL('T');
+# endif
+#endif	/* USE_TERMIO */
+}
+
+#ifdef notdef
+void
+TerminalRestoreState()
+{
+}
+#endif
+
+/*
+ * TerminalNewMode - set up terminal to a specific mode.
+ *	MODE_ECHO: do local terminal echo
+ *	MODE_FLOW: do local flow control
+ *	MODE_TRAPSIG: do local mapping to TELNET IAC sequences
+ *	MODE_EDIT: do local line editing
+ *
+ *	Command mode:
+ *		MODE_ECHO|MODE_EDIT|MODE_FLOW|MODE_TRAPSIG
+ *		local echo
+ *		local editing
+ *		local xon/xoff
+ *		local signal mapping
+ *
+ *	Linemode:
+ *		local/no editing
+ *	Both Linemode and Single Character mode:
+ *		local/remote echo
+ *		local/no xon/xoff
+ *		local/no signal mapping
+ */
+
+
+    void
+TerminalNewMode(f)
+    register int f;
+{
+    static int prevmode = 0;
+#ifndef	USE_TERMIO
+    struct tchars tc;
+    struct ltchars ltc;
+    struct sgttyb sb;
+    int lmode;
+#else	/* USE_TERMIO */
+    struct termio tmp_tc;
+#endif	/* USE_TERMIO */
+    int onoff;
+    int old;
+    cc_t esc;
+
+    globalmode = f&~MODE_FORCE;
+    if (prevmode == f)
+	return;
+
+    /*
+     * Write any outstanding data before switching modes
+     * ttyflush() returns 0 only when there is no more data
+     * left to write out, it returns -1 if it couldn't do
+     * anything at all, otherwise it returns 1 + the number
+     * of characters left to write.
+#ifndef	USE_TERMIO
+     * We would really like ask the kernel to wait for the output
+     * to drain, like we can do with the TCSADRAIN, but we don't have
+     * that option.  The only ioctl that waits for the output to
+     * drain, TIOCSETP, also flushes the input queue, which is NOT
+     * what we want (TIOCSETP is like TCSADFLUSH).
+#endif
+     */
+    old = ttyflush(SYNCHing|flushout);
+    if (old < 0 || old > 1) {
+#ifdef	USE_TERMIO
+	tcgetattr(tin, &tmp_tc);
+#endif	/* USE_TERMIO */
+	do {
+	    /*
+	     * Wait for data to drain, then flush again.
+	     */
+#ifdef	USE_TERMIO
+	    tcsetattr(tin, TCSADRAIN, &tmp_tc);
+#endif	/* USE_TERMIO */
+	    old = ttyflush(SYNCHing|flushout);
+	} while (old < 0 || old > 1);
+    }
+
+    old = prevmode;
+    prevmode = f&~MODE_FORCE;
+#ifndef	USE_TERMIO
+    sb = nttyb;
+    tc = ntc;
+    ltc = nltc;
+    lmode = olmode;
+#else
+    tmp_tc = new_tc;
+#endif
+
+    if (f&MODE_ECHO) {
+#ifndef	USE_TERMIO
+	sb.sg_flags |= ECHO;
+#else
+	tmp_tc.c_lflag |= ECHO;
+	tmp_tc.c_oflag |= ONLCR;
+	if (crlf)
+		tmp_tc.c_iflag |= ICRNL;
+#endif
+    } else {
+#ifndef	USE_TERMIO
+	sb.sg_flags &= ~ECHO;
+#else
+	tmp_tc.c_lflag &= ~ECHO;
+	tmp_tc.c_oflag &= ~ONLCR;
+# ifdef notdef
+	if (crlf)
+		tmp_tc.c_iflag &= ~ICRNL;
+# endif
+#endif
+    }
+
+    if ((f&MODE_FLOW) == 0) {
+#ifndef	USE_TERMIO
+	tc.t_startc = _POSIX_VDISABLE;
+	tc.t_stopc = _POSIX_VDISABLE;
+#else
+	tmp_tc.c_iflag &= ~(IXOFF|IXON);	/* Leave the IXANY bit alone */
+    } else {
+	if (restartany < 0) {
+		tmp_tc.c_iflag |= IXOFF|IXON;	/* Leave the IXANY bit alone */
+	} else if (restartany > 0) {
+		tmp_tc.c_iflag |= IXOFF|IXON|IXANY;
+	} else {
+		tmp_tc.c_iflag |= IXOFF|IXON;
+		tmp_tc.c_iflag &= ~IXANY;
+	}
+#endif
+    }
+
+    if ((f&MODE_TRAPSIG) == 0) {
+#ifndef	USE_TERMIO
+	tc.t_intrc = _POSIX_VDISABLE;
+	tc.t_quitc = _POSIX_VDISABLE;
+	tc.t_eofc = _POSIX_VDISABLE;
+	ltc.t_suspc = _POSIX_VDISABLE;
+	ltc.t_dsuspc = _POSIX_VDISABLE;
+#else
+	tmp_tc.c_lflag &= ~ISIG;
+#endif
+	localchars = 0;
+    } else {
+#ifdef	USE_TERMIO
+	tmp_tc.c_lflag |= ISIG;
+#endif
+	localchars = 1;
+    }
+
+    if (f&MODE_EDIT) {
+#ifndef	USE_TERMIO
+	sb.sg_flags &= ~CBREAK;
+	sb.sg_flags |= CRMOD;
+#else
+	tmp_tc.c_lflag |= ICANON;
+#endif
+    } else {
+#ifndef	USE_TERMIO
+	sb.sg_flags |= CBREAK;
+	if (f&MODE_ECHO)
+	    sb.sg_flags |= CRMOD;
+	else
+	    sb.sg_flags &= ~CRMOD;
+#else
+	tmp_tc.c_lflag &= ~ICANON;
+	tmp_tc.c_iflag &= ~ICRNL;
+	tmp_tc.c_cc[VMIN] = 1;
+	tmp_tc.c_cc[VTIME] = 0;
+#endif
+    }
+
+    if ((f&(MODE_EDIT|MODE_TRAPSIG)) == 0) {
+#ifndef	USE_TERMIO
+	ltc.t_lnextc = _POSIX_VDISABLE;
+#else
+# ifdef VLNEXT
+	tmp_tc.c_cc[VLNEXT] = (cc_t)(_POSIX_VDISABLE);
+# endif
+#endif
+    }
+
+    if (f&MODE_SOFT_TAB) {
+#ifndef USE_TERMIO
+	sb.sg_flags |= XTABS;
+#else
+# ifdef	OXTABS
+	tmp_tc.c_oflag |= OXTABS;
+# endif
+# ifdef	TABDLY
+	tmp_tc.c_oflag &= ~TABDLY;
+	tmp_tc.c_oflag |= TAB3;
+# endif
+#endif
+    } else {
+#ifndef USE_TERMIO
+	sb.sg_flags &= ~XTABS;
+#else
+# ifdef	OXTABS
+	tmp_tc.c_oflag &= ~OXTABS;
+# endif
+# ifdef	TABDLY
+	tmp_tc.c_oflag &= ~TABDLY;
+# endif
+#endif
+    }
+
+    if (f&MODE_LIT_ECHO) {
+#ifndef USE_TERMIO
+	lmode &= ~LCTLECH;
+#else
+# ifdef	ECHOCTL
+	tmp_tc.c_lflag &= ~ECHOCTL;
+# endif
+#endif
+    } else {
+#ifndef USE_TERMIO
+	lmode |= LCTLECH;
+#else
+# ifdef	ECHOCTL
+	tmp_tc.c_lflag |= ECHOCTL;
+# endif
+#endif
+    }
+
+    if (f == -1) {
+	onoff = 0;
+    } else {
+#ifndef	USE_TERMIO
+	if (f & MODE_OUTBIN)
+		lmode |= LLITOUT;
+	else
+		lmode &= ~LLITOUT;
+
+	if (f & MODE_INBIN)
+		lmode |= LPASS8;
+	else
+		lmode &= ~LPASS8;
+#else
+	if (f & MODE_INBIN)
+		tmp_tc.c_iflag &= ~ISTRIP;
+	else
+		tmp_tc.c_iflag |= ISTRIP;
+	if (f & MODE_OUTBIN) {
+		tmp_tc.c_cflag &= ~(CSIZE|PARENB);
+		tmp_tc.c_cflag |= CS8;
+		tmp_tc.c_oflag &= ~OPOST;
+	} else {
+		tmp_tc.c_cflag &= ~(CSIZE|PARENB);
+		tmp_tc.c_cflag |= old_tc.c_cflag & (CSIZE|PARENB);
+		tmp_tc.c_oflag |= OPOST;
+	}
+#endif
+	onoff = 1;
+    }
+
+    if (f != -1) {
+#ifdef	SIGTSTP
+	SIG_FUNC_RET susp();
+#endif	/* SIGTSTP */
+#ifdef	SIGINFO
+	SIG_FUNC_RET ayt();
+#endif
+
+#ifdef	SIGTSTP
+	(void) signal(SIGTSTP, susp);
+#endif	/* SIGTSTP */
+#ifdef	SIGINFO
+	(void) signal(SIGINFO, ayt);
+#endif
+#if	defined(USE_TERMIO) && defined(NOKERNINFO)
+	tmp_tc.c_lflag |= NOKERNINFO;
+#endif
+	/*
+	 * We don't want to process ^Y here.  It's just another
+	 * character that we'll pass on to the back end.  It has
+	 * to process it because it will be processed when the
+	 * user attempts to read it, not when we send it.
+	 */
+#ifndef	USE_TERMIO
+	ltc.t_dsuspc = _POSIX_VDISABLE;
+#else
+# ifdef	VDSUSP
+	tmp_tc.c_cc[VDSUSP] = (cc_t)(_POSIX_VDISABLE);
+# endif
+#endif
+#ifdef	USE_TERMIO
+	/*
+	 * If the VEOL character is already set, then use VEOL2,
+	 * otherwise use VEOL.
+	 */
+	esc = (rlogin != _POSIX_VDISABLE) ? rlogin : escape;
+	if ((tmp_tc.c_cc[VEOL] != esc)
+# ifdef	VEOL2
+	    && (tmp_tc.c_cc[VEOL2] != esc)
+# endif
+	    ) {
+		if (tmp_tc.c_cc[VEOL] == (cc_t)(_POSIX_VDISABLE))
+		    tmp_tc.c_cc[VEOL] = esc;
+# ifdef	VEOL2
+		else if (tmp_tc.c_cc[VEOL2] == (cc_t)(_POSIX_VDISABLE))
+		    tmp_tc.c_cc[VEOL2] = esc;
+# endif
+	}
+#else
+	if (tc.t_brkc == (cc_t)(_POSIX_VDISABLE))
+		tc.t_brkc = esc;
+#endif
+    } else {
+#ifdef	SIGINFO
+	SIG_FUNC_RET ayt_status();
+
+	(void) signal(SIGINFO, ayt_status);
+#endif
+#ifdef	SIGTSTP
+	(void) signal(SIGTSTP, SIG_DFL);
+# ifndef SOLARIS
+	(void) sigsetmask(sigblock(0) & ~(1<<(SIGTSTP-1)));
+# else	SOLARIS
+	(void) sigrelse(SIGTSTP);
+# endif	SOLARIS
+#endif	/* SIGTSTP */
+#ifndef USE_TERMIO
+	ltc = oltc;
+	tc = otc;
+	sb = ottyb;
+	lmode = olmode;
+#else
+	tmp_tc = old_tc;
+#endif
+    }
+#ifndef USE_TERMIO
+    ioctl(tin, TIOCLSET, (char *)&lmode);
+    ioctl(tin, TIOCSLTC, (char *)&ltc);
+    ioctl(tin, TIOCSETC, (char *)&tc);
+    ioctl(tin, TIOCSETN, (char *)&sb);
+#else
+    if (tcsetattr(tin, TCSADRAIN, &tmp_tc) < 0)
+	tcsetattr(tin, TCSANOW, &tmp_tc);
+#endif
+
+#if	(!defined(TN3270)) || ((!defined(NOT43)) || defined(PUTCHAR))
+# if	!defined(sysV88)
+    ioctl(tin, FIONBIO, (char *)&onoff);
+    ioctl(tout, FIONBIO, (char *)&onoff);
+# endif
+#endif	/* (!defined(TN3270)) || ((!defined(NOT43)) || defined(PUTCHAR)) */
+#if	defined(TN3270)
+    if (noasynchtty == 0) {
+	ioctl(tin, FIOASYNC, (char *)&onoff);
+    }
+#endif	/* defined(TN3270) */
+
+}
+
+/*
+ * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD).
+ */
+#if B4800 != 4800
+#define	DECODE_BAUD
+#endif
+
+#ifdef	DECODE_BAUD
+#ifndef	B7200
+#define B7200   B4800
+#endif
+
+#ifndef	B14400
+#define B14400  B9600
+#endif
+
+#ifndef	B19200
+# define B19200 B14400
+#endif
+
+#ifndef	B28800
+#define B28800  B19200
+#endif
+
+#ifndef	B38400
+# define B38400 B28800
+#endif
+
+#ifndef B57600
+#define B57600  B38400
+#endif
+
+#ifndef B76800
+#define B76800  B57600
+#endif
+
+#ifndef B115200
+#define B115200 B76800
+#endif
+
+#ifndef B230400
+#define B230400 B115200
+#endif
+
+
+/*
+ * This code assumes that the values B0, B50, B75...
+ * are in ascending order.  They do not have to be
+ * contiguous.
+ */
+struct termspeeds {
+	long speed;
+	long value;
+} termspeeds[] = {
+	{ 0,      B0 },      { 50,    B50 },    { 75,     B75 },
+	{ 110,    B110 },    { 134,   B134 },   { 150,    B150 },
+	{ 200,    B200 },    { 300,   B300 },   { 600,    B600 },
+	{ 1200,   B1200 },   { 1800,  B1800 },  { 2400,   B2400 },
+	{ 4800,   B4800 },   { 7200,  B7200 },  { 9600,   B9600 },
+	{ 14400,  B14400 },  { 19200, B19200 }, { 28800,  B28800 },
+	{ 38400,  B38400 },  { 57600, B57600 }, { 115200, B115200 },
+	{ 230400, B230400 }, { -1,    B230400 }
+};
+#endif	/* DECODE_BAUD */
+
+    void
+TerminalSpeeds(ispeed, ospeed)
+    long *ispeed;
+    long *ospeed;
+{
+#ifdef	DECODE_BAUD
+    register struct termspeeds *tp;
+#endif	/* DECODE_BAUD */
+    register long in, out;
+
+    out = cfgetospeed(&old_tc);
+    in = cfgetispeed(&old_tc);
+    if (in == 0)
+	in = out;
+
+#ifdef	DECODE_BAUD
+    tp = termspeeds;
+    while ((tp->speed != -1) && (tp->value < in))
+	tp++;
+    *ispeed = tp->speed;
+
+    tp = termspeeds;
+    while ((tp->speed != -1) && (tp->value < out))
+	tp++;
+    *ospeed = tp->speed;
+#else	/* DECODE_BAUD */
+	*ispeed = in;
+	*ospeed = out;
+#endif	/* DECODE_BAUD */
+}
+
+    int
+TerminalWindowSize(rows, cols)
+    long *rows, *cols;
+{
+#ifdef	TIOCGWINSZ
+    struct winsize ws;
+
+    if (ioctl(fileno(stdin), TIOCGWINSZ, (char *)&ws) >= 0) {
+	*rows = ws.ws_row;
+	*cols = ws.ws_col;
+	return 1;
+    }
+#endif	/* TIOCGWINSZ */
+    return 0;
+}
+
+    int
+NetClose(fd)
+    int	fd;
+{
+    return close(fd);
+}
+
+
+    void
+NetNonblockingIO(fd, onoff)
+    int fd;
+    int onoff;
+{
+    ioctl(fd, FIONBIO, (char *)&onoff);
+}
+
+#if	defined(TN3270)
+    void
+NetSigIO(fd, onoff)
+    int fd;
+    int onoff;
+{
+    ioctl(fd, FIOASYNC, (char *)&onoff);	/* hear about input */
+}
+
+    void
+NetSetPgrp(fd)
+    int fd;
+{
+    int myPid;
+
+    myPid = getpid();
+    fcntl(fd, F_SETOWN, myPid);
+}
+#endif	/*defined(TN3270)*/
+
+/*
+ * Various signal handling routines.
+ */
+
+    /* ARGSUSED */
+    SIG_FUNC_RET
+deadpeer(sig)
+    int sig;
+{
+	setcommandmode();
+	longjmp(peerdied, -1);
+}
+
+    /* ARGSUSED */
+    SIG_FUNC_RET
+intr(sig)
+    int sig;
+{
+    if (localchars) {
+	intp();
+	return;
+    }
+    setcommandmode();
+    longjmp(toplevel, -1);
+}
+
+    /* ARGSUSED */
+    SIG_FUNC_RET
+intr2(sig)
+    int sig;
+{
+    if (localchars) {
+#ifdef	KLUDGELINEMODE
+	if (kludgelinemode)
+	    sendbrk();
+	else
+#endif
+	    sendabort();
+	return;
+    }
+}
+
+#ifdef	SIGTSTP
+    /* ARGSUSED */
+    SIG_FUNC_RET
+susp(sig)
+    int sig;
+{
+    if ((rlogin != _POSIX_VDISABLE) && rlogin_susp())
+	return;
+    if (localchars)
+	sendsusp();
+}
+#endif
+
+#ifdef	SIGWINCH
+    /* ARGSUSED */
+    SIG_FUNC_RET
+sendwin(sig)
+    int sig;
+{
+    if (connected) {
+	sendnaws();
+    }
+}
+#endif
+
+#ifdef	SIGINFO
+    /* ARGSUSED */
+    SIG_FUNC_RET
+ayt(sig)
+    int sig;
+{
+    if (connected)
+	sendayt();
+    else
+	ayt_status();
+}
+#endif
+
+
+    void
+sys_telnet_init()
+{
+    (void) signal(SIGINT, intr);
+    (void) signal(SIGQUIT, intr2);
+    (void) signal(SIGPIPE, deadpeer);
+#ifdef	SIGWINCH
+    (void) signal(SIGWINCH, sendwin);
+#endif
+#ifdef	SIGTSTP
+    (void) signal(SIGTSTP, susp);
+#endif
+#ifdef	SIGINFO
+    (void) signal(SIGINFO, ayt);
+#endif
+
+    setconnmode(0);
+
+    NetNonblockingIO(net, 1);
+
+#if	defined(TN3270)
+    if (noasynchnet == 0) {			/* DBX can't handle! */
+	NetSigIO(net, 1);
+	NetSetPgrp(net);
+    }
+#endif	/* defined(TN3270) */
+
+#if	defined(SO_OOBINLINE)
+    if (SetSockOpt(net, SOL_SOCKET, SO_OOBINLINE, 1) == -1) {
+	perror("SetSockOpt");
+    }
+#endif	/* defined(SO_OOBINLINE) */
+}
+
+/*
+ * Process rings -
+ *
+ *	This routine tries to fill up/empty our various rings.
+ *
+ *	The parameter specifies whether this is a poll operation,
+ *	or a block-until-something-happens operation.
+ *
+ *	The return value is 1 if something happened, 0 if not.
+ */
+
+    int
+process_rings(netin, netout, netex, ttyin, ttyout, poll)
+    int poll;		/* If 0, then block until something to do */
+{
+    register int c;
+		/* One wants to be a bit careful about setting returnValue
+		 * to one, since a one implies we did some useful work,
+		 * and therefore probably won't be called to block next
+		 * time (TN3270 mode only).
+		 */
+    int returnValue = 0;
+    static struct timeval TimeValue = { 0 };
+
+    if (netout) {
+	FD_SET(net, &obits);
+    }
+    if (ttyout) {
+	FD_SET(tout, &obits);
+    }
+#if	defined(TN3270)
+    if (ttyin) {
+	FD_SET(tin, &ibits);
+    }
+#else	/* defined(TN3270) */
+    if (ttyin) {
+	FD_SET(tin, &ibits);
+    }
+#endif	/* defined(TN3270) */
+#if	defined(TN3270)
+    if (netin) {
+	FD_SET(net, &ibits);
+    }
+#   else /* !defined(TN3270) */
+    if (netin) {
+	FD_SET(net, &ibits);
+    }
+#   endif /* !defined(TN3270) */
+    if (netex) {
+	FD_SET(net, &xbits);
+    }
+    if ((c = select(16, &ibits, &obits, &xbits,
+			(poll == 0)? (struct timeval *)0 : &TimeValue)) < 0) {
+	if (c == -1) {
+		    /*
+		     * we can get EINTR if we are in line mode,
+		     * and the user does an escape (TSTP), or
+		     * some other signal generator.
+		     */
+	    if (errno == EINTR) {
+		return 0;
+	    }
+#	    if defined(TN3270)
+		    /*
+		     * we can get EBADF if we were in transparent
+		     * mode, and the transcom process died.
+		    */
+	    if (errno == EBADF) {
+			/*
+			 * zero the bits (even though kernel does it)
+			 * to make sure we are selecting on the right
+			 * ones.
+			*/
+		FD_ZERO(&ibits);
+		FD_ZERO(&obits);
+		FD_ZERO(&xbits);
+		return 0;
+	    }
+#	    endif /* defined(TN3270) */
+		    /* I don't like this, does it ever happen? */
+	    printf("sleep(5) from telnet, after select: %s\r\n", strerror(errno));
+	    sleep(5);
+	}
+	return 0;
+    }
+
+    /*
+     * Any urgent data?
+     */
+    if (FD_ISSET(net, &xbits)) {
+	FD_CLR(net, &xbits);
+	SYNCHing = 1;
+	(void) ttyflush(1);	/* flush already enqueued data */
+    }
+
+    /*
+     * Something to read from the network...
+     */
+    if (FD_ISSET(net, &ibits)) {
+	int canread;
+
+	FD_CLR(net, &ibits);
+	canread = ring_empty_consecutive(&netiring);
+#if	!defined(SO_OOBINLINE)
+	    /*
+	     * In 4.2 (and some early 4.3) systems, the
+	     * OOB indication and data handling in the kernel
+	     * is such that if two separate TCP Urgent requests
+	     * come in, one byte of TCP data will be overlaid.
+	     * This is fatal for Telnet, but we try to live
+	     * with it.
+	     *
+	     * In addition, in 4.2 (and...), a special protocol
+	     * is needed to pick up the TCP Urgent data in
+	     * the correct sequence.
+	     *
+	     * What we do is:  if we think we are in urgent
+	     * mode, we look to see if we are "at the mark".
+	     * If we are, we do an OOB receive.  If we run
+	     * this twice, we will do the OOB receive twice,
+	     * but the second will fail, since the second
+	     * time we were "at the mark", but there wasn't
+	     * any data there (the kernel doesn't reset
+	     * "at the mark" until we do a normal read).
+	     * Once we've read the OOB data, we go ahead
+	     * and do normal reads.
+	     *
+	     * There is also another problem, which is that
+	     * since the OOB byte we read doesn't put us
+	     * out of OOB state, and since that byte is most
+	     * likely the TELNET DM (data mark), we would
+	     * stay in the TELNET SYNCH (SYNCHing) state.
+	     * So, clocks to the rescue.  If we've "just"
+	     * received a DM, then we test for the
+	     * presence of OOB data when the receive OOB
+	     * fails (and AFTER we did the normal mode read
+	     * to clear "at the mark").
+	     */
+	if (SYNCHing) {
+	    int atmark;
+	    static int bogus_oob = 0, first = 1;
+
+	    ioctl(net, SIOCATMARK, (char *)&atmark);
+	    if (atmark) {
+		c = recv(net, netiring.supply, canread, MSG_OOB);
+		if ((c == -1) && (errno == EINVAL)) {
+		    c = recv(net, netiring.supply, canread, 0);
+		    if (clocks.didnetreceive < clocks.gotDM) {
+			SYNCHing = stilloob(net);
+		    }
+		} else if (first && c > 0) {
+		    /*
+		     * Bogosity check.  Systems based on 4.2BSD
+		     * do not return an error if you do a second
+		     * recv(MSG_OOB).  So, we do one.  If it
+		     * succeeds and returns exactly the same
+		     * data, then assume that we are running
+		     * on a broken system and set the bogus_oob
+		     * flag.  (If the data was different, then
+		     * we probably got some valid new data, so
+		     * increment the count...)
+		     */
+		    int i;
+		    i = recv(net, netiring.supply + c, canread - c, MSG_OOB);
+		    if (i == c &&
+			 memcmp(netiring.supply, netiring.supply + c, i) == 0) {
+			bogus_oob = 1;
+			first = 0;
+		    } else if (i < 0) {
+			bogus_oob = 0;
+			first = 0;
+		    } else
+			c += i;
+		}
+		if (bogus_oob && c > 0) {
+		    int i;
+		    /*
+		     * Bogosity.  We have to do the read
+		     * to clear the atmark to get out of
+		     * an infinate loop.
+		     */
+		    i = read(net, netiring.supply + c, canread - c);
+		    if (i > 0)
+			c += i;
+		}
+	    } else {
+		c = recv(net, netiring.supply, canread, 0);
+	    }
+	} else {
+	    c = recv(net, netiring.supply, canread, 0);
+	}
+	settimer(didnetreceive);
+#else	/* !defined(SO_OOBINLINE) */
+	c = recv(net, (char *)netiring.supply, canread, 0);
+#endif	/* !defined(SO_OOBINLINE) */
+	if (c < 0 && errno == EWOULDBLOCK) {
+	    c = 0;
+	} else if (c <= 0) {
+	    return -1;
+	}
+	if (netdata) {
+	    Dump('<', netiring.supply, c);
+	}
+	if (c)
+	    ring_supplied(&netiring, c);
+	returnValue = 1;
+    }
+
+    /*
+     * Something to read from the tty...
+     */
+    if (FD_ISSET(tin, &ibits)) {
+	FD_CLR(tin, &ibits);
+	c = TerminalRead(ttyiring.supply, ring_empty_consecutive(&ttyiring));
+	if (c < 0 && errno == EIO)
+	    c = 0;
+	if (c < 0 && errno == EWOULDBLOCK) {
+	    c = 0;
+	} else {
+	    /* EOF detection for line mode!!!! */
+	    if ((c == 0) && MODE_LOCAL_CHARS(globalmode) && isatty(tin)) {
+			/* must be an EOF... */
+		*ttyiring.supply = termEofChar;
+		c = 1;
+	    }
+	    if (c <= 0) {
+		return -1;
+	    }
+	    if (termdata) {
+		Dump('<', ttyiring.supply, c);
+	    }
+	    ring_supplied(&ttyiring, c);
+	}
+	returnValue = 1;		/* did something useful */
+    }
+
+    if (FD_ISSET(net, &obits)) {
+	FD_CLR(net, &obits);
+	returnValue |= netflush();
+    }
+    if (FD_ISSET(tout, &obits)) {
+	FD_CLR(tout, &obits);
+	returnValue |= (ttyflush(SYNCHing|flushout) > 0);
+    }
+
+    return returnValue;
+}
diff --git a/crypto/telnet/telnet/telnet.1 b/crypto/telnet/telnet/telnet.1
new file mode 100644
index 0000000..9841462
--- /dev/null
+++ b/crypto/telnet/telnet/telnet.1
@@ -0,0 +1,1380 @@
+.\" Copyright (c) 1983, 1990, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)telnet.1	8.6 (Berkeley) 6/1/94
+.\"
+.Dd June 1, 1994
+.Dt TELNET 1
+.Os BSD 4.2
+.Sh NAME
+.Nm telnet
+.Nd user interface to the 
+.Tn TELNET
+protocol
+.Sh SYNOPSIS
+.Nm telnet
+.Op Fl 8EFKLNacdfrx
+.Op Fl S Ar tos
+.Op Fl X Ar authtype
+.Op Fl e Ar escapechar
+.Op Fl k Ar realm
+.Op Fl l Ar user
+.Op Fl n Ar tracefile
+.Op Fl s Ar src_addr
+.Oo
+.Ar host
+.Op port
+.Oc
+.Sh DESCRIPTION
+The
+.Nm telnet
+command
+is used to communicate with another host using the 
+.Tn TELNET
+protocol.
+If
+.Nm telnet
+is invoked without the
+.Ar host
+argument, it enters command mode,
+indicated by its prompt
+.Pq Nm telnet\&> .
+In this mode, it accepts and executes the commands listed below.
+If it is invoked with arguments, it performs an
+.Ic open
+command with those arguments.
+.Pp
+Options:
+.Bl -tag -width indent
+.It Fl 8
+Specifies an 8-bit data path.  This causes an attempt to
+negotiate the
+.Dv TELNET BINARY
+option on both input and output.
+.It Fl E
+Stops any character from being recognized as an escape character.
+.It Fl F
+If Kerberos V5 authentication is being used, the
+.Fl F
+option allows the local credentials to be forwarded
+to the remote system, including any credentials that
+have already been forwarded into the local environment.
+.It Fl K
+Specifies no automatic login to the remote system.
+.It Fl L
+Specifies an 8-bit data path on output.  This causes the
+BINARY option to be negotiated on output.
+.It Fl N
+Prevents IP address to name lookup when destination host is given
+as an IP address.
+.It Fl S Ar tos
+Sets the IP type-of-service (TOS) option for the telnet
+connection to the value
+.Ar tos,
+which can be a numeric TOS value
+or, on systems that support it, a symbolic
+TOS name found in the /etc/iptos file.
+.It Fl X Ar atype 
+Disables the
+.Ar atype
+type of authentication.
+.It Fl a
+Attempt automatic login.
+Currently, this sends the user name via the
+.Ev USER
+variable
+of the
+.Ev ENVIRON
+option if supported by the remote system.
+The name used is that of the current user as returned by
+.Xr getlogin 2
+if it agrees with the current user ID,
+otherwise it is the name associated with the user ID.
+.It Fl c
+Disables the reading of the user's
+.Pa \&.telnetrc
+file.  (See the
+.Ic toggle skiprc
+command on this man page.)
+.It Fl d
+Sets the initial value of the
+.Ic debug
+toggle to
+.Dv TRUE
+.It Fl e Ar escape char 
+Sets the initial
+.Nm
+.Nm telnet
+escape character to
+.Ar escape char.
+If
+.Ar escape char
+is omitted, then
+there will be no escape character.
+.It Fl f
+If Kerberos V5 authentication is being used, the
+.Fl f
+option allows the local credentials to be forwarded to the remote system.
+.ne 1i
+.It Fl k Ar realm
+If Kerberos authentication is being used, the
+.Fl k
+option requests that telnet obtain tickets for the remote host in
+realm realm instead of the remote host's realm, as determined
+by
+.Xr krb_realmofhost 3 .
+.It Fl l Ar user 
+When connecting to the remote system, if the remote system
+understands the
+.Ev ENVIRON
+option, then
+.Ar user
+will be sent to the remote system as the value for the variable USER.
+This option implies the
+.Fl a
+option.
+This option may also be used with the
+.Ic open
+command.
+.It Fl n Ar tracefile 
+Opens
+.Ar tracefile
+for recording trace information.
+See the
+.Ic set tracefile
+command below.
+.It Fl r
+Specifies a user interface similar to
+.Xr rlogin 1 .
+In this
+mode, the escape character is set to the tilde (~) character,
+unless modified by the -e option.
+.It Fl s Ar src_addr
+Set the source IP address for the
+.Nm
+connection to
+.Ar src_addr ,
+which can be an IP address or a host name.
+.It Fl x
+Turns on encryption of the data stream if possible.  This
+option is not available outside of the United States and
+Canada.
+.It Ar host
+Indicates the official name, an alias, or the Internet address
+of a remote host.
+.It Ar port
+Indicates a port number (address of an application).  If a number is
+not specified, the default
+.Nm telnet
+port is used.
+.El
+.Pp
+When in rlogin mode, a line of the form ~.  disconnects from the
+remote host; ~ is the telnet escape character.
+Similarly, the line ~^Z suspends the telnet session.
+The line ~^] escapes to the normal telnet escape prompt.
+.Pp
+Once a connection has been opened,
+.Nm telnet
+will attempt to enable the
+.Dv TELNET LINEMODE
+option.
+If this fails, then
+.Nm telnet
+will revert to one of two input modes:
+either \*(Lqcharacter at a time\*(Rq
+or \*(Lqold line by line\*(Rq
+depending on what the remote system supports.
+.Pp
+When 
+.Dv LINEMODE
+is enabled, character processing is done on the
+local system, under the control of the remote system.  When input
+editing or character echoing is to be disabled, the remote system
+will relay that information.  The remote system will also relay
+changes to any special characters that happen on the remote
+system, so that they can take effect on the local system.
+.Pp
+In \*(Lqcharacter at a time\*(Rq mode, most
+text typed is immediately sent to the remote host for processing.
+.Pp
+In \*(Lqold line by line\*(Rq mode, all text is echoed locally,
+and (normally) only completed lines are sent to the remote host.
+The \*(Lqlocal echo character\*(Rq (initially \*(Lq^E\*(Rq) may be used
+to turn off and on the local echo
+(this would mostly be used to enter passwords
+without the password being echoed).
+.Pp
+If the 
+.Dv LINEMODE
+option is enabled, or if the
+.Ic localchars
+toggle is
+.Dv TRUE
+(the default for \*(Lqold line by line\*(Lq; see below),
+the user's
+.Ic quit  ,
+.Ic intr ,
+and
+.Ic flush
+characters are trapped locally, and sent as
+.Tn TELNET
+protocol sequences to the remote side.
+If 
+.Dv LINEMODE
+has ever been enabled, then the user's
+.Ic susp
+and
+.Ic eof
+are also sent as
+.Tn TELNET
+protocol sequences,
+and
+.Ic quit
+is sent as a 
+.Dv TELNET ABORT
+instead of 
+.Dv BREAK
+There are options (see
+.Ic toggle
+.Ic autoflush
+and
+.Ic toggle
+.Ic autosynch
+below)
+which cause this action to flush subsequent output to the terminal
+(until the remote host acknowledges the
+.Tn TELNET
+sequence) and flush previous terminal input
+(in the case of
+.Ic quit
+and
+.Ic intr  ) .
+.Pp
+While connected to a remote host,
+.Nm telnet
+command mode may be entered by typing the
+.Nm telnet
+\*(Lqescape character\*(Rq (initially \*(Lq^]\*(Rq).
+When in command mode, the normal terminal editing conventions are available.
+.Pp
+The following
+.Nm telnet
+commands are available.
+Only enough of each command to uniquely identify it need be typed
+(this is also true for arguments to the
+.Ic mode  ,
+.Ic set ,
+.Ic toggle  ,
+.Ic unset ,
+.Ic slc  ,
+.Ic environ ,
+and
+.Ic display
+commands).
+.Pp
+.Bl -tag -width "mode type"
+.It Ic auth Ar argument ... 
+The auth command manipulates the information sent through the
+.Dv TELNET AUTHENTICATE
+option.  Valid arguments for the
+auth command are as follows:
+.Bl -tag -width "disable type"
+.It Ic disable Ar type
+Disables the specified type of authentication.  To
+obtain a list of available types, use the
+.Ic auth disable \&?
+command.
+.It Ic enable Ar type
+Enables the specified type of authentication.  To
+obtain a list of available types, use the
+.Ic auth enable \&?
+command.
+.It Ic status
+Lists the current status of the various types of
+authentication.
+.El
+.It Ic close
+Close a
+.Tn TELNET
+session and return to command mode.
+.It Ic display Ar argument ... 
+Displays all, or some, of the
+.Ic set
+and
+.Ic toggle
+values (see below).
+.It Ic encrypt Ar argument ...
+The encrypt command manipulates the information sent through the
+.Dv TELNET ENCRYPT
+option.
+.Pp
+Note:  Because of export controls, the
+.Dv TELNET ENCRYPT
+option is not supported outside of the United States and Canada.
+.Pp
+Valid arguments for the encrypt command are as follows:
+.Bl -tag -width Ar
+.It Ic disable Ar type Ic [input|output]
+Disables the specified type of encryption.  If you
+omit the input and output, both input and output
+are disabled.  To obtain a list of available
+types, use the
+.Ic encrypt disable \&?
+command.
+.It Ic enable Ar type Ic [input|output]
+Enables the specified type of encryption.  If you
+omit input and output, both input and output are
+enabled.  To obtain a list of available types, use the
+.Ic encrypt enable \&?
+command.
+.It Ic input
+This is the same as the
+.Ic encrypt start input
+command.
+.It Ic -input
+This is the same as the
+.Ic encrypt stop input
+command.
+.It Ic output
+This is the same as the
+.Ic encrypt start output
+command.
+.It Ic -output
+This is the same as the
+.Ic encrypt stop output
+command.
+.It Ic start Ic [input|output]
+Attempts to start encryption.  If you omit
+.Ic input
+and
+.Ic output,
+both input and output are enabled.  To
+obtain a list of available types, use the
+.Ic encrypt enable \&?
+command.
+.It Ic status
+Lists the current status of encryption.
+.It Ic stop Ic [input|output]
+Stops encryption.  If you omit input and output,
+encryption is on both input and output.
+.It Ic type Ar type
+Sets the default type of encryption to be used
+with later
+.Ic encrypt start
+or
+.Ic encrypt stop
+commands.
+.El
+.It Ic environ Ar arguments... 
+The
+.Ic environ
+command is used to manipulate the
+the variables that my be sent through the
+.Dv TELNET ENVIRON
+option.
+The initial set of variables is taken from the users
+environment, with only the
+.Ev DISPLAY
+and
+.Ev PRINTER
+variables being exported by default.
+The
+.Ev USER
+variable is also exported if the
+.Fl a
+or
+.Fl l
+options are used.
+.br
+Valid arguments for the
+.Ic environ
+command are:
+.Bl -tag -width Fl
+.It Ic define Ar variable value 
+Define the variable
+.Ar variable
+to have a value of
+.Ar value.
+Any variables defined by this command are automatically exported.
+The
+.Ar value
+may be enclosed in single or double quotes so
+that tabs and spaces may be included.
+.It Ic undefine Ar variable 
+Remove
+.Ar variable
+from the list of environment variables.
+.It Ic export Ar variable 
+Mark the variable
+.Ar variable
+to be exported to the remote side.
+.It Ic unexport Ar variable 
+Mark the variable
+.Ar variable
+to not be exported unless
+explicitly asked for by the remote side.
+.It Ic list
+List the current set of environment variables.
+Those marked with a
+.Cm *
+will be sent automatically,
+other variables will only be sent if explicitly requested.
+.It Ic \&?
+Prints out help information for the
+.Ic environ
+command.
+.El
+.It Ic logout
+Sends the
+.Dv TELNET LOGOUT
+option to the remote side.
+This command is similar to a
+.Ic close
+command; however, if the remote side does not support the
+.Dv LOGOUT
+option, nothing happens.
+If, however, the remote side does support the
+.Dv LOGOUT
+option, this command should cause the remote side to close the
+.Tn TELNET
+connection.
+If the remote side also supports the concept of
+suspending a user's session for later reattachment,
+the logout argument indicates that you
+should terminate the session immediately.
+.It Ic mode Ar type 
+.Ar Type
+is one of several options, depending on the state of the
+.Tn TELNET
+session.
+The remote host is asked for permission to go into the requested mode.
+If the remote host is capable of entering that mode, the requested
+mode will be entered.
+.Bl -tag -width Ar
+.It Ic character
+Disable the
+.Dv TELNET LINEMODE
+option, or, if the remote side does not understand the
+.Dv LINEMODE
+option, then enter \*(Lqcharacter at a time\*(Lq mode.
+.It Ic line
+Enable the
+.Dv TELNET LINEMODE
+option, or, if the remote side does not understand the
+.Dv LINEMODE
+option, then attempt to enter \*(Lqold-line-by-line\*(Lq mode.
+.It Ic isig Pq Ic \-isig 
+Attempt to enable (disable) the 
+.Dv TRAPSIG
+mode of the 
+.Dv LINEMODE
+option.
+This requires that the 
+.Dv LINEMODE
+option be enabled.
+.It Ic edit Pq Ic \-edit 
+Attempt to enable (disable) the 
+.Dv EDIT
+mode of the 
+.Dv LINEMODE
+option.
+This requires that the 
+.Dv LINEMODE
+option be enabled.
+.It Ic softtabs Pq Ic \-softtabs 
+Attempt to enable (disable) the 
+.Dv SOFT_TAB
+mode of the 
+.Dv LINEMODE
+option.
+This requires that the 
+.Dv LINEMODE
+option be enabled.
+.ne 1i
+.It Ic litecho Pq Ic \-litecho 
+Attempt to enable (disable) the 
+.Dv LIT_ECHO
+mode of the 
+.Dv LINEMODE
+option.
+This requires that the 
+.Dv LINEMODE
+option be enabled.
+.It Ic \&?
+Prints out help information for the
+.Ic mode
+command.
+.El
+.It Xo
+.Ic open Ar host
+.Oo Op Fl l
+.Ar user
+.Oc Ns Oo Fl
+.Ar port Oc
+.Xc
+Open a connection to the named host.
+If no port number
+is specified,
+.Nm telnet
+will attempt to contact a
+.Tn TELNET
+server at the default port.
+The host specification may be either a host name (see
+.Xr hosts  5  )
+or an Internet address specified in the \*(Lqdot notation\*(Rq (see
+.Xr inet 3 ) .
+The
+.Op Fl l
+option may be used to specify the user name
+to be passed to the remote system via the
+.Ev ENVIRON
+option.
+When connecting to a non-standard port,
+.Nm telnet
+omits any automatic initiation of
+.Tn TELNET
+options.  When the port number is preceded by a minus sign,
+the initial option negotiation is done.
+After establishing a connection, the file
+.Pa \&.telnetrc
+in the
+users home directory is opened.  Lines beginning with a # are
+comment lines.  Blank lines are ignored.  Lines that begin
+without white space are the start of a machine entry.  The
+first thing on the line is the name of the machine that is
+being connected to.  The rest of the line, and successive
+lines that begin with white space are assumed to be
+.Nm telnet
+commands and are processed as if they had been typed
+in manually to the
+.Nm telnet
+command prompt.
+.It Ic quit
+Close any open
+.Tn TELNET
+session and exit
+.Nm telnet  .
+An end of file (in command mode) will also close a session and exit.
+.It Ic send Ar arguments 
+Sends one or more special character sequences to the remote host.
+The following are the arguments which may be specified
+(more than one argument may be specified at a time):
+.Pp
+.Bl -tag -width escape
+.It Ic abort
+Sends the
+.Dv TELNET ABORT
+(Abort
+processes)
+sequence.
+.It Ic ao
+Sends the
+.Dv TELNET AO
+(Abort Output) sequence, which should cause the remote system to flush
+all output
+.Em from
+the remote system
+.Em to
+the user's terminal.
+.It Ic ayt
+Sends the
+.Dv TELNET AYT
+(Are You There)
+sequence, to which the remote system may or may not choose to respond.
+.It Ic brk
+Sends the
+.Dv TELNET BRK
+(Break) sequence, which may have significance to the remote
+system.
+.It Ic ec
+Sends the
+.Dv TELNET EC
+(Erase Character)
+sequence, which should cause the remote system to erase the last character
+entered.
+.It Ic el
+Sends the
+.Dv TELNET EL
+(Erase Line)
+sequence, which should cause the remote system to erase the line currently
+being entered.
+.It Ic eof
+Sends the
+.Dv TELNET EOF
+(End Of File)
+sequence.
+.It Ic eor
+Sends the
+.Dv TELNET EOR
+(End of Record)
+sequence.
+.It Ic escape
+Sends the current
+.Nm telnet
+escape character (initially \*(Lq^\*(Rq).
+.It Ic ga
+Sends the
+.Dv TELNET GA
+(Go Ahead)
+sequence, which likely has no significance to the remote system.
+.It Ic getstatus
+If the remote side supports the
+.Dv TELNET STATUS
+command,
+.Ic getstatus
+will send the subnegotiation to request that the server send
+its current option status.
+.ne 1i
+.It Ic ip
+Sends the
+.Dv TELNET IP
+(Interrupt Process) sequence, which should cause the remote
+system to abort the currently running process.
+.It Ic nop
+Sends the
+.Dv TELNET NOP
+(No OPeration)
+sequence.
+.It Ic susp
+Sends the
+.Dv TELNET SUSP
+(SUSPend process)
+sequence.
+.It Ic synch
+Sends the
+.Dv TELNET SYNCH
+sequence.
+This sequence causes the remote system to discard all previously typed
+(but not yet read) input.
+This sequence is sent as
+.Tn TCP
+urgent
+data (and may not work if the remote system is a
+.Bx 4.2
+system -- if
+it doesn't work, a lower case \*(Lqr\*(Rq may be echoed on the terminal).
+.It Ic do Ar cmd
+.It Ic dont Ar cmd
+.It Ic will Ar cmd
+.It Ic wont Ar cmd
+Sends the
+.Dv TELNET DO
+.Ar cmd
+sequence.
+.Ar Cmd
+can be either a decimal number between 0 and 255,
+or a symbolic name for a specific
+.Dv TELNET
+command.
+.Ar Cmd
+can also be either
+.Ic help
+or
+.Ic \&?
+to print out help information, including
+a list of known symbolic names.
+.It Ic \&?
+Prints out help information for the
+.Ic send
+command.
+.El
+.It Ic set Ar argument value 
+.It Ic unset Ar argument value 
+The
+.Ic set
+command will set any one of a number of
+.Nm telnet
+variables to a specific value or to
+.Dv TRUE .
+The special value
+.Ic off
+turns off the function associated with
+the variable, this is equivalent to using the
+.Ic unset
+command.
+The
+.Ic unset
+command will disable or set to
+.Dv FALSE
+any of the specified functions.
+The values of variables may be interrogated with the
+.Ic display
+command.
+The variables which may be set or unset, but not toggled, are
+listed here.  In addition, any of the variables for the
+.Ic toggle
+command may be explicitly set or unset using
+the
+.Ic set
+and
+.Ic unset
+commands.
+.Bl -tag -width escape
+.It Ic ayt
+If
+.Tn TELNET
+is in localchars mode, or
+.Dv LINEMODE
+is enabled, and the status character is typed, a
+.Dv TELNET AYT
+sequence (see
+.Ic send ayt
+preceding) is sent to the
+remote host.  The initial value for the "Are You There"
+character is the terminal's status character.
+.It Ic echo
+This is the value (initially \*(Lq^E\*(Rq) which, when in
+\*(Lqline by line\*(Rq mode, toggles between doing local echoing
+of entered characters (for normal processing), and suppressing
+echoing of entered characters (for entering, say, a password).
+.It Ic eof
+If
+.Nm telnet
+is operating in
+.Dv LINEMODE
+or \*(Lqold line by line\*(Rq mode, entering this character
+as the first character on a line will cause this character to be
+sent to the remote system.
+The initial value of the eof character is taken to be the terminal's
+.Ic eof
+character.
+.It Ic erase
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below),
+.Sy and
+if
+.Nm telnet
+is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
+character is typed, a
+.Dv TELNET EC
+sequence (see
+.Ic send
+.Ic ec
+above)
+is sent to the remote system.
+The initial value for the erase character is taken to be
+the terminal's
+.Ic erase
+character.
+.It Ic escape
+This is the
+.Nm telnet
+escape character (initially \*(Lq^[\*(Rq) which causes entry
+into
+.Nm telnet
+command mode (when connected to a remote system).
+.It Ic flushoutput
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below)
+and the
+.Ic flushoutput
+character is typed, a
+.Dv TELNET AO
+sequence (see
+.Ic send
+.Ic ao
+above)
+is sent to the remote host.
+The initial value for the flush character is taken to be
+the terminal's
+.Ic flush
+character.
+.It Ic forw1
+.It Ic forw2
+If
+.Tn TELNET
+is operating in
+.Dv LINEMODE ,
+these are the
+characters that, when typed, cause partial lines to be
+forwarded to the remote system.  The initial value for
+the forwarding characters are taken from the terminal's
+eol and eol2 characters.
+.It Ic interrupt
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below)
+and the
+.Ic interrupt
+character is typed, a
+.Dv TELNET IP
+sequence (see
+.Ic send
+.Ic ip
+above)
+is sent to the remote host.
+The initial value for the interrupt character is taken to be
+the terminal's
+.Ic intr
+character.
+.It Ic kill
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below),
+.Ic and
+if
+.Nm telnet
+is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
+character is typed, a
+.Dv TELNET EL
+sequence (see
+.Ic send
+.Ic el
+above)
+is sent to the remote system.
+The initial value for the kill character is taken to be
+the terminal's
+.Ic kill
+character.
+.It Ic lnext
+If
+.Nm telnet
+is operating in
+.Dv LINEMODE
+or \*(Lqold line by line\*(Lq mode, then this character is taken to
+be the terminal's
+.Ic lnext
+character.
+The initial value for the lnext character is taken to be
+the terminal's
+.Ic lnext
+character.
+.It Ic quit
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below)
+and the
+.Ic quit
+character is typed, a
+.Dv TELNET BRK
+sequence (see
+.Ic send
+.Ic brk
+above)
+is sent to the remote host.
+The initial value for the quit character is taken to be
+the terminal's
+.Ic quit
+character.
+.It Ic reprint
+If
+.Nm telnet
+is operating in
+.Dv LINEMODE
+or \*(Lqold line by line\*(Lq mode, then this character is taken to
+be the terminal's
+.Ic reprint
+character.
+The initial value for the reprint character is taken to be
+the terminal's
+.Ic reprint
+character.
+.It Ic rlogin
+This is the rlogin escape character.
+If set, the normal
+.Tn TELNET
+escape character is ignored unless it is
+preceded by this character at the beginning of a line.
+This character, at the beginning of a line followed by
+a "."  closes the connection; when followed by a ^Z it
+suspends the telnet command.  The initial state is to
+disable the rlogin escape character.
+.It Ic start
+If the
+.Dv TELNET TOGGLE-FLOW-CONTROL
+option has been enabled,
+then this character is taken to
+be the terminal's
+.Ic start
+character.
+The initial value for the kill character is taken to be
+the terminal's
+.Ic start
+character.
+.It Ic stop
+If the
+.Dv TELNET TOGGLE-FLOW-CONTROL
+option has been enabled,
+then this character is taken to
+be the terminal's
+.Ic stop
+character.
+The initial value for the kill character is taken to be
+the terminal's
+.Ic stop
+character.
+.It Ic susp
+If
+.Nm telnet
+is in
+.Ic localchars
+mode, or
+.Dv LINEMODE
+is enabled, and the
+.Ic suspend
+character is typed, a
+.Dv TELNET SUSP
+sequence (see
+.Ic send
+.Ic susp
+above)
+is sent to the remote host.
+The initial value for the suspend character is taken to be
+the terminal's
+.Ic suspend
+character.
+.ne 1i
+.It Ic tracefile
+This is the file to which the output, caused by
+.Ic netdata
+or
+.Ic option
+tracing being
+.Dv TRUE ,
+will be written.  If it is set to
+.Dq Fl ,
+then tracing information will be written to standard output (the default).
+.It Ic worderase
+If
+.Nm telnet
+is operating in
+.Dv LINEMODE
+or \*(Lqold line by line\*(Lq mode, then this character is taken to
+be the terminal's
+.Ic worderase
+character.
+The initial value for the worderase character is taken to be
+the terminal's
+.Ic worderase
+character.
+.It Ic \&?
+Displays the legal
+.Ic set
+.Pq Ic unset
+commands.
+.El
+.It Ic skey Ar sequence challenge
+The
+.Ic skey
+command computes a response to the S/Key challenge.
+.It Ic slc Ar state 
+The
+.Ic slc
+command (Set Local Characters) is used to set
+or change the state of the the special
+characters when the 
+.Dv TELNET LINEMODE
+option has
+been enabled.  Special characters are characters that get
+mapped to 
+.Tn TELNET
+commands sequences (like
+.Ic ip
+or
+.Ic quit  )
+or line editing characters (like
+.Ic erase
+and
+.Ic kill  ) .
+By default, the local special characters are exported.
+.Bl -tag -width Fl
+.It Ic check
+Verify the current settings for the current special characters.
+The remote side is requested to send all the current special
+character settings, and if there are any discrepancies with
+the local side, the local side will switch to the remote value.
+.It Ic export
+Switch to the local defaults for the special characters.  The
+local default characters are those of the local terminal at
+the time when
+.Nm telnet
+was started.
+.It Ic import
+Switch to the remote defaults for the special characters.
+The remote default characters are those of the remote system
+at the time when the 
+.Tn TELNET
+connection was established.
+.It Ic \&?
+Prints out help information for the
+.Ic slc
+command.
+.El
+.It Ic status
+Show the current status of
+.Nm telnet  .
+This includes the peer one is connected to, as well
+as the current mode.
+.It Ic toggle Ar arguments ... 
+Toggle (between
+.Dv TRUE
+and
+.Dv FALSE )
+various flags that control how
+.Nm telnet
+responds to events.
+These flags may be set explicitly to
+.Dv TRUE
+or
+.Dv FALSE
+using the
+.Ic set
+and
+.Ic unset
+commands listed above.
+More than one argument may be specified.
+The state of these flags may be interrogated with the
+.Ic display
+command.
+Valid arguments are:
+.Bl -tag -width Ar
+.It Ic authdebug
+Turns on debugging information for the authentication code.
+.It Ic autoflush
+If
+.Ic autoflush
+and
+.Ic localchars
+are both
+.Dv TRUE ,
+then when the
+.Ic ao  ,
+or
+.Ic quit
+characters are recognized (and transformed into
+.Tn TELNET
+sequences; see
+.Ic set
+above for details),
+.Nm telnet
+refuses to display any data on the user's terminal
+until the remote system acknowledges (via a
+.Dv TELNET TIMING MARK
+option)
+that it has processed those
+.Tn TELNET
+sequences.
+The initial value for this toggle is
+.Dv TRUE
+if the terminal user had not
+done an "stty noflsh", otherwise
+.Dv FALSE
+(see
+.Xr stty  1  ) .
+.It Ic autodecrypt
+When the
+.Dv TELNET ENCRYPT
+option is negotiated, by
+default the actual encryption (decryption) of the data
+stream does not start automatically.  The autoencrypt
+(autodecrypt) command states that encryption of the
+output (input) stream should be enabled as soon as
+possible.
+.sp
+.Pp
+Note:  Because of export controls, the
+.Dv TELNET ENCRYPT
+option is not supported outside the United States and Canada.
+.It Ic autologin
+If the remote side supports the
+.Dv TELNET AUTHENTICATION
+option
+.Tn TELNET
+attempts to use it to perform automatic authentication.  If the
+.Dv AUTHENTICATION
+option is not supported, the user's login
+name are propagated through the
+.Dv TELNET ENVIRON
+option.
+This command is the same as specifying
+.Ar a
+option on the
+.Ic open
+command.
+.It Ic autosynch
+If
+.Ic autosynch
+and
+.Ic localchars
+are both
+.Dv TRUE ,
+then when either the
+.Ic intr
+or
+.Ic quit
+characters is typed (see
+.Ic set
+above for descriptions of the
+.Ic intr
+and
+.Ic quit
+characters), the resulting
+.Tn TELNET
+sequence sent is followed by the
+.Dv TELNET SYNCH
+sequence.
+This procedure
+.Ic should
+cause the remote system to begin throwing away all previously
+typed input until both of the
+.Tn TELNET
+sequences have been read and acted upon.
+The initial value of this toggle is
+.Dv FALSE .
+.It Ic binary
+Enable or disable the
+.Dv TELNET BINARY
+option on both input and output.
+.It Ic inbinary
+Enable or disable the
+.Dv TELNET BINARY
+option on input.
+.It Ic outbinary
+Enable or disable the
+.Dv TELNET BINARY
+option on output.
+.It Ic crlf
+If this is
+.Dv TRUE ,
+then carriage returns will be sent as
+.Li <CR><LF> .
+If this is
+.Dv FALSE ,
+then carriage returns will be send as
+.Li <CR><NUL> .
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic crmod
+Toggle carriage return mode.
+When this mode is enabled, most carriage return characters received from
+the remote host will be mapped into a carriage return followed by
+a line feed.
+This mode does not affect those characters typed by the user, only
+those received from the remote host.
+This mode is not very useful unless the remote host
+only sends carriage return, but never line feed.
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic debug
+Toggles socket level debugging (useful only to the
+.Ic super user  ) .
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic encdebug
+Turns on debugging information for the encryption code.
+.It Ic localchars
+If this is
+.Dv TRUE ,
+then the
+.Ic flush  ,
+.Ic interrupt ,
+.Ic quit  ,
+.Ic erase ,
+and
+.Ic kill
+characters (see
+.Ic set
+above) are recognized locally, and transformed into (hopefully) appropriate
+.Tn TELNET
+control sequences
+(respectively
+.Ic ao  ,
+.Ic ip ,
+.Ic brk  ,
+.Ic ec ,
+and
+.Ic el  ;
+see
+.Ic send
+above).
+The initial value for this toggle is
+.Dv TRUE
+in \*(Lqold line by line\*(Rq mode,
+and
+.Dv FALSE
+in \*(Lqcharacter at a time\*(Rq mode.
+When the
+.Dv LINEMODE
+option is enabled, the value of
+.Ic localchars
+is ignored, and assumed to always be
+.Dv TRUE .
+If
+.Dv LINEMODE
+has ever been enabled, then
+.Ic quit
+is sent as
+.Ic abort  ,
+and
+.Ic eof and
+.B suspend
+are sent as
+.Ic eof and
+.Ic susp ,
+see
+.Ic send
+above).
+.It Ic netdata
+Toggles the display of all network data (in hexadecimal format).
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic options
+Toggles the display of some internal
+.Nm telnet
+protocol processing (having to do with
+.Tn TELNET
+options).
+The initial value for this toggle is
+.Dv FALSE .
+.ne 1i
+.It Ic prettydump
+When the
+.Ic netdata
+toggle is enabled, if
+.Ic prettydump
+is enabled the output from the
+.Ic netdata
+command will be formatted in a more user readable format.
+Spaces are put between each character in the output, and the
+beginning of any
+.Tn TELNET
+escape sequence is preceded by a '*' to aid in locating them.
+.It Ic skiprc
+When the skiprc toggle is
+.Dv TRUE ,
+.Tn TELNET
+skips the reading of the
+.Pa \&.telnetrc
+file in the users home
+directory when connections are opened.  The initial
+value for this toggle is
+.Dv FALSE.
+.It Ic termdata
+Toggles the display of all terminal data (in hexadecimal format).
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic verbose_encrypt
+When the
+.Ic verbose_encrypt
+toggle is
+.Dv TRUE ,
+.Tn TELNET
+prints out a message each time encryption is enabled or
+disabled.  The initial value for this toggle is
+.Dv FALSE.
+Note:  Because of export controls, data encryption
+is not supported outside of the United States and Canada.
+.It Ic \&?
+Displays the legal
+.Ic toggle
+commands.
+.El
+.It Ic z
+Suspend
+.Nm telnet  .
+This command only works when the user is using the
+.Xr csh  1  .
+.It Ic \&! Op Ar command 
+Execute a single command in a subshell on the local
+system.  If
+.Ic command
+is omitted, then an interactive
+subshell is invoked.
+.It Ic \&? Op Ar command 
+Get help.  With no arguments,
+.Nm telnet
+prints a help summary.
+If a command is specified,
+.Nm telnet
+will print the help information for just that command.
+.El
+.Sh ENVIRONMENT
+.Nm Telnet
+uses at least the
+.Ev HOME ,
+.Ev SHELL ,
+.Ev DISPLAY ,
+and
+.Ev TERM
+environment variables.
+Other environment variables may be propagated
+to the other side via the
+.Dv TELNET ENVIRON
+option.
+.Sh FILES
+.Bl -tag -width ~/.telnetrc -compact
+.It Pa ~/.telnetrc
+user customized telnet startup values
+.El
+.Sh HISTORY
+The
+.Nm Telnet
+command appeared in
+.Bx 4.2 .
+.Sh NOTES
+.Pp
+On some remote systems, echo has to be turned off manually when in
+\*(Lqold line by line\*(Rq mode.
+.Pp
+In \*(Lqold line by line\*(Rq mode or 
+.Dv LINEMODE
+the terminal's
+.Ic eof
+character is only recognized (and sent to the remote system)
+when it is the first character on a line.
diff --git a/crypto/telnet/telnet/telnet.c b/crypto/telnet/telnet/telnet.c
new file mode 100644
index 0000000..1f9c383
--- /dev/null
+++ b/crypto/telnet/telnet/telnet.c
@@ -0,0 +1,2662 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char sccsid[] = "@(#)telnet.c	8.4 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+#include <sys/types.h>
+
+#if	defined(unix)
+#include <signal.h>
+/* By the way, we need to include curses.h before telnet.h since,
+ * among other things, telnet.h #defines 'DO', which is a variable
+ * declared in curses.h.
+ */
+#endif	/* defined(unix) */
+
+#include <arpa/telnet.h>
+
+#include <ctype.h>
+
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "ring.h"
+
+#include "defines.h"
+#include "externs.h"
+#include "types.h"
+#include "general.h"
+
+#if	defined(AUTHENTICATION)
+#include <libtelnet/auth.h>
+#endif
+#if	defined(ENCRYPTION)
+#include <libtelnet/encrypt.h>
+#endif
+#include <libtelnet/misc.h>
+
+#define	strip(x) ((my_want_state_is_wont(TELOPT_BINARY)) ? ((x)&0x7f) : (x))
+
+static unsigned char	subbuffer[SUBBUFSIZE],
+			*subpointer, *subend;	 /* buffer for sub-options */
+#define	SB_CLEAR()	subpointer = subbuffer;
+#define	SB_TERM()	{ subend = subpointer; SB_CLEAR(); }
+#define	SB_ACCUM(c)	if (subpointer < (subbuffer+sizeof subbuffer)) { \
+				*subpointer++ = (c); \
+			}
+
+#define	SB_GET()	((*subpointer++)&0xff)
+#define	SB_PEEK()	((*subpointer)&0xff)
+#define	SB_EOF()	(subpointer >= subend)
+#define	SB_LEN()	(subend - subpointer)
+
+char	options[256];		/* The combined options */
+char	do_dont_resp[256];
+char	will_wont_resp[256];
+
+int
+	eight = 0,
+	autologin = 0,	/* Autologin anyone? */
+	skiprc = 0,
+	connected,
+	showoptions,
+	In3270,		/* Are we in 3270 mode? */
+	ISend,		/* trying to send network data in */
+	debug = 0,
+	crmod,
+	netdata,	/* Print out network data flow */
+	crlf,		/* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
+#if	defined(TN3270)
+	noasynchtty = 0,/* User specified "-noasynch" on command line */
+	noasynchnet = 0,/* User specified "-noasynch" on command line */
+	askedSGA = 0,	/* We have talked about suppress go ahead */
+#endif	/* defined(TN3270) */
+	telnetport,
+	SYNCHing,	/* we are in TELNET SYNCH mode */
+	flushout,	/* flush output */
+	autoflush = 0,	/* flush output when interrupting? */
+	autosynch,	/* send interrupt characters with SYNCH? */
+	localflow,	/* we handle flow control locally */
+	restartany,	/* if flow control enabled, restart on any character */
+	localchars,	/* we recognize interrupt/quit */
+	donelclchars,	/* the user has set "localchars" */
+	donebinarytoggle,	/* the user has put us in binary */
+	dontlecho,	/* do we suppress local echoing right now? */
+	globalmode,
+	doaddrlookup = 1, /* do a reverse address lookup? */
+	clienteof = 0;
+
+char *prompt = 0;
+
+cc_t escape;
+cc_t rlogin;
+#ifdef	KLUDGELINEMODE
+cc_t echoc;
+#endif
+
+/*
+ * Telnet receiver states for fsm
+ */
+#define	TS_DATA		0
+#define	TS_IAC		1
+#define	TS_WILL		2
+#define	TS_WONT		3
+#define	TS_DO		4
+#define	TS_DONT		5
+#define	TS_CR		6
+#define	TS_SB		7		/* sub-option collection */
+#define	TS_SE		8		/* looking for sub-option end */
+
+static int	telrcv_state;
+#ifdef	OLD_ENVIRON
+unsigned char telopt_environ = TELOPT_NEW_ENVIRON;
+#else
+# define telopt_environ TELOPT_NEW_ENVIRON
+#endif
+
+jmp_buf	toplevel = { 0 };
+jmp_buf	peerdied;
+
+int	flushline;
+int	linemode;
+
+#ifdef	KLUDGELINEMODE
+int	kludgelinemode = 1;
+#endif
+
+/*
+ * The following are some clocks used to decide how to interpret
+ * the relationship between various variables.
+ */
+
+Clocks clocks;
+
+#ifdef	notdef
+Modelist modelist[] = {
+	{ "telnet command mode", COMMAND_LINE },
+	{ "character-at-a-time mode", 0 },
+	{ "character-at-a-time mode (local echo)", LOCAL_ECHO|LOCAL_CHARS },
+	{ "line-by-line mode (remote echo)", LINE | LOCAL_CHARS },
+	{ "line-by-line mode", LINE | LOCAL_ECHO | LOCAL_CHARS },
+	{ "line-by-line mode (local echoing suppressed)", LINE | LOCAL_CHARS },
+	{ "3270 mode", 0 },
+};
+#endif
+
+
+/*
+ * Initialize telnet environment.
+ */
+
+    void
+init_telnet()
+{
+    env_init();
+
+    SB_CLEAR();
+    ClearArray(options);
+
+    connected = In3270 = ISend = localflow = donebinarytoggle = 0;
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+    auth_encrypt_connect(connected);
+#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION)  */
+    restartany = -1;
+
+    SYNCHing = 0;
+
+    /* Don't change NetTrace */
+
+    escape = CONTROL(']');
+    rlogin = _POSIX_VDISABLE;
+#ifdef	KLUDGELINEMODE
+    echoc = CONTROL('E');
+#endif
+
+    flushline = 1;
+    telrcv_state = TS_DATA;
+}
+
+
+#ifdef	notdef
+#include <varargs.h>
+
+    /*VARARGS*/
+    static void
+printring(va_alist)
+    va_dcl
+{
+    va_list ap;
+    char buffer[100];		/* where things go */
+    char *ptr;
+    char *format;
+    char *string;
+    Ring *ring;
+    int i;
+
+    va_start(ap);
+
+    ring = va_arg(ap, Ring *);
+    format = va_arg(ap, char *);
+    ptr = buffer;
+
+    while ((i = *format++) != 0) {
+	if (i == '%') {
+	    i = *format++;
+	    switch (i) {
+	    case 'c':
+		*ptr++ = va_arg(ap, int);
+		break;
+	    case 's':
+		string = va_arg(ap, char *);
+		ring_supply_data(ring, buffer, ptr-buffer);
+		ring_supply_data(ring, string, strlen(string));
+		ptr = buffer;
+		break;
+	    case 0:
+		ExitString("printring: trailing %%.\n", 1);
+		/*NOTREACHED*/
+	    default:
+		ExitString("printring: unknown format character.\n", 1);
+		/*NOTREACHED*/
+	    }
+	} else {
+	    *ptr++ = i;
+	}
+    }
+    ring_supply_data(ring, buffer, ptr-buffer);
+}
+#endif
+
+/*
+ * These routines are in charge of sending option negotiations
+ * to the other side.
+ *
+ * The basic idea is that we send the negotiation if either side
+ * is in disagreement as to what the current state should be.
+ */
+
+    void
+send_do(c, init)
+    register int c, init;
+{
+    if (init) {
+	if (((do_dont_resp[c] == 0) && my_state_is_do(c)) ||
+				my_want_state_is_do(c))
+	    return;
+	set_my_want_state_do(c);
+	do_dont_resp[c]++;
+    }
+    NET2ADD(IAC, DO);
+    NETADD(c);
+    printoption("SENT", DO, c);
+}
+
+    void
+send_dont(c, init)
+    register int c, init;
+{
+    if (init) {
+	if (((do_dont_resp[c] == 0) && my_state_is_dont(c)) ||
+				my_want_state_is_dont(c))
+	    return;
+	set_my_want_state_dont(c);
+	do_dont_resp[c]++;
+    }
+    NET2ADD(IAC, DONT);
+    NETADD(c);
+    printoption("SENT", DONT, c);
+}
+
+    void
+send_will(c, init)
+    register int c, init;
+{
+    if (init) {
+	if (((will_wont_resp[c] == 0) && my_state_is_will(c)) ||
+				my_want_state_is_will(c))
+	    return;
+	set_my_want_state_will(c);
+	will_wont_resp[c]++;
+    }
+    NET2ADD(IAC, WILL);
+    NETADD(c);
+    printoption("SENT", WILL, c);
+}
+
+    void
+send_wont(c, init)
+    register int c, init;
+{
+    if (init) {
+	if (((will_wont_resp[c] == 0) && my_state_is_wont(c)) ||
+				my_want_state_is_wont(c))
+	    return;
+	set_my_want_state_wont(c);
+	will_wont_resp[c]++;
+    }
+    NET2ADD(IAC, WONT);
+    NETADD(c);
+    printoption("SENT", WONT, c);
+}
+
+
+	void
+willoption(option)
+	int option;
+{
+	int new_state_ok = 0;
+
+	if (do_dont_resp[option]) {
+	    --do_dont_resp[option];
+	    if (do_dont_resp[option] && my_state_is_do(option))
+		--do_dont_resp[option];
+	}
+
+	if ((do_dont_resp[option] == 0) && my_want_state_is_dont(option)) {
+
+	    switch (option) {
+
+	    case TELOPT_ECHO:
+#	    if defined(TN3270)
+		/*
+		 * The following is a pain in the rear-end.
+		 * Various IBM servers (some versions of Wiscnet,
+		 * possibly Fibronics/Spartacus, and who knows who
+		 * else) will NOT allow us to send "DO SGA" too early
+		 * in the setup proceedings.  On the other hand,
+		 * 4.2 servers (telnetd) won't set SGA correctly.
+		 * So, we are stuck.  Empirically (but, based on
+		 * a VERY small sample), the IBM servers don't send
+		 * out anything about ECHO, so we postpone our sending
+		 * "DO SGA" until we see "WILL ECHO" (which 4.2 servers
+		 * DO send).
+		  */
+		{
+		    if (askedSGA == 0) {
+			askedSGA = 1;
+			if (my_want_state_is_dont(TELOPT_SGA))
+			    send_do(TELOPT_SGA, 1);
+		    }
+		}
+		    /* Fall through */
+	    case TELOPT_EOR:
+#endif	    /* defined(TN3270) */
+	    case TELOPT_BINARY:
+	    case TELOPT_SGA:
+		settimer(modenegotiated);
+		/* FALL THROUGH */
+	    case TELOPT_STATUS:
+#if	defined(AUTHENTICATION)
+	    case TELOPT_AUTHENTICATION:
+#endif
+#ifdef	ENCRYPTION
+	    case TELOPT_ENCRYPT:
+#endif /* ENCRYPTION */
+		new_state_ok = 1;
+		break;
+
+	    case TELOPT_TM:
+		if (flushout)
+		    flushout = 0;
+		/*
+		 * Special case for TM.  If we get back a WILL,
+		 * pretend we got back a WONT.
+		 */
+		set_my_want_state_dont(option);
+		set_my_state_dont(option);
+		return;			/* Never reply to TM will's/wont's */
+
+	    case TELOPT_LINEMODE:
+	    default:
+		break;
+	    }
+
+	    if (new_state_ok) {
+		set_my_want_state_do(option);
+		send_do(option, 0);
+		setconnmode(0);		/* possibly set new tty mode */
+	    } else {
+		do_dont_resp[option]++;
+		send_dont(option, 0);
+	    }
+	}
+	set_my_state_do(option);
+#ifdef	ENCRYPTION
+	if (option == TELOPT_ENCRYPT)
+		encrypt_send_support();
+#endif	/* ENCRYPTION */
+}
+
+	void
+wontoption(option)
+	int option;
+{
+	if (do_dont_resp[option]) {
+	    --do_dont_resp[option];
+	    if (do_dont_resp[option] && my_state_is_dont(option))
+		--do_dont_resp[option];
+	}
+
+	if ((do_dont_resp[option] == 0) && my_want_state_is_do(option)) {
+
+	    switch (option) {
+
+#ifdef	KLUDGELINEMODE
+	    case TELOPT_SGA:
+		if (!kludgelinemode)
+		    break;
+		/* FALL THROUGH */
+#endif
+	    case TELOPT_ECHO:
+		settimer(modenegotiated);
+		break;
+
+	    case TELOPT_TM:
+		if (flushout)
+		    flushout = 0;
+		set_my_want_state_dont(option);
+		set_my_state_dont(option);
+		return;		/* Never reply to TM will's/wont's */
+
+	    default:
+		break;
+	    }
+	    set_my_want_state_dont(option);
+	    if (my_state_is_do(option))
+		send_dont(option, 0);
+	    setconnmode(0);			/* Set new tty mode */
+	} else if (option == TELOPT_TM) {
+	    /*
+	     * Special case for TM.
+	     */
+	    if (flushout)
+		flushout = 0;
+	    set_my_want_state_dont(option);
+	}
+	set_my_state_dont(option);
+}
+
+	static void
+dooption(option)
+	int option;
+{
+	int new_state_ok = 0;
+
+	if (will_wont_resp[option]) {
+	    --will_wont_resp[option];
+	    if (will_wont_resp[option] && my_state_is_will(option))
+		--will_wont_resp[option];
+	}
+
+	if (will_wont_resp[option] == 0) {
+	  if (my_want_state_is_wont(option)) {
+
+	    switch (option) {
+
+	    case TELOPT_TM:
+		/*
+		 * Special case for TM.  We send a WILL, but pretend
+		 * we sent WONT.
+		 */
+		send_will(option, 0);
+		set_my_want_state_wont(TELOPT_TM);
+		set_my_state_wont(TELOPT_TM);
+		return;
+
+#	if defined(TN3270)
+	    case TELOPT_EOR:		/* end of record */
+#	endif	/* defined(TN3270) */
+	    case TELOPT_BINARY:		/* binary mode */
+	    case TELOPT_NAWS:		/* window size */
+	    case TELOPT_TSPEED:		/* terminal speed */
+	    case TELOPT_LFLOW:		/* local flow control */
+	    case TELOPT_TTYPE:		/* terminal type option */
+	    case TELOPT_SGA:		/* no big deal */
+#ifdef	ENCRYPTION
+	    case TELOPT_ENCRYPT:	/* encryption variable option */
+#endif	/* ENCRYPTION */
+		new_state_ok = 1;
+		break;
+
+	    case TELOPT_NEW_ENVIRON:	/* New environment variable option */
+#ifdef	OLD_ENVIRON
+		if (my_state_is_will(TELOPT_OLD_ENVIRON))
+			send_wont(TELOPT_OLD_ENVIRON, 1); /* turn off the old */
+		goto env_common;
+	    case TELOPT_OLD_ENVIRON:	/* Old environment variable option */
+		if (my_state_is_will(TELOPT_NEW_ENVIRON))
+			break;		/* Don't enable if new one is in use! */
+	    env_common:
+		telopt_environ = option;
+#endif
+		new_state_ok = 1;
+		break;
+
+#if	defined(AUTHENTICATION)
+	    case TELOPT_AUTHENTICATION:
+		if (autologin)
+			new_state_ok = 1;
+		break;
+#endif
+
+	    case TELOPT_XDISPLOC:	/* X Display location */
+		if (env_getvalue((unsigned char *)"DISPLAY"))
+		    new_state_ok = 1;
+		break;
+
+	    case TELOPT_LINEMODE:
+#ifdef	KLUDGELINEMODE
+		kludgelinemode = 0;
+		send_do(TELOPT_SGA, 1);
+#endif
+		set_my_want_state_will(TELOPT_LINEMODE);
+		send_will(option, 0);
+		set_my_state_will(TELOPT_LINEMODE);
+		slc_init();
+		return;
+
+	    case TELOPT_ECHO:		/* We're never going to echo... */
+	    default:
+		break;
+	    }
+
+	    if (new_state_ok) {
+		set_my_want_state_will(option);
+		send_will(option, 0);
+		setconnmode(0);			/* Set new tty mode */
+	    } else {
+		will_wont_resp[option]++;
+		send_wont(option, 0);
+	    }
+	  } else {
+	    /*
+	     * Handle options that need more things done after the
+	     * other side has acknowledged the option.
+	     */
+	    switch (option) {
+	    case TELOPT_LINEMODE:
+#ifdef	KLUDGELINEMODE
+		kludgelinemode = 0;
+		send_do(TELOPT_SGA, 1);
+#endif
+		set_my_state_will(option);
+		slc_init();
+		send_do(TELOPT_SGA, 0);
+		return;
+	    }
+	  }
+	}
+	set_my_state_will(option);
+}
+
+	static void
+dontoption(option)
+	int option;
+{
+
+	if (will_wont_resp[option]) {
+	    --will_wont_resp[option];
+	    if (will_wont_resp[option] && my_state_is_wont(option))
+		--will_wont_resp[option];
+	}
+
+	if ((will_wont_resp[option] == 0) && my_want_state_is_will(option)) {
+	    switch (option) {
+	    case TELOPT_LINEMODE:
+		linemode = 0;	/* put us back to the default state */
+		break;
+#ifdef	OLD_ENVIRON
+	    case TELOPT_NEW_ENVIRON:
+		/*
+		 * The new environ option wasn't recognized, try
+		 * the old one.
+		 */
+		send_will(TELOPT_OLD_ENVIRON, 1);
+		telopt_environ = TELOPT_OLD_ENVIRON;
+		break;
+#endif
+	    }
+	    /* we always accept a DONT */
+	    set_my_want_state_wont(option);
+	    if (my_state_is_will(option))
+		send_wont(option, 0);
+	    setconnmode(0);			/* Set new tty mode */
+	}
+	set_my_state_wont(option);
+}
+
+/*
+ * Given a buffer returned by tgetent(), this routine will turn
+ * the pipe seperated list of names in the buffer into an array
+ * of pointers to null terminated names.  We toss out any bad,
+ * duplicate, or verbose names (names with spaces).
+ */
+
+static char *name_unknown = "UNKNOWN";
+static char *unknown[] = { 0, 0 };
+
+	char **
+mklist(buf, name)
+	char *buf, *name;
+{
+	register int n;
+	register char c, *cp, **argvp, *cp2, **argv, **avt;
+
+	if (name) {
+		if ((int)strlen(name) > 40) {
+			name = 0;
+			unknown[0] = name_unknown;
+		} else {
+			unknown[0] = name;
+			upcase(name);
+		}
+	} else
+		unknown[0] = name_unknown;
+	/*
+	 * Count up the number of names.
+	 */
+	for (n = 1, cp = buf; *cp && *cp != ':'; cp++) {
+		if (*cp == '|')
+			n++;
+	}
+	/*
+	 * Allocate an array to put the name pointers into
+	 */
+	argv = (char **)malloc((n+3)*sizeof(char *));
+	if (argv == 0)
+		return(unknown);
+
+	/*
+	 * Fill up the array of pointers to names.
+	 */
+	*argv = 0;
+	argvp = argv+1;
+	n = 0;
+	for (cp = cp2 = buf; (c = *cp);  cp++) {
+		if (c == '|' || c == ':') {
+			*cp++ = '\0';
+			/*
+			 * Skip entries that have spaces or are over 40
+			 * characters long.  If this is our environment
+			 * name, then put it up front.  Otherwise, as
+			 * long as this is not a duplicate name (case
+			 * insensitive) add it to the list.
+			 */
+			if (n || (cp - cp2 > 41))
+				;
+			else if (name && (strncasecmp(name, cp2, cp-cp2) == 0))
+				*argv = cp2;
+			else if (is_unique(cp2, argv+1, argvp))
+				*argvp++ = cp2;
+			if (c == ':')
+				break;
+			/*
+			 * Skip multiple delimiters. Reset cp2 to
+			 * the beginning of the next name. Reset n,
+			 * the flag for names with spaces.
+			 */
+			while ((c = *cp) == '|')
+				cp++;
+			cp2 = cp;
+			n = 0;
+		}
+		/*
+		 * Skip entries with spaces or non-ascii values.
+		 * Convert lower case letters to upper case.
+		 */
+		if ((c == ' ') || !isascii(c))
+			n = 1;
+		else if (islower(c))
+			*cp = toupper(c);
+	}
+
+	/*
+	 * Check for an old V6 2 character name.  If the second
+	 * name points to the beginning of the buffer, and is
+	 * only 2 characters long, move it to the end of the array.
+	 */
+	if ((argv[1] == buf) && (strlen(argv[1]) == 2)) {
+		--argvp;
+		for (avt = &argv[1]; avt < argvp; avt++)
+			*avt = *(avt+1);
+		*argvp++ = buf;
+	}
+
+	/*
+	 * Duplicate last name, for TTYPE option, and null
+	 * terminate the array.  If we didn't find a match on
+	 * our terminal name, put that name at the beginning.
+	 */
+	cp = *(argvp-1);
+	*argvp++ = cp;
+	*argvp = 0;
+
+	if (*argv == 0) {
+		if (name)
+			*argv = name;
+		else {
+			--argvp;
+			for (avt = argv; avt < argvp; avt++)
+				*avt = *(avt+1);
+		}
+	}
+	if (*argv)
+		return(argv);
+	else
+		return(unknown);
+}
+
+	int
+is_unique(name, as, ae)
+	register char *name, **as, **ae;
+{
+	register char **ap;
+	register int n;
+
+	n = strlen(name) + 1;
+	for (ap = as; ap < ae; ap++)
+		if (strncasecmp(*ap, name, n) == 0)
+			return(0);
+	return (1);
+}
+
+#ifdef	TERMCAP
+char termbuf[1024];
+
+	/*ARGSUSED*/
+	int
+setupterm(tname, fd, errp)
+	char *tname;
+	int fd, *errp;
+{
+	if (tgetent(termbuf, tname) == 1) {
+		termbuf[1023] = '\0';
+		if (errp)
+			*errp = 1;
+		return(0);
+	}
+	if (errp)
+		*errp = 0;
+	return(-1);
+}
+#else
+#define	termbuf	ttytype
+extern char ttytype[];
+#endif
+
+int resettermname = 1;
+
+	char *
+gettermname()
+{
+	char *tname;
+	static char **tnamep = 0;
+	static char **next;
+	int err;
+
+	if (resettermname) {
+		resettermname = 0;
+		if (tnamep && tnamep != unknown)
+			free(tnamep);
+		if ((tname = (char *)env_getvalue((unsigned char *)"TERM")) &&
+				(setupterm(tname, 1, &err) == 0)) {
+			tnamep = mklist(termbuf, tname);
+		} else {
+			if (tname && ((int)strlen(tname) <= 40)) {
+				unknown[0] = tname;
+				upcase(tname);
+			} else
+				unknown[0] = name_unknown;
+			tnamep = unknown;
+		}
+		next = tnamep;
+	}
+	if (*next == 0)
+		next = tnamep;
+	return(*next++);
+}
+/*
+ * suboption()
+ *
+ *	Look at the sub-option buffer, and try to be helpful to the other
+ * side.
+ *
+ *	Currently we recognize:
+ *
+ *		Terminal type, send request.
+ *		Terminal speed (send request).
+ *		Local flow control (is request).
+ *		Linemode
+ */
+
+    static void
+suboption()
+{
+    unsigned char subchar;
+
+    printsub('<', subbuffer, SB_LEN()+2);
+    switch (subchar = SB_GET()) {
+    case TELOPT_TTYPE:
+	if (my_want_state_is_wont(TELOPT_TTYPE))
+	    return;
+	if (SB_EOF() || SB_GET() != TELQUAL_SEND) {
+	    return;
+	} else {
+	    char *name;
+	    unsigned char temp[50];
+	    int len;
+
+#if	defined(TN3270)
+	    if (tn3270_ttype()) {
+		return;
+	    }
+#endif	/* defined(TN3270) */
+	    name = gettermname();
+	    len = strlen(name) + 4 + 2;
+	    if (len < NETROOM()) {
+		sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
+				TELQUAL_IS, name, IAC, SE);
+		ring_supply_data(&netoring, temp, len);
+		printsub('>', &temp[2], len-2);
+	    } else {
+		ExitString("No room in buffer for terminal type.\n", 1);
+		/*NOTREACHED*/
+	    }
+	}
+	break;
+    case TELOPT_TSPEED:
+	if (my_want_state_is_wont(TELOPT_TSPEED))
+	    return;
+	if (SB_EOF())
+	    return;
+	if (SB_GET() == TELQUAL_SEND) {
+	    long ospeed, ispeed;
+	    unsigned char temp[50];
+	    int len;
+
+	    TerminalSpeeds(&ispeed, &ospeed);
+
+	    sprintf((char *)temp, "%c%c%c%c%ld,%ld%c%c", IAC, SB, TELOPT_TSPEED,
+		    TELQUAL_IS, ospeed, ispeed, IAC, SE);
+	    len = strlen((char *)temp+4) + 4;	/* temp[3] is 0 ... */
+
+	    if (len < NETROOM()) {
+		ring_supply_data(&netoring, temp, len);
+		printsub('>', temp+2, len - 2);
+	    }
+/*@*/	    else printf("lm_will: not enough room in buffer\n");
+	}
+	break;
+    case TELOPT_LFLOW:
+	if (my_want_state_is_wont(TELOPT_LFLOW))
+	    return;
+	if (SB_EOF())
+	    return;
+	switch(SB_GET()) {
+	case LFLOW_RESTART_ANY:
+	    restartany = 1;
+	    break;
+	case LFLOW_RESTART_XON:
+	    restartany = 0;
+	    break;
+	case LFLOW_ON:
+	    localflow = 1;
+	    break;
+	case LFLOW_OFF:
+	    localflow = 0;
+	    break;
+	default:
+	    return;
+	}
+	setcommandmode();
+	setconnmode(0);
+	break;
+
+    case TELOPT_LINEMODE:
+	if (my_want_state_is_wont(TELOPT_LINEMODE))
+	    return;
+	if (SB_EOF())
+	    return;
+	switch (SB_GET()) {
+	case WILL:
+	    lm_will(subpointer, SB_LEN());
+	    break;
+	case WONT:
+	    lm_wont(subpointer, SB_LEN());
+	    break;
+	case DO:
+	    lm_do(subpointer, SB_LEN());
+	    break;
+	case DONT:
+	    lm_dont(subpointer, SB_LEN());
+	    break;
+	case LM_SLC:
+	    slc(subpointer, SB_LEN());
+	    break;
+	case LM_MODE:
+	    lm_mode(subpointer, SB_LEN(), 0);
+	    break;
+	default:
+	    break;
+	}
+	break;
+
+#ifdef	OLD_ENVIRON
+    case TELOPT_OLD_ENVIRON:
+#endif
+    case TELOPT_NEW_ENVIRON:
+	if (SB_EOF())
+	    return;
+	switch(SB_PEEK()) {
+	case TELQUAL_IS:
+	case TELQUAL_INFO:
+	    if (my_want_state_is_dont(subchar))
+		return;
+	    break;
+	case TELQUAL_SEND:
+	    if (my_want_state_is_wont(subchar)) {
+		return;
+	    }
+	    break;
+	default:
+	    return;
+	}
+	env_opt(subpointer, SB_LEN());
+	break;
+
+    case TELOPT_XDISPLOC:
+	if (my_want_state_is_wont(TELOPT_XDISPLOC))
+	    return;
+	if (SB_EOF())
+	    return;
+	if (SB_GET() == TELQUAL_SEND) {
+	    unsigned char temp[50], *dp;
+	    int len;
+
+	    if ((dp = env_getvalue((unsigned char *)"DISPLAY")) == NULL) {
+		/*
+		 * Something happened, we no longer have a DISPLAY
+		 * variable.  So, turn off the option.
+		 */
+		send_wont(TELOPT_XDISPLOC, 1);
+		break;
+	    }
+	    sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
+		    TELQUAL_IS, dp, IAC, SE);
+	    len = strlen((char *)temp+4) + 4;	/* temp[3] is 0 ... */
+
+	    if (len < NETROOM()) {
+		ring_supply_data(&netoring, temp, len);
+		printsub('>', temp+2, len - 2);
+	    }
+/*@*/	    else printf("lm_will: not enough room in buffer\n");
+	}
+	break;
+
+#if	defined(AUTHENTICATION)
+	case TELOPT_AUTHENTICATION: {
+		if (!autologin)
+			break;
+		if (SB_EOF())
+			return;
+		switch(SB_GET()) {
+		case TELQUAL_IS:
+			if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
+				return;
+			auth_is(subpointer, SB_LEN());
+			break;
+		case TELQUAL_SEND:
+			if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
+				return;
+			auth_send(subpointer, SB_LEN());
+			break;
+		case TELQUAL_REPLY:
+			if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
+				return;
+			auth_reply(subpointer, SB_LEN());
+			break;
+		case TELQUAL_NAME:
+			if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
+				return;
+			auth_name(subpointer, SB_LEN());
+			break;
+		}
+	}
+	break;
+#endif
+#ifdef	ENCRYPTION
+	case TELOPT_ENCRYPT:
+		if (SB_EOF())
+			return;
+		switch(SB_GET()) {
+		case ENCRYPT_START:
+			if (my_want_state_is_dont(TELOPT_ENCRYPT))
+				return;
+			encrypt_start(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_END:
+			if (my_want_state_is_dont(TELOPT_ENCRYPT))
+				return;
+			encrypt_end();
+			break;
+		case ENCRYPT_SUPPORT:
+			if (my_want_state_is_wont(TELOPT_ENCRYPT))
+				return;
+			encrypt_support(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_REQSTART:
+			if (my_want_state_is_wont(TELOPT_ENCRYPT))
+				return;
+			encrypt_request_start(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_REQEND:
+			if (my_want_state_is_wont(TELOPT_ENCRYPT))
+				return;
+			/*
+			 * We can always send an REQEND so that we cannot
+			 * get stuck encrypting.  We should only get this
+			 * if we have been able to get in the correct mode
+			 * anyhow.
+			 */
+			encrypt_request_end();
+			break;
+		case ENCRYPT_IS:
+			if (my_want_state_is_dont(TELOPT_ENCRYPT))
+				return;
+			encrypt_is(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_REPLY:
+			if (my_want_state_is_wont(TELOPT_ENCRYPT))
+				return;
+			encrypt_reply(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_ENC_KEYID:
+			if (my_want_state_is_dont(TELOPT_ENCRYPT))
+				return;
+			encrypt_enc_keyid(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_DEC_KEYID:
+			if (my_want_state_is_wont(TELOPT_ENCRYPT))
+				return;
+			encrypt_dec_keyid(subpointer, SB_LEN());
+			break;
+		default:
+			break;
+		}
+		break;
+#endif	/* ENCRYPTION */
+    default:
+	break;
+    }
+}
+
+static unsigned char str_lm[] = { IAC, SB, TELOPT_LINEMODE, 0, 0, IAC, SE };
+
+    void
+lm_will(cmd, len)
+    unsigned char *cmd;
+    int len;
+{
+    if (len < 1) {
+/*@*/	printf("lm_will: no command!!!\n");	/* Should not happen... */
+	return;
+    }
+    switch(cmd[0]) {
+    case LM_FORWARDMASK:	/* We shouldn't ever get this... */
+    default:
+	str_lm[3] = DONT;
+	str_lm[4] = cmd[0];
+	if (NETROOM() > sizeof(str_lm)) {
+	    ring_supply_data(&netoring, str_lm, sizeof(str_lm));
+	    printsub('>', &str_lm[2], sizeof(str_lm)-2);
+	}
+/*@*/	else printf("lm_will: not enough room in buffer\n");
+	break;
+    }
+}
+
+    void
+lm_wont(cmd, len)
+    unsigned char *cmd;
+    int len;
+{
+    if (len < 1) {
+/*@*/	printf("lm_wont: no command!!!\n");	/* Should not happen... */
+	return;
+    }
+    switch(cmd[0]) {
+    case LM_FORWARDMASK:	/* We shouldn't ever get this... */
+    default:
+	/* We are always DONT, so don't respond */
+	return;
+    }
+}
+
+    void
+lm_do(cmd, len)
+    unsigned char *cmd;
+    int len;
+{
+    if (len < 1) {
+/*@*/	printf("lm_do: no command!!!\n");	/* Should not happen... */
+	return;
+    }
+    switch(cmd[0]) {
+    case LM_FORWARDMASK:
+    default:
+	str_lm[3] = WONT;
+	str_lm[4] = cmd[0];
+	if (NETROOM() > sizeof(str_lm)) {
+	    ring_supply_data(&netoring, str_lm, sizeof(str_lm));
+	    printsub('>', &str_lm[2], sizeof(str_lm)-2);
+	}
+/*@*/	else printf("lm_do: not enough room in buffer\n");
+	break;
+    }
+}
+
+    void
+lm_dont(cmd, len)
+    unsigned char *cmd;
+    int len;
+{
+    if (len < 1) {
+/*@*/	printf("lm_dont: no command!!!\n");	/* Should not happen... */
+	return;
+    }
+    switch(cmd[0]) {
+    case LM_FORWARDMASK:
+    default:
+	/* we are always WONT, so don't respond */
+	break;
+    }
+}
+
+static unsigned char str_lm_mode[] = {
+	IAC, SB, TELOPT_LINEMODE, LM_MODE, 0, IAC, SE
+};
+
+	void
+lm_mode(cmd, len, init)
+	unsigned char *cmd;
+	int len, init;
+{
+	if (len != 1)
+		return;
+	if ((linemode&MODE_MASK&~MODE_ACK) == *cmd)
+		return;
+	if (*cmd&MODE_ACK)
+		return;
+	linemode = *cmd&(MODE_MASK&~MODE_ACK);
+	str_lm_mode[4] = linemode;
+	if (!init)
+	    str_lm_mode[4] |= MODE_ACK;
+	if (NETROOM() > sizeof(str_lm_mode)) {
+	    ring_supply_data(&netoring, str_lm_mode, sizeof(str_lm_mode));
+	    printsub('>', &str_lm_mode[2], sizeof(str_lm_mode)-2);
+	}
+/*@*/	else printf("lm_mode: not enough room in buffer\n");
+	setconnmode(0);	/* set changed mode */
+}
+
+
+
+/*
+ * slc()
+ * Handle special character suboption of LINEMODE.
+ */
+
+struct spc {
+	cc_t val;
+	cc_t *valp;
+	char flags;	/* Current flags & level */
+	char mylevel;	/* Maximum level & flags */
+} spc_data[NSLC+1];
+
+#define SLC_IMPORT	0
+#define	SLC_EXPORT	1
+#define SLC_RVALUE	2
+static int slc_mode = SLC_EXPORT;
+
+	void
+slc_init()
+{
+	register struct spc *spcp;
+
+	localchars = 1;
+	for (spcp = spc_data; spcp < &spc_data[NSLC+1]; spcp++) {
+		spcp->val = 0;
+		spcp->valp = 0;
+		spcp->flags = spcp->mylevel = SLC_NOSUPPORT;
+	}
+
+#define	initfunc(func, flags) { \
+					spcp = &spc_data[func]; \
+					if ((spcp->valp = tcval(func))) { \
+					    spcp->val = *spcp->valp; \
+					    spcp->mylevel = SLC_VARIABLE|flags; \
+					} else { \
+					    spcp->val = 0; \
+					    spcp->mylevel = SLC_DEFAULT; \
+					} \
+				    }
+
+	initfunc(SLC_SYNCH, 0);
+	/* No BRK */
+	initfunc(SLC_AO, 0);
+	initfunc(SLC_AYT, 0);
+	/* No EOR */
+	initfunc(SLC_ABORT, SLC_FLUSHIN|SLC_FLUSHOUT);
+	initfunc(SLC_EOF, 0);
+#ifndef	SYSV_TERMIO
+	initfunc(SLC_SUSP, SLC_FLUSHIN);
+#endif
+	initfunc(SLC_EC, 0);
+	initfunc(SLC_EL, 0);
+#ifndef	SYSV_TERMIO
+	initfunc(SLC_EW, 0);
+	initfunc(SLC_RP, 0);
+	initfunc(SLC_LNEXT, 0);
+#endif
+	initfunc(SLC_XON, 0);
+	initfunc(SLC_XOFF, 0);
+#ifdef	SYSV_TERMIO
+	spc_data[SLC_XON].mylevel = SLC_CANTCHANGE;
+	spc_data[SLC_XOFF].mylevel = SLC_CANTCHANGE;
+#endif
+	initfunc(SLC_FORW1, 0);
+#ifdef	USE_TERMIO
+	initfunc(SLC_FORW2, 0);
+	/* No FORW2 */
+#endif
+
+	initfunc(SLC_IP, SLC_FLUSHIN|SLC_FLUSHOUT);
+#undef	initfunc
+
+	if (slc_mode == SLC_EXPORT)
+		slc_export();
+	else
+		slc_import(1);
+
+}
+
+    void
+slcstate()
+{
+    printf("Special characters are %s values\n",
+		slc_mode == SLC_IMPORT ? "remote default" :
+		slc_mode == SLC_EXPORT ? "local" :
+					 "remote");
+}
+
+    void
+slc_mode_export()
+{
+    slc_mode = SLC_EXPORT;
+    if (my_state_is_will(TELOPT_LINEMODE))
+	slc_export();
+}
+
+    void
+slc_mode_import(def)
+    int def;
+{
+    slc_mode = def ? SLC_IMPORT : SLC_RVALUE;
+    if (my_state_is_will(TELOPT_LINEMODE))
+	slc_import(def);
+}
+
+unsigned char slc_import_val[] = {
+	IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_VARIABLE, 0, IAC, SE
+};
+unsigned char slc_import_def[] = {
+	IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_DEFAULT, 0, IAC, SE
+};
+
+    void
+slc_import(def)
+    int def;
+{
+    if (NETROOM() > sizeof(slc_import_val)) {
+	if (def) {
+	    ring_supply_data(&netoring, slc_import_def, sizeof(slc_import_def));
+	    printsub('>', &slc_import_def[2], sizeof(slc_import_def)-2);
+	} else {
+	    ring_supply_data(&netoring, slc_import_val, sizeof(slc_import_val));
+	    printsub('>', &slc_import_val[2], sizeof(slc_import_val)-2);
+	}
+    }
+/*@*/ else printf("slc_import: not enough room\n");
+}
+
+    void
+slc_export()
+{
+    register struct spc *spcp;
+
+    TerminalDefaultChars();
+
+    slc_start_reply();
+    for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
+	if (spcp->mylevel != SLC_NOSUPPORT) {
+	    if (spcp->val == (cc_t)(_POSIX_VDISABLE))
+		spcp->flags = SLC_NOSUPPORT;
+	    else
+		spcp->flags = spcp->mylevel;
+	    if (spcp->valp)
+		spcp->val = *spcp->valp;
+	    slc_add_reply(spcp - spc_data, spcp->flags, spcp->val);
+	}
+    }
+    slc_end_reply();
+    (void)slc_update();
+    setconnmode(1);	/* Make sure the character values are set */
+}
+
+	void
+slc(cp, len)
+	register unsigned char *cp;
+	int len;
+{
+	register struct spc *spcp;
+	register int func,level;
+
+	slc_start_reply();
+
+	for (; len >= 3; len -=3, cp +=3) {
+
+		func = cp[SLC_FUNC];
+
+		if (func == 0) {
+			/*
+			 * Client side: always ignore 0 function.
+			 */
+			continue;
+		}
+		if (func > NSLC) {
+			if ((cp[SLC_FLAGS] & SLC_LEVELBITS) != SLC_NOSUPPORT)
+				slc_add_reply(func, SLC_NOSUPPORT, 0);
+			continue;
+		}
+
+		spcp = &spc_data[func];
+
+		level = cp[SLC_FLAGS]&(SLC_LEVELBITS|SLC_ACK);
+
+		if ((cp[SLC_VALUE] == (unsigned char)spcp->val) &&
+		    ((level&SLC_LEVELBITS) == (spcp->flags&SLC_LEVELBITS))) {
+			continue;
+		}
+
+		if (level == (SLC_DEFAULT|SLC_ACK)) {
+			/*
+			 * This is an error condition, the SLC_ACK
+			 * bit should never be set for the SLC_DEFAULT
+			 * level.  Our best guess to recover is to
+			 * ignore the SLC_ACK bit.
+			 */
+			cp[SLC_FLAGS] &= ~SLC_ACK;
+		}
+
+		if (level == ((spcp->flags&SLC_LEVELBITS)|SLC_ACK)) {
+			spcp->val = (cc_t)cp[SLC_VALUE];
+			spcp->flags = cp[SLC_FLAGS];	/* include SLC_ACK */
+			continue;
+		}
+
+		level &= ~SLC_ACK;
+
+		if (level <= (spcp->mylevel&SLC_LEVELBITS)) {
+			spcp->flags = cp[SLC_FLAGS]|SLC_ACK;
+			spcp->val = (cc_t)cp[SLC_VALUE];
+		}
+		if (level == SLC_DEFAULT) {
+			if ((spcp->mylevel&SLC_LEVELBITS) != SLC_DEFAULT)
+				spcp->flags = spcp->mylevel;
+			else
+				spcp->flags = SLC_NOSUPPORT;
+		}
+		slc_add_reply(func, spcp->flags, spcp->val);
+	}
+	slc_end_reply();
+	if (slc_update())
+		setconnmode(1);	/* set the  new character values */
+}
+
+    void
+slc_check()
+{
+    register struct spc *spcp;
+
+    slc_start_reply();
+    for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
+	if (spcp->valp && spcp->val != *spcp->valp) {
+	    spcp->val = *spcp->valp;
+	    if (spcp->val == (cc_t)(_POSIX_VDISABLE))
+		spcp->flags = SLC_NOSUPPORT;
+	    else
+		spcp->flags = spcp->mylevel;
+	    slc_add_reply(spcp - spc_data, spcp->flags, spcp->val);
+	}
+    }
+    slc_end_reply();
+    setconnmode(1);
+}
+
+
+unsigned char slc_reply[128];
+unsigned char *slc_replyp;
+
+	void
+slc_start_reply()
+{
+	slc_replyp = slc_reply;
+	*slc_replyp++ = IAC;
+	*slc_replyp++ = SB;
+	*slc_replyp++ = TELOPT_LINEMODE;
+	*slc_replyp++ = LM_SLC;
+}
+
+	void
+slc_add_reply(func, flags, value)
+	unsigned char func;
+	unsigned char flags;
+	cc_t value;
+{
+	if ((*slc_replyp++ = func) == IAC)
+		*slc_replyp++ = IAC;
+	if ((*slc_replyp++ = flags) == IAC)
+		*slc_replyp++ = IAC;
+	if ((*slc_replyp++ = (unsigned char)value) == IAC)
+		*slc_replyp++ = IAC;
+}
+
+    void
+slc_end_reply()
+{
+    register int len;
+
+    *slc_replyp++ = IAC;
+    *slc_replyp++ = SE;
+    len = slc_replyp - slc_reply;
+    if (len <= 6)
+	return;
+    if (NETROOM() > len) {
+	ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply);
+	printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2);
+    }
+/*@*/else printf("slc_end_reply: not enough room\n");
+}
+
+	int
+slc_update()
+{
+	register struct spc *spcp;
+	int need_update = 0;
+
+	for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
+		if (!(spcp->flags&SLC_ACK))
+			continue;
+		spcp->flags &= ~SLC_ACK;
+		if (spcp->valp && (*spcp->valp != spcp->val)) {
+			*spcp->valp = spcp->val;
+			need_update = 1;
+		}
+	}
+	return(need_update);
+}
+
+#ifdef	OLD_ENVIRON
+# ifdef	ENV_HACK
+/*
+ * Earlier version of telnet/telnetd from the BSD code had
+ * the definitions of VALUE and VAR reversed.  To ensure
+ * maximum interoperability, we assume that the server is
+ * an older BSD server, until proven otherwise.  The newer
+ * BSD servers should be able to handle either definition,
+ * so it is better to use the wrong values if we don't
+ * know what type of server it is.
+ */
+int env_auto = 1;
+int old_env_var = OLD_ENV_VAR;
+int old_env_value = OLD_ENV_VALUE;
+# else
+#  define old_env_var OLD_ENV_VAR
+#  define old_env_value OLD_ENV_VALUE
+# endif
+#endif
+
+	void
+env_opt(buf, len)
+	register unsigned char *buf;
+	register int len;
+{
+	register unsigned char *ep = 0, *epc = 0;
+	register int i;
+
+	switch(buf[0]&0xff) {
+	case TELQUAL_SEND:
+		env_opt_start();
+		if (len == 1) {
+			env_opt_add(NULL);
+		} else for (i = 1; i < len; i++) {
+			switch (buf[i]&0xff) {
+#ifdef	OLD_ENVIRON
+			case OLD_ENV_VAR:
+# ifdef	ENV_HACK
+				if (telopt_environ == TELOPT_OLD_ENVIRON
+				    && env_auto) {
+					/* Server has the same definitions */
+					old_env_var = OLD_ENV_VAR;
+					old_env_value = OLD_ENV_VALUE;
+				}
+				/* FALL THROUGH */
+# endif
+			case OLD_ENV_VALUE:
+				/*
+				 * Although OLD_ENV_VALUE is not legal, we will
+				 * still recognize it, just in case it is an
+				 * old server that has VAR & VALUE mixed up...
+				 */
+				/* FALL THROUGH */
+#else
+			case NEW_ENV_VAR:
+#endif
+			case ENV_USERVAR:
+				if (ep) {
+					*epc = 0;
+					env_opt_add(ep);
+				}
+				ep = epc = &buf[i+1];
+				break;
+			case ENV_ESC:
+				i++;
+				/*FALL THROUGH*/
+			default:
+				if (epc)
+					*epc++ = buf[i];
+				break;
+			}
+		}
+		if (ep) {
+			*epc = 0;
+			env_opt_add(ep);
+		}
+		env_opt_end(1);
+		break;
+
+	case TELQUAL_IS:
+	case TELQUAL_INFO:
+		/* Ignore for now.  We shouldn't get it anyway. */
+		break;
+
+	default:
+		break;
+	}
+}
+
+#define	OPT_REPLY_SIZE	256
+unsigned char *opt_reply;
+unsigned char *opt_replyp;
+unsigned char *opt_replyend;
+
+	void
+env_opt_start()
+{
+	if (opt_reply)
+		opt_reply = (unsigned char *)realloc(opt_reply, OPT_REPLY_SIZE);
+	else
+		opt_reply = (unsigned char *)malloc(OPT_REPLY_SIZE);
+	if (opt_reply == NULL) {
+/*@*/		printf("env_opt_start: malloc()/realloc() failed!!!\n");
+		opt_reply = opt_replyp = opt_replyend = NULL;
+		return;
+	}
+	opt_replyp = opt_reply;
+	opt_replyend = opt_reply + OPT_REPLY_SIZE;
+	*opt_replyp++ = IAC;
+	*opt_replyp++ = SB;
+	*opt_replyp++ = telopt_environ;
+	*opt_replyp++ = TELQUAL_IS;
+}
+
+	void
+env_opt_start_info()
+{
+	env_opt_start();
+	if (opt_replyp)
+	    opt_replyp[-1] = TELQUAL_INFO;
+}
+
+	void
+env_opt_add(ep)
+	register unsigned char *ep;
+{
+	register unsigned char *vp, c;
+
+	if (opt_reply == NULL)		/*XXX*/
+		return;			/*XXX*/
+
+	if (ep == NULL || *ep == '\0') {
+		/* Send user defined variables first. */
+		env_default(1, 0);
+		while ((ep = env_default(0, 0)))
+			env_opt_add(ep);
+
+		/* Now add the list of well know variables.  */
+		env_default(1, 1);
+		while ((ep = env_default(0, 1)))
+			env_opt_add(ep);
+		return;
+	}
+	vp = env_getvalue(ep);
+	if (opt_replyp + (vp ? strlen((char *)vp) : 0) +
+				strlen((char *)ep) + 6 > opt_replyend)
+	{
+		register int len;
+		opt_replyend += OPT_REPLY_SIZE;
+		len = opt_replyend - opt_reply;
+		opt_reply = (unsigned char *)realloc(opt_reply, len);
+		if (opt_reply == NULL) {
+/*@*/			printf("env_opt_add: realloc() failed!!!\n");
+			opt_reply = opt_replyp = opt_replyend = NULL;
+			return;
+		}
+		opt_replyp = opt_reply + len - (opt_replyend - opt_replyp);
+		opt_replyend = opt_reply + len;
+	}
+	if (opt_welldefined(ep))
+#ifdef	OLD_ENVIRON
+		if (telopt_environ == TELOPT_OLD_ENVIRON)
+			*opt_replyp++ = old_env_var;
+		else
+#endif
+			*opt_replyp++ = NEW_ENV_VAR;
+	else
+		*opt_replyp++ = ENV_USERVAR;
+	for (;;) {
+		while ((c = *ep++)) {
+			switch(c&0xff) {
+			case IAC:
+				*opt_replyp++ = IAC;
+				break;
+			case NEW_ENV_VAR:
+			case NEW_ENV_VALUE:
+			case ENV_ESC:
+			case ENV_USERVAR:
+				*opt_replyp++ = ENV_ESC;
+				break;
+			}
+			*opt_replyp++ = c;
+		}
+		if ((ep = vp)) {
+#ifdef	OLD_ENVIRON
+			if (telopt_environ == TELOPT_OLD_ENVIRON)
+				*opt_replyp++ = old_env_value;
+			else
+#endif
+				*opt_replyp++ = NEW_ENV_VALUE;
+			vp = NULL;
+		} else
+			break;
+	}
+}
+
+	int
+opt_welldefined(ep)
+	char *ep;
+{
+	if ((strcmp(ep, "USER") == 0) ||
+	    (strcmp(ep, "DISPLAY") == 0) ||
+	    (strcmp(ep, "PRINTER") == 0) ||
+	    (strcmp(ep, "SYSTEMTYPE") == 0) ||
+	    (strcmp(ep, "JOB") == 0) ||
+	    (strcmp(ep, "ACCT") == 0))
+		return(1);
+	return(0);
+}
+	void
+env_opt_end(emptyok)
+	register int emptyok;
+{
+	register int len;
+
+	len = opt_replyp - opt_reply + 2;
+	if (emptyok || len > 6) {
+		*opt_replyp++ = IAC;
+		*opt_replyp++ = SE;
+		if (NETROOM() > len) {
+			ring_supply_data(&netoring, opt_reply, len);
+			printsub('>', &opt_reply[2], len - 2);
+		}
+/*@*/		else printf("slc_end_reply: not enough room\n");
+	}
+	if (opt_reply) {
+		free(opt_reply);
+		opt_reply = opt_replyp = opt_replyend = NULL;
+	}
+}
+
+
+
+    int
+telrcv()
+{
+    register int c;
+    register int scc;
+    register unsigned char *sbp;
+    int count;
+    int returnValue = 0;
+
+    scc = 0;
+    count = 0;
+    while (TTYROOM() > 2) {
+	if (scc == 0) {
+	    if (count) {
+		ring_consumed(&netiring, count);
+		returnValue = 1;
+		count = 0;
+	    }
+	    sbp = netiring.consume;
+	    scc = ring_full_consecutive(&netiring);
+	    if (scc == 0) {
+		/* No more data coming in */
+		break;
+	    }
+	}
+
+	c = *sbp++ & 0xff, scc--; count++;
+#ifdef	ENCRYPTION
+	if (decrypt_input)
+		c = (*decrypt_input)(c);
+#endif	/* ENCRYPTION */
+
+	switch (telrcv_state) {
+
+	case TS_CR:
+	    telrcv_state = TS_DATA;
+	    if (c == '\0') {
+		break;	/* Ignore \0 after CR */
+	    }
+	    else if ((c == '\n') && my_want_state_is_dont(TELOPT_ECHO) && !crmod) {
+		TTYADD(c);
+		break;
+	    }
+	    /* Else, fall through */
+
+	case TS_DATA:
+	    if (c == IAC) {
+		telrcv_state = TS_IAC;
+		break;
+	    }
+#	    if defined(TN3270)
+	    if (In3270) {
+		*Ifrontp++ = c;
+		while (scc > 0) {
+		    c = *sbp++ & 0377, scc--; count++;
+#ifdef	ENCRYPTION
+		    if (decrypt_input)
+			c = (*decrypt_input)(c);
+#endif	/* ENCRYPTION */
+		    if (c == IAC) {
+			telrcv_state = TS_IAC;
+			break;
+		    }
+		    *Ifrontp++ = c;
+		}
+	    } else
+#	    endif /* defined(TN3270) */
+		    /*
+		     * The 'crmod' hack (see following) is needed
+		     * since we can't * set CRMOD on output only.
+		     * Machines like MULTICS like to send \r without
+		     * \n; since we must turn off CRMOD to get proper
+		     * input, the mapping is done here (sigh).
+		     */
+	    if ((c == '\r') && my_want_state_is_dont(TELOPT_BINARY)) {
+		if (scc > 0) {
+		    c = *sbp&0xff;
+#ifdef	ENCRYPTION
+		    if (decrypt_input)
+			c = (*decrypt_input)(c);
+#endif	/* ENCRYPTION */
+		    if (c == 0) {
+			sbp++, scc--; count++;
+			/* a "true" CR */
+			TTYADD('\r');
+		    } else if (my_want_state_is_dont(TELOPT_ECHO) &&
+					(c == '\n')) {
+			sbp++, scc--; count++;
+			TTYADD('\n');
+		    } else {
+#ifdef	ENCRYPTION
+			if (decrypt_input)
+			    (*decrypt_input)(-1);
+#endif	/* ENCRYPTION */
+
+			TTYADD('\r');
+			if (crmod) {
+				TTYADD('\n');
+			}
+		    }
+		} else {
+		    telrcv_state = TS_CR;
+		    TTYADD('\r');
+		    if (crmod) {
+			    TTYADD('\n');
+		    }
+		}
+	    } else {
+		TTYADD(c);
+	    }
+	    continue;
+
+	case TS_IAC:
+process_iac:
+	    switch (c) {
+
+	    case WILL:
+		telrcv_state = TS_WILL;
+		continue;
+
+	    case WONT:
+		telrcv_state = TS_WONT;
+		continue;
+
+	    case DO:
+		telrcv_state = TS_DO;
+		continue;
+
+	    case DONT:
+		telrcv_state = TS_DONT;
+		continue;
+
+	    case DM:
+		    /*
+		     * We may have missed an urgent notification,
+		     * so make sure we flush whatever is in the
+		     * buffer currently.
+		     */
+		printoption("RCVD", IAC, DM);
+		SYNCHing = 1;
+		(void) ttyflush(1);
+		SYNCHing = stilloob();
+		settimer(gotDM);
+		break;
+
+	    case SB:
+		SB_CLEAR();
+		telrcv_state = TS_SB;
+		continue;
+
+#	    if defined(TN3270)
+	    case EOR:
+		if (In3270) {
+		    if (Ibackp == Ifrontp) {
+			Ibackp = Ifrontp = Ibuf;
+			ISend = 0;	/* should have been! */
+		    } else {
+			Ibackp += DataFromNetwork(Ibackp, Ifrontp-Ibackp, 1);
+			ISend = 1;
+		    }
+		}
+		printoption("RCVD", IAC, EOR);
+		break;
+#	    endif /* defined(TN3270) */
+
+	    case IAC:
+#	    if !defined(TN3270)
+		TTYADD(IAC);
+#	    else /* !defined(TN3270) */
+		if (In3270) {
+		    *Ifrontp++ = IAC;
+		} else {
+		    TTYADD(IAC);
+		}
+#	    endif /* !defined(TN3270) */
+		break;
+
+	    case NOP:
+	    case GA:
+	    default:
+		printoption("RCVD", IAC, c);
+		break;
+	    }
+	    telrcv_state = TS_DATA;
+	    continue;
+
+	case TS_WILL:
+	    printoption("RCVD", WILL, c);
+	    willoption(c);
+	    SetIn3270();
+	    telrcv_state = TS_DATA;
+	    continue;
+
+	case TS_WONT:
+	    printoption("RCVD", WONT, c);
+	    wontoption(c);
+	    SetIn3270();
+	    telrcv_state = TS_DATA;
+	    continue;
+
+	case TS_DO:
+	    printoption("RCVD", DO, c);
+	    dooption(c);
+	    SetIn3270();
+	    if (c == TELOPT_NAWS) {
+		sendnaws();
+	    } else if (c == TELOPT_LFLOW) {
+		localflow = 1;
+		setcommandmode();
+		setconnmode(0);
+	    }
+	    telrcv_state = TS_DATA;
+	    continue;
+
+	case TS_DONT:
+	    printoption("RCVD", DONT, c);
+	    dontoption(c);
+	    flushline = 1;
+	    setconnmode(0);	/* set new tty mode (maybe) */
+	    SetIn3270();
+	    telrcv_state = TS_DATA;
+	    continue;
+
+	case TS_SB:
+	    if (c == IAC) {
+		telrcv_state = TS_SE;
+	    } else {
+		SB_ACCUM(c);
+	    }
+	    continue;
+
+	case TS_SE:
+	    if (c != SE) {
+		if (c != IAC) {
+		    /*
+		     * This is an error.  We only expect to get
+		     * "IAC IAC" or "IAC SE".  Several things may
+		     * have happend.  An IAC was not doubled, the
+		     * IAC SE was left off, or another option got
+		     * inserted into the suboption are all possibilities.
+		     * If we assume that the IAC was not doubled,
+		     * and really the IAC SE was left off, we could
+		     * get into an infinate loop here.  So, instead,
+		     * we terminate the suboption, and process the
+		     * partial suboption if we can.
+		     */
+		    SB_ACCUM(IAC);
+		    SB_ACCUM(c);
+		    subpointer -= 2;
+		    SB_TERM();
+
+		    printoption("In SUBOPTION processing, RCVD", IAC, c);
+		    suboption();	/* handle sub-option */
+		    SetIn3270();
+		    telrcv_state = TS_IAC;
+		    goto process_iac;
+		}
+		SB_ACCUM(c);
+		telrcv_state = TS_SB;
+	    } else {
+		SB_ACCUM(IAC);
+		SB_ACCUM(SE);
+		subpointer -= 2;
+		SB_TERM();
+		suboption();	/* handle sub-option */
+		SetIn3270();
+		telrcv_state = TS_DATA;
+	    }
+	}
+    }
+    if (count)
+	ring_consumed(&netiring, count);
+    return returnValue||count;
+}
+
+static int bol = 1, local = 0;
+
+    int
+rlogin_susp()
+{
+    if (local) {
+	local = 0;
+	bol = 1;
+	command(0, "z\n", 2);
+	return(1);
+    }
+    return(0);
+}
+
+    static int
+telsnd()
+{
+    int tcc;
+    int count;
+    int returnValue = 0;
+    unsigned char *tbp;
+
+    tcc = 0;
+    count = 0;
+    while (NETROOM() > 2) {
+	register int sc;
+	register int c;
+
+	if (tcc == 0) {
+	    if (count) {
+		ring_consumed(&ttyiring, count);
+		returnValue = 1;
+		count = 0;
+	    }
+	    tbp = ttyiring.consume;
+	    tcc = ring_full_consecutive(&ttyiring);
+	    if (tcc == 0) {
+		break;
+	    }
+	}
+	c = *tbp++ & 0xff, sc = strip(c), tcc--; count++;
+	if (rlogin != _POSIX_VDISABLE) {
+		if (bol) {
+			bol = 0;
+			if (sc == rlogin) {
+				local = 1;
+				continue;
+			}
+		} else if (local) {
+			local = 0;
+			if (sc == '.' || c == termEofChar) {
+				bol = 1;
+				command(0, "close\n", 6);
+				continue;
+			}
+			if (sc == termSuspChar) {
+				bol = 1;
+				command(0, "z\n", 2);
+				continue;
+			}
+			if (sc == escape) {
+				command(0, (char *)tbp, tcc);
+				bol = 1;
+				count += tcc;
+				tcc = 0;
+				flushline = 1;
+				break;
+			}
+			if (sc != rlogin) {
+				++tcc;
+				--tbp;
+				--count;
+				c = sc = rlogin;
+			}
+		}
+		if ((sc == '\n') || (sc == '\r'))
+			bol = 1;
+	} else if (escape != _POSIX_VDISABLE && sc == escape) {
+	    /*
+	     * Double escape is a pass through of a single escape character.
+	     */
+	    if (tcc && strip(*tbp) == escape) {
+		tbp++;
+		tcc--;
+		count++;
+		bol = 0;
+	    } else {
+		command(0, (char *)tbp, tcc);
+		bol = 1;
+		count += tcc;
+		tcc = 0;
+		flushline = 1;
+		break;
+	    }
+	} else
+	    bol = 0;
+#ifdef	KLUDGELINEMODE
+	if (kludgelinemode && (globalmode&MODE_EDIT) && (sc == echoc)) {
+	    if (tcc > 0 && strip(*tbp) == echoc) {
+		tcc--; tbp++; count++;
+	    } else {
+		dontlecho = !dontlecho;
+		settimer(echotoggle);
+		setconnmode(0);
+		flushline = 1;
+		break;
+	    }
+	}
+#endif
+	if (MODE_LOCAL_CHARS(globalmode)) {
+	    if (TerminalSpecialChars(sc) == 0) {
+		bol = 1;
+		break;
+	    }
+	}
+	if (my_want_state_is_wont(TELOPT_BINARY)) {
+	    switch (c) {
+	    case '\n':
+		    /*
+		     * If we are in CRMOD mode (\r ==> \n)
+		     * on our local machine, then probably
+		     * a newline (unix) is CRLF (TELNET).
+		     */
+		if (MODE_LOCAL_CHARS(globalmode)) {
+		    NETADD('\r');
+		}
+		NETADD('\n');
+		bol = flushline = 1;
+		break;
+	    case '\r':
+		if (!crlf) {
+		    NET2ADD('\r', '\0');
+		} else {
+		    NET2ADD('\r', '\n');
+		}
+		bol = flushline = 1;
+		break;
+	    case IAC:
+		NET2ADD(IAC, IAC);
+		break;
+	    default:
+		NETADD(c);
+		break;
+	    }
+	} else if (c == IAC) {
+	    NET2ADD(IAC, IAC);
+	} else {
+	    NETADD(c);
+	}
+    }
+    if (count)
+	ring_consumed(&ttyiring, count);
+    return returnValue||count;		/* Non-zero if we did anything */
+}
+
+/*
+ * Scheduler()
+ *
+ * Try to do something.
+ *
+ * If we do something useful, return 1; else return 0.
+ *
+ */
+
+
+    int
+Scheduler(block)
+    int	block;			/* should we block in the select ? */
+{
+		/* One wants to be a bit careful about setting returnValue
+		 * to one, since a one implies we did some useful work,
+		 * and therefore probably won't be called to block next
+		 * time (TN3270 mode only).
+		 */
+    int returnValue;
+    int netin, netout, netex, ttyin, ttyout;
+
+    /* Decide which rings should be processed */
+
+    netout = ring_full_count(&netoring) &&
+	    (flushline ||
+		(my_want_state_is_wont(TELOPT_LINEMODE)
+#ifdef	KLUDGELINEMODE
+			&& (!kludgelinemode || my_want_state_is_do(TELOPT_SGA))
+#endif
+		) ||
+			my_want_state_is_will(TELOPT_BINARY));
+    ttyout = ring_full_count(&ttyoring);
+
+#if	defined(TN3270)
+    ttyin = ring_empty_count(&ttyiring) && (clienteof == 0) && (shell_active == 0);
+#else	/* defined(TN3270) */
+    ttyin = ring_empty_count(&ttyiring) && (clienteof == 0);
+#endif	/* defined(TN3270) */
+
+#if	defined(TN3270)
+    netin = ring_empty_count(&netiring);
+#   else /* !defined(TN3270) */
+    netin = !ISend && ring_empty_count(&netiring);
+#   endif /* !defined(TN3270) */
+
+    netex = !SYNCHing;
+
+    /* If we have seen a signal recently, reset things */
+#   if defined(TN3270) && defined(unix)
+    if (HaveInput) {
+	HaveInput = 0;
+	(void) signal(SIGIO, inputAvailable);
+    }
+#endif	/* defined(TN3270) && defined(unix) */
+
+    /* Call to system code to process rings */
+
+    returnValue = process_rings(netin, netout, netex, ttyin, ttyout, !block);
+
+    /* Now, look at the input rings, looking for work to do. */
+
+    if (ring_full_count(&ttyiring)) {
+#   if defined(TN3270)
+	if (In3270) {
+	    int c;
+
+	    c = DataFromTerminal(ttyiring.consume,
+					ring_full_consecutive(&ttyiring));
+	    if (c) {
+		returnValue = 1;
+		ring_consumed(&ttyiring, c);
+	    }
+	} else {
+#   endif /* defined(TN3270) */
+	    returnValue |= telsnd();
+#   if defined(TN3270)
+	}
+#   endif /* defined(TN3270) */
+    }
+
+    if (ring_full_count(&netiring)) {
+#	if !defined(TN3270)
+	returnValue |= telrcv();
+#	else /* !defined(TN3270) */
+	returnValue = Push3270();
+#	endif /* !defined(TN3270) */
+    }
+    return returnValue;
+}
+
+/*
+ * Select from tty and network...
+ */
+    void
+telnet(user)
+    char *user;
+{
+    sys_telnet_init();
+
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+    {
+	static char local_host[256] = { 0 };
+
+	if (!local_host[0]) {
+		gethostname(local_host, sizeof(local_host));
+		local_host[sizeof(local_host)-1] = 0;
+	}
+	auth_encrypt_init(local_host, hostname, "TELNET", 0);
+	auth_encrypt_user(user);
+    }
+#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION)  */
+#   if !defined(TN3270)
+    if (telnetport) {
+#if	defined(AUTHENTICATION)
+	if (autologin)
+		send_will(TELOPT_AUTHENTICATION, 1);
+#endif
+#ifdef	ENCRYPTION
+	send_do(TELOPT_ENCRYPT, 1);
+	send_will(TELOPT_ENCRYPT, 1);
+#endif	/* ENCRYPTION */
+	send_do(TELOPT_SGA, 1);
+	send_will(TELOPT_TTYPE, 1);
+	send_will(TELOPT_NAWS, 1);
+	send_will(TELOPT_TSPEED, 1);
+	send_will(TELOPT_LFLOW, 1);
+	send_will(TELOPT_LINEMODE, 1);
+	send_will(TELOPT_NEW_ENVIRON, 1);
+	send_do(TELOPT_STATUS, 1);
+	if (env_getvalue((unsigned char *)"DISPLAY"))
+	    send_will(TELOPT_XDISPLOC, 1);
+	if (eight)
+	    tel_enter_binary(eight);
+    }
+#   endif /* !defined(TN3270) */
+
+#   if !defined(TN3270)
+    for (;;) {
+	int schedValue;
+
+	while ((schedValue = Scheduler(0)) != 0) {
+	    if (schedValue == -1) {
+		setcommandmode();
+		return;
+	    }
+	}
+
+	if (Scheduler(1) == -1) {
+	    setcommandmode();
+	    return;
+	}
+    }
+#   else /* !defined(TN3270) */
+    for (;;) {
+	int schedValue;
+
+	while (!In3270 && !shell_active) {
+	    if (Scheduler(1) == -1) {
+		setcommandmode();
+		return;
+	    }
+	}
+
+	while ((schedValue = Scheduler(0)) != 0) {
+	    if (schedValue == -1) {
+		setcommandmode();
+		return;
+	    }
+	}
+		/* If there is data waiting to go out to terminal, don't
+		 * schedule any more data for the terminal.
+		 */
+	if (ring_full_count(&ttyoring)) {
+	    schedValue = 1;
+	} else {
+	    if (shell_active) {
+		if (shell_continue() == 0) {
+		    ConnectScreen();
+		}
+	    } else if (In3270) {
+		schedValue = DoTerminalOutput();
+	    }
+	}
+	if (schedValue && (shell_active == 0)) {
+	    if (Scheduler(1) == -1) {
+		setcommandmode();
+		return;
+	    }
+	}
+    }
+#   endif /* !defined(TN3270) */
+}
+
+#if	0	/* XXX - this not being in is a bug */
+/*
+ * nextitem()
+ *
+ *	Return the address of the next "item" in the TELNET data
+ * stream.  This will be the address of the next character if
+ * the current address is a user data character, or it will
+ * be the address of the character following the TELNET command
+ * if the current address is a TELNET IAC ("I Am a Command")
+ * character.
+ */
+
+    static char *
+nextitem(current)
+    char *current;
+{
+    if ((*current&0xff) != IAC) {
+	return current+1;
+    }
+    switch (*(current+1)&0xff) {
+    case DO:
+    case DONT:
+    case WILL:
+    case WONT:
+	return current+3;
+    case SB:		/* loop forever looking for the SE */
+	{
+	    register char *look = current+2;
+
+	    for (;;) {
+		if ((*look++&0xff) == IAC) {
+		    if ((*look++&0xff) == SE) {
+			return look;
+		    }
+		}
+	    }
+	}
+    default:
+	return current+2;
+    }
+}
+#endif	/* 0 */
+
+/*
+ * netclear()
+ *
+ *	We are about to do a TELNET SYNCH operation.  Clear
+ * the path to the network.
+ *
+ *	Things are a bit tricky since we may have sent the first
+ * byte or so of a previous TELNET command into the network.
+ * So, we have to scan the network buffer from the beginning
+ * until we are up to where we want to be.
+ *
+ *	A side effect of what we do, just to keep things
+ * simple, is to clear the urgent data pointer.  The principal
+ * caller should be setting the urgent data pointer AFTER calling
+ * us in any case.
+ */
+
+    static void
+netclear()
+{
+#if	0	/* XXX */
+    register char *thisitem, *next;
+    char *good;
+#define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
+				((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
+
+    thisitem = netobuf;
+
+    while ((next = nextitem(thisitem)) <= netobuf.send) {
+	thisitem = next;
+    }
+
+    /* Now, thisitem is first before/at boundary. */
+
+    good = netobuf;	/* where the good bytes go */
+
+    while (netoring.add > thisitem) {
+	if (wewant(thisitem)) {
+	    int length;
+
+	    next = thisitem;
+	    do {
+		next = nextitem(next);
+	    } while (wewant(next) && (nfrontp > next));
+	    length = next-thisitem;
+	    memmove(good, thisitem, length);
+	    good += length;
+	    thisitem = next;
+	} else {
+	    thisitem = nextitem(thisitem);
+	}
+    }
+
+#endif	/* 0 */
+}
+
+/*
+ * These routines add various telnet commands to the data stream.
+ */
+
+    static void
+doflush()
+{
+    NET2ADD(IAC, DO);
+    NETADD(TELOPT_TM);
+    flushline = 1;
+    flushout = 1;
+    (void) ttyflush(1);			/* Flush/drop output */
+    /* do printoption AFTER flush, otherwise the output gets tossed... */
+    printoption("SENT", DO, TELOPT_TM);
+}
+
+    void
+xmitAO()
+{
+    NET2ADD(IAC, AO);
+    printoption("SENT", IAC, AO);
+    if (autoflush) {
+	doflush();
+    }
+}
+
+
+    void
+xmitEL()
+{
+    NET2ADD(IAC, EL);
+    printoption("SENT", IAC, EL);
+}
+
+    void
+xmitEC()
+{
+    NET2ADD(IAC, EC);
+    printoption("SENT", IAC, EC);
+}
+
+
+    int
+dosynch()
+{
+    netclear();			/* clear the path to the network */
+    NETADD(IAC);
+    setneturg();
+    NETADD(DM);
+    printoption("SENT", IAC, DM);
+    return 1;
+}
+
+int want_status_response = 0;
+
+    int
+get_status()
+{
+    unsigned char tmp[16];
+    register unsigned char *cp;
+
+    if (my_want_state_is_dont(TELOPT_STATUS)) {
+	printf("Remote side does not support STATUS option\n");
+	return 0;
+    }
+    cp = tmp;
+
+    *cp++ = IAC;
+    *cp++ = SB;
+    *cp++ = TELOPT_STATUS;
+    *cp++ = TELQUAL_SEND;
+    *cp++ = IAC;
+    *cp++ = SE;
+    if (NETROOM() >= cp - tmp) {
+	ring_supply_data(&netoring, tmp, cp-tmp);
+	printsub('>', tmp+2, cp - tmp - 2);
+    }
+    ++want_status_response;
+    return 1;
+}
+
+    void
+intp()
+{
+    NET2ADD(IAC, IP);
+    printoption("SENT", IAC, IP);
+    flushline = 1;
+    if (autoflush) {
+	doflush();
+    }
+    if (autosynch) {
+	dosynch();
+    }
+}
+
+    void
+sendbrk()
+{
+    NET2ADD(IAC, BREAK);
+    printoption("SENT", IAC, BREAK);
+    flushline = 1;
+    if (autoflush) {
+	doflush();
+    }
+    if (autosynch) {
+	dosynch();
+    }
+}
+
+    void
+sendabort()
+{
+    NET2ADD(IAC, ABORT);
+    printoption("SENT", IAC, ABORT);
+    flushline = 1;
+    if (autoflush) {
+	doflush();
+    }
+    if (autosynch) {
+	dosynch();
+    }
+}
+
+    void
+sendsusp()
+{
+    NET2ADD(IAC, SUSP);
+    printoption("SENT", IAC, SUSP);
+    flushline = 1;
+    if (autoflush) {
+	doflush();
+    }
+    if (autosynch) {
+	dosynch();
+    }
+}
+
+    void
+sendeof()
+{
+    NET2ADD(IAC, xEOF);
+    printoption("SENT", IAC, xEOF);
+}
+
+    void
+sendayt()
+{
+    NET2ADD(IAC, AYT);
+    printoption("SENT", IAC, AYT);
+}
+
+/*
+ * Send a window size update to the remote system.
+ */
+
+    void
+sendnaws()
+{
+    long rows, cols;
+    unsigned char tmp[16];
+    register unsigned char *cp;
+
+    if (my_state_is_wont(TELOPT_NAWS))
+	return;
+
+#define	PUTSHORT(cp, x) { if ((*cp++ = ((x)>>8)&0xff) == IAC) *cp++ = IAC; \
+			    if ((*cp++ = ((x))&0xff) == IAC) *cp++ = IAC; }
+
+    if (TerminalWindowSize(&rows, &cols) == 0) {	/* Failed */
+	return;
+    }
+
+    cp = tmp;
+
+    *cp++ = IAC;
+    *cp++ = SB;
+    *cp++ = TELOPT_NAWS;
+    PUTSHORT(cp, cols);
+    PUTSHORT(cp, rows);
+    *cp++ = IAC;
+    *cp++ = SE;
+    if (NETROOM() >= cp - tmp) {
+	ring_supply_data(&netoring, tmp, cp-tmp);
+	printsub('>', tmp+2, cp - tmp - 2);
+    }
+}
+
+    void
+tel_enter_binary(rw)
+    int rw;
+{
+    if (rw&1)
+	send_do(TELOPT_BINARY, 1);
+    if (rw&2)
+	send_will(TELOPT_BINARY, 1);
+}
+
+    void
+tel_leave_binary(rw)
+    int rw;
+{
+    if (rw&1)
+	send_dont(TELOPT_BINARY, 1);
+    if (rw&2)
+	send_wont(TELOPT_BINARY, 1);
+}
diff --git a/crypto/telnet/telnet/terminal.c b/crypto/telnet/telnet/terminal.c
new file mode 100644
index 0000000..a2383d9
--- /dev/null
+++ b/crypto/telnet/telnet/terminal.c
@@ -0,0 +1,244 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char sccsid[] = "@(#)terminal.c	8.2 (Berkeley) 2/16/95";
+#endif /* not lint */
+
+#include <arpa/telnet.h>
+#include <sys/types.h>
+
+#include "ring.h"
+
+#include "externs.h"
+#include "types.h"
+
+#if	defined(ENCRYPTION)
+#include <libtelnet/encrypt.h>
+#endif
+
+Ring		ttyoring, ttyiring;
+unsigned char	ttyobuf[2*BUFSIZ], ttyibuf[BUFSIZ];
+
+int termdata;			/* Debugging flag */
+
+#ifdef	USE_TERMIO
+# ifndef VDISCARD
+cc_t termFlushChar;
+# endif
+# ifndef VLNEXT
+cc_t termLiteralNextChar;
+# endif
+# ifndef VSUSP
+cc_t termSuspChar;
+# endif
+# ifndef VWERASE
+cc_t termWerasChar;
+# endif
+# ifndef VREPRINT
+cc_t termRprntChar;
+# endif
+# ifndef VSTART
+cc_t termStartChar;
+# endif
+# ifndef VSTOP
+cc_t termStopChar;
+# endif
+# ifndef VEOL
+cc_t termForw1Char;
+# endif
+# ifndef VEOL2
+cc_t termForw2Char;
+# endif
+# ifndef VSTATUS
+cc_t termAytChar;
+# endif
+#else
+cc_t termForw2Char;
+cc_t termAytChar;
+#endif
+
+/*
+ * initialize the terminal data structures.
+ */
+
+    void
+init_terminal()
+{
+    if (ring_init(&ttyoring, ttyobuf, sizeof ttyobuf) != 1) {
+	exit(1);
+    }
+    if (ring_init(&ttyiring, ttyibuf, sizeof ttyibuf) != 1) {
+	exit(1);
+    }
+    autoflush = TerminalAutoFlush();
+}
+
+
+/*
+ *		Send as much data as possible to the terminal.
+ *
+ *		Return value:
+ *			-1: No useful work done, data waiting to go out.
+ *			 0: No data was waiting, so nothing was done.
+ *			 1: All waiting data was written out.
+ *			 n: All data - n was written out.
+ */
+
+
+    int
+ttyflush(drop)
+    int drop;
+{
+    register int n, n0, n1;
+
+    n0 = ring_full_count(&ttyoring);
+    if ((n1 = n = ring_full_consecutive(&ttyoring)) > 0) {
+	if (drop) {
+	    TerminalFlushOutput();
+	    /* we leave 'n' alone! */
+	} else {
+	    n = TerminalWrite(ttyoring.consume, n);
+	}
+    }
+    if (n > 0) {
+	if (termdata && n) {
+	    Dump('>', ttyoring.consume, n);
+	}
+	/*
+	 * If we wrote everything, and the full count is
+	 * larger than what we wrote, then write the
+	 * rest of the buffer.
+	 */
+	if (n1 == n && n0 > n) {
+		n1 = n0 - n;
+		if (!drop)
+			n1 = TerminalWrite(ttyoring.bottom, n1);
+		if (n1 > 0)
+			n += n1;
+	}
+	ring_consumed(&ttyoring, n);
+    }
+    if (n < 0)
+	return -1;
+    if (n == n0) {
+	if (n0)
+	    return -1;
+	return 0;
+    }
+    return n0 - n + 1;
+}
+
+
+/*
+ * These routines decides on what the mode should be (based on the values
+ * of various global variables).
+ */
+
+
+    int
+getconnmode()
+{
+    extern int linemode;
+    int mode = 0;
+#ifdef	KLUDGELINEMODE
+    extern int kludgelinemode;
+#endif
+
+    if (In3270)
+	return(MODE_FLOW);
+
+    if (my_want_state_is_dont(TELOPT_ECHO))
+	mode |= MODE_ECHO;
+
+    if (localflow)
+	mode |= MODE_FLOW;
+
+    if (my_want_state_is_will(TELOPT_BINARY))
+	mode |= MODE_INBIN;
+
+    if (his_want_state_is_will(TELOPT_BINARY))
+	mode |= MODE_OUTBIN;
+
+#ifdef	KLUDGELINEMODE
+    if (kludgelinemode) {
+	if (my_want_state_is_dont(TELOPT_SGA)) {
+	    mode |= (MODE_TRAPSIG|MODE_EDIT);
+	    if (dontlecho && (clocks.echotoggle > clocks.modenegotiated)) {
+		mode &= ~MODE_ECHO;
+	    }
+	}
+	return(mode);
+    }
+#endif
+    if (my_want_state_is_will(TELOPT_LINEMODE))
+	mode |= linemode;
+    return(mode);
+}
+
+    void
+setconnmode(force)
+    int force;
+{
+#ifdef	ENCRYPTION
+    static int enc_passwd = 0;
+#endif	/* ENCRYPTION */
+    register int newmode;
+
+    newmode = getconnmode()|(force?MODE_FORCE:0);
+
+    TerminalNewMode(newmode);
+
+#ifdef  ENCRYPTION
+    if ((newmode & (MODE_ECHO|MODE_EDIT)) == MODE_EDIT) {
+	if (my_want_state_is_will(TELOPT_ENCRYPT)
+				&& (enc_passwd == 0) && !encrypt_output) {
+	    encrypt_request_start(0, 0);
+	    enc_passwd = 1;
+	}
+    } else {
+	if (enc_passwd) {
+	    encrypt_request_end();
+	    enc_passwd = 0;
+	}
+    }
+#endif	/* ENCRYPTION */
+
+}
+
+
+    void
+setcommandmode()
+{
+    TerminalNewMode(-1);
+}
diff --git a/crypto/telnet/telnet/tn3270.c b/crypto/telnet/telnet/tn3270.c
new file mode 100644
index 0000000..5a453d9
--- /dev/null
+++ b/crypto/telnet/telnet/tn3270.c
@@ -0,0 +1,411 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char sccsid[] = "@(#)tn3270.c	8.2 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+#include <sys/types.h>
+#include <arpa/telnet.h>
+
+#include "general.h"
+
+#include "defines.h"
+#include "ring.h"
+#include "externs.h"
+#include "fdset.h"
+
+#if	defined(TN3270)
+
+#include "../ctlr/screen.h"
+#include "../general/globals.h"
+
+#include "../sys_curses/telextrn.h"
+#include "../ctlr/externs.h"
+
+#if	defined(unix)
+int
+	HaveInput,		/* There is input available to scan */
+	cursesdata,		/* Do we dump curses data? */
+	sigiocount;		/* Number of times we got a SIGIO */
+
+char	tline[200];
+char	*transcom = 0;	/* transparent mode command (default: none) */
+#endif	/* defined(unix) */
+
+char	Ibuf[8*BUFSIZ], *Ifrontp, *Ibackp;
+
+static char	sb_terminal[] = { IAC, SB,
+			TELOPT_TTYPE, TELQUAL_IS,
+			'I', 'B', 'M', '-', '3', '2', '7', '8', '-', '2',
+			IAC, SE };
+#define	SBTERMMODEL	13
+
+static int
+	Sent3270TerminalType;	/* Have we said we are a 3270? */
+
+#endif	/* defined(TN3270) */
+
+
+    void
+init_3270()
+{
+#if	defined(TN3270)
+#if	defined(unix)
+    HaveInput = 0;
+    sigiocount = 0;
+#endif	/* defined(unix) */
+    Sent3270TerminalType = 0;
+    Ifrontp = Ibackp = Ibuf;
+    init_ctlr();		/* Initialize some things */
+    init_keyboard();
+    init_screen();
+    init_system();
+#endif	/* defined(TN3270) */
+}
+
+
+#if	defined(TN3270)
+
+/*
+ * DataToNetwork - queue up some data to go to network.  If "done" is set,
+ * then when last byte is queued, we add on an IAC EOR sequence (so,
+ * don't call us with "done" until you want that done...)
+ *
+ * We actually do send all the data to the network buffer, since our
+ * only client needs for us to do that.
+ */
+
+    int
+DataToNetwork(buffer, count, done)
+    register char *buffer;	/* where the data is */
+    register int  count;	/* how much to send */
+    int		  done;		/* is this the last of a logical block */
+{
+    register int loop, c;
+    int origCount;
+
+    origCount = count;
+
+    while (count) {
+	/* If not enough room for EORs, IACs, etc., wait */
+	if (NETROOM() < 6) {
+	    fd_set o;
+
+	    FD_ZERO(&o);
+	    netflush();
+	    while (NETROOM() < 6) {
+		FD_SET(net, &o);
+		(void) select(net+1, (fd_set *) 0, &o, (fd_set *) 0,
+						(struct timeval *) 0);
+		netflush();
+	    }
+	}
+	c = ring_empty_count(&netoring);
+	if (c > count) {
+	    c = count;
+	}
+	loop = c;
+	while (loop) {
+	    if (((unsigned char)*buffer) == IAC) {
+		break;
+	    }
+	    buffer++;
+	    loop--;
+	}
+	if ((c = c-loop)) {
+	    ring_supply_data(&netoring, buffer-c, c);
+	    count -= c;
+	}
+	if (loop) {
+	    NET2ADD(IAC, IAC);
+	    count--;
+	    buffer++;
+	}
+    }
+
+    if (done) {
+	NET2ADD(IAC, EOR);
+	netflush();		/* try to move along as quickly as ... */
+    }
+    return(origCount - count);
+}
+
+
+#if	defined(unix)
+    void
+inputAvailable(signo)
+	int signo;
+{
+    HaveInput = 1;
+    sigiocount++;
+}
+#endif	/* defined(unix) */
+
+    void
+outputPurge()
+{
+    (void) ttyflush(1);
+}
+
+
+/*
+ * The following routines are places where the various tn3270
+ * routines make calls into telnet.c.
+ */
+
+/*
+ * DataToTerminal - queue up some data to go to terminal.
+ *
+ * Note: there are people who call us and depend on our processing
+ * *all* the data at one time (thus the select).
+ */
+
+    int
+DataToTerminal(buffer, count)
+    register char	*buffer;		/* where the data is */
+    register int	count;			/* how much to send */
+{
+    register int c;
+    int origCount;
+
+    origCount = count;
+
+    while (count) {
+	if (TTYROOM() == 0) {
+#if	defined(unix)
+	    fd_set o;
+
+	    FD_ZERO(&o);
+#endif	/* defined(unix) */
+	    (void) ttyflush(0);
+	    while (TTYROOM() == 0) {
+#if	defined(unix)
+		FD_SET(tout, &o);
+		(void) select(tout+1, (fd_set *) 0, &o, (fd_set *) 0,
+						(struct timeval *) 0);
+#endif	/* defined(unix) */
+		(void) ttyflush(0);
+	    }
+	}
+	c = TTYROOM();
+	if (c > count) {
+	    c = count;
+	}
+	ring_supply_data(&ttyoring, buffer, c);
+	count -= c;
+	buffer += c;
+    }
+    return(origCount);
+}
+
+
+/*
+ * Push3270 - Try to send data along the 3270 output (to screen) direction.
+ */
+
+    int
+Push3270()
+{
+    int save = ring_full_count(&netiring);
+
+    if (save) {
+	if (Ifrontp+save > Ibuf+sizeof Ibuf) {
+	    if (Ibackp != Ibuf) {
+		memmove(Ibuf, Ibackp, Ifrontp-Ibackp);
+		Ifrontp -= (Ibackp-Ibuf);
+		Ibackp = Ibuf;
+	    }
+	}
+	if (Ifrontp+save < Ibuf+sizeof Ibuf) {
+	    (void)telrcv();
+	}
+    }
+    return save != ring_full_count(&netiring);
+}
+
+
+/*
+ * Finish3270 - get the last dregs of 3270 data out to the terminal
+ *		before quitting.
+ */
+
+    void
+Finish3270()
+{
+    while (Push3270() || !DoTerminalOutput()) {
+#if	defined(unix)
+	HaveInput = 0;
+#endif	/* defined(unix) */
+	;
+    }
+}
+
+
+/* StringToTerminal - output a null terminated string to the terminal */
+
+    void
+StringToTerminal(s)
+    char *s;
+{
+    int count;
+
+    count = strlen(s);
+    if (count) {
+	(void) DataToTerminal(s, count);	/* we know it always goes... */
+    }
+}
+
+
+#if	((!defined(NOT43)) || defined(PUTCHAR))
+/* _putchar - output a single character to the terminal.  This name is so that
+ *	curses(3x) can call us to send out data.
+ */
+
+    void
+_putchar(c)
+    char c;
+{
+#if	defined(sun)		/* SunOS 4.0 bug */
+    c &= 0x7f;
+#endif	/* defined(sun) */
+    if (cursesdata) {
+	Dump('>', &c, 1);
+    }
+    if (!TTYROOM()) {
+	(void) DataToTerminal(&c, 1);
+    } else {
+	TTYADD(c);
+    }
+}
+#endif	/* ((!defined(NOT43)) || defined(PUTCHAR)) */
+
+    void
+SetIn3270()
+{
+    if (Sent3270TerminalType && my_want_state_is_will(TELOPT_BINARY)
+		&& my_want_state_is_do(TELOPT_BINARY) && !donebinarytoggle) {
+	if (!In3270) {
+	    In3270 = 1;
+	    Init3270();		/* Initialize 3270 functions */
+	    /* initialize terminal key mapping */
+	    InitTerminal();	/* Start terminal going */
+	    setconnmode(0);
+	}
+    } else {
+	if (In3270) {
+	    StopScreen(1);
+	    In3270 = 0;
+	    Stop3270();		/* Tell 3270 we aren't here anymore */
+	    setconnmode(0);
+	}
+    }
+}
+
+/*
+ * tn3270_ttype()
+ *
+ *	Send a response to a terminal type negotiation.
+ *
+ *	Return '0' if no more responses to send; '1' if a response sent.
+ */
+
+    int
+tn3270_ttype()
+{
+    /*
+     * Try to send a 3270 type terminal name.  Decide which one based
+     * on the format of our screen, and (in the future) color
+     * capaiblities.
+     */
+    InitTerminal();		/* Sets MaxNumberColumns, MaxNumberLines */
+    if ((MaxNumberLines >= 24) && (MaxNumberColumns >= 80)) {
+	Sent3270TerminalType = 1;
+	if ((MaxNumberLines >= 27) && (MaxNumberColumns >= 132)) {
+	    MaxNumberLines = 27;
+	    MaxNumberColumns = 132;
+	    sb_terminal[SBTERMMODEL] = '5';
+	} else if (MaxNumberLines >= 43) {
+	    MaxNumberLines = 43;
+	    MaxNumberColumns = 80;
+	    sb_terminal[SBTERMMODEL] = '4';
+	} else if (MaxNumberLines >= 32) {
+	    MaxNumberLines = 32;
+	    MaxNumberColumns = 80;
+	    sb_terminal[SBTERMMODEL] = '3';
+	} else {
+	    MaxNumberLines = 24;
+	    MaxNumberColumns = 80;
+	    sb_terminal[SBTERMMODEL] = '2';
+	}
+	NumberLines = 24;		/* before we start out... */
+	NumberColumns = 80;
+	ScreenSize = NumberLines*NumberColumns;
+	if ((MaxNumberLines*MaxNumberColumns) > MAXSCREENSIZE) {
+	    ExitString("Programming error:  MAXSCREENSIZE too small.\n",
+								1);
+	    /*NOTREACHED*/
+	}
+	printsub('>', sb_terminal+2, sizeof sb_terminal-2);
+	ring_supply_data(&netoring, sb_terminal, sizeof sb_terminal);
+	return 1;
+    } else {
+	return 0;
+    }
+}
+
+#if	defined(unix)
+	int
+settranscom(argc, argv)
+	int argc;
+	char *argv[];
+{
+	int i;
+
+	if (argc == 1 && transcom) {
+	   transcom = 0;
+	}
+	if (argc == 1) {
+	   return 1;
+	}
+	transcom = tline;
+	(void) strcpy(transcom, argv[1]);
+	for (i = 2; i < argc; ++i) {
+	    (void) strcat(transcom, " ");
+	    (void) strcat(transcom, argv[i]);
+	}
+	return 1;
+}
+#endif	/* defined(unix) */
+
+#endif	/* defined(TN3270) */
diff --git a/crypto/telnet/telnet/types.h b/crypto/telnet/telnet/types.h
new file mode 100644
index 0000000..191d311
--- /dev/null
+++ b/crypto/telnet/telnet/types.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)types.h	8.1 (Berkeley) 6/6/93
+ */
+
+typedef struct {
+    char *modedescriptions;
+    char modetype;
+} Modelist;
+
+extern Modelist modelist[];
+
+typedef struct {
+    int
+	system,			/* what the current time is */
+	echotoggle,		/* last time user entered echo character */
+	modenegotiated,		/* last time operating mode negotiated */
+	didnetreceive,		/* last time we read data from network */
+	gotDM;			/* when did we last see a data mark */
+} Clocks;
+
+extern Clocks clocks;
diff --git a/crypto/telnet/telnet/utilities.c b/crypto/telnet/telnet/utilities.c
new file mode 100644
index 0000000..0ee882e
--- /dev/null
+++ b/crypto/telnet/telnet/utilities.c
@@ -0,0 +1,946 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char sccsid[] = "@(#)utilities.c	8.3 (Berkeley) 5/30/95";
+#endif /* not lint */
+
+#define	TELOPTS
+#define	TELCMDS
+#define	SLC_NAMES
+#include <arpa/telnet.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <unistd.h>
+
+#include <ctype.h>
+
+#include "general.h"
+
+#include "fdset.h"
+
+#include "ring.h"
+
+#include "defines.h"
+
+#include "externs.h"
+
+#if	defined(AUTHENTICATION)
+#include <libtelnet/auth.h>
+#endif
+#if	defined(ENCRYPTION)
+#include <libtelnet/encrypt.h>
+#endif
+
+FILE	*NetTrace = 0;		/* Not in bss, since needs to stay */
+int	prettydump;
+
+/*
+ * upcase()
+ *
+ *	Upcase (in place) the argument.
+ */
+
+    void
+upcase(argument)
+    register char *argument;
+{
+    register int c;
+
+    while ((c = *argument) != 0) {
+	if (islower(c)) {
+	    *argument = toupper(c);
+	}
+	argument++;
+    }
+}
+
+/*
+ * SetSockOpt()
+ *
+ * Compensate for differences in 4.2 and 4.3 systems.
+ */
+
+    int
+SetSockOpt(fd, level, option, yesno)
+    int fd, level, option, yesno;
+{
+#ifndef	NOT43
+    return setsockopt(fd, level, option,
+				(char *)&yesno, sizeof yesno);
+#else	/* NOT43 */
+    if (yesno == 0) {		/* Can't do that in 4.2! */
+	fprintf(stderr, "Error: attempt to turn off an option 0x%x.\n",
+				option);
+	return -1;
+    }
+    return setsockopt(fd, level, option, 0, 0);
+#endif	/* NOT43 */
+}
+
+/*
+ * The following are routines used to print out debugging information.
+ */
+
+unsigned char NetTraceFile[256] = "(standard output)";
+
+    void
+SetNetTrace(file)
+    register char *file;
+{
+    if (NetTrace && NetTrace != stdout)
+	fclose(NetTrace);
+    if (file  && (strcmp(file, "-") != 0)) {
+	NetTrace = fopen(file, "w");
+	if (NetTrace) {
+	    strcpy((char *)NetTraceFile, file);
+	    return;
+	}
+	fprintf(stderr, "Cannot open %s.\n", file);
+    }
+    NetTrace = stdout;
+    strcpy((char *)NetTraceFile, "(standard output)");
+}
+
+    void
+Dump(direction, buffer, length)
+    char direction;
+    unsigned char *buffer;
+    int length;
+{
+#   define BYTES_PER_LINE	32
+#   define min(x,y)	((x<y)? x:y)
+    unsigned char *pThis;
+    int offset;
+
+    offset = 0;
+
+    while (length) {
+	/* print one line */
+	fprintf(NetTrace, "%c 0x%x\t", direction, offset);
+	pThis = buffer;
+	if (prettydump) {
+	    buffer = buffer + min(length, BYTES_PER_LINE/2);
+	    while (pThis < buffer) {
+		fprintf(NetTrace, "%c%.2x",
+		    (((*pThis)&0xff) == 0xff) ? '*' : ' ',
+		    (*pThis)&0xff);
+		pThis++;
+	    }
+	    length -= BYTES_PER_LINE/2;
+	    offset += BYTES_PER_LINE/2;
+	} else {
+	    buffer = buffer + min(length, BYTES_PER_LINE);
+	    while (pThis < buffer) {
+		fprintf(NetTrace, "%.2x", (*pThis)&0xff);
+		pThis++;
+	    }
+	    length -= BYTES_PER_LINE;
+	    offset += BYTES_PER_LINE;
+	}
+	if (NetTrace == stdout) {
+	    fprintf(NetTrace, "\r\n");
+	} else {
+	    fprintf(NetTrace, "\n");
+	}
+	if (length < 0) {
+	    fflush(NetTrace);
+	    return;
+	}
+	/* find next unique line */
+    }
+    fflush(NetTrace);
+}
+
+
+	void
+printoption(direction, cmd, option)
+	char *direction;
+	int cmd, option;
+{
+	if (!showoptions)
+		return;
+	if (cmd == IAC) {
+		if (TELCMD_OK(option))
+		    fprintf(NetTrace, "%s IAC %s", direction, TELCMD(option));
+		else
+		    fprintf(NetTrace, "%s IAC %d", direction, option);
+	} else {
+		register char *fmt;
+		fmt = (cmd == WILL) ? "WILL" : (cmd == WONT) ? "WONT" :
+			(cmd == DO) ? "DO" : (cmd == DONT) ? "DONT" : 0;
+		if (fmt) {
+		    fprintf(NetTrace, "%s %s ", direction, fmt);
+		    if (TELOPT_OK(option))
+			fprintf(NetTrace, "%s", TELOPT(option));
+		    else if (option == TELOPT_EXOPL)
+			fprintf(NetTrace, "EXOPL");
+		    else
+			fprintf(NetTrace, "%d", option);
+		} else
+		    fprintf(NetTrace, "%s %d %d", direction, cmd, option);
+	}
+	if (NetTrace == stdout) {
+	    fprintf(NetTrace, "\r\n");
+	    fflush(NetTrace);
+	} else {
+	    fprintf(NetTrace, "\n");
+	}
+	return;
+}
+
+    void
+optionstatus()
+{
+    register int i;
+    extern char will_wont_resp[], do_dont_resp[];
+
+    for (i = 0; i < 256; i++) {
+	if (do_dont_resp[i]) {
+	    if (TELOPT_OK(i))
+		printf("resp DO_DONT %s: %d\n", TELOPT(i), do_dont_resp[i]);
+	    else if (TELCMD_OK(i))
+		printf("resp DO_DONT %s: %d\n", TELCMD(i), do_dont_resp[i]);
+	    else
+		printf("resp DO_DONT %d: %d\n", i,
+				do_dont_resp[i]);
+	    if (my_want_state_is_do(i)) {
+		if (TELOPT_OK(i))
+		    printf("want DO   %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("want DO   %s\n", TELCMD(i));
+		else
+		    printf("want DO   %d\n", i);
+	    } else {
+		if (TELOPT_OK(i))
+		    printf("want DONT %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("want DONT %s\n", TELCMD(i));
+		else
+		    printf("want DONT %d\n", i);
+	    }
+	} else {
+	    if (my_state_is_do(i)) {
+		if (TELOPT_OK(i))
+		    printf("     DO   %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("     DO   %s\n", TELCMD(i));
+		else
+		    printf("     DO   %d\n", i);
+	    }
+	}
+	if (will_wont_resp[i]) {
+	    if (TELOPT_OK(i))
+		printf("resp WILL_WONT %s: %d\n", TELOPT(i), will_wont_resp[i]);
+	    else if (TELCMD_OK(i))
+		printf("resp WILL_WONT %s: %d\n", TELCMD(i), will_wont_resp[i]);
+	    else
+		printf("resp WILL_WONT %d: %d\n",
+				i, will_wont_resp[i]);
+	    if (my_want_state_is_will(i)) {
+		if (TELOPT_OK(i))
+		    printf("want WILL %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("want WILL %s\n", TELCMD(i));
+		else
+		    printf("want WILL %d\n", i);
+	    } else {
+		if (TELOPT_OK(i))
+		    printf("want WONT %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("want WONT %s\n", TELCMD(i));
+		else
+		    printf("want WONT %d\n", i);
+	    }
+	} else {
+	    if (my_state_is_will(i)) {
+		if (TELOPT_OK(i))
+		    printf("     WILL %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("     WILL %s\n", TELCMD(i));
+		else
+		    printf("     WILL %d\n", i);
+	    }
+	}
+    }
+
+}
+
+    void
+printsub(direction, pointer, length)
+    char direction;	/* '<' or '>' */
+    unsigned char *pointer;	/* where suboption data sits */
+    int		  length;	/* length of suboption data */
+{
+    register int i;
+    char buf[512];
+    extern int want_status_response;
+
+    if (showoptions || direction == 0 ||
+	(want_status_response && (pointer[0] == TELOPT_STATUS))) {
+	if (direction) {
+	    fprintf(NetTrace, "%s IAC SB ",
+				(direction == '<')? "RCVD":"SENT");
+	    if (length >= 3) {
+		register int j;
+
+		i = pointer[length-2];
+		j = pointer[length-1];
+
+		if (i != IAC || j != SE) {
+		    fprintf(NetTrace, "(terminated by ");
+		    if (TELOPT_OK(i))
+			fprintf(NetTrace, "%s ", TELOPT(i));
+		    else if (TELCMD_OK(i))
+			fprintf(NetTrace, "%s ", TELCMD(i));
+		    else
+			fprintf(NetTrace, "%d ", i);
+		    if (TELOPT_OK(j))
+			fprintf(NetTrace, "%s", TELOPT(j));
+		    else if (TELCMD_OK(j))
+			fprintf(NetTrace, "%s", TELCMD(j));
+		    else
+			fprintf(NetTrace, "%d", j);
+		    fprintf(NetTrace, ", not IAC SE!) ");
+		}
+	    }
+	    length -= 2;
+	}
+	if (length < 1) {
+	    fprintf(NetTrace, "(Empty suboption??\?)");
+	    if (NetTrace == stdout)
+		fflush(NetTrace);
+	    return;
+	}
+	switch (pointer[0]) {
+	case TELOPT_TTYPE:
+	    fprintf(NetTrace, "TERMINAL-TYPE ");
+	    switch (pointer[1]) {
+	    case TELQUAL_IS:
+		fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
+		break;
+	    case TELQUAL_SEND:
+		fprintf(NetTrace, "SEND");
+		break;
+	    default:
+		fprintf(NetTrace,
+				"- unknown qualifier %d (0x%x).",
+				pointer[1], pointer[1]);
+	    }
+	    break;
+	case TELOPT_TSPEED:
+	    fprintf(NetTrace, "TERMINAL-SPEED");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption??\?)");
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case TELQUAL_IS:
+		fprintf(NetTrace, " IS ");
+		fprintf(NetTrace, "%.*s", length-2, (char *)pointer+2);
+		break;
+	    default:
+		if (pointer[1] == 1)
+		    fprintf(NetTrace, " SEND");
+		else
+		    fprintf(NetTrace, " %d (unknown)", pointer[1]);
+		for (i = 2; i < length; i++)
+		    fprintf(NetTrace, " ?%d?", pointer[i]);
+		break;
+	    }
+	    break;
+
+	case TELOPT_LFLOW:
+	    fprintf(NetTrace, "TOGGLE-FLOW-CONTROL");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption??\?)");
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case LFLOW_OFF:
+		fprintf(NetTrace, " OFF"); break;
+	    case LFLOW_ON:
+		fprintf(NetTrace, " ON"); break;
+	    case LFLOW_RESTART_ANY:
+		fprintf(NetTrace, " RESTART-ANY"); break;
+	    case LFLOW_RESTART_XON:
+		fprintf(NetTrace, " RESTART-XON"); break;
+	    default:
+		fprintf(NetTrace, " %d (unknown)", pointer[1]);
+	    }
+	    for (i = 2; i < length; i++)
+		fprintf(NetTrace, " ?%d?", pointer[i]);
+	    break;
+
+	case TELOPT_NAWS:
+	    fprintf(NetTrace, "NAWS");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption??\?)");
+		break;
+	    }
+	    if (length == 2) {
+		fprintf(NetTrace, " ?%d?", pointer[1]);
+		break;
+	    }
+	    fprintf(NetTrace, " %d %d (%d)",
+		pointer[1], pointer[2],
+		(int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2])));
+	    if (length == 4) {
+		fprintf(NetTrace, " ?%d?", pointer[3]);
+		break;
+	    }
+	    fprintf(NetTrace, " %d %d (%d)",
+		pointer[3], pointer[4],
+		(int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4])));
+	    for (i = 5; i < length; i++)
+		fprintf(NetTrace, " ?%d?", pointer[i]);
+	    break;
+
+#if	defined(AUTHENTICATION)
+	case TELOPT_AUTHENTICATION:
+	    fprintf(NetTrace, "AUTHENTICATION");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption??\?)");
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case TELQUAL_REPLY:
+	    case TELQUAL_IS:
+		fprintf(NetTrace, " %s ", (pointer[1] == TELQUAL_IS) ?
+							"IS" : "REPLY");
+		if (AUTHTYPE_NAME_OK(pointer[2]))
+		    fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[2]));
+		else
+		    fprintf(NetTrace, "%d ", pointer[2]);
+		if (length < 3) {
+		    fprintf(NetTrace, "(partial suboption??\?)");
+		    break;
+		}
+		fprintf(NetTrace, "%s|%s",
+			((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+			"CLIENT" : "SERVER",
+			((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+			"MUTUAL" : "ONE-WAY");
+
+		auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+		fprintf(NetTrace, "%s", buf);
+		break;
+
+	    case TELQUAL_SEND:
+		i = 2;
+		fprintf(NetTrace, " SEND ");
+		while (i < length) {
+		    if (AUTHTYPE_NAME_OK(pointer[i]))
+			fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[i]));
+		    else
+			fprintf(NetTrace, "%d ", pointer[i]);
+		    if (++i >= length) {
+			fprintf(NetTrace, "(partial suboption??\?)");
+			break;
+		    }
+		    fprintf(NetTrace, "%s|%s ",
+			((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+							"CLIENT" : "SERVER",
+			((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+							"MUTUAL" : "ONE-WAY");
+		    ++i;
+		}
+		break;
+
+	    case TELQUAL_NAME:
+		i = 2;
+		fprintf(NetTrace, " NAME \"");
+		while (i < length)
+		    putc(pointer[i++], NetTrace);
+		putc('"', NetTrace);
+		break;
+
+	    default:
+		    for (i = 2; i < length; i++)
+			fprintf(NetTrace, " ?%d?", pointer[i]);
+		    break;
+	    }
+	    break;
+#endif
+
+#ifdef	ENCRYPTION
+	case TELOPT_ENCRYPT:
+	    fprintf(NetTrace, "ENCRYPT");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption??\?)");
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case ENCRYPT_START:
+		fprintf(NetTrace, " START");
+		break;
+
+	    case ENCRYPT_END:
+		fprintf(NetTrace, " END");
+		break;
+
+	    case ENCRYPT_REQSTART:
+		fprintf(NetTrace, " REQUEST-START");
+		break;
+
+	    case ENCRYPT_REQEND:
+		fprintf(NetTrace, " REQUEST-END");
+		break;
+
+	    case ENCRYPT_IS:
+	    case ENCRYPT_REPLY:
+		fprintf(NetTrace, " %s ", (pointer[1] == ENCRYPT_IS) ?
+							"IS" : "REPLY");
+		if (length < 3) {
+		    fprintf(NetTrace, " (partial suboption??\?)");
+		    break;
+		}
+		if (ENCTYPE_NAME_OK(pointer[2]))
+		    fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[2]));
+		else
+		    fprintf(NetTrace, " %d (unknown)", pointer[2]);
+
+		encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+		fprintf(NetTrace, "%s", buf);
+		break;
+
+	    case ENCRYPT_SUPPORT:
+		i = 2;
+		fprintf(NetTrace, " SUPPORT ");
+		while (i < length) {
+		    if (ENCTYPE_NAME_OK(pointer[i]))
+			fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[i]));
+		    else
+			fprintf(NetTrace, "%d ", pointer[i]);
+		    i++;
+		}
+		break;
+
+	    case ENCRYPT_ENC_KEYID:
+		fprintf(NetTrace, " ENC_KEYID ");
+		goto encommon;
+
+	    case ENCRYPT_DEC_KEYID:
+		fprintf(NetTrace, " DEC_KEYID ");
+		goto encommon;
+
+	    default:
+		fprintf(NetTrace, " %d (unknown)", pointer[1]);
+	    encommon:
+		for (i = 2; i < length; i++)
+		    fprintf(NetTrace, " %d", pointer[i]);
+		break;
+	    }
+	    break;
+#endif	/* ENCRYPTION */
+
+	case TELOPT_LINEMODE:
+	    fprintf(NetTrace, "LINEMODE ");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption??\?)");
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case WILL:
+		fprintf(NetTrace, "WILL ");
+		goto common;
+	    case WONT:
+		fprintf(NetTrace, "WONT ");
+		goto common;
+	    case DO:
+		fprintf(NetTrace, "DO ");
+		goto common;
+	    case DONT:
+		fprintf(NetTrace, "DONT ");
+	    common:
+		if (length < 3) {
+		    fprintf(NetTrace, "(no option??\?)");
+		    break;
+		}
+		switch (pointer[2]) {
+		case LM_FORWARDMASK:
+		    fprintf(NetTrace, "Forward Mask");
+		    for (i = 3; i < length; i++)
+			fprintf(NetTrace, " %x", pointer[i]);
+		    break;
+		default:
+		    fprintf(NetTrace, "%d (unknown)", pointer[2]);
+		    for (i = 3; i < length; i++)
+			fprintf(NetTrace, " %d", pointer[i]);
+		    break;
+		}
+		break;
+
+	    case LM_SLC:
+		fprintf(NetTrace, "SLC");
+		for (i = 2; i < length - 2; i += 3) {
+		    if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
+			fprintf(NetTrace, " %s", SLC_NAME(pointer[i+SLC_FUNC]));
+		    else
+			fprintf(NetTrace, " %d", pointer[i+SLC_FUNC]);
+		    switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
+		    case SLC_NOSUPPORT:
+			fprintf(NetTrace, " NOSUPPORT"); break;
+		    case SLC_CANTCHANGE:
+			fprintf(NetTrace, " CANTCHANGE"); break;
+		    case SLC_VARIABLE:
+			fprintf(NetTrace, " VARIABLE"); break;
+		    case SLC_DEFAULT:
+			fprintf(NetTrace, " DEFAULT"); break;
+		    }
+		    fprintf(NetTrace, "%s%s%s",
+			pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
+			pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
+			pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
+		    if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
+						SLC_FLUSHOUT| SLC_LEVELBITS))
+			fprintf(NetTrace, "(0x%x)", pointer[i+SLC_FLAGS]);
+		    fprintf(NetTrace, " %d;", pointer[i+SLC_VALUE]);
+		    if ((pointer[i+SLC_VALUE] == IAC) &&
+			(pointer[i+SLC_VALUE+1] == IAC))
+				i++;
+		}
+		for (; i < length; i++)
+		    fprintf(NetTrace, " ?%d?", pointer[i]);
+		break;
+
+	    case LM_MODE:
+		fprintf(NetTrace, "MODE ");
+		if (length < 3) {
+		    fprintf(NetTrace, "(no mode??\?)");
+		    break;
+		}
+		{
+		    char tbuf[64];
+		    sprintf(tbuf, "%s%s%s%s%s",
+			pointer[2]&MODE_EDIT ? "|EDIT" : "",
+			pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
+			pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
+			pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
+			pointer[2]&MODE_ACK ? "|ACK" : "");
+		    fprintf(NetTrace, "%s", tbuf[1] ? &tbuf[1] : "0");
+		}
+		if (pointer[2]&~(MODE_MASK))
+		    fprintf(NetTrace, " (0x%x)", pointer[2]);
+		for (i = 3; i < length; i++)
+		    fprintf(NetTrace, " ?0x%x?", pointer[i]);
+		break;
+	    default:
+		fprintf(NetTrace, "%d (unknown)", pointer[1]);
+		for (i = 2; i < length; i++)
+		    fprintf(NetTrace, " %d", pointer[i]);
+	    }
+	    break;
+
+	case TELOPT_STATUS: {
+	    register char *cp;
+	    register int j, k;
+
+	    fprintf(NetTrace, "STATUS");
+
+	    switch (pointer[1]) {
+	    default:
+		if (pointer[1] == TELQUAL_SEND)
+		    fprintf(NetTrace, " SEND");
+		else
+		    fprintf(NetTrace, " %d (unknown)", pointer[1]);
+		for (i = 2; i < length; i++)
+		    fprintf(NetTrace, " ?%d?", pointer[i]);
+		break;
+	    case TELQUAL_IS:
+		if (--want_status_response < 0)
+		    want_status_response = 0;
+		if (NetTrace == stdout)
+		    fprintf(NetTrace, " IS\r\n");
+		else
+		    fprintf(NetTrace, " IS\n");
+
+		for (i = 2; i < length; i++) {
+		    switch(pointer[i]) {
+		    case DO:	cp = "DO"; goto common2;
+		    case DONT:	cp = "DONT"; goto common2;
+		    case WILL:	cp = "WILL"; goto common2;
+		    case WONT:	cp = "WONT"; goto common2;
+		    common2:
+			i++;
+			if (TELOPT_OK((int)pointer[i]))
+			    fprintf(NetTrace, " %s %s", cp, TELOPT(pointer[i]));
+			else
+			    fprintf(NetTrace, " %s %d", cp, pointer[i]);
+
+			if (NetTrace == stdout)
+			    fprintf(NetTrace, "\r\n");
+			else
+			    fprintf(NetTrace, "\n");
+			break;
+
+		    case SB:
+			fprintf(NetTrace, " SB ");
+			i++;
+			j = k = i;
+			while (j < length) {
+			    if (pointer[j] == SE) {
+				if (j+1 == length)
+				    break;
+				if (pointer[j+1] == SE)
+				    j++;
+				else
+				    break;
+			    }
+			    pointer[k++] = pointer[j++];
+			}
+			printsub(0, &pointer[i], k - i);
+			if (i < length) {
+			    fprintf(NetTrace, " SE");
+			    i = j;
+			} else
+			    i = j - 1;
+
+			if (NetTrace == stdout)
+			    fprintf(NetTrace, "\r\n");
+			else
+			    fprintf(NetTrace, "\n");
+
+			break;
+
+		    default:
+			fprintf(NetTrace, " %d", pointer[i]);
+			break;
+		    }
+		}
+		break;
+	    }
+	    break;
+	  }
+
+	case TELOPT_XDISPLOC:
+	    fprintf(NetTrace, "X-DISPLAY-LOCATION ");
+	    switch (pointer[1]) {
+	    case TELQUAL_IS:
+		fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
+		break;
+	    case TELQUAL_SEND:
+		fprintf(NetTrace, "SEND");
+		break;
+	    default:
+		fprintf(NetTrace, "- unknown qualifier %d (0x%x).",
+				pointer[1], pointer[1]);
+	    }
+	    break;
+
+	case TELOPT_NEW_ENVIRON:
+	    fprintf(NetTrace, "NEW-ENVIRON ");
+#ifdef	OLD_ENVIRON
+	    goto env_common1;
+	case TELOPT_OLD_ENVIRON:
+	    fprintf(NetTrace, "OLD-ENVIRON");
+	env_common1:
+#endif
+	    switch (pointer[1]) {
+	    case TELQUAL_IS:
+		fprintf(NetTrace, "IS ");
+		goto env_common;
+	    case TELQUAL_SEND:
+		fprintf(NetTrace, "SEND ");
+		goto env_common;
+	    case TELQUAL_INFO:
+		fprintf(NetTrace, "INFO ");
+	    env_common:
+		{
+		    register int noquote = 2;
+#if defined(ENV_HACK) && defined(OLD_ENVIRON)
+		    extern int old_env_var, old_env_value;
+#endif
+		    for (i = 2; i < length; i++ ) {
+			switch (pointer[i]) {
+			case NEW_ENV_VALUE:
+#ifdef OLD_ENVIRON
+		     /*	case NEW_ENV_OVAR: */
+			    if (pointer[0] == TELOPT_OLD_ENVIRON) {
+# ifdef	ENV_HACK
+				if (old_env_var == OLD_ENV_VALUE)
+				    fprintf(NetTrace, "\" (VALUE) " + noquote);
+				else
+# endif
+				    fprintf(NetTrace, "\" VAR " + noquote);
+			    } else
+#endif /* OLD_ENVIRON */
+				fprintf(NetTrace, "\" VALUE " + noquote);
+			    noquote = 2;
+			    break;
+
+			case NEW_ENV_VAR:
+#ifdef OLD_ENVIRON
+		     /* case OLD_ENV_VALUE: */
+			    if (pointer[0] == TELOPT_OLD_ENVIRON) {
+# ifdef	ENV_HACK
+				if (old_env_value == OLD_ENV_VAR)
+				    fprintf(NetTrace, "\" (VAR) " + noquote);
+				else
+# endif
+				    fprintf(NetTrace, "\" VALUE " + noquote);
+			    } else
+#endif /* OLD_ENVIRON */
+				fprintf(NetTrace, "\" VAR " + noquote);
+			    noquote = 2;
+			    break;
+
+			case ENV_ESC:
+			    fprintf(NetTrace, "\" ESC " + noquote);
+			    noquote = 2;
+			    break;
+
+			case ENV_USERVAR:
+			    fprintf(NetTrace, "\" USERVAR " + noquote);
+			    noquote = 2;
+			    break;
+
+			default:
+			    if (isprint(pointer[i]) && pointer[i] != '"') {
+				if (noquote) {
+				    putc('"', NetTrace);
+				    noquote = 0;
+				}
+				putc(pointer[i], NetTrace);
+			    } else {
+				fprintf(NetTrace, "\" %03o " + noquote,
+							pointer[i]);
+				noquote = 2;
+			    }
+			    break;
+			}
+		    }
+		    if (!noquote)
+			putc('"', NetTrace);
+		    break;
+		}
+	    }
+	    break;
+
+	default:
+	    if (TELOPT_OK(pointer[0]))
+		fprintf(NetTrace, "%s (unknown)", TELOPT(pointer[0]));
+	    else
+		fprintf(NetTrace, "%d (unknown)", pointer[0]);
+	    for (i = 1; i < length; i++)
+		fprintf(NetTrace, " %d", pointer[i]);
+	    break;
+	}
+	if (direction) {
+	    if (NetTrace == stdout)
+		fprintf(NetTrace, "\r\n");
+	    else
+		fprintf(NetTrace, "\n");
+	}
+	if (NetTrace == stdout)
+	    fflush(NetTrace);
+    }
+}
+
+/* EmptyTerminal - called to make sure that the terminal buffer is empty.
+ *			Note that we consider the buffer to run all the
+ *			way to the kernel (thus the select).
+ */
+
+    void
+EmptyTerminal()
+{
+#if	defined(unix)
+    fd_set	o;
+
+    FD_ZERO(&o);
+#endif	/* defined(unix) */
+
+    if (TTYBYTES() == 0) {
+#if	defined(unix)
+	FD_SET(tout, &o);
+	(void) select(tout+1, (fd_set *) 0, &o, (fd_set *) 0,
+			(struct timeval *) 0);	/* wait for TTLOWAT */
+#endif	/* defined(unix) */
+    } else {
+	while (TTYBYTES()) {
+	    (void) ttyflush(0);
+#if	defined(unix)
+	    FD_SET(tout, &o);
+	    (void) select(tout+1, (fd_set *) 0, &o, (fd_set *) 0,
+				(struct timeval *) 0);	/* wait for TTLOWAT */
+#endif	/* defined(unix) */
+	}
+    }
+}
+
+    void
+SetForExit()
+{
+    setconnmode(0);
+#if	defined(TN3270)
+    if (In3270) {
+	Finish3270();
+    }
+#else	/* defined(TN3270) */
+    do {
+	(void)telrcv();			/* Process any incoming data */
+	EmptyTerminal();
+    } while (ring_full_count(&netiring));	/* While there is any */
+#endif	/* defined(TN3270) */
+    setcommandmode();
+    fflush(stdout);
+    fflush(stderr);
+#if	defined(TN3270)
+    if (In3270) {
+	StopScreen(1);
+    }
+#endif	/* defined(TN3270) */
+    setconnmode(0);
+    EmptyTerminal();			/* Flush the path to the tty */
+    setcommandmode();
+}
+
+    void
+Exit(returnCode)
+    int returnCode;
+{
+    SetForExit();
+    exit(returnCode);
+}
+
+    void
+ExitString(string, returnCode)
+    char *string;
+    int returnCode;
+{
+    SetForExit();
+    fwrite(string, 1, strlen(string), stderr);
+    exit(returnCode);
+}
diff --git a/crypto/telnet/telnetd/authenc.c b/crypto/telnet/telnetd/authenc.c
new file mode 100644
index 0000000..39a38d4
--- /dev/null
+++ b/crypto/telnet/telnetd/authenc.c
@@ -0,0 +1,94 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+#if 0
+static const char sccsid[] = "@(#)authenc.c	8.2 (Berkeley) 5/30/95";
+#endif
+static const char rcsid[] =
+  "$FreeBSD$";
+#endif /* not lint */
+
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+#include "telnetd.h"
+#include <libtelnet/misc.h>
+
+	int
+net_write(str, len)
+	unsigned char *str;
+	int len;
+{
+	if (nfrontp + len < netobuf + BUFSIZ) {
+		memmove((void *)nfrontp, (void *)str, len);
+		nfrontp += len;
+		return(len);
+	}
+	return(0);
+}
+
+	void
+net_encrypt()
+{
+#ifdef	ENCRYPTION
+	char *s = (nclearto > nbackp) ? nclearto : nbackp;
+	if (s < nfrontp && encrypt_output) {
+		(*encrypt_output)((unsigned char *)s, nfrontp - s);
+	}
+	nclearto = nfrontp;
+#endif /* ENCRYPTION */
+}
+
+	int
+telnet_spin()
+{
+	ttloop();
+	return(0);
+}
+
+	char *
+telnet_getenv(val)
+	char *val;
+{
+	return(getenv(val));
+}
+
+	char *
+telnet_gets(prompt, result, length, echo)
+	char *prompt;
+	char *result;
+	int length;
+	int echo;
+{
+	return((char *)0);
+}
+#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION) */
diff --git a/crypto/telnet/telnetd/defs.h b/crypto/telnet/telnetd/defs.h
new file mode 100644
index 0000000..a73d4a6
--- /dev/null
+++ b/crypto/telnet/telnetd/defs.h
@@ -0,0 +1,296 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)defs.h	8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Telnet server defines
+ */
+#include <sys/types.h>
+#include <sys/param.h>
+
+#ifndef	BSD
+# define	BSD 43
+#endif
+
+#if	defined(CRAY) && !defined(LINEMODE)
+# define SYSV_TERMIO
+# define LINEMODE
+# define KLUDGELINEMODE
+# define DIAGNOSTICS
+# if defined(UNICOS50) && !defined(UNICOS5)
+#  define UNICOS5
+# endif
+# if !defined(UNICOS5)
+#  define BFTPDAEMON
+#  define HAS_IP_TOS
+# endif
+#endif /* CRAY */
+#if defined(UNICOS5) && !defined(NO_SETSID)
+# define NO_SETSID
+#endif
+
+#if defined(PRINTOPTIONS) && defined(DIAGNOSTICS)
+#define TELOPTS
+#define TELCMDS
+#define	SLC_NAMES
+#endif
+
+#if	defined(SYSV_TERMIO) && !defined(USE_TERMIO)
+# define	USE_TERMIO
+#endif
+
+#include <sys/socket.h>
+#ifndef	CRAY
+#include <sys/wait.h>
+#endif	/* CRAY */
+#include <fcntl.h>
+#include <sys/file.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#ifndef	FILIO_H
+#include <sys/ioctl.h>
+#else
+#include <sys/filio.h>
+#endif
+
+#include <netinet/in.h>
+
+#include <arpa/telnet.h>
+
+#include <stdio.h>
+#ifdef	__STDC__
+#include <stdlib.h>
+#endif
+#include <signal.h>
+#include <errno.h>
+#include <netdb.h>
+#include <syslog.h>
+#ifndef	LOG_DAEMON
+#define	LOG_DAEMON	0
+#endif
+#ifndef	LOG_ODELAY
+#define	LOG_ODELAY	0
+#endif
+#include <ctype.h>
+#ifndef NO_STRING_H
+#include <string.h>
+#else
+#include <strings.h>
+#endif
+
+#ifndef	USE_TERMIO
+#include <sgtty.h>
+#else
+# ifdef	SYSV_TERMIO
+# include <termio.h>
+# else
+# include <termios.h>
+# endif
+#endif
+#if !defined(USE_TERMIO) || defined(NO_CC_T)
+typedef unsigned char cc_t;
+#endif
+
+#ifdef	__STDC__
+#include <unistd.h>
+#endif
+
+#ifndef _POSIX_VDISABLE
+# ifdef VDISABLE
+#  define _POSIX_VDISABLE VDISABLE
+# else
+#  define _POSIX_VDISABLE ((unsigned char)'\377')
+# endif
+#endif
+
+
+#ifdef	CRAY
+# ifdef	CRAY1
+# include <sys/pty.h>
+#  ifndef FD_ZERO
+# include <sys/select.h>
+#  endif /* FD_ZERO */
+# endif	/* CRAY1 */
+
+#include <memory.h>
+#endif	/* CRAY */
+
+#ifdef __hpux
+#include <sys/ptyio.h>
+#endif
+
+#if	!defined(TIOCSCTTY) && defined(TCSETCTTY)
+# define	TIOCSCTTY TCSETCTTY
+#endif
+
+#ifndef	FD_SET
+#ifndef	HAVE_fd_set
+typedef struct fd_set { int fds_bits[1]; } fd_set;
+#endif
+
+#define	FD_SET(n, p)	((p)->fds_bits[0] |= (1<<(n)))
+#define	FD_CLR(n, p)	((p)->fds_bits[0] &= ~(1<<(n)))
+#define	FD_ISSET(n, p)	((p)->fds_bits[0] & (1<<(n)))
+#define FD_ZERO(p)	((p)->fds_bits[0] = 0)
+#endif	/* FD_SET */
+
+/*
+ * I/O data buffers defines
+ */
+#define	NETSLOP	64
+#ifdef CRAY
+#undef BUFSIZ
+#define BUFSIZ  2048
+#endif
+
+#define	NIACCUM(c)	{   *netip++ = c; \
+			    ncc++; \
+			}
+
+/* clock manipulations */
+#define	settimer(x)	(clocks.x = ++clocks.system)
+#define	sequenceIs(x,y)	(clocks.x < clocks.y)
+
+/*
+ * Linemode support states, in decreasing order of importance
+ */
+#define REAL_LINEMODE	0x04
+#define KLUDGE_OK	0x03
+#define	NO_AUTOKLUDGE	0x02
+#define KLUDGE_LINEMODE	0x01
+#define NO_LINEMODE	0x00
+
+/*
+ * Structures of information for each special character function.
+ */
+typedef struct {
+	unsigned char	flag;		/* the flags for this function */
+	cc_t		val;		/* the value of the special character */
+} slcent, *Slcent;
+
+typedef struct {
+	slcent		defset;		/* the default settings */
+	slcent		current;	/* the current settings */
+	cc_t		*sptr;		/* a pointer to the char in */
+					/* system data structures */
+} slcfun, *Slcfun;
+
+#ifdef DIAGNOSTICS
+/*
+ * Diagnostics capabilities
+ */
+#define	TD_REPORT	0x01	/* Report operations to client */
+#define TD_EXERCISE	0x02	/* Exercise client's implementation */
+#define TD_NETDATA	0x04	/* Display received data stream */
+#define TD_PTYDATA	0x08	/* Display data passed to pty */
+#define	TD_OPTIONS	0x10	/* Report just telnet options */
+#endif /* DIAGNOSTICS */
+
+/*
+ * We keep track of each side of the option negotiation.
+ */
+
+#define	MY_STATE_WILL		0x01
+#define	MY_WANT_STATE_WILL	0x02
+#define	MY_STATE_DO		0x04
+#define	MY_WANT_STATE_DO	0x08
+
+/*
+ * Macros to check the current state of things
+ */
+
+#define	my_state_is_do(opt)		(options[opt]&MY_STATE_DO)
+#define	my_state_is_will(opt)		(options[opt]&MY_STATE_WILL)
+#define my_want_state_is_do(opt)	(options[opt]&MY_WANT_STATE_DO)
+#define my_want_state_is_will(opt)	(options[opt]&MY_WANT_STATE_WILL)
+
+#define	my_state_is_dont(opt)		(!my_state_is_do(opt))
+#define	my_state_is_wont(opt)		(!my_state_is_will(opt))
+#define my_want_state_is_dont(opt)	(!my_want_state_is_do(opt))
+#define my_want_state_is_wont(opt)	(!my_want_state_is_will(opt))
+
+#define	set_my_state_do(opt)		(options[opt] |= MY_STATE_DO)
+#define	set_my_state_will(opt)		(options[opt] |= MY_STATE_WILL)
+#define	set_my_want_state_do(opt)	(options[opt] |= MY_WANT_STATE_DO)
+#define	set_my_want_state_will(opt)	(options[opt] |= MY_WANT_STATE_WILL)
+
+#define	set_my_state_dont(opt)		(options[opt] &= ~MY_STATE_DO)
+#define	set_my_state_wont(opt)		(options[opt] &= ~MY_STATE_WILL)
+#define	set_my_want_state_dont(opt)	(options[opt] &= ~MY_WANT_STATE_DO)
+#define	set_my_want_state_wont(opt)	(options[opt] &= ~MY_WANT_STATE_WILL)
+
+/*
+ * Tricky code here.  What we want to know is if the MY_STATE_WILL
+ * and MY_WANT_STATE_WILL bits have the same value.  Since the two
+ * bits are adjacent, a little arithmatic will show that by adding
+ * in the lower bit, the upper bit will be set if the two bits were
+ * different, and clear if they were the same.
+ */
+#define my_will_wont_is_changing(opt) \
+			((options[opt]+MY_STATE_WILL) & MY_WANT_STATE_WILL)
+
+#define my_do_dont_is_changing(opt) \
+			((options[opt]+MY_STATE_DO) & MY_WANT_STATE_DO)
+
+/*
+ * Make everything symetrical
+ */
+
+#define	HIS_STATE_WILL			MY_STATE_DO
+#define	HIS_WANT_STATE_WILL		MY_WANT_STATE_DO
+#define HIS_STATE_DO			MY_STATE_WILL
+#define HIS_WANT_STATE_DO		MY_WANT_STATE_WILL
+
+#define	his_state_is_do			my_state_is_will
+#define	his_state_is_will		my_state_is_do
+#define his_want_state_is_do		my_want_state_is_will
+#define his_want_state_is_will		my_want_state_is_do
+
+#define	his_state_is_dont		my_state_is_wont
+#define	his_state_is_wont		my_state_is_dont
+#define his_want_state_is_dont		my_want_state_is_wont
+#define his_want_state_is_wont		my_want_state_is_dont
+
+#define	set_his_state_do		set_my_state_will
+#define	set_his_state_will		set_my_state_do
+#define	set_his_want_state_do		set_my_want_state_will
+#define	set_his_want_state_will		set_my_want_state_do
+
+#define	set_his_state_dont		set_my_state_wont
+#define	set_his_state_wont		set_my_state_dont
+#define	set_his_want_state_dont		set_my_want_state_wont
+#define	set_his_want_state_wont		set_my_want_state_dont
+
+#define his_will_wont_is_changing	my_do_dont_is_changing
+#define his_do_dont_is_changing		my_will_wont_is_changing
diff --git a/crypto/telnet/telnetd/ext.h b/crypto/telnet/telnetd/ext.h
new file mode 100644
index 0000000..f60139e
--- /dev/null
+++ b/crypto/telnet/telnetd/ext.h
@@ -0,0 +1,242 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)ext.h	8.2 (Berkeley) 12/15/93
+ */
+
+/*
+ * Telnet server variable declarations
+ */
+extern char	options[256];
+extern char	do_dont_resp[256];
+extern char	will_wont_resp[256];
+extern int	linemode;	/* linemode on/off */
+#ifdef	LINEMODE
+extern int	uselinemode;	/* what linemode to use (on/off) */
+extern int	editmode;	/* edit modes in use */
+extern int	useeditmode;	/* edit modes to use */
+extern int	alwayslinemode;	/* command line option */
+extern int	lmodetype;	/* Client support for linemode */
+#endif	/* LINEMODE */
+extern int	flowmode;	/* current flow control state */
+extern int	restartany;	/* restart output on any character state */
+#ifdef DIAGNOSTICS
+extern int	diagnostic;	/* telnet diagnostic capabilities */
+#endif /* DIAGNOSTICS */
+#ifdef BFTPDAEMON
+extern int	bftpd;		/* behave as bftp daemon */
+#endif /* BFTPDAEMON */
+#if	defined(SecurID)
+extern int	require_SecurID;
+#endif
+#if	defined(AUTHENTICATION)
+extern int	auth_level;
+#endif
+
+extern slcfun	slctab[NSLC + 1];	/* slc mapping table */
+
+char	*terminaltype;
+
+/*
+ * I/O data buffers, pointers, and counters.
+ */
+extern char	ptyobuf[BUFSIZ+NETSLOP], *pfrontp, *pbackp;
+
+extern char	netibuf[BUFSIZ], *netip;
+
+extern char	netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
+extern char	*neturg;		/* one past last bye of urgent data */
+
+extern int	pcc, ncc;
+
+#if defined(CRAY2) && defined(UNICOS5)
+extern int unpcc;  /* characters left unprocessed by CRAY-2 terminal routine */
+extern char *unptyip;  /* pointer to remaining characters in buffer */
+#endif
+
+extern int	pty, net;
+extern char	*line;
+extern int	SYNCHing;		/* we are in TELNET SYNCH mode */
+
+#ifndef	P
+# ifdef	__STDC__
+#  define P(x)	x
+# else
+#  define P(x)	()
+# endif
+#endif
+
+extern void
+	_termstat P((void)),
+	add_slc P((int, int, int)),
+	check_slc P((void)),
+	change_slc P((int, int, int)),
+	cleanup P((int)),
+	clientstat P((int, int, int)),
+	copy_termbuf P((char *, int)),
+	deferslc P((void)),
+	defer_terminit P((void)),
+	do_opt_slc P((unsigned char *, int)),
+	doeof P((void)),
+	dooption P((int)),
+	dontoption P((int)),
+	edithost P((char *, char *)),
+	fatal P((int, char *)),
+	fatalperror P((int, char *)),
+	get_slc_defaults P((void)),
+	init_env P((void)),
+	init_termbuf P((void)),
+	interrupt P((void)),
+	localstat P((void)),
+	flowstat P((void)),
+	netclear P((void)),
+	netflush P((void)),
+#ifdef DIAGNOSTICS
+	printoption P((char *, int)),
+	printdata P((char *, char *, int)),
+	printsub P((int, unsigned char *, int)),
+#endif
+	ptyflush P((void)),
+	putchr P((int)),
+	putf P((char *, char *)),
+	recv_ayt P((void)),
+	send_do P((int, int)),
+	send_dont P((int, int)),
+	send_slc P((void)),
+	send_status P((void)),
+	send_will P((int, int)),
+	send_wont P((int, int)),
+	sendbrk P((void)),
+	sendsusp P((void)),
+	set_termbuf P((void)),
+	start_login P((char *, int, char *)),
+	start_slc P((int)),
+#if	defined(AUTHENTICATION)
+	start_slave P((char *)),
+#else
+	start_slave P((char *, int, char *)),
+#endif
+	suboption P((void)),
+	telrcv P((void)),
+	ttloop P((void)),
+	tty_binaryin P((int)),
+	tty_binaryout P((int));
+
+extern int
+	end_slc P((unsigned char **)),
+	getnpty P((void)),
+#ifndef convex
+	getpty P((int *)),
+#endif
+	login_tty P((int)),
+	spcset P((int, cc_t *, cc_t **)),
+	stilloob P((int)),
+	terminit P((void)),
+	termstat P((void)),
+	tty_flowmode P((void)),
+	tty_restartany P((void)),
+	tty_isbinaryin P((void)),
+	tty_isbinaryout P((void)),
+	tty_iscrnl P((void)),
+	tty_isecho P((void)),
+	tty_isediting P((void)),
+	tty_islitecho P((void)),
+	tty_isnewmap P((void)),
+	tty_israw P((void)),
+	tty_issofttab P((void)),
+	tty_istrapsig P((void)),
+	tty_linemode P((void));
+
+extern void
+	tty_rspeed P((int)),
+	tty_setecho P((int)),
+	tty_setedit P((int)),
+	tty_setlinemode P((int)),
+	tty_setlitecho P((int)),
+	tty_setsig P((int)),
+	tty_setsofttab P((int)),
+	tty_tspeed P((int)),
+	willoption P((int)),
+	wontoption P((int)),
+	writenet P((unsigned char *, int));
+
+#ifdef	ENCRYPTION
+extern void	(*encrypt_output) P((unsigned char *, int));
+extern int	(*decrypt_input) P((int));
+extern char	*nclearto;
+#endif	/* ENCRYPTION */
+
+
+/*
+ * The following are some clocks used to decide how to interpret
+ * the relationship between various variables.
+ */
+
+extern struct {
+    int
+	system,			/* what the current time is */
+	echotoggle,		/* last time user entered echo character */
+	modenegotiated,		/* last time operating mode negotiated */
+	didnetreceive,		/* last time we read data from network */
+	ttypesubopt,		/* ttype subopt is received */
+	tspeedsubopt,		/* tspeed subopt is received */
+	environsubopt,		/* environ subopt is received */
+	oenvironsubopt,		/* old environ subopt is received */
+	xdisplocsubopt,		/* xdisploc subopt is received */
+	baseline,		/* time started to do timed action */
+	gotDM;			/* when did we last see a data mark */
+} clocks;
+
+
+#if	defined(CRAY2) && defined(UNICOS5)
+extern int	needtermstat;
+#endif
+
+#ifndef	DEFAULT_IM
+# ifdef CRAY
+#  define DEFAULT_IM	"\r\n\r\nCray UNICOS (%h) (%t)\r\n\r\r\n\r"
+# else
+#  ifdef sun
+#   define DEFAULT_IM	"\r\n\r\nSunOS UNIX (%h) (%t)\r\n\r\r\n\r"
+#  else
+#   ifdef ultrix
+#    define DEFAULT_IM	"\r\n\r\nULTRIX (%h) (%t)\r\n\r\r\n\r"
+#   else
+#    ifdef __FreeBSD__
+#     define DEFAULT_IM  "\r\n\r\nFreeBSD (%h) (%t)\r\n\r\r\n\r"
+#    else
+#    define DEFAULT_IM	"\r\n\r\n4.4 BSD UNIX (%h) (%t)\r\n\r\r\n\r"
+#    endif
+#   endif
+#  endif
+# endif
+#endif
diff --git a/crypto/telnet/telnetd/global.c b/crypto/telnet/telnetd/global.c
new file mode 100644
index 0000000..0cf95db
--- /dev/null
+++ b/crypto/telnet/telnetd/global.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+#if 0
+static const char sccsid[] = "@(#)global.c	8.1 (Berkeley) 6/4/93";
+#endif
+static const char rcsid[] =
+  "$FreeBSD$";
+#endif /* not lint */
+
+/*
+ * Allocate global variables.  We do this
+ * by including the header file that defines
+ * them all as externs, but first we define
+ * the keyword "extern" to be nothing, so that
+ * we will actually allocate the space.
+ */
+
+#include "defs.h"
+#define extern
+#include "ext.h"
diff --git a/crypto/telnet/telnetd/pathnames.h b/crypto/telnet/telnetd/pathnames.h
new file mode 100644
index 0000000..c8b0806
--- /dev/null
+++ b/crypto/telnet/telnetd/pathnames.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)pathnames.h	8.1 (Berkeley) 6/4/93
+ */
+
+#if BSD > 43
+
+# include <paths.h>
+
+# ifndef _PATH_LOGIN
+#  define	_PATH_LOGIN	"/usr/bin/login"
+# endif
+
+#else
+ 
+# define	_PATH_TTY	"/dev/tty"
+# ifndef _PATH_LOGIN
+#  define	_PATH_LOGIN	"/bin/login"
+# endif
+
+#endif
+
+#ifdef BFTPDAEMON
+#define		BFTPPATH	"/usr/ucb/bftp"
+#endif  /* BFTPDAEMON */
diff --git a/crypto/telnet/telnetd/slc.c b/crypto/telnet/telnetd/slc.c
new file mode 100644
index 0000000..65dc689
--- /dev/null
+++ b/crypto/telnet/telnetd/slc.c
@@ -0,0 +1,495 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+#if 0
+static const char sccsid[] = "@(#)slc.c	8.2 (Berkeley) 5/30/95";
+#endif
+static const char rcsid[] =
+  "$FreeBSD$";
+#endif /* not lint */
+
+#include "telnetd.h"
+
+#ifdef	LINEMODE
+/*
+ * local variables
+ */
+static unsigned char	*def_slcbuf = (unsigned char *)0;
+static int		def_slclen = 0;
+static int		slcchange;	/* change to slc is requested */
+static unsigned char	*slcptr;	/* pointer into slc buffer */
+static unsigned char	slcbuf[NSLC*6];	/* buffer for slc negotiation */
+
+/*
+ * send_slc
+ *
+ * Write out the current special characters to the client.
+ */
+	void
+send_slc()
+{
+	register int i;
+
+	/*
+	 * Send out list of triplets of special characters
+	 * to client.  We only send info on the characters
+	 * that are currently supported.
+	 */
+	for (i = 1; i <= NSLC; i++) {
+		if ((slctab[i].defset.flag & SLC_LEVELBITS) == SLC_NOSUPPORT)
+			continue;
+		add_slc((unsigned char)i, slctab[i].current.flag,
+							slctab[i].current.val);
+	}
+
+}  /* end of send_slc */
+
+/*
+ * default_slc
+ *
+ * Set pty special characters to all the defaults.
+ */
+	void
+default_slc()
+{
+	register int i;
+
+	for (i = 1; i <= NSLC; i++) {
+		slctab[i].current.val = slctab[i].defset.val;
+		if (slctab[i].current.val == (cc_t)(_POSIX_VDISABLE))
+			slctab[i].current.flag = SLC_NOSUPPORT;
+		else
+			slctab[i].current.flag = slctab[i].defset.flag;
+		if (slctab[i].sptr) {
+			*(slctab[i].sptr) = slctab[i].defset.val;
+		}
+	}
+	slcchange = 1;
+
+}  /* end of default_slc */
+#endif	/* LINEMODE */
+
+/*
+ * get_slc_defaults
+ *
+ * Initialize the slc mapping table.
+ */
+	void
+get_slc_defaults()
+{
+	register int i;
+
+	init_termbuf();
+
+	for (i = 1; i <= NSLC; i++) {
+		slctab[i].defset.flag =
+			spcset(i, &slctab[i].defset.val, &slctab[i].sptr);
+		slctab[i].current.flag = SLC_NOSUPPORT;
+		slctab[i].current.val = 0;
+	}
+
+}  /* end of get_slc_defaults */
+
+#ifdef	LINEMODE
+/*
+ * add_slc
+ *
+ * Add an slc triplet to the slc buffer.
+ */
+	void
+add_slc(func, flag, val)
+	register char func, flag;
+	register cc_t val;
+{
+
+	if ((*slcptr++ = (unsigned char)func) == 0xff)
+		*slcptr++ = 0xff;
+
+	if ((*slcptr++ = (unsigned char)flag) == 0xff)
+		*slcptr++ = 0xff;
+
+	if ((*slcptr++ = (unsigned char)val) == 0xff)
+		*slcptr++ = 0xff;
+
+}  /* end of add_slc */
+
+/*
+ * start_slc
+ *
+ * Get ready to process incoming slc's and respond to them.
+ *
+ * The parameter getit is non-zero if it is necessary to grab a copy
+ * of the terminal control structures.
+ */
+	void
+start_slc(getit)
+	register int getit;
+{
+
+	slcchange = 0;
+	if (getit)
+		init_termbuf();
+	(void) sprintf((char *)slcbuf, "%c%c%c%c",
+					IAC, SB, TELOPT_LINEMODE, LM_SLC);
+	slcptr = slcbuf + 4;
+
+}  /* end of start_slc */
+
+/*
+ * end_slc
+ *
+ * Finish up the slc negotiation.  If something to send, then send it.
+ */
+	int
+end_slc(bufp)
+	register unsigned char **bufp;
+{
+	register int len;
+	void netflush();
+
+	/*
+	 * If a change has occured, store the new terminal control
+	 * structures back to the terminal driver.
+	 */
+	if (slcchange) {
+		set_termbuf();
+	}
+
+	/*
+	 * If the pty state has not yet been fully processed and there is a
+	 * deferred slc request from the client, then do not send any
+	 * sort of slc negotiation now.  We will respond to the client's
+	 * request very soon.
+	 */
+	if (def_slcbuf && (terminit() == 0)) {
+		return(0);
+	}
+
+	if (slcptr > (slcbuf + 4)) {
+		if (bufp) {
+			*bufp = &slcbuf[4];
+			return(slcptr - slcbuf - 4);
+		} else {
+			(void) sprintf((char *)slcptr, "%c%c", IAC, SE);
+			slcptr += 2;
+			len = slcptr - slcbuf;
+			writenet(slcbuf, len);
+			netflush();  /* force it out immediately */
+			DIAG(TD_OPTIONS, printsub('>', slcbuf+2, len-2););
+		}
+	}
+	return (0);
+
+}  /* end of end_slc */
+
+/*
+ * process_slc
+ *
+ * Figure out what to do about the client's slc
+ */
+	void
+process_slc(func, flag, val)
+	register unsigned char func, flag;
+	register cc_t val;
+{
+	register int hislevel, mylevel, ack;
+
+	/*
+	 * Ensure that we know something about this function
+	 */
+	if (func > NSLC) {
+		add_slc(func, SLC_NOSUPPORT, 0);
+		return;
+	}
+
+	/*
+	 * Process the special case requests of 0 SLC_DEFAULT 0
+	 * and 0 SLC_VARIABLE 0.  Be a little forgiving here, don't
+	 * worry about whether the value is actually 0 or not.
+	 */
+	if (func == 0) {
+		if ((flag = flag & SLC_LEVELBITS) == SLC_DEFAULT) {
+			default_slc();
+			send_slc();
+		} else if (flag == SLC_VARIABLE) {
+			send_slc();
+		}
+		return;
+	}
+
+	/*
+	 * Appears to be a function that we know something about.  So
+	 * get on with it and see what we know.
+	 */
+
+	hislevel = flag & SLC_LEVELBITS;
+	mylevel = slctab[func].current.flag & SLC_LEVELBITS;
+	ack = flag & SLC_ACK;
+	/*
+	 * ignore the command if:
+	 * the function value and level are the same as what we already have;
+	 * or the level is the same and the ack bit is set
+	 */
+	if (hislevel == mylevel && (val == slctab[func].current.val || ack)) {
+		return;
+	} else if (ack) {
+		/*
+		 * If we get here, we got an ack, but the levels don't match.
+		 * This shouldn't happen.  If it does, it is probably because
+		 * we have sent two requests to set a variable without getting
+		 * a response between them, and this is the first response.
+		 * So, ignore it, and wait for the next response.
+		 */
+		return;
+	} else {
+		change_slc(func, flag, val);
+	}
+
+}  /* end of process_slc */
+
+/*
+ * change_slc
+ *
+ * Process a request to change one of our special characters.
+ * Compare client's request with what we are capable of supporting.
+ */
+	void
+change_slc(func, flag, val)
+	register char func, flag;
+	register cc_t val;
+{
+	register int hislevel, mylevel;
+
+	hislevel = flag & SLC_LEVELBITS;
+	mylevel = slctab[(int)func].defset.flag & SLC_LEVELBITS;
+	/*
+	 * If client is setting a function to NOSUPPORT
+	 * or DEFAULT, then we can easily and directly
+	 * accomodate the request.
+	 */
+	if (hislevel == SLC_NOSUPPORT) {
+		slctab[(int)func].current.flag = flag;
+		slctab[(int)func].current.val = (cc_t)_POSIX_VDISABLE;
+		flag |= SLC_ACK;
+		add_slc(func, flag, val);
+		return;
+	}
+	if (hislevel == SLC_DEFAULT) {
+		/*
+		 * Special case here.  If client tells us to use
+		 * the default on a function we don't support, then
+		 * return NOSUPPORT instead of what we may have as a
+		 * default level of DEFAULT.
+		 */
+		if (mylevel == SLC_DEFAULT) {
+			slctab[(int)func].current.flag = SLC_NOSUPPORT;
+		} else {
+			slctab[(int)func].current.flag = slctab[(int)func].defset.flag;
+		}
+		slctab[(int)func].current.val = slctab[(int)func].defset.val;
+		add_slc(func, slctab[(int)func].current.flag,
+						slctab[(int)func].current.val);
+		return;
+	}
+
+	/*
+	 * Client wants us to change to a new value or he
+	 * is telling us that he can't change to our value.
+	 * Some of the slc's we support and can change,
+	 * some we do support but can't change,
+	 * and others we don't support at all.
+	 * If we can change it then we have a pointer to
+	 * the place to put the new value, so change it,
+	 * otherwise, continue the negotiation.
+	 */
+	if (slctab[(int)func].sptr) {
+		/*
+		 * We can change this one.
+		 */
+		slctab[(int)func].current.val = val;
+		*(slctab[(int)func].sptr) = val;
+		slctab[(int)func].current.flag = flag;
+		flag |= SLC_ACK;
+		slcchange = 1;
+		add_slc(func, flag, val);
+	} else {
+		/*
+		* It is not possible for us to support this
+		* request as he asks.
+		*
+		* If our level is DEFAULT, then just ack whatever was
+		* sent.
+		*
+		* If he can't change and we can't change,
+		* then degenerate to NOSUPPORT.
+		*
+		* Otherwise we send our level back to him, (CANTCHANGE
+		* or NOSUPPORT) and if CANTCHANGE, send
+		* our value as well.
+		*/
+		if (mylevel == SLC_DEFAULT) {
+			slctab[(int)func].current.flag = flag;
+			slctab[(int)func].current.val = val;
+			flag |= SLC_ACK;
+		} else if (hislevel == SLC_CANTCHANGE &&
+				    mylevel == SLC_CANTCHANGE) {
+			flag &= ~SLC_LEVELBITS;
+			flag |= SLC_NOSUPPORT;
+			slctab[(int)func].current.flag = flag;
+		} else {
+			flag &= ~SLC_LEVELBITS;
+			flag |= mylevel;
+			slctab[(int)func].current.flag = flag;
+			if (mylevel == SLC_CANTCHANGE) {
+				slctab[(int)func].current.val =
+					slctab[(int)func].defset.val;
+				val = slctab[(int)func].current.val;
+			}
+		}
+		add_slc(func, flag, val);
+	}
+
+}  /* end of change_slc */
+
+#if	defined(USE_TERMIO) && (VEOF == VMIN)
+cc_t oldeofc = '\004';
+#endif
+
+/*
+ * check_slc
+ *
+ * Check the special characters in use and notify the client if any have
+ * changed.  Only those characters that are capable of being changed are
+ * likely to have changed.  If a local change occurs, kick the support level
+ * and flags up to the defaults.
+ */
+	void
+check_slc()
+{
+	register int i;
+
+	for (i = 1; i <= NSLC; i++) {
+#if	defined(USE_TERMIO) && (VEOF == VMIN)
+		/*
+		 * In a perfect world this would be a neat little
+		 * function.  But in this world, we should not notify
+		 * client of changes to the VEOF char when
+		 * ICANON is off, because it is not representing
+		 * a special character.
+		 */
+		if (i == SLC_EOF) {
+			if (!tty_isediting())
+				continue;
+			else if (slctab[i].sptr)
+				oldeofc = *(slctab[i].sptr);
+		}
+#endif	/* defined(USE_TERMIO) && defined(SYSV_TERMIO) */
+		if (slctab[i].sptr &&
+				(*(slctab[i].sptr) != slctab[i].current.val)) {
+			slctab[i].current.val = *(slctab[i].sptr);
+			if (*(slctab[i].sptr) == (cc_t)_POSIX_VDISABLE)
+				slctab[i].current.flag = SLC_NOSUPPORT;
+			else
+				slctab[i].current.flag = slctab[i].defset.flag;
+			add_slc((unsigned char)i, slctab[i].current.flag,
+						slctab[i].current.val);
+		}
+	}
+}  /* check_slc */
+
+/*
+ * do_opt_slc
+ *
+ * Process an slc option buffer.  Defer processing of incoming slc's
+ * until after the terminal state has been processed.  Save the first slc
+ * request that comes along, but discard all others.
+ *
+ * ptr points to the beginning of the buffer, len is the length.
+ */
+	void
+do_opt_slc(ptr, len)
+	register unsigned char *ptr;
+	register int len;
+{
+	register unsigned char func, flag;
+	cc_t val;
+	register unsigned char *end = ptr + len;
+
+	if (terminit()) {  /* go ahead */
+		while (ptr < end) {
+			func = *ptr++;
+			if (ptr >= end) break;
+			flag = *ptr++;
+			if (ptr >= end) break;
+			val = (cc_t)*ptr++;
+
+			process_slc(func, flag, val);
+
+		}
+	} else {
+		/*
+		 * save this slc buffer if it is the first, otherwise dump
+		 * it.
+		 */
+		if (def_slcbuf == (unsigned char *)0) {
+			def_slclen = len;
+			def_slcbuf = (unsigned char *)malloc((unsigned)len);
+			if (def_slcbuf == (unsigned char *)0)
+				return;  /* too bad */
+			memmove(def_slcbuf, ptr, len);
+		}
+	}
+
+}  /* end of do_opt_slc */
+
+/*
+ * deferslc
+ *
+ * Do slc stuff that was deferred.
+ */
+	void
+deferslc()
+{
+	if (def_slcbuf) {
+		start_slc(1);
+		do_opt_slc(def_slcbuf, def_slclen);
+		(void) end_slc(0);
+		free(def_slcbuf);
+		def_slcbuf = (unsigned char *)0;
+		def_slclen = 0;
+	}
+
+}  /* end of deferslc */
+
+#endif	/* LINEMODE */
diff --git a/crypto/telnet/telnetd/state.c b/crypto/telnet/telnetd/state.c
new file mode 100644
index 0000000..4a066b7
--- /dev/null
+++ b/crypto/telnet/telnetd/state.c
@@ -0,0 +1,1619 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+#if 0
+static const char sccsid[] = "@(#)state.c	8.5 (Berkeley) 5/30/95";
+#endif
+static const char rcsid[] =
+  "$FreeBSD$";
+#endif /* not lint */
+
+#include "telnetd.h"
+#if	defined(AUTHENTICATION)
+#include <libtelnet/auth.h>
+#endif
+#if	defined(ENCRYPTION)
+#include <libtelnet/encrypt.h>
+#endif
+
+unsigned char	doopt[] = { IAC, DO, '%', 'c', 0 };
+unsigned char	dont[] = { IAC, DONT, '%', 'c', 0 };
+unsigned char	will[] = { IAC, WILL, '%', 'c', 0 };
+unsigned char	wont[] = { IAC, WONT, '%', 'c', 0 };
+int	not42 = 1;
+
+/*
+ * Buffer for sub-options, and macros
+ * for suboptions buffer manipulations
+ */
+unsigned char subbuffer[512], *subpointer= subbuffer, *subend= subbuffer;
+
+#define	SB_CLEAR()	subpointer = subbuffer
+#define	SB_TERM()	{ subend = subpointer; SB_CLEAR(); }
+#define	SB_ACCUM(c)	if (subpointer < (subbuffer+sizeof subbuffer)) { \
+				*subpointer++ = (c); \
+			}
+#define	SB_GET()	((*subpointer++)&0xff)
+#define	SB_EOF()	(subpointer >= subend)
+#define	SB_LEN()	(subend - subpointer)
+
+#ifdef	ENV_HACK
+unsigned char *subsave;
+#define SB_SAVE()	subsave = subpointer;
+#define	SB_RESTORE()	subpointer = subsave;
+#endif
+
+
+/*
+ * State for recv fsm
+ */
+#define	TS_DATA		0	/* base state */
+#define	TS_IAC		1	/* look for double IAC's */
+#define	TS_CR		2	/* CR-LF ->'s CR */
+#define	TS_SB		3	/* throw away begin's... */
+#define	TS_SE		4	/* ...end's (suboption negotiation) */
+#define	TS_WILL		5	/* will option negotiation */
+#define	TS_WONT		6	/* wont " */
+#define	TS_DO		7	/* do " */
+#define	TS_DONT		8	/* dont " */
+
+	void
+telrcv()
+{
+	register int c;
+	static int state = TS_DATA;
+#if	defined(CRAY2) && defined(UNICOS5)
+	char *opfrontp = pfrontp;
+#endif
+
+	while (ncc > 0) {
+		if ((&ptyobuf[BUFSIZ] - pfrontp) < 2)
+			break;
+		c = *netip++ & 0377, ncc--;
+#ifdef	ENCRYPTION
+		if (decrypt_input)
+			c = (*decrypt_input)(c);
+#endif	/* ENCRYPTION */
+		switch (state) {
+
+		case TS_CR:
+			state = TS_DATA;
+			/* Strip off \n or \0 after a \r */
+			if ((c == 0) || (c == '\n')) {
+				break;
+			}
+			/* FALL THROUGH */
+
+		case TS_DATA:
+			if (c == IAC) {
+				state = TS_IAC;
+				break;
+			}
+			/*
+			 * We now map \r\n ==> \r for pragmatic reasons.
+			 * Many client implementations send \r\n when
+			 * the user hits the CarriageReturn key.
+			 *
+			 * We USED to map \r\n ==> \n, since \r\n says
+			 * that we want to be in column 1 of the next
+			 * printable line, and \n is the standard
+			 * unix way of saying that (\r is only good
+			 * if CRMOD is set, which it normally is).
+			 */
+			if ((c == '\r') && his_state_is_wont(TELOPT_BINARY)) {
+				int nc = *netip;
+#ifdef	ENCRYPTION
+				if (decrypt_input)
+					nc = (*decrypt_input)(nc & 0xff);
+#endif	/* ENCRYPTION */
+#ifdef	LINEMODE
+				/*
+				 * If we are operating in linemode,
+				 * convert to local end-of-line.
+				 */
+				if (linemode && (ncc > 0) && (('\n' == nc) ||
+					 ((0 == nc) && tty_iscrnl())) ) {
+					netip++; ncc--;
+					c = '\n';
+				} else
+#endif
+				{
+#ifdef	ENCRYPTION
+					if (decrypt_input)
+						(void)(*decrypt_input)(-1);
+#endif	/* ENCRYPTION */
+					state = TS_CR;
+				}
+			}
+			*pfrontp++ = c;
+			break;
+
+		case TS_IAC:
+gotiac:			switch (c) {
+
+			/*
+			 * Send the process on the pty side an
+			 * interrupt.  Do this with a NULL or
+			 * interrupt char; depending on the tty mode.
+			 */
+			case IP:
+				DIAG(TD_OPTIONS,
+					printoption("td: recv IAC", c));
+				interrupt();
+				break;
+
+			case BREAK:
+				DIAG(TD_OPTIONS,
+					printoption("td: recv IAC", c));
+				sendbrk();
+				break;
+
+			/*
+			 * Are You There?
+			 */
+			case AYT:
+				DIAG(TD_OPTIONS,
+					printoption("td: recv IAC", c));
+				recv_ayt();
+				break;
+
+			/*
+			 * Abort Output
+			 */
+			case AO:
+			    {
+				DIAG(TD_OPTIONS,
+					printoption("td: recv IAC", c));
+				ptyflush();	/* half-hearted */
+				init_termbuf();
+
+				if (slctab[SLC_AO].sptr &&
+				    *slctab[SLC_AO].sptr != (cc_t)(_POSIX_VDISABLE)) {
+				    *pfrontp++ =
+					(unsigned char)*slctab[SLC_AO].sptr;
+				}
+
+				netclear();	/* clear buffer back */
+				*nfrontp++ = IAC;
+				*nfrontp++ = DM;
+				neturg = nfrontp-1; /* off by one XXX */
+				DIAG(TD_OPTIONS,
+					printoption("td: send IAC", DM));
+				break;
+			    }
+
+			/*
+			 * Erase Character and
+			 * Erase Line
+			 */
+			case EC:
+			case EL:
+			    {
+				cc_t ch;
+
+				DIAG(TD_OPTIONS,
+					printoption("td: recv IAC", c));
+				ptyflush();	/* half-hearted */
+				init_termbuf();
+				if (c == EC)
+					ch = *slctab[SLC_EC].sptr;
+				else
+					ch = *slctab[SLC_EL].sptr;
+				if (ch != (cc_t)(_POSIX_VDISABLE))
+					*pfrontp++ = (unsigned char)ch;
+				break;
+			    }
+
+			/*
+			 * Check for urgent data...
+			 */
+			case DM:
+				DIAG(TD_OPTIONS,
+					printoption("td: recv IAC", c));
+				SYNCHing = stilloob(net);
+				settimer(gotDM);
+				break;
+
+
+			/*
+			 * Begin option subnegotiation...
+			 */
+			case SB:
+				state = TS_SB;
+				SB_CLEAR();
+				continue;
+
+			case WILL:
+				state = TS_WILL;
+				continue;
+
+			case WONT:
+				state = TS_WONT;
+				continue;
+
+			case DO:
+				state = TS_DO;
+				continue;
+
+			case DONT:
+				state = TS_DONT;
+				continue;
+			case EOR:
+				if (his_state_is_will(TELOPT_EOR))
+					doeof();
+				break;
+
+			/*
+			 * Handle RFC 10xx Telnet linemode option additions
+			 * to command stream (EOF, SUSP, ABORT).
+			 */
+			case xEOF:
+				doeof();
+				break;
+
+			case SUSP:
+				sendsusp();
+				break;
+
+			case ABORT:
+				sendbrk();
+				break;
+
+			case IAC:
+				*pfrontp++ = c;
+				break;
+			}
+			state = TS_DATA;
+			break;
+
+		case TS_SB:
+			if (c == IAC) {
+				state = TS_SE;
+			} else {
+				SB_ACCUM(c);
+			}
+			break;
+
+		case TS_SE:
+			if (c != SE) {
+				if (c != IAC) {
+					/*
+					 * bad form of suboption negotiation.
+					 * handle it in such a way as to avoid
+					 * damage to local state.  Parse
+					 * suboption buffer found so far,
+					 * then treat remaining stream as
+					 * another command sequence.
+					 */
+
+					/* for DIAGNOSTICS */
+					SB_ACCUM(IAC);
+					SB_ACCUM(c);
+					subpointer -= 2;
+
+					SB_TERM();
+					suboption();
+					state = TS_IAC;
+					goto gotiac;
+				}
+				SB_ACCUM(c);
+				state = TS_SB;
+			} else {
+				/* for DIAGNOSTICS */
+				SB_ACCUM(IAC);
+				SB_ACCUM(SE);
+				subpointer -= 2;
+
+				SB_TERM();
+				suboption();	/* handle sub-option */
+				state = TS_DATA;
+			}
+			break;
+
+		case TS_WILL:
+			willoption(c);
+			state = TS_DATA;
+			continue;
+
+		case TS_WONT:
+			wontoption(c);
+			state = TS_DATA;
+			continue;
+
+		case TS_DO:
+			dooption(c);
+			state = TS_DATA;
+			continue;
+
+		case TS_DONT:
+			dontoption(c);
+			state = TS_DATA;
+			continue;
+
+		default:
+			syslog(LOG_ERR, "panic state=%d", state);
+			printf("telnetd: panic state=%d\n", state);
+			exit(1);
+		}
+	}
+#if	defined(CRAY2) && defined(UNICOS5)
+	if (!linemode) {
+		char	xptyobuf[BUFSIZ+NETSLOP];
+		char	xbuf2[BUFSIZ];
+		register char *cp;
+		int n = pfrontp - opfrontp, oc;
+		memmove(xptyobuf, opfrontp, n);
+		pfrontp = opfrontp;
+		pfrontp += term_input(xptyobuf, pfrontp, n, BUFSIZ+NETSLOP,
+					xbuf2, &oc, BUFSIZ);
+		for (cp = xbuf2; oc > 0; --oc)
+			if ((*nfrontp++ = *cp++) == IAC)
+				*nfrontp++ = IAC;
+	}
+#endif	/* defined(CRAY2) && defined(UNICOS5) */
+}  /* end of telrcv */
+
+/*
+ * The will/wont/do/dont state machines are based on Dave Borman's
+ * Telnet option processing state machine.
+ *
+ * These correspond to the following states:
+ *	my_state = the last negotiated state
+ *	want_state = what I want the state to go to
+ *	want_resp = how many requests I have sent
+ * All state defaults are negative, and resp defaults to 0.
+ *
+ * When initiating a request to change state to new_state:
+ *
+ * if ((want_resp == 0 && new_state == my_state) || want_state == new_state) {
+ *	do nothing;
+ * } else {
+ *	want_state = new_state;
+ *	send new_state;
+ *	want_resp++;
+ * }
+ *
+ * When receiving new_state:
+ *
+ * if (want_resp) {
+ *	want_resp--;
+ *	if (want_resp && (new_state == my_state))
+ *		want_resp--;
+ * }
+ * if ((want_resp == 0) && (new_state != want_state)) {
+ *	if (ok_to_switch_to new_state)
+ *		want_state = new_state;
+ *	else
+ *		want_resp++;
+ *	send want_state;
+ * }
+ * my_state = new_state;
+ *
+ * Note that new_state is implied in these functions by the function itself.
+ * will and do imply positive new_state, wont and dont imply negative.
+ *
+ * Finally, there is one catch.  If we send a negative response to a
+ * positive request, my_state will be the positive while want_state will
+ * remain negative.  my_state will revert to negative when the negative
+ * acknowlegment arrives from the peer.  Thus, my_state generally tells
+ * us not only the last negotiated state, but also tells us what the peer
+ * wants to be doing as well.  It is important to understand this difference
+ * as we may wish to be processing data streams based on our desired state
+ * (want_state) or based on what the peer thinks the state is (my_state).
+ *
+ * This all works fine because if the peer sends a positive request, the data
+ * that we receive prior to negative acknowlegment will probably be affected
+ * by the positive state, and we can process it as such (if we can; if we
+ * can't then it really doesn't matter).  If it is that important, then the
+ * peer probably should be buffering until this option state negotiation
+ * is complete.
+ *
+ */
+	void
+send_do(option, init)
+	int option, init;
+{
+	if (init) {
+		if ((do_dont_resp[option] == 0 && his_state_is_will(option)) ||
+		    his_want_state_is_will(option))
+			return;
+		/*
+		 * Special case for TELOPT_TM:  We send a DO, but pretend
+		 * that we sent a DONT, so that we can send more DOs if
+		 * we want to.
+		 */
+		if (option == TELOPT_TM)
+			set_his_want_state_wont(option);
+		else
+			set_his_want_state_will(option);
+		do_dont_resp[option]++;
+	}
+	(void) sprintf(nfrontp, (char *)doopt, option);
+	nfrontp += sizeof (dont) - 2;
+
+	DIAG(TD_OPTIONS, printoption("td: send do", option));
+}
+
+#ifdef	AUTHENTICATION
+extern void auth_request();
+#endif
+#ifdef	LINEMODE
+extern void doclientstat();
+#endif
+#ifdef	ENCRYPTION
+extern void encrypt_send_support();
+#endif	/* ENCRYPTION */
+
+	void
+willoption(option)
+	int option;
+{
+	int changeok = 0;
+	void (*func)() = 0;
+
+	/*
+	 * process input from peer.
+	 */
+
+	DIAG(TD_OPTIONS, printoption("td: recv will", option));
+
+	if (do_dont_resp[option]) {
+		do_dont_resp[option]--;
+		if (do_dont_resp[option] && his_state_is_will(option))
+			do_dont_resp[option]--;
+	}
+	if (do_dont_resp[option] == 0) {
+	    if (his_want_state_is_wont(option)) {
+		switch (option) {
+
+		case TELOPT_BINARY:
+			init_termbuf();
+			tty_binaryin(1);
+			set_termbuf();
+			changeok++;
+			break;
+
+		case TELOPT_ECHO:
+			/*
+			 * See comments below for more info.
+			 */
+			not42 = 0;	/* looks like a 4.2 system */
+			break;
+
+		case TELOPT_TM:
+#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
+			/*
+			 * This telnetd implementation does not really
+			 * support timing marks, it just uses them to
+			 * support the kludge linemode stuff.  If we
+			 * receive a will or wont TM in response to our
+			 * do TM request that may have been sent to
+			 * determine kludge linemode support, process
+			 * it, otherwise TM should get a negative
+			 * response back.
+			 */
+			/*
+			 * Handle the linemode kludge stuff.
+			 * If we are not currently supporting any
+			 * linemode at all, then we assume that this
+			 * is the client telling us to use kludge
+			 * linemode in response to our query.  Set the
+			 * linemode type that is to be supported, note
+			 * that the client wishes to use linemode, and
+			 * eat the will TM as though it never arrived.
+			 */
+			if (lmodetype < KLUDGE_LINEMODE) {
+				lmodetype = KLUDGE_LINEMODE;
+				clientstat(TELOPT_LINEMODE, WILL, 0);
+				send_wont(TELOPT_SGA, 1);
+			} else if (lmodetype == NO_AUTOKLUDGE) {
+				lmodetype = KLUDGE_OK;
+			}
+#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
+			/*
+			 * We never respond to a WILL TM, and
+			 * we leave the state WONT.
+			 */
+			return;
+
+		case TELOPT_LFLOW:
+			/*
+			 * If we are going to support flow control
+			 * option, then don't worry peer that we can't
+			 * change the flow control characters.
+			 */
+			slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
+			slctab[SLC_XON].defset.flag |= SLC_DEFAULT;
+			slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
+			slctab[SLC_XOFF].defset.flag |= SLC_DEFAULT;
+		case TELOPT_TTYPE:
+		case TELOPT_SGA:
+		case TELOPT_NAWS:
+		case TELOPT_TSPEED:
+		case TELOPT_XDISPLOC:
+		case TELOPT_NEW_ENVIRON:
+		case TELOPT_OLD_ENVIRON:
+			changeok++;
+			break;
+
+#ifdef	LINEMODE
+		case TELOPT_LINEMODE:
+# ifdef	KLUDGELINEMODE
+			/*
+			 * Note client's desire to use linemode.
+			 */
+			lmodetype = REAL_LINEMODE;
+# endif	/* KLUDGELINEMODE */
+			func = doclientstat;
+			changeok++;
+			break;
+#endif	/* LINEMODE */
+
+#ifdef	AUTHENTICATION
+		case TELOPT_AUTHENTICATION:
+			func = auth_request;
+			changeok++;
+			break;
+#endif
+
+#ifdef	ENCRYPTION
+		case TELOPT_ENCRYPT:
+			func = encrypt_send_support;
+			changeok++;
+			break;
+#endif	/* ENCRYPTION */
+
+		default:
+			break;
+		}
+		if (changeok) {
+			set_his_want_state_will(option);
+			send_do(option, 0);
+		} else {
+			do_dont_resp[option]++;
+			send_dont(option, 0);
+		}
+	    } else {
+		/*
+		 * Option processing that should happen when
+		 * we receive conformation of a change in
+		 * state that we had requested.
+		 */
+		switch (option) {
+		case TELOPT_ECHO:
+			not42 = 0;	/* looks like a 4.2 system */
+			/*
+			 * Egads, he responded "WILL ECHO".  Turn
+			 * it off right now!
+			 */
+			send_dont(option, 1);
+			/*
+			 * "WILL ECHO".  Kludge upon kludge!
+			 * A 4.2 client is now echoing user input at
+			 * the tty.  This is probably undesireable and
+			 * it should be stopped.  The client will
+			 * respond WONT TM to the DO TM that we send to
+			 * check for kludge linemode.  When the WONT TM
+			 * arrives, linemode will be turned off and a
+			 * change propogated to the pty.  This change
+			 * will cause us to process the new pty state
+			 * in localstat(), which will notice that
+			 * linemode is off and send a WILL ECHO
+			 * so that we are properly in character mode and
+			 * all is well.
+			 */
+			break;
+#ifdef	LINEMODE
+		case TELOPT_LINEMODE:
+# ifdef	KLUDGELINEMODE
+			/*
+			 * Note client's desire to use linemode.
+			 */
+			lmodetype = REAL_LINEMODE;
+# endif	/* KLUDGELINEMODE */
+			func = doclientstat;
+			break;
+#endif	/* LINEMODE */
+
+#ifdef	AUTHENTICATION
+		case TELOPT_AUTHENTICATION:
+			func = auth_request;
+			break;
+#endif
+
+#ifdef	ENCRYPTION
+		case TELOPT_ENCRYPT:
+			func = encrypt_send_support;
+			break;
+#endif	/* ENCRYPTION */
+		case TELOPT_LFLOW:
+			func = flowstat;
+			break;
+		}
+	    }
+	}
+	set_his_state_will(option);
+	if (func)
+		(*func)();
+}  /* end of willoption */
+
+	void
+send_dont(option, init)
+	int option, init;
+{
+	if (init) {
+		if ((do_dont_resp[option] == 0 && his_state_is_wont(option)) ||
+		    his_want_state_is_wont(option))
+			return;
+		set_his_want_state_wont(option);
+		do_dont_resp[option]++;
+	}
+	(void) sprintf(nfrontp, (char *)dont, option);
+	nfrontp += sizeof (doopt) - 2;
+
+	DIAG(TD_OPTIONS, printoption("td: send dont", option));
+}
+
+	void
+wontoption(option)
+	int option;
+{
+	/*
+	 * Process client input.
+	 */
+
+	DIAG(TD_OPTIONS, printoption("td: recv wont", option));
+
+	if (do_dont_resp[option]) {
+		do_dont_resp[option]--;
+		if (do_dont_resp[option] && his_state_is_wont(option))
+			do_dont_resp[option]--;
+	}
+	if (do_dont_resp[option] == 0) {
+	    if (his_want_state_is_will(option)) {
+		/* it is always ok to change to negative state */
+		switch (option) {
+		case TELOPT_ECHO:
+			not42 = 1; /* doesn't seem to be a 4.2 system */
+			break;
+
+		case TELOPT_BINARY:
+			init_termbuf();
+			tty_binaryin(0);
+			set_termbuf();
+			break;
+
+#ifdef	LINEMODE
+		case TELOPT_LINEMODE:
+# ifdef	KLUDGELINEMODE
+			/*
+			 * If real linemode is supported, then client is
+			 * asking to turn linemode off.
+			 */
+			if (lmodetype != REAL_LINEMODE)
+				break;
+# endif	/* KLUDGELINEMODE */
+			clientstat(TELOPT_LINEMODE, WONT, 0);
+			break;
+#endif	/* LINEMODE */
+
+		case TELOPT_TM:
+			/*
+			 * If we get a WONT TM, and had sent a DO TM,
+			 * don't respond with a DONT TM, just leave it
+			 * as is.  Short circut the state machine to
+			 * achive this.
+			 */
+			set_his_want_state_wont(TELOPT_TM);
+			return;
+
+		case TELOPT_LFLOW:
+			/*
+			 * If we are not going to support flow control
+			 * option, then let peer know that we can't
+			 * change the flow control characters.
+			 */
+			slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
+			slctab[SLC_XON].defset.flag |= SLC_CANTCHANGE;
+			slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
+			slctab[SLC_XOFF].defset.flag |= SLC_CANTCHANGE;
+			break;
+
+#if	defined(AUTHENTICATION)
+		case TELOPT_AUTHENTICATION:
+			auth_finished(0, AUTH_REJECT);
+			break;
+#endif
+
+		/*
+		 * For options that we might spin waiting for
+		 * sub-negotiation, if the client turns off the
+		 * option rather than responding to the request,
+		 * we have to treat it here as if we got a response
+		 * to the sub-negotiation, (by updating the timers)
+		 * so that we'll break out of the loop.
+		 */
+		case TELOPT_TTYPE:
+			settimer(ttypesubopt);
+			break;
+
+		case TELOPT_TSPEED:
+			settimer(tspeedsubopt);
+			break;
+
+		case TELOPT_XDISPLOC:
+			settimer(xdisplocsubopt);
+			break;
+
+		case TELOPT_OLD_ENVIRON:
+			settimer(oenvironsubopt);
+			break;
+
+		case TELOPT_NEW_ENVIRON:
+			settimer(environsubopt);
+			break;
+
+		default:
+			break;
+		}
+		set_his_want_state_wont(option);
+		if (his_state_is_will(option))
+			send_dont(option, 0);
+	    } else {
+		switch (option) {
+		case TELOPT_TM:
+#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
+			if (lmodetype < NO_AUTOKLUDGE) {
+				lmodetype = NO_LINEMODE;
+				clientstat(TELOPT_LINEMODE, WONT, 0);
+				send_will(TELOPT_SGA, 1);
+				send_will(TELOPT_ECHO, 1);
+			}
+#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
+			break;
+
+#if	defined(AUTHENTICATION)
+		case TELOPT_AUTHENTICATION:
+			auth_finished(0, AUTH_REJECT);
+			break;
+#endif
+		default:
+			break;
+		}
+	    }
+	}
+	set_his_state_wont(option);
+
+}  /* end of wontoption */
+
+	void
+send_will(option, init)
+	int option, init;
+{
+	if (init) {
+		if ((will_wont_resp[option] == 0 && my_state_is_will(option))||
+		    my_want_state_is_will(option))
+			return;
+		set_my_want_state_will(option);
+		will_wont_resp[option]++;
+	}
+	(void) sprintf(nfrontp, (char *)will, option);
+	nfrontp += sizeof (doopt) - 2;
+
+	DIAG(TD_OPTIONS, printoption("td: send will", option));
+}
+
+#if	!defined(LINEMODE) || !defined(KLUDGELINEMODE)
+/*
+ * When we get a DONT SGA, we will try once to turn it
+ * back on.  If the other side responds DONT SGA, we
+ * leave it at that.  This is so that when we talk to
+ * clients that understand KLUDGELINEMODE but not LINEMODE,
+ * we'll keep them in char-at-a-time mode.
+ */
+int turn_on_sga = 0;
+#endif
+
+	void
+dooption(option)
+	int option;
+{
+	int changeok = 0;
+
+	/*
+	 * Process client input.
+	 */
+
+	DIAG(TD_OPTIONS, printoption("td: recv do", option));
+
+	if (will_wont_resp[option]) {
+		will_wont_resp[option]--;
+		if (will_wont_resp[option] && my_state_is_will(option))
+			will_wont_resp[option]--;
+	}
+	if ((will_wont_resp[option] == 0) && (my_want_state_is_wont(option))) {
+		switch (option) {
+		case TELOPT_ECHO:
+#ifdef	LINEMODE
+# ifdef	KLUDGELINEMODE
+			if (lmodetype == NO_LINEMODE)
+# else
+			if (his_state_is_wont(TELOPT_LINEMODE))
+# endif
+#endif
+			{
+				init_termbuf();
+				tty_setecho(1);
+				set_termbuf();
+			}
+			changeok++;
+			break;
+
+		case TELOPT_BINARY:
+			init_termbuf();
+			tty_binaryout(1);
+			set_termbuf();
+			changeok++;
+			break;
+
+		case TELOPT_SGA:
+#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
+			/*
+			 * If kludge linemode is in use, then we must
+			 * process an incoming do SGA for linemode
+			 * purposes.
+			 */
+			if (lmodetype == KLUDGE_LINEMODE) {
+				/*
+				 * Receipt of "do SGA" in kludge
+				 * linemode is the peer asking us to
+				 * turn off linemode.  Make note of
+				 * the request.
+				 */
+				clientstat(TELOPT_LINEMODE, WONT, 0);
+				/*
+				 * If linemode did not get turned off
+				 * then don't tell peer that we did.
+				 * Breaking here forces a wont SGA to
+				 * be returned.
+				 */
+				if (linemode)
+					break;
+			}
+#else
+			turn_on_sga = 0;
+#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
+			changeok++;
+			break;
+
+		case TELOPT_STATUS:
+			changeok++;
+			break;
+
+		case TELOPT_TM:
+			/*
+			 * Special case for TM.  We send a WILL, but
+			 * pretend we sent a WONT.
+			 */
+			send_will(option, 0);
+			set_my_want_state_wont(option);
+			set_my_state_wont(option);
+			return;
+
+		case TELOPT_LOGOUT:
+			/*
+			 * When we get a LOGOUT option, respond
+			 * with a WILL LOGOUT, make sure that
+			 * it gets written out to the network,
+			 * and then just go away...
+			 */
+			set_my_want_state_will(TELOPT_LOGOUT);
+			send_will(TELOPT_LOGOUT, 0);
+			set_my_state_will(TELOPT_LOGOUT);
+			(void)netflush();
+			cleanup(0);
+			/* NOT REACHED */
+			break;
+
+#ifdef	ENCRYPTION
+		case TELOPT_ENCRYPT:
+			changeok++;
+			break;
+#endif	/* ENCRYPTION */
+		case TELOPT_LINEMODE:
+		case TELOPT_TTYPE:
+		case TELOPT_NAWS:
+		case TELOPT_TSPEED:
+		case TELOPT_LFLOW:
+		case TELOPT_XDISPLOC:
+#ifdef	TELOPT_ENVIRON
+		case TELOPT_NEW_ENVIRON:
+#endif
+		case TELOPT_OLD_ENVIRON:
+		default:
+			break;
+		}
+		if (changeok) {
+			set_my_want_state_will(option);
+			send_will(option, 0);
+		} else {
+			will_wont_resp[option]++;
+			send_wont(option, 0);
+		}
+	}
+	set_my_state_will(option);
+
+}  /* end of dooption */
+
+	void
+send_wont(option, init)
+	int option, init;
+{
+	if (init) {
+		if ((will_wont_resp[option] == 0 && my_state_is_wont(option)) ||
+		    my_want_state_is_wont(option))
+			return;
+		set_my_want_state_wont(option);
+		will_wont_resp[option]++;
+	}
+	(void) sprintf(nfrontp, (char *)wont, option);
+	nfrontp += sizeof (wont) - 2;
+
+	DIAG(TD_OPTIONS, printoption("td: send wont", option));
+}
+
+	void
+dontoption(option)
+	int option;
+{
+	/*
+	 * Process client input.
+	 */
+
+
+	DIAG(TD_OPTIONS, printoption("td: recv dont", option));
+
+	if (will_wont_resp[option]) {
+		will_wont_resp[option]--;
+		if (will_wont_resp[option] && my_state_is_wont(option))
+			will_wont_resp[option]--;
+	}
+	if ((will_wont_resp[option] == 0) && (my_want_state_is_will(option))) {
+		switch (option) {
+		case TELOPT_BINARY:
+			init_termbuf();
+			tty_binaryout(0);
+			set_termbuf();
+			break;
+
+		case TELOPT_ECHO:	/* we should stop echoing */
+#ifdef	LINEMODE
+# ifdef	KLUDGELINEMODE
+			if ((lmodetype != REAL_LINEMODE) &&
+			    (lmodetype != KLUDGE_LINEMODE))
+# else
+			if (his_state_is_wont(TELOPT_LINEMODE))
+# endif
+#endif
+			{
+				init_termbuf();
+				tty_setecho(0);
+				set_termbuf();
+			}
+			break;
+
+		case TELOPT_SGA:
+#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
+			/*
+			 * If kludge linemode is in use, then we
+			 * must process an incoming do SGA for
+			 * linemode purposes.
+			 */
+			if ((lmodetype == KLUDGE_LINEMODE) ||
+			    (lmodetype == KLUDGE_OK)) {
+				/*
+				 * The client is asking us to turn
+				 * linemode on.
+				 */
+				lmodetype = KLUDGE_LINEMODE;
+				clientstat(TELOPT_LINEMODE, WILL, 0);
+				/*
+				 * If we did not turn line mode on,
+				 * then what do we say?  Will SGA?
+				 * This violates design of telnet.
+				 * Gross.  Very Gross.
+				 */
+			}
+			break;
+#else
+			set_my_want_state_wont(option);
+			if (my_state_is_will(option))
+				send_wont(option, 0);
+			set_my_state_wont(option);
+			if (turn_on_sga ^= 1)
+				send_will(option, 1);
+			return;
+#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
+
+		default:
+			break;
+		}
+
+		set_my_want_state_wont(option);
+		if (my_state_is_will(option))
+			send_wont(option, 0);
+	}
+	set_my_state_wont(option);
+
+}  /* end of dontoption */
+
+#ifdef	ENV_HACK
+int env_ovar = -1;
+int env_ovalue = -1;
+#else	/* ENV_HACK */
+# define env_ovar OLD_ENV_VAR
+# define env_ovalue OLD_ENV_VALUE
+#endif	/* ENV_HACK */
+
+/*
+ * suboption()
+ *
+ *	Look at the sub-option buffer, and try to be helpful to the other
+ * side.
+ *
+ *	Currently we recognize:
+ *
+ *	Terminal type is
+ *	Linemode
+ *	Window size
+ *	Terminal speed
+ */
+	void
+suboption()
+{
+    register int subchar;
+
+    DIAG(TD_OPTIONS, {netflush(); printsub('<', subpointer, SB_LEN()+2);});
+
+    subchar = SB_GET();
+    switch (subchar) {
+    case TELOPT_TSPEED: {
+	register int xspeed, rspeed;
+
+	if (his_state_is_wont(TELOPT_TSPEED))	/* Ignore if option disabled */
+		break;
+
+	settimer(tspeedsubopt);
+
+	if (SB_EOF() || SB_GET() != TELQUAL_IS)
+		return;
+
+	xspeed = atoi((char *)subpointer);
+
+	while (SB_GET() != ',' && !SB_EOF());
+	if (SB_EOF())
+		return;
+
+	rspeed = atoi((char *)subpointer);
+	clientstat(TELOPT_TSPEED, xspeed, rspeed);
+
+	break;
+
+    }  /* end of case TELOPT_TSPEED */
+
+    case TELOPT_TTYPE: {		/* Yaaaay! */
+	static char terminalname[41];
+
+	if (his_state_is_wont(TELOPT_TTYPE))	/* Ignore if option disabled */
+		break;
+	settimer(ttypesubopt);
+
+	if (SB_EOF() || SB_GET() != TELQUAL_IS) {
+	    return;		/* ??? XXX but, this is the most robust */
+	}
+
+	terminaltype = terminalname;
+
+	while ((terminaltype < (terminalname + sizeof terminalname-1)) &&
+								    !SB_EOF()) {
+	    register int c;
+
+	    c = SB_GET();
+	    if (isupper(c)) {
+		c = tolower(c);
+	    }
+	    *terminaltype++ = c;    /* accumulate name */
+	}
+	*terminaltype = 0;
+	terminaltype = terminalname;
+	break;
+    }  /* end of case TELOPT_TTYPE */
+
+    case TELOPT_NAWS: {
+	register int xwinsize, ywinsize;
+
+	if (his_state_is_wont(TELOPT_NAWS))	/* Ignore if option disabled */
+		break;
+
+	if (SB_EOF())
+		return;
+	xwinsize = SB_GET() << 8;
+	if (SB_EOF())
+		return;
+	xwinsize |= SB_GET();
+	if (SB_EOF())
+		return;
+	ywinsize = SB_GET() << 8;
+	if (SB_EOF())
+		return;
+	ywinsize |= SB_GET();
+	clientstat(TELOPT_NAWS, xwinsize, ywinsize);
+
+	break;
+
+    }  /* end of case TELOPT_NAWS */
+
+#ifdef	LINEMODE
+    case TELOPT_LINEMODE: {
+	register int request;
+
+	if (his_state_is_wont(TELOPT_LINEMODE))	/* Ignore if option disabled */
+		break;
+	/*
+	 * Process linemode suboptions.
+	 */
+	if (SB_EOF())
+	    break;		/* garbage was sent */
+	request = SB_GET();	/* get will/wont */
+
+	if (SB_EOF())
+	    break;		/* another garbage check */
+
+	if (request == LM_SLC) {  /* SLC is not preceeded by WILL or WONT */
+		/*
+		 * Process suboption buffer of slc's
+		 */
+		start_slc(1);
+		do_opt_slc(subpointer, subend - subpointer);
+		(void) end_slc(0);
+		break;
+	} else if (request == LM_MODE) {
+		if (SB_EOF())
+		    return;
+		useeditmode = SB_GET();  /* get mode flag */
+		clientstat(LM_MODE, 0, 0);
+		break;
+	}
+
+	if (SB_EOF())
+	    break;
+	switch (SB_GET()) {  /* what suboption? */
+	case LM_FORWARDMASK:
+		/*
+		 * According to spec, only server can send request for
+		 * forwardmask, and client can only return a positive response.
+		 * So don't worry about it.
+		 */
+
+	default:
+		break;
+	}
+	break;
+    }  /* end of case TELOPT_LINEMODE */
+#endif
+    case TELOPT_STATUS: {
+	int mode;
+
+	if (SB_EOF())
+	    break;
+	mode = SB_GET();
+	switch (mode) {
+	case TELQUAL_SEND:
+	    if (my_state_is_will(TELOPT_STATUS))
+		send_status();
+	    break;
+
+	case TELQUAL_IS:
+	    break;
+
+	default:
+	    break;
+	}
+	break;
+    }  /* end of case TELOPT_STATUS */
+
+    case TELOPT_XDISPLOC: {
+	if (SB_EOF() || SB_GET() != TELQUAL_IS)
+		return;
+	settimer(xdisplocsubopt);
+	subpointer[SB_LEN()] = '\0';
+	(void)setenv("DISPLAY", (char *)subpointer, 1);
+	break;
+    }  /* end of case TELOPT_XDISPLOC */
+
+#ifdef	TELOPT_NEW_ENVIRON
+    case TELOPT_NEW_ENVIRON:
+#endif
+    case TELOPT_OLD_ENVIRON: {
+	register int c;
+	register char *cp, *varp, *valp;
+
+	if (SB_EOF())
+		return;
+	c = SB_GET();
+	if (c == TELQUAL_IS) {
+		if (subchar == TELOPT_OLD_ENVIRON)
+			settimer(oenvironsubopt);
+		else
+			settimer(environsubopt);
+	} else if (c != TELQUAL_INFO) {
+		return;
+	}
+
+#ifdef	TELOPT_NEW_ENVIRON
+	if (subchar == TELOPT_NEW_ENVIRON) {
+	    while (!SB_EOF()) {
+		c = SB_GET();
+		if ((c == NEW_ENV_VAR) || (c == ENV_USERVAR))
+			break;
+	    }
+	} else
+#endif
+	{
+#ifdef	ENV_HACK
+	    /*
+	     * We only want to do this if we haven't already decided
+	     * whether or not the other side has its VALUE and VAR
+	     * reversed.
+	     */
+	    if (env_ovar < 0) {
+		register int last = -1;		/* invalid value */
+		int empty = 0;
+		int got_var = 0, got_value = 0, got_uservar = 0;
+
+		/*
+		 * The other side might have its VALUE and VAR values
+		 * reversed.  To be interoperable, we need to determine
+		 * which way it is.  If the first recognized character
+		 * is a VAR or VALUE, then that will tell us what
+		 * type of client it is.  If the fist recognized
+		 * character is a USERVAR, then we continue scanning
+		 * the suboption looking for two consecutive
+		 * VAR or VALUE fields.  We should not get two
+		 * consecutive VALUE fields, so finding two
+		 * consecutive VALUE or VAR fields will tell us
+		 * what the client is.
+		 */
+		SB_SAVE();
+		while (!SB_EOF()) {
+			c = SB_GET();
+			switch(c) {
+			case OLD_ENV_VAR:
+				if (last < 0 || last == OLD_ENV_VAR
+				    || (empty && (last == OLD_ENV_VALUE)))
+					goto env_ovar_ok;
+				got_var++;
+				last = OLD_ENV_VAR;
+				break;
+			case OLD_ENV_VALUE:
+				if (last < 0 || last == OLD_ENV_VALUE
+				    || (empty && (last == OLD_ENV_VAR)))
+					goto env_ovar_wrong;
+				got_value++;
+				last = OLD_ENV_VALUE;
+				break;
+			case ENV_USERVAR:
+				/* count strings of USERVAR as one */
+				if (last != ENV_USERVAR)
+					got_uservar++;
+				if (empty) {
+					if (last == OLD_ENV_VALUE)
+						goto env_ovar_ok;
+					if (last == OLD_ENV_VAR)
+						goto env_ovar_wrong;
+				}
+				last = ENV_USERVAR;
+				break;
+			case ENV_ESC:
+				if (!SB_EOF())
+					c = SB_GET();
+				/* FALL THROUGH */
+			default:
+				empty = 0;
+				continue;
+			}
+			empty = 1;
+		}
+		if (empty) {
+			if (last == OLD_ENV_VALUE)
+				goto env_ovar_ok;
+			if (last == OLD_ENV_VAR)
+				goto env_ovar_wrong;
+		}
+		/*
+		 * Ok, the first thing was a USERVAR, and there
+		 * are not two consecutive VAR or VALUE commands,
+		 * and none of the VAR or VALUE commands are empty.
+		 * If the client has sent us a well-formed option,
+		 * then the number of VALUEs received should always
+		 * be less than or equal to the number of VARs and
+		 * USERVARs received.
+		 *
+		 * If we got exactly as many VALUEs as VARs and
+		 * USERVARs, the client has the same definitions.
+		 *
+		 * If we got exactly as many VARs as VALUEs and
+		 * USERVARS, the client has reversed definitions.
+		 */
+		if (got_uservar + got_var == got_value) {
+	    env_ovar_ok:
+			env_ovar = OLD_ENV_VAR;
+			env_ovalue = OLD_ENV_VALUE;
+		} else if (got_uservar + got_value == got_var) {
+	    env_ovar_wrong:
+			env_ovar = OLD_ENV_VALUE;
+			env_ovalue = OLD_ENV_VAR;
+			DIAG(TD_OPTIONS, {sprintf(nfrontp,
+				"ENVIRON VALUE and VAR are reversed!\r\n");
+				nfrontp += strlen(nfrontp);});
+
+		}
+	    }
+	    SB_RESTORE();
+#endif
+
+	    while (!SB_EOF()) {
+		c = SB_GET();
+		if ((c == env_ovar) || (c == ENV_USERVAR))
+			break;
+	    }
+	}
+
+	if (SB_EOF())
+		return;
+
+	cp = varp = (char *)subpointer;
+	valp = 0;
+
+	while (!SB_EOF()) {
+		c = SB_GET();
+		if (subchar == TELOPT_OLD_ENVIRON) {
+			if (c == env_ovar)
+				c = NEW_ENV_VAR;
+			else if (c == env_ovalue)
+				c = NEW_ENV_VALUE;
+		}
+		switch (c) {
+
+		case NEW_ENV_VALUE:
+			*cp = '\0';
+			cp = valp = (char *)subpointer;
+			break;
+
+		case NEW_ENV_VAR:
+		case ENV_USERVAR:
+			*cp = '\0';
+			if (valp)
+				(void)setenv(varp, valp, 1);
+			else
+				unsetenv(varp);
+			cp = varp = (char *)subpointer;
+			valp = 0;
+			break;
+
+		case ENV_ESC:
+			if (SB_EOF())
+				break;
+			c = SB_GET();
+			/* FALL THROUGH */
+		default:
+			*cp++ = c;
+			break;
+		}
+	}
+	*cp = '\0';
+	if (valp)
+		(void)setenv(varp, valp, 1);
+	else
+		unsetenv(varp);
+	break;
+    }  /* end of case TELOPT_NEW_ENVIRON */
+#if	defined(AUTHENTICATION)
+    case TELOPT_AUTHENTICATION:
+	if (SB_EOF())
+		break;
+	switch(SB_GET()) {
+	case TELQUAL_SEND:
+	case TELQUAL_REPLY:
+		/*
+		 * These are sent by us and cannot be sent by
+		 * the client.
+		 */
+		break;
+	case TELQUAL_IS:
+		auth_is(subpointer, SB_LEN());
+		break;
+	case TELQUAL_NAME:
+		auth_name(subpointer, SB_LEN());
+		break;
+	}
+	break;
+#endif
+#ifdef	ENCRYPTION
+    case TELOPT_ENCRYPT:
+	if (SB_EOF())
+		break;
+	switch(SB_GET()) {
+	case ENCRYPT_SUPPORT:
+		encrypt_support(subpointer, SB_LEN());
+		break;
+	case ENCRYPT_IS:
+		encrypt_is(subpointer, SB_LEN());
+		break;
+	case ENCRYPT_REPLY:
+		encrypt_reply(subpointer, SB_LEN());
+		break;
+	case ENCRYPT_START:
+		encrypt_start(subpointer, SB_LEN());
+		break;
+	case ENCRYPT_END:
+		encrypt_end();
+		break;
+	case ENCRYPT_REQSTART:
+		encrypt_request_start(subpointer, SB_LEN());
+		break;
+	case ENCRYPT_REQEND:
+		/*
+		 * We can always send an REQEND so that we cannot
+		 * get stuck encrypting.  We should only get this
+		 * if we have been able to get in the correct mode
+		 * anyhow.
+		 */
+		encrypt_request_end();
+		break;
+	case ENCRYPT_ENC_KEYID:
+		encrypt_enc_keyid(subpointer, SB_LEN());
+		break;
+	case ENCRYPT_DEC_KEYID:
+		encrypt_dec_keyid(subpointer, SB_LEN());
+		break;
+	default:
+		break;
+	}
+	break;
+#endif	/* ENCRYPTION */
+
+    default:
+	break;
+    }  /* end of switch */
+
+}  /* end of suboption */
+
+	void
+doclientstat()
+{
+	clientstat(TELOPT_LINEMODE, WILL, 0);
+}
+
+#define	ADD(c)	 *ncp++ = c
+#define	ADD_DATA(c) { *ncp++ = c; if (c == SE || c == IAC) *ncp++ = c; }
+	void
+send_status()
+{
+	unsigned char statusbuf[256];
+	register unsigned char *ncp;
+	register unsigned char i;
+
+	ncp = statusbuf;
+
+	netflush();	/* get rid of anything waiting to go out */
+
+	ADD(IAC);
+	ADD(SB);
+	ADD(TELOPT_STATUS);
+	ADD(TELQUAL_IS);
+
+	/*
+	 * We check the want_state rather than the current state,
+	 * because if we received a DO/WILL for an option that we
+	 * don't support, and the other side didn't send a DONT/WONT
+	 * in response to our WONT/DONT, then the "state" will be
+	 * WILL/DO, and the "want_state" will be WONT/DONT.  We
+	 * need to go by the latter.
+	 */
+	for (i = 0; i < (unsigned char)NTELOPTS; i++) {
+		if (my_want_state_is_will(i)) {
+			ADD(WILL);
+			ADD_DATA(i);
+		}
+		if (his_want_state_is_will(i)) {
+			ADD(DO);
+			ADD_DATA(i);
+		}
+	}
+
+	if (his_want_state_is_will(TELOPT_LFLOW)) {
+		ADD(SB);
+		ADD(TELOPT_LFLOW);
+		if (flowmode) {
+			ADD(LFLOW_ON);
+		} else {
+			ADD(LFLOW_OFF);
+		}
+		ADD(SE);
+
+		if (restartany >= 0) {
+			ADD(SB);
+			ADD(TELOPT_LFLOW);
+			if (restartany) {
+				ADD(LFLOW_RESTART_ANY);
+			} else {
+				ADD(LFLOW_RESTART_XON);
+			}
+			ADD(SE);
+		}
+	}
+
+#ifdef	LINEMODE
+	if (his_want_state_is_will(TELOPT_LINEMODE)) {
+		unsigned char *cp, *cpe;
+		int len;
+
+		ADD(SB);
+		ADD(TELOPT_LINEMODE);
+		ADD(LM_MODE);
+		ADD_DATA(editmode);
+		ADD(SE);
+
+		ADD(SB);
+		ADD(TELOPT_LINEMODE);
+		ADD(LM_SLC);
+		start_slc(0);
+		send_slc();
+		len = end_slc(&cp);
+		for (cpe = cp + len; cp < cpe; cp++)
+			ADD_DATA(*cp);
+		ADD(SE);
+	}
+#endif	/* LINEMODE */
+
+	ADD(IAC);
+	ADD(SE);
+
+	writenet(statusbuf, ncp - statusbuf);
+	netflush();	/* Send it on its way */
+
+	DIAG(TD_OPTIONS,
+		{printsub('>', statusbuf, ncp - statusbuf); netflush();});
+}
diff --git a/crypto/telnet/telnetd/sys_term.c b/crypto/telnet/telnetd/sys_term.c
new file mode 100644
index 0000000..235e409
--- /dev/null
+++ b/crypto/telnet/telnetd/sys_term.c
@@ -0,0 +1,2333 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+#if 0
+static const char sccsid[] = "@(#)sys_term.c	8.4+1 (Berkeley) 5/30/95";
+#endif
+static const char rcsid[] =
+  "$FreeBSD$";
+#endif /* not lint */
+
+#include "telnetd.h"
+#include "pathnames.h"
+
+#if	defined(AUTHENTICATION)
+#include <libtelnet/auth.h>
+#endif
+
+extern char *altlogin;
+int cleanopen(char *line);
+void scrub_env(void);
+
+#if defined(CRAY) || defined(__hpux)
+# define PARENT_DOES_UTMP
+#endif
+
+#ifdef	NEWINIT
+#include <initreq.h>
+#else	/* NEWINIT*/
+# ifdef	UTMPX
+# include <utmpx.h>
+struct	utmpx wtmp;
+# else
+# include <utmp.h>
+struct	utmp wtmp;
+# endif /* UTMPX */
+
+# ifndef PARENT_DOES_UTMP
+#ifdef _PATH_WTMP
+char    wtmpf[] = _PATH_WTMP;
+#else
+char	wtmpf[]	= "/usr/adm/wtmp";
+#endif
+#ifdef _PATH_UTMP
+char    utmpf[] = _PATH_UTMP;
+#else
+char	utmpf[] = "/etc/utmp";
+#endif
+# else /* PARENT_DOES_UTMP */
+char	wtmpf[]	= "/etc/wtmp";
+# endif /* PARENT_DOES_UTMP */
+
+#include <libutil.h>
+
+# ifdef CRAY
+#include <tmpdir.h>
+#include <sys/wait.h>
+#  if (UNICOS_LVL == '7.0') || (UNICOS_LVL == '7.1')
+#   define UNICOS7x
+#  endif
+
+#  ifdef UNICOS7x
+#include <sys/sysv.h>
+#include <sys/secstat.h>
+extern int secflag;
+extern struct sysv sysv;
+#  endif /* UNICOS7x */
+# endif	/* CRAY */
+#endif	/* NEWINIT */
+
+#ifdef	STREAMSPTY
+#include <sac.h>
+#include <sys/stropts.h>
+#endif
+
+#define SCPYN(a, b)	(void) strncpy(a, b, sizeof(a))
+#define SCMPN(a, b)	strncmp(a, b, sizeof(a))
+
+#ifdef	STREAMS
+#include <sys/stream.h>
+#endif
+#ifdef __hpux
+#include <sys/resource.h>
+#include <sys/proc.h>
+#endif
+#include <sys/tty.h>
+#ifdef	t_erase
+#undef	t_erase
+#undef	t_kill
+#undef	t_intrc
+#undef	t_quitc
+#undef	t_startc
+#undef	t_stopc
+#undef	t_eofc
+#undef	t_brkc
+#undef	t_suspc
+#undef	t_dsuspc
+#undef	t_rprntc
+#undef	t_flushc
+#undef	t_werasc
+#undef	t_lnextc
+#endif
+
+#if defined(UNICOS5) && defined(CRAY2) && !defined(EXTPROC)
+# define EXTPROC 0400
+#endif
+
+#ifndef	USE_TERMIO
+struct termbuf {
+	struct sgttyb sg;
+	struct tchars tc;
+	struct ltchars ltc;
+	int state;
+	int lflags;
+} termbuf, termbuf2;
+# define	cfsetospeed(tp, val)	(tp)->sg.sg_ospeed = (val)
+# define	cfsetispeed(tp, val)	(tp)->sg.sg_ispeed = (val)
+# define	cfgetospeed(tp)		(tp)->sg.sg_ospeed
+# define	cfgetispeed(tp)		(tp)->sg.sg_ispeed
+#else	/* USE_TERMIO */
+# ifdef	SYSV_TERMIO
+#	define termios termio
+# endif
+# ifndef	TCSANOW
+#  ifdef TCSETS
+#   define	TCSANOW		TCSETS
+#   define	TCSADRAIN	TCSETSW
+#   define	tcgetattr(f, t)	ioctl(f, TCGETS, (char *)t)
+#  else
+#   ifdef TCSETA
+#    define	TCSANOW		TCSETA
+#    define	TCSADRAIN	TCSETAW
+#    define	tcgetattr(f, t)	ioctl(f, TCGETA, (char *)t)
+#   else
+#    define	TCSANOW		TIOCSETA
+#    define	TCSADRAIN	TIOCSETAW
+#    define	tcgetattr(f, t)	ioctl(f, TIOCGETA, (char *)t)
+#   endif
+#  endif
+#  define	tcsetattr(f, a, t)	ioctl(f, a, t)
+#  define	cfsetospeed(tp, val)	(tp)->c_cflag &= ~CBAUD; \
+					(tp)->c_cflag |= (val)
+#  define	cfgetospeed(tp)		((tp)->c_cflag & CBAUD)
+#  ifdef CIBAUD
+#   define	cfsetispeed(tp, val)	(tp)->c_cflag &= ~CIBAUD; \
+					(tp)->c_cflag |= ((val)<<IBSHIFT)
+#   define	cfgetispeed(tp)		(((tp)->c_cflag & CIBAUD)>>IBSHIFT)
+#  else
+#   define	cfsetispeed(tp, val)	(tp)->c_cflag &= ~CBAUD; \
+					(tp)->c_cflag |= (val)
+#   define	cfgetispeed(tp)		((tp)->c_cflag & CBAUD)
+#  endif
+# endif /* TCSANOW */
+struct termios termbuf, termbuf2;	/* pty control structure */
+# ifdef  STREAMSPTY
+int ttyfd = -1;
+# endif
+#endif	/* USE_TERMIO */
+
+#include <sys/types.h>
+#include <libutil.h>
+
+int cleanopen __P((char *));
+void scrub_env __P((void));
+
+/*
+ * init_termbuf()
+ * copy_termbuf(cp)
+ * set_termbuf()
+ *
+ * These three routines are used to get and set the "termbuf" structure
+ * to and from the kernel.  init_termbuf() gets the current settings.
+ * copy_termbuf() hands in a new "termbuf" to write to the kernel, and
+ * set_termbuf() writes the structure into the kernel.
+ */
+
+	void
+init_termbuf()
+{
+#ifndef	USE_TERMIO
+	(void) ioctl(pty, TIOCGETP, (char *)&termbuf.sg);
+	(void) ioctl(pty, TIOCGETC, (char *)&termbuf.tc);
+	(void) ioctl(pty, TIOCGLTC, (char *)&termbuf.ltc);
+# ifdef	TIOCGSTATE
+	(void) ioctl(pty, TIOCGSTATE, (char *)&termbuf.state);
+# endif
+#else
+# ifdef  STREAMSPTY
+	(void) tcgetattr(ttyfd, &termbuf);
+# else
+	(void) tcgetattr(pty, &termbuf);
+# endif
+#endif
+	termbuf2 = termbuf;
+}
+
+#if	defined(LINEMODE) && defined(TIOCPKT_IOCTL)
+	void
+copy_termbuf(cp, len)
+	char *cp;
+	int len;
+{
+	if (len > sizeof(termbuf))
+		len = sizeof(termbuf);
+	memmove((char *)&termbuf, cp, len);
+	termbuf2 = termbuf;
+}
+#endif	/* defined(LINEMODE) && defined(TIOCPKT_IOCTL) */
+
+	void
+set_termbuf()
+{
+	/*
+	 * Only make the necessary changes.
+	 */
+#ifndef	USE_TERMIO
+	if (memcmp((char *)&termbuf.sg, (char *)&termbuf2.sg,
+							sizeof(termbuf.sg)))
+		(void) ioctl(pty, TIOCSETN, (char *)&termbuf.sg);
+	if (memcmp((char *)&termbuf.tc, (char *)&termbuf2.tc,
+							sizeof(termbuf.tc)))
+		(void) ioctl(pty, TIOCSETC, (char *)&termbuf.tc);
+	if (memcmp((char *)&termbuf.ltc, (char *)&termbuf2.ltc,
+							sizeof(termbuf.ltc)))
+		(void) ioctl(pty, TIOCSLTC, (char *)&termbuf.ltc);
+	if (termbuf.lflags != termbuf2.lflags)
+		(void) ioctl(pty, TIOCLSET, (char *)&termbuf.lflags);
+#else	/* USE_TERMIO */
+	if (memcmp((char *)&termbuf, (char *)&termbuf2, sizeof(termbuf)))
+# ifdef  STREAMSPTY
+		(void) tcsetattr(ttyfd, TCSANOW, &termbuf);
+# else
+		(void) tcsetattr(pty, TCSANOW, &termbuf);
+# endif
+# if	defined(CRAY2) && defined(UNICOS5)
+	needtermstat = 1;
+# endif
+#endif	/* USE_TERMIO */
+}
+
+
+/*
+ * spcset(func, valp, valpp)
+ *
+ * This function takes various special characters (func), and
+ * sets *valp to the current value of that character, and
+ * *valpp to point to where in the "termbuf" structure that
+ * value is kept.
+ *
+ * It returns the SLC_ level of support for this function.
+ */
+
+#ifndef	USE_TERMIO
+	int
+spcset(func, valp, valpp)
+	int func;
+	cc_t *valp;
+	cc_t **valpp;
+{
+	switch(func) {
+	case SLC_EOF:
+		*valp = termbuf.tc.t_eofc;
+		*valpp = (cc_t *)&termbuf.tc.t_eofc;
+		return(SLC_VARIABLE);
+	case SLC_EC:
+		*valp = termbuf.sg.sg_erase;
+		*valpp = (cc_t *)&termbuf.sg.sg_erase;
+		return(SLC_VARIABLE);
+	case SLC_EL:
+		*valp = termbuf.sg.sg_kill;
+		*valpp = (cc_t *)&termbuf.sg.sg_kill;
+		return(SLC_VARIABLE);
+	case SLC_IP:
+		*valp = termbuf.tc.t_intrc;
+		*valpp = (cc_t *)&termbuf.tc.t_intrc;
+		return(SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
+	case SLC_ABORT:
+		*valp = termbuf.tc.t_quitc;
+		*valpp = (cc_t *)&termbuf.tc.t_quitc;
+		return(SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
+	case SLC_XON:
+		*valp = termbuf.tc.t_startc;
+		*valpp = (cc_t *)&termbuf.tc.t_startc;
+		return(SLC_VARIABLE);
+	case SLC_XOFF:
+		*valp = termbuf.tc.t_stopc;
+		*valpp = (cc_t *)&termbuf.tc.t_stopc;
+		return(SLC_VARIABLE);
+	case SLC_AO:
+		*valp = termbuf.ltc.t_flushc;
+		*valpp = (cc_t *)&termbuf.ltc.t_flushc;
+		return(SLC_VARIABLE);
+	case SLC_SUSP:
+		*valp = termbuf.ltc.t_suspc;
+		*valpp = (cc_t *)&termbuf.ltc.t_suspc;
+		return(SLC_VARIABLE);
+	case SLC_EW:
+		*valp = termbuf.ltc.t_werasc;
+		*valpp = (cc_t *)&termbuf.ltc.t_werasc;
+		return(SLC_VARIABLE);
+	case SLC_RP:
+		*valp = termbuf.ltc.t_rprntc;
+		*valpp = (cc_t *)&termbuf.ltc.t_rprntc;
+		return(SLC_VARIABLE);
+	case SLC_LNEXT:
+		*valp = termbuf.ltc.t_lnextc;
+		*valpp = (cc_t *)&termbuf.ltc.t_lnextc;
+		return(SLC_VARIABLE);
+	case SLC_FORW1:
+		*valp = termbuf.tc.t_brkc;
+		*valpp = (cc_t *)&termbuf.ltc.t_lnextc;
+		return(SLC_VARIABLE);
+	case SLC_BRK:
+	case SLC_SYNCH:
+	case SLC_AYT:
+	case SLC_EOR:
+		*valp = (cc_t)0;
+		*valpp = (cc_t *)0;
+		return(SLC_DEFAULT);
+	default:
+		*valp = (cc_t)0;
+		*valpp = (cc_t *)0;
+		return(SLC_NOSUPPORT);
+	}
+}
+
+#else	/* USE_TERMIO */
+
+	int
+spcset(func, valp, valpp)
+	int func;
+	cc_t *valp;
+	cc_t **valpp;
+{
+
+#define	setval(a, b)	*valp = termbuf.c_cc[a]; \
+			*valpp = &termbuf.c_cc[a]; \
+			return(b);
+#define	defval(a) *valp = ((cc_t)a); *valpp = (cc_t *)0; return(SLC_DEFAULT);
+
+	switch(func) {
+	case SLC_EOF:
+		setval(VEOF, SLC_VARIABLE);
+	case SLC_EC:
+		setval(VERASE, SLC_VARIABLE);
+	case SLC_EL:
+		setval(VKILL, SLC_VARIABLE);
+	case SLC_IP:
+		setval(VINTR, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
+	case SLC_ABORT:
+		setval(VQUIT, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
+	case SLC_XON:
+#ifdef	VSTART
+		setval(VSTART, SLC_VARIABLE);
+#else
+		defval(0x13);
+#endif
+	case SLC_XOFF:
+#ifdef	VSTOP
+		setval(VSTOP, SLC_VARIABLE);
+#else
+		defval(0x11);
+#endif
+	case SLC_EW:
+#ifdef	VWERASE
+		setval(VWERASE, SLC_VARIABLE);
+#else
+		defval(0);
+#endif
+	case SLC_RP:
+#ifdef	VREPRINT
+		setval(VREPRINT, SLC_VARIABLE);
+#else
+		defval(0);
+#endif
+	case SLC_LNEXT:
+#ifdef	VLNEXT
+		setval(VLNEXT, SLC_VARIABLE);
+#else
+		defval(0);
+#endif
+	case SLC_AO:
+#if	!defined(VDISCARD) && defined(VFLUSHO)
+# define VDISCARD VFLUSHO
+#endif
+#ifdef	VDISCARD
+		setval(VDISCARD, SLC_VARIABLE|SLC_FLUSHOUT);
+#else
+		defval(0);
+#endif
+	case SLC_SUSP:
+#ifdef	VSUSP
+		setval(VSUSP, SLC_VARIABLE|SLC_FLUSHIN);
+#else
+		defval(0);
+#endif
+#ifdef	VEOL
+	case SLC_FORW1:
+		setval(VEOL, SLC_VARIABLE);
+#endif
+#ifdef	VEOL2
+	case SLC_FORW2:
+		setval(VEOL2, SLC_VARIABLE);
+#endif
+	case SLC_AYT:
+#ifdef	VSTATUS
+		setval(VSTATUS, SLC_VARIABLE);
+#else
+		defval(0);
+#endif
+
+	case SLC_BRK:
+	case SLC_SYNCH:
+	case SLC_EOR:
+		defval(0);
+
+	default:
+		*valp = 0;
+		*valpp = 0;
+		return(SLC_NOSUPPORT);
+	}
+}
+#endif	/* USE_TERMIO */
+
+#ifdef CRAY
+/*
+ * getnpty()
+ *
+ * Return the number of pty's configured into the system.
+ */
+	int
+getnpty()
+{
+#ifdef _SC_CRAY_NPTY
+	int numptys;
+
+	if ((numptys = sysconf(_SC_CRAY_NPTY)) != -1)
+		return numptys;
+	else
+#endif /* _SC_CRAY_NPTY */
+		return 128;
+}
+#endif /* CRAY */
+
+#ifndef	convex
+/*
+ * getpty()
+ *
+ * Allocate a pty.  As a side effect, the external character
+ * array "line" contains the name of the slave side.
+ *
+ * Returns the file descriptor of the opened pty.
+ */
+#ifndef	__GNUC__
+char *line = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+#else
+static char Xline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+char *line = Xline;
+#endif
+#ifdef	CRAY
+char *myline = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+#endif	/* CRAY */
+
+	int
+getpty(ptynum)
+int *ptynum;
+{
+	register int p;
+#ifdef	STREAMSPTY
+	int t;
+	char *ptsname();
+
+	p = open("/dev/ptmx", 2);
+	if (p > 0) {
+		grantpt(p);
+		unlockpt(p);
+		strcpy(line, ptsname(p));
+		return(p);
+	}
+
+#else	/* ! STREAMSPTY */
+#ifndef CRAY
+	register char *cp, *p1, *p2;
+	register int i;
+#if defined(sun) && defined(TIOCGPGRP) && BSD < 199207
+	int dummy;
+#endif
+
+#ifndef	__hpux
+	(void) strcpy(line, "/dev/ptyXX");
+	p1 = &line[8];
+	p2 = &line[9];
+#else
+	(void) strcpy(line, "/dev/ptym/ptyXX");
+	p1 = &line[13];
+	p2 = &line[14];
+#endif
+
+	for (cp = "pqrsPQRS"; *cp; cp++) {
+		struct stat stb;
+
+		*p1 = *cp;
+		*p2 = '0';
+		/*
+		 * This stat() check is just to keep us from
+		 * looping through all 256 combinations if there
+		 * aren't that many ptys available.
+		 */
+		if (stat(line, &stb) < 0)
+			break;
+		for (i = 0; i < 32; i++) {
+			*p2 = "0123456789abcdefghijklmnopqrstuv"[i];
+			p = open(line, 2);
+			if (p > 0) {
+#ifndef	__hpux
+				line[5] = 't';
+#else
+				for (p1 = &line[8]; *p1; p1++)
+					*p1 = *(p1+1);
+				line[9] = 't';
+#endif
+				chown(line, 0, 0);
+				chmod(line, 0600);
+#if defined(sun) && defined(TIOCGPGRP) && BSD < 199207
+				if (ioctl(p, TIOCGPGRP, &dummy) == 0
+				    || errno != EIO) {
+					chmod(line, 0666);
+					close(p);
+					line[5] = 'p';
+				} else
+#endif /* defined(sun) && defined(TIOCGPGRP) && BSD < 199207 */
+					return(p);
+			}
+		}
+	}
+#else	/* CRAY */
+	extern lowpty, highpty;
+	struct stat sb;
+
+	for (*ptynum = lowpty; *ptynum <= highpty; (*ptynum)++) {
+		(void) sprintf(myline, "/dev/pty/%03d", *ptynum);
+		p = open(myline, 2);
+		if (p < 0)
+			continue;
+		(void) sprintf(line, "/dev/ttyp%03d", *ptynum);
+		/*
+		 * Here are some shenanigans to make sure that there
+		 * are no listeners lurking on the line.
+		 */
+		if(stat(line, &sb) < 0) {
+			(void) close(p);
+			continue;
+		}
+		if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) {
+			chown(line, 0, 0);
+			chmod(line, 0600);
+			(void)close(p);
+			p = open(myline, 2);
+			if (p < 0)
+				continue;
+		}
+		/*
+		 * Now it should be safe...check for accessability.
+		 */
+		if (access(line, 6) == 0)
+			return(p);
+		else {
+			/* no tty side to pty so skip it */
+			(void) close(p);
+		}
+	}
+#endif	/* CRAY */
+#endif	/* STREAMSPTY */
+	return(-1);
+}
+#endif	/* convex */
+
+#ifdef	LINEMODE
+/*
+ * tty_flowmode()	Find out if flow control is enabled or disabled.
+ * tty_linemode()	Find out if linemode (external processing) is enabled.
+ * tty_setlinemod(on)	Turn on/off linemode.
+ * tty_isecho()		Find out if echoing is turned on.
+ * tty_setecho(on)	Enable/disable character echoing.
+ * tty_israw()		Find out if terminal is in RAW mode.
+ * tty_binaryin(on)	Turn on/off BINARY on input.
+ * tty_binaryout(on)	Turn on/off BINARY on output.
+ * tty_isediting()	Find out if line editing is enabled.
+ * tty_istrapsig()	Find out if signal trapping is enabled.
+ * tty_setedit(on)	Turn on/off line editing.
+ * tty_setsig(on)	Turn on/off signal trapping.
+ * tty_issofttab()	Find out if tab expansion is enabled.
+ * tty_setsofttab(on)	Turn on/off soft tab expansion.
+ * tty_islitecho()	Find out if typed control chars are echoed literally
+ * tty_setlitecho()	Turn on/off literal echo of control chars
+ * tty_tspeed(val)	Set transmit speed to val.
+ * tty_rspeed(val)	Set receive speed to val.
+ */
+
+#ifdef convex
+static int linestate;
+#endif
+
+	int
+tty_linemode()
+{
+#ifndef convex
+#ifndef	USE_TERMIO
+	return(termbuf.state & TS_EXTPROC);
+#else
+	return(termbuf.c_lflag & EXTPROC);
+#endif
+#else
+	return(linestate);
+#endif
+}
+
+	void
+tty_setlinemode(on)
+	int on;
+{
+#ifdef	TIOCEXT
+# ifndef convex
+	set_termbuf();
+# else
+	linestate = on;
+# endif
+	(void) ioctl(pty, TIOCEXT, (char *)&on);
+# ifndef convex
+	init_termbuf();
+# endif
+#else	/* !TIOCEXT */
+# ifdef	EXTPROC
+	if (on)
+		termbuf.c_lflag |= EXTPROC;
+	else
+		termbuf.c_lflag &= ~EXTPROC;
+# endif
+#endif	/* TIOCEXT */
+}
+#endif	/* LINEMODE */
+
+	int
+tty_isecho()
+{
+#ifndef USE_TERMIO
+	return (termbuf.sg.sg_flags & ECHO);
+#else
+	return (termbuf.c_lflag & ECHO);
+#endif
+}
+
+	int
+tty_flowmode()
+{
+#ifndef USE_TERMIO
+	return(((termbuf.tc.t_startc) > 0 && (termbuf.tc.t_stopc) > 0) ? 1 : 0);
+#else
+	return((termbuf.c_iflag & IXON) ? 1 : 0);
+#endif
+}
+
+	int
+tty_restartany()
+{
+#ifndef USE_TERMIO
+# ifdef	DECCTQ
+	return((termbuf.lflags & DECCTQ) ? 0 : 1);
+# else
+	return(-1);
+# endif
+#else
+	return((termbuf.c_iflag & IXANY) ? 1 : 0);
+#endif
+}
+
+	void
+tty_setecho(on)
+	int on;
+{
+#ifndef	USE_TERMIO
+	if (on)
+		termbuf.sg.sg_flags |= ECHO|CRMOD;
+	else
+		termbuf.sg.sg_flags &= ~(ECHO|CRMOD);
+#else
+	if (on)
+		termbuf.c_lflag |= ECHO;
+	else
+		termbuf.c_lflag &= ~ECHO;
+#endif
+}
+
+	int
+tty_israw()
+{
+#ifndef USE_TERMIO
+	return(termbuf.sg.sg_flags & RAW);
+#else
+	return(!(termbuf.c_lflag & ICANON));
+#endif
+}
+
+#if	defined (AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R)
+	int
+tty_setraw(on)
+{
+#  ifndef USE_TERMIO
+	if (on)
+		termbuf.sg.sg_flags |= RAW;
+	else
+		termbuf.sg.sg_flags &= ~RAW;
+#  else
+	if (on)
+		termbuf.c_lflag &= ~ICANON;
+	else
+		termbuf.c_lflag |= ICANON;
+#  endif
+}
+#endif
+
+	void
+tty_binaryin(on)
+	int on;
+{
+#ifndef	USE_TERMIO
+	if (on)
+		termbuf.lflags |= LPASS8;
+	else
+		termbuf.lflags &= ~LPASS8;
+#else
+	if (on) {
+		termbuf.c_iflag &= ~ISTRIP;
+	} else {
+		termbuf.c_iflag |= ISTRIP;
+	}
+#endif
+}
+
+	void
+tty_binaryout(on)
+	int on;
+{
+#ifndef	USE_TERMIO
+	if (on)
+		termbuf.lflags |= LLITOUT;
+	else
+		termbuf.lflags &= ~LLITOUT;
+#else
+	if (on) {
+		termbuf.c_cflag &= ~(CSIZE|PARENB);
+		termbuf.c_cflag |= CS8;
+		termbuf.c_oflag &= ~OPOST;
+	} else {
+		termbuf.c_cflag &= ~CSIZE;
+		termbuf.c_cflag |= CS7|PARENB;
+		termbuf.c_oflag |= OPOST;
+	}
+#endif
+}
+
+	int
+tty_isbinaryin()
+{
+#ifndef	USE_TERMIO
+	return(termbuf.lflags & LPASS8);
+#else
+	return(!(termbuf.c_iflag & ISTRIP));
+#endif
+}
+
+	int
+tty_isbinaryout()
+{
+#ifndef	USE_TERMIO
+	return(termbuf.lflags & LLITOUT);
+#else
+	return(!(termbuf.c_oflag&OPOST));
+#endif
+}
+
+#ifdef	LINEMODE
+	int
+tty_isediting()
+{
+#ifndef USE_TERMIO
+	return(!(termbuf.sg.sg_flags & (CBREAK|RAW)));
+#else
+	return(termbuf.c_lflag & ICANON);
+#endif
+}
+
+	int
+tty_istrapsig()
+{
+#ifndef USE_TERMIO
+	return(!(termbuf.sg.sg_flags&RAW));
+#else
+	return(termbuf.c_lflag & ISIG);
+#endif
+}
+
+	void
+tty_setedit(on)
+	int on;
+{
+#ifndef USE_TERMIO
+	if (on)
+		termbuf.sg.sg_flags &= ~CBREAK;
+	else
+		termbuf.sg.sg_flags |= CBREAK;
+#else
+	if (on)
+		termbuf.c_lflag |= ICANON;
+	else
+		termbuf.c_lflag &= ~ICANON;
+#endif
+}
+
+	void
+tty_setsig(on)
+	int on;
+{
+#ifndef	USE_TERMIO
+	if (on)
+		;
+#else
+	if (on)
+		termbuf.c_lflag |= ISIG;
+	else
+		termbuf.c_lflag &= ~ISIG;
+#endif
+}
+#endif	/* LINEMODE */
+
+	int
+tty_issofttab()
+{
+#ifndef	USE_TERMIO
+	return (termbuf.sg.sg_flags & XTABS);
+#else
+# ifdef	OXTABS
+	return (termbuf.c_oflag & OXTABS);
+# endif
+# ifdef	TABDLY
+	return ((termbuf.c_oflag & TABDLY) == TAB3);
+# endif
+#endif
+}
+
+	void
+tty_setsofttab(on)
+	int on;
+{
+#ifndef	USE_TERMIO
+	if (on)
+		termbuf.sg.sg_flags |= XTABS;
+	else
+		termbuf.sg.sg_flags &= ~XTABS;
+#else
+	if (on) {
+# ifdef	OXTABS
+		termbuf.c_oflag |= OXTABS;
+# endif
+# ifdef	TABDLY
+		termbuf.c_oflag &= ~TABDLY;
+		termbuf.c_oflag |= TAB3;
+# endif
+	} else {
+# ifdef	OXTABS
+		termbuf.c_oflag &= ~OXTABS;
+# endif
+# ifdef	TABDLY
+		termbuf.c_oflag &= ~TABDLY;
+		termbuf.c_oflag |= TAB0;
+# endif
+	}
+#endif
+}
+
+	int
+tty_islitecho()
+{
+#ifndef	USE_TERMIO
+	return (!(termbuf.lflags & LCTLECH));
+#else
+# ifdef	ECHOCTL
+	return (!(termbuf.c_lflag & ECHOCTL));
+# endif
+# ifdef	TCTLECH
+	return (!(termbuf.c_lflag & TCTLECH));
+# endif
+# if	!defined(ECHOCTL) && !defined(TCTLECH)
+	return (0);	/* assumes ctl chars are echoed '^x' */
+# endif
+#endif
+}
+
+	void
+tty_setlitecho(on)
+	int on;
+{
+#ifndef	USE_TERMIO
+	if (on)
+		termbuf.lflags &= ~LCTLECH;
+	else
+		termbuf.lflags |= LCTLECH;
+#else
+# ifdef	ECHOCTL
+	if (on)
+		termbuf.c_lflag &= ~ECHOCTL;
+	else
+		termbuf.c_lflag |= ECHOCTL;
+# endif
+# ifdef	TCTLECH
+	if (on)
+		termbuf.c_lflag &= ~TCTLECH;
+	else
+		termbuf.c_lflag |= TCTLECH;
+# endif
+#endif
+}
+
+	int
+tty_iscrnl()
+{
+#ifndef	USE_TERMIO
+	return (termbuf.sg.sg_flags & CRMOD);
+#else
+	return (termbuf.c_iflag & ICRNL);
+#endif
+}
+
+/*
+ * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD).
+ */
+#if B4800 != 4800
+#define	DECODE_BAUD
+#endif
+
+#ifdef	DECODE_BAUD
+
+/*
+ * A table of available terminal speeds
+ */
+struct termspeeds {
+	int	speed;
+	int	value;
+} termspeeds[] = {
+	{ 0,      B0 },      { 50,    B50 },    { 75,     B75 },
+	{ 110,    B110 },    { 134,   B134 },   { 150,    B150 },
+	{ 200,    B200 },    { 300,   B300 },   { 600,    B600 },
+	{ 1200,   B1200 },   { 1800,  B1800 },  { 2400,   B2400 },
+	{ 4800,   B4800 },
+#ifdef	B7200
+	{ 7200,  B7200 },
+#endif
+	{ 9600,   B9600 },
+#ifdef	B14400
+	{ 14400,  B14400 },
+#endif
+#ifdef	B19200
+	{ 19200,  B19200 },
+#endif
+#ifdef	B28800
+	{ 28800,  B28800 },
+#endif
+#ifdef	B38400
+	{ 38400,  B38400 },
+#endif
+#ifdef	B57600
+	{ 57600,  B57600 },
+#endif
+#ifdef	B115200
+	{ 115200, B115200 },
+#endif
+#ifdef	B230400
+	{ 230400, B230400 },
+#endif
+	{ -1,     0 }
+};
+#endif	/* DECODE_BAUD */
+
+	void
+tty_tspeed(val)
+	int val;
+{
+#ifdef	DECODE_BAUD
+	register struct termspeeds *tp;
+
+	for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++)
+		;
+	if (tp->speed == -1)	/* back up to last valid value */
+		--tp;
+	cfsetospeed(&termbuf, tp->value);
+#else	/* DECODE_BAUD */
+	cfsetospeed(&termbuf, val);
+#endif	/* DECODE_BAUD */
+}
+
+	void
+tty_rspeed(val)
+	int val;
+{
+#ifdef	DECODE_BAUD
+	register struct termspeeds *tp;
+
+	for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++)
+		;
+	if (tp->speed == -1)	/* back up to last valid value */
+		--tp;
+	cfsetispeed(&termbuf, tp->value);
+#else	/* DECODE_BAUD */
+	cfsetispeed(&termbuf, val);
+#endif	/* DECODE_BAUD */
+}
+
+#if	defined(CRAY2) && defined(UNICOS5)
+	int
+tty_isnewmap()
+{
+	return((termbuf.c_oflag & OPOST) && (termbuf.c_oflag & ONLCR) &&
+			!(termbuf.c_oflag & ONLRET));
+}
+#endif
+
+#ifdef PARENT_DOES_UTMP
+# ifndef NEWINIT
+extern	struct utmp wtmp;
+extern char wtmpf[];
+# else	/* NEWINIT */
+int	gotalarm;
+
+	/* ARGSUSED */
+	void
+nologinproc(sig)
+	int sig;
+{
+	gotalarm++;
+}
+# endif	/* NEWINIT */
+#endif /* PARENT_DOES_UTMP */
+
+#ifndef	NEWINIT
+# ifdef PARENT_DOES_UTMP
+extern void utmp_sig_init P((void));
+extern void utmp_sig_reset P((void));
+extern void utmp_sig_wait P((void));
+extern void utmp_sig_notify P((int));
+# endif /* PARENT_DOES_UTMP */
+#endif
+
+/*
+ * getptyslave()
+ *
+ * Open the slave side of the pty, and do any initialization
+ * that is necessary.
+ */
+	void
+getptyslave()
+{
+	register int t = -1;
+	char erase;
+
+#if	!defined(CRAY) || !defined(NEWINIT)
+# ifdef	LINEMODE
+	int waslm;
+# endif
+# ifdef	TIOCGWINSZ
+	struct winsize ws;
+	extern int def_row, def_col;
+# endif
+	extern int def_tspeed, def_rspeed;
+	/*
+	 * Opening the slave side may cause initilization of the
+	 * kernel tty structure.  We need remember the state of
+	 * 	if linemode was turned on
+	 *	terminal window size
+	 *	terminal speed
+	 *	erase character
+	 * so that we can re-set them if we need to.
+	 */
+# ifdef	LINEMODE
+	waslm = tty_linemode();
+# endif
+	erase = termbuf.c_cc[VERASE];
+
+	/*
+	 * Make sure that we don't have a controlling tty, and
+	 * that we are the session (process group) leader.
+	 */
+# ifdef	TIOCNOTTY
+	t = open(_PATH_TTY, O_RDWR);
+	if (t >= 0) {
+		(void) ioctl(t, TIOCNOTTY, (char *)0);
+		(void) close(t);
+	}
+# endif
+
+
+# ifdef PARENT_DOES_UTMP
+	/*
+	 * Wait for our parent to get the utmp stuff to get done.
+	 */
+	utmp_sig_wait();
+# endif
+
+	t = cleanopen(line);
+	if (t < 0)
+		fatalperror(net, line);
+
+#ifdef  STREAMSPTY
+#ifdef	USE_TERMIO
+	ttyfd = t;
+#endif
+	if (ioctl(t, I_PUSH, "ptem") < 0)
+		fatal(net, "I_PUSH ptem");
+	if (ioctl(t, I_PUSH, "ldterm") < 0)
+		fatal(net, "I_PUSH ldterm");
+	if (ioctl(t, I_PUSH, "ttcompat") < 0)
+		fatal(net, "I_PUSH ttcompat");
+	if (ioctl(pty, I_PUSH, "pckt") < 0)
+		fatal(net, "I_PUSH pckt");
+#endif
+
+	/*
+	 * set up the tty modes as we like them to be.
+	 */
+	init_termbuf();
+# ifdef	TIOCGWINSZ
+	if (def_row || def_col) {
+		memset((char *)&ws, 0, sizeof(ws));
+		ws.ws_col = def_col;
+		ws.ws_row = def_row;
+		(void)ioctl(t, TIOCSWINSZ, (char *)&ws);
+	}
+# endif
+
+	/*
+	 * Settings for sgtty based systems
+	 */
+# ifndef	USE_TERMIO
+	termbuf.sg.sg_flags |= CRMOD|ANYP|ECHO|XTABS;
+# endif	/* USE_TERMIO */
+
+	/*
+	 * Settings for UNICOS (and HPUX)
+	 */
+# if defined(CRAY) || defined(__hpux)
+	termbuf.c_oflag = OPOST|ONLCR|TAB3;
+	termbuf.c_iflag = IGNPAR|ISTRIP|ICRNL|IXON;
+	termbuf.c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK;
+	termbuf.c_cflag = EXTB|HUPCL|CS8;
+# endif
+
+	/*
+	 * Settings for all other termios/termio based
+	 * systems, other than 4.4BSD.  In 4.4BSD the
+	 * kernel does the initial terminal setup.
+	 */
+# if defined(USE_TERMIO) && !(defined(CRAY) || defined(__hpux)) && (BSD <= 43)
+#  ifndef	OXTABS
+#   define OXTABS	0
+#  endif
+	termbuf.c_lflag |= ECHO;
+	termbuf.c_oflag |= ONLCR|OXTABS;
+	termbuf.c_iflag |= ICRNL;
+	termbuf.c_iflag &= ~IXOFF;
+# endif /* defined(USE_TERMIO) && !defined(CRAY) && (BSD <= 43) */
+	tty_rspeed((def_rspeed > 0) ? def_rspeed : 9600);
+	tty_tspeed((def_tspeed > 0) ? def_tspeed : 9600);
+	if (erase)
+		termbuf.c_cc[VERASE] = erase;
+# ifdef	LINEMODE
+	if (waslm)
+		tty_setlinemode(1);
+# endif	/* LINEMODE */
+
+	/*
+	 * Set the tty modes, and make this our controlling tty.
+	 */
+	set_termbuf();
+	if (login_tty(t) == -1)
+		fatalperror(net, "login_tty");
+#endif	/* !defined(CRAY) || !defined(NEWINIT) */
+	if (net > 2)
+		(void) close(net);
+#if	defined(AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R)
+	/*
+	 * Leave the pty open so that we can write out the rlogin
+	 * protocol for /bin/login, if the authentication works.
+	 */
+#else
+	if (pty > 2) {
+		(void) close(pty);
+		pty = -1;
+	}
+#endif
+}
+
+#if	!defined(CRAY) || !defined(NEWINIT)
+#ifndef	O_NOCTTY
+#define	O_NOCTTY	0
+#endif
+/*
+ * Open the specified slave side of the pty,
+ * making sure that we have a clean tty.
+ */
+	int
+cleanopen(line)
+	char *line;
+{
+	register int t;
+#ifdef	UNICOS7x
+	struct secstat secbuf;
+#endif	/* UNICOS7x */
+
+#ifndef STREAMSPTY
+	/*
+	 * Make sure that other people can't open the
+	 * slave side of the connection.
+	 */
+	(void) chown(line, 0, 0);
+	(void) chmod(line, 0600);
+#endif
+
+# if !defined(CRAY) && (BSD > 43)
+	(void) revoke(line);
+# endif
+#ifdef	UNICOS7x
+	if (secflag) {
+		if (secstat(line, &secbuf) < 0)
+			return(-1);
+		if (setulvl(secbuf.st_slevel) < 0)
+			return(-1);
+		if (setucmp(secbuf.st_compart) < 0)
+			return(-1);
+	}
+#endif	/* UNICOS7x */
+
+	t = open(line, O_RDWR|O_NOCTTY);
+
+#ifdef	UNICOS7x
+	if (secflag) {
+		if (setulvl(sysv.sy_minlvl) < 0)
+			return(-1);
+		if (setucmp(0) < 0)
+			return(-1);
+	}
+#endif	/* UNICOS7x */
+
+	if (t < 0)
+		return(-1);
+
+	/*
+	 * Hangup anybody else using this ttyp, then reopen it for
+	 * ourselves.
+	 */
+# if !(defined(CRAY) || defined(__hpux)) && (BSD <= 43) && !defined(STREAMSPTY)
+	(void) signal(SIGHUP, SIG_IGN);
+	vhangup();
+	(void) signal(SIGHUP, SIG_DFL);
+	t = open(line, O_RDWR|O_NOCTTY);
+	if (t < 0)
+		return(-1);
+# endif
+# if	defined(CRAY) && defined(TCVHUP)
+	{
+		register int i;
+		(void) signal(SIGHUP, SIG_IGN);
+		(void) ioctl(t, TCVHUP, (char *)0);
+		(void) signal(SIGHUP, SIG_DFL);
+
+#ifdef	UNICOS7x
+		if (secflag) {
+			if (secstat(line, &secbuf) < 0)
+				return(-1);
+			if (setulvl(secbuf.st_slevel) < 0)
+				return(-1);
+			if (setucmp(secbuf.st_compart) < 0)
+				return(-1);
+		}
+#endif	/* UNICOS7x */
+
+		i = open(line, O_RDWR);
+
+#ifdef	UNICOS7x
+		if (secflag) {
+			if (setulvl(sysv.sy_minlvl) < 0)
+				return(-1);
+			if (setucmp(0) < 0)
+				return(-1);
+		}
+#endif	/* UNICOS7x */
+
+		if (i < 0)
+			return(-1);
+		(void) close(t);
+		t = i;
+	}
+# endif	/* defined(CRAY) && defined(TCVHUP) */
+	return(t);
+}
+#endif	/* !defined(CRAY) || !defined(NEWINIT) */
+
+#if BSD <= 43
+
+	int
+login_tty(t)
+	int t;
+{
+	if (setsid() < 0) {
+#ifdef ultrix
+		/*
+		 * The setsid() may have failed because we
+		 * already have a pgrp == pid.  Zero out
+		 * our pgrp and try again...
+		 */
+		if ((setpgrp(0, 0) < 0) || (setsid() < 0))
+#endif
+			fatalperror(net, "setsid()");
+	}
+# ifdef	TIOCSCTTY
+	if (ioctl(t, TIOCSCTTY, (char *)0) < 0)
+		fatalperror(net, "ioctl(sctty)");
+#  if defined(CRAY)
+	/*
+	 * Close the hard fd to /dev/ttypXXX, and re-open through
+	 * the indirect /dev/tty interface.
+	 */
+	close(t);
+	if ((t = open("/dev/tty", O_RDWR)) < 0)
+		fatalperror(net, "open(/dev/tty)");
+#  endif
+# else
+	/*
+	 * We get our controlling tty assigned as a side-effect
+	 * of opening up a tty device.  But on BSD based systems,
+	 * this only happens if our process group is zero.  The
+	 * setsid() call above may have set our pgrp, so clear
+	 * it out before opening the tty...
+	 */
+#  ifndef SOLARIS
+	(void) setpgrp(0, 0);
+#  else
+	(void) setpgrp();
+#  endif
+	close(open(line, O_RDWR));
+# endif
+	if (t != 0)
+		(void) dup2(t, 0);
+	if (t != 1)
+		(void) dup2(t, 1);
+	if (t != 2)
+		(void) dup2(t, 2);
+	if (t > 2)
+		close(t);
+	return(0);
+}
+#endif	/* BSD <= 43 */
+
+#ifdef	NEWINIT
+char *gen_id = "fe";
+#endif
+
+/*
+ * startslave(host)
+ *
+ * Given a hostname, do whatever
+ * is necessary to startup the login process on the slave side of the pty.
+ */
+
+/* ARGSUSED */
+	void
+startslave(host, autologin, autoname)
+	char *host;
+	int autologin;
+	char *autoname;
+{
+	register int i;
+#ifdef	NEWINIT
+	extern char *ptyip;
+	struct init_request request;
+	void nologinproc();
+	register int n;
+#endif	/* NEWINIT */
+
+#if	defined(AUTHENTICATION)
+	if (!autoname || !autoname[0])
+		autologin = 0;
+
+	if (autologin < auth_level) {
+		fatal(net, "Authorization failed");
+		exit(1);
+	}
+#endif
+
+#ifndef	NEWINIT
+# ifdef	PARENT_DOES_UTMP
+	utmp_sig_init();
+# endif	/* PARENT_DOES_UTMP */
+
+	if ((i = fork()) < 0)
+		fatalperror(net, "fork");
+	if (i) {
+# ifdef PARENT_DOES_UTMP
+		/*
+		 * Cray parent will create utmp entry for child and send
+		 * signal to child to tell when done.  Child waits for signal
+		 * before doing anything important.
+		 */
+		register int pid = i;
+		void sigjob P((int));
+
+		setpgrp();
+		utmp_sig_reset();		/* reset handler to default */
+		/*
+		 * Create utmp entry for child
+		 */
+		(void) time(&wtmp.ut_time);
+		wtmp.ut_type = LOGIN_PROCESS;
+		wtmp.ut_pid = pid;
+		SCPYN(wtmp.ut_user, "LOGIN");
+		SCPYN(wtmp.ut_host, host);
+		SCPYN(wtmp.ut_line, line + sizeof("/dev/") - 1);
+#ifndef	__hpux
+		SCPYN(wtmp.ut_id, wtmp.ut_line+3);
+#else
+		SCPYN(wtmp.ut_id, wtmp.ut_line+7);
+#endif
+		pututline(&wtmp);
+		endutent();
+		if ((i = open(wtmpf, O_WRONLY|O_APPEND)) >= 0) {
+			(void) write(i, (char *)&wtmp, sizeof(struct utmp));
+			(void) close(i);
+		}
+#ifdef	CRAY
+		(void) signal(WJSIGNAL, sigjob);
+#endif
+		utmp_sig_notify(pid);
+# endif	/* PARENT_DOES_UTMP */
+	} else {
+		getptyslave(autologin);
+		start_login(host, autologin, autoname);
+		/*NOTREACHED*/
+	}
+#else	/* NEWINIT */
+
+	/*
+	 * Init will start up login process if we ask nicely.  We only wait
+	 * for it to start up and begin normal telnet operation.
+	 */
+	if ((i = open(INIT_FIFO, O_WRONLY)) < 0) {
+		char tbuf[128];
+		(void) snprintf(tbuf, sizeof(tbuf), "Can't open %s\n", INIT_FIFO);
+		fatalperror(net, tbuf);
+	}
+	memset((char *)&request, 0, sizeof(request));
+	request.magic = INIT_MAGIC;
+	SCPYN(request.gen_id, gen_id);
+	SCPYN(request.tty_id, &line[8]);
+	SCPYN(request.host, host);
+	SCPYN(request.term_type, terminaltype ? terminaltype : "network");
+#if	!defined(UNICOS5)
+	request.signal = SIGCLD;
+	request.pid = getpid();
+#endif
+#ifdef BFTPDAEMON
+	/*
+	 * Are we working as the bftp daemon?
+	 */
+	if (bftpd) {
+		SCPYN(request.exec_name, BFTPPATH);
+	}
+#endif /* BFTPDAEMON */
+	if (write(i, (char *)&request, sizeof(request)) < 0) {
+		char tbuf[128];
+		(void) snprintf(tbuf, sizeof(tbuf), "Can't write to %s\n", INIT_FIFO);
+		fatalperror(net, tbuf);
+	}
+	(void) close(i);
+	(void) signal(SIGALRM, nologinproc);
+	for (i = 0; ; i++) {
+		char tbuf[128];
+		alarm(15);
+		n = read(pty, ptyip, BUFSIZ);
+		if (i == 3 || n >= 0 || !gotalarm)
+			break;
+		gotalarm = 0;
+		snprintf(tbuf, sizeof(tbuf), "telnetd: waiting for /etc/init to start login process on %s\r\n", line);
+		(void) write(net, tbuf, strlen(tbuf));
+	}
+	if (n < 0 && gotalarm)
+		fatal(net, "/etc/init didn't start login process");
+	pcc += n;
+	alarm(0);
+	(void) signal(SIGALRM, SIG_DFL);
+
+	return;
+#endif	/* NEWINIT */
+}
+
+char	*envinit[3];
+extern char **environ;
+
+	void
+init_env()
+{
+	extern char *getenv();
+	char **envp;
+
+	envp = envinit;
+	if ((*envp = getenv("TZ")))
+		*envp++ -= 3;
+#if	defined(CRAY) || defined(__hpux)
+	else
+		*envp++ = "TZ=GMT0";
+#endif
+	*envp = 0;
+	environ = envinit;
+}
+
+#ifndef	NEWINIT
+
+/*
+ * start_login(host)
+ *
+ * Assuming that we are now running as a child processes, this
+ * function will turn us into the login process.
+ */
+
+	void
+start_login(host, autologin, name)
+	char *host;
+	int autologin;
+	char *name;
+{
+	register char **argv;
+	char **addarg(), *user;
+	extern char *getenv();
+#ifdef	UTMPX
+	register int pid = getpid();
+	struct utmpx utmpx;
+#endif
+#ifdef SOLARIS
+	char *term;
+	char termbuf[64];
+#endif
+
+#ifdef	UTMPX
+	/*
+	 * Create utmp entry for child
+	 */
+
+	memset(&utmpx, 0, sizeof(utmpx));
+	SCPYN(utmpx.ut_user, ".telnet");
+	SCPYN(utmpx.ut_line, line + sizeof("/dev/") - 1);
+	utmpx.ut_pid = pid;
+	utmpx.ut_id[0] = 't';
+	utmpx.ut_id[1] = 'n';
+	utmpx.ut_id[2] = SC_WILDC;
+	utmpx.ut_id[3] = SC_WILDC;
+	utmpx.ut_type = LOGIN_PROCESS;
+	(void) time(&utmpx.ut_tv.tv_sec);
+	if (makeutx(&utmpx) == NULL)
+		fatal(net, "makeutx failed");
+#endif
+
+	scrub_env();
+
+	/*
+	 * -h : pass on name of host.
+	 *		WARNING:  -h is accepted by login if and only if
+	 *			getuid() == 0.
+	 * -p : don't clobber the environment (so terminal type stays set).
+	 *
+	 * -f : force this login, he has already been authenticated
+	 */
+	argv = addarg(0, "login");
+
+#if	!defined(NO_LOGIN_H)
+
+# if	defined (AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R)
+	/*
+	 * Don't add the "-h host" option if we are going
+	 * to be adding the "-r host" option down below...
+	 */
+	if ((auth_level < 0) || (autologin != AUTH_VALID))
+# endif
+	{
+		argv = addarg(argv, "-h");
+		argv = addarg(argv, host);
+#ifdef	SOLARIS
+		/*
+		 * SVR4 version of -h takes TERM= as second arg, or -
+		 */
+		term = getenv("TERM");
+		if (term == NULL || term[0] == 0) {
+			term = "-";
+		} else {
+			strcpy(termbuf, "TERM=");
+			strncat(termbuf, term, sizeof(termbuf) - 6);
+			term = termbuf;
+		}
+		argv = addarg(argv, term);
+#endif
+	}
+#endif
+#if	!defined(NO_LOGIN_P)
+	argv = addarg(argv, "-p");
+#endif
+#ifdef	LINEMODE
+	/*
+	 * Set the environment variable "LINEMODE" to either
+	 * "real" or "kludge" if we are operating in either
+	 * real or kludge linemode.
+	 */
+	if (lmodetype == REAL_LINEMODE)
+		setenv("LINEMODE", "real", 1);
+# ifdef KLUDGELINEMODE
+	else if (lmodetype == KLUDGE_LINEMODE || lmodetype == KLUDGE_OK)
+		setenv("LINEMODE", "kludge", 1);
+# endif
+#endif
+#ifdef	BFTPDAEMON
+	/*
+	 * Are we working as the bftp daemon?  If so, then ask login
+	 * to start bftp instead of shell.
+	 */
+	if (bftpd) {
+		argv = addarg(argv, "-e");
+		argv = addarg(argv, BFTPPATH);
+	} else
+#endif
+#if	defined (SecurID)
+	/*
+	 * don't worry about the -f that might get sent.
+	 * A -s is supposed to override it anyhow.
+	 */
+	if (require_SecurID)
+		argv = addarg(argv, "-s");
+#endif
+#if	defined (AUTHENTICATION)
+	if (auth_level >= 0 && autologin == AUTH_VALID) {
+# if	!defined(NO_LOGIN_F)
+		argv = addarg(argv, "-f");
+		argv = addarg(argv, "--");
+		argv = addarg(argv, name);
+# else
+#  if defined(LOGIN_R)
+		/*
+		 * We don't have support for "login -f", but we
+		 * can fool /bin/login into thinking that we are
+		 * rlogind, and allow us to log in without a
+		 * password.  The rlogin protocol expects
+		 *	local-user\0remote-user\0term/speed\0
+		 */
+
+		if (pty > 2) {
+			register char *cp;
+			char speed[128];
+			int isecho, israw, xpty, len;
+			extern int def_rspeed;
+#  ifndef LOGIN_HOST
+			/*
+			 * Tell login that we are coming from "localhost".
+			 * If we passed in the real host name, then the
+			 * user would have to allow .rhost access from
+			 * every machine that they want authenticated
+			 * access to work from, which sort of defeats
+			 * the purpose of an authenticated login...
+			 * So, we tell login that the session is coming
+			 * from "localhost", and the user will only have
+			 * to have "localhost" in their .rhost file.
+			 */
+#			define LOGIN_HOST "localhost"
+#  endif
+			argv = addarg(argv, "-r");
+			argv = addarg(argv, LOGIN_HOST);
+
+			xpty = pty;
+# ifndef  STREAMSPTY
+			pty = 0;
+# else
+			ttyfd = 0;
+# endif
+			init_termbuf();
+			isecho = tty_isecho();
+			israw = tty_israw();
+			if (isecho || !israw) {
+				tty_setecho(0);		/* Turn off echo */
+				tty_setraw(1);		/* Turn on raw */
+				set_termbuf();
+			}
+			len = strlen(name)+1;
+			write(xpty, name, len);
+			write(xpty, name, len);
+			snprintf(speed, sizeof(speed),
+				"%s/%d", (cp = getenv("TERM")) ? cp : "",
+				(def_rspeed > 0) ? def_rspeed : 9600);
+			len = strlen(speed)+1;
+			write(xpty, speed, len);
+
+			if (isecho || !israw) {
+				init_termbuf();
+				tty_setecho(isecho);
+				tty_setraw(israw);
+				set_termbuf();
+				if (!israw) {
+					/*
+					 * Write a newline to ensure
+					 * that login will be able to
+					 * read the line...
+					 */
+					write(xpty, "\n", 1);
+				}
+			}
+			pty = xpty;
+		}
+#  else
+		argv = addarg(argv, "--");
+		argv = addarg(argv, name);
+#  endif
+# endif
+	} else
+#endif
+	if (getenv("USER")) {
+ 		argv = addarg(argv, "--");
+		argv = addarg(argv, getenv("USER"));
+#if	defined(LOGIN_ARGS) && defined(NO_LOGIN_P)
+		{
+			register char **cpp;
+			for (cpp = environ; *cpp; cpp++)
+				argv = addarg(argv, *cpp);
+		}
+#endif
+		/*
+		 * Assume that login will set the USER variable
+		 * correctly.  For SysV systems, this means that
+		 * USER will no longer be set, just LOGNAME by
+		 * login.  (The problem is that if the auto-login
+		 * fails, and the user then specifies a different
+		 * account name, he can get logged in with both
+		 * LOGNAME and USER in his environment, but the
+		 * USER value will be wrong.
+		 */
+		unsetenv("USER");
+	}
+#ifdef	SOLARIS
+	else {
+		char **p;
+
+		argv = addarg(argv, "");	/* no login name */
+		for (p = environ; *p; p++) {
+			argv = addarg(argv, *p);
+		}
+	}
+#endif	/* SOLARIS */
+#if	defined(AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R)
+	if (pty > 2)
+		close(pty);
+#endif
+	closelog();
+
+	if (altlogin == NULL) {
+		altlogin = _PATH_LOGIN;
+	}
+	execv(altlogin, argv);
+
+	syslog(LOG_ERR, "%s: %m", altlogin);
+	fatalperror(net, altlogin);
+	/*NOTREACHED*/
+}
+
+	char **
+addarg(argv, val)
+	register char **argv;
+	register char *val;
+{
+	register char **cpp;
+
+	if (argv == NULL) {
+		/*
+		 * 10 entries, a leading length, and a null
+		 */
+		argv = (char **)malloc(sizeof(*argv) * 12);
+		if (argv == NULL)
+			return(NULL);
+		*argv++ = (char *)10;
+		*argv = (char *)0;
+	}
+	for (cpp = argv; *cpp; cpp++)
+		;
+	if (cpp == &argv[(int)argv[-1]]) {
+		--argv;
+		*argv = (char *)((int)(*argv) + 10);
+		argv = (char **)realloc(argv, sizeof(*argv)*((int)(*argv) + 2));
+		if (argv == NULL)
+			return(NULL);
+		argv++;
+		cpp = &argv[(int)argv[-1] - 10];
+	}
+	*cpp++ = val;
+	*cpp = 0;
+	return(argv);
+}
+#endif	/* NEWINIT */
+
+/*
+ * scrub_env()
+ *
+ * Remove a few things from the environment that
+ * don't need to be there.
+ */
+	void
+scrub_env()
+{
+	register char **cpp, **cpp2;
+
+	for (cpp2 = cpp = environ; *cpp; cpp++) {
+#ifdef __FreeBSD__
+		if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) &&
+		    strncmp(*cpp, "LD_PRELOAD=", 11) &&
+#else
+		if (strncmp(*cpp, "LD_", 3) &&
+		    strncmp(*cpp, "_RLD_", 5) &&
+		    strncmp(*cpp, "LIBPATH=", 8) &&
+#endif
+		    strncmp(*cpp, "IFS=", 4))
+			*cpp2++ = *cpp;
+	}
+	*cpp2 = 0;
+}
+
+/*
+ * cleanup()
+ *
+ * This is the routine to call when we are all through, to
+ * clean up anything that needs to be cleaned up.
+ */
+	/* ARGSUSED */
+	void
+cleanup(sig)
+	int sig;
+{
+#ifndef	PARENT_DOES_UTMP
+# if (BSD > 43) || defined(convex)
+	char *p;
+
+	p = line + sizeof("/dev/") - 1;
+	if (logout(p))
+		logwtmp(p, "", "");
+	(void)chmod(line, 0666);
+	(void)chown(line, 0, 0);
+	*p = 'p';
+	(void)chmod(line, 0666);
+	(void)chown(line, 0, 0);
+	(void) shutdown(net, 2);
+	exit(1);
+# else
+	void rmut();
+
+	rmut();
+	vhangup();	/* XXX */
+	(void) shutdown(net, 2);
+	exit(1);
+# endif
+#else	/* PARENT_DOES_UTMP */
+# ifdef	NEWINIT
+	(void) shutdown(net, 2);
+	exit(1);
+# else	/* NEWINIT */
+#  ifdef CRAY
+	static int incleanup = 0;
+	register int t;
+	int child_status; /* status of child process as returned by waitpid */
+	int flags = WNOHANG|WUNTRACED;
+
+	/*
+	 * 1: Pick up the zombie, if we are being called
+	 *    as the signal handler.
+	 * 2: If we are a nested cleanup(), return.
+	 * 3: Try to clean up TMPDIR.
+	 * 4: Fill in utmp with shutdown of process.
+	 * 5: Close down the network and pty connections.
+	 * 6: Finish up the TMPDIR cleanup, if needed.
+	 */
+	if (sig == SIGCHLD) {
+		while (waitpid(-1, &child_status, flags) > 0)
+			;	/* VOID */
+		/* Check if the child process was stopped
+		 * rather than exited.  We want cleanup only if
+		 * the child has died.
+		 */
+		if (WIFSTOPPED(child_status)) {
+			return;
+		}
+	}
+	t = sigblock(sigmask(SIGCHLD));
+	if (incleanup) {
+		sigsetmask(t);
+		return;
+	}
+	incleanup = 1;
+	sigsetmask(t);
+#ifdef	UNICOS7x
+	if (secflag) {
+		/*
+		 *	We need to set ourselves back to a null
+		 *	label to clean up.
+		 */
+
+		setulvl(sysv.sy_minlvl);
+		setucmp((long)0);
+	}
+#endif	/* UNICOS7x */
+
+	t = cleantmp(&wtmp);
+	setutent();	/* just to make sure */
+#  endif /* CRAY */
+	rmut(line);
+	close(pty);
+	(void) shutdown(net, 2);
+#  ifdef CRAY
+	if (t == 0)
+		cleantmp(&wtmp);
+#  endif /* CRAY */
+	exit(1);
+# endif	/* NEWINT */
+#endif	/* PARENT_DOES_UTMP */
+}
+
+#if defined(PARENT_DOES_UTMP) && !defined(NEWINIT)
+/*
+ * _utmp_sig_rcv
+ * utmp_sig_init
+ * utmp_sig_wait
+ *	These three functions are used to coordinate the handling of
+ *	the utmp file between the server and the soon-to-be-login shell.
+ *	The server actually creates the utmp structure, the child calls
+ *	utmp_sig_wait(), until the server calls utmp_sig_notify() and
+ *	signals the future-login shell to proceed.
+ */
+static int caught=0;		/* NZ when signal intercepted */
+static void (*func)();		/* address of previous handler */
+
+	void
+_utmp_sig_rcv(sig)
+	int sig;
+{
+	caught = 1;
+	(void) signal(SIGUSR1, func);
+}
+
+	void
+utmp_sig_init()
+{
+	/*
+	 * register signal handler for UTMP creation
+	 */
+	if ((int)(func = signal(SIGUSR1, _utmp_sig_rcv)) == -1)
+		fatalperror(net, "telnetd/signal");
+}
+
+	void
+utmp_sig_reset()
+{
+	(void) signal(SIGUSR1, func);	/* reset handler to default */
+}
+
+# ifdef __hpux
+# define sigoff() /* do nothing */
+# define sigon() /* do nothing */
+# endif
+
+	void
+utmp_sig_wait()
+{
+	/*
+	 * Wait for parent to write our utmp entry.
+	 */
+	sigoff();
+	while (caught == 0) {
+		pause();	/* wait until we get a signal (sigon) */
+		sigoff();	/* turn off signals while we check caught */
+	}
+	sigon();		/* turn on signals again */
+}
+
+	void
+utmp_sig_notify(pid)
+{
+	kill(pid, SIGUSR1);
+}
+
+# ifdef CRAY
+static int gotsigjob = 0;
+
+	/*ARGSUSED*/
+	void
+sigjob(sig)
+	int sig;
+{
+	register int jid;
+	register struct jobtemp *jp;
+
+	while ((jid = waitjob(NULL)) != -1) {
+		if (jid == 0) {
+			return;
+		}
+		gotsigjob++;
+		jobend(jid, NULL, NULL);
+	}
+}
+
+/*
+ *	jid_getutid:
+ *		called by jobend() before calling cleantmp()
+ *		to find the correct $TMPDIR to cleanup.
+ */
+
+	struct utmp *
+jid_getutid(jid)
+	int jid;
+{
+	struct utmp *cur = NULL;
+
+	setutent();	/* just to make sure */
+	while (cur = getutent()) {
+		if ( (cur->ut_type != NULL) && (jid == cur->ut_jid) ) {
+			return(cur);
+		}
+	}
+
+	return(0);
+}
+
+/*
+ * Clean up the TMPDIR that login created.
+ * The first time this is called we pick up the info
+ * from the utmp.  If the job has already gone away,
+ * then we'll clean up and be done.  If not, then
+ * when this is called the second time it will wait
+ * for the signal that the job is done.
+ */
+	int
+cleantmp(wtp)
+	register struct utmp *wtp;
+{
+	struct utmp *utp;
+	static int first = 1;
+	register int mask, omask, ret;
+	extern struct utmp *getutid P((const struct utmp *_Id));
+
+
+	mask = sigmask(WJSIGNAL);
+
+	if (first == 0) {
+		omask = sigblock(mask);
+		while (gotsigjob == 0)
+			sigpause(omask);
+		return(1);
+	}
+	first = 0;
+	setutent();	/* just to make sure */
+
+	utp = getutid(wtp);
+	if (utp == 0) {
+		syslog(LOG_ERR, "can't get /etc/utmp entry to clean TMPDIR");
+		return(-1);
+	}
+	/*
+	 * Nothing to clean up if the user shell was never started.
+	 */
+	if (utp->ut_type != USER_PROCESS || utp->ut_jid == 0)
+		return(1);
+
+	/*
+	 * Block the WJSIGNAL while we are in jobend().
+	 */
+	omask = sigblock(mask);
+	ret = jobend(utp->ut_jid, utp->ut_tpath, utp->ut_user);
+	sigsetmask(omask);
+	return(ret);
+}
+
+	int
+jobend(jid, path, user)
+	register int jid;
+	register char *path;
+	register char *user;
+{
+	static int saved_jid = 0;
+	static int pty_saved_jid = 0;
+	static char saved_path[sizeof(wtmp.ut_tpath)+1];
+	static char saved_user[sizeof(wtmp.ut_user)+1];
+
+	/*
+	 * this little piece of code comes into play
+	 * only when ptyreconnect is used to reconnect
+	 * to an previous session.
+	 *
+	 * this is the only time when the
+	 * "saved_jid != jid" code is executed.
+	 */
+
+	if ( saved_jid && saved_jid != jid ) {
+		if (!path) {	/* called from signal handler */
+			pty_saved_jid = jid;
+		} else {
+			pty_saved_jid = saved_jid;
+		}
+	}
+
+	if (path) {
+		strncpy(saved_path, path, sizeof(wtmp.ut_tpath));
+		strncpy(saved_user, user, sizeof(wtmp.ut_user));
+		saved_path[sizeof(saved_path)] = '\0';
+		saved_user[sizeof(saved_user)] = '\0';
+	}
+	if (saved_jid == 0) {
+		saved_jid = jid;
+		return(0);
+	}
+
+	/* if the jid has changed, get the correct entry from the utmp file */
+
+	if ( saved_jid != jid ) {
+		struct utmp *utp = NULL;
+		struct utmp *jid_getutid();
+
+		utp = jid_getutid(pty_saved_jid);
+
+		if (utp == 0) {
+			syslog(LOG_ERR, "Can't get /etc/utmp entry to clean TMPDIR");
+			return(-1);
+		}
+
+		cleantmpdir(jid, utp->ut_tpath, utp->ut_user);
+		return(1);
+	}
+
+	cleantmpdir(jid, saved_path, saved_user);
+	return(1);
+}
+
+/*
+ * Fork a child process to clean up the TMPDIR
+ */
+cleantmpdir(jid, tpath, user)
+	register int jid;
+	register char *tpath;
+	register char *user;
+{
+	switch(fork()) {
+	case -1:
+		syslog(LOG_ERR, "TMPDIR cleanup(%s): fork() failed: %m",
+							tpath);
+		break;
+	case 0:
+		execl(CLEANTMPCMD, CLEANTMPCMD, user, tpath, 0);
+		syslog(LOG_ERR, "TMPDIR cleanup(%s): execl(%s) failed: %m",
+							tpath, CLEANTMPCMD);
+		exit(1);
+	default:
+		/*
+		 * Forget about child.  We will exit, and
+		 * /etc/init will pick it up.
+		 */
+		break;
+	}
+}
+# endif /* CRAY */
+#endif	/* defined(PARENT_DOES_UTMP) && !defined(NEWINIT) */
+
+/*
+ * rmut()
+ *
+ * This is the function called by cleanup() to
+ * remove the utmp entry for this person.
+ */
+
+#ifdef	UTMPX
+	void
+rmut()
+{
+	register f;
+	int found = 0;
+	struct utmp *u, *utmp;
+	int nutmp;
+	struct stat statbf;
+
+	struct utmpx *utxp, utmpx;
+
+	/*
+	 * This updates the utmpx and utmp entries and make a wtmp/x entry
+	 */
+
+	SCPYN(utmpx.ut_line, line + sizeof("/dev/") - 1);
+	utxp = getutxline(&utmpx);
+	if (utxp) {
+		utxp->ut_type = DEAD_PROCESS;
+		utxp->ut_exit.e_termination = 0;
+		utxp->ut_exit.e_exit = 0;
+		(void) time(&utmpx.ut_tv.tv_sec);
+		utmpx.ut_tv.tv_usec = 0;
+		modutx(utxp);
+	}
+	endutxent();
+}  /* end of rmut */
+#endif
+
+#if	!defined(UTMPX) && !(defined(CRAY) || defined(__hpux)) && BSD <= 43
+	void
+rmut()
+{
+	register f;
+	int found = 0;
+	struct utmp *u, *utmp;
+	int nutmp;
+	struct stat statbf;
+
+	f = open(utmpf, O_RDWR);
+	if (f >= 0) {
+		(void) fstat(f, &statbf);
+		utmp = (struct utmp *)malloc((unsigned)statbf.st_size);
+		if (!utmp)
+			syslog(LOG_ERR, "utmp malloc failed");
+		if (statbf.st_size && utmp) {
+			nutmp = read(f, (char *)utmp, (int)statbf.st_size);
+			nutmp /= sizeof(struct utmp);
+
+			for (u = utmp ; u < &utmp[nutmp] ; u++) {
+				if (SCMPN(u->ut_line, line+5) ||
+				    u->ut_name[0]==0)
+					continue;
+				(void) lseek(f, ((long)u)-((long)utmp), L_SET);
+				SCPYN(u->ut_name, "");
+				SCPYN(u->ut_host, "");
+				(void) time(&u->ut_time);
+				(void) write(f, (char *)u, sizeof(wtmp));
+				found++;
+			}
+		}
+		(void) close(f);
+	}
+	if (found) {
+		f = open(wtmpf, O_WRONLY|O_APPEND);
+		if (f >= 0) {
+			SCPYN(wtmp.ut_line, line+5);
+			SCPYN(wtmp.ut_name, "");
+			SCPYN(wtmp.ut_host, "");
+			(void) time(&wtmp.ut_time);
+			(void) write(f, (char *)&wtmp, sizeof(wtmp));
+			(void) close(f);
+		}
+	}
+	(void) chmod(line, 0666);
+	(void) chown(line, 0, 0);
+	line[strlen("/dev/")] = 'p';
+	(void) chmod(line, 0666);
+	(void) chown(line, 0, 0);
+}  /* end of rmut */
+#endif	/* CRAY */
+
+#ifdef __hpux
+rmut (line)
+char *line;
+{
+	struct utmp utmp;
+	struct utmp *utptr;
+	int fd;			/* for /etc/wtmp */
+
+	utmp.ut_type = USER_PROCESS;
+	(void) strncpy(utmp.ut_id, line+12, sizeof(utmp.ut_id));
+	(void) setutent();
+	utptr = getutid(&utmp);
+	/* write it out only if it exists */
+	if (utptr) {
+		utptr->ut_type = DEAD_PROCESS;
+		utptr->ut_time = time((long *) 0);
+		(void) pututline(utptr);
+		/* set wtmp entry if wtmp file exists */
+		if ((fd = open(wtmpf, O_WRONLY | O_APPEND)) >= 0) {
+			(void) write(fd, utptr, sizeof(utmp));
+			(void) close(fd);
+		}
+	}
+	(void) endutent();
+
+	(void) chmod(line, 0666);
+	(void) chown(line, 0, 0);
+	line[14] = line[13];
+	line[13] = line[12];
+	line[8] = 'm';
+	line[9] = '/';
+	line[10] = 'p';
+	line[11] = 't';
+	line[12] = 'y';
+	(void) chmod(line, 0666);
+	(void) chown(line, 0, 0);
+}
+#endif
diff --git a/crypto/telnet/telnetd/telnetd.8 b/crypto/telnet/telnetd/telnetd.8
new file mode 100644
index 0000000..e03f290
--- /dev/null
+++ b/crypto/telnet/telnetd/telnetd.8
@@ -0,0 +1,612 @@
+.\" Copyright (c) 1983, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)telnetd.8	8.4 (Berkeley) 6/1/94
+.\"
+.Dd June 1, 1994
+.Dt TELNETD 8
+.Os BSD 4.2
+.Sh NAME
+.Nm telnetd
+.Nd DARPA
+.Tn TELNET
+protocol server
+.Sh SYNOPSIS
+.Nm /usr/libexec/telnetd
+.Op Fl BUhlkns
+.Op Fl D Ar debugmode
+.Op Fl I Ns Ar initid
+.Op Fl S Ar tos
+.Op Fl X Ar authtype
+.Op Fl a Ar authmode
+.Op Fl edebug
+.Op Fl p Ar loginprog
+.Op Fl r Ns Ar lowpty-highpty
+.Op Fl u Ar len
+.Op Fl debug Op Ar port
+.Sh DESCRIPTION
+The
+.Nm
+command is a server which supports the
+.Tn DARPA
+standard
+.Tn TELNET
+virtual terminal protocol.
+.Nm Telnetd
+is normally invoked by the internet server (see
+.Xr inetd 8 )
+for requests to connect to the
+.Tn TELNET
+port as indicated by the
+.Pa /etc/services
+file (see
+.Xr services 5 ).
+The
+.Fl debug
+option may be used to start up
+.Nm
+manually, instead of through
+.Xr inetd 8 .
+If started up this way, 
+.Ar port
+may be specified to run
+.Nm
+on an alternate
+.Tn TCP
+port number.
+.Pp
+The
+.Nm
+command accepts the following options:
+.Bl -tag -width indent
+.It Fl a Ar authmode
+This option may be used for specifying what mode should
+be used for authentication.
+Note that this option is only useful if
+.Nm
+has been compiled with support for the
+.Dv AUTHENTICATION
+option.
+There are several valid values for
+.Ar authmode :
+.Bl -tag -width debug
+.It Cm debug
+Turn on authentication debugging code.
+.It Cm user
+Only allow connections when the remote user
+can provide valid authentication information
+to identify the remote user,
+and is allowed access to the specified account
+without providing a password.
+.It Cm valid
+Only allow connections when the remote user
+can provide valid authentication information
+to identify the remote user.
+The
+.Xr login 1
+command will provide any additional user verification
+needed if the remote user is not allowed automatic
+access to the specified account.
+.It Cm other
+Only allow connections that supply some authentication information.
+This option is currently not supported
+by any of the existing authentication mechanisms,
+and is thus the same as specifying
+.Fl a
+.Cm valid .
+.It Cm none
+This is the default state.
+Authentication information is not required.
+If no or insufficient authentication information
+is provided, then the
+.Xr login 1
+program will provide the necessary user
+verification.
+.It Cm off
+Disable the authentication code.
+All user verification will happen through the
+.Xr login 1
+program.
+.El
+.It Fl B
+Specify bftp server mode.  In this mode,
+.Nm
+causes login to start a
+.Xr bftp 1
+session rather than the user's
+normal shell.  In bftp daemon mode normal
+logins are not supported, and it must be used
+on a port other than the normal
+.Tn TELNET
+port.
+.It Fl D Ar debugmode
+This option may be used for debugging purposes.
+This allows
+.Nm
+to print out debugging information
+to the connection, allowing the user to see what
+.Nm
+is doing.
+There are several possible values for 
+.Ar debugmode :
+.Bl -tag -width exercise
+.It Cm options
+Print information about the negotiation of
+.Tn TELNET
+options.
+.It Cm report
+Print the 
+.Cm options
+information, plus some additional information
+about what processing is going on.
+.It Cm netdata
+Display the data stream received by
+.Nm Ns .
+.It Cm ptydata
+Display data written to the pty.
+.It Cm exercise
+Has not been implemented yet.
+.El
+.It Fl debug
+Enable debugging on each socket created by
+.Nm
+(see
+.Dv SO_DEBUG
+in
+.Xr socket 2 ) .
+.It Fl edebug
+If
+.Nm
+has been compiled with support for data encryption, then the
+.Fl edebug
+option may be used to enable encryption debugging code.
+.It Fl p Ar loginprog
+Specify an alternate
+.Xr login 1
+command to run to complete the login.  The alternate command must
+understand the same command arguments as the standard login.
+.It Fl h
+Disable the printing of host-specific information before
+login has been completed.
+.It Fl I Ar initid
+This option is only applicable to
+.Tn UNICOS
+systems prior to 7.0.
+It specifies the
+.Dv ID
+from
+.Pa /etc/inittab
+to use when init starts login sessions.  The default
+.Dv ID
+is
+.Dv fe.
+.It Fl k
+This option is only useful if
+.Nm
+has been compiled with both linemode and kludge linemode
+support.  If the
+.Fl k
+option is specified, then if the remote client does not
+support the
+.Dv LINEMODE
+option, then
+.Nm
+will operate in character at a time mode.
+It will still support kludge linemode, but will only
+go into kludge linemode if the remote client requests
+it.
+(This is done by the client sending
+.Dv DONT SUPPRESS-GO-AHEAD
+and
+.Dv DONT ECHO . )
+The
+.Fl k
+option is most useful when there are remote clients
+that do not support kludge linemode, but pass the heuristic
+(if they respond with
+.Dv WILL TIMING-MARK
+in response to a
+.Dv DO TIMING-MARK)
+for kludge linemode support.
+.It Fl l
+Specify line mode. Try to force clients to use line-
+at-a-time mode.
+If the
+.Dv LINEMODE
+option is not supported, it will go
+into kludge linemode.
+.It Fl n
+Disable
+.Dv TCP
+keep-alives.  Normally
+.Nm
+enables the
+.Tn TCP
+keep-alive mechanism to probe connections that
+have been idle for some period of time to determine
+if the client is still there, so that idle connections
+from machines that have crashed or can no longer
+be reached may be cleaned up.
+.It Fl r Ar lowpty-highpty
+This option is only enabled when
+.Nm
+is compiled for
+.Dv UNICOS.
+It specifies an inclusive range of pseudo-terminal devices to
+use.  If the system has sysconf variable
+.Dv _SC_CRAY_NPTY
+configured, the default pty search range is 0 to
+.Dv _SC_CRAY_NPTY;
+otherwise, the default range is 0 to 128.  Either
+.Ar lowpty
+or
+.Ar highpty
+may be omitted to allow changing
+either end of the search range.  If
+.Ar lowpty
+is omitted, the - character is still required so that
+.Nm
+can differentiate
+.Ar highpty
+from
+.Ar lowpty .
+.It Fl s
+This option is only enabled if
+.Nm
+is compiled with support for
+.Tn SecurID
+cards.
+It causes the
+.Fl s
+option to be passed on to
+.Xr login 1 ,
+and thus is only useful if
+.Xr login 1
+supports the
+.Fl s
+flag to indicate that only
+.Tn SecurID
+validated logins are allowed, and is
+usually useful for controlling remote logins
+from outside of a firewall.
+.It Fl S Ar tos
+.It Fl u Ar len
+This option is used to specify the size of the field
+in the
+.Dv utmp
+structure that holds the remote host name.
+If the resolved host name is longer than
+.Ar len ,
+the dotted decimal value will be used instead.
+This allows hosts with very long host names that
+overflow this field to still be uniquely identified.
+Specifying
+.Fl u0
+indicates that only dotted decimal addresses
+should be put into the
+.Pa utmp
+file.
+.ne 1i
+.It Fl U
+This option causes
+.Nm
+to refuse connections from addresses that
+cannot be mapped back into a symbolic name
+via the
+.Xr gethostbyaddr 3
+routine.
+.It Fl X Ar authtype
+This option is only valid if
+.Nm
+has been built with support for the authentication option.
+It disables the use of
+.Ar authtype
+authentication, and
+can be used to temporarily disable
+a specific authentication type without having to recompile
+.Nm Ns .
+.El
+.Pp
+.Nm Telnetd
+operates by allocating a pseudo-terminal device (see
+.Xr pty 4 )
+for a client, then creating a login process which has
+the slave side of the pseudo-terminal as 
+.Dv stdin ,
+.Dv stdout
+and
+.Dv stderr .
+.Nm Telnetd
+manipulates the master side of the pseudo-terminal,
+implementing the
+.Tn TELNET
+protocol and passing characters
+between the remote client and the login process.
+.Pp
+When a
+.Tn TELNET
+session is started up, 
+.Nm
+sends
+.Tn TELNET
+options to the client side indicating
+a willingness to do the
+following
+.Tn TELNET
+options, which are described in more detail below:
+.Bd -literal -offset indent
+DO AUTHENTICATION
+WILL ENCRYPT
+DO TERMINAL TYPE
+DO TSPEED
+DO XDISPLOC
+DO NEW-ENVIRON
+DO ENVIRON
+WILL SUPPRESS GO AHEAD
+DO ECHO
+DO LINEMODE
+DO NAWS
+WILL STATUS
+DO LFLOW
+DO TIMING-MARK
+.Ed
+.Pp
+The pseudo-terminal allocated to the client is configured
+to operate in \*(lqcooked\*(rq mode, and with
+.Dv XTABS and
+.Dv CRMOD
+enabled (see
+.Xr tty 4 ) .
+.Pp
+.Nm Telnetd
+has support for enabling locally the following
+.Tn TELNET
+options:
+.Bl -tag -width "DO AUTHENTICATION"
+.It "WILL ECHO"
+When the
+.Dv LINEMODE
+option is enabled, a
+.Dv WILL ECHO
+or
+.Dv WONT ECHO
+will be sent to the client to indicate the
+current state of terminal echoing.
+When terminal echo is not desired, a
+.Dv WILL ECHO
+is sent to indicate that
+.Nm
+will take care of echoing any data that needs to be
+echoed to the terminal, and then nothing is echoed.
+When terminal echo is desired, a
+.Dv WONT ECHO
+is sent to indicate that
+.Nm
+will not be doing any terminal echoing, so the
+client should do any terminal echoing that is needed.
+.It "WILL BINARY"
+Indicate that the client is willing to send a
+8 bits of data, rather than the normal 7 bits
+of the Network Virtual Terminal.
+.It "WILL SGA"
+Indicate that it will not be sending
+.Dv IAC GA,
+go ahead, commands.
+.It "WILL STATUS"
+Indicate a willingness to send the client, upon
+request, of the current status of all
+.Tn TELNET
+options.
+.It "WILL TIMING-MARK"
+Whenever a
+.Dv DO TIMING-MARK
+command is received, it is always responded
+to with a
+.Dv WILL TIMING-MARK
+.ne 1i
+.It "WILL LOGOUT"
+When a
+.Dv DO LOGOUT
+is received, a
+.Dv WILL LOGOUT
+is sent in response, and the
+.Tn TELNET
+session is shut down.
+.It "WILL ENCRYPT"
+Only sent if
+.Nm
+is compiled with support for data encryption, and
+indicates a willingness to decrypt
+the data stream.
+.El
+.Pp
+.Nm Telnetd
+has support for enabling remotely the following
+.Tn TELNET
+options:
+.Bl -tag -width "DO AUTHENTICATION"
+.It "DO BINARY"
+Sent to indicate that
+.Nm
+is willing to receive an 8 bit data stream.
+.It "DO LFLOW"
+Requests that the client handle flow control
+characters remotely.
+.It "DO ECHO"
+This is not really supported, but is sent to identify a 4.2BSD
+.Xr telnet 1
+client, which will improperly respond with
+.Dv WILL ECHO.
+If a
+.Dv WILL ECHO
+is received, a
+.Dv DONT ECHO
+will be sent in response.
+.It "DO TERMINAL-TYPE"
+Indicate a desire to be able to request the
+name of the type of terminal that is attached
+to the client side of the connection.
+.It "DO SGA"
+Indicate that it does not need to receive
+.Dv IAC GA,
+the go ahead command.
+.It "DO NAWS"
+Requests that the client inform the server when
+the window (display) size changes.
+.It "DO TERMINAL-SPEED"
+Indicate a desire to be able to request information
+about the speed of the serial line to which
+the client is attached.
+.It "DO XDISPLOC"
+Indicate a desire to be able to request the name
+of the X Window System display that is associated with
+the telnet client.
+.It "DO NEW-ENVIRON"
+Indicate a desire to be able to request environment
+variable information, as described in RFC 1572.
+.It "DO ENVIRON"
+Indicate a desire to be able to request environment
+variable information, as described in RFC 1408.
+.It "DO LINEMODE"
+Only sent if
+.Nm
+is compiled with support for linemode, and
+requests that the client do line by line processing.
+.It "DO TIMING-MARK"
+Only sent if
+.Nm
+is compiled with support for both linemode and
+kludge linemode, and the client responded with
+.Dv WONT LINEMODE.
+If the client responds with
+.Dv WILL TM,
+the it is assumed that the client supports
+kludge linemode.
+Note that the
+.Op Fl k
+option can be used to disable this.
+.It "DO AUTHENTICATION"
+Only sent if
+.Nm
+is compiled with support for authentication, and
+indicates a willingness to receive authentication
+information for automatic login.
+.It "DO ENCRYPT"
+Only sent if
+.Nm
+is compiled with support for data encryption, and
+indicates a willingness to decrypt
+the data stream.
+.Sh ENVIRONMENT
+.Sh FILES
+.Bl -tag -width /usr/ucb/bftp -compact
+.It Pa /etc/services
+.It Pa /etc/inittab
+(UNICOS systems only)
+.It Pa /etc/iptos
+(if supported)
+.It Pa /usr/ucb/bftp
+(if supported)
+.El
+.Sh "SEE ALSO"
+.Xr bftp 1 ,
+.Xr login 1 ,
+.Xr telnet 1
+(if supported)
+.Sh STANDARDS
+.Bl -tag -compact -width RFC-1572
+.It Cm RFC-854
+.Tn TELNET
+PROTOCOL SPECIFICATION
+.It Cm RFC-855
+TELNET OPTION SPECIFICATIONS
+.It Cm RFC-856
+TELNET BINARY TRANSMISSION
+.It Cm RFC-857
+TELNET ECHO OPTION
+.It Cm RFC-858
+TELNET SUPPRESS GO AHEAD OPTION
+.It Cm RFC-859
+TELNET STATUS OPTION
+.It Cm RFC-860
+TELNET TIMING MARK OPTION
+.It Cm RFC-861
+TELNET EXTENDED OPTIONS - LIST OPTION
+.It Cm RFC-885
+TELNET END OF RECORD OPTION
+.It Cm RFC-1073
+Telnet Window Size Option
+.It Cm RFC-1079
+Telnet Terminal Speed Option
+.It Cm RFC-1091
+Telnet Terminal-Type Option
+.It Cm RFC-1096
+Telnet X Display Location Option
+.It Cm RFC-1123
+Requirements for Internet Hosts -- Application and Support
+.It Cm RFC-1184
+Telnet Linemode Option
+.It Cm RFC-1372
+Telnet Remote Flow Control Option
+.It Cm RFC-1416
+Telnet Authentication Option
+.It Cm RFC-1411
+Telnet Authentication: Kerberos Version 4
+.It Cm RFC-1412
+Telnet Authentication: SPX
+.It Cm RFC-1571
+Telnet Environment Option Interoperability Issues
+.It Cm RFC-1572
+Telnet Environment Option
+.Sh BUGS
+Some
+.Tn TELNET
+commands are only partially implemented.
+.Pp
+Because of bugs in the original 4.2 BSD
+.Xr telnet 1 ,
+.Nm
+performs some dubious protocol exchanges to try to discover if the remote
+client is, in fact, a 4.2 BSD
+.Xr telnet 1 .
+.Pp
+Binary mode
+has no common interpretation except between similar operating systems
+(Unix in this case).
+.Pp
+The terminal type name received from the remote client is converted to
+lower case.
+.Pp
+.Nm Telnetd
+never sends
+.Tn TELNET
+.Dv IAC GA
+(go ahead) commands.
diff --git a/crypto/telnet/telnetd/telnetd.c b/crypto/telnet/telnetd/telnetd.c
new file mode 100644
index 0000000..57e6ed2
--- /dev/null
+++ b/crypto/telnet/telnetd/telnetd.c
@@ -0,0 +1,1614 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char copyright[] =
+"@(#) Copyright (c) 1989, 1993\n\
+	The Regents of the University of California.  All rights reserved.\n";
+#endif /* not lint */
+
+#ifndef lint
+#if 0
+static const char sccsid[] = "@(#)telnetd.c	8.4 (Berkeley) 5/30/95";
+#endif
+static const char rcsid[] =
+  "$FreeBSD$";
+#endif /* not lint */
+
+#include "telnetd.h"
+#include "pathnames.h"
+
+#if	defined(_SC_CRAY_SECURE_SYS) && !defined(SCM_SECURITY)
+/*
+ * UNICOS 6.0/6.1 do not have SCM_SECURITY defined, so we can
+ * use it to tell us to turn off all the socket security code,
+ * since that is only used in UNICOS 7.0 and later.
+ */
+# undef _SC_CRAY_SECURE_SYS
+#endif
+
+#include <err.h>
+#include <arpa/inet.h>
+
+#include <libutil.h>
+#include <utmp.h>
+
+#if	defined(_SC_CRAY_SECURE_SYS)
+#include <sys/sysv.h>
+#include <sys/secdev.h>
+# ifdef SO_SEC_MULTI		/* 8.0 code */
+#include <sys/secparm.h>
+#include <sys/usrv.h>
+# endif /* SO_SEC_MULTI */
+int	secflag;
+char	tty_dev[16];
+struct	secdev dv;
+struct	sysv sysv;
+# ifdef SO_SEC_MULTI		/* 8.0 code */
+struct	socksec ss;
+# else /* SO_SEC_MULTI */	/* 7.0 code */
+struct	socket_security ss;
+# endif /* SO_SEC_MULTI */
+#endif	/* _SC_CRAY_SECURE_SYS */
+
+#if	defined(AUTHENTICATION)
+#include <libtelnet/auth.h>
+int	auth_level = 0;
+#endif
+#if	defined(ENCRYPTION)
+#include <libtelnet/encrypt.h>
+#endif
+#include <libtelnet/misc.h>
+#if	defined(SecurID)
+int	require_SecurID = 0;
+#endif
+
+char	remote_hostname[MAXHOSTNAMELEN];
+int	utmp_len = sizeof(remote_hostname) - 1;
+int	registerd_host_only = 0;
+
+#ifdef	STREAMSPTY
+# include <stropts.h>
+# include <termio.h>
+/* make sure we don't get the bsd version */
+# include "/usr/include/sys/tty.h"
+# include <sys/ptyvar.h>
+
+/*
+ * Because of the way ptyibuf is used with streams messages, we need
+ * ptyibuf+1 to be on a full-word boundary.  The following wierdness
+ * is simply to make that happen.
+ */
+long	ptyibufbuf[BUFSIZ/sizeof(long)+1];
+char	*ptyibuf = ((char *)&ptyibufbuf[1])-1;
+char	*ptyip = ((char *)&ptyibufbuf[1])-1;
+char	ptyibuf2[BUFSIZ];
+unsigned char ctlbuf[BUFSIZ];
+struct	strbuf strbufc, strbufd;
+
+#else	/* ! STREAMPTY */
+
+/*
+ * I/O data buffers,
+ * pointers, and counters.
+ */
+char	ptyibuf[BUFSIZ], *ptyip = ptyibuf;
+char	ptyibuf2[BUFSIZ];
+
+# include <termcap.h>
+
+int readstream(int p, char *ibuf, int bufsize);
+void doit(struct sockaddr_in *who);
+int terminaltypeok(char *s);
+void startslave(char *host, int autologin, char *autoname);
+
+#endif /* ! STREAMPTY */
+
+int	hostinfo = 1;			/* do we print login banner? */
+
+#ifdef	CRAY
+extern int      newmap; /* nonzero if \n maps to ^M^J */
+int	lowpty = 0, highpty;	/* low, high pty numbers */
+#endif /* CRAY */
+
+int debug = 0;
+int keepalive = 1;
+char *altlogin;
+
+void doit __P((struct sockaddr_in *));
+int terminaltypeok __P((char *));
+void startslave __P((char *, int, char *));
+extern void usage P((void));
+
+/*
+ * The string to pass to getopt().  We do it this way so
+ * that only the actual options that we support will be
+ * passed off to getopt().
+ */
+char valid_opts[] = {
+	'd', ':', 'h', 'k', 'n', 'p', ':', 'S', ':', 'u', ':', 'U',
+#ifdef	AUTHENTICATION
+	'a', ':', 'X', ':',
+#endif
+#ifdef BFTPDAEMON
+	'B',
+#endif
+#ifdef DIAGNOSTICS
+	'D', ':',
+#endif
+#ifdef	ENCRYPTION
+	'e', ':',
+#endif
+#if	defined(CRAY) && defined(NEWINIT)
+	'I', ':',
+#endif
+#ifdef	LINEMODE
+	'l',
+#endif
+#ifdef CRAY
+	'r', ':',
+#endif
+#ifdef	SecurID
+	's',
+#endif
+	'\0'
+};
+
+	int
+main(argc, argv)
+	char *argv[];
+{
+	struct sockaddr_in from;
+	int on = 1, fromlen;
+	register int ch;
+#if	defined(IPPROTO_IP) && defined(IP_TOS)
+	int tos = -1;
+#endif
+
+	pfrontp = pbackp = ptyobuf;
+	netip = netibuf;
+	nfrontp = nbackp = netobuf;
+#ifdef	ENCRYPTION
+	nclearto = 0;
+#endif	/* ENCRYPTION */
+
+	/*
+	 * This initialization causes linemode to default to a configuration
+	 * that works on all telnet clients, including the FreeBSD client.
+	 * This is not quite the same as the telnet client issuing a "mode
+	 * character" command, but has most of the same benefits, and is
+	 * preferable since some clients (like usofts) don't have the
+	 * mode character command anyway and linemode breaks things.
+	 * The most notable symptom of fix is that csh "set filec" operations
+	 * like <ESC> (filename completion) and ^D (choices) keys now work
+	 * in telnet sessions and can be used more than once on the same line.
+	 * CR/LF handling is also corrected in some termio modes.  This 
+	 * change resolves problem reports bin/771 and bin/1037.
+	 */
+
+	linemode=1;	/*Default to mode that works on bulk of clients*/
+
+#ifdef CRAY
+	/*
+	 * Get number of pty's before trying to process options,
+	 * which may include changing pty range.
+	 */
+	highpty = getnpty();
+#endif /* CRAY */
+
+	while ((ch = getopt(argc, argv, valid_opts)) != -1) {
+		switch(ch) {
+
+#ifdef	AUTHENTICATION
+		case 'a':
+			/*
+			 * Check for required authentication level
+			 */
+			if (strcmp(optarg, "debug") == 0) {
+				extern int auth_debug_mode;
+				auth_debug_mode = 1;
+			} else if (strcasecmp(optarg, "none") == 0) {
+				auth_level = 0;
+			} else if (strcasecmp(optarg, "other") == 0) {
+				auth_level = AUTH_OTHER;
+			} else if (strcasecmp(optarg, "user") == 0) {
+				auth_level = AUTH_USER;
+			} else if (strcasecmp(optarg, "valid") == 0) {
+				auth_level = AUTH_VALID;
+			} else if (strcasecmp(optarg, "off") == 0) {
+				/*
+				 * This hack turns off authentication
+				 */
+				auth_level = -1;
+			} else {
+				warnx("unknown authorization level for -a");
+			}
+			break;
+#endif	/* AUTHENTICATION */
+
+#ifdef BFTPDAEMON
+		case 'B':
+			bftpd++;
+			break;
+#endif /* BFTPDAEMON */
+
+		case 'd':
+			if (strcmp(optarg, "ebug") == 0) {
+				debug++;
+				break;
+			}
+			usage();
+			/* NOTREACHED */
+			break;
+
+#ifdef DIAGNOSTICS
+		case 'D':
+			/*
+			 * Check for desired diagnostics capabilities.
+			 */
+			if (!strcmp(optarg, "report")) {
+				diagnostic |= TD_REPORT|TD_OPTIONS;
+			} else if (!strcmp(optarg, "exercise")) {
+				diagnostic |= TD_EXERCISE;
+			} else if (!strcmp(optarg, "netdata")) {
+				diagnostic |= TD_NETDATA;
+			} else if (!strcmp(optarg, "ptydata")) {
+				diagnostic |= TD_PTYDATA;
+			} else if (!strcmp(optarg, "options")) {
+				diagnostic |= TD_OPTIONS;
+			} else {
+				usage();
+				/* NOT REACHED */
+			}
+			break;
+#endif /* DIAGNOSTICS */
+
+#ifdef	ENCRYPTION
+		case 'e':
+			if (strcmp(optarg, "debug") == 0) {
+				extern int encrypt_debug_mode;
+				encrypt_debug_mode = 1;
+				break;
+			}
+			usage();
+			/* NOTREACHED */
+			break;
+#endif	/* ENCRYPTION */
+
+		case 'h':
+			hostinfo = 0;
+			break;
+
+#if	defined(CRAY) && defined(NEWINIT)
+		case 'I':
+		    {
+			extern char *gen_id;
+			gen_id = optarg;
+			break;
+		    }
+#endif	/* defined(CRAY) && defined(NEWINIT) */
+
+#ifdef	LINEMODE
+		case 'l':
+			alwayslinemode = 1;
+			break;
+#endif	/* LINEMODE */
+
+		case 'k':
+#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
+			lmodetype = NO_AUTOKLUDGE;
+#else
+			/* ignore -k option if built without kludge linemode */
+#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
+			break;
+
+		case 'n':
+			keepalive = 0;
+			break;
+
+		case 'p':
+			altlogin = optarg;
+			break;
+
+#ifdef CRAY
+		case 'r':
+		    {
+			char *strchr();
+			char *c;
+
+			/*
+			 * Allow the specification of alterations
+			 * to the pty search range.  It is legal to
+			 * specify only one, and not change the
+			 * other from its default.
+			 */
+			c = strchr(optarg, '-');
+			if (c) {
+				*c++ = '\0';
+				highpty = atoi(c);
+			}
+			if (*optarg != '\0')
+				lowpty = atoi(optarg);
+			if ((lowpty > highpty) || (lowpty < 0) ||
+							(highpty > 32767)) {
+				usage();
+				/* NOT REACHED */
+			}
+			break;
+		    }
+#endif	/* CRAY */
+
+#ifdef	SecurID
+		case 's':
+			/* SecurID required */
+			require_SecurID = 1;
+			break;
+#endif	/* SecurID */
+		case 'S':
+#ifdef	HAS_GETTOS
+			if ((tos = parsetos(optarg, "tcp")) < 0)
+				warnx("%s%s%s",
+					"bad TOS argument '", optarg,
+					"'; will try to use default TOS");
+#else
+			warnx("TOS option unavailable; -S flag not supported");
+#endif
+			break;
+
+		case 'u':
+			utmp_len = atoi(optarg);
+			if (utmp_len < 0)
+				utmp_len = -utmp_len;
+			if (utmp_len >= sizeof(remote_hostname))
+				utmp_len = sizeof(remote_hostname) - 1;
+			break;
+
+		case 'U':
+			registerd_host_only = 1;
+			break;
+
+#ifdef	AUTHENTICATION
+		case 'X':
+			/*
+			 * Check for invalid authentication types
+			 */
+			auth_disable_name(optarg);
+			break;
+#endif	/* AUTHENTICATION */
+
+		default:
+			warnx("%c: unknown option", ch);
+			/* FALLTHROUGH */
+		case '?':
+			usage();
+			/* NOTREACHED */
+		}
+	}
+
+	argc -= optind;
+	argv += optind;
+
+	if (debug) {
+	    int s, ns, foo;
+	    struct servent *sp;
+	    static struct sockaddr_in sin = { AF_INET };
+
+	    if (argc > 1) {
+		usage();
+		/* NOT REACHED */
+	    } else if (argc == 1) {
+		    if ((sp = getservbyname(*argv, "tcp"))) {
+			sin.sin_port = sp->s_port;
+		    } else {
+			sin.sin_port = atoi(*argv);
+			if ((int)sin.sin_port <= 0) {
+			    warnx("%s: bad port #", *argv);
+			    usage();
+			    /* NOT REACHED */
+			}
+			sin.sin_port = htons((u_short)sin.sin_port);
+		   }
+	    } else {
+		sp = getservbyname("telnet", "tcp");
+		if (sp == 0)
+		    errx(1, "tcp/telnet: unknown service");
+		sin.sin_port = sp->s_port;
+	    }
+
+	    s = socket(AF_INET, SOCK_STREAM, 0);
+	    if (s < 0)
+		    err(1, "socket");
+	    (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
+				(char *)&on, sizeof(on));
+	    if (bind(s, (struct sockaddr *)&sin, sizeof sin) < 0)
+		err(1, "bind");
+	    if (listen(s, 1) < 0)
+		err(1, "listen");
+	    foo = sizeof sin;
+	    ns = accept(s, (struct sockaddr *)&sin, &foo);
+	    if (ns < 0)
+		err(1, "accept");
+	    (void) dup2(ns, 0);
+	    (void) close(ns);
+	    (void) close(s);
+#ifdef convex
+	} else if (argc == 1) {
+		; /* VOID*/		/* Just ignore the host/port name */
+#endif
+	} else if (argc > 0) {
+		usage();
+		/* NOT REACHED */
+	}
+
+#if	defined(_SC_CRAY_SECURE_SYS)
+	secflag = sysconf(_SC_CRAY_SECURE_SYS);
+
+	/*
+	 *	Get socket's security label
+	 */
+	if (secflag)  {
+		int szss = sizeof(ss);
+#ifdef SO_SEC_MULTI			/* 8.0 code */
+		int sock_multi;
+		int szi = sizeof(int);
+#endif /* SO_SEC_MULTI */
+
+		memset((char *)&dv, 0, sizeof(dv));
+
+		if (getsysv(&sysv, sizeof(struct sysv)) != 0)
+			err(1, "getsysv");
+
+		/*
+		 *	Get socket security label and set device values
+		 *	   {security label to be set on ttyp device}
+		 */
+#ifdef SO_SEC_MULTI			/* 8.0 code */
+		if ((getsockopt(0, SOL_SOCKET, SO_SECURITY,
+			       (char *)&ss, &szss) < 0) ||
+		    (getsockopt(0, SOL_SOCKET, SO_SEC_MULTI,
+				(char *)&sock_multi, &szi) < 0)) {
+			err(1, "getsockopt");
+		} else {
+			dv.dv_actlvl = ss.ss_actlabel.lt_level;
+			dv.dv_actcmp = ss.ss_actlabel.lt_compart;
+			if (!sock_multi) {
+				dv.dv_minlvl = dv.dv_maxlvl = dv.dv_actlvl;
+				dv.dv_valcmp = dv.dv_actcmp;
+			} else {
+				dv.dv_minlvl = ss.ss_minlabel.lt_level;
+				dv.dv_maxlvl = ss.ss_maxlabel.lt_level;
+				dv.dv_valcmp = ss.ss_maxlabel.lt_compart;
+			}
+			dv.dv_devflg = 0;
+		}
+#else /* SO_SEC_MULTI */		/* 7.0 code */
+		if (getsockopt(0, SOL_SOCKET, SO_SECURITY,
+				(char *)&ss, &szss) >= 0) {
+			dv.dv_actlvl = ss.ss_slevel;
+			dv.dv_actcmp = ss.ss_compart;
+			dv.dv_minlvl = ss.ss_minlvl;
+			dv.dv_maxlvl = ss.ss_maxlvl;
+			dv.dv_valcmp = ss.ss_maxcmp;
+		}
+#endif /* SO_SEC_MULTI */
+	}
+#endif	/* _SC_CRAY_SECURE_SYS */
+
+	openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
+	fromlen = sizeof (from);
+	if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
+		warn("getpeername");
+		_exit(1);
+	}
+	if (keepalive &&
+	    setsockopt(0, SOL_SOCKET, SO_KEEPALIVE,
+			(char *)&on, sizeof (on)) < 0) {
+		syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
+	}
+
+#if	defined(IPPROTO_IP) && defined(IP_TOS)
+	{
+# if	defined(HAS_GETTOS)
+		struct tosent *tp;
+		if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
+			tos = tp->t_tos;
+# endif
+		if (tos < 0)
+			tos = 020;	/* Low Delay bit */
+		if (tos
+		   && (setsockopt(0, IPPROTO_IP, IP_TOS,
+				  (char *)&tos, sizeof(tos)) < 0)
+		   && (errno != ENOPROTOOPT) )
+			syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
+	}
+#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
+	net = 0;
+	doit(&from);
+	/* NOTREACHED */
+	return(0);
+}  /* end of main */
+
+	void
+usage()
+{
+	fprintf(stderr, "usage: telnetd");
+#ifdef	AUTHENTICATION
+	fprintf(stderr, " [-a (debug|other|user|valid|off|none)]\n\t");
+#endif
+#ifdef BFTPDAEMON
+	fprintf(stderr, " [-B]");
+#endif
+	fprintf(stderr, " [-debug]");
+#ifdef DIAGNOSTICS
+	fprintf(stderr, " [-D (options|report|exercise|netdata|ptydata)]\n\t");
+#endif
+#ifdef	AUTHENTICATION
+	fprintf(stderr, " [-edebug]");
+#endif
+	fprintf(stderr, " [-h]");
+#if	defined(CRAY) && defined(NEWINIT)
+	fprintf(stderr, " [-Iinitid]");
+#endif
+#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
+	fprintf(stderr, " [-k]");
+#endif
+#ifdef LINEMODE
+	fprintf(stderr, " [-l]");
+#endif
+	fprintf(stderr, " [-n]");
+#ifdef	CRAY
+	fprintf(stderr, " [-r[lowpty]-[highpty]]");
+#endif
+	fprintf(stderr, "\n\t");
+#ifdef	SecurID
+	fprintf(stderr, " [-s]");
+#endif
+#ifdef	HAS_GETTOS
+	fprintf(stderr, " [-S tos]");
+#endif
+#ifdef	AUTHENTICATION
+	fprintf(stderr, " [-X auth-type]");
+#endif
+	fprintf(stderr, " [-u utmp_hostname_length] [-U]");
+	fprintf(stderr, " [port]\n");
+	exit(1);
+}
+
+/*
+ * getterminaltype
+ *
+ *	Ask the other end to send along its terminal type and speed.
+ * Output is the variable terminaltype filled in.
+ */
+static unsigned char ttytype_sbbuf[] = {
+	IAC, SB, TELOPT_TTYPE, TELQUAL_SEND, IAC, SE
+};
+
+    int
+getterminaltype(name)
+    char *name;
+{
+    int retval = -1;
+    void _gettermname();
+
+    settimer(baseline);
+#if	defined(AUTHENTICATION)
+    /*
+     * Handle the Authentication option before we do anything else.
+     */
+    send_do(TELOPT_AUTHENTICATION, 1);
+    while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
+	ttloop();
+    if (his_state_is_will(TELOPT_AUTHENTICATION)) {
+	retval = auth_wait(name);
+    }
+#endif
+
+#ifdef	ENCRYPTION
+    send_will(TELOPT_ENCRYPT, 1);
+#endif	/* ENCRYPTION */
+    send_do(TELOPT_TTYPE, 1);
+    send_do(TELOPT_TSPEED, 1);
+    send_do(TELOPT_XDISPLOC, 1);
+    send_do(TELOPT_NEW_ENVIRON, 1);
+    send_do(TELOPT_OLD_ENVIRON, 1);
+    while (
+#ifdef	ENCRYPTION
+	   his_do_dont_is_changing(TELOPT_ENCRYPT) ||
+#endif	/* ENCRYPTION */
+	   his_will_wont_is_changing(TELOPT_TTYPE) ||
+	   his_will_wont_is_changing(TELOPT_TSPEED) ||
+	   his_will_wont_is_changing(TELOPT_XDISPLOC) ||
+	   his_will_wont_is_changing(TELOPT_NEW_ENVIRON) ||
+	   his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) {
+	ttloop();
+    }
+#ifdef	ENCRYPTION
+    /*
+     * Wait for the negotiation of what type of encryption we can
+     * send with.  If autoencrypt is not set, this will just return.
+     */
+    if (his_state_is_will(TELOPT_ENCRYPT)) {
+	encrypt_wait();
+    }
+#endif	/* ENCRYPTION */
+    if (his_state_is_will(TELOPT_TSPEED)) {
+	static unsigned char sb[] =
+			{ IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
+
+	memmove(nfrontp, sb, sizeof sb);
+	nfrontp += sizeof sb;
+	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+    }
+    if (his_state_is_will(TELOPT_XDISPLOC)) {
+	static unsigned char sb[] =
+			{ IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
+
+	memmove(nfrontp, sb, sizeof sb);
+	nfrontp += sizeof sb;
+	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+    }
+    if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
+	static unsigned char sb[] =
+			{ IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE };
+
+	memmove(nfrontp, sb, sizeof sb);
+	nfrontp += sizeof sb;
+	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+    }
+    else if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
+	static unsigned char sb[] =
+			{ IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE };
+
+	memmove(nfrontp, sb, sizeof sb);
+	nfrontp += sizeof sb;
+	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+    }
+    if (his_state_is_will(TELOPT_TTYPE)) {
+
+	memmove(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf);
+	nfrontp += sizeof ttytype_sbbuf;
+	DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
+					sizeof ttytype_sbbuf - 2););
+    }
+    if (his_state_is_will(TELOPT_TSPEED)) {
+	while (sequenceIs(tspeedsubopt, baseline))
+	    ttloop();
+    }
+    if (his_state_is_will(TELOPT_XDISPLOC)) {
+	while (sequenceIs(xdisplocsubopt, baseline))
+	    ttloop();
+    }
+    if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
+	while (sequenceIs(environsubopt, baseline))
+	    ttloop();
+    }
+    if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
+	while (sequenceIs(oenvironsubopt, baseline))
+	    ttloop();
+    }
+    if (his_state_is_will(TELOPT_TTYPE)) {
+	char first[256], last[256];
+
+	while (sequenceIs(ttypesubopt, baseline))
+	    ttloop();
+
+	/*
+	 * If the other side has already disabled the option, then
+	 * we have to just go with what we (might) have already gotten.
+	 */
+	if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
+	    (void) strncpy(first, terminaltype, sizeof(first)-1);
+	    first[sizeof(first)-1] = '\0';
+	    for(;;) {
+		/*
+		 * Save the unknown name, and request the next name.
+		 */
+		(void) strncpy(last, terminaltype, sizeof(last)-1);
+		last[sizeof(last)-1] = '\0';
+		_gettermname();
+		if (terminaltypeok(terminaltype))
+		    break;
+		if ((strncmp(last, terminaltype, sizeof(last)) == 0) ||
+		    his_state_is_wont(TELOPT_TTYPE)) {
+		    /*
+		     * We've hit the end.  If this is the same as
+		     * the first name, just go with it.
+		     */
+		    if (strncmp(first, terminaltype, sizeof(first)) == 0)
+			break;
+		    /*
+		     * Get the terminal name one more time, so that
+		     * RFC1091 compliant telnets will cycle back to
+		     * the start of the list.
+		     */
+		     _gettermname();
+		    if (strncmp(first, terminaltype, sizeof(first)) != 0) {
+			(void) strncpy(terminaltype, first, sizeof(terminaltype)-1);
+			terminaltype[sizeof(terminaltype)-1] = '\0';
+		    }
+		    break;
+		}
+	    }
+	}
+    }
+    return(retval);
+}  /* end of getterminaltype */
+
+    void
+_gettermname()
+{
+    /*
+     * If the client turned off the option,
+     * we can't send another request, so we
+     * just return.
+     */
+    if (his_state_is_wont(TELOPT_TTYPE))
+	return;
+    settimer(baseline);
+    memmove(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf);
+    nfrontp += sizeof ttytype_sbbuf;
+    DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
+					sizeof ttytype_sbbuf - 2););
+    while (sequenceIs(ttypesubopt, baseline))
+	ttloop();
+}
+
+    int
+terminaltypeok(s)
+    char *s;
+{
+    char buf[1024];
+
+    if (terminaltype == NULL)
+	return(1);
+
+    /*
+     * tgetent() will return 1 if the type is known, and
+     * 0 if it is not known.  If it returns -1, it couldn't
+     * open the database.  But if we can't open the database,
+     * it won't help to say we failed, because we won't be
+     * able to verify anything else.  So, we treat -1 like 1.
+     */
+    if (tgetent(buf, s) == 0)
+	return(0);
+    return(1);
+}
+
+#ifndef	MAXHOSTNAMELEN
+#define	MAXHOSTNAMELEN 64
+#endif	/* MAXHOSTNAMELEN */
+
+char *hostname;
+char host_name[MAXHOSTNAMELEN];
+
+extern void telnet P((int, int, char *));
+
+int level;
+char user_name[256];
+/*
+ * Get a pty, scan input lines.
+ */
+	void
+doit(who)
+	struct sockaddr_in *who;
+{
+	int ptynum;
+
+	/*
+	 * Find an available pty to use.
+	 */
+#ifndef	convex
+	pty = getpty(&ptynum);
+	if (pty < 0)
+		fatal(net, "All network ports in use");
+#else
+	for (;;) {
+		char *lp;
+		extern char *line, *getpty();
+
+		if ((lp = getpty()) == NULL)
+			fatal(net, "Out of ptys");
+
+		if ((pty = open(lp, 2)) >= 0) {
+			strcpy(line,lp);
+			line[5] = 't';
+			break;
+		}
+	}
+#endif
+
+#if	defined(_SC_CRAY_SECURE_SYS)
+	/*
+	 *	set ttyp line security label
+	 */
+	if (secflag) {
+		char slave_dev[16];
+
+		sprintf(tty_dev, "/dev/pty/%03d", ptynum);
+		if (setdevs(tty_dev, &dv) < 0)
+		 	fatal(net, "cannot set pty security");
+		sprintf(slave_dev, "/dev/ttyp%03d", ptynum);
+		if (setdevs(slave_dev, &dv) < 0)
+		 	fatal(net, "cannot set tty security");
+	}
+#endif	/* _SC_CRAY_SECURE_SYS */
+
+	/* get name of connected client */
+	if (realhostname(remote_hostname, sizeof(remote_hostname) - 1,
+	    &who->sin_addr) == HOSTNAME_INVALIDADDR && registerd_host_only)
+		fatal(net, "Couldn't resolve your address into a host name.\r\n\
+	 Please contact your net administrator");
+	remote_hostname[sizeof(remote_hostname) - 1] = '\0';
+
+	trimdomain(remote_hostname, UT_HOSTSIZE);
+	if (!isdigit(remote_hostname[0]) && strlen(remote_hostname) > utmp_len)
+		strncpy(remote_hostname, inet_ntoa(who->sin_addr),
+			sizeof(remote_hostname) - 1);
+
+	(void) gethostname(host_name, sizeof(host_name) - 1);
+	host_name[sizeof(host_name) - 1] = '\0';
+	hostname = host_name;
+
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+	auth_encrypt_init(hostname, remote_hostname, "TELNETD", 1);
+#endif
+
+	init_env();
+	/*
+	 * get terminal type.
+	 */
+	*user_name = 0;
+	level = getterminaltype(user_name);
+	setenv("TERM", terminaltype ? terminaltype : "network", 1);
+
+#if	defined(_SC_CRAY_SECURE_SYS)
+	if (secflag) {
+		if (setulvl(dv.dv_actlvl) < 0)
+			fatal(net,"cannot setulvl()");
+		if (setucmp(dv.dv_actcmp) < 0)
+			fatal(net, "cannot setucmp()");
+	}
+#endif	/* _SC_CRAY_SECURE_SYS */
+
+	telnet(net, pty, remote_hostname);	/* begin server process */
+
+	/*NOTREACHED*/
+}  /* end of doit */
+
+#if	defined(CRAY2) && defined(UNICOS5) && defined(UNICOS50)
+	int
+Xterm_output(ibufp, obuf, icountp, ocount)
+	char **ibufp, *obuf;
+	int *icountp, ocount;
+{
+	int ret;
+	ret = term_output(*ibufp, obuf, *icountp, ocount);
+	*ibufp += *icountp;
+	*icountp = 0;
+	return(ret);
+}
+#define	term_output	Xterm_output
+#endif	/* defined(CRAY2) && defined(UNICOS5) && defined(UNICOS50) */
+
+/*
+ * Main loop.  Select from pty and network, and
+ * hand data to telnet receiver finite state machine.
+ */
+	void
+telnet(f, p, host)
+	int f, p;
+	char *host;
+{
+	int on = 1;
+#define	TABBUFSIZ	512
+	char	defent[TABBUFSIZ];
+	char	defstrs[TABBUFSIZ];
+#undef	TABBUFSIZ
+	char *HE;
+	char *HN;
+	char *IM;
+	void netflush();
+	int nfd;
+
+	/*
+	 * Initialize the slc mapping table.
+	 */
+	get_slc_defaults();
+
+	/*
+	 * Do some tests where it is desireable to wait for a response.
+	 * Rather than doing them slowly, one at a time, do them all
+	 * at once.
+	 */
+	if (my_state_is_wont(TELOPT_SGA))
+		send_will(TELOPT_SGA, 1);
+	/*
+	 * Is the client side a 4.2 (NOT 4.3) system?  We need to know this
+	 * because 4.2 clients are unable to deal with TCP urgent data.
+	 *
+	 * To find out, we send out a "DO ECHO".  If the remote system
+	 * answers "WILL ECHO" it is probably a 4.2 client, and we note
+	 * that fact ("WILL ECHO" ==> that the client will echo what
+	 * WE, the server, sends it; it does NOT mean that the client will
+	 * echo the terminal input).
+	 */
+	send_do(TELOPT_ECHO, 1);
+
+#ifdef	LINEMODE
+	if (his_state_is_wont(TELOPT_LINEMODE)) {
+		/* Query the peer for linemode support by trying to negotiate
+		 * the linemode option.
+		 */
+		linemode = 0;
+		editmode = 0;
+		send_do(TELOPT_LINEMODE, 1);  /* send do linemode */
+	}
+#endif	/* LINEMODE */
+
+	/*
+	 * Send along a couple of other options that we wish to negotiate.
+	 */
+	send_do(TELOPT_NAWS, 1);
+	send_will(TELOPT_STATUS, 1);
+	flowmode = 1;		/* default flow control state */
+	restartany = -1;	/* uninitialized... */
+	send_do(TELOPT_LFLOW, 1);
+
+	/*
+	 * Spin, waiting for a response from the DO ECHO.  However,
+	 * some REALLY DUMB telnets out there might not respond
+	 * to the DO ECHO.  So, we spin looking for NAWS, (most dumb
+	 * telnets so far seem to respond with WONT for a DO that
+	 * they don't understand...) because by the time we get the
+	 * response, it will already have processed the DO ECHO.
+	 * Kludge upon kludge.
+	 */
+	while (his_will_wont_is_changing(TELOPT_NAWS))
+		ttloop();
+
+	/*
+	 * But...
+	 * The client might have sent a WILL NAWS as part of its
+	 * startup code; if so, we'll be here before we get the
+	 * response to the DO ECHO.  We'll make the assumption
+	 * that any implementation that understands about NAWS
+	 * is a modern enough implementation that it will respond
+	 * to our DO ECHO request; hence we'll do another spin
+	 * waiting for the ECHO option to settle down, which is
+	 * what we wanted to do in the first place...
+	 */
+	if (his_want_state_is_will(TELOPT_ECHO) &&
+	    his_state_is_will(TELOPT_NAWS)) {
+		while (his_will_wont_is_changing(TELOPT_ECHO))
+			ttloop();
+	}
+	/*
+	 * On the off chance that the telnet client is broken and does not
+	 * respond to the DO ECHO we sent, (after all, we did send the
+	 * DO NAWS negotiation after the DO ECHO, and we won't get here
+	 * until a response to the DO NAWS comes back) simulate the
+	 * receipt of a will echo.  This will also send a WONT ECHO
+	 * to the client, since we assume that the client failed to
+	 * respond because it believes that it is already in DO ECHO
+	 * mode, which we do not want.
+	 */
+	if (his_want_state_is_will(TELOPT_ECHO)) {
+		DIAG(TD_OPTIONS,
+			{sprintf(nfrontp, "td: simulating recv\r\n");
+			 nfrontp += strlen(nfrontp);});
+		willoption(TELOPT_ECHO);
+	}
+
+	/*
+	 * Finally, to clean things up, we turn on our echo.  This
+	 * will break stupid 4.2 telnets out of local terminal echo.
+	 */
+
+	if (my_state_is_wont(TELOPT_ECHO))
+		send_will(TELOPT_ECHO, 1);
+
+#ifndef	STREAMSPTY
+	/*
+	 * Turn on packet mode
+	 */
+	(void) ioctl(p, TIOCPKT, (char *)&on);
+#endif
+
+#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
+	/*
+	 * Continuing line mode support.  If client does not support
+	 * real linemode, attempt to negotiate kludge linemode by sending
+	 * the do timing mark sequence.
+	 */
+	if (lmodetype < REAL_LINEMODE)
+		send_do(TELOPT_TM, 1);
+#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
+
+	/*
+	 * Call telrcv() once to pick up anything received during
+	 * terminal type negotiation, 4.2/4.3 determination, and
+	 * linemode negotiation.
+	 */
+	telrcv();
+
+	(void) ioctl(f, FIONBIO, (char *)&on);
+	(void) ioctl(p, FIONBIO, (char *)&on);
+#if	defined(CRAY2) && defined(UNICOS5)
+	init_termdriver(f, p, interrupt, sendbrk);
+#endif
+
+#if	defined(SO_OOBINLINE)
+	(void) setsockopt(net, SOL_SOCKET, SO_OOBINLINE,
+				(char *)&on, sizeof on);
+#endif	/* defined(SO_OOBINLINE) */
+
+#ifdef	SIGTSTP
+	(void) signal(SIGTSTP, SIG_IGN);
+#endif
+#ifdef	SIGTTOU
+	/*
+	 * Ignoring SIGTTOU keeps the kernel from blocking us
+	 * in ttioct() in /sys/tty.c.
+	 */
+	(void) signal(SIGTTOU, SIG_IGN);
+#endif
+
+	(void) signal(SIGCHLD, cleanup);
+
+#if	defined(CRAY2) && defined(UNICOS5)
+	/*
+	 * Cray-2 will send a signal when pty modes are changed by slave
+	 * side.  Set up signal handler now.
+	 */
+	if ((int)signal(SIGUSR1, termstat) < 0)
+		warn("signal");
+	else if (ioctl(p, TCSIGME, (char *)SIGUSR1) < 0)
+		warn("ioctl:TCSIGME");
+	/*
+	 * Make processing loop check terminal characteristics early on.
+	 */
+	termstat();
+#endif
+
+#ifdef  TIOCNOTTY
+	{
+		register int t;
+		t = open(_PATH_TTY, O_RDWR);
+		if (t >= 0) {
+			(void) ioctl(t, TIOCNOTTY, (char *)0);
+			(void) close(t);
+		}
+	}
+#endif
+
+#if	defined(CRAY) && defined(NEWINIT) && defined(TIOCSCTTY)
+	(void) setsid();
+	ioctl(p, TIOCSCTTY, 0);
+#endif
+
+	/*
+	 * Show banner that getty never gave.
+	 *
+	 * We put the banner in the pty input buffer.  This way, it
+	 * gets carriage return null processing, etc., just like all
+	 * other pty --> client data.
+	 */
+
+#if	!defined(CRAY) || !defined(NEWINIT)
+	if (getenv("USER"))
+		hostinfo = 0;
+#endif
+
+	if (getent(defent, "default") == 1) {
+		char *Getstr();
+		char *cp=defstrs;
+
+		HE = Getstr("he", &cp);
+		HN = Getstr("hn", &cp);
+		IM = Getstr("im", &cp);
+		if (HN && *HN)
+			(void) strcpy(host_name, HN);
+		if (IM == 0)
+			IM = "";
+	} else {
+		IM = DEFAULT_IM;
+		HE = 0;
+	}
+	edithost(HE, host_name);
+	if (hostinfo && *IM)
+		putf(IM, ptyibuf2);
+
+	if (pcc)
+		(void) strncat(ptyibuf2, ptyip, pcc+1);
+	ptyip = ptyibuf2;
+	pcc = strlen(ptyip);
+#ifdef	LINEMODE
+	/*
+	 * Last check to make sure all our states are correct.
+	 */
+	init_termbuf();
+	localstat();
+#endif	/* LINEMODE */
+
+	DIAG(TD_REPORT,
+		{sprintf(nfrontp, "td: Entering processing loop\r\n");
+		 nfrontp += strlen(nfrontp);});
+
+	/*
+	 * Startup the login process on the slave side of the terminal
+	 * now.  We delay this until here to insure option negotiation
+	 * is complete.
+	 */
+	startslave(host, level, user_name);
+
+	nfd = ((f > p) ? f : p) + 1;
+	for (;;) {
+		fd_set ibits, obits, xbits;
+		register int c;
+
+		if (ncc < 0 && pcc < 0)
+			break;
+
+#if	defined(CRAY2) && defined(UNICOS5)
+		if (needtermstat)
+			_termstat();
+#endif	/* defined(CRAY2) && defined(UNICOS5) */
+		FD_ZERO(&ibits);
+		FD_ZERO(&obits);
+		FD_ZERO(&xbits);
+		/*
+		 * Never look for input if there's still
+		 * stuff in the corresponding output buffer
+		 */
+		if (nfrontp - nbackp || pcc > 0) {
+			FD_SET(f, &obits);
+		} else {
+			FD_SET(p, &ibits);
+		}
+		if (pfrontp - pbackp || ncc > 0) {
+			FD_SET(p, &obits);
+		} else {
+			FD_SET(f, &ibits);
+		}
+		if (!SYNCHing) {
+			FD_SET(f, &xbits);
+		}
+		if ((c = select(nfd, &ibits, &obits, &xbits,
+						(struct timeval *)0)) < 1) {
+			if (c == -1) {
+				if (errno == EINTR) {
+					continue;
+				}
+			}
+			sleep(5);
+			continue;
+		}
+
+		/*
+		 * Any urgent data?
+		 */
+		if (FD_ISSET(net, &xbits)) {
+		    SYNCHing = 1;
+		}
+
+		/*
+		 * Something to read from the network...
+		 */
+		if (FD_ISSET(net, &ibits)) {
+#if	!defined(SO_OOBINLINE)
+			/*
+			 * In 4.2 (and 4.3 beta) systems, the
+			 * OOB indication and data handling in the kernel
+			 * is such that if two separate TCP Urgent requests
+			 * come in, one byte of TCP data will be overlaid.
+			 * This is fatal for Telnet, but we try to live
+			 * with it.
+			 *
+			 * In addition, in 4.2 (and...), a special protocol
+			 * is needed to pick up the TCP Urgent data in
+			 * the correct sequence.
+			 *
+			 * What we do is:  if we think we are in urgent
+			 * mode, we look to see if we are "at the mark".
+			 * If we are, we do an OOB receive.  If we run
+			 * this twice, we will do the OOB receive twice,
+			 * but the second will fail, since the second
+			 * time we were "at the mark", but there wasn't
+			 * any data there (the kernel doesn't reset
+			 * "at the mark" until we do a normal read).
+			 * Once we've read the OOB data, we go ahead
+			 * and do normal reads.
+			 *
+			 * There is also another problem, which is that
+			 * since the OOB byte we read doesn't put us
+			 * out of OOB state, and since that byte is most
+			 * likely the TELNET DM (data mark), we would
+			 * stay in the TELNET SYNCH (SYNCHing) state.
+			 * So, clocks to the rescue.  If we've "just"
+			 * received a DM, then we test for the
+			 * presence of OOB data when the receive OOB
+			 * fails (and AFTER we did the normal mode read
+			 * to clear "at the mark").
+			 */
+		    if (SYNCHing) {
+			int atmark;
+
+			(void) ioctl(net, SIOCATMARK, (char *)&atmark);
+			if (atmark) {
+			    ncc = recv(net, netibuf, sizeof (netibuf), MSG_OOB);
+			    if ((ncc == -1) && (errno == EINVAL)) {
+				ncc = read(net, netibuf, sizeof (netibuf));
+				if (sequenceIs(didnetreceive, gotDM)) {
+				    SYNCHing = stilloob(net);
+				}
+			    }
+			} else {
+			    ncc = read(net, netibuf, sizeof (netibuf));
+			}
+		    } else {
+			ncc = read(net, netibuf, sizeof (netibuf));
+		    }
+		    settimer(didnetreceive);
+#else	/* !defined(SO_OOBINLINE)) */
+		    ncc = read(net, netibuf, sizeof (netibuf));
+#endif	/* !defined(SO_OOBINLINE)) */
+		    if (ncc < 0 && errno == EWOULDBLOCK)
+			ncc = 0;
+		    else {
+			if (ncc <= 0) {
+			    break;
+			}
+			netip = netibuf;
+		    }
+		    DIAG((TD_REPORT | TD_NETDATA),
+			    {sprintf(nfrontp, "td: netread %d chars\r\n", ncc);
+			     nfrontp += strlen(nfrontp);});
+		    DIAG(TD_NETDATA, printdata("nd", netip, ncc));
+		}
+
+		/*
+		 * Something to read from the pty...
+		 */
+		if (FD_ISSET(p, &ibits)) {
+#ifndef	STREAMSPTY
+			pcc = read(p, ptyibuf, BUFSIZ);
+#else
+			pcc = readstream(p, ptyibuf, BUFSIZ);
+#endif
+			/*
+			 * On some systems, if we try to read something
+			 * off the master side before the slave side is
+			 * opened, we get EIO.
+			 */
+			if (pcc < 0 && (errno == EWOULDBLOCK ||
+#ifdef	EAGAIN
+					errno == EAGAIN ||
+#endif
+					errno == EIO)) {
+				pcc = 0;
+			} else {
+				if (pcc <= 0)
+					break;
+#if	!defined(CRAY2) || !defined(UNICOS5)
+#ifdef	LINEMODE
+				/*
+				 * If ioctl from pty, pass it through net
+				 */
+				if (ptyibuf[0] & TIOCPKT_IOCTL) {
+					copy_termbuf(ptyibuf+1, pcc-1);
+					localstat();
+					pcc = 1;
+				}
+#endif	/* LINEMODE */
+				if (ptyibuf[0] & TIOCPKT_FLUSHWRITE) {
+					netclear();	/* clear buffer back */
+#ifndef	NO_URGENT
+					/*
+					 * There are client telnets on some
+					 * operating systems get screwed up
+					 * royally if we send them urgent
+					 * mode data.
+					 */
+					*nfrontp++ = IAC;
+					*nfrontp++ = DM;
+					neturg = nfrontp-1; /* off by one XXX */
+					DIAG(TD_OPTIONS,
+					    printoption("td: send IAC", DM));
+
+#endif
+				}
+				if (his_state_is_will(TELOPT_LFLOW) &&
+				    (ptyibuf[0] &
+				     (TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))) {
+					int newflow =
+					    ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
+					if (newflow != flowmode) {
+						flowmode = newflow;
+						(void) sprintf(nfrontp,
+							"%c%c%c%c%c%c",
+							IAC, SB, TELOPT_LFLOW,
+							flowmode ? LFLOW_ON
+								 : LFLOW_OFF,
+							IAC, SE);
+						nfrontp += 6;
+						DIAG(TD_OPTIONS, printsub('>',
+						    (unsigned char *)nfrontp-4,
+						    4););
+					}
+				}
+				pcc--;
+				ptyip = ptyibuf+1;
+#else	/* defined(CRAY2) && defined(UNICOS5) */
+				if (!uselinemode) {
+					unpcc = pcc;
+					unptyip = ptyibuf;
+					pcc = term_output(&unptyip, ptyibuf2,
+								&unpcc, BUFSIZ);
+					ptyip = ptyibuf2;
+				} else
+					ptyip = ptyibuf;
+#endif	/* defined(CRAY2) && defined(UNICOS5) */
+			}
+		}
+
+		while (pcc > 0) {
+			if ((&netobuf[BUFSIZ] - nfrontp) < 2)
+				break;
+			c = *ptyip++ & 0377, pcc--;
+			if (c == IAC)
+				*nfrontp++ = c;
+#if	defined(CRAY2) && defined(UNICOS5)
+			else if (c == '\n' &&
+				     my_state_is_wont(TELOPT_BINARY) && newmap)
+				*nfrontp++ = '\r';
+#endif	/* defined(CRAY2) && defined(UNICOS5) */
+			*nfrontp++ = c;
+			if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) {
+				if (pcc > 0 && ((*ptyip & 0377) == '\n')) {
+					*nfrontp++ = *ptyip++ & 0377;
+					pcc--;
+				} else
+					*nfrontp++ = '\0';
+			}
+		}
+#if	defined(CRAY2) && defined(UNICOS5)
+		/*
+		 * If chars were left over from the terminal driver,
+		 * note their existence.
+		 */
+		if (!uselinemode && unpcc) {
+			pcc = unpcc;
+			unpcc = 0;
+			ptyip = unptyip;
+		}
+#endif	/* defined(CRAY2) && defined(UNICOS5) */
+
+		if (FD_ISSET(f, &obits) && (nfrontp - nbackp) > 0)
+			netflush();
+		if (ncc > 0)
+			telrcv();
+		if (FD_ISSET(p, &obits) && (pfrontp - pbackp) > 0)
+			ptyflush();
+	}
+	cleanup(0);
+}  /* end of telnet */
+
+#ifndef	TCSIG
+# ifdef	TIOCSIG
+#  define TCSIG TIOCSIG
+# endif
+#endif
+
+#ifdef	STREAMSPTY
+
+int flowison = -1;  /* current state of flow: -1 is unknown */
+
+int readstream(p, ibuf, bufsize)
+	int p;
+	char *ibuf;
+	int bufsize;
+{
+	int flags = 0;
+	int ret = 0;
+	struct termios *tsp;
+	struct termio *tp;
+	struct iocblk *ip;
+	char vstop, vstart;
+	int ixon;
+	int newflow;
+
+	strbufc.maxlen = BUFSIZ;
+	strbufc.buf = (char *)ctlbuf;
+	strbufd.maxlen = bufsize-1;
+	strbufd.len = 0;
+	strbufd.buf = ibuf+1;
+	ibuf[0] = 0;
+
+	ret = getmsg(p, &strbufc, &strbufd, &flags);
+	if (ret < 0)  /* error of some sort -- probably EAGAIN */
+		return(-1);
+
+	if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) {
+		/* data message */
+		if (strbufd.len > 0) {			/* real data */
+			return(strbufd.len + 1);	/* count header char */
+		} else {
+			/* nothing there */
+			errno = EAGAIN;
+			return(-1);
+		}
+	}
+
+	/*
+	 * It's a control message.  Return 1, to look at the flag we set
+	 */
+
+	switch (ctlbuf[0]) {
+	case M_FLUSH:
+		if (ibuf[1] & FLUSHW)
+			ibuf[0] = TIOCPKT_FLUSHWRITE;
+		return(1);
+
+	case M_IOCTL:
+		ip = (struct iocblk *) (ibuf+1);
+
+		switch (ip->ioc_cmd) {
+		case TCSETS:
+		case TCSETSW:
+		case TCSETSF:
+			tsp = (struct termios *)
+					(ibuf+1 + sizeof(struct iocblk));
+			vstop = tsp->c_cc[VSTOP];
+			vstart = tsp->c_cc[VSTART];
+			ixon = tsp->c_iflag & IXON;
+			break;
+		case TCSETA:
+		case TCSETAW:
+		case TCSETAF:
+			tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk));
+			vstop = tp->c_cc[VSTOP];
+			vstart = tp->c_cc[VSTART];
+			ixon = tp->c_iflag & IXON;
+			break;
+		default:
+			errno = EAGAIN;
+			return(-1);
+		}
+
+		newflow =  (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0;
+		if (newflow != flowison) {  /* it's a change */
+			flowison = newflow;
+			ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP;
+			return(1);
+		}
+	}
+
+	/* nothing worth doing anything about */
+	errno = EAGAIN;
+	return(-1);
+}
+#endif /* STREAMSPTY */
+
+/*
+ * Send interrupt to process on other side of pty.
+ * If it is in raw mode, just write NULL;
+ * otherwise, write intr char.
+ */
+	void
+interrupt()
+{
+	ptyflush();	/* half-hearted */
+
+#if defined(STREAMSPTY) && defined(TIOCSIGNAL)
+	/* Streams PTY style ioctl to post a signal */
+	{
+		int sig = SIGINT;
+		(void) ioctl(pty, TIOCSIGNAL, &sig);
+		(void) ioctl(pty, I_FLUSH, FLUSHR);
+	}
+#else
+#ifdef	TCSIG
+	(void) ioctl(pty, TCSIG, (char *)SIGINT);
+#else	/* TCSIG */
+	init_termbuf();
+	*pfrontp++ = slctab[SLC_IP].sptr ?
+			(unsigned char)*slctab[SLC_IP].sptr : '\177';
+#endif	/* TCSIG */
+#endif
+}
+
+/*
+ * Send quit to process on other side of pty.
+ * If it is in raw mode, just write NULL;
+ * otherwise, write quit char.
+ */
+	void
+sendbrk()
+{
+	ptyflush();	/* half-hearted */
+#ifdef	TCSIG
+	(void) ioctl(pty, TCSIG, (char *)SIGQUIT);
+#else	/* TCSIG */
+	init_termbuf();
+	*pfrontp++ = slctab[SLC_ABORT].sptr ?
+			(unsigned char)*slctab[SLC_ABORT].sptr : '\034';
+#endif	/* TCSIG */
+}
+
+	void
+sendsusp()
+{
+#ifdef	SIGTSTP
+	ptyflush();	/* half-hearted */
+# ifdef	TCSIG
+	(void) ioctl(pty, TCSIG, (char *)SIGTSTP);
+# else	/* TCSIG */
+	*pfrontp++ = slctab[SLC_SUSP].sptr ?
+			(unsigned char)*slctab[SLC_SUSP].sptr : '\032';
+# endif	/* TCSIG */
+#endif	/* SIGTSTP */
+}
+
+/*
+ * When we get an AYT, if ^T is enabled, use that.  Otherwise,
+ * just send back "[Yes]".
+ */
+	void
+recv_ayt()
+{
+#if	defined(SIGINFO) && defined(TCSIG)
+	if (slctab[SLC_AYT].sptr && *slctab[SLC_AYT].sptr != _POSIX_VDISABLE) {
+		(void) ioctl(pty, TCSIG, (char *)SIGINFO);
+		return;
+	}
+#endif
+	(void) strcpy(nfrontp, "\r\n[Yes]\r\n");
+	nfrontp += 9;
+}
+
+	void
+doeof()
+{
+	init_termbuf();
+
+#if	defined(LINEMODE) && defined(USE_TERMIO) && (VEOF == VMIN)
+	if (!tty_isediting()) {
+		extern char oldeofc;
+		*pfrontp++ = oldeofc;
+		return;
+	}
+#endif
+	*pfrontp++ = slctab[SLC_EOF].sptr ?
+			(unsigned char)*slctab[SLC_EOF].sptr : '\004';
+}
diff --git a/crypto/telnet/telnetd/telnetd.h b/crypto/telnet/telnetd/telnetd.h
new file mode 100644
index 0000000..234b973
--- /dev/null
+++ b/crypto/telnet/telnetd/telnetd.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)telnetd.h	8.1 (Berkeley) 6/4/93
+ */
+
+
+#include "defs.h"
+#include "ext.h"
+
+#ifdef	DIAGNOSTICS
+#define	DIAG(a,b)	if (diagnostic & (a)) b
+#else
+#define	DIAG(a,b)
+#endif
+
+/* other external variables */
+extern	char **environ;
+extern	int errno;
+
diff --git a/crypto/telnet/telnetd/termstat.c b/crypto/telnet/telnetd/termstat.c
new file mode 100644
index 0000000..46b20ff
--- /dev/null
+++ b/crypto/telnet/telnetd/termstat.c
@@ -0,0 +1,677 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+#if 0
+static const char sccsid[] = "@(#)termstat.c	8.2 (Berkeley) 5/30/95";
+#endif
+static const char rcsid[] =
+  "$FreeBSD$";
+#endif /* not lint */
+
+#include "telnetd.h"
+
+#if	defined(ENCRYPTION)
+#include <libtelnet/encrypt.h>
+#endif
+
+/*
+ * local variables
+ */
+int def_tspeed = -1, def_rspeed = -1;
+#ifdef	TIOCSWINSZ
+int def_row = 0, def_col = 0;
+#endif
+#ifdef	LINEMODE
+static int _terminit = 0;
+#endif	/* LINEMODE */
+
+#if	defined(CRAY2) && defined(UNICOS5)
+int	newmap = 1;	/* nonzero if \n maps to ^M^J */
+#endif
+
+#ifdef	LINEMODE
+/*
+ * localstat
+ *
+ * This function handles all management of linemode.
+ *
+ * Linemode allows the client to do the local editing of data
+ * and send only complete lines to the server.  Linemode state is
+ * based on the state of the pty driver.  If the pty is set for
+ * external processing, then we can use linemode.  Further, if we
+ * can use real linemode, then we can look at the edit control bits
+ * in the pty to determine what editing the client should do.
+ *
+ * Linemode support uses the following state flags to keep track of
+ * current and desired linemode state.
+ *	alwayslinemode : true if -l was specified on the telnetd
+ * 	command line.  It means to have linemode on as much as
+ *	possible.
+ *
+ * 	lmodetype: signifies whether the client can
+ *	handle real linemode, or if use of kludgeomatic linemode
+ *	is preferred.  It will be set to one of the following:
+ *		REAL_LINEMODE : use linemode option
+ *		NO_KLUDGE : don't initiate kludge linemode.
+ *		KLUDGE_LINEMODE : use kludge linemode
+ *		NO_LINEMODE : client is ignorant of linemode
+ *
+ *	linemode, uselinemode : linemode is true if linemode
+ *	is currently on, uselinemode is the state that we wish
+ *	to be in.  If another function wishes to turn linemode
+ *	on or off, it sets or clears uselinemode.
+ *
+ *	editmode, useeditmode : like linemode/uselinemode, but
+ *	these contain the edit mode states (edit and trapsig).
+ *
+ * The state variables correspond to some of the state information
+ * in the pty.
+ *	linemode:
+ *		In real linemode, this corresponds to whether the pty
+ *		expects external processing of incoming data.
+ *		In kludge linemode, this more closely corresponds to the
+ *		whether normal processing is on or not.  (ICANON in
+ *		system V, or COOKED mode in BSD.)
+ *		If the -l option was specified (alwayslinemode), then
+ *		an attempt is made to force external processing on at
+ *		all times.
+ *
+ * The following heuristics are applied to determine linemode
+ * handling within the server.
+ *	1) Early on in starting up the server, an attempt is made
+ *	   to negotiate the linemode option.  If this succeeds
+ *	   then lmodetype is set to REAL_LINEMODE and all linemode
+ *	   processing occurs in the context of the linemode option.
+ *	2) If the attempt to negotiate the linemode option failed,
+ *	   and the "-k" (don't initiate kludge linemode) isn't set,
+ *	   then we try to use kludge linemode.  We test for this
+ *	   capability by sending "do Timing Mark".  If a positive
+ *	   response comes back, then we assume that the client
+ *	   understands kludge linemode (ech!) and the
+ *	   lmodetype flag is set to KLUDGE_LINEMODE.
+ *	3) Otherwise, linemode is not supported at all and
+ *	   lmodetype remains set to NO_LINEMODE (which happens
+ *	   to be 0 for convenience).
+ *	4) At any time a command arrives that implies a higher
+ *	   state of linemode support in the client, we move to that
+ *	   linemode support.
+ *
+ * A short explanation of kludge linemode is in order here.
+ *	1) The heuristic to determine support for kludge linemode
+ *	   is to send a do timing mark.  We assume that a client
+ *	   that supports timing marks also supports kludge linemode.
+ *	   A risky proposition at best.
+ *	2) Further negotiation of linemode is done by changing the
+ *	   the server's state regarding SGA.  If server will SGA,
+ *	   then linemode is off, if server won't SGA, then linemode
+ *	   is on.
+ */
+	void
+localstat()
+{
+	void netflush();
+	int need_will_echo = 0;
+
+#if	defined(CRAY2) && defined(UNICOS5)
+	/*
+	 * Keep track of that ol' CR/NL mapping while we're in the
+	 * neighborhood.
+	 */
+	newmap = tty_isnewmap();
+#endif	/* defined(CRAY2) && defined(UNICOS5) */
+
+	/*
+	 * Check for changes to flow control if client supports it.
+	 */
+	flowstat();
+
+	/*
+	 * Check linemode on/off state
+	 */
+	uselinemode = tty_linemode();
+
+	/*
+	 * If alwayslinemode is on, and pty is changing to turn it off, then
+	 * force linemode back on.
+	 */
+	if (alwayslinemode && linemode && !uselinemode) {
+		uselinemode = 1;
+		tty_setlinemode(uselinemode);
+	}
+
+	if (uselinemode) {
+		/*
+	 * Check for state of BINARY options.
+		 *
+		 * We only need to do the binary dance if we are actually going
+		 * to use linemode.  As this confuses some telnet clients
+		 * that don't support linemode, and doesn't gain us
+		 * anything, we don't do it unless we're doing linemode.
+		 * -Crh (henrich@msu.edu)
+	 */
+
+	if (tty_isbinaryin()) {
+		if (his_want_state_is_wont(TELOPT_BINARY))
+			send_do(TELOPT_BINARY, 1);
+	} else {
+		if (his_want_state_is_will(TELOPT_BINARY))
+			send_dont(TELOPT_BINARY, 1);
+	}
+
+	if (tty_isbinaryout()) {
+		if (my_want_state_is_wont(TELOPT_BINARY))
+			send_will(TELOPT_BINARY, 1);
+	} else {
+		if (my_want_state_is_will(TELOPT_BINARY))
+			send_wont(TELOPT_BINARY, 1);
+	}
+	}
+
+#ifdef	ENCRYPTION
+	/*
+	 * If the terminal is not echoing, but editing is enabled,
+	 * something like password input is going to happen, so
+	 * if we the other side is not currently sending encrypted
+	 * data, ask the other side to start encrypting.
+	 */
+	if (his_state_is_will(TELOPT_ENCRYPT)) {
+		static int enc_passwd = 0;
+		if (uselinemode && !tty_isecho() && tty_isediting()
+		    && (enc_passwd == 0) && !decrypt_input) {
+			encrypt_send_request_start();
+			enc_passwd = 1;
+		} else if (enc_passwd) {
+			encrypt_send_request_end();
+			enc_passwd = 0;
+		}
+	}
+#endif	/* ENCRYPTION */
+
+	/*
+	 * Do echo mode handling as soon as we know what the
+	 * linemode is going to be.
+	 * If the pty has echo turned off, then tell the client that
+	 * the server will echo.  If echo is on, then the server
+	 * will echo if in character mode, but in linemode the
+	 * client should do local echoing.  The state machine will
+	 * not send anything if it is unnecessary, so don't worry
+	 * about that here.
+	 *
+	 * If we need to send the WILL ECHO (because echo is off),
+	 * then delay that until after we have changed the MODE.
+	 * This way, when the user is turning off both editing
+	 * and echo, the client will get editing turned off first.
+	 * This keeps the client from going into encryption mode
+	 * and then right back out if it is doing auto-encryption
+	 * when passwords are being typed.
+	 */
+	if (uselinemode) {
+		if (tty_isecho())
+			send_wont(TELOPT_ECHO, 1);
+		else
+			need_will_echo = 1;
+#ifdef	KLUDGELINEMODE
+		if (lmodetype == KLUDGE_OK)
+			lmodetype = KLUDGE_LINEMODE;
+#endif
+	}
+
+	/*
+	 * If linemode is being turned off, send appropriate
+	 * command and then we're all done.
+	 */
+	 if (!uselinemode && linemode) {
+# ifdef	KLUDGELINEMODE
+		if (lmodetype == REAL_LINEMODE) {
+# endif	/* KLUDGELINEMODE */
+			send_dont(TELOPT_LINEMODE, 1);
+# ifdef	KLUDGELINEMODE
+		} else if (lmodetype == KLUDGE_LINEMODE)
+			send_will(TELOPT_SGA, 1);
+# endif	/* KLUDGELINEMODE */
+		send_will(TELOPT_ECHO, 1);
+		linemode = uselinemode;
+		goto done;
+	}
+
+# ifdef	KLUDGELINEMODE
+	/*
+	 * If using real linemode check edit modes for possible later use.
+	 * If we are in kludge linemode, do the SGA negotiation.
+	 */
+	if (lmodetype == REAL_LINEMODE) {
+# endif	/* KLUDGELINEMODE */
+		useeditmode = 0;
+		if (tty_isediting())
+			useeditmode |= MODE_EDIT;
+		if (tty_istrapsig())
+			useeditmode |= MODE_TRAPSIG;
+		if (tty_issofttab())
+			useeditmode |= MODE_SOFT_TAB;
+		if (tty_islitecho())
+			useeditmode |= MODE_LIT_ECHO;
+# ifdef	KLUDGELINEMODE
+	} else if (lmodetype == KLUDGE_LINEMODE) {
+		if (tty_isediting() && uselinemode)
+			send_wont(TELOPT_SGA, 1);
+		else
+			send_will(TELOPT_SGA, 1);
+	}
+# endif	/* KLUDGELINEMODE */
+
+	/*
+	 * Negotiate linemode on if pty state has changed to turn it on.
+	 * Send appropriate command and send along edit mode, then all done.
+	 */
+	if (uselinemode && !linemode) {
+# ifdef	KLUDGELINEMODE
+		if (lmodetype == KLUDGE_LINEMODE) {
+			send_wont(TELOPT_SGA, 1);
+		} else if (lmodetype == REAL_LINEMODE) {
+# endif	/* KLUDGELINEMODE */
+			send_do(TELOPT_LINEMODE, 1);
+			/* send along edit modes */
+			(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
+				TELOPT_LINEMODE, LM_MODE, useeditmode,
+				IAC, SE);
+			nfrontp += 7;
+			editmode = useeditmode;
+# ifdef	KLUDGELINEMODE
+		}
+# endif	/* KLUDGELINEMODE */
+		linemode = uselinemode;
+		goto done;
+	}
+
+# ifdef	KLUDGELINEMODE
+	/*
+	 * None of what follows is of any value if not using
+	 * real linemode.
+	 */
+	if (lmodetype < REAL_LINEMODE)
+		goto done;
+# endif	/* KLUDGELINEMODE */
+
+	if (linemode && his_state_is_will(TELOPT_LINEMODE)) {
+		/*
+		 * If edit mode changed, send edit mode.
+		 */
+		 if (useeditmode != editmode) {
+			/*
+			 * Send along appropriate edit mode mask.
+			 */
+			(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
+				TELOPT_LINEMODE, LM_MODE, useeditmode,
+				IAC, SE);
+			nfrontp += 7;
+			editmode = useeditmode;
+		}
+
+
+		/*
+		 * Check for changes to special characters in use.
+		 */
+		start_slc(0);
+		check_slc();
+		(void) end_slc(0);
+	}
+
+done:
+	if (need_will_echo)
+		send_will(TELOPT_ECHO, 1);
+	/*
+	 * Some things should be deferred until after the pty state has
+	 * been set by the local process.  Do those things that have been
+	 * deferred now.  This only happens once.
+	 */
+	if (_terminit == 0) {
+		_terminit = 1;
+		defer_terminit();
+	}
+
+	netflush();
+	set_termbuf();
+	return;
+
+}  /* end of localstat */
+#endif	/* LINEMODE */
+
+/*
+ * flowstat
+ *
+ * Check for changes to flow control
+ */
+	void
+flowstat()
+{
+	if (his_state_is_will(TELOPT_LFLOW)) {
+		if (tty_flowmode() != flowmode) {
+			flowmode = tty_flowmode();
+			(void) sprintf(nfrontp, "%c%c%c%c%c%c",
+					IAC, SB, TELOPT_LFLOW,
+					flowmode ? LFLOW_ON : LFLOW_OFF,
+					IAC, SE);
+			nfrontp += 6;
+		}
+		if (tty_restartany() != restartany) {
+			restartany = tty_restartany();
+			(void) sprintf(nfrontp, "%c%c%c%c%c%c",
+					IAC, SB, TELOPT_LFLOW,
+					restartany ? LFLOW_RESTART_ANY
+						   : LFLOW_RESTART_XON,
+					IAC, SE);
+			nfrontp += 6;
+		}
+	}
+}
+
+/*
+ * clientstat
+ *
+ * Process linemode related requests from the client.
+ * Client can request a change to only one of linemode, editmode or slc's
+ * at a time, and if using kludge linemode, then only linemode may be
+ * affected.
+ */
+	void
+clientstat(code, parm1, parm2)
+	register int code, parm1, parm2;
+{
+	void netflush();
+
+	/*
+	 * Get a copy of terminal characteristics.
+	 */
+	init_termbuf();
+
+	/*
+	 * Process request from client. code tells what it is.
+	 */
+	switch (code) {
+#ifdef	LINEMODE
+	case TELOPT_LINEMODE:
+		/*
+		 * Don't do anything unless client is asking us to change
+		 * modes.
+		 */
+		uselinemode = (parm1 == WILL);
+		if (uselinemode != linemode) {
+# ifdef	KLUDGELINEMODE
+			/*
+			 * If using kludge linemode, make sure that
+			 * we can do what the client asks.
+			 * We can not turn off linemode if alwayslinemode
+			 * and the ICANON bit is set.
+			 */
+			if (lmodetype == KLUDGE_LINEMODE) {
+				if (alwayslinemode && tty_isediting()) {
+					uselinemode = 1;
+				}
+			}
+
+			/*
+			 * Quit now if we can't do it.
+			 */
+			if (uselinemode == linemode)
+				return;
+
+			/*
+			 * If using real linemode and linemode is being
+			 * turned on, send along the edit mode mask.
+			 */
+			if (lmodetype == REAL_LINEMODE && uselinemode)
+# else	/* KLUDGELINEMODE */
+			if (uselinemode)
+# endif	/* KLUDGELINEMODE */
+			{
+				useeditmode = 0;
+				if (tty_isediting())
+					useeditmode |= MODE_EDIT;
+				if (tty_istrapsig)
+					useeditmode |= MODE_TRAPSIG;
+				if (tty_issofttab())
+					useeditmode |= MODE_SOFT_TAB;
+				if (tty_islitecho())
+					useeditmode |= MODE_LIT_ECHO;
+				(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
+					SB, TELOPT_LINEMODE, LM_MODE,
+							useeditmode, IAC, SE);
+				nfrontp += 7;
+				editmode = useeditmode;
+			}
+
+
+			tty_setlinemode(uselinemode);
+
+			linemode = uselinemode;
+
+			if (!linemode)
+				send_will(TELOPT_ECHO, 1);
+		}
+		break;
+
+	case LM_MODE:
+	    {
+		register int ack, changed;
+
+		/*
+		 * Client has sent along a mode mask.  If it agrees with
+		 * what we are currently doing, ignore it; if not, it could
+		 * be viewed as a request to change.  Note that the server
+		 * will change to the modes in an ack if it is different from
+		 * what we currently have, but we will not ack the ack.
+		 */
+		 useeditmode &= MODE_MASK;
+		 ack = (useeditmode & MODE_ACK);
+		 useeditmode &= ~MODE_ACK;
+
+		 if ((changed = (useeditmode ^ editmode))) {
+			/*
+			 * This check is for a timing problem.  If the
+			 * state of the tty has changed (due to the user
+			 * application) we need to process that info
+			 * before we write in the state contained in the
+			 * ack!!!  This gets out the new MODE request,
+			 * and when the ack to that command comes back
+			 * we'll set it and be in the right mode.
+			 */
+			if (ack)
+				localstat();
+			if (changed & MODE_EDIT)
+				tty_setedit(useeditmode & MODE_EDIT);
+
+			if (changed & MODE_TRAPSIG)
+				tty_setsig(useeditmode & MODE_TRAPSIG);
+
+			if (changed & MODE_SOFT_TAB)
+				tty_setsofttab(useeditmode & MODE_SOFT_TAB);
+
+			if (changed & MODE_LIT_ECHO)
+				tty_setlitecho(useeditmode & MODE_LIT_ECHO);
+
+			set_termbuf();
+
+ 			if (!ack) {
+ 				(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
+					SB, TELOPT_LINEMODE, LM_MODE,
+ 					useeditmode|MODE_ACK,
+ 					IAC, SE);
+ 				nfrontp += 7;
+ 			}
+
+			editmode = useeditmode;
+		}
+
+		break;
+
+	    }  /* end of case LM_MODE */
+#endif	/* LINEMODE */
+
+	case TELOPT_NAWS:
+#ifdef	TIOCSWINSZ
+	    {
+		struct winsize ws;
+
+		def_col = parm1;
+		def_row = parm2;
+#ifdef	LINEMODE
+		/*
+		 * Defer changing window size until after terminal is
+		 * initialized.
+		 */
+		if (terminit() == 0)
+			return;
+#endif	/* LINEMODE */
+
+		/*
+		 * Change window size as requested by client.
+		 */
+
+		ws.ws_col = parm1;
+		ws.ws_row = parm2;
+		(void) ioctl(pty, TIOCSWINSZ, (char *)&ws);
+	    }
+#endif	/* TIOCSWINSZ */
+
+		break;
+
+	case TELOPT_TSPEED:
+	    {
+		def_tspeed = parm1;
+		def_rspeed = parm2;
+#ifdef	LINEMODE
+		/*
+		 * Defer changing the terminal speed.
+		 */
+		if (terminit() == 0)
+			return;
+#endif	/* LINEMODE */
+		/*
+		 * Change terminal speed as requested by client.
+		 * We set the receive speed first, so that if we can't
+		 * store seperate receive and transmit speeds, the transmit
+		 * speed will take precedence.
+		 */
+		tty_rspeed(parm2);
+		tty_tspeed(parm1);
+		set_termbuf();
+
+		break;
+
+	    }  /* end of case TELOPT_TSPEED */
+
+	default:
+		/* What? */
+		break;
+	}  /* end of switch */
+
+#if	defined(CRAY2) && defined(UNICOS5)
+	/*
+	 * Just in case of the likely event that we changed the pty state.
+	 */
+	rcv_ioctl();
+#endif	/* defined(CRAY2) && defined(UNICOS5) */
+
+	netflush();
+
+}  /* end of clientstat */
+
+#if	defined(CRAY2) && defined(UNICOS5)
+	void
+termstat()
+{
+	needtermstat = 1;
+}
+
+	void
+_termstat()
+{
+	needtermstat = 0;
+	init_termbuf();
+	localstat();
+	rcv_ioctl();
+}
+#endif	/* defined(CRAY2) && defined(UNICOS5) */
+
+#ifdef	LINEMODE
+/*
+ * defer_terminit
+ *
+ * Some things should not be done until after the login process has started
+ * and all the pty modes are set to what they are supposed to be.  This
+ * function is called when the pty state has been processed for the first time.
+ * It calls other functions that do things that were deferred in each module.
+ */
+	void
+defer_terminit()
+{
+
+	/*
+	 * local stuff that got deferred.
+	 */
+	if (def_tspeed != -1) {
+		clientstat(TELOPT_TSPEED, def_tspeed, def_rspeed);
+		def_tspeed = def_rspeed = 0;
+	}
+
+#ifdef	TIOCSWINSZ
+	if (def_col || def_row) {
+		struct winsize ws;
+
+		memset((char *)&ws, 0, sizeof(ws));
+		ws.ws_col = def_col;
+		ws.ws_row = def_row;
+		(void) ioctl(pty, TIOCSWINSZ, (char *)&ws);
+	}
+#endif
+
+	/*
+	 * The only other module that currently defers anything.
+	 */
+	deferslc();
+
+}  /* end of defer_terminit */
+
+/*
+ * terminit
+ *
+ * Returns true if the pty state has been processed yet.
+ */
+	int
+terminit()
+{
+	return(_terminit);
+
+}  /* end of terminit */
+#endif	/* LINEMODE */
diff --git a/crypto/telnet/telnetd/utility.c b/crypto/telnet/telnetd/utility.c
new file mode 100644
index 0000000..dc695fa
--- /dev/null
+++ b/crypto/telnet/telnetd/utility.c
@@ -0,0 +1,1246 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+#if 0
+static const char sccsid[] = "@(#)utility.c	8.4 (Berkeley) 5/30/95";
+#endif
+static const char rcsid[] =
+  "$FreeBSD$";
+#endif /* not lint */
+
+#ifdef __FreeBSD__
+#include <locale.h>
+#include <sys/utsname.h>
+#endif
+#define PRINTOPTIONS
+#include "telnetd.h"
+
+#if	defined(AUTHENTICATION)
+#include <libtelnet/auth.h>
+#endif
+#if	defined(ENCRYPTION)
+#include <libtelnet/encrypt.h>
+#endif
+
+/*
+ * utility functions performing io related tasks
+ */
+
+/*
+ * ttloop
+ *
+ *	A small subroutine to flush the network output buffer, get some data
+ * from the network, and pass it through the telnet state machine.  We
+ * also flush the pty input buffer (by dropping its data) if it becomes
+ * too full.
+ */
+
+    void
+ttloop()
+{
+    void netflush();
+
+    DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop\r\n");
+		     nfrontp += strlen(nfrontp);});
+    if (nfrontp-nbackp) {
+	netflush();
+    }
+    ncc = read(net, netibuf, sizeof netibuf);
+    if (ncc < 0) {
+	syslog(LOG_INFO, "ttloop:  read: %m");
+	exit(1);
+    } else if (ncc == 0) {
+	syslog(LOG_INFO, "ttloop:  peer died: %m");
+	exit(1);
+    }
+    DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop read %d chars\r\n", ncc);
+		     nfrontp += strlen(nfrontp);});
+    netip = netibuf;
+    telrcv();			/* state machine */
+    if (ncc > 0) {
+	pfrontp = pbackp = ptyobuf;
+	telrcv();
+    }
+}  /* end of ttloop */
+
+/*
+ * Check a descriptor to see if out of band data exists on it.
+ */
+    int
+stilloob(s)
+    int	s;		/* socket number */
+{
+    static struct timeval timeout = { 0 };
+    fd_set	excepts;
+    int value;
+
+    do {
+	FD_ZERO(&excepts);
+	FD_SET(s, &excepts);
+	memset((char *)&timeout, 0, sizeof timeout);
+	value = select(s+1, (fd_set *)0, (fd_set *)0, &excepts, &timeout);
+    } while ((value == -1) && (errno == EINTR));
+
+    if (value < 0) {
+	fatalperror(pty, "select");
+    }
+    if (FD_ISSET(s, &excepts)) {
+	return 1;
+    } else {
+	return 0;
+    }
+}
+
+	void
+ptyflush()
+{
+	int n;
+
+	if ((n = pfrontp - pbackp) > 0) {
+		DIAG((TD_REPORT | TD_PTYDATA),
+			{ sprintf(nfrontp, "td: ptyflush %d chars\r\n", n);
+			  nfrontp += strlen(nfrontp); });
+		DIAG(TD_PTYDATA, printdata("pd", pbackp, n));
+		n = write(pty, pbackp, n);
+	}
+	if (n < 0) {
+		if (errno == EWOULDBLOCK || errno == EINTR)
+			return;
+		cleanup(0);
+	}
+	pbackp += n;
+	if (pbackp == pfrontp)
+		pbackp = pfrontp = ptyobuf;
+}
+
+/*
+ * nextitem()
+ *
+ *	Return the address of the next "item" in the TELNET data
+ * stream.  This will be the address of the next character if
+ * the current address is a user data character, or it will
+ * be the address of the character following the TELNET command
+ * if the current address is a TELNET IAC ("I Am a Command")
+ * character.
+ */
+    char *
+nextitem(current)
+    char	*current;
+{
+    if ((*current&0xff) != IAC) {
+	return current+1;
+    }
+    switch (*(current+1)&0xff) {
+    case DO:
+    case DONT:
+    case WILL:
+    case WONT:
+	return current+3;
+    case SB:		/* loop forever looking for the SE */
+	{
+	    register char *look = current+2;
+
+	    for (;;) {
+		if ((*look++&0xff) == IAC) {
+		    if ((*look++&0xff) == SE) {
+			return look;
+		    }
+		}
+	    }
+	}
+    default:
+	return current+2;
+    }
+}  /* end of nextitem */
+
+
+/*
+ * netclear()
+ *
+ *	We are about to do a TELNET SYNCH operation.  Clear
+ * the path to the network.
+ *
+ *	Things are a bit tricky since we may have sent the first
+ * byte or so of a previous TELNET command into the network.
+ * So, we have to scan the network buffer from the beginning
+ * until we are up to where we want to be.
+ *
+ *	A side effect of what we do, just to keep things
+ * simple, is to clear the urgent data pointer.  The principal
+ * caller should be setting the urgent data pointer AFTER calling
+ * us in any case.
+ */
+    void
+netclear()
+{
+    register char *thisitem, *next;
+    char *good;
+#define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
+				((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
+
+#ifdef	ENCRYPTION
+    thisitem = nclearto > netobuf ? nclearto : netobuf;
+#else	/* ENCRYPTION */
+    thisitem = netobuf;
+#endif	/* ENCRYPTION */
+
+    while ((next = nextitem(thisitem)) <= nbackp) {
+	thisitem = next;
+    }
+
+    /* Now, thisitem is first before/at boundary. */
+
+#ifdef	ENCRYPTION
+    good = nclearto > netobuf ? nclearto : netobuf;
+#else	/* ENCRYPTION */
+    good = netobuf;	/* where the good bytes go */
+#endif	/* ENCRYPTION */
+
+    while (nfrontp > thisitem) {
+	if (wewant(thisitem)) {
+	    int length;
+
+	    next = thisitem;
+	    do {
+		next = nextitem(next);
+	    } while (wewant(next) && (nfrontp > next));
+	    length = next-thisitem;
+	    memmove(good, thisitem, length);
+	    good += length;
+	    thisitem = next;
+	} else {
+	    thisitem = nextitem(thisitem);
+	}
+    }
+
+    nbackp = netobuf;
+    nfrontp = good;		/* next byte to be sent */
+    neturg = 0;
+}  /* end of netclear */
+
+/*
+ *  netflush
+ *		Send as much data as possible to the network,
+ *	handling requests for urgent data.
+ */
+    void
+netflush()
+{
+    int n;
+    extern int not42;
+
+    if ((n = nfrontp - nbackp) > 0) {
+	DIAG(TD_REPORT,
+	    { sprintf(nfrontp, "td: netflush %d chars\r\n", n);
+	      n += strlen(nfrontp);  /* get count first */
+	      nfrontp += strlen(nfrontp);  /* then move pointer */
+	    });
+#ifdef	ENCRYPTION
+	if (encrypt_output) {
+		char *s = nclearto ? nclearto : nbackp;
+		if (nfrontp - s > 0) {
+			(*encrypt_output)((unsigned char *)s, nfrontp-s);
+			nclearto = nfrontp;
+		}
+	}
+#endif	/* ENCRYPTION */
+	/*
+	 * if no urgent data, or if the other side appears to be an
+	 * old 4.2 client (and thus unable to survive TCP urgent data),
+	 * write the entire buffer in non-OOB mode.
+	 */
+	if ((neturg == 0) || (not42 == 0)) {
+	    n = write(net, nbackp, n);	/* normal write */
+	} else {
+	    n = neturg - nbackp;
+	    /*
+	     * In 4.2 (and 4.3) systems, there is some question about
+	     * what byte in a sendOOB operation is the "OOB" data.
+	     * To make ourselves compatible, we only send ONE byte
+	     * out of band, the one WE THINK should be OOB (though
+	     * we really have more the TCP philosophy of urgent data
+	     * rather than the Unix philosophy of OOB data).
+	     */
+	    if (n > 1) {
+		n = send(net, nbackp, n-1, 0);	/* send URGENT all by itself */
+	    } else {
+		n = send(net, nbackp, n, MSG_OOB);	/* URGENT data */
+	    }
+	}
+    }
+    if (n < 0) {
+	if (errno == EWOULDBLOCK || errno == EINTR)
+		return;
+	cleanup(0);
+    }
+    nbackp += n;
+#ifdef	ENCRYPTION
+    if (nbackp > nclearto)
+	nclearto = 0;
+#endif	/* ENCRYPTION */
+    if (nbackp >= neturg) {
+	neturg = 0;
+    }
+    if (nbackp == nfrontp) {
+	nbackp = nfrontp = netobuf;
+#ifdef	ENCRYPTION
+	nclearto = 0;
+#endif	/* ENCRYPTION */
+    }
+    return;
+}  /* end of netflush */
+
+
+/*
+ * writenet
+ *
+ * Just a handy little function to write a bit of raw data to the net.
+ * It will force a transmit of the buffer if necessary
+ *
+ * arguments
+ *    ptr - A pointer to a character string to write
+ *    len - How many bytes to write
+ */
+	void
+writenet(ptr, len)
+	register unsigned char *ptr;
+	register int len;
+{
+	/* flush buffer if no room for new data) */
+	if ((&netobuf[BUFSIZ] - nfrontp) < len) {
+		/* if this fails, don't worry, buffer is a little big */
+		netflush();
+	}
+
+	memmove(nfrontp, ptr, len);
+	nfrontp += len;
+
+}  /* end of writenet */
+
+
+/*
+ * miscellaneous functions doing a variety of little jobs follow ...
+ */
+
+
+	void
+fatal(f, msg)
+	int f;
+	char *msg;
+{
+	char buf[BUFSIZ];
+
+	(void) sprintf(buf, "telnetd: %s.\r\n", msg);
+#ifdef	ENCRYPTION
+	if (encrypt_output) {
+		/*
+		 * Better turn off encryption first....
+		 * Hope it flushes...
+		 */
+		encrypt_send_end();
+		netflush();
+	}
+#endif	/* ENCRYPTION */
+	(void) write(f, buf, (int)strlen(buf));
+	sleep(1);	/*XXX*/
+	exit(1);
+}
+
+	void
+fatalperror(f, msg)
+	int f;
+	char *msg;
+{
+	char buf[BUFSIZ], *strerror();
+
+	(void) sprintf(buf, "%s: %s", msg, strerror(errno));
+	fatal(f, buf);
+}
+
+char editedhost[32];
+
+	void
+edithost(pat, host)
+	register char *pat;
+	register char *host;
+{
+	register char *res = editedhost;
+
+	if (!pat)
+		pat = "";
+	while (*pat) {
+		switch (*pat) {
+
+		case '#':
+			if (*host)
+				host++;
+			break;
+
+		case '@':
+			if (*host)
+				*res++ = *host++;
+			break;
+
+		default:
+			*res++ = *pat;
+			break;
+		}
+		if (res == &editedhost[sizeof editedhost - 1]) {
+			*res = '\0';
+			return;
+		}
+		pat++;
+	}
+	if (*host)
+		(void) strncpy(res, host,
+				sizeof editedhost - (res - editedhost) -1);
+	else
+		*res = '\0';
+	editedhost[sizeof editedhost - 1] = '\0';
+}
+
+static char *putlocation;
+
+	void
+putstr(s)
+	register char *s;
+{
+
+	while (*s)
+		putchr(*s++);
+}
+
+	void
+putchr(cc)
+	int cc;
+{
+	*putlocation++ = cc;
+}
+
+#ifdef __FreeBSD__
+static char fmtstr[] = { "%+" };
+#else
+/*
+ * This is split on two lines so that SCCS will not see the M
+ * between two % signs and expand it...
+ */
+static char fmtstr[] = { "%l:%M\
+%P on %A, %d %B %Y" };
+#endif
+
+	void
+putf(cp, where)
+	register char *cp;
+	char *where;
+{
+	char *slash;
+	time_t t;
+	char db[100];
+#ifdef	STREAMSPTY
+	extern char *strchr();
+#else
+	extern char *strrchr();
+#endif
+#ifdef __FreeBSD__
+	static struct utsname kerninfo;
+
+	if (!*kerninfo.sysname)
+		uname(&kerninfo);
+#endif
+
+	putlocation = where;
+
+	while (*cp) {
+		if (*cp =='\n') {
+			putstr("\r\n");
+			cp++;
+			continue;
+		} else if (*cp != '%') {
+			putchr(*cp++);
+			continue;
+		}
+		switch (*++cp) {
+
+		case 't':
+#ifdef	STREAMSPTY
+			/* names are like /dev/pts/2 -- we want pts/2 */
+			slash = strchr(line+1, '/');
+#else
+			slash = strrchr(line, '/');
+#endif
+			if (slash == (char *) 0)
+				putstr(line);
+			else
+				putstr(&slash[1]);
+			break;
+
+		case 'h':
+			putstr(editedhost);
+			break;
+
+		case 'd':
+#ifdef __FreeBSD__
+			setlocale(LC_TIME, "");
+#endif
+			(void)time(&t);
+			(void)strftime(db, sizeof(db), fmtstr, localtime(&t));
+			putstr(db);
+			break;
+
+#ifdef __FreeBSD__
+		case 's':
+			putstr(kerninfo.sysname);
+			break;
+
+		case 'm':
+			putstr(kerninfo.machine);
+			break;
+
+		case 'r':
+			putstr(kerninfo.release);
+			break;
+
+		case 'v':
+			putstr(kerninfo.version);
+			break;
+#endif
+
+		case '%':
+			putchr('%');
+			break;
+		}
+		cp++;
+	}
+}
+
+#ifdef DIAGNOSTICS
+/*
+ * Print telnet options and commands in plain text, if possible.
+ */
+	void
+printoption(fmt, option)
+	register char *fmt;
+	register int option;
+{
+	if (TELOPT_OK(option))
+		sprintf(nfrontp, "%s %s\r\n", fmt, TELOPT(option));
+	else if (TELCMD_OK(option))
+		sprintf(nfrontp, "%s %s\r\n", fmt, TELCMD(option));
+	else
+		sprintf(nfrontp, "%s %d\r\n", fmt, option);
+	nfrontp += strlen(nfrontp);
+	return;
+}
+
+    void
+printsub(direction, pointer, length)
+    char		direction;	/* '<' or '>' */
+    unsigned char	*pointer;	/* where suboption data sits */
+    int			length;		/* length of suboption data */
+{
+    register int i = 0;
+
+	if (!(diagnostic & TD_OPTIONS))
+		return;
+
+	if (direction) {
+	    sprintf(nfrontp, "td: %s suboption ",
+					direction == '<' ? "recv" : "send");
+	    nfrontp += strlen(nfrontp);
+	    if (length >= 3) {
+		register int j;
+
+		i = pointer[length-2];
+		j = pointer[length-1];
+
+		if (i != IAC || j != SE) {
+		    sprintf(nfrontp, "(terminated by ");
+		    nfrontp += strlen(nfrontp);
+		    if (TELOPT_OK(i))
+			sprintf(nfrontp, "%s ", TELOPT(i));
+		    else if (TELCMD_OK(i))
+			sprintf(nfrontp, "%s ", TELCMD(i));
+		    else
+			sprintf(nfrontp, "%d ", i);
+		    nfrontp += strlen(nfrontp);
+		    if (TELOPT_OK(j))
+			sprintf(nfrontp, "%s", TELOPT(j));
+		    else if (TELCMD_OK(j))
+			sprintf(nfrontp, "%s", TELCMD(j));
+		    else
+			sprintf(nfrontp, "%d", j);
+		    nfrontp += strlen(nfrontp);
+		    sprintf(nfrontp, ", not IAC SE!) ");
+		    nfrontp += strlen(nfrontp);
+		}
+	    }
+	    length -= 2;
+	}
+	if (length < 1) {
+	    sprintf(nfrontp, "(Empty suboption??\?)");
+	    nfrontp += strlen(nfrontp);
+	    return;
+	}
+	switch (pointer[0]) {
+	case TELOPT_TTYPE:
+	    sprintf(nfrontp, "TERMINAL-TYPE ");
+	    nfrontp += strlen(nfrontp);
+	    switch (pointer[1]) {
+	    case TELQUAL_IS:
+		sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2);
+		break;
+	    case TELQUAL_SEND:
+		sprintf(nfrontp, "SEND");
+		break;
+	    default:
+		sprintf(nfrontp,
+				"- unknown qualifier %d (0x%x).",
+				pointer[1], pointer[1]);
+	    }
+	    nfrontp += strlen(nfrontp);
+	    break;
+	case TELOPT_TSPEED:
+	    sprintf(nfrontp, "TERMINAL-SPEED");
+	    nfrontp += strlen(nfrontp);
+	    if (length < 2) {
+		sprintf(nfrontp, " (empty suboption??\?)");
+		nfrontp += strlen(nfrontp);
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case TELQUAL_IS:
+		sprintf(nfrontp, " IS %.*s", length-2, (char *)pointer+2);
+		nfrontp += strlen(nfrontp);
+		break;
+	    default:
+		if (pointer[1] == 1)
+		    sprintf(nfrontp, " SEND");
+		else
+		    sprintf(nfrontp, " %d (unknown)", pointer[1]);
+		nfrontp += strlen(nfrontp);
+		for (i = 2; i < length; i++) {
+		    sprintf(nfrontp, " ?%d?", pointer[i]);
+		    nfrontp += strlen(nfrontp);
+		}
+		break;
+	    }
+	    break;
+
+	case TELOPT_LFLOW:
+	    sprintf(nfrontp, "TOGGLE-FLOW-CONTROL");
+	    nfrontp += strlen(nfrontp);
+	    if (length < 2) {
+		sprintf(nfrontp, " (empty suboption??\?)");
+		nfrontp += strlen(nfrontp);
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case LFLOW_OFF:
+		sprintf(nfrontp, " OFF"); break;
+	    case LFLOW_ON:
+		sprintf(nfrontp, " ON"); break;
+	    case LFLOW_RESTART_ANY:
+		sprintf(nfrontp, " RESTART-ANY"); break;
+	    case LFLOW_RESTART_XON:
+		sprintf(nfrontp, " RESTART-XON"); break;
+	    default:
+		sprintf(nfrontp, " %d (unknown)", pointer[1]);
+	    }
+	    nfrontp += strlen(nfrontp);
+	    for (i = 2; i < length; i++) {
+		sprintf(nfrontp, " ?%d?", pointer[i]);
+		nfrontp += strlen(nfrontp);
+	    }
+	    break;
+
+	case TELOPT_NAWS:
+	    sprintf(nfrontp, "NAWS");
+	    nfrontp += strlen(nfrontp);
+	    if (length < 2) {
+		sprintf(nfrontp, " (empty suboption??\?)");
+		nfrontp += strlen(nfrontp);
+		break;
+	    }
+	    if (length == 2) {
+		sprintf(nfrontp, " ?%d?", pointer[1]);
+		nfrontp += strlen(nfrontp);
+		break;
+	    }
+	    sprintf(nfrontp, " %d %d (%d)",
+		pointer[1], pointer[2],
+		(int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2])));
+	    nfrontp += strlen(nfrontp);
+	    if (length == 4) {
+		sprintf(nfrontp, " ?%d?", pointer[3]);
+		nfrontp += strlen(nfrontp);
+		break;
+	    }
+	    sprintf(nfrontp, " %d %d (%d)",
+		pointer[3], pointer[4],
+		(int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4])));
+	    nfrontp += strlen(nfrontp);
+	    for (i = 5; i < length; i++) {
+		sprintf(nfrontp, " ?%d?", pointer[i]);
+		nfrontp += strlen(nfrontp);
+	    }
+	    break;
+
+	case TELOPT_LINEMODE:
+	    sprintf(nfrontp, "LINEMODE ");
+	    nfrontp += strlen(nfrontp);
+	    if (length < 2) {
+		sprintf(nfrontp, " (empty suboption??\?)");
+		nfrontp += strlen(nfrontp);
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case WILL:
+		sprintf(nfrontp, "WILL ");
+		goto common;
+	    case WONT:
+		sprintf(nfrontp, "WONT ");
+		goto common;
+	    case DO:
+		sprintf(nfrontp, "DO ");
+		goto common;
+	    case DONT:
+		sprintf(nfrontp, "DONT ");
+	    common:
+		nfrontp += strlen(nfrontp);
+		if (length < 3) {
+		    sprintf(nfrontp, "(no option??\?)");
+		    nfrontp += strlen(nfrontp);
+		    break;
+		}
+		switch (pointer[2]) {
+		case LM_FORWARDMASK:
+		    sprintf(nfrontp, "Forward Mask");
+		    nfrontp += strlen(nfrontp);
+		    for (i = 3; i < length; i++) {
+			sprintf(nfrontp, " %x", pointer[i]);
+			nfrontp += strlen(nfrontp);
+		    }
+		    break;
+		default:
+		    sprintf(nfrontp, "%d (unknown)", pointer[2]);
+		    nfrontp += strlen(nfrontp);
+		    for (i = 3; i < length; i++) {
+			sprintf(nfrontp, " %d", pointer[i]);
+			nfrontp += strlen(nfrontp);
+		    }
+		    break;
+		}
+		break;
+
+	    case LM_SLC:
+		sprintf(nfrontp, "SLC");
+		nfrontp += strlen(nfrontp);
+		for (i = 2; i < length - 2; i += 3) {
+		    if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
+			sprintf(nfrontp, " %s", SLC_NAME(pointer[i+SLC_FUNC]));
+		    else
+			sprintf(nfrontp, " %d", pointer[i+SLC_FUNC]);
+		    nfrontp += strlen(nfrontp);
+		    switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
+		    case SLC_NOSUPPORT:
+			sprintf(nfrontp, " NOSUPPORT"); break;
+		    case SLC_CANTCHANGE:
+			sprintf(nfrontp, " CANTCHANGE"); break;
+		    case SLC_VARIABLE:
+			sprintf(nfrontp, " VARIABLE"); break;
+		    case SLC_DEFAULT:
+			sprintf(nfrontp, " DEFAULT"); break;
+		    }
+		    nfrontp += strlen(nfrontp);
+		    sprintf(nfrontp, "%s%s%s",
+			pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
+			pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
+			pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
+		    nfrontp += strlen(nfrontp);
+		    if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
+						SLC_FLUSHOUT| SLC_LEVELBITS)) {
+			sprintf(nfrontp, "(0x%x)", pointer[i+SLC_FLAGS]);
+			nfrontp += strlen(nfrontp);
+		    }
+		    sprintf(nfrontp, " %d;", pointer[i+SLC_VALUE]);
+		    nfrontp += strlen(nfrontp);
+		    if ((pointer[i+SLC_VALUE] == IAC) &&
+			(pointer[i+SLC_VALUE+1] == IAC))
+				i++;
+		}
+		for (; i < length; i++) {
+		    sprintf(nfrontp, " ?%d?", pointer[i]);
+		    nfrontp += strlen(nfrontp);
+		}
+		break;
+
+	    case LM_MODE:
+		sprintf(nfrontp, "MODE ");
+		nfrontp += strlen(nfrontp);
+		if (length < 3) {
+		    sprintf(nfrontp, "(no mode??\?)");
+		    nfrontp += strlen(nfrontp);
+		    break;
+		}
+		{
+		    char tbuf[32];
+		    sprintf(tbuf, "%s%s%s%s%s",
+			pointer[2]&MODE_EDIT ? "|EDIT" : "",
+			pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
+			pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
+			pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
+			pointer[2]&MODE_ACK ? "|ACK" : "");
+		    sprintf(nfrontp, "%s", tbuf[1] ? &tbuf[1] : "0");
+		    nfrontp += strlen(nfrontp);
+		}
+		if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) {
+		    sprintf(nfrontp, " (0x%x)", pointer[2]);
+		    nfrontp += strlen(nfrontp);
+		}
+		for (i = 3; i < length; i++) {
+		    sprintf(nfrontp, " ?0x%x?", pointer[i]);
+		    nfrontp += strlen(nfrontp);
+		}
+		break;
+	    default:
+		sprintf(nfrontp, "%d (unknown)", pointer[1]);
+		nfrontp += strlen(nfrontp);
+		for (i = 2; i < length; i++) {
+		    sprintf(nfrontp, " %d", pointer[i]);
+		    nfrontp += strlen(nfrontp);
+		}
+	    }
+	    break;
+
+	case TELOPT_STATUS: {
+	    register char *cp;
+	    register int j, k;
+
+	    sprintf(nfrontp, "STATUS");
+	    nfrontp += strlen(nfrontp);
+
+	    switch (pointer[1]) {
+	    default:
+		if (pointer[1] == TELQUAL_SEND)
+		    sprintf(nfrontp, " SEND");
+		else
+		    sprintf(nfrontp, " %d (unknown)", pointer[1]);
+		nfrontp += strlen(nfrontp);
+		for (i = 2; i < length; i++) {
+		    sprintf(nfrontp, " ?%d?", pointer[i]);
+		    nfrontp += strlen(nfrontp);
+		}
+		break;
+	    case TELQUAL_IS:
+		sprintf(nfrontp, " IS\r\n");
+		nfrontp += strlen(nfrontp);
+
+		for (i = 2; i < length; i++) {
+		    switch(pointer[i]) {
+		    case DO:	cp = "DO"; goto common2;
+		    case DONT:	cp = "DONT"; goto common2;
+		    case WILL:	cp = "WILL"; goto common2;
+		    case WONT:	cp = "WONT"; goto common2;
+		    common2:
+			i++;
+			if (TELOPT_OK(pointer[i]))
+			    sprintf(nfrontp, " %s %s", cp, TELOPT(pointer[i]));
+			else
+			    sprintf(nfrontp, " %s %d", cp, pointer[i]);
+			nfrontp += strlen(nfrontp);
+
+			sprintf(nfrontp, "\r\n");
+			nfrontp += strlen(nfrontp);
+			break;
+
+		    case SB:
+			sprintf(nfrontp, " SB ");
+			nfrontp += strlen(nfrontp);
+			i++;
+			j = k = i;
+			while (j < length) {
+			    if (pointer[j] == SE) {
+				if (j+1 == length)
+				    break;
+				if (pointer[j+1] == SE)
+				    j++;
+				else
+				    break;
+			    }
+			    pointer[k++] = pointer[j++];
+			}
+			printsub(0, &pointer[i], k - i);
+			if (i < length) {
+			    sprintf(nfrontp, " SE");
+			    nfrontp += strlen(nfrontp);
+			    i = j;
+			} else
+			    i = j - 1;
+
+			sprintf(nfrontp, "\r\n");
+			nfrontp += strlen(nfrontp);
+
+			break;
+
+		    default:
+			sprintf(nfrontp, " %d", pointer[i]);
+			nfrontp += strlen(nfrontp);
+			break;
+		    }
+		}
+		break;
+	    }
+	    break;
+	  }
+
+	case TELOPT_XDISPLOC:
+	    sprintf(nfrontp, "X-DISPLAY-LOCATION ");
+	    nfrontp += strlen(nfrontp);
+	    switch (pointer[1]) {
+	    case TELQUAL_IS:
+		sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2);
+		break;
+	    case TELQUAL_SEND:
+		sprintf(nfrontp, "SEND");
+		break;
+	    default:
+		sprintf(nfrontp, "- unknown qualifier %d (0x%x).",
+				pointer[1], pointer[1]);
+	    }
+	    nfrontp += strlen(nfrontp);
+	    break;
+
+	case TELOPT_NEW_ENVIRON:
+	    sprintf(nfrontp, "NEW-ENVIRON ");
+	    goto env_common1;
+	case TELOPT_OLD_ENVIRON:
+	    sprintf(nfrontp, "OLD-ENVIRON");
+	env_common1:
+	    nfrontp += strlen(nfrontp);
+	    switch (pointer[1]) {
+	    case TELQUAL_IS:
+		sprintf(nfrontp, "IS ");
+		goto env_common;
+	    case TELQUAL_SEND:
+		sprintf(nfrontp, "SEND ");
+		goto env_common;
+	    case TELQUAL_INFO:
+		sprintf(nfrontp, "INFO ");
+	    env_common:
+		nfrontp += strlen(nfrontp);
+		{
+		    register int noquote = 2;
+		    for (i = 2; i < length; i++ ) {
+			switch (pointer[i]) {
+			case NEW_ENV_VAR:
+			    sprintf(nfrontp, "\" VAR " + noquote);
+			    nfrontp += strlen(nfrontp);
+			    noquote = 2;
+			    break;
+
+			case NEW_ENV_VALUE:
+			    sprintf(nfrontp, "\" VALUE " + noquote);
+			    nfrontp += strlen(nfrontp);
+			    noquote = 2;
+			    break;
+
+			case ENV_ESC:
+			    sprintf(nfrontp, "\" ESC " + noquote);
+			    nfrontp += strlen(nfrontp);
+			    noquote = 2;
+			    break;
+
+			case ENV_USERVAR:
+			    sprintf(nfrontp, "\" USERVAR " + noquote);
+			    nfrontp += strlen(nfrontp);
+			    noquote = 2;
+			    break;
+
+			default:
+			    if (isprint(pointer[i]) && pointer[i] != '"') {
+				if (noquote) {
+				    *nfrontp++ = '"';
+				    noquote = 0;
+				}
+				*nfrontp++ = pointer[i];
+			    } else {
+				sprintf(nfrontp, "\" %03o " + noquote,
+							pointer[i]);
+				nfrontp += strlen(nfrontp);
+				noquote = 2;
+			    }
+			    break;
+			}
+		    }
+		    if (!noquote)
+			*nfrontp++ = '"';
+		    break;
+		}
+	    }
+	    break;
+
+#if	defined(AUTHENTICATION)
+	case TELOPT_AUTHENTICATION:
+	    sprintf(nfrontp, "AUTHENTICATION");
+	    nfrontp += strlen(nfrontp);
+
+	    if (length < 2) {
+		sprintf(nfrontp, " (empty suboption??\?)");
+		nfrontp += strlen(nfrontp);
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case TELQUAL_REPLY:
+	    case TELQUAL_IS:
+		sprintf(nfrontp, " %s ", (pointer[1] == TELQUAL_IS) ?
+							"IS" : "REPLY");
+		nfrontp += strlen(nfrontp);
+		if (AUTHTYPE_NAME_OK(pointer[2]))
+		    sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[2]));
+		else
+		    sprintf(nfrontp, "%d ", pointer[2]);
+		nfrontp += strlen(nfrontp);
+		if (length < 3) {
+		    sprintf(nfrontp, "(partial suboption??\?)");
+		    nfrontp += strlen(nfrontp);
+		    break;
+		}
+		sprintf(nfrontp, "%s|%s",
+			((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+			"CLIENT" : "SERVER",
+			((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+			"MUTUAL" : "ONE-WAY");
+		nfrontp += strlen(nfrontp);
+
+    		{
+		    char buf[512];
+		    auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+		    sprintf(nfrontp, "%s", buf);
+		}
+		nfrontp += strlen(nfrontp);
+		break;
+
+	    case TELQUAL_SEND:
+		i = 2;
+		sprintf(nfrontp, " SEND ");
+		nfrontp += strlen(nfrontp);
+		while (i < length) {
+		    if (AUTHTYPE_NAME_OK(pointer[i]))
+			sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[i]));
+		    else
+			sprintf(nfrontp, "%d ", pointer[i]);
+		    nfrontp += strlen(nfrontp);
+		    if (++i >= length) {
+			sprintf(nfrontp, "(partial suboption??\?)");
+			nfrontp += strlen(nfrontp);
+			break;
+		    }
+		    sprintf(nfrontp, "%s|%s ",
+			((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+							"CLIENT" : "SERVER",
+			((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+							"MUTUAL" : "ONE-WAY");
+		    nfrontp += strlen(nfrontp);
+		    ++i;
+		}
+		break;
+
+	    case TELQUAL_NAME:
+		i = 2;
+		sprintf(nfrontp, " NAME \"");
+		nfrontp += strlen(nfrontp);
+		while (i < length)
+		    *nfrontp += pointer[i++];
+		*nfrontp += '"';
+		break;
+
+	    default:
+		    for (i = 2; i < length; i++) {
+			sprintf(nfrontp, " ?%d?", pointer[i]);
+			nfrontp += strlen(nfrontp);
+		    }
+		    break;
+	    }
+	    break;
+#endif
+
+#ifdef	ENCRYPTION
+	case TELOPT_ENCRYPT:
+	    sprintf(nfrontp, "ENCRYPT");
+	    nfrontp += strlen(nfrontp);
+	    if (length < 2) {
+		sprintf(nfrontp, " (empty suboption??\?)");
+		nfrontp += strlen(nfrontp);
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case ENCRYPT_START:
+		sprintf(nfrontp, " START");
+		nfrontp += strlen(nfrontp);
+		break;
+
+	    case ENCRYPT_END:
+		sprintf(nfrontp, " END");
+		nfrontp += strlen(nfrontp);
+		break;
+
+	    case ENCRYPT_REQSTART:
+		sprintf(nfrontp, " REQUEST-START");
+		nfrontp += strlen(nfrontp);
+		break;
+
+	    case ENCRYPT_REQEND:
+		sprintf(nfrontp, " REQUEST-END");
+		nfrontp += strlen(nfrontp);
+		break;
+
+	    case ENCRYPT_IS:
+	    case ENCRYPT_REPLY:
+		sprintf(nfrontp, " %s ", (pointer[1] == ENCRYPT_IS) ?
+							"IS" : "REPLY");
+		nfrontp += strlen(nfrontp);
+		if (length < 3) {
+		    sprintf(nfrontp, " (partial suboption??\?)");
+		    nfrontp += strlen(nfrontp);
+		    break;
+		}
+		if (ENCTYPE_NAME_OK(pointer[2]))
+		    sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[2]));
+		else
+		    sprintf(nfrontp, " %d (unknown)", pointer[2]);
+		nfrontp += strlen(nfrontp);
+
+		{
+		    char buf[512];
+		    encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+		    sprintf(nfrontp, "%s", buf);
+		}
+		nfrontp += strlen(nfrontp);
+		break;
+
+	    case ENCRYPT_SUPPORT:
+		i = 2;
+		sprintf(nfrontp, " SUPPORT ");
+		nfrontp += strlen(nfrontp);
+		while (i < length) {
+		    if (ENCTYPE_NAME_OK(pointer[i]))
+			sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[i]));
+		    else
+			sprintf(nfrontp, "%d ", pointer[i]);
+		    nfrontp += strlen(nfrontp);
+		    i++;
+		}
+		break;
+
+	    case ENCRYPT_ENC_KEYID:
+		sprintf(nfrontp, " ENC_KEYID");
+		nfrontp += strlen(nfrontp);
+		goto encommon;
+
+	    case ENCRYPT_DEC_KEYID:
+		sprintf(nfrontp, " DEC_KEYID");
+		nfrontp += strlen(nfrontp);
+		goto encommon;
+
+	    default:
+		sprintf(nfrontp, " %d (unknown)", pointer[1]);
+		nfrontp += strlen(nfrontp);
+	    encommon:
+		for (i = 2; i < length; i++) {
+		    sprintf(nfrontp, " %d", pointer[i]);
+		    nfrontp += strlen(nfrontp);
+		}
+		break;
+	    }
+	    break;
+#endif	/* ENCRYPTION */
+
+	default:
+	    if (TELOPT_OK(pointer[0]))
+		sprintf(nfrontp, "%s (unknown)", TELOPT(pointer[0]));
+	    else
+		sprintf(nfrontp, "%d (unknown)", pointer[i]);
+	    nfrontp += strlen(nfrontp);
+	    for (i = 1; i < length; i++) {
+		sprintf(nfrontp, " %d", pointer[i]);
+		nfrontp += strlen(nfrontp);
+	    }
+	    break;
+	}
+	sprintf(nfrontp, "\r\n");
+	nfrontp += strlen(nfrontp);
+}
+
+/*
+ * Dump a data buffer in hex and ascii to the output data stream.
+ */
+	void
+printdata(tag, ptr, cnt)
+	register char *tag;
+	register char *ptr;
+	register int cnt;
+{
+	register int i;
+	char xbuf[30];
+
+	while (cnt) {
+		/* flush net output buffer if no room for new data) */
+		if ((&netobuf[BUFSIZ] - nfrontp) < 80) {
+			netflush();
+		}
+
+		/* add a line of output */
+		sprintf(nfrontp, "%s: ", tag);
+		nfrontp += strlen(nfrontp);
+		for (i = 0; i < 20 && cnt; i++) {
+			sprintf(nfrontp, "%02x", *ptr);
+			nfrontp += strlen(nfrontp);
+			if (isprint(*ptr)) {
+				xbuf[i] = *ptr;
+			} else {
+				xbuf[i] = '.';
+			}
+			if (i % 2) {
+				*nfrontp = ' ';
+				nfrontp++;
+			}
+			cnt--;
+			ptr++;
+		}
+		xbuf[i] = '\0';
+		sprintf(nfrontp, " %s\r\n", xbuf );
+		nfrontp += strlen(nfrontp);
+	}
+}
+#endif /* DIAGNOSTICS */