aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMark Murray <markm@FreeBSD.org>1997-09-04 06:04:33 +0000
committerMark Murray <markm@FreeBSD.org>1997-09-04 06:04:33 +0000
commit03656ac1b015e707cea8379d6dab400f41a2dd86 (patch)
tree0b84977f19022a965f8c6145f067f951173f6290
downloadsrc-03656ac1b015e707cea8379d6dab400f41a2dd86.tar.gz
src-03656ac1b015e707cea8379d6dab400f41a2dd86.zip
Initial import of KTH eBones. This has been cleaned up to only includevendor/kerberosIV/0.9.6
the "core" Kerberos functionality. The rest of the userland will get their own changes later.
Notes
Notes: svn path=/vendor-crypto/kerberosIV/dist/; revision=29085 svn path=/vendor-crypto/kerberosIV/0.9.6/; revision=29087; tag=vendor/kerberosIV/0.9.6
-rw-r--r--crypto/kerberosIV/COPYRIGHT166
-rw-r--r--crypto/kerberosIV/ChangeLog3761
-rw-r--r--crypto/kerberosIV/Makefile.in70
-rw-r--r--crypto/kerberosIV/NEWS563
-rw-r--r--crypto/kerberosIV/PROBLEMS74
-rw-r--r--crypto/kerberosIV/README44
-rw-r--r--crypto/kerberosIV/README-WIN3230
-rw-r--r--crypto/kerberosIV/TODO42
-rw-r--r--crypto/kerberosIV/acconfig.h282
-rw-r--r--crypto/kerberosIV/aclocal.m4543
-rw-r--r--crypto/kerberosIV/admin/Makefile.in104
-rw-r--r--crypto/kerberosIV/admin/adm_locl.h91
-rw-r--r--crypto/kerberosIV/admin/ext_srvtab.c143
-rw-r--r--crypto/kerberosIV/admin/kdb_destroy.c57
-rw-r--r--crypto/kerberosIV/admin/kdb_edit.c404
-rw-r--r--crypto/kerberosIV/admin/kdb_init.c174
-rw-r--r--crypto/kerberosIV/admin/kdb_util.c496
-rw-r--r--crypto/kerberosIV/admin/kstash.c56
-rw-r--r--crypto/kerberosIV/appl/Makefile.in43
-rw-r--r--crypto/kerberosIV/appl/bsd/Makefile.in135
-rw-r--r--crypto/kerberosIV/appl/bsd/README.login20
-rw-r--r--crypto/kerberosIV/appl/bsd/bsd_locl.h380
-rw-r--r--crypto/kerberosIV/appl/bsd/encrypt.c311
-rw-r--r--crypto/kerberosIV/appl/bsd/forkpty.c461
-rw-r--r--crypto/kerberosIV/appl/bsd/iruserok.c279
-rw-r--r--crypto/kerberosIV/appl/bsd/kcmd.c270
-rw-r--r--crypto/kerberosIV/appl/bsd/klogin.c184
-rw-r--r--crypto/kerberosIV/appl/bsd/krcmd.c117
-rw-r--r--crypto/kerberosIV/appl/bsd/login.c990
-rw-r--r--crypto/kerberosIV/appl/bsd/login_access.c221
-rw-r--r--crypto/kerberosIV/appl/bsd/login_fbtab.c144
-rw-r--r--crypto/kerberosIV/appl/bsd/pathnames.h191
-rw-r--r--crypto/kerberosIV/appl/bsd/rcmd_util.c246
-rw-r--r--crypto/kerberosIV/appl/bsd/rcp.c1019
-rw-r--r--crypto/kerberosIV/appl/bsd/rcp_util.c97
-rw-r--r--crypto/kerberosIV/appl/bsd/rlogin.c707
-rw-r--r--crypto/kerberosIV/appl/bsd/rlogind.c934
-rw-r--r--crypto/kerberosIV/appl/bsd/rsh.c353
-rw-r--r--crypto/kerberosIV/appl/bsd/rshd.c635
-rw-r--r--crypto/kerberosIV/appl/bsd/stty_default.c105
-rw-r--r--crypto/kerberosIV/appl/bsd/su.c452
-rw-r--r--crypto/kerberosIV/appl/bsd/sysv_default.c95
-rw-r--r--crypto/kerberosIV/appl/bsd/sysv_default.h18
-rw-r--r--crypto/kerberosIV/appl/bsd/sysv_environ.c192
-rw-r--r--crypto/kerberosIV/appl/bsd/sysv_shadow.c45
-rw-r--r--crypto/kerberosIV/appl/bsd/sysv_shadow.h5
-rw-r--r--crypto/kerberosIV/appl/bsd/tty.c75
-rw-r--r--crypto/kerberosIV/appl/bsd/utmp_login.c121
-rw-r--r--crypto/kerberosIV/appl/bsd/utmpx_login.c88
-rw-r--r--crypto/kerberosIV/appl/ftp/Makefile.in41
-rw-r--r--crypto/kerberosIV/appl/ftp/common/Makefile.in52
-rw-r--r--crypto/kerberosIV/appl/ftp/common/base64.c149
-rw-r--r--crypto/kerberosIV/appl/ftp/common/base64.h47
-rw-r--r--crypto/kerberosIV/appl/ftp/common/buffer.c73
-rw-r--r--crypto/kerberosIV/appl/ftp/common/common.h62
-rw-r--r--crypto/kerberosIV/appl/ftp/common/glob.c835
-rw-r--r--crypto/kerberosIV/appl/ftp/common/glob.h84
-rw-r--r--crypto/kerberosIV/appl/ftp/common/sockbuf.c61
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/Makefile.in76
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/cmds.c2073
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/cmdtab.c193
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/domacro.c138
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/extern.h167
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/ftp.c1658
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h145
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/ftp_var.h127
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/globals.c76
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/kauth.c145
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/krb4.c567
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/krb4.h81
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/main.c542
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/pathnames.h44
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/ruserpass.c274
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/Makefile.in84
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/auth.c249
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/auth.h109
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/extern.h141
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y1408
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/ftpd.c2076
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/kauth.c325
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/krb4.c372
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/krb4.h61
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c136
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/pathnames.h55
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/popen.c224
-rw-r--r--crypto/kerberosIV/appl/kauth/Makefile.in112
-rw-r--r--crypto/kerberosIV/appl/kauth/encdata.c101
-rw-r--r--crypto/kerberosIV/appl/kauth/kauth.c312
-rw-r--r--crypto/kerberosIV/appl/kauth/kauth.h118
-rw-r--r--crypto/kerberosIV/appl/kauth/kauthd.c201
-rw-r--r--crypto/kerberosIV/appl/kauth/ksrvtgt.in14
-rw-r--r--crypto/kerberosIV/appl/kauth/marshall.c97
-rw-r--r--crypto/kerberosIV/appl/kauth/rkinit.c222
-rw-r--r--crypto/kerberosIV/appl/kauth/zrefresh12
-rw-r--r--crypto/kerberosIV/appl/kip/Makefile.in96
-rw-r--r--crypto/kerberosIV/appl/kip/common.c178
-rw-r--r--crypto/kerberosIV/appl/kip/kip.c179
-rw-r--r--crypto/kerberosIV/appl/kip/kip.h106
-rw-r--r--crypto/kerberosIV/appl/kip/kipd.c128
-rw-r--r--crypto/kerberosIV/config.guess696
-rw-r--r--crypto/kerberosIV/config.sub932
-rw-r--r--crypto/kerberosIV/configure9343
-rw-r--r--crypto/kerberosIV/configure.in970
-rw-r--r--crypto/kerberosIV/doc/Makefile.in65
-rw-r--r--crypto/kerberosIV/doc/ack.texi80
-rw-r--r--crypto/kerberosIV/doc/index.texi6
-rw-r--r--crypto/kerberosIV/doc/install.texi368
-rw-r--r--crypto/kerberosIV/doc/intro.texi69
-rw-r--r--crypto/kerberosIV/doc/kth-krb.texi300
-rw-r--r--crypto/kerberosIV/doc/latin1.tex95
-rw-r--r--crypto/kerberosIV/doc/otp.texi127
-rw-r--r--crypto/kerberosIV/doc/problems.texi156
-rw-r--r--crypto/kerberosIV/doc/setup.texi794
-rw-r--r--crypto/kerberosIV/doc/whatis.texi137
-rw-r--r--crypto/kerberosIV/eBones-p9.README26
-rw-r--r--crypto/kerberosIV/etc/README41
-rw-r--r--crypto/kerberosIV/etc/default.login47
-rw-r--r--crypto/kerberosIV/etc/fbtab15
-rw-r--r--crypto/kerberosIV/etc/hosts.equiv1
-rw-r--r--crypto/kerberosIV/etc/inetd.conf.changes33
-rw-r--r--crypto/kerberosIV/etc/krb.conf56
-rw-r--r--crypto/kerberosIV/etc/krb.equiv14
-rw-r--r--crypto/kerberosIV/etc/krb.realms51
-rw-r--r--crypto/kerberosIV/etc/login.access54
-rw-r--r--crypto/kerberosIV/etc/services.append22
-rw-r--r--crypto/kerberosIV/include/Makefile.in147
-rw-r--r--crypto/kerberosIV/include/config.h.in984
-rw-r--r--crypto/kerberosIV/include/ktypes.c64
-rw-r--r--crypto/kerberosIV/include/protos.h276
-rw-r--r--crypto/kerberosIV/include/sys/Makefile.in53
-rw-r--r--crypto/kerberosIV/include/sys/cdefs.H149
-rw-r--r--crypto/kerberosIV/install-sh250
-rw-r--r--crypto/kerberosIV/kadmin/Design.txt23
-rw-r--r--crypto/kerberosIV/kadmin/Makefile.in125
-rw-r--r--crypto/kerberosIV/kadmin/admin_server.c432
-rw-r--r--crypto/kerberosIV/kadmin/kadm_funcs.c411
-rw-r--r--crypto/kerberosIV/kadmin/kadm_locl.h148
-rw-r--r--crypto/kerberosIV/kadmin/kadm_ser_wrap.c213
-rw-r--r--crypto/kerberosIV/kadmin/kadm_server.c198
-rw-r--r--crypto/kerberosIV/kadmin/kadm_server.h66
-rw-r--r--crypto/kerberosIV/kadmin/kadmin.c845
-rw-r--r--crypto/kerberosIV/kadmin/kpasswd.c163
-rw-r--r--crypto/kerberosIV/kadmin/ksrvutil.c601
-rw-r--r--crypto/kerberosIV/kadmin/ksrvutil.h54
-rw-r--r--crypto/kerberosIV/kadmin/ksrvutil_get.c400
-rw-r--r--crypto/kerberosIV/kadmin/new_pwd.c146
-rw-r--r--crypto/kerberosIV/kadmin/pw_check.c87
-rw-r--r--crypto/kerberosIV/kadmin/pw_check.h45
-rw-r--r--crypto/kerberosIV/kuser/Makefile.in92
-rw-r--r--crypto/kerberosIV/kuser/kdestroy.c72
-rw-r--r--crypto/kerberosIV/kuser/kinit.c158
-rw-r--r--crypto/kerberosIV/kuser/klist.c314
-rw-r--r--crypto/kerberosIV/kuser/kuser_locl.h86
-rw-r--r--crypto/kerberosIV/lib/Makefile.in46
-rw-r--r--crypto/kerberosIV/lib/acl/Makefile.in84
-rw-r--r--crypto/kerberosIV/lib/acl/acl.h53
-rw-r--r--crypto/kerberosIV/lib/acl/acl_files.c540
-rw-r--r--crypto/kerberosIV/lib/acl/acl_files.doc107
-rw-r--r--crypto/kerberosIV/lib/kadm/Makefile.in92
-rw-r--r--crypto/kerberosIV/lib/kadm/kadm.h143
-rw-r--r--crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c545
-rw-r--r--crypto/kerberosIV/lib/kadm/kadm_err.et59
-rw-r--r--crypto/kerberosIV/lib/kadm/kadm_locl.h90
-rw-r--r--crypto/kerberosIV/lib/kadm/kadm_stream.c299
-rw-r--r--crypto/kerberosIV/lib/kadm/kadm_supp.c111
-rw-r--r--crypto/kerberosIV/lib/kafs/Makefile.in90
-rw-r--r--crypto/kerberosIV/lib/kafs/afskrb.c373
-rw-r--r--crypto/kerberosIV/lib/kafs/afsl.exp6
-rw-r--r--crypto/kerberosIV/lib/kafs/afslib.c60
-rw-r--r--crypto/kerberosIV/lib/kafs/afslib.exp3
-rw-r--r--crypto/kerberosIV/lib/kafs/afssys.c293
-rw-r--r--crypto/kerberosIV/lib/kafs/afssysdefs.h87
-rw-r--r--crypto/kerberosIV/lib/kafs/dlfcn.c570
-rw-r--r--crypto/kerberosIV/lib/kafs/dlfcn.h46
-rw-r--r--crypto/kerberosIV/lib/kafs/kafs.h100
-rw-r--r--crypto/kerberosIV/lib/kafs/kafs_locl.h96
-rw-r--r--crypto/kerberosIV/lib/kdb/Makefile.in83
-rw-r--r--crypto/kerberosIV/lib/kdb/base64.c150
-rw-r--r--crypto/kerberosIV/lib/kdb/base64.h47
-rw-r--r--crypto/kerberosIV/lib/kdb/copykey.c55
-rw-r--r--crypto/kerberosIV/lib/kdb/kdb_locl.h98
-rw-r--r--crypto/kerberosIV/lib/kdb/kdc.h34
-rw-r--r--crypto/kerberosIV/lib/kdb/krb_cache.c189
-rw-r--r--crypto/kerberosIV/lib/kdb/krb_db.h137
-rw-r--r--crypto/kerberosIV/lib/kdb/krb_dbm.c823
-rw-r--r--crypto/kerberosIV/lib/kdb/krb_kdb_utils.c261
-rw-r--r--crypto/kerberosIV/lib/kdb/krb_lib.c259
-rw-r--r--crypto/kerberosIV/lib/kdb/print_princ.c48
-rw-r--r--crypto/kerberosIV/lib/krb/Makefile.in269
-rw-r--r--crypto/kerberosIV/lib/krb/check_time.c56
-rw-r--r--crypto/kerberosIV/lib/krb/cr_err_reply.c99
-rw-r--r--crypto/kerberosIV/lib/krb/create_auth_reply.c131
-rw-r--r--crypto/kerberosIV/lib/krb/create_ciph.c117
-rw-r--r--crypto/kerberosIV/lib/krb/create_death_packet.c85
-rw-r--r--crypto/kerberosIV/lib/krb/create_ticket.c134
-rw-r--r--crypto/kerberosIV/lib/krb/debug_decl.c29
-rw-r--r--crypto/kerberosIV/lib/krb/decomp_ticket.c119
-rw-r--r--crypto/kerberosIV/lib/krb/dest_tkt.c82
-rw-r--r--crypto/kerberosIV/lib/krb/dllmain.c128
-rw-r--r--crypto/kerberosIV/lib/krb/encrypt_ktext.c51
-rw-r--r--crypto/kerberosIV/lib/krb/et_list.c74
-rw-r--r--crypto/kerberosIV/lib/krb/get_ad_tkt.c190
-rw-r--r--crypto/kerberosIV/lib/krb/get_cred.c70
-rw-r--r--crypto/kerberosIV/lib/krb/get_default_principal.c94
-rw-r--r--crypto/kerberosIV/lib/krb/get_host.c292
-rw-r--r--crypto/kerberosIV/lib/krb/get_in_tkt.c99
-rw-r--r--crypto/kerberosIV/lib/krb/get_krbrlm.c116
-rw-r--r--crypto/kerberosIV/lib/krb/get_svc_in_tkt.c76
-rw-r--r--crypto/kerberosIV/lib/krb/get_tf_fullname.c70
-rw-r--r--crypto/kerberosIV/lib/krb/get_tf_realm.c41
-rw-r--r--crypto/kerberosIV/lib/krb/getaddrs.c130
-rw-r--r--crypto/kerberosIV/lib/krb/getrealm.c184
-rw-r--r--crypto/kerberosIV/lib/krb/getst.c45
-rw-r--r--crypto/kerberosIV/lib/krb/gettimeofday.c56
-rw-r--r--crypto/kerberosIV/lib/krb/k_concat.c116
-rw-r--r--crypto/kerberosIV/lib/krb/k_flock.c95
-rw-r--r--crypto/kerberosIV/lib/krb/k_gethostname.c58
-rw-r--r--crypto/kerberosIV/lib/krb/k_getport.c57
-rw-r--r--crypto/kerberosIV/lib/krb/k_getsockinst.c73
-rw-r--r--crypto/kerberosIV/lib/krb/k_localtime.c48
-rw-r--r--crypto/kerberosIV/lib/krb/kdc_reply.c131
-rw-r--r--crypto/kerberosIV/lib/krb/klog.h47
-rw-r--r--crypto/kerberosIV/lib/krb/kntoln.c180
-rw-r--r--crypto/kerberosIV/lib/krb/krb.def92
-rw-r--r--crypto/kerberosIV/lib/krb/krb.h565
-rw-r--r--crypto/kerberosIV/lib/krb/krb.mak3065
-rw-r--r--crypto/kerberosIV/lib/krb/krb_check_auth.c76
-rw-r--r--crypto/kerberosIV/lib/krb/krb_equiv.c144
-rw-r--r--crypto/kerberosIV/lib/krb/krb_err.et257
-rw-r--r--crypto/kerberosIV/lib/krb/krb_err_txt.c299
-rw-r--r--crypto/kerberosIV/lib/krb/krb_get_in_tkt.c175
-rw-r--r--crypto/kerberosIV/lib/krb/krb_locl.h163
-rw-r--r--crypto/kerberosIV/lib/krb/kuserok.c156
-rw-r--r--crypto/kerberosIV/lib/krb/lifetime.c213
-rw-r--r--crypto/kerberosIV/lib/krb/logging.c240
-rw-r--r--crypto/kerberosIV/lib/krb/lsb_addr_comp.c105
-rw-r--r--crypto/kerberosIV/lib/krb/lsb_addr_comp.h26
-rw-r--r--crypto/kerberosIV/lib/krb/mk_auth.c96
-rw-r--r--crypto/kerberosIV/lib/krb/mk_err.c56
-rw-r--r--crypto/kerberosIV/lib/krb/mk_priv.c125
-rw-r--r--crypto/kerberosIV/lib/krb/mk_req.c215
-rw-r--r--crypto/kerberosIV/lib/krb/mk_safe.c131
-rw-r--r--crypto/kerberosIV/lib/krb/month_sname.c39
-rw-r--r--crypto/kerberosIV/lib/krb/name2name.c102
-rw-r--r--crypto/kerberosIV/lib/krb/netread.c55
-rw-r--r--crypto/kerberosIV/lib/krb/netwrite.c52
-rw-r--r--crypto/kerberosIV/lib/krb/one.c27
-rw-r--r--crypto/kerberosIV/lib/krb/parse_name.c199
-rw-r--r--crypto/kerberosIV/lib/krb/prot.h105
-rw-r--r--crypto/kerberosIV/lib/krb/rd_err.c82
-rw-r--r--crypto/kerberosIV/lib/krb/rd_priv.c129
-rw-r--r--crypto/kerberosIV/lib/krb/rd_req.c324
-rw-r--r--crypto/kerberosIV/lib/krb/rd_safe.c178
-rw-r--r--crypto/kerberosIV/lib/krb/read_service_key.c116
-rw-r--r--crypto/kerberosIV/lib/krb/realm_parse.c88
-rw-r--r--crypto/kerberosIV/lib/krb/recvauth.c190
-rw-r--r--crypto/kerberosIV/lib/krb/resolve.c288
-rw-r--r--crypto/kerberosIV/lib/krb/resolve.h110
-rw-r--r--crypto/kerberosIV/lib/krb/rw.c128
-rw-r--r--crypto/kerberosIV/lib/krb/save_credentials.c59
-rw-r--r--crypto/kerberosIV/lib/krb/send_to_kdc.c251
-rw-r--r--crypto/kerberosIV/lib/krb/sendauth.c163
-rw-r--r--crypto/kerberosIV/lib/krb/sizetest.c41
-rw-r--r--crypto/kerberosIV/lib/krb/stime.c35
-rw-r--r--crypto/kerberosIV/lib/krb/str2key.c103
-rw-r--r--crypto/kerberosIV/lib/krb/swab.c56
-rw-r--r--crypto/kerberosIV/lib/krb/tf_util.c645
-rw-r--r--crypto/kerberosIV/lib/krb/ticket_memory.c438
-rw-r--r--crypto/kerberosIV/lib/krb/ticket_memory.h69
-rw-r--r--crypto/kerberosIV/lib/krb/tkt_string.c85
-rw-r--r--crypto/kerberosIV/lib/krb/unparse_name.c105
-rw-r--r--crypto/kerberosIV/lib/krb/util.c64
-rw-r--r--crypto/kerberosIV/lib/krb/verify_user.c111
-rw-r--r--crypto/kerberosIV/lib/roken/Makefile.in94
-rw-r--r--crypto/kerberosIV/lib/roken/chown.c50
-rw-r--r--crypto/kerberosIV/lib/roken/daemon.c89
-rw-r--r--crypto/kerberosIV/lib/roken/err.c53
-rw-r--r--crypto/kerberosIV/lib/roken/err.h76
-rw-r--r--crypto/kerberosIV/lib/roken/errx.c53
-rw-r--r--crypto/kerberosIV/lib/roken/fchown.c50
-rw-r--r--crypto/kerberosIV/lib/roken/get_window_size.c96
-rw-r--r--crypto/kerberosIV/lib/roken/getcwd.c59
-rw-r--r--crypto/kerberosIV/lib/roken/getdtablesize.c102
-rw-r--r--crypto/kerberosIV/lib/roken/getopt.c128
-rw-r--r--crypto/kerberosIV/lib/roken/getusershell.c160
-rw-r--r--crypto/kerberosIV/lib/roken/hstrerror.c87
-rw-r--r--crypto/kerberosIV/lib/roken/inaddr2str.c88
-rw-r--r--crypto/kerberosIV/lib/roken/inet_aton.c68
-rw-r--r--crypto/kerberosIV/lib/roken/initgroups.c50
-rw-r--r--crypto/kerberosIV/lib/roken/k_getpwnam.c69
-rw-r--r--crypto/kerberosIV/lib/roken/k_getpwuid.c69
-rw-r--r--crypto/kerberosIV/lib/roken/lstat.c50
-rw-r--r--crypto/kerberosIV/lib/roken/memmove.c67
-rw-r--r--crypto/kerberosIV/lib/roken/mini_inetd.c99
-rw-r--r--crypto/kerberosIV/lib/roken/mkstemp.c89
-rw-r--r--crypto/kerberosIV/lib/roken/putenv.c81
-rw-r--r--crypto/kerberosIV/lib/roken/rcmd.c57
-rw-r--r--crypto/kerberosIV/lib/roken/roken.def4
-rw-r--r--crypto/kerberosIV/lib/roken/roken.h338
-rw-r--r--crypto/kerberosIV/lib/roken/roken.mak278
-rw-r--r--crypto/kerberosIV/lib/roken/setegid.c60
-rw-r--r--crypto/kerberosIV/lib/roken/setenv.c71
-rw-r--r--crypto/kerberosIV/lib/roken/seteuid.c60
-rw-r--r--crypto/kerberosIV/lib/roken/signal.c86
-rw-r--r--crypto/kerberosIV/lib/roken/snprintf.c520
-rw-r--r--crypto/kerberosIV/lib/roken/strcasecmp.c118
-rw-r--r--crypto/kerberosIV/lib/roken/strdup.c55
-rw-r--r--crypto/kerberosIV/lib/roken/strerror.c62
-rw-r--r--crypto/kerberosIV/lib/roken/strftime.c299
-rw-r--r--crypto/kerberosIV/lib/roken/strlwr.c58
-rw-r--r--crypto/kerberosIV/lib/roken/strnlen.c53
-rw-r--r--crypto/kerberosIV/lib/roken/strtok_r.c70
-rw-r--r--crypto/kerberosIV/lib/roken/strupr.c58
-rw-r--r--crypto/kerberosIV/lib/roken/tm2time.c66
-rw-r--r--crypto/kerberosIV/lib/roken/unsetenv.c75
-rw-r--r--crypto/kerberosIV/lib/roken/verify.c67
-rw-r--r--crypto/kerberosIV/lib/roken/verr.c50
-rw-r--r--crypto/kerberosIV/lib/roken/verrx.c50
-rw-r--r--crypto/kerberosIV/lib/roken/vwarn.c50
-rw-r--r--crypto/kerberosIV/lib/roken/vwarnx.c51
-rw-r--r--crypto/kerberosIV/lib/roken/warn.c53
-rw-r--r--crypto/kerberosIV/lib/roken/warnerr.c86
-rw-r--r--crypto/kerberosIV/lib/roken/warnx.c53
-rw-r--r--crypto/kerberosIV/lib/roken/xdbm.h75
-rw-r--r--crypto/kerberosIV/lib/sl/Makefile.in84
-rw-r--r--crypto/kerberosIV/lib/sl/sl.c190
-rw-r--r--crypto/kerberosIV/lib/sl/sl.h58
-rw-r--r--crypto/kerberosIV/lib/sl/sl_locl.h48
-rw-r--r--crypto/kerberosIV/man/Makefile.in95
-rw-r--r--crypto/kerberosIV/man/acl_check.3182
-rw-r--r--crypto/kerberosIV/man/ext_srvtab.862
-rw-r--r--crypto/kerberosIV/man/getusershell.399
-rw-r--r--crypto/kerberosIV/man/kadmin.8176
-rw-r--r--crypto/kerberosIV/man/kadmind.8125
-rw-r--r--crypto/kerberosIV/man/kafs.3122
-rw-r--r--crypto/kerberosIV/man/kauth.165
-rw-r--r--crypto/kerberosIV/man/kauthd.827
-rw-r--r--crypto/kerberosIV/man/kdb_destroy.832
-rw-r--r--crypto/kerberosIV/man/kdb_edit.854
-rw-r--r--crypto/kerberosIV/man/kdb_init.837
-rw-r--r--crypto/kerberosIV/man/kdb_util.868
-rw-r--r--crypto/kerberosIV/man/kdestroy.188
-rw-r--r--crypto/kerberosIV/man/kerberos.1258
-rw-r--r--crypto/kerberosIV/man/kerberos.3460
-rw-r--r--crypto/kerberosIV/man/kerberos.844
-rw-r--r--crypto/kerberosIV/man/kinit.1136
-rw-r--r--crypto/kerberosIV/man/klist.183
-rw-r--r--crypto/kerberosIV/man/kprop.858
-rw-r--r--crypto/kerberosIV/man/kpropd.863
-rw-r--r--crypto/kerberosIV/man/krb.conf.531
-rw-r--r--crypto/kerberosIV/man/krb.equiv.528
-rw-r--r--crypto/kerberosIV/man/krb.realms.538
-rw-r--r--crypto/kerberosIV/man/krb_realmofhost.3160
-rw-r--r--crypto/kerberosIV/man/krb_sendauth.3347
-rw-r--r--crypto/kerberosIV/man/krb_set_tkt_string.342
-rw-r--r--crypto/kerberosIV/man/ksrvtgt.150
-rw-r--r--crypto/kerberosIV/man/ksrvutil.8104
-rw-r--r--crypto/kerberosIV/man/kstash.840
-rw-r--r--crypto/kerberosIV/man/kuserok.366
-rw-r--r--crypto/kerberosIV/man/tf_util.3150
-rw-r--r--crypto/kerberosIV/mkinstalldirs40
-rw-r--r--crypto/kerberosIV/server/Makefile.in79
-rw-r--r--crypto/kerberosIV/server/kerberos.c846
-rw-r--r--crypto/kerberosIV/slave/Makefile.in82
-rw-r--r--crypto/kerberosIV/slave/kprop.c530
-rw-r--r--crypto/kerberosIV/slave/kprop.h19
-rw-r--r--crypto/kerberosIV/slave/kpropd.c301
-rw-r--r--crypto/kerberosIV/slave/slav_locl.h101
368 files changed, 82832 insertions, 0 deletions
diff --git a/crypto/kerberosIV/COPYRIGHT b/crypto/kerberosIV/COPYRIGHT
new file mode 100644
index 000000000000..1ec6394da320
--- /dev/null
+++ b/crypto/kerberosIV/COPYRIGHT
@@ -0,0 +1,166 @@
+Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+(Royal Institute of Technology, Stockholm, Sweden).
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. All advertising materials mentioning features or use of this software
+ must display the following acknowledgement:
+ This product includes software developed by the Kungliga Tekniska
+ Högskolan and its contributors.
+
+4. Neither the name of the Institute nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+
+
+Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. All advertising materials mentioning features or use of this software
+ must display the following acknowledgement:
+ This product includes software developed by Eric Young (eay@mincom.oz.au)
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+
+
+Copyright (c) 1983, 1990 The Regents of the University of California.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. All advertising materials mentioning features or use of this software
+ must display the following acknowledgement:
+ This product includes software developed by the University of
+ California, Berkeley and its contributors.
+
+4. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+
+
+Copyright (C) 1990 by the Massachusetts Institute of Technology
+
+Export of this software from the United States of America is assumed
+to require a specific license from the United States Government.
+It is the responsibility of any person or organization contemplating
+export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+
+
+Copyright 1987, 1989 by the Student Information Processing Board
+ of the Massachusetts Institute of Technology
+
+Permission to use, copy, modify, and distribute this software
+and its documentation for any purpose and without fee is
+hereby granted, provided that the above copyright notice
+appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation,
+and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+used in advertising or publicity pertaining to distribution
+of the software without specific, written prior permission.
+M.I.T. and the M.I.T. S.I.P.B. make no representations about
+the suitability of this software for any purpose. It is
+provided "as is" without express or implied warranty.
+
+
+
+Copyright 1992 Simmule Turner and Rich Salz. All rights reserved.
+
+This software is not subject to any license of the American Telephone
+and Telegraph Company or of the Regents of the University of California.
+
+Permission is granted to anyone to use this software for any purpose on
+any computer system, and to alter it and redistribute it freely, subject
+to the following restrictions:
+
+1. The authors are not responsible for the consequences of use of this
+ software, no matter how awful, even if they arise from flaws in it.
+
+2. The origin of this software must not be misrepresented, either by
+ explicit claim or by omission. Since few users ever read sources,
+ credits must appear in the documentation.
+
+3. Altered versions must be plainly marked as such, and must not be
+ misrepresented as being the original software. Since few users
+ ever read sources, credits must appear in the documentation.
+
+4. This notice may not be removed or altered.
+
diff --git a/crypto/kerberosIV/ChangeLog b/crypto/kerberosIV/ChangeLog
new file mode 100644
index 000000000000..146748835025
--- /dev/null
+++ b/crypto/kerberosIV/ChangeLog
@@ -0,0 +1,3761 @@
+Tue Jun 3 1997
+
+ * Release 0.9.6
+
+ * appl/kx/rxtelnet.in, appl/kx/rxterm.in: new argument '-w
+ term_emulator' for specifiying which terminal emulator to use.
+ Based on a patch from <arve@nada.kth.se>.
+
+Mon Jun 2 1997
+
+ * appl/xnlock/Makefile.in, appl/kx/Makefile.in,
+ lib/auth/Makefile.in: fix the Makefile to do the for loops the
+ automake way.
+
+Sun Jun 1 1997
+
+ * appl/xnlock/Makefile.in, appl/kx/Makefile.in: do install
+ correctly even if there are no programs to install
+
+ * configure.in: Check for `h_nerr'.
+
+ * lib/auth/pam/pam.c: Include <security/pam_appl.h> to make it
+ compile on Solaris 2.6
+
+ lib/sl/sl.c, lib/krb/realm_parse.c, appl/ftp/ftpd/popen.c,
+ appl/ftp/ftpd/ftpd.c, appl/bsd/login_fbtab.c,
+ appl/bsd/login_access.c: Initialize the `lasts' to NULL before
+ calling strtok_r the first time. With our strtok_r it's not
+ necessary, but the man-page on SGIs says it should be done.
+
+Fri May 30 1997
+
+ * lib/krb/mk_req.c (krb_mk_req, get_ad_tkt): Support for
+ multi-realm ticket files by using the best matching TGT to define
+ the realm of the ticket holder.
+
+
+ * appl/bsd/utmpx_login.c (utmpx_update): Set `ut_id' if we're
+ using utmpx
+
+ * appl/telnet/telnetd/sys_term.c (start_login): Set `ut_id' if
+ we're using utmpx
+
+Wed May 28 1997
+
+ * lib/roken/daemon.c: New file.
+
+ * include/protos.H: <sys/types.h> needed on solaris 2.4
+
+Mon May 26 1997
+
+ * appl/bsd/su.c (kerberos): If kerberos password is zero length
+ immediately try next scheme.
+
+
+ * lib/kafs/afskrb.c (k_afsklog_uid): Token lifetime should be even
+ if we don't know the proper ViceId.
+
+
+ * Release 0.9.5
+
+ * man/Makefile.in: Install preformatted manual pages with correct
+ suffix on *BSD.
+
+Sun May 25 1997
+
+ * appl/kpopper/popper.h: Remove XTND, and XTND XMIT. Rename XTND
+ XOVER to XOVER.
+
+
+ * appl/telnet/telnetd/sys_term.c: Only include <utmp.h> and
+ <utmpx.h> once
+
+ * fix-export: Also create cat manpages.
+
+ * appl/ftp/ftpd/logwtmp.c: Check for `_PATH_WTMP'
+
+ * appl/telnet/telnetd/sys_term.c: Ditto.
+ Remove stupid macros.
+
+ * appl/ftp/ftp/cmds.c (setpeer): Check for `__unix'. This is
+ (apparently) a standard with many representations.
+
+ * appl/ftp/ftpd/ftpcmd.y (SYST): Ditto.
+
+ * appl/ftp/ftpd/ftpd.c (retrieve): file must exist to apply a
+ command to it.
+
+ * appl/ftp/ftpd/ftpd.c (retrieve): Generalise list of commands and
+ basename argument.
+
+ * appl/ftp/ftpd/popen.c (ftpd_popen): Try standard binary if the
+ one in ~ftp fails.
+
+ * appl/telnet/telnetd/sys_term.c: Use `_getpty' if there's one
+
+ * appl/bsd/forkpty.c: Use `_getpty' if there's one
+
+ * configure.in: check for `_getpty'
+
+ * acconfig.h: correct test for IRIX
+
+ * lib/roken/snprintf.c: code for checking the correct functioning
+ of *nprintf is now #ifdef PARANOIA
+
+ * appl/bsd/rlogind.c: fix logging in wtmp and parsing of winsize
+
+ * appl/bsd/rlogin.c: New option `-p'.
+
+ * lib/des/fcrypt.c: removed `inline' from `des_set_key'
+
+Thu May 22 1997
+
+ * lib/des/md5.c (MD5Final): Made signature compliant with FreeBSD.
+
+ * lib/des/md5.h: Remove digest from MD5_CTX, it is now an argument
+ to MD5Final instead.
+
+ * lib/des/fcrypt.c: Also support MD5 style crypt(2).
+
+Tue May 20 1997
+
+ * appl/telnet/telnetd/sys_term.c: utmp stuff now seems to be
+ compatible with login
+
+ * appl/ftp/ftpd/logwtmp.c: Add support for logging to wtmpx
+
+
+ * (*/)*/Makefile.in:s (install): Avoid redundant multiple
+ recursion in install targets.
+
+ * Made things compile with socks5-v1.0r1.
+
+
+ * appl/telnet/telnetd/sys_term.c: changed utmp-stuff not to use
+ ut_id at all
+
+ * appl/bsd/utmpx_login.c: handle case where there's no wtmpx (such
+ as HP-UX 10)
+
+ * appl/bsd/rlogind.c: Added support for utmpx
+
+Sun May 18 1997
+
+ * lib/roken: removed herror, strchr, and strrchr
+
+ * lib/krb/dest_tkt.c(dest_tkt): Only use `lstat' iff HAVE_LSTAT
+
+ * lib/krb: snprintf, strdup, strtok_r, and strcasecmp always live
+ in lib/roken and get linked here when needed.
+
+ * lib/roken: removed strchr, strrchr.
+
+ * appl/telnet/telnet/telnet.c: Always use our own `setupterm' for
+ compatibility reasons.
+
+ * appl/telnet/telnetd/telnetd.c: Removed <curses.h> and <term.h>.
+ They doesn't seem to be used and breaks on fujitsu.
+
+ * appl/kx/kx.c: try to give a better error message (than a core
+ dump :-) when talking to an old kxd.
+
+ * appl/kx/kxd.c, appl/kip/kipd.c, appl/kauth/kauthd.c: corrected
+ fencepost error with KRB_SENDAUTH_VLEN.
+
+ * appl/ftp/common/buffer.c: new file.
+
+ * configure.in: cray hides their bitypes in <bind/bitypes.h>.
+ Also check for this file.
+
+ * appl/telnet/telnet/telnet_locl.h: moved termios.h before
+ curses.h. This was needed to compile on cray, but will probably
+ break on some other host.
+
+Thu May 15 1997
+
+ * server/kerberos.c: Implement changes to the tcp protocol, while
+ being compatible with the old protocol.
+
+ * lib/krb/send_to_kdc.c: The old method to signal end of
+ transmission by closing the sending side of the socket does not
+ work well through some firewalls. This is now changed so that the
+ client instead sends the length of the request as a four byte
+ integer (in network byte order) before sending the data.
+
+Wed May 14 1997
+
+ * appl/telnet/telnetd/sys_term.c: HAVE_UTMPX -> HAVE_UTMPX_H. Fix
+ for OSF1.
+
+ * appl/bsd/utmp_login.c: UTMPX_DOES_UTMP_LOGGING -> HAVE_UTMPX_H
+
+ * appl/bsd/sysv_environ.c: Use k_concat rather than snprintf.
+
+Tue May 13 1997
+
+ * kuser/klist.c: updated usage string
+
+ * lib/otp/otp_print.c: make word table and reverse word table
+ constant
+
+Sun May 11 1997
+
+ * */*: Added some __attribute__ ((format (printf))) and fixes
+ where needed.
+
+ * appl/ftp/common/sockbuf.c: start probing at 4Mb
+
+ * appl/ftp/ftpd/ftpd.c: use MAP_FAILED
+
+ * appl/ftp/ftp/ftp.c: Use MAP_FAILED.
+ (alloc_buffer): new function for allocating a buffer of size
+ max(BUFSIZ, st.st_blksize) (Based on a patch from
+ <haba@pdc.kth.se>)
+
+ * appl/ftpd/ftpdcmd.y: hack for reget.
+
+ * appl/kx/kxd.c: Give a error message to old-version kx.
+
+ * replaced vsprintf with vsnprintf.
+
+ * lib/roken/vsyslog.c: not used. removed.
+
+ * Changed <sys/bitypes.h> -> <ktypes.h>
+
+ * include/Makefile.in: Added ktypes.h
+
+ * include/sys/Makefile.in: removed bitypes.h
+
+Wed May 7 1997
+
+ * appl/ftp/ftp/ftp.c: Open files in binary mode.
+
+ * appl/ftp/ftpd/ftpd.c (checkaccess): Changed to make absent file
+ mean `allow'. Added shell matching to names (if fnmatch is
+ available).
+
+
+ * appl/ftp/ftpd/kauth.c (kauth): Use `DEFAULT_TKT_LIFE'
+
+ * appl/ftp/ftpd/ftpcmd.y, appl/ftp/ftpd/ftpd.c: always cast to
+ (long) before printing out an `off_t'
+
+ * lib/kdb/print_princ.c (krb_print_principal),
+ lib/kdb/krb_lib.c (kerb_put_principal),
+ admin/kdb_edit.c (change_principal),
+ admin/kdb_util.c (print_time) : gmtime should never return
+ tm_year > 1900
+
+ * appl/ftp/ftpd/ftpcmd.y: Year 2000 fix
+
+ * appl/telnet/telnetd/telnetd.c: removed code that used `getent'
+
+ * lib/roken/getent.c: removed
+
+Mon May 5 1997
+
+ * appl/ftp/ftpd/ftpd.c: fix for mmap and restart_point
+
+ * kadmin/ksrvutil_get.c (ksrvutil_get): get correct default realm
+
+Sun May 4 1997
+
+ * configure.in (REAL_PICFLAGS): Use `-fPIC' instead of `-fpic',
+ otherwise it's not possible to make libotp on hpux.
+
+ * configure.in: try sending picflags even when linking a shared
+ library with $CC
+
+ * lib/roken/getent.c: remove getstr
+
+ * configure.in: removed unneeded REAL_-variables working shared
+ libraries on *bsd*
+
+ * appl/kip/kip.h: Added <net/if_var.h>
+
+ * */Makefile.in: Use @LDSHARED@
+
+ * configure.in: Fix shared libraries on HP/UX.
+ check for curses.h
+ check for `getstr' and `cgetstr' in curses
+
+ * appl/telnet/telnet: clean-up
+
+ * lib/kafs/afssys.c: ifdef-out the code that is not used to avoid
+ referencing `syscall' on AIX.
+
+ * lib/krb/et_list.c: s/WEAK_PRAGMA/PRAGMA_WEAK/
+
+ * aclocal.m4 (AC_HAVE_PRAGMA_WEAK): redirect output
+
+ * lib/roken/snprintf.c: fix for the case of max_sz == 0
+
+ * doc/kth-krb.texi: Add @dircategory and @direntry to enable
+ `install-info' to install this entry in `dir'.
+
+ * appl/telnet/telnetd/Makefile.in: Don't link with getstr
+
+
+ * lib/auth/sia/krb4_matrix.conf: Fix entries for ses_release and
+ chk_user.
+
+Sat May 3 1997
+
+ * lib/auth/sia/sia.c: Some cleanup.
+
+Fri May 2 1997
+
+ * configure.in: only link the programs that need it with the
+ db/dbm library
+
+
+ * lib/auth/sia/sia.c: Merge code for for normal and su
+ authentication.
+
+
+ * Replaced sprintf with snprintf and asprintf all over the place.
+
+ * lib/roken/snprintf.c: Added asnprintf and vasnprintf
+
+ * lib/roken/snprintf.c: implemented asprintf, vasprintf
+
+ * lib/roken/snprintf.c: new file
+
+Thu May 1 1997
+
+ * lib/kafs/afskrb.c (k_afsklog_all_local_cells): Use `k_concat'
+
+Wed Apr 30 1997
+
+ * lib/krb/{get_host,get_krbrlm,getrealm,realm_parse}.c: Fix some
+ potential buffer overruns.
+
+ * lib/krb/k_concat.c: Safely concatenate two strings.
+
+Sat Apr 26 1997
+
+ * appl/telnet/libtelnet/kerberos.c: removed stupid #if 0
+
+ * appl/bsd/rlogind.c (send_oob): different default for `last_oob'
+ to avoid losing first OOB packet
+
+Fri Apr 25 1997
+
+ * appl/voodoo/AuthOption.cpp: provoke the telnetd in turning on
+ encryption
+
+Wed Apr 23 1997
+
+ * lib/kafs/afskrb.c (realm_of_cell): don't overflow buffer with
+ result from `gethostbyaddr'
+
+ * lib/krb/name2name.c (krb_name_to_name): new parameter
+ `phost_size' to disable buffer overflowing. Changed all callers.
+
+ * lib/krb/k_getsockinst.c: New parameter `inst_size' to disable
+ buffer overflowing. Changed all callers.
+
+ * appl/kpopper/Makefile.in: soriasis make stupidity
+
+ * appl/kx/Makefile.in: don't include encdata.c in SOURCES_COMMON,
+ otherwise DEC make gets upset.
+
+Tue Apr 22 1997
+
+ * lib/krb/k_getsockinst.c: Use same name as in krb_get_phost.
+
+
+ * acconfig.h: hp-ux 10 also has `pututxline' that writes both to
+ utmp and utmpx.
+
+Sun Apr 20 1997
+
+ * include/win32/config.h: adapted to win95/NT
+
+ * appl/voodoo: Merged in win32-telnet from <d93-jka@nada.kth.se>
+
+ * lib/krb/tkt_string.c: dummy `getuid' function.
+
+ * lib/krb/ticket_memory.c (tf_setup): implement
+
+ * lib/roken/roken.mak, roken.def: new files
+
+ * lib/des/des.def: Removed des_random_{seed,key}
+
+ * lib/krb/dllmain.c: Rewrote `msg'.
+ Better explanation when it fails to spawn `krbmanager'.
+
+ * lib/krb/tf_util.c: backwards `in_tkt' added.
+
+ * lib/krb/in_tkt.c: removed
+
+ * lib/kclient/KClient: Reformatted and fixed.
+
+Sat Apr 19 1997
+
+ * appl/ftp/ftpd/ftpd.c: Incorporate /etc/ftpusers changes from
+ NetBSD.
+
+ * appl/ftp/ftpd/ftpd.c: Handle oob-stuff better.
+
+Fri Apr 18 1997
+
+ * appl/kpopper/pop_{dropinfo,send,updt}.c: Fix 'From ' line
+ parsing bug.
+
+ * appl/kpopper/pop_dropinfo.c: Add support for xover.
+
+ * appl/kpopper/pop_xover.c: Add some kind of xover support.
+
+ * appl/kpopper/pop_debug.c: New tiny popper debugging program.
+
+Tue Apr 15 1997
+
+ * lib/krb/kdc_reply.c (kdc_reply_cred): fix sanity checks.
+
+ * appl/bsd/rshd.c: k_afsklog so that remote command gets a token.
+ fix usage string.
+
+Sat Apr 12 1997
+
+ * appl/bsd/rcp.c (main): Rcp implements encrypted file transfer
+ without using the kshell service.
+
+
+ * lib/krb/mk_safe.c: Emit new checksum.
+
+ * lib/krb/rd_safe.c: New code to handle both new and old
+ checksums.
+
+ * lib/des/qud_cksm.c: Fix compatibility with mit deslib.
+
+Fri Apr 11 1997
+
+ * lib/sl/sl.c (sl_match): initialize `partial_cmd'
+
+Sun Apr 6 1997
+
+ * lib/kafs/kafs.h: Ugly addition of `_P'
+
+ * lib/kafs/afssys.c: <sys/socket.h> contains the definition of
+ `_IOW' on cygwin32.
+
+ * appl/telnet/telnet/utilities.c: <sys/socket.h> needed by
+ cygwin32
+
+ * doc/Makefile.in: always run $(MAKEINFO).
+
+ * lib/otp/otp_md.c (sha_finito_little_endian): byte-swap
+ correctly.
+
+ * include/sys/bitypes.H: Added #ifndef for types
+
+ * configure.in: test for types
+
+ * aclocal.m4: Stolen AC_GROK_TYPES? from heimdal
+
+
+ * appl/ftp/ftp/ftp.c: Fix passive mode.
+
+Sat Apr 5 1997
+
+ * appl/kauth/ksrvtgt.in: New ksrvtgt script.
+
+Fri Apr 4 1997
+
+ * lib/krb/kdc_reply.c: Add some range checking.
+
+
+ * lib/otp/otptest.c: Updated tests from `draft-ietf-otp-01.txt'.
+ Passes verification examples from appendix C.
+
+ * admin/kdb_util.c: All usage strings are now consistent (and even
+ with the code)!
+
+Thu Apr 3 1997
+
+ * lib/kafs/afssys.c (k_pioctl): Separate syscall functionality and
+ kerberos convenience routines into afssys.c and afskrb.c. This to
+ make it possible to use k_pioctl() without linking in all
+ libraries in the world.
+
+Tue Apr 1 1997
+
+ * appl/telnet/telnet/commands.c: Rename suspend to telnetsuspend,
+ since Unicos has one of its own.
+
+Sun Mar 30 1997
+
+ * appl/bsd/{rsh,rlogin}.c: Don't look at argv[0].
+
+
+ * man/tenletxr.1: new file
+
+ * appl/kx/rxtelnet.in, appl/kx/rxterm.in, appl/kx/tenletxr.in:
+ Support `-k'
+
+ * appl/kx/tenletxr.in: new script for running kx in backwards
+ mode.
+
+ * appl/kx: New version of protocol.
+
+ * appl/kauth: Use err & c:o
+
+ * appl/kauth/encdata.c (read_encrypted): Give better return code
+ for EOF
+
+
+ * appl/ftp/ftp/krb4.c: Use stdout rather than stderr. Add newlines
+ to many strings.
+
+ * kuser/kdestroy.c: Use set_progname, make -q equal to -f, remove
+ bell.
+
+ * lib/roken/warnerr.c: New function set_progname.
+ * aclocal.m4: Invert test of AC_NEED_DECLARATION and rename it to
+ AC_CHECK_DECLARATION. Add new function AC_CHECK_VAR, that looks
+ for a variable, including a declaration.
+
+ * lib/roken/roken.h: Add optional declaration for __progname.
+
+ * lib/roken/*{err,warn}.c: Restructure err and warn functions.
+
+Sat Mar 29 1997
+
+ * appl/telnet/telnet/sys_bsd.c: Maybe-fix for HP-UX 10: Ifdef
+ SO_OOBINLINE, don't even select for exceptional conditions.
+
+ * lib/otp/otp_md.c: always downcase the seed.
+ byte-swap the SHA result.
+
+Thu Mar 27 1997
+
+ * appl/otp/otp.c: removed bad free of global data
+
+Sun Mar 23 1997
+
+ * configure.in: moved version.h and config.h to include
+
+
+ * acconfig.h: Fix utmp/utmpx stuff on OSF/1.
+
+
+ * appl/bsd/rlogind.c (control): Rewritten to handle the case of
+ there being no `ws_xpixel' and `ws_ypixel'
+
+ * appl/bsd/rlogin.c (sendwindow): Rewritten to handle the case of
+ there being no `ws_xpixel' and `ws_ypixel'
+
+ * aclocal.m4 (AC_KRB_STRUCT_WINSIZE): Also test for `ws_xpixel'
+ and `ws_ypixel'
+
+ * lib/otp/otp.h: Change default global timeout
+
+ * lib/krb/tf_util.c (tf_setup): Also take `pname' and `pinst'
+
+ * appl/telnet/telnetd/sys_term.c, appl/bsd/utmpx_login.c: Do
+ gettimeofday and then copy the data for the sake of those systems
+ like SGI that can have different timevals in file and memory.
+
+ * configure.in: Allow `--with-readline'
+
+ * lib/editline/edit_compat.c (readline): strdup data before
+ returning it.
+
+
+ * appl/telnet/telnetd/state.c: Change size of subbuffer to 2k.
+
+Thu Mar 20 1997
+
+ * lib/krb/decomp_ticket.c: Add some range checking.
+
+ * appl/ftp/ftpd/krb4.c: Check return value from krb_net_write.
+
+ * appl/ftp/ftp/ftp.c: Fix hash mark printing.
+
+Wed Mar 19 1997
+
+ * appl/kauth/kauthd.c: more logging
+
+ * man/kx.1, man/kxd.8: Updated.
+
+ * appl/kx/kx.c, kxd.c: Hacked so that all TCP-connections are kx
+ -> kxd
+
+
+ * lib/editline/edit_compat.c: BSD libedit comatibility.
+
+Wed Mar 12 1997
+
+ * appl/ftp/ftpd/ftpd.c: Set `byte_count' even when using mmap.
+ Log foreign IP address together with hostname.
+
+Mon Mar 10 1997
+
+ * server/kerberos.c: Fix log file muddle.
+
+Sun Mar 9 1997
+
+ * appl/bsd/kcmd.c (kcmd): check malloc for failure.
+
+Tue Feb 25 1997
+
+ * man/ftpd.8: Documented the `-g' option.
+
+ * appl/ftp/ftpd/ftpd.c: New option `-g umask' for specifying the
+ umask for anonymous users.
+
+ * appl/ftp/ftpd/ftpd.c: conditionalize SIGURG
+
+ * appl/otp/otp.c: More fixes from Fabien COELHO
+ <coelho@cri.ensmp.fr>. Check for current OTP before allowing the
+ update.
+
+Wed Feb 19 1997
+
+ * appl/otp/otp.c: updated help string
+
+ * appl/bsd/Makefile.in: Fixed installation of suid programs.
+
+ * appl/telnet/libtelnet/kerberos.c: fix some stuff to get
+ forwarding code to compile
+
+ * lib/otp/otp_db.c: fix for signed char overflow.
+
+
+ * lib/krb/resolve.c: Patch from Jörgen Wahlsten
+ <wahlsten@pathfinder.com>: Zero out resource record, and send
+ correct length to dn_expand.
+
+Mon Feb 17 1997
+
+ * lib/roken/roken.h: Check for `_setsid'
+
+ * appl/ftp/ftp/ftp.c: s/__CYGWIN32__/HAVE_H_ERRNO/
+
+ * include/Makefile.in: Generete krb_err.h and kadm_err.h before
+ linking/copying them
+
+ * aclocal.m4: AC_FIND_FUNC: Add the library at the beginning of
+ the list.
+
+ * configure.in: Use AC_PROG_RANLIB
+ Always use EMXOMF under OS/2
+ Check for sys/termio.h and _setsid
+
+
+ * configure.in: A preliminary fix for editline.
+
+ * appl/telnet/libtelnet/kerberos.c: Include ticket forwarding
+ stuff.
+
+ * lib/krb/krb_get_in_tkt.c: Use tf_setup.
+
+ * lib/krb/krb_get_in_tkt.c: New function tf_setup.
+
+Sat Feb 15 1997
+
+ * man/otp.1: updated
+
+ * appl/otp/otp.c: New options `-d' and `-r'. From Fabien COELHO
+ <coelho@cri.ensmp.fr>
+
+ * lib/otp/otp.h: Changed default from md4 to md5
+ * lib/otp/otp_db.c (otp_get, otp_simple_get): New functions.
+
+Thu Feb 13 1997
+
+ * appl/kx/rxtelnet.in: allow specification of port number
+
+ * appl/otp/otp.c: Add `-u' option
+
+Sun Feb 9 1997
+
+ * appl/ftp/common/glob.c: Rename FOO -> CHAR_FOO to avoid
+ collision with symbol in sys/ioctl.h
+
+Fri Feb 7 1997
+
+ * man/kpropd.8: updated
+
+ * appl/bsd/rcmd_util.c: warning needs to know what program is
+ used.
+
+ * slave/kpropd.c: New explicit flag `-i' for interactive. Don't
+ use AI to figure out if we have been started by inetd or not.
+
+Thu Feb 6 1997
+
+ * appl/kx/rxtelnet.in, appl/kx/rxterm.in: Patch for sending -l to
+ kx. From <map@stacken.kth.se>
+
+ * kuser/klist.c: corrected alignment of `expired'
+
+ * appl/telnet/telnet/commands.c: replaced lots of \n by \r\n
+
+Mon Feb 3 1997
+
+ * configure.in (socket, gethostbyname, getsockopt, setsockopt):
+ Better tests.
+ (HAVE_H_ERRNO): New test
+
+ * lib/roken/herror.c (herror): Check HAVE_H_ERRNO
+ lots of other files as well.
+
+Sat Feb 1 1997
+
+ * appl/bsd/rcp.c: Work around the non-working getpw* in cygwin32
+
+ * lib/krb/logging.c: Init function for `std_log´
+
+ * appl/telnet/telnet/utilities.c: Remove `upcase´
+ Check HAVE_SETSOCKOPT
+
+ * appl/telnet/telnet/telnet.c: Use `strupr´ instead of `upcase´
+
+ * appl/telnet/telnet/commands.c, appl/movemail/pop.c,
+ appl/kauth/rkinit.c, appl/ftp/ftp/ftp.c,
+ appl/sample/sample_client.c: Ifdef around for the non-existence of
+ `h_errno' in cygwin32.
+
+ * lib/des/read_pwd.c: work-around for cygwin32
+
+ * appl/telnet/telnet/sys_bsd.c: work-around for cygwin32
+
+Fri Jan 31 1997
+
+ * lib/krb/tf_util.c: gnu-win32 needs to open files with O_BINARY.
+
+Sun Jan 26 1997
+
+ * configure.in: removed duplicate of initgroups and lstat
+ Use AC_KRB_STRUCT_WINSIZE
+
+ * aclocal.m4 (AC_KRB_STRUCT_WINSIZE): New test
+
+ * lib/krb/getaddrs.c: Check for SIOCGIFFLAGS and SIOCGIFADDR
+
+ * appl/bsd/rlogin.c: conditional on SIGWINCH
+
+ * appl/bsd/rcmd_util.c et al: conditional getsockopt
+
+ * configure.in (cygwin32): New target
+ (getsockopt, getsockopt): Test for
+ (herror, hstrerror): Better tests
+
+ * aclocal.m4 (AC_FIND_IF_NOT_BROKEN): Pass arguments to
+ AC_FIND_FUNC
+
+Thu Jan 23 1997
+
+ * configure.in: Add EXECSUFFIX
+
+ * appl/kx/rxterm.in: rsh -n
+
+ * lib/krb/unparse_name.c (krb_unparse_name_long_r): new function
+
+
+ * lib/auth/sia/sia.c: Fix a bug with ticket filename. Add afs
+ support.
+
+ * lib/krb/get_host.c: Use KRB_SERVICE.
+
+Wed Jan 22 1997
+
+ * lib/auth/sia/Makefile.in: Add linker magic fix for broken,
+ conflicting kerberos code in xdm.
+
+Tue Jan 21 1997
+
+ * appl/xnlock/xnlock.c (verify): Change the "LOGOUT" password to
+ be manageable as X-resource XNlock*logoutPasswd. The password is
+ stored in UNIX crypt format so that it can be stored in a global
+ resource file for sites that whish to keep it a secret.
+
+
+ * configure.in: Check for winsize in sys/ioctl.h also.
+
+Sat Jan 18 1997
+
+ * lib/krb/get_default_principal.c: Use principal from
+ KRB4PRINCIPAL before using uid.
+
+Wed Jan 15 1997
+
+ * appl/telnet/telnet/sys_bsd.c: Use `get_window_size'
+
+ * lib/roken/get_window_size.c: New file
+
+ * appl/bsd/rlogin.c: Use `get_window_size'
+
+ * appl/bsd/forkpty.c, appl/bsd/rlogind.c: conditionalize on
+ TIOCSWINSZ
+
+ * configure.in: Check for `_scrsize' and `struct winsize'
+
+Tue Jan 14 1997
+
+ * Makefile.in (install-strip, travelkit-strip): New targets.
+
+Thu Jan 9 1997
+
+ * */Makefile.in: Use @foo_prefix@ and @program_transform_name@
+ Add code to uninstall target
+
+Thu Dec 19 1996
+
+ * configure.in: Set LIBPREFIX
+
+ * config.sub: Add os2 as a system
+
+ * config.guess: Try to recognize i386-pc-os2_emx
+
+ * configure.in: case for *-*-os2_emx
+ NEED_PROTO for `strtok_r'
+
+ * aclocal.m4: ranlib is apparently calld EMXOMF on OS/2
+ (AC_KRB_PROG_LN_S): New test that uses cp if ln fails
+
+Wed Dec 18 1996
+
+ * appl/bsd/login.c (main): First try to verify password using
+ standard UNIX method and if it fails try kerberos authentication.
+
+Sat Dec 14 1996
+
+ * appl/bsd/rcp.c: consider case of no fchmod
+
+ * appl/kpopper/pop_init.c: Use k_getsockinst.
+
+ * lib/roken/{strupr,strlwr,strchr,strrchr,lstat,initgroups,chown,
+ fchown,rcmd}.c: new files
+
+ * appl/kpopper/pop_lower.c: Removed.
+
+ * Makefile.in (travelkit): New target.
+
+Tue Dec 10 1996
+
+ * lib/krb/parse_name.c (kname_parse): Only copy realm if it is
+ specified.
+
+ * lib/krb/get_host.c (krb_get_host): Treat no realm as local
+ realm.
+
+Mon Dec 9 1996
+
+ * appl/ftp/ftpd/ftpd.c: Get afs-tokens when logging in with
+ password.
+
+
+ * slave/kprop.c: flock with K_LOCK_SH
+
+Wed Dec 4 1996
+
+ * appl/telnet/telnet/commands.c: Also export XAUTHORITY
+
+Sun Dec 1 1996
+
+ * kadmin/ksrvutil.c: If realm is not specified, use the local one.
+
+Sat Nov 30 1996
+
+ * appl/kauth/kauthd.c: Use KAUTH_VERSION. Try to give correct
+ error messages back to kauth.
+
+ * config.sub, config.guess: Merged in changes from autoconf 2.12
+
+ * appl/bsd/rsh.c: quick hack to make `-n' to the right thing.
+
+ * kadmin/kadm_locl.h: Add prototype for FascistCheck.
+
+Thu Nov 28 1996
+
+ * man/afslog.1: Documented `-createuser'
+
+ * appl/afsutil/aklog.c: removed `cell_of_file' Added option
+ `-createuser' to run pts to create a foreign principal.
+
+Tue Nov 26 1996
+
+ * lib/otp/otp_challenge.c: Initialize error string and check for
+ NULL from strdup.
+
+ * lib/roken/mini_inetd.c: Initialize `sin_family'
+
+ * appl/kpopper/pop_init.c: Add `-p' option and make `-a'
+ auth-style
+
+ * appl/bsd/rshd.c: Add `-p' option.
+
+ * appl/bsd/rlogind.c: Handle `-p' correctly.
+
+ * appl/bsd/login.c: Removed confusing initialization of
+ `login_timeout'
+
+ * appl/kpopper/pop_dropinfo.c: Remove white-space at the beginning
+ of UIDL-string.
+
+Sun Nov 24 1996
+
+ * Release 0.9.3
+
+Sat Nov 23 1996
+
+ * kadmin/ksrvutil_get.c: Use `krb_unparse_name_long' Better
+ defaults.
+
+ * lib/krb/krb.h: Added *_to_key
+
+ * lib/krb/get_svc_in_tkt.c (srvtab_to_key): Make public
+
+ * kadmin/kadmin.c (do_init): `-p' is a synonym for `-u'
+ (do_init): more logical defaults
+ (help): removed old code
+ better error messages
+
+ * lib/krb/get_in_tkt.c (passwd_to_key, passwd_to_afskey): Export
+ and remove functionality for reading passwords.
+
+ * lib/sl/sl.c: Nicer help output.
+
+ * lib/otp/otp_challenge.c: Initialize `challengep'
+
+ * lib/krb/Makefile.in: Removed get_pw_tkt.c
+
+Fri Nov 22 1996
+
+ * lib/auth/sia/sia.c: Now compiles under Digital UNIX 4.0.
+
+Wed Nov 20 1996
+
+ * lib/auth/pam/pam.c: Chown ticketfile to correct GID.
+
+Tue Nov 19 1996
+
+ * appl/kx/rxtelnet.in: Try to set the screen number as well.
+
+ * Be careful not to thrust `h_length' from gethostby{name,addr}
+
+ * appl/bsd/rcmd_util.c (ip_options_and_die): New function.
+
+ * configure.in: moved headers before functions.
+ call AC_PATH_XTRA_XTRA.
+ Add strchr, index, rindex, and strrchr to AC_CHECK_FUNCS.
+ remove strchr and strrchr, add strtok_r from/to AC_BROKEN.
+
+ * aclocal.m4 (AC_PATH_XTRA_XTRA): New macro.
+
+ * aclocal.m4 (AC_FIND_FUNC, AC_FIND_FUNC_NO_LIBS): Two new
+ arguments: includes and arguments)
+
+ * configure.in: Need to supply arguments and includes to test for
+ `res_search' and `dn_expand'
+
+ * lib/kafs/afssys.c (k_setpag): Handle AFS_SYSCALL3
+
+ * Use `k_getpw{nam,uid}' instead of getpw{nam,uid}.
+
+ * Replace lots of `strtok' with `strtok_r'.
+
+ * lib/sl/sl.c: Allow unlimited number of arguments. Use
+ `strtok_r' to divide up string into arguments.
+
+ * lib/roken/roken.h: Added `strtok_r'
+
+ * configure.in: Test for `strtok_r'
+
+ * include/Makefile.in: Don't build in ss
+
+ * Makefile.export: Fixed ChangeLog-generation
+
+ * lib/sl/sl.c: Let `readline' to the \n-removal. Handle empty
+ lines. Don't store empty lines in the history.
+
+Mon Nov 18 1996
+
+ * lib/sl/sl.c: Use readline compatible i/o.
+
+
+ * lib/otp/otp_locl.h: Changed location of otp database to /etc
+
+ * appl/otp/Makefile.in: Install otp setuid root.
+
+ * util/Makefile.in: don't build SS
+
+ * lib/sl: New directory.
+
+ * kadmin/kadmin.c: Replaced SS by SL.
+
+Sun Nov 17 1996
+
+ * kadmin/kadm_funcs.c: Improved log messages.
+
+
+ * Use KRB_TICKET_GRANTING_TICKET.
+
+
+ * server/kerberos.c: Don't do any special logging when running as
+ slave.
+
+
+ * Lots of files: remove unnecessary `(void)'
+
+ * Lots of files: remove unnecessary `register' declaration.
+
+
+ * lib/krb/get_host.c: Only keep list of hosts from requested
+ realm.
+
+
+ * man/otpprint.1, otp.1: New files.
+
+ * appl/otp/otp.c: `-s' is now default.
+
+ * appl/otp/otp.c: removed count
+
+ * lib/des/destest.c: more general quad_cksum test.
+
+ * lib/otp/otp_print.c (otp_print_stddict_extended,
+ otp_print_hex_extended): New functions.
+
+ * lib/otp/otptest.c: New file.
+
+
+ * appl/ftp/ftpd/ftpd.c: Change default auth level to what was
+ formerly known as `user'.
+
+ * appl/ftp/ftpd/ftpd.c: Orthogonalize arguments to -a
+
+
+ * appl/kip/kip.c: Try all addresses we get back from the name
+ server.
+
+ * kadmin/kpasswd.c: updated to new functions.
+
+ * lib/otp/otp_db.c (otp_db_open): Do a few retries. Unlock in
+ case this file cannot be opened.
+
+ * doc/kth-krb.texi: New chapter about OTPs.
+
+ * appl/otp/otpprint.c, appl/otp/otp.c: Use OTP_ALG_DEFAULT.
+ Consistent language Check return value from des_read_pw_string.
+
+ * lib/otp/otp.h: Add OTP_ALG_DEFAULT
+
+
+ * lib/krb/parse_name.c: New function krb_parse_name
+
+Sat Nov 16 1996
+
+ * appl/bsd/login.c: removed S/Key.
+ Added OTP with option `-a otp'
+ Reorganized verification loop.
+
+ * appl/bsd/Makefile.in (login): Remove skey and add OTP
+
+ * configure.in: Test for `uid_t' and `off_t'
+
+ * appl/telnet/telnetd/telnetd.c: Removed `-s' for securID and
+ added `-a otp' for OTP.
+
+ * appl/kpopper: removed s/key and added OTP support. Updated
+ man-page.
+
+ * lib/otp/otp.h: more fields in the struct and a new function.
+
+ * appl/ftp/ftpd/ftpd.c: Full OTP support.
+
+ * appl/kx/rxterm.in: Add options: -l username, -r args_to_rsh, and
+ -x args_to_xterm
+
+ * appl/kx/rxtelnet.in: Add options: -l username, -t
+ args_to_telnet, and -x args_to_xterm
+
+ * man/kx.cat1: regenerated
+
+ * man/kx.1: Added `-l' option.
+
+ * appl/kx/kxd.c: Accept username from `kx'
+
+ * appl/kx/kx.c: Introduced option `-l user' to be able to login as
+ some other user.
+
+Fri Nov 15 1996
+
+ * appl/kx/kx.c: Print out display and not display_nr
+
+ * lib/auth/Makefile.in: Fix the case with empty SUBDIRS.
+
+ * */Makefile.in: Use $(LN_S) instead of ln -s
+
+ * */Makefile.in: Add @SET_MAKE@
+
+ * doc/latin1.tex: New file.
+
+ * doc/kth-krb.texi: Use latin1.tex to be able to use one letter
+ that some bear seem to think is important.
+
+ * doc/kth-krb.texi: Added acknowledgements.
+
+ * lib/auth/Makefile.in: Only build relevant subdirectories.
+
+ * configure.in: Set @LIB_AUTH_SUBDIRS@ to the subdirectories of
+ lib/auth that should be built.
+
+
+ * lib/kafs/afssys.c: Only get tokens for each cell once.
+
+Thu Nov 14 1996
+
+ * man: Added man pages for movemail(1) and kerberos(8).
+
+
+ * kadmin/kadmin_cmds.ct: Add `add' for add_new_key and `passwd'
+ for change_password.
+
+
+ * lib/krb/logging.c: Now actually compiles!
+
+
+ * config.{guess,sub}: Merge changes from Autoconf
+
+
+ * lib/krb/{recv,send}auth.c: Don't return errno if there is a
+ system error.
+
+Wed Nov 13 1996
+
+ * util/ss/Makefile.in: Now even compiles with BSD make!
+
+ * appl/kx: Now send the complete display from `kxd' to `kx'. This
+ should enable it to work better with Xlibraries that don't support
+ unix sockets.
+
+ * kuser/klist.c: conditionally include <sys/ioctl.h> and
+ <sys/ioccom.h> before <kafs.h>
+
+ * lib/krb/resolve.h: Add fallback for `T_TXT'.
+
+ * appl/otp/otp.c: removed print-functionality.
+
+ * appl/otp/otpprint.c: New file.
+
+ * appl/otp/Makefile.in: New program `otpprint'
+
+ * lots of Makefile.in: Now should be possible to build with makes
+ that have broken VPATH-handling.
+
+ * configure.in: Always replace REAL_SHARED & c:o so that some
+ libraries may be built as shared.
+ Removed unused AC_SUBST.
+ Only build afskauthlib on irix.
+
+ * lib/auth/afskauthlib/Makefile.in, lib/auth/sia/Makefile.in,
+ lib/auth/pam/Makefile.in: Always build as a shared library.
+
+ * appl/kx/rxtelnet.in, appl/kx/rxterm.in: export PATH (from
+ <jas@pdc.kth.se>).
+
+
+ * lib/krb/{pkt_cipher,fgetst}.c: Removed
+
+ * lib/krb/name2name.c: Renamed k_name_to_name to krb_name_to_name
+
+Mon Nov 11 1996
+
+ * appl/telnet/telnetd/sys_term.c: Really remove bad stuff from
+ environment.
+
+Fri Nov 8 1996
+
+ * appl/bsd/rlogind.c (main): `portnum' should be int.
+
+ * appl/bsd/sysv_environ.c: Use _PATH_ETC_ENVIRONMENT
+
+ * appl/bsd/pathnames.h: _PATH_ETC_ENVIRONMENT: new
+
+ * lib/krb/get_host.c (srv_find_realm): New parameter `service'
+
+
+ * lib/krb/unparse_name.c: New function.
+
+Tue Nov 5 1996
+
+ * lib/auth/pam/pam.c: Add PAM Kerberos module.
+
+Mon Nov 4 1996
+
+ * configure.in: configure in lib/auth/afskauthlib
+
+ * lib/kafs/afssys.c: New function `k_afsklog_uid'.
+
+ * lib/auth/afskauthlib: New library that works like
+ `afskauthlib.so' from Transarc.
+
+
+ *lib/krb/get_host.c, lib/krb/getrealm.c, lib/kafs/afssys.c: Use
+ dns_lookup().
+
+ * lib/krb/resolve.c (dns_lookup): Replaced several different
+ resolver functions with one more generalized.
+
+Sun Nov 3 1996
+
+ * Add check target in lib/krb.
+
+ * appl/bsd/login.c (main): Sleep 10 seconds before bailing out so
+ that there is a chance of reading the error message.
+
+ * appl/bsd/rsh.c (main): When invoked as rlogin equivalent change
+ to real uid before execing rlogin.
+
+Sat Nov 2 1996
+
+ * appl/bsd/utmp_login.c: Do the right thing on systems where
+ UTMPX_DOES_UTMP_LOGGING is defined.
+
+
+ * lib/krb/krb.h: names for `krb_kuserok' prototype
+
+ * lib/krb/get_host.c: Add tcp/kerberos.REALM as well.
+
+ * appl/bsd/su.c: Replace call to `kuserok' by `krb_kuserok'.
+
+ * lib/otp/otp_parse.c: Add support for parsing extended responses
+ (draft-ietf-otp-ext-01).
+
+ * lib/otp/otp.h: Define OTP_HEXPREFIX and OTP_WORDPREFIX.
+
+ * appl/otp/otp.c: Add option `-e' for printing responses in
+ extended mode (according to draft-ietf-otp-ext-01.txt).
+
+
+ * lib/krb/kuserok.c: Function krb_kuserok now takes name,
+ instance, realm rather than an AUTH_DAT.
+
+Fri Nov 1 1996
+
+ * lib/auth/sia: Add SIA Kerberos module.
+
+
+ * lib/roken/roken.h: Need to include signal.h prior to defining
+ SIG_ERR.
+
+ * appl/bsd/utmpx_login.c (utmpx_update): Minor restructuring for
+ simplified maintainability.
+
+ * appl/bsd/utmp_login.c (utmp_login): Even when there are utmpx
+ files on this system we should also log to the utmp files. If
+ there are no utmp files we of course don't have to log to them.
+
+
+ * Makefile.export: now generate PROBLEMS and COPYRIGHT as well.
+
+ * PROBLEMS, COPYRIGHT, doc/kth-krb.info: removed
+
+ * doc/kth-krb.texi: Put copyrights in marketing order.
+
+ * appl/kpopper/popper.h: client and ipaddr should be char [] so
+ that we can store the names there.
+
+ * appl/kpopper/pop_init.c: save copies of addresses that otherwise
+ get overwritten.
+
+Mon Oct 28 1996
+
+ * lib/krb/send_to_kdc.c (send_recv_it): Use `recv' not `recvfrom'
+ to make winsock happy. Also don't care anymore about from which
+ address we got the answer since we do a `connect'.
+
+ * admin/adm_locl.h, lib/kdb/kdb_locl.h, kadmin/kadm_locl.h,
+ lib/krb/krb_locl.h, lib/roken/strftime.c, server/kerberos.c: Do
+ not use #if, use #ifdef.
+
+ * configure.in: Test for `rand' and `getuid'
+
+
+ * slave/kprop.c: Don't terminate on trivial errors in slaves-file.
+
+Sun Oct 27 1996
+
+ * doc/Makefile.in: Install from source directory if necessary.
+
+ * lib/krb/kuserok.c: Do not use `k_getpwnam' in libkrb.
+
+ * configure.in: You can't even use `unset', Ultrix sh does not
+ have it.
+
+
+ * several files: Check status from des_read_pw_string.
+
+
+ * server/kerberos.c: Make sure all data is recieved on a tcp
+ socket before trying to reply.
+
+
+ * lib/krb/krb.h: Add <time.h> for `struct tm'
+
+ * appl/kx/Makefile.in: Both kx and kxd requires @XauWriteAuth@
+
+ * configure.in: Fix test for `XauReadAuth'
+
+Fri Oct 25 1996
+
+ * lib/krb/get_host.c (init_hosts): Must ntohs(KRB_PORT) on
+ machines running backwards.
+
+ * More consistent use of CRLF in telnet and telnetd.
+
+ * Removed redundant -I$(srcsdir)/../../include from compiler args.
+
+
+ * appl/ftp/ftpd/ftpd.c: New option `-a otp' to allow OTPs but no
+ ordinary passwords in cleartext.
+
+ * appl/ftp/ftpd/Makefile.in: Link `ftpd' with -lotp
+
+ * lib/Makefile.in: Add otp
+
+ * include/Makefile.in: Add otp.h
+
+ * configure.in: Test for ndbm.h
+ Generate Makefiles in lib/otp and appl/otp
+
+ * appl/otp: New program to set up and generate OTPs.
+
+ * lib/otp: New library for one-time passwords (RFC1938).
+
+ * lib/krb/get_host.c (srv_find_realm): Added parameter `proto'
+
+ * lib/des/Makefile.in: Add md4 and sha. run `mdtest' from check.
+
+ * lib/des/md4.h, lib/des/md4.c, lib/des/sha.c, lib/des/sha.h,
+ lib/des/mdtest.c: New files.
+
+ * appl/kauth/Makefile.in: Make $(libexedir) as well.
+
+Thu Oct 24 1996
+
+ * appl/bsd/rlogind.c (setup_term): Actually set the speed of the
+ terminal.
+
+ * appl/bsd/rlogin.c (main): Do a `speed_t2int' before putting the
+ speed in the TERM variable.
+
+ * appl/bsd/rcmd_util.c: New functions: `speed_t2int' and
+ `int2speed_t'.
+
+ * appl/bsd/bsd_locl.h: Added prototype of `speed_t2int' and
+ `int2speed_t'.
+
+Sun Oct 20 1996
+
+ * appl/bsd/login.c: Do `getspnam' before change the UID. Also call
+ `endspent'
+
+ * appl/krbmanager: New program used on PCs by kclient.
+
+ * lib/kclient: New library.
+
+ * lib/des, lib/krb: Added some PC-specific files.
+
+ * doc/kth-krb.info: Regenerated.
+
+ * doc/Makefile.in (kth-krb.info): Some stupid makes don't
+ understand $<
+ (kth-krb.html): New rule.
+
+ * doc/kth-krb.texi (Compiling from source): Added some references
+ about Socks.
+
+Sat Oct 19 1996
+
+ * doc/kth-krb.texi: Added text about ``--with-socks''.
+
+ * configure.in: Use `AC_TEST_PACKAGE' for skey and socks.
+
+ * aclocal.m4: Replaced `AC_TEST_SOCKS' and `AC_TEST_SKEY' with the
+ more general `AC_TEST_PACKAGE'.
+
+Fri Oct 18 1996
+
+ * configure.in: call AC_TEST_SOCKS
+
+ * acconfig.h: SOCKS
+
+ * aclocal.m4: Added AC_TEST_SOCKS
+
+ * lib/krb/send_to_kdc.c (send_to_kdc): Removed unused `f' and
+ close.
+
+Thu Oct 17 1996
+
+ * man/popper.8: Option `-i'
+
+ * appl/kpopper/pop_send.c: clean-up
+
+ * appl/kpopper/popper.h: Removed old garbage and added SKEY.
+
+ * appl/kpopper/pop_xmit.c: clean up
+
+ * appl/kpopper/pop_user.c: SKEY-support
+
+ * appl/kpopper/pop_pass.c: Added support for spaces in passwords
+ and S/Key.
+
+ * appl/kpopper/pop_init.c: Moved some variables into struct pop
+ (main): Added support for `-i'
+
+ * appl/kpopper/pop_get_command.c: New command "HELP".
+
+ * appl/kpopper/Makefile.in: Add SKEY-stuff.
+
+ * lib/krb/get_host.c: Use `k_getportbyname(KRB_SERVICE,...)' as a
+ default instead of KRB_PORT
+
+ * lib/krb/getaddrs.c (k_get_all_addrs): Add
+ gethostbyname(k_gethostname()) as a fallback.
+
+ * lib/krb/k_getport.c (k_getportbyname): proto can be NULL
+
+ * lib/krb/krb.h: Only include <sys/types.h> if HAVE_SYS_TYPES_H
+
+ * lib/krb/prot.h: KRB_SERVICE: Added
+
+
+ * server/kerberos.c: Replaced linked list with a vector.
+
+Wed Oct 16 1996
+
+ * server/kerberos.c: Add support for TCP connections.
+
+ * lib/krb/send_to_kdc.c: On stream sockets, use krb_net_read
+ rather than recvfrom.
+
+Mon Oct 14 1996
+
+ * doc/kth-krb.texi: Only use `kdb_edit' to add the initial
+ `nisse.admin'. Add all other users with `kadmin'.
+
+ * doc/kth-krb.info: new file.
+
+ * doc/kth-krb.texi: Added some text about kx and ftp.
+
+ * appl/ftp/ftpd/ftpcmd.y,
+ util/ss/ct.y,
+ util/et/error_table.y :
+ Added code for handling the case of using `bison' and having no
+ `alloca'. Alloca is usually never called anyway, so we just use
+ `malloc'.
+
+ * appl/kx/kxd.c: All static variables are now global and in
+ common.c.
+ (doit_conn, doit): Turn on TCP_NODELAY.
+ (create_and_write_cookie, suspicious_address): Moved to common.c
+
+ * appl/kx/kx.c (connect_host): Try all addresses of `host'. Turn
+ on TCP_NODELAY.
+ (doit): prepare for TCP-only hosts.
+ (usage,main): add `-t'
+ (main): Passive mode is possible again.
+
+ * appl/kx/kx.h: More #ifdefs for include files. Declarations for
+ global variables.
+
+ * appl/kx/common.c (get_xsockets): Try to chmod
+ dirname(`X_UNIX_PATH')
+ (get_xsockets): Turn on TCP_NODELAY on TCP connections.
+
+ * doc/Makefile.in: New file
+
+ * Makefile.in: Added `doc' to `SUBDIRS'
+
+ * configure.in: Generate `doc/Makefile'
+
+Sun Oct 13 1996
+
+ * appl/bsd/rcp.c (main): Made rcp AFS aware.
+
+ * lib/krb/kuserok.c (kuserok): Act as if luser@LOCALREALM is
+ always an entry of .klogin.
+
+Sat Oct 12 1996
+
+ * appl/kx/rxtelnet.in: Start the `xterm' process correctly.
+
+ * lib/des/rnd_keys.c (sumFile): consider the case that `res' is
+ not longword-aligned.
+
+ * lib/krb/get_host.c (parse_address): `getservbyname' should
+ really get proto = NULL
+
+ * lib/krb/send_to_kdc.c (krb_udp_port): removed
+ (send_to_kdc): removed `addrlist'
+
+ * lib/krb/send_to_kdc.c: Support not only UDP.
+
+ * lib/krb/get_host.c (krb_get_admhst): Really ask for a admin host
+ if that's what we want.
+
+Thu Oct 10 1996
+
+ * lib/krb/get_host.c: Simplified some code. Added stub-support for
+ SRV-records.
+
+Wed Oct 9 1996
+
+ * appl/kx/rxtelnet.in, appl/kx/rxterm.in: PDC are unable to give
+ correct instructions to their users and therefore we have to add
+ strange directories to the PATH.
+
+ * appl/kx/rxtelnet.in: Support sending arguments to telnet.
+
+ * appl/kx/rxterm.in: rsh can reside in path or %bindir% support
+ extra arguments to xterm (from <jas@pdc.kth.se>).
+
+ * appl/kx/rxtelnet.in: Try to find some kind of terminal emulator
+ for X.
+
+ * appl/kx/rxterm.in, appl/kx/rxtelnet.in: Look for kx in $PATH and
+ %bindir%.
+
+ * appl/kx/common.c (get_xsockets): `mkdir' the correct directory.
+ From <jas@pdc.kth.se>
+
+
+ * lib/krb/send_to_kdc.c: Changes to allow other than udp port 750
+ connections.
+
+ * lib/krb/get_host.c: rewrite of krb_get_{adm,krb}hst.
+
+Sun Oct 6 1996
+
+ * appl/ftp/ftpd/ftpd.c (retrieve): Got rid of `sprintf'.
+
+ * configure.in: Fix order for x libs. From <jas@pdc.kth.se>.
+ Check for `fcntl', `alloca', `winsock.h', and `io.h'.
+
+ * lib/krb/krb_locl.h: Check for <io.h> and <winsock.h>
+
+ * lib/krb/krb.h: Check for winsock.h
+
+ * lib/krb/k_flock.c: Better test for `fcntl' with locking.
+
+ * lib/krb/et_list.c: Hopefully correct pragma this time. From
+ <jas@pdc.kth.se>
+
+Thu Oct 3 1996
+
+ * lib/krb/klog.c (klog): Do not forget to print the text.
+
+ * lib/krb/log.c (krb_log): Print space after time in log.
+
+Wed Oct 2 1996
+
+ * appl/kpopper/popper.h: Add field msg_id to hold Message-Id for
+ UIDL command.
+
+ * appl/kpopper/pop_dropinfo.c (pop_dropinfo): Support for UIDL
+ command. Saves Message-Id to be used as unique id. Everything is
+ #ifdef:ed UIDL.
+
+ * appl/kpopper/pop_get_command.c: Recognize UIDL command.
+
+ * appl/kpopper/pop_uidl.c (pop_uidl): POP3 UIDL command
+ implementation.
+
+ * appl/kpopper/Makefile.in: New file pop_uidl.c.
+
+
+ * configure.in: Made some of the tests into macros defined in
+ aclocal.m4
+
+ * appl/telnet/libtelnet/kerberos.c: Given better error message
+ when user is not authorized to login.
+
+ * lib/roken/k_getpwuid.c, lib/roken/k_getpwnam.c: Call `endpwent'.
+ If we are using a BSD-kind of system we should not leave the
+ shadow password database open.
+
+ * appl/xnlock/xnlock.c: Got rid of all `register' declarations.
+
+ * appl/kx/rxterm.in, appl/kx/rxtelnet.in: Use `set --'
+
+Mon Sep 30 1996
+
+ * lib/roken/k_getpwnam.c, lib/roken_k_getpwuid.c: Call `endspent'
+ to try to close the shadow password file.
+
+ * appl/ftp/ftpd/ftpd.c (retrieve): Cut the argument to the command
+ and the first character of the extension.
+
+ * lib/krb/send_to_kdc.c: Sun doesn't have any strerror so we can't
+ use that here. We are only printing debug messages anyway, so
+ just print errno for now.
+
+ * appl/kx/rxtelnet.in: Now using SIGUSR2.
+
+ * appl/kx/kx.c: Now using SIGUSR1 to mean `exit when number of
+ children goes down to zero'. SIGUSR2 is `exit when number of
+ children is equal to zero'.
+
+ * appl/xnlock/xnlock.c: More fixup of old code.
+
+ * appl/ftp/ftpd/ftpd.c: Only call `filename_check' for guest
+ users.
+
+ * configure.in: Added tests for more header files. Also added
+ more ifdefs when actually including those files.
+
+ * appl/kx/Makefile.in: Do not build programs if we have no X11.
+
+Sun Sep 29 1996
+
+ * appl/xnlock/xnlock.c (main): Support for shadow passwords.
+
+ * lib/roken/k_getpwuid.c: New file, better support for shadow
+ passwords.
+
+
+ * appl/telnet/Makefile.in: Use SET_MAKE
+
+
+ * appl/ftp/ftpd/ftpcmd.y: Remove access to several commands for
+ anonymous users.
+
+ * lib/krb/get_krbhst.c: Look for kerberos-#.realm.
+
+ * appl/ftp/ftpd/popen.c: Execute files from ~ftp if possible.
+
+ * appl/ftp/ftpd/ftpd.c: Add find site command.
+
+ * appl/ftp/ftpd/ftpd.c: Add special handling of nonexistant files
+ with extensions {,.tar}{,.gz,Z}.
+
+Sat Sep 28 1996
+
+ * configure.in: Check for sys/times.h, sys/param.h, and
+ sys/timeb.h
+
+ * lib/des: autoconfed a little to make it compile.
+
+ * lib/roken/roken.h: Add `max', `min', and definitions for broken
+ syslogs.
+
+ * appl/bsd/bsd_locl.h: Removed SYSLOG-garbage and max.
+
+ * appl/kx/kx.h: Remove prototype of childhandler.
+
+ * appl/kx/common.c: Remove childhandler. Not common any more.
+
+ * appl/kx/rxterm.in: Send SIGUSR1 to kx before starting xterm.
+
+ * appl/kx/rxtelnet.in: Send USR1 to kx at appropriate moment.
+
+ * appl/kx/kx.c: Die after receiving SIGUSR1 and when number of
+ children goes to zero.
+
+ * lib/roken/roken.h: Add STDERR_FILENO
+
+ * lib/roken/mini_inetd.c (mini_inetd): Also dup onto stderr.
+
+ * lib/kafs/Makefile.in (afslib.so): Change argument so they work
+ with `ld' instead of `cc'
+
+ * appl/kx/kxd.c: writeauth.c as separate file.
+
+ * appl/kx/kx.c: `-d' option to disable forking.
+
+ * appl/kx/Makefile.in: Compile and link writeauth.c if necessary.
+ For some stupid reason $< does not work correctly in BSD make.
+ Use $(srcdir) instead.
+
+ * appl/ftp/ftp/ftp_locl.h: Only include <roken.h> once.
+
+ * configure.in: Use strange X flags when looking for XauReadAuth.
+ Add XauWriteAuth if we need to include it.
+
+Fri Sep 27 1996
+
+ * appl/sample: Sample programs work again.
+
+
+ * appl/kx/kxd.c (main): use `mini_inetd'
+
+ * appl/kx/kx.c: Use KX_PORT
+
+ * appl/kx/kx.h: Remove SOMAXCONN and add KX_PORT
+
+ * appl/kauth/kauthd.c (main): use `mini_inetd'
+
+ * appl/ftp/ftpd/ftpd.c: Removed `conn_wait' and use `mini_inetd'
+ instead.
+
+ * appl/bsd/bsd_locl.h: Prototypes for `get_shell_port' and
+ `get_login_port'
+
+ * appl/bsd/rcmd_util.c: New file.
+
+ * appl/bsd/Makefile.in: Added rcmd_util.c
+
+ * appl/bsd/rcp.c: Moved `get_shell_port' to rcmd_util.c
+
+ * appl/bsd/rsh.c: Moved `get_shell_port' to rcmd_util.c
+
+ * appl/bsd/rlogind.c (main): Use `mini_inetd'
+
+ * appl/bsd/rshd.c (main): Add support for interactive mode with
+ `-i'.
+
+ * appl/telnet/telnetd/telnetd.c (main): use `mini_inetd'
+
+ * lib/roken/roken.h: Added prototype for `mini_inetd', and
+ fallback definitions for SOMAXCONN, STDIN_FILENO, and
+ STDOUT_FILENO.
+
+ * lib/roken/Makefile.in: Added mini_inetd.o
+
+ * lib/roken/mini_inetd.c: New file.
+
+Thu Sep 26 1996
+
+ * appl/kx/kxd.c (doit): read port number in ascii.
+
+ * appl/kx/kx.c (doit): write port number in ascii.
+
+ * appl/kauth/rkinit.c (doit_host): Check return value from
+ `read_encrypted'.
+
+ * appl/kauth/kauthd.c (doit): Removed unnecessary sprintf's before
+ syslog.
+
+ * lib/krb/krb_get_in_tkt.c (krb_get_in_tkt): Return error code
+ from `tf_create' and not always INTK_ERR.
+
+ * lib/krb/tf_util.c (tf_create): Correct check for return value
+ from `open'.
+
+ * lib/des/rnd_keys.c (des_rand_data): Try /dev/urandom as well.
+
+Wed Sep 25 1996
+
+ * appl/afsutil/pagsh.c (main): One-of error hopefully fixed this
+ time.
+
+ * configure.in: Add test for <sys/un.h>
+
+ * kadmin/Makefile.in: Add back $(CRACKLIB)
+
+Mon Sep 16 1996
+
+ * appl/kx/Makefile.in: Create rxterm and rxtelnet at compile time.
+
+ * kstring2key moved to appl/afsutil.
+
+Sun Sep 15 1996
+
+ * appl/kx/kx.c (main): For now always use passive mode. That's
+ the only thing that has been tested and not a lot of people are
+ going to use non-passive anyways.
+
+ * appl/kx/kx.c (connect_host): write display_number in ascii.
+
+ * appl/kx/kxd.c (doit): read display_number in ascii.
+
+ * appl/kx/common.c (get_local_xsocket): Generate the
+ /tmp/.X11-unix directory with the sticky bit set.
+
+ * configure.in: Generate appl/kx/rxterm and appl/kx/rxtelnet.
+
+ * appl/kx/Makefile.in: Install rxterm and rxtelnet.
+
+ * appl/kx/rxterm.in, appl/kx/rxtelnet.in: New files.
+
+ * appl/kx/common.c (get_local_xsocket): try to bind the socket
+ instead of checking for existence with lstat.
+
+
+ * appl/kx/kxd.c: Detect remote termination and cleanup on exit.
+
+Sat Sep 14 1996
+
+ * lib/des/rnd_keys.c: Hack for systems that lack setitimer (like
+ crays).
+
+
+ * appl/kx/kxd.c (doit): Send over the display number and the
+ authority file actually used to kx.
+
+ (create_and_write_cookie): New function to generate and write into a
+ file a local cookie used between this pseudo-server and the
+ clients on this host.
+
+ (start_session): New function to check and remove the local cookie
+ before the data is sent over to `kx'.
+
+ * appl/kx/kx.c (display_num, xauthfile): New variables. Now `kx'
+ prints out the values of those two variables and then goes to the
+ background to enable some script to set these on the other host.
+
+ (start_session): New function that adds a local cookie before sending
+ the rest of the connection to the local X-server.
+
+ (main): Also recognize "unix" as a local DISPLAY.
+
+ * appl/kx/kx.h: <X11/Xauth.h> used.
+ (get_local_xsocket): Changed parameter.
+
+ * appl/kx/common.c (get_local_xsocket): Now try to allocate the
+ first free socket in /tmp/.X11-unix. Also `mkdir' this directory
+ first. Return the number of the display opened.
+
+ * appl/kx/Makefile.in: Added X libraries.
+
+ * lib/des/des.h: Added prototype for `des_rand_data'.
+
+ * lib/des/rnd_keys.c: Made `des_rand_data' non-static. This
+ function is useful and now even used.
+
+Wed Sep 11 1996
+
+ * appl/bsd/login.c: Use k_afs_cell_of_file() to get tokens for the
+ cell of the home catalog rather than the local cell.
+
+ * lib/kafs/afssys.c: Add k_afs_cell_of_file.
+
+Tue Sep 10 1996
+
+ * appl/telnet/telnetd/telnetd.c, appl/telnet/telnetd/sys_term.c:
+ Removed all convex code.
+
+Mon Sep 9 1996
+
+ * appl/telnet/telnetd/termstat.c: UNICOS5: removed
+
+ * appl/telnet/telnetd/telnetd.c, appl/telnet/telnetd/sys_term.c:
+ NEWINIT, UNICOS7x, UNICOS5: removed
+
+ STREAMSPTY: added variable `really_stream' Now able to handle the
+ case where the OS supports stream ptys but we run out of them and
+ start using ordinary BSD ones.
+
+ * appl/telnet/telnetd/state.c: UNICOS5: removed
+
+ * appl/telnet/telnetd/pathnames.h: BFTPPATH: removed
+
+ * appl/telnet/telnetd/ext.h, appl/telnet/telnetd/global.c:
+ BFTPDAEMON: removed.
+ UNICOS5: removed.
+
+ * appl/telnet/telnetd/ext.h: STREAMSPTY: added variable
+ `really_stream'.
+
+ * lib/krb/stime.c (krb_stime): argument should be `time_t'.
+ lib/krb/krb_locl.h: changed prototype.
+
+Sun Sep 8 1996
+
+ * configure.in: Also generate `appl/sample/Makefile'
+
+ * appl/Makefile.in: Use @SET_MAKE@.
+ Include sample
+
+ * lib/krb/Makefile.in: Add krb_stime, krb_mk_auth, and
+ krb_check_auth.
+
+ * util/et/compile_et.c (main): Include <foo.h> in foo.c
+
+ * slave/kprop.c: exit with return code == 1 to indicate failure.
+
+ * server/kerberos.c (usage): Fixed usage string.
+
+ * lib/krb/tkt_string.c (tkt_string): Removed bogus extern
+ declaration of `getuid'.
+
+ * lib/krb/tf_util.c (tf_save_cred): Removed bogus extern
+ declaration of `lseek'.
+
+ * lib/krb/stime.c (stime): Renamed to `krb_stime'
+
+ * lib/krb/sendauth.c (krb_sendauth): reimplemented using
+ `krb_mk_auth' and `krb_check_auth'.
+
+ * lib/krb/send_to_kdc.c (send_recv): Removed stupid cast.
+
+ * lib/krb/recvauth.c: Removed KRB_SENDAUTH_VERS
+
+ * lib/krb/prot.h: create_auth_reply: correct prototype.
+ krb_create_death_packet: ditto.
+ KRB_SENDAUTH_VERS: moved here from sendauth.c and recvauth.c
+
+ * lib/krb/month_sname.c: Made `month_sname' const.
+
+ * lib/krb/mk_req.c: Remove stupid `register'
+
+ * lib/krb/log.c (krb_log): Use `krb_stime'
+
+ * lib/krb/kuserok.c (kuserok): Nightmare Filesystem might return
+ ESTALE. Treat it the same way as ENOENT.
+
+ * lib/krb/krb_locl.h: Added prototype for `krb_stime'
+
+ * lib/krb/krb_check_auth.c: New file with `krb_check_auth',
+ implemented for compatibility with CNS.
+ lib/krb/krb_mk_auth.c: Ditto.
+
+ * lib/krb/krb.h: Removed duplicate declarations of `get_request'
+ and `krb_get_admhst'.
+ Added declarations for `krb_mk_auth' and `krb_check_auth'.
+
+ * lib/krb/kparse.h: removed prototype for `strsave'
+
+ * lib/krb/kparse.c (fGetParameterSet): Use `strdup' instead of
+ `strsave'.
+ (strsave): Removed.
+
+ * lib/krb/kname_parse.c: Removed stupid `register' declarations.
+
+ * lib/krb/klog.c (klog): Use `krb_stime'
+
+ * lib/krb/get_phost.c: Handle the case where the name has no dots
+ in it by just returning it as-is.
+
+ * lib/knet/Imakefile, lib/knet/getkdata.c, lib/knet/phost.c,
+ lib/knet/sendkdata.c: removed unused files.
+
+ * lib/kadm/kadm_cli_wrap.c (kadm_init_link): use `k_getportbyname'
+
+ * kadmin/ksrvutil_get.c (get_srvtab_ent): Erase the key if
+ something goes wrong. Include realm in the message when writing a
+ key.
+ (parseinput): New function that removes quotes and backslashes
+ from input.
+ (ksrvutil_get): Use `parseinput' to read input.
+
+ * kadmin/ksrvutil.c (safe_read_stdin): Correct use of printf.
+ Removed bogus casts and fflush of stdin.
+ (main): Use `return' instead of `exit'.
+
+ * kadmin/kpasswd.c (main): Use `return' instead of `exit'.
+
+ * kadmin/admin_server.c: exit with return code == 1 to indicate
+ failure.
+
+ * appl/sample/sample_server.c: Rewrote to use all new functions.
+
+ * appl/sample/sample_client.c: Rewrote to use all new functions.
+
+ * appl/sample/sample.h: new file.
+
+ * appl/sample/Makefile.in: new file.
+
+ * appl/movemail/pop.c (socket_connection): use `k_getportbyname'
+
+ * appl/kpopper/pop_init.c: exit with return code == 1 to indicate
+ failure.
+
+ * appl/kauth/kauth.c (doexec): new-style definition. ret should
+ be a `pid_t'.
+ (main): new-style definition. Use `prog' instead of `argv[0]'
+
+ * appl/ftp/ftp/extern.h: Removed unused `abortsend'
+
+ * appl/ftp/Makefile.in: Use @SET_MAKE@
+
+ * appl/bsd/rsh.c: get_shell_port: use `k_getportbyname'
+
+ * appl/bsd/rlogin.c: get_login_port: use `k_getportbyname'
+
+ * appl/bsd/kcmd.c: Removed bogus casts to `caddr_t'
+
+ * admin/kstash.c: Removed bogus flushing of stderr. Replaced lots
+ of `exit(-1)' by `return 1'
+
+ * admin/kdb_util.c: Removed unused variable `aprinc'.
+ Removed bogus flushing of stderr.
+ Replaced lots of `exit(-1)' by `return 1'.
+
+ * admin/kdb_edit.c, admin/kdb_init.c: use `return' instead of
+ calling `exit' and use 1, not -1, for failure.
+
+ * Makefile.in: Use @SET_MAKE@
+
+ * aclocal.m4: AC_NEED_PROTO: need macro to determine if we need to
+ define a prototype for a function.
+
+ * configure.in: Reordered. Removed unused stuff. Start using
+ AC_NEED_PROTO.
+
+ * config.guess: merged in FSF version from 960908.
+
+Tue Sep 3 1996
+
+ * include/protos.H: Added optarg, opterr, optind, optopt and
+ (fclose under Sunos 4). Removed these declarations from lots of
+ other files.
+
+ * acconfig.h: Add undefs for h_errno, h_errlist, optarg, optind,
+ opterr, and optopt.
+
+ * configure.in: Use `AC_NEED_DECLARATION' for h_errno, h_errlist,
+ optarg, optind, opterr, and optopt.
+
+ * aclocal.m4: New macro `AC_NEED_DECLARATION' to figure out if we
+ need to have an external declaration of a variable.
+
+Mon Sep 2 1996
+
+ * lib/krb/krb.h: Removed unused `req_act_vno' and `k_log'.
+ Changed all callers.
+
+ * lib/krb/krb.h: Removed definition of `MAX_HSTNM'.
+
+ * lib/krb/send_to_kdc.c: Removed use of `MAX_HSTNM'.
+
+ * appl/afsutil/pagsh.c: Some reformatting and fixed the off-by-one
+ args bug.
+
+Sat Aug 31 1996
+
+ * lib/krb/{send_to_kdc.c, getrealm.c}, appl/xnlock/xnlock.c,
+ appl/kauthkauth.c, appl/bsd/{rshd.c,rlogind.c}: Removed '#if 0'-ed
+ code.
+
+ * lib/krb/get_in_tkt.c: Removed '#if 0'-ed code and now compiles
+ with NOENCRYPTION.
+
+ * kadmin/ksrvutil.c: Now compiles with NOENCRYPTION.
+
+ * appl/ftp/ftpd/ftpcmd.y: Throw away passwd after use.
+
+ * appl/ftp/ftpd/ftpd.c: Fixed old comment.
+
+ * slave/kpropd.c: s/sa_len/salen/ Irix has a #define for sa_len.
+
+ * lib/kdb/krb_dbm.c: If key->dptr is not a `char *' we have to
+ cast it before adding to it.
+
+ * configure.in: Old test for `sa_len' in `struct sockaddr' fails
+ on IRIX 6.2. Try to compile a program refering to that field
+ instead of grepping for it in <sys/socket.h>.
+
+ * appl/bsd/kcmd.c: Removed old and broken code.
+
+ * configure.in: Check for `gethostname', `uname', and
+ <sys/utsname.h>
+
+ * lib/krb/k_gethostname.c: Try to use `uname' if we have no
+ `gethostname'.
+
+ * appl/ftp/ftpd/klogin.c: Incorrect use of `gethostname' replaced
+ by correct use of `k_gethostname'.
+
+
+ * lib/roken/verify.c: Change name verify_unix_user ->
+ unix_verify_user in analogy with krb_verify_user.
+
+Fri Aug 30 1996
+
+ * appl/xnlock/Makefile.in: Install man-page.
+
+ * configure.in, */Makefile.in: Replace `-shared' with some other
+ option when not using gcc.
+
+ * lib/kafs/afssys.c: Do not start by checking if we have AFS in
+ `k_afsklog'.
+
+ * appl/bsd/rlogin.c: More kludges to make it work with rlogin on
+ linux: Do not select for an exceptional condition on `rem' after
+ having received EINVAL.
+
+ Also rewrote ifndef NOENCRYPTION stuff.
+
+ * appl/bsd/rlogind.c: More kludges to make it work with rlogin on
+ linux: Only send oob data just after having sent normal data to
+ make sure we never send two consecutive bytes of oob data.
+
+ Also rewrote ifndef NOENCRYPTION stuff.
+
+Thu Aug 29 1996
+
+ * lib/kafs/Makefile.in: Use `ld' instead of `cc' for linking
+ afslib.so. Not everybody has cc.
+
+Wed Aug 28 1996
+
+ * Release 0.9.2a
+
+Mon Aug 26 1996
+
+ * appl/bsd/login.c: Clean-up. Made static a lot of functions and
+ variables. Rewrote some function definitions to ANSI-style.
+
+ * appl/bsd/sysv_environ.c: KRB4_MAILDIR may and may not contain a
+ trailing slash. We need to be very careful to make sure the
+ contents of $MAIL does not contain two, because RMAIL in emacs
+ uses it and emacs is no friend with double slashing.
+
+
+ * lib/kafs/afssys.c (k_afsklog_all_local_cells): Now should return
+ correct value.
+
+Sun Aug 25 1996
+
+ * Release 0.9.2.
+
+Sat Aug 24 1996
+
+ * lib/roken/hstrerror.c: Check for h_errlist prototype.
+
+Thu Aug 22 1996
+
+ * lib/krb/send_to_kdc.c, etc/services.append, server/kerberos.c:
+ Changed `kerberos' to `kerberos-iv' now that it has been
+ registered with IANA.
+
+ * man/rshd.8, man/rlogind.8: updated documentation of `-a'
+
+ * lib/roken/roken.h: Added declaration of `h_errno'
+
+ * kuser/Makefile.in: Link kdestroy with KRB_KAFS_LIB
+
+ * appl/kauth/kauth.h: Stupid declarations for syslog.
+
+ * appl/kauth/kauthd.c: syslog errors and success.
+
+ * include/protos.H: Removed `h_errno', now in roken.h Declare
+ `getusershell' under solaris.
+
+ * configure.in, acconfig.h: Figure out if we have to declare
+ `h_errno'.
+
+ * appl/ftp/ftp/kauth.c: Added support for afs_string_to_key.
+
+Wed Aug 21 1996
+
+ * lib/kafs/afssys.c: Look for AFS database servers in dns also.
+
+ * lib/kafs/afssys.c: Add support for a ~/.TheseCells-file.
+
+Sun Aug 18 1996
+
+ * appl/bsd/rlogind.c: Removed unused `check_all' variable. Use
+ `inaddr2str'.
+
+ * appl/bsd/rshd.c: Use `inaddr2str'.
+
+ * appl/bsd/iruserok.c: Removed potential buffer overrun after
+ `gethostbyaddr'.
+
+ * lib/roken/inet_aton.c: Some const-ness.
+
+ * lib/roken/Makefile.in: Add `inaddr2str.o'.
+
+ * appl/ftp/ftpd/ftpd.c: Use `inaddr2str'.
+
+ * lib/roken/inaddr2str.c, lib/roken/roken.h: New function
+ `inaddr2str' to convert an IP address into a verified hostname or
+ a string of the form x.y.z.a
+
+ * lib/krb/{krb_locl.h, krb.h, k_name_to_name.c, k_getsockinst.c,
+ getrealm.c}: Some const-ness.
+
+ * appl/bsd/bsd_locl.h: Removed another prototype for `crypt'.
+
+ * appl/kpopper/popper.h: Some const-ness to get rid of a warning.
+
+ * appl/bsd/rshd.c: Always check reverse mapping. Removed
+ `local_domain' and `top_domain'. Added some const-ness.
+
+Sat Aug 17 1996
+
+ * include/Makefile.in: Removed VPATH. With it this makefile does
+ not work correctly.
+
+ * lib/krb/rw.c, lib/krb/krb_locl.h: Changed parameters to
+ `krb_{get,put}'-functions to void *.
+
+ * include/protos.H: Add `getusershell' in solaris.
+
+ * appl/kauth/kauthd.c, appl/bsd/{rlogin.c,rlogind.c}: Less
+ warnings because of arguments to `setsockopt'.
+
+ * lib/roken/roken.h: Fixed prototype of `inet_aton'
+
+Wed Aug 14 1996
+
+ * lib/roken/verify.c: Use <crypt.h> if there is one.
+
+ * lib/kafs/Makefile.in: AFS_EXTRA_LIBS is always called
+ `afslib.so'. Otherwise some makes get upset when there is no such
+ library to be made.
+
+ * appl/telnet/telnetd/telnetd.h: <protos.h> are needed to get
+ prototype for `ptsname'.
+
+ * appl/bsd/rlogind.c, appl/kpopper/pop_dropinfo.c,
+ appl/telnet/libtelnet/{auth.h,enc_des.c,kerberos.c},
+ appl/telnet/telnet/utilities.c, appl/telnet/telnetd/{sys_term.c,
+ telnetd.h, kadmin/admin_server.c, kuser/klist.c,
+ lib/kdb/{krb_cache.c, krb_dbm.c}, lib/krb/{fgetst.c, getst.c,
+ log.c, tf_util.c}: Include type `int' on all definitions and
+ remove unnecessary `register'.
+
+ * appl/bsd/login_access.c: Fix parameter declaration to
+ `netgroup_match'.
+
+ * appl/bsd/forkpty.c, include/protos.h: s/__sgi__/__sgi//g
+
+ * admin/kdb_util.c: Use `errno' for error message instead of
+ uninitialized variable.
+
+Tue Aug 13 1996
+
+ * appl/kauth/rkinit.c: Default port should be the same in kauth
+ and kauthd.
+
+Sun Aug 11 1996
+
+ * configure.in: Added `AC_REVISION'
+
+ * slave/kpropd.c: Cleaned up structure. Now returns useful value.
+
+ * lib/roken/verify.c: Broken OSes need declartion of `crypt'.
+
+ * lib/roken/roken.h: Added prototype for `verify_unix_user'.
+
+ * lib/krb/lsb_addr_comp.h: Added prototype for `lsb_time'.
+
+ * lib/krb/{get_admhst.c, get_default_principal.c, get_krbhst.c,
+ get_krbrlm.c, getrealm.c, realm_parse.c} : Check for buffer
+ overwrite correctly.
+
+ * lib/krb/rw.c, lib/krb/krb_locl.h: Prepended `krb_' to `get_int',
+ `put_int', `get_address', `put_address', `put_string',
+ `get_string', `get_nir', and `put_nir'. Changed all callers.
+
+ * lib/kdb/krb_db.h: Added prototype for `kerb_delete_principal'
+ and `kerb_db_delete_principal'.
+
+ * lib/kadm/kadm_cli_wrap.c: Removed unused variable.
+
+ * appl/telnet/telnetd/telnetd.c: Changed bogus `strncpy' to
+ `strcpy'.
+
+ * appl/bsd/su.c: Fixed error messages from execv.
+
+ * appl/bsd/rlogin.c: Fixed potential buffer overrun when reading
+ "TERM".
+
+Thu Aug 8 1996
+
+ * appl/telnet/telnet/commands.c, appl/kauth/rkinit.c: Replaced
+ `herror' by `hstrerror'.
+
+ * appl/bsd/login.c: chmod the tty so that it is writable for group
+ tty.
+
+ * configure.in: Use AC_FIND_IF_NOT_BROKEN for herror and
+ hstrerror.
+
+ * aclocal.m4: New macro `AC_FIND_IF_NOT_BROKEN'
+
+ * config.guess: Add 686
+
+Tue Aug 6 1996
+
+ * lib/krb/getrealm.c: Fallback for `T_TXT'
+
+ * configure.in: Look for `res_search' and `dn_expand' in
+ libresolv.
+
+Mon Aug 5 1996
+
+ * */Makefile.in: Add Id to those missing it.
+
+ * configure.in: Small fix in comment.
+
+
+ * Release 0.9.1.
+
+
+ * appl/ftp/ftpd/ftpcmd.y: s/timeout/ftpd_timeout/
+
+ * appl/kstring2key/kstring2key.c: `usage' changed to void.
+
+ * lib/krb/mk_req.c: `build_request' changed to void.
+
+ * appl/ftp/ftp/ftp_locl.h: Changed order of includes.
+
+ * appl/bsd/login.c, appl/ftp/ftpd/*: s/timeout/login_timeout/
+
+ * lib/kafs/afssysdefs.h: undef AFS_SYSCALL if we are defining it.
+
+Sun Aug 4 1996
+
+ * lib/kafs/afssys.c: AIX systems will now correctly (I hope)
+ detect whether AFS is loaded or not. This is currently a bit
+ kludgy, and involves loading an external shared library,
+ afslib.so, which can be put in athena/lib or pointed to with
+ environment variable AFSLIBPATH. This is only tested on AIX 4
+ (due to lack of an AIX 3 system).
+
+
+ * lib/krb/getrealm.c: Range-check the result from the DNS.
+
+ * lib/krb/get_krbrlm.c: Try to use the DNS to find out which realm
+ this host belongs to.
+
+ * kadmin/ksrvutil_get.c: Fixed error message.
+
+
+ * lib/kafs/*: Fix aix/afs brokenness.
+
+ * lib/kadm/kadm_stream.c (stv_string): Range check.
+
+Fri Jul 26 1996
+
+ * appl/ftp/common/{ftp,ruserpass}.c: Less bogus domain name
+ handling.
+
+Mon Jul 22 1996
+
+ * lib/krb/mk_req.c: Use encrypt_ktext()
+
+ * configure.in, lib/kafs/afssys.c: Add option to exclude AFS
+ support (this is useful only on AIX systems that doesn't have
+ AFS).
+
+ * configure.in: Removed configuration from subdirectories.
+
+Sat Jul 13 1996
+
+ * appl/ftp/ftp/extern.h, appl/ftp/ftp/ftp.c: Substitute `struct
+ fd_set' with `fd_set'.
+
+Mon Jul 8 1996
+
+ * Makefile.in: install should depend on all.
+
+Sun Jul 7 1996
+
+ * appl/bsd/su.c: Allow root to set the uid without entering a
+ password.
+
+Fri Jul 5 1996
+
+ * lib/krb/getrealm.c: Add automatic dns realm search.
+
+Thu Jul 4 1996
+
+ * lib/krb/log.c (krb_log): Renamed k_log(...) to krb_log(...) for
+ compatibility with CNS. There is still a #define k_log krb_log.
+
+ * util/et/et_list.c: Hack to resolve _et_list in shared libraries.
+
+Fri Jun 28 1996
+
+ * appl/bsd/rlogin.c (reader): If after a select rlogin fails to
+ read expected OOB data try to read ordinary data before continuing.
+
+ * appl/bsd/rlogin.c (oob_real): SunOS5 tty race kludge.
+
+ * appl/bsd/rlogind.c: Cleanup oobdata stuff.
+
+Thu Jun 27 1996
+
+ * appl/bsd/login.c (main): Also check for complete tty name with
+ `rootterm'.
+
+ * lib/krb/check_time.c: New function `krb_check_tm'.
+
+ * lib/roken/tm2time.c: New function `tm2time', mktime generalized
+ to local timezone and UTC.
+
+ * kadmin, admin: Use `tm2time' and `krb_check_time' instead of
+ `maketime'.
+
+Tue Jun 25 1996
+
+ * lib/krb/mk_priv.c (krb_mk_priv): Send correct address.
+
+ * appl/kauth/kauthd.c: Set ticket file to some sane default, and
+ add -i debugging switch.
+
+Mon Jun 24 1996
+
+ * appl/xnlock, appl/kauth, appl/telnet/telnetd: Use BINDIR and not
+ `/usr/athena/bin'.
+
+Wed Jun 19 1996
+
+ * appl/bsd/rlogin.c: consistent usage of oob_real.
+
+ * appl/bsd/rlogind.c: Do not send oob garbage when running
+ solaris? Seems that linux is unable to handle the duplicate
+ urgent data that is the result.
+
+ * appl/bsd/rlogind.c: Fix usage.
+
+ * appl/bsd/kcmd.c: Don't F_SETOWN.
+
+Mon Jun 17 1996
+
+ * lib/krb/rw.c: Add get_address() and put_address().
+
+
+ * appl/telnet/telnetd/telnetd.c: updated usage
+
+ * appl/bsd/su.c: Replaced getpass by des_read_pw_string
+
+ * appl/bsd/forkpty.c (ptym_open): Removed unused `ptr2'.
+
+ * appl/bsd/rlogind.c: Removed unused functions and made others
+ static.
+
+Sun Jun 16 1996
+
+ * Release 0.9.
+
+
+ * appl/ftp/ftpd/ftpd.c: Don't just send data in plain when doing
+ NLST.
+
+
+ * configure.in: test for setresgid.
+
+ * kadmin/ksrvutil_get.c: Fixed byte manipulations of keys.
+
+Sat Jun 15 1996
+
+ * lib/des/rnd_keys.c (des_rand_data): At least `srandom'.
+
+ * appl/ftp/ftp/cmds.c: Support longer passwords when retrying
+ login.
+
+ * kadmin/admin_server.c, man/kadmind.8, kth-krb.texi: Reading key
+ file from file is now the default. Use `-m' to enter it manually.
+ `-n' is currently a no-op.
+
+ * appl/ftp/ftpd/ftpd.c: Add S/Key support.
+
+ * appl/ftp/ftpd/Makefile.in: Link with S/Key.
+
+ * appl/ftp/configure.in: Test for S/key.
+
+ * configure.in, aclocal.m4: Moved skey test
+ to aclocal.m4.
+
+ * appl/bsd/login.c: Correct argument to `skeyaccess'.
+
+Fri Jun 14 1996
+
+ * lib/krb/verify_user.c: New parameter to specify service key
+ instance, NULL means "rcmd".
+
+ * lots of files: All ticket filenames uses `TKT_ROOT'.
+
+ * appl/bsd/rlogind.c: Check for uid == 0 and user != "root".
+
+Tue Jun 11 1996
+
+ * appl/kpopper/pop_init.c(pop_init): Got rid of some old ifdef'ed
+ code.
+
+ * lib/kdb/krb_dbm.c: Add macro for `dbm_delete' for the people
+ that are ndbm challenged.
+
+Mon Jun 10 1996
+
+ * lib/krb/kname_parse.c: Got rid of duplicate defintions.
+
+ * appl/ftp/ftp/ruserpass.c: Get hostname even if user has no
+ '.netrc' file.
+
+
+ * lib/kadm, lib/kdb, kadmin: Add database delete operation.
+
+ * lib/krb/kname_parse.c: Allow dots in instances.
+
+
+ * appl/bsd/rlogind.c (logwtmp): Only define `logwtmp' if it does
+ not exist. Log more garbage.
+
+Sun Jun 9 1996
+
+ * appl/telnet/configure.in: Check for `logwtmp'.
+
+ * appl/ftp/configure.in: Use `AC_FUNC_MMAP'
+
+
+ * appl/bsd/forkpty.c: Removed all ugly pty search stuff from
+ ptym_open().
+
+ * configure.in: Modified the creation of version.h, now actually
+ shows up with ident.It is now also slightly more keen on creating
+ a new version.h.
+
+Sat Jun 8 1996
+
+ * lib/roken/verify.c: <stdio.h> for NULL.
+
+ * appl/xnlock/xnlock.c (leave): Call XCloseDisplay, otherwise
+ screen saver changes are not updated before closing the X
+ connection.
+
+
+ * appl/bsd/utmp_login.c: Remove tty-prefix from ut_id; this field
+ is usually very short.
+
+Fri Jun 7 1996
+
+ * slave/kpropd.c: Add option -m to merge rather then load
+ database.
+
+Thu Jun 6 1996
+
+ * admin/kdb_util.c: Add a merge operation. (One day it might be
+ used to propagate only patches to the database)
+
+Wed Jun 5 1996
+
+ * appl/kpopper: Support both POP3 and KPOP3.
+
+ * appl/xnlock/xnlock.c: Use `verify_unix_user'
+
+ * lib/roken/verify.c: verify_unix_user: New function from xnlock
+ for checking passwd in `/etc/passwd'.
+
+ * appl/telnet/telnetd/sys_term.c: gettimeofday buglet
+
+
+ * slave/kpropd.c: Rewrite of kpropd.
+
+ * admin/kdb_util.c: Sanity check on input to load_db.
+
+ * slave/kpropd.c: Use default value for fname.
+
+ * slave/kprop.c: Use some sane default values for data_file and
+ slaves_file.
+
+ * admin/kdb_util.c: If there isn't any database when loading,
+ create an empty one.
+
+Mon Jun 3 1996
+
+ * appl/telnet/telnetd/sys_term.c: Somewhat changed the way utmpx
+ entries are created. It should now work on both Solaris and IRIX,
+ without stale login information.
+
+Sat Jun 1 1996
+
+ * lib/krb/k_gethostname.c (k_gethostname): Fallback.
+
+ * lib/krb/send_to_kdc.c (send_to_kdc),
+ kadmin/kadm_ser_wrap.c (kadm_ser_init),
+ slave/kprop.c (prop_to_slaves),
+ slave/kpropd.c (main): Use `k_getportbyname'.
+
+Fri May 31 1996
+
+ * Lots of files: more #includes ifdefad and cleaned up.
+
+Thu May 30 1996
+
+ * Lots of files: Replaced bcopy/bzero/bcmp with
+ memcpy/memset/memcmp.
+
+
+ * lib/krb/get_default_principal.c: Use getlogin() if it is the BSD
+ variant that actually gives some information.
+
+ * lib/krb/create_ticket.c: Write correct address byteorder.
+
+ * lib/kadm/kadm_stream.c,kadm_cli_wrap.c: Don't assume int32_t is
+ four bytes.
+
+ * kadmin/kpasswd.c: Allow principal without -n.
+
+ * kadmin/kadmin.c: Use krb_get_default_principal.
+
+ * appl/ftp/ftpd/ftpd.c: Fix bare newline bug.
+
+ * appl/bsd/rlogind.c: Add -i and -p options to start rlogind from
+ command line (for debugging).
+
+ * INSTALL: Rewritten.
+
+Wed May 29 1996
+
+ * appl/ftp/ftp/krb4.c: Handle different sizes of returned
+ checksum.
+
+
+ * appl/bsd/Makefile.in: Don't install login setuid.
+
+Fri May 24 1996
+
+ * appl/bsd/rsh.c: Don't run away yelling if someone calls you
+ `remsh'.
+
+Sun May 19 1996
+
+ * lib/krb/kdc_reply.c: Remove unused function decrypt_tkt. Sanity
+ check on decrypted ticket.
+
+Wed May 15 1996
+
+ * server/kerberos.c: Should work with the new libkrb
+
+ * appl/kip: Support more than one tunnel device.
+
+
+ * lib/krb/*.c: All functions that create or decode kerberos
+ packets have been rewritten. Hopefully, everything still
+ works. This is to eliminate problems with wierd systems, like
+ Crays, that doesn't have any two or four byte integers. Some of
+ these changes could be a lot more pretty, and *many* assumptions
+ that sizeof(int32) == 4 still exist in the rest of the code,
+ though.
+
+ As a side effect, all packets sent are now in network byte order.
+
+Mon May 13 1996
+
+ * configure.in: Shared libraries for Irix
+
+
+ * Several fixes for UNICOS.
+
+ * appl/ftp/ftp/krb4.c: Allow default data protection level through
+ a "prot level" in .netrc. This really should be done in a more
+ useful manner.
+
+Sun May 12 1996
+
+ * appl/xnlock/xnlock.c: Cleaned up user verification code. Now
+ uses new function krb_verify_user. Also fixed a few problems with
+ the password prompt box.
+
+ * lib/krb/verify_user.c: New function krb_verify_user to verify a
+ user with kerberos.
+
+
+ * appl/kip: New program for forwarding IP packets over kerberised
+ connections using tunnel devices.
+
+ * appl/kauth/kauth.c, kadmin/ksrvutil.c: Use
+ krb_get_default_principal
+
+ * appl/bsd/rlogind.c: Do not change portnumber to host order if
+ using kerberos. This will cause the magic
+ `reverse-time-if-port-is-less-than' to fail.
+
+ * lib/des/GNUmakefile: Removed file. This file causes problem
+ when building in the source directory and when using GNU make
+ which prefers this file to the generated Makefile.
+
+ * appl/bsd/login.c: More careful when handling returned value from
+ `getspnam'.
+
+Sat May 11 1996
+
+ * lib/krb/realm_parse.c: New function to expand a non-complete
+ realm to its official name, e.g nada -> NADA.KTH.SE.
+
+ * lib/krb/get_default_principal.c: New function to guess the
+ default principal to use. Looks at any existing ticket file first,
+ then at uid/logname etc.
+
+
+ * kadmin/kadmin.c: Use kname_parse and allow different instances
+ and realms.
+
+ * lib/roken/k_getpwnam.c: New function k_getpwnam that should work
+ with and without shadow passwords.
+
+ * Lots of files: s/getpwnam/k_&/g.
+
+Tue May 7 1996
+
+ * lib/des/des_locl.h: DES library updated to version 3.23,
+ des_locl.h now includes configure.h to get HAVE_TERMIOS etc.
+
+ * lib/des/des.h: On the alpha define DES_LONG to unsigned int.
+
+
+ * kuser/kinit.c: Handle passwords longer than 16 characters.
+
+ * appl/xnlock/xnlock.c (GetPasswd): Handle longer passwords than
+ 16 characters.
+
+Sun May 5 1996
+
+ * Release 0.8.
+
+
+ * appl/ftp/ftpd/kauth.c: Klist command.
+
+
+ * appl/ftp/ftpd: Removed `-g' from calls to ls.
+
+ * appl/ftp/ftp/cmds.c (setpeer): Fix so that opening a second
+ connection to a specified port works.
+
+ * appl/telnet/telnet: Default is binary.
+
+ * appl: Now build under Ultrix.
+
+ * appl/kx: Now even builds on AIX.
+
+Sat May 4 1996
+
+ * lib/des: Now merged in libdes 3.21 on main branch.
+
+
+ * appl/ftp/ftpd/logwtmp.c: Slightly different functionality. Works
+ on systems that has more fields in struct utmp such as OSF/1.
+ Still some questions about Solaris.
+
+ * lib/krb/lsb_addr_comp.c: Now byteorder independent.
+
+
+ * appl/kx: Rewrote kx & kxd to share more code. They are also now
+ able to talk both ways.
+
+ * lib/kdb/krb_dbm.c (kerb_db_rename): Now works properly when
+ using berkeley DB.
+
+Thu Apr 25 1996
+
+ * lib/krb/get_krbrlm.c (krb_get_default_realm): New function for
+ SunOS5 compat.
+
+ * When building shared libraries link libkrb with libdes to be
+ compatible with SunOS5.
+
+ * Move lib/krb/krb_err.et to lib/kadm since it is only used there,
+ no longer need to link libkrb against libcom_err.
+
+Wed Apr 24 1996
+
+ * lib/krb/lsb_addr_comp.h: Renamed ugly lsb_addr_comp.
+
+ * Some porting to UNICOS.
+
+Tue Apr 23 1996
+
+ * Moved some junk from appl/bsd to libroken.
+
+ * lib/roken/Makefile.in (LIBNAME): Added header file roken.h for
+ library libroken.a.
+
+
+ * Add kerberized ftp.
+
+ * Add libroken.
+
+Mon Apr 22 1996
+
+ * appl/kauth/kauth.c: When commands are given to kauth, a new
+ ticket file is used.
+
+Sat Apr 20 1996
+
+ * appl/xnlock/xnlock.c: Fixed a potential overwrite bug. Also
+ works with more than one screen, only fancy stuff on screen 0,
+ though.
+
+Fri Apr 19 1996
+
+ * appl/bsd/login.c, su.c, rshd.c, rlogind.c: Syslog and abort when
+ getpwnam returns uid == 0 but user is not root. This is usually
+ the result of an attack on NIS (former YP).
+
+Wed Apr 17 1996
+
+ * kadmin/ksrvutil.c (get_key_from_password): Support for
+ generating AFS keys. From <flag@it.kth.se>
+
+Sun Apr 14 1996
+
+ * appl/kx: New program for forwarding a X connection.
+
+Mon Apr 8 1996
+
+ * appl/bsd/rsh.c (get_shell_port): Default port number for ekshell
+ changed from 2106 to 545.
+
+ * appl/bsd/login.c (doremotelogin): Remove terminal speed from the
+ value of $TERM in the case of an ancient rlogind being used.
+
+Thu Apr 4 1996
+
+ * lib/kafs/afssys.c (k_afsklog): Try to read from
+ /usr/vice/etc/TheseCells for list of cells we should try to obtain
+ tokens for.
+
+ * appl/kauth/kauth.c (renew): Use cell even when renewing.
+
+ * appl/kauth/kauth.c, appl/xnlock/xnlock.c: Always call k_afsklog
+ with realm == NULL.
+
+
+ * lib/kafs/afssys.c: More thorough guessing of what realm a cell
+ belongs to.
+
+Wed Apr 3 1996
+
+ * appl/bsd/login.c: If setuid() failes and not logging in as root,
+ exit.
+
+Tue Apr 2 1996
+
+ * server/kerberos.c: Set name, inst, and realm to NULL in
+ APPL_REQUEST, error replies tend to look a bit funny otherwise.
+
+Thu Mar 28 1996
+
+ * appl/bsd/iruserok.c (iruserok): Imported iruserok() FreeBSD.
+
+Tue Mar 26 1996
+
+ * lib/des/Makefile.in: Removed enc_read.c enc_writ.c.
+
+ * appl/bsd/Makefile.in: New file with the old functions from
+ libdes.
+
+
+ * appl/bsd/utmp_login.c: Fixed (hopefully) double utmp-entries in
+ Solaris. Only put entries in one of utmp/utmpx, since they both
+ get updated by putut*ent() anyway.
+
+Mon Mar 25 1996
+
+ * kuser/klist.c (main): Use verbose option (-v) to list key
+ version numbers.
+
+
+ * Release 0.7.
+
+Sun Mar 24 1996
+
+ * appl/bsd/rlogin.c (doit): Moved signal junk (as far as possible)
+ to doit().
+
+
+ * configure.in: Check for getmsg with AC_TRY_RUN instead.
+ Otherwise it fails under AIx 3.2. Now rlogind works on this
+ so-called OS. Also cache value of berkeley db check.
+
+
+ * lib/kdb/krb_kdb_utils.c: New experimental masterkey generation,
+ enabled with --enable-random-mkey. This makes kdb_init et al
+ generate random master keys, based on random input from the
+ user. This comes in a package with auto-kstash, and possibility to
+ enter lost master keys as base64.
+
+ Moved default master key file from /.k to
+ /var/kerberos/master-key, override with --with-mkey=file.
+
+
+ * kadmin/kadmin.c (do_init): Handle the `-t' option to kadmin,
+ meaning do not get a new ticket file. (From CNS).
+
+Fri Mar 22 1996
+
+ * appl/xnlock/xnlock.c: Removed some dead code, and a few unused
+ header files.
+
+
+ * kadmin/pw_check.c (kadm_pw_check): If kadm_pw_check()
+ fails *pw_msg can't be 0! At the very least use the
+ empty string but a descriptive error-message is preferred.
+
+ * libtelnet: add nonbroken signal() function.
+
+Wed Mar 20 1996
+
+ * appl/kpopper/pop_pass.c (pop_pass): Use kuserok to determine if
+ user is allowed to fetch mail.
+
+ * appl/kpopper/*. Got rid of some ugly codes and some warnings.
+
+ * appl/bsd/Makefile.in: signal.o was not included in OBJECTS,
+ which made strange makes not doing what they should.
+
+ * configure.in, appl/kpopper/popper.h, appl/bsd/pathnames.h: Now
+ should work on systems that do not have mail spool files in
+ /var/spool/mail. Looks for MAILDIR or _PATH_MAILDIR, usually from
+ <paths.h> or <maillock.h>. Defaults to /var/spool/mail.
+
+Mon Mar 18 1996
+
+ * appl/bsd/bsd_locl.h: TIOCPKT for those systems missing it.
+
+Fri Mar 15 1996
+
+ * lib/kafs/kafs.h: Use <sys/ioctl.h> instead of <sys/ioccom.h>
+
+ * appl/bsd/rshd.c (doit): Don't set environ, send it as an
+ argument to execle instead.
+
+ * lib/kafs/kafs.h: Find definition of _IOW.
+
+ * configure.in: Check for random.
+
+ * appl/bsd/bsd_locl.h: Including <crypt.h> gives too many conflicts.
+
+ * appl/afsutil/pagsh.c: Check for random.
+
+Thu Mar 14 1996
+
+ * appl/bsd/bsd_locl.h, appl/telnet/telnetd/defs.h: Default values
+ of `TIOCPKT_FLUSHWRITE' & c:o.
+
+ * appl/telnet/telnet{,d}/Makefile.in (telnetd): Change order of
+ linking in libraries.
+
+ * configure.in: Check for interesting functions in libsocket and
+ libnsl and not strange soriasis inventions.
+
+Wed Mar 13 1996
+
+ * appl/bsd/bsd_locl.h (fatal): Only use prototype or iruserok if
+ the function does not exist.
+
+Mon Mar 11 1996
+
+ * lib/krb/krb_err_txt.c (krb_get_err_text): Changed name of
+ krb_err_msg to krb_get_err_text(int) to be compatible with the CNS
+ distribution. This function is used for instance by CVS-1.7.
+
+Sun Mar 10 1996
+
+ * configure.in, appl/Makefile.in: removed rkinit
+
+ * etc/inetd.conf.changes, etc/services.append: Added kauth.
+
+ * appl/kauth: Integrated rkinit into kauth.
+
+ * appl/kauth/kauth.c (main): Only look for principal name if no -p
+ has been given.
+
+ * lots of files: prototypes and other small fixes.
+
+ * appl/bsd/sysv_shadow.h: spwd multiple defined.
+
+ * appl/bsd/bsd_locl.h: include <crypt.h>
+
+ * configure.in: Added afsutil and rkinit.
+
+ * */Makefile.in: Do cd $$i && $(MAKE). Otherwise, if cd fails you
+ end up with an infinite recursion.
+
+ * kuser/klist.c (display_tktfile): Another warning removed.
+
+Tue Mar 5 1996
+
+ * appl/bsd/forkpty.c (forkpty): Kludge for Ultrix, rlogind now
+ works properly also under this system.
+
+
+ * appl/afsutil: New aklog and pagsh
+
+
+ * lib/krb/krb_equiv.c (krb_equiv): Fix bugs with '\\'.
+
+ * lib/des/rnd_keys.c: Include <sys/time.h>.
+
+Mon Mar 4 1996
+
+ * appl/kauth/kauth.c (main): Handle name when given after options.
+
+Sun Mar 3 1996
+
+ * appl/rkinit/rkinit.c (getalladdrs): Check for herror. Solaris
+ apparently does not have any.
+ (main): Use memset instead of bzero.
+
+ * appl/rkinit/rkinitd.c (decrypt_remote_tkt): bcopy -> memcpy.
+
+ * kuser/kinit.c (main): Corrected lifetime.
+
+ * lib/krb/krb_equiv.c (krb_equiv): Now handles longer lines,
+ continuation lines and addresses of the form 193.10.156.0/24.
+
+
+ * kuser/Makefile.in (kdestroy): Link kdestroy with libkafs.
+
+Wed Feb 28 1996
+
+ * Replaced all occurencies of krb_err_txt[] with new function
+ krb_err_msg(), that does some sanity checks before indexing
+ krb_err_txt.
+
+Mon Feb 26 1996
+
+ * appl/telnet/telnetd: Added flags -z to have telnetd log
+ unauthenticated logins, such as when using an old telnet
+ client. Unfortunately in most of these cases, the user name is not
+ known.
+
+ There should also be a way to tell the difference between bad
+ authentication (such as with expired tickets) and no attempt to
+ provide authentication (such as with an old client).
+
+Sun Feb 25 1996
+
+ * kuser/kdestroy.c: Remove afs-tokens as well as tickets, -t flags
+ added to prevent this.
+
+Thu Feb 22 1996
+
+ * appl/rkinit/rkinitd.c (doit): Use k_getsockinst to make it work
+ correctly for multi-homed hosts.
+
+ * appl/rkinit: New program with rkinit functionality.
+
+ * lib/krb/k_getport.c: Function for finding port in /etc/services
+ with fallback.
+
+ * lib/krb/netread.c,netwrite.c (krb_net_{read,write}): Now correct
+ prototype with void * and size_t.
+
+Wed Feb 21 1996
+
+ * kadmin/new_pwd.c (get_pw_new_pwd): Moved get_pw_new_pwd to
+ seperate file. Now called both from kadmin and kpasswd.
+
+ * kadmin/pw_check.c (kadm_pw_check): Handle the case of no
+ password provided. This is really a policy decision. The server
+ should be able to say `use a client that sends the password'.
+
+ * appl/bsd/rlogind.c (local_domain): MAXHOSTNAMELEN -> MaxHostNameLen.
+
+Sun Feb 18 1996
+
+ * appl/bsd/rcp.c (answer_auth): Made rcp multihome aware.
+
+ * appl/bsd/rlogind.c (do_krb_login): Made rlogind multihome aware.
+
+ * appl/bsd/rshd.c (doit): Made rshd multihome aware.
+
+ * lib/krb/k_getsockinst.c (k_getsockinst): New function to figure
+ out the instance name of interfaces on multihomed hosts. Use this
+ function when making daemons multihome aware.
+
+ * appl/telnet/libtelnet/kerberos.c (kerberos4_is): Made telnetd
+ multihome aware.
+
+Mon Feb 12 1996
+
+ * Release 0.6.
+
+Sun Feb 11 1996
+
+ * lots of files: hacks to make it all compile.
+
+ * configure.in, appl/telnet/configure.in: More broken AIX.
+
+
+ * appl/bsd/bsd_locl.h: Fix for old syslogs (as in Ultrix).
+
+
+ * appl/telnet/libtelnet/encrypt.c: encrypt_verbose by default.
+
+
+ * appl/telnet/libtelnet/kerberos.c: Show difference between
+ MUTUAL and ONE_WAY KERBEROS4.
+
+ * appl/telnet/libtelnet/encrypt.c:
+ Print message about not encrypting when receiving WONT or DONT encrypt.
+
+
+ * configure.in: Automatic check for HAVE_NEW_DB.
+
+
+ * lib/krb/getaddrs.c (k_get_all_addrs): Fixed for systems with
+ SOCKADDR_HAS_SA_LEN, aka 4.4BSD-based.
+
+ * appl/telnet/telnetd/global.c: Removed some multiple defined
+ variables.
+
+ * appl/bsd/rlogind.c (cleanup): ifndef HAVE_VHANGUP.
+
+ * appl/bsd/sysv_shadow.h: Add DAY and DAY_NOW ifndef.
+
+ * configure.in: Check if `struct sockaddr' has `sa_len'.
+
+Sat Feb 10 1996
+
+ * appl/telnet/telnetd/telnetd.c (recv_ayt): pty -> ourpty.
+
+ * appl/bsd/bsd_locl.h: More include-files: <sys/uio.h> and <userpw.h>
+
+ * appl/kpopper/popper.c (catchSIGHUP): Got rid of some warnings.
+
+ * lib/krb/log.c (new_log): Yet another year 2000.
+
+ * appl/bsd/sysv_environ.c (read_etc_environment): Support setting
+ environment variables from /etc/environment.
+
+ * appl/bsd/bsd_locl.h: <usersec.h>
+
+ * configure.in: check for setpcred, libs.a and <usersec.h>.
+
+ * appl/bsd/login.c (main): setpcred is used on AIX.
+
+ * appl/bsd/rshd.c (doit): Added setpcred for AIX.
+
+ * lib/krb/getaddrs.c: <sys/sockio.h> is sometimes needed.
+
+ * admin/kdb_init.c (main): Now verifies master key.
+
+ * lib/kdb/krb_kdb_utils.c (kdb_get_master_key): Added possibility
+ of asking for verfication.
+
+ * appl/bsd/bsd_locl.h: Try to include <sys/stream.h>
+
+ * appl/telnet/telnetd/utility.c (printsub): Mismatch arguments.
+
+ * lib/krb/send_to_kdc.c (send_to_kdc): Send to all A records and
+ accept an answer from anything we have sent to.
+
+ * appl/kauth/kauth.c (renew): Use strange return types for strange
+ OSes.
+ (doexec): Remove tokens.
+
+ * server/kerberos.c (main): Uses k_get_all_addrs and binds to each
+ of these addresses.
+
+ * kadmin/ksrvutil_get.c (ksrvutil_get): Added support for
+ specifying key to create on command line to get.
+
+Wed Feb 7 1996
+
+ * lib/krb/log.c (k_log): Now using YYYY for years.
+
+ * lib/krb/klog.c (klog): Preparing for the year 2000.
+
+ * kuser/kinit.c (main): Added option -p to get changepw-tickets.
+
+ * lib/krb/getaddrs.c: New file to get all the addresses of all the
+ interfaces on this machine.
+
+Tue Feb 6 1996
+
+ * configure.in: Support for S/Key in login.c. Use --with-skeylib
+ switch to configure. The code assumes that the skeylib.a comes
+ from logdaemon.
+
+ * General support for shadow password files if there is an
+ shadow.h.
+
+ * appl/bsd/su.c: Arrange so that it supports shadow passords.
+
+Sun Feb 4 1996
+
+ * appl/telnet/*: Hacks to make it work on strange OSes.
+
+ * appl/bsd/bsd_locl.h: Check for sys/ptyvar.h
+
+ * appl/telnet/configure.in (telnet_msg): sys/str_tty.h, sys/uio.h
+
+ * configure.in: test for crypt.h and sys/ptyvar.h
+
+ * appl/telnet/telnetd/*.c: pty -> ourpty.
+
+
+ * telnetd: Changes to make more systems work better, specifically
+ AIX 4. Hopefully this will work on both STREAM and BSD
+ systems. Not tested on some systems, like CRAY and Linux.
+
+
+ * util/ss/mk_cmds.c: Generating cleaner code.
+
+ * lib/krb/krb_err_txt.c (krb_err_txt): Clarification.
+
+ * kadmin/admin_server.c: Less varnings.
+
+ * appl/xnlock/xnlock.c: Changed some types and added some casts.
+
+ * appl/movemail/movemail.c: Not using syswait.h anymore.
+
+ * appl/xnlock/xnlock.c: God rid of some warnings.
+
+ * util/ss/*.[ch]: cleanup
+
+ * util/et/*.[ch]: cleanup
+
+ * appl/bsd/rcp.c: Less warnings.
+
+ * kadmin/admin_server.c (kadm_listen): Get rid of another warning.
+
+ * kadmin/pw_check.c (kadm_pw_check): Support for letting cracklib
+ check the quality of the password.
+
+ * kadmin/pw_check.h (kadm_pw_check): New argument to
+ kadm_pw_check: list of useful strings to check for.
+
+ * kadmin/kadm_server.c (kadm_ser_cpw): Send a few `useful' strings
+ to kadm_pw_check (name, instance, and realm).
+
+ * kadmin/Makefile.in (kadmind): Linking with -lcrack.
+
+ * configure.in: Support for --with-cracklib and --with-dictpath.
+
+ * kadmin/ksrvutil_get.c: Now seems to be working.
+
+ * kadmin/ksrvutil.h: Some new parameters.
+
+ * kadmin/ksrvutil.c: Some reorganisation and uses a working
+ ksrvutil_get.
+
+ * appl/movemail/movemail.c: Some more include-files.
+
+ * appl/bsd/rlogind.c: Testing for the existence of vhangup.
+
+Wed Jan 31 1996
+
+ * configure.in: Massaged the configure files so that we can build
+ under NEXTSTEP 3.3. Some kludges to prevent cpp bugs and link
+ errors where also neccessary.
+
+Tue Jan 30 1996
+
+ * appl/xnlock/xnlock.c (main): Improved user feedback on password
+ input.
+
+ * appl/xnlock/xnlock.c: Applied patch made by flag@it.kth.se that
+ enables C-u to erase the password field.
+
+ * lib/krb/lifetime.c: configure now creates a version string which
+ is referenced here. Use what and grep version to figure out where,
+ when and by whom binaries where created.
+
+ * appl/bsd/forkpty.c (ptys_open): Call revoke before pty slave is
+ opened. Add revoke using vhangup for those system lacking revoke.
+ Also call vhangup when rlogind exits.
+
+Mon Jan 29 1996
+
+ * lib/krb/send_to_kdc.c (send_to_kdc): Removed kludge for SunOS
+ 3.2 and Ultrix 2.2 that prevented multihomed kerberos servers to
+ operate correctly.
+
+ * kadmin/kadmin.c (change_key): Add new subcommand change_key so
+ that it is possible to enter keys in the DB on binary form. Most
+ usefull for sites running AFS.
+
+Fri Jan 26 1996
+
+ * appl/bsd/su.c (koktologin): New option -i root-instance. If you
+ want a user.afs ticket in a root shell and user.afs is on root's
+ ACL then do a "su -i afs".
+
+ * Makefile.in: Rearrange the order of object files to make shared
+ libraries slightly more efficient.
+
+ * appl/kauth/kauth.c (main): Always up case realm. Better error
+ messages on failed exec.
+
+Mon Jan 22 1996
+
+ * appl/bsd/rshd.c (main): New option -P to prevent rshd from using
+ a new PAG. Expert use only!
+
+ * appl/bsd/rlogind.c (doit): Avoid race when setting tty size.
+
+ * appl/bsd/rlogin.c (reader): Use select rather than horrible
+ signal hacks to handle OOB data.
+
+ * appl/bsd/login.c (main) sysv_environ.c (sysv_newenv): Login does
+ now honor the -p switch when invoked by root. This is used by
+ telnetd to export environment variables.
+
+Fri Jan 5 1996
+
+ * appl/bsd/signal.c (signal): New BSD compatible signal
+ function. Most r* applications assume reliable signals.
+
+
+ * appl/bsd/login.c (main): Check HAVE_ULIMIT.
+
+ * appl/bsd/bsd_locl.h: Include sys/ioctl.h.
+
+ * configure.in: Check for ulimit.
+
+ * admin/kdb_edit.c: Flush stdout after printing prompts.
+
+ * appl/kpopper/pop_xmit.c: Remember to include config.h.
+
+Tue Jan 2 1996
+
+ * appl/bsd/login.c (main): New function stty_default to setup
+ default tty settings.
+
+Fri Dec 29 1995
+
+ * appl/kstring2key/kstring2key.c (main): New program that converts
+ passwords to DES keys, either using des_string_to_key or
+ afs_string_to_key.
+
+ * server/kerberos.c: Kerberos server now listen on 2 ports,
+ kerberos/udp and kerberos-sec/udp.
+
+Wed Dec 27 1995
+
+ * appl/bsd/rcp.c (main): Integrated -x option to rcp. This
+ required some real horrible hacks in lib/des/enc_{read,write}.c
+
+ * acconfig.h: Enabled MULTIHOMED_KADMIN in acconfig.h.
+
+ * Add RCSID stuff to telnet files.
+
+Fri Dec 22 1995
+
+ * appl/bsd/login.c (main): The login program does now by default
+ read /etc/default/login, even on non Psoriasis systems. Unifdef
+ SYSV4, this was essentially only for prompting.
+
+Mon Dec 18 1995
+
+ * appl/kpopper/popper.c (main): Integrate default timeout of 120
+ seconds from Qualcomm popper. Timeout is also set able with -T
+ seconds.
+
+
+ * lib/kadm/kadm_cli_wrap.c (kadm_change_pw_plain): If there's no
+ password, don't even send the empty string.
+
+Thu Dec 7 1995
+
+ * lots of files: all debug messages now printed to stderr (from
+ <lama@pdc.kth.se>)
+
+ * lib/krb/tf_util.c (tf_create): New method for creating a new
+ ticket file. Remove the old old and then open with O_CREAT and
+ O_EXCL.
+
+ * server/kerberos.c, slave/kpropd.c: Some casts to get rid of warnings.
+
+ * configure.in: Added checks for unistd.h, memmove and const.
+
+ * appl/telnet/telnet/commands.c: Changed types of functions to
+ confirm with struct Command.
+
+ * appl/telnet/configure.in: Check for setpgid.
+
+ * appl/bsd/rlogin.c: Get rid of another warning.
+
+ * appl/bsd/bsd_locl.h, appl/telnet/acconfig.h: New synonym for
+ solaris.
+
+Wed Dec 6 1995
+
+ * (movemail): Now from emacs-19.30. If you have a newish emacs
+ there is no reason to use this movemail.
+
+ * (kadm): Added support for server side password checks. Hopefully
+ this is compatible with kerberos 4.10. Old kpasswd:s will give
+ funny error messages. For examples of checks, see
+ kadmin/pw_check.c. Since this is mostly political matters,
+ kadm_pw_check() should probably return KADM_SUCCESS by default.
+
+Mon Nov 27 1995
+
+ * appl/telnet/telnetd/telnetd.c (main): Kludge to fix encryption
+ problem with Mac NCSA telnet 2.6.
+
+
+ * lib/krb/stime.c: Now using YYYY for years. (2000 is soon here).
+
+ * appl/bsd/rsh.c, rcp.c, rlogin.c: Fixed fallback for port number
+ (added missing ntohs).
+
+Sun Nov 12 1995
+
+ * (many files): More ANSI/ISO 9899-1990 to the people!
+ Now actually builds (not including util) with DEC "cc -std1" and
+ Sun "acc -Xc". There are still major prototype conflicts, but
+ there isn't much to do about this.
+
+Sat Oct 28 1995
+
+ * lib/kadm/kadm_cli_wrap.c: Fallback for kerberos and
+ kerberos_master services.
+
+Fri Oct 27 1995
+
+ * Released version 0.5
+
+
+ * lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the
+ same code is used both for posix termios and others.
+
+ * rsh, rlogin: Add environment variable RSTAR_NO_WARN which when
+ set to "yes" make warnings about "rlogin: warning, using standard
+ rlogin: remote host doesn't support Kerberos." go away.
+
+Tue Oct 24 1995
+
+ * admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update):
+ Optimized so that it can handle large databases, previously a
+ 10000 entry DB would take *many* minutes, this can now be done in
+ under a minute.
+
+Sat Oct 21 1995
+
+ * Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64
+ bit machines. Source should now be free of 64 bit assumptions.
+
+ * admin/copykey.c (copy_from_key): New functions for copying to
+ and from keys. Neccessary to solve som problems with longs on 64
+ bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab.
+
+ * lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems
+ with longs on 64 bit machines.
+
+Mon Oct 16 1995
+
+ * appl/bsd/login.c (main): Lots of stuff to support Psoriasis
+ login. Courtesy of gertz@lysator.liu.se.
+
+ * configure.in, all Makefile.in's: Support for Linux shared
+ libraries. Courtesy of svedja@lysator.liu.se.
+
+ * lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno
+ = KRB_PROT_VERSION; from server kode to libkrb where it really
+ belongs.
+
+ * appl/bsd/forkpty.c (forkpty): New function that allocates master
+ and slave ptys in a portable way. Used by rlogind.
+
+ * appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the
+ same utmpx slot got used by sevral sessions. Courtesy of
+ gertz@lysator.liu.se.
+
+Wed Oct 4 1995
+
+ * util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of
+ svedja@lysator.liu.se.
+
+ * Fix the above Makefiles to work around bugs in Solaris and OSF/1
+ make rules that was triggered by VPATH functionality in the yacc
+ and lex rules.
+
+Mon Oct 2 1995
+
+ * appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg):
+ Use stdarg instead of varargs. The code is still broken though,
+ you'll realize that on a machine with 64 bit pointers and 32 bit
+ int:s and no vsprintf, let's hope there will be no such beasts ;-).
+
+ * appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems
+ have (or need) modules ttcompat and pckt so don't flag it as a
+ fatal error if they don't exist.
+
+Mon Sep 25 1995
+
+ * kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c
+ (kadm_listen): Add kludge for kadmind running on a multihomed
+ server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h
+ if you need this feature.
+
+ * appl/Makefile.in (SUBDIRS): Add applications movemail kpopper
+ and xnlock.
+
+Wed Sep 20 1995
+
+ * appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not
+ implemented yet though.
+
+Wed Sep 13 1995
+
+ * appl/xnlock/Makefile.in: Some stubs for X11 programs in
+ configure.in as well as a kerberized version of xnlock.
+
+ * appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback
+ port numbers if they can not be found using getservbyname.
+
+Tue Sep 12 1995
+
+ * appl/bsd/klogin.c (klogin): Use differnet ticket files for each
+ login so that a malicous user won't be able to destroy our tickets
+ with a failed login attempt.
+
+ * lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if
+ there is no such thing try afs@CELL instead. There is now two
+ arguments to k_afslog(char *cell, char *realm).
+
+Mon Sep 11 1995
+
+ * kadmin/admin_server.c (kadm_listen): If we are multihomed we
+ need to figure out which local address that is used this time
+ since it is used in "direction" comparison.
+
+Wed Sep 6 1995
+
+ * kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default
+ port number.
+
+ * lib/krb/send_to_kdc.c (send_to_kdc): Default port number
+ (KRB_PORT) was not in network byte order.
+
+Tue Sep 5 1995
+
+ * lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct
+ when selecting.
+
+
+Mon Sep 4 1995
+
+ * appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c:
+ Now does fallback if there isn't any entries in /etc/services for
+ klogin/kshell. This also made the code a bit more pretty.
+
+
+ * appl/bsd/login.c: Added support for lots of more struct utmp fields.
+ If there is no ttyslot() use setutent and friends.
+
+ * appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c:
+ Added extern iruserok().
+
+ * appl/bsd/iruserok.c: Initial revision
+
+ * appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis.
+
+ * appl/bsd/Makefile.in: New install
+
+ * appl/bsd/pathnames.h: Fix default path, rsh and rlogin.
+
+ * appl/bsd/rshd.c: Extend default PATH with bindir to find rcp.
+
+
+ * appl/bsd/login.c (login): If there is no ttyslot use setutent
+ and friends. Added support for lots of more struct utmp fields.
+
+ * server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h:
+ Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros.
+
+ * appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than
+ _PATH_DEF.
+
+ * appl/bsd/login.c, su.c (main): Use fallback to bourne shell if
+ running as root.
+
+ * appl/bsd/su.c (main): Update usage message to reflect that '-'
+ option must come after the ordinary options and before login-id.
+
+Sat Sep 2 1995
+
+ * appl/telnet/telnetd/telnetd.c (doit): If remote host name is to
+ long to fit into utmp try to remove domain part if it does match
+ our local domain.
+
+ (main): Add new option -L /bin/login so that it is possible to
+ specify an alternate login program.
+
+ * appl/telnet/telnet/commands.c (env_init): When exporting
+ variable DISPLAY and if hostname is not the full name, try to get
+ the full name from DNS.
+
+ * appl/telnet/telnet/main.c (main): Option -k realm was broken due
+ to a bogous external declaration.
+
+Fri Sep 1 1995
+
+ * kadmin/kadmin.c (add_new_key): Kadmin now properly sets
+ lifetime, expiration date and attributes in add_new_key command.
+
+Wed Aug 30 1995
+
+ * appl/bsd/su.c (main): Don't handle '-' option with getopt.
+
+ * appl/telnet/telnet/externs.h: Removed protection for multiple
+ inclusions of termio(s).h since it broke definition of termio
+ macro on POSIX systems.
+
+Tue Aug 29 1995
+
+ * lib/krb/lifetime.c (krb_life_to_time): If you want to disable
+ AFS compatible long lifetimes set krb_no_long_lifetimes = 1.
+
+ Please note that the long lifetimes are 100% compatible up to
+ 10h so this should rarely be necessary.
+
+ * lib/krb/krb_equiv.c (krb_equiv): If you don't want to use
+ ipaddress protection of tickets set krb_ignore_ip_address. This
+ makes it possible for an intruder to steal a ticket and then use
+ it from som other machine anywhere on the net.
+
+Mon Aug 28 1995
+
+ * kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one
+ local address. Accept request on all interfaces.
+
+ * admin/kdb_edit.c (change_principal): Don't accept illegal
+ dates. Courtesy of gertz@lysator.liu.se.
+
+Sat Aug 26 1995
+
+ * configure.in: AIX specific libraries needed when using standard
+ libc routine getttyent, IBM should be ashamed!
+
+ * lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t
+ problem.
+
+ * Added strdup for su and rlogin.
+
+ * Fix for old syslog macros in appl/bsd/bsd_locl.
+
+Fri Aug 25 1995
+
+ * lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New
+ ifdef HAVE_NEW_DB for new databases residing in one file only.
+
+ * appl/bsd/rlogin.c (oob): Add workaround for Linux.
+
+Mon Aug 21 1995
+
+ * appl/bsd/getpass.c: New routine that reads up to 127 char
+ passwords. Used in su.c and login.c.
+
+Tue Aug 15 1995
+
+ * appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY
+ should not be used on HP-UX.
+
+Mon Aug 14 1995
+
+ * appl/bsd/rlogin.c (main): Added dummy rlogind that tells user to
+ rather use telnet.
+
+Thu Aug 10 1995
+
+ * lib/krb/ krb.h, decomp_ticket.c, getrealm.c, get_krbhst.c,
+ get_krbrlm.c, get_admhst.c:
+
+ Use multiple configuration directories for krb.conf and
+ krb.realms, KRB_CONF and KRB_REALM_TRANS macros substituted with
+ KRB_CNF_FILES and KRB_RLM_FILES. Currently /etc and
+ /etc/kerberosIV are searched. Directory specified by envioronment
+ variable KRBCONFDIR is searched first if set. No hardcoded
+ realmname or kerberos server. Instead use domainname for deafult
+ realm and kerberos.domain as kerberos server if they are not
+ listed in krb.conf and/or krb.realms. In the normal case there
+ should be no need for configuration files if administrators add a
+ CNAME pointing to the kerberos server.
+
+ * appl/bsd/Makefile.in and friends: GNU make should no longer be
+ neccessary unless building with VPATH.
+
+Wed Aug 9 1995
+
+ * appl/bsd/klogin.c (klogin): Old ticket file need to be removed
+ before we call krb_get_pw_in_tkt or we might get a Kerberos intkt
+ error because the wrong user owns the file.
+
+Tue Aug 8 1995
+
+ * configure.in : Telnet.beta2 is now official and has been moved
+ to appl/telnet.
+
+ * appl/bsd/su.c (main): Reenable -K flag, won't work if not
+ PASSWD_FALLBACK is enabled. Cosmetics for Password prompt.
+
+Fri Aug 4 1995
+
+ * appl/bsd/su.c (kerberos): Don't allow su from possibly bogous
+ kerberos server. Controlled by #ifdef KLOGIN_PARANOID.
+
+ * lib/kafs/afssys.c (SIGSYS_handler): Need to reinstall handler on
+ SYSV.
+
+Mon Jul 24 1995
+
+ * lib/kafs/afssys.c (k_afsklog): Use default realm on null argument.
+
+ * appl/bsd/rlogin.c, login.c: New programs.
+
+Fri Jul 21 1995
+
+ * appl/bsd/kcmd.c rsh.c rlogin.c: Use POSIX signals.
+
+ * appl/telnet.95.05.31.NE/telnetd/sys_term.c, telnetd.c: Port to
+ IRIX.
+
+Tue Jul 11 1995
+
+ * admin/kdb_init.c (main): Use new random generator. Dito in
+ admin/kdb_edit.c. Use master key to initialize random sequence.
+
+Mon Jul 10 1995
+
+ * kadmin/kadmin.c (get_password): Fix for random passwords.
+ Dito for admin/kdb_edit.c
+
+ * appl/kauth/kauth.c (main): Updated for krb distribution, now
+ uses new library libkafs.
+
+ * appl/telnet.beta/telnet/main.c (main): New telnet with
+ encryption hacks from ftp.funet.fi:/pub/unix/security/esrasrc-1.0.
+ Encryption does not currently work though.
+
+Tue Jun 20 1995
+
+ * New library to support AFS. Routines:
+
+ int k_hasafs(void);
+ int k_afsklog(...);
+ int k_setpag(void);
+ int k_unlog(void);
+ int k_pioctl(char *, int, struct ViceIoctl *, int);
+
+ Modified it to support more than one single entry point AFS
+ syscalls (needed by HPUX and OSF/1 when running DFS). Don't rely
+ on transarc headers or library code.
+
+ This has not been tested and will most probably need some
+ serious violence to get working under AIX. (AIX has since been
+ fixed to. /bg)
+
+Fri Jun 16 1995
+
+ * lib/krb/krb_equiv.c (krb_equiv): Compare IP adresses using
+ krb_equiv() to allow for hosts with more than one address in files
+ rd_priv.c rd_req.c and rd_safe.c.
+
+ * slave/kpropd.c (main): Fix uninitialized variables and rewind
+ file in kprop.c.
+
+Thu Jun 15 1995
+
+ * appl/bsd/rcp.c (allocbuf): Fix various bugs.
+
+ * slave/kpropd.c (main): Responder uses
+ KPROP_SERVICE_NAME.`hostname' and requestor always uses
+ KPROP_SERVICE_NAME.KRB_MASTER, i.e rcmd.kerberos in kprop/kpropd
+ protocol.
+
+Wed Jun 14 1995
+
+ * appl/bsd/rshd.c (doit): Encryption should now work both ways.
+
+Tue Jun 13 1995
+
+ * appl/bsd/pathnames.h: Fixup paths.
+
+ * server/Makefile.in and friends (install): Install daemons in in
+ libexec and administrator programs in sbin.
+
+
+ * Makefile.in: Joda (d91-jda) added install target
+
+Wed Jun 7 1995
+
+ * lib/krb/k_strerror.c: New function k_strerror() to use instead
+ of the non portable sys_errlist[].
diff --git a/crypto/kerberosIV/Makefile.in b/crypto/kerberosIV/Makefile.in
new file mode 100644
index 000000000000..afa77fbec745
--- /dev/null
+++ b/crypto/kerberosIV/Makefile.in
@@ -0,0 +1,70 @@
+# $Id: Makefile.in,v 1.30 1997/05/20 18:58:34 bg Exp $
+
+srcdir = @srcdir@
+prefix = @prefix@
+VPATH = @srcdir@
+
+SHELL = /bin/sh
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_DATA = @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+TRAVELKIT = appl/kauth/kauth kuser/klist appl/telnet/telnet/telnet \
+ appl/ftp/ftp/ftp appl/kx/kx appl/kx/rxtelnet
+
+@SET_MAKE@
+
+SUBDIRS = util include lib kuser server slave admin kadmin appl man doc
+
+all:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+check:
+ cd lib && $(MAKE) $(MFLAGS) check
+
+install:
+ $(MKINSTALLDIRS) $(prefix)
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+install-strip:
+ $(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' install
+
+uninstall:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+travelkit: all
+ $(MKINSTALLDIRS) tmp
+ for i in $(TRAVELKIT); \
+ do $(INSTALL_PROGRAM) $$i tmp; done
+ (cd tmp; tar cf ../travelkit.tar `for i in $(TRAVELKIT); do basename $$i; done`)
+ rm -rf tmp
+
+travelkit-strip:
+ $(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' travelkit
+
+TAGS:
+ find . -name '*.[chyl]' -print | etags -
+
+clean:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+mostlyclean: clean
+
+distclean:
+ $(MAKE) clean
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+ rm -f Makefile config.status config.cache config.log version.h newversion.h.in version.h.in *~
+
+realclean:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
+
+.PHONY: all install install-strip uninstall travelkit travelkit-strip clean distclean realclean mostlyclean
diff --git a/crypto/kerberosIV/NEWS b/crypto/kerberosIV/NEWS
new file mode 100644
index 000000000000..cddbb2291699
--- /dev/null
+++ b/crypto/kerberosIV/NEWS
@@ -0,0 +1,563 @@
+Minor changes in release 0.9.6:
+
+* utmp(x) works correctly on systems with utmpx.
+
+* A security-related bug in ftpd fixed.
+
+* Compiles on solaris 2.4, 2.6 and on WinNT/95 with cygwin32 beta18.
+
+* New option `-w' to rxtelnet, rxterm.
+
+Major changes in release 0.9.5:
+
+* We made some changes to be compatible with the other kerberised ftp
+ implementations and this means that an old kerberised ftp client will
+ not be able to talk to a new ftp server. So try to upgrade your ftp
+ clients and servers at the same time. The reason for this change is
+ described in more detail below.
+
+* The interpretation of /etc/ftpusers has changed slightly, see
+ ftpusers(5). These changes come from NetBSD.
+
+* The function `des_quad_cksum', which is used by `krb_rd_safe', and
+ `krb_mk_safe', has never been compatible with MIT's DES
+ library. This has now been fixed.
+
+ This fix will however break some programs that used those functions,
+ for instance `ftp'. In this version `krb_rd_safe' is modified to
+ accept checksums of both the new and the old format; `krb_mk_safe'
+ will always emit checksums of the new type *unless* `krb_rd_safe'
+ has detected that the client is using the old checksum (this feature
+ may be removed in some future release).
+
+ If you have programs that use `krb_mk_safe' and `krb_rd_safe' you
+ should upgrade all clients before upgrading your servers. Client is
+ here defined as the program that first calls `krb_rd_safe'.
+
+ If you are using some protocol that talks to more than one client or
+ server in one session, the heuristics to detect which kind of
+ checksum to use might fail.
+
+ The problem with `des_quad_cksum' was just a byte-order problem, so
+ there are no security problems with using the old versions. Thanks
+ to Derrick J Brashear <shadow@DEMENTIA.ORG> for pointing in the
+ right general direction.
+
+* Rewrote kx to work always open TCP connections in the same
+ direction. This was needed to make it work through NATs and is
+ generally a cleaner way of doing it. Also added `tenletxr'.
+ Unfortunately the new protocol is not compatible with the old one.
+ The new kx and kxd programs try to figure out if they are talking to
+ old versions.
+
+* Quite a bit of new functionality in otp. Changed default hash
+ function to `md5'. Fixed implementation of SHA and added downcasing
+ of seed to conform with `draft-ietf-otp-01.txt'. All verification
+ examples in the draft now work.
+
+* Fixed buffer overflows.
+
+* Add history/line editing in kadmin and ftp.
+
+* utmp/utmpx and wtmp/wtmpx might work better on strange machines.
+
+* Bug fixes for `rsh -n' and `rcp -x'.
+
+* reget now works in ftp and ftpd. Passive mode works. Other minor
+ bug fixes as well.
+
+* New option `-g umask' to ftpd for specifying the umask for anonymous users.
+
+* Fix for `-l' option in rxtelnet and rxterm.
+
+* XOVER support in popper.
+
+* Better support for building shared libraries.
+
+* Better support for talking to the KDC over TCP. This could make it
+ easier to use brain-damaged firewalls.
+
+* Support FreeBSD-style MD5 /etc/passwd.
+
+* New option `-createuser' to afslog.
+
+* Upgraded to work with socks5-v1.0r1.
+
+* Almost compiles and works on OS/2 with EMX, and Win95/NT with gnu-win32.
+
+* Merged in win32-telnet, see README-WIN32 for more details.
+
+* Possibly fixed telnet bug on HP-UX 10.
+
+* Updated man-pages.
+
+* Support for NetBSD/OpenBSD manual page circus.
+
+* Bug fixes.
+
+Major changes in release 0.9.3:
+
+* kx has been rewritten and is now a lot easier to use. Two new
+ scripts: rxtelnet and rxterm. It also works on machines such as
+ Cray where the X-libraries cannot talk unix sockets.
+
+* experimental OTP (RFC1938). Included in login, ftpd, and popper.
+
+* authentication modules: PAM for linux, SIA for OSF/1, and
+ afskauthlib for Irix.
+
+* popper now has the UIDL command.
+
+* ftpd can now tar and compress files and directories on the fly, also
+ added a find site command.
+
+* updated documentation and man pages.
+
+* Change kuserok so that it acts as if luser@LOCALREALM is always an
+ entry of .klogin, even when it's not possible to verify that there
+ is no such file or the file is unreadable.
+
+* Support for SRV-records.
+
+* Socks v5 support.
+
+* rcp is AFS-aware.
+
+* allow for other transport mechanisms than udp (useful for firewall
+ tormented souls); as a side effect the format of krb.conf had to
+ become more flexible
+
+* sample programs included.
+
+* work arounds for Linux networking bugs in rlogind and rlogin.
+
+* more portable
+
+* quite a number of improvments/bugfixes
+
+* New platforms: HP-UX 10, Irix 6.2
+
+Major changes in release 0.9.2a:
+
+* fix annoying bug with kauth (et al) returning incorrect error
+
+Major changes in release 0.9.2:
+
+* service `kerberos-iv' and port 750 has been registered with IANA.
+
+* Bugfixes.
+
+ - Compiles with gcc on AIX.
+
+ - Compiles with really old resolvers.
+
+ - ftp works with afs string-to-key.
+
+ - shared libraries should work on Linux/ELF.
+
+ - some potential buffer overruns.
+
+ - general code clean-up.
+
+* Better Cray/UNICOS support.
+
+* New platforms: AIX 4.2, IRIX 6.1, and Linux 2.0
+
+Major changes in release 0.9.1:
+
+* Mostly bugfixes.
+
+ - No hardcoded references to /usr/athena
+
+ - Better Linux support with rlogin
+
+ - Fix for broken handling of NULL password in kadmind (such as with
+ `ksrvutil change')
+
+ - AFS-aware programs should work on AIX systems without AFS
+
+* New platforms: Digital UNIX 4.0 and Fujitsu UXP/V
+
+* New mechanism to determine realm from hostname based on DNS. To find
+ the realm of a.b.c.d it tries to find krb4-realm.a.b.c.d and then
+ krb4-realm.b.c.d and so on. The entry in DNS should be a TXT record
+ with the realm name.
+
+ krb4-realm.pdc.kth.se. 7200 TXT "NADA.KTH.SE"
+
+Major changes in release 0.9:
+
+* Tested platforms:
+
+Dec Alpha OSF/1 3.2 with cc -std1
+HP 9000/735 HP/UX 9.05 with gcc
+DEC Pmax Ultrix 4.4 with gcc (cc does not work)
+IBM RS/6000 AIX 4.1 with xlc (gcc works, cc does not)
+SGI IRIX 5.3 with cc
+Sun SunOS 4.1.4 with gcc (cc is not ANSI and does not work)
+Sun SunOS 5.5 with gcc
+Intel i386 NetBSD 1.2 with gcc
+Intel i386 Linux 1.3.95 with gcc
+Cray J90 Unicos 9 with cc
+
+* Mostly ported to Crays running Unicos 9.
+
+* S/Key-support in ftpd.
+
+* Delete operation supported in kerberos database.
+
+* Cleaner and more portable code.
+
+* Even less bugs than before.
+
+* kpopper now supports the old pop3 protocol and has been renamed to popper.
+
+* rsh can be renamed remsh.
+
+* Experimental program for forwarding IP over a kerberos tunnel.
+
+* Updated to libdes 3.23.
+
+Major changes in release 0.8:
+
+* New programs: ftp & ftpd.
+
+* New programs: kx & kxd. These programs forward X connections over
+ kerberos-encrypted connections.
+
+* Incorporated version 3.21 of libdes.
+
+* login: No double utmp-entries on Solaris.
+
+* kafs
+
+ * Better guessing of what realm a cell belongs to.
+
+ * Support for authenticating to several cells. Reads
+ /usr/vice/etc/TheseCells, if present.
+
+* ksrvutil: Support for generating AFS keys.
+
+* login, su, rshd, rlogind: tries to counter possible NIS-attack.
+
+* xnlock: several bug fixes and support for more than one screen.
+
+* Default port number for ekshell changed from 2106 to 545. kauth
+ port changed from 4711 to 2120.
+
+* Rumored to work on Fujitsu UXP/V and Cray UNICOS.
+
+Major changes in release 0.7:
+
+* New experimental masterkey generation. Enable with
+ --enable-random-mkey. Also the default place for the master key has
+ moved from /.k to /var/kerberos/master-key. This is customizable
+ with --with-mkey=file. If you don't want you master key to be on the
+ same backup medium as your database, remember to use this flag. All
+ relevant programs still checks for /.k.
+
+* `-t' option to kadmin.
+
+* Kpopper uses kuserok to verify if user is allowed to pop mail.
+
+* Kpopper tries to locate the mail spool directory: /var/mail or
+ /var/spool/mail.
+
+* kauth has ability to get ticket on a remove host with the `-h' option.
+
+* afslog (aklog clone) and pagsh included.
+
+* New format for /etc/krb.equiv.
+
+* Better multi-homed hosts support in kauth, rcp, rlogin, rlogind,
+ rshd, telnet, telnetd.
+
+* rlogind works on ultrix and aix 3.2.
+
+* lots of bug fixes.
+
+Major changes in release 0.6:
+
+* Tested platforms:
+
+DEC/Alpha OSF3.2
+HP700 HPux 9.x
+Dec/Pmax Ultrix 4.4 (rlogind not working)
+IBM RS/6000 AIX 3.2 (rlogind not working)
+IBM RS/6000 AIX 4.1
+SGI Irix 5.3
+Sun Sunos 4.1.x
+Sun Sunos 5.4
+386 BSD/OS 2.0.1
+386 NetBSD 1.1
+386 Linux 1.2.13
+
+It is rumored to work to some extent on NextStep 3.3.
+
+* ksrvutil get to create new keys and put them in the database at the
+same time.
+
+* Support for S/Key in login.
+
+* kstring2key: new program to show string to key conversion.
+
+* Kerberos server should now listen on all available network
+interfaces and on both port 88 and 750.
+
+* Timeout in kpopper.
+
+* Support password quality checks in kadmind. Use --with-crack-lib to
+link kadmind with cracklib. The patches in cracklib.patch are needed.
+
+* Movemail from emacs 19.30.
+
+* Logging format uses four digits for years.
+
+* Fallback if port numbers are not listed in /etc/services.
+
+
+ * Relesed version 0.5
+
+ * lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the
+ same code is used both for posix termios and others.
+
+ * rsh, rlogin: Add environment variable RSTAR_NO_WARN which when
+ set to "yes" make warnings about "rlogin: warning, using standard
+ rlogin: remote host doesn't support Kerberos." go away.
+
+ * admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update):
+ Optimized so that it can handle large databases, previously a
+ 10000 entry DB would take *many* minutes, this can now be done in
+ under a minute.
+
+ * Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64
+ bit machines. Source should now be free of 64 bit assumptions.
+
+ * admin/copykey.c (copy_from_key): New functions for copying to
+ and from keys. Neccessary to solve som problems with longs on 64
+ bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab.
+
+ * lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems
+ with longs on 64 bit machines.
+
+ * appl/bsd/login.c (main): Lots of stuff to support Psoriasis
+ login. Courtesy of gertz@lysator.liu.se.
+
+ * configure.in, all Makefile.in's: Support for Linux shared
+ libraries. Courtesy of svedja@lysator.liu.se.
+
+ * lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno
+ = KRB_PROT_VERSION; from server kode to libkrb where it really
+ belongs.
+
+ * appl/bsd/forkpty.c (forkpty): New function that allocates master
+ and slave ptys in a portable way. Used by rlogind.
+
+ * appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the
+ same utmpx slot got used by sevral sessions. Courtesy of
+ gertz@lysator.liu.se.
+
+ * util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of
+ svedja@lysator.liu.se.
+
+ * Fix the above Makefiles to work around bugs in Solaris and OSF/1
+ make rules that was triggered by VPATH functionality in the yacc
+ and lex rules.
+
+ * appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg):
+ Use stdarg instead of varargs. The code is still broken though,
+ you'll realize that on a machine with 64 bit pointers and 32 bit
+ int:s and no vsprintf, let's hope there will be no such beasts ;-).
+
+ * appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems
+ have (or need) modules ttcompat and pckt so don't flag it as a
+ fatal error if they don't exist.
+
+ * kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c
+ (kadm_listen): Add kludge for kadmind running on a multihomed
+ server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h
+ if you need this feature.
+
+ * appl/Makefile.in (SUBDIRS): Add applications movemail kpopper
+ and xnlock.
+
+ * appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not
+ implemented yet though.
+
+ * appl/xnlock/Makefile.in: Some stubs for X11 programs in
+ configure.in as well as a kerberized version of xnlock.
+
+ * appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback
+ port numbers if they can not be found using getservbyname.
+
+ * appl/bsd/klogin.c (klogin): Use differnet ticket files for each
+ login so that a malicous user won't be able to destroy our tickets
+ with a failed login attempt.
+
+ * lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if
+ there is no such thing try afs@CELL instead. There is now two
+ arguments to k_afslog(char *cell, char *realm).
+
+ * kadmin/admin_server.c (kadm_listen): If we are multihomed we
+ need to figure out which local address that is used this time
+ since it is used in "direction" comparison.
+
+ * kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default
+ port number.
+
+ * lib/krb/send_to_kdc.c (send_to_kdc): Default port number
+ (KRB_PORT) was not in network byte order.
+
+ * lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct
+ when selecting.
+
+ * appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c:
+ Now does fallback if there isn't any entries in /etc/services for
+ klogin/kshell. This also made the code a bit more pretty.
+
+ * appl/bsd/login.c: Added support for lots of more struct utmp fields.
+ If there is no ttyslot() use setutent and friends.
+
+ * appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c:
+ Added extern iruserok().
+
+ * appl/bsd/iruserok.c: Initial revision
+
+ * appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis.
+
+ * appl/bsd/Makefile.in: New install
+
+ * appl/bsd/pathnames.h: Fix default path, rsh and rlogin.
+
+ * appl/bsd/rshd.c: Extend default PATH with bindir to find rcp.
+
+ * appl/bsd/login.c (login): If there is no ttyslot use setutent
+ and friends. Added support for lots of more struct utmp fields.
+
+ * server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h:
+ Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros.
+
+ * appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than
+ _PATH_DEF.
+
+ * appl/bsd/login.c, su.c (main): Use fallback to bourne shell if
+ running as root.
+
+ * appl/bsd/su.c (main): Update usage message to reflect that '-'
+ option must come after the ordinary options and before login-id.
+
+ * appl/telnet/telnetd/telnetd.c (doit): If remote host name is to
+ long to fit into utmp try to remove domain part if it does match
+ our local domain.
+
+ (main): Add new option -L /bin/login so that it is possible to
+ specify an alternate login program.
+
+ * appl/telnet/telnet/commands.c (env_init): When exporting
+ variable DISPLAY and if hostname is not the full name, try to get
+ the full name from DNS.
+
+ * appl/telnet/telnet/main.c (main): Option -k realm was broken due
+ to a bogous external declaration.
+
+ * kadmin/kadmin.c (add_new_key): Kadmin now properly sets
+ lifetime, expiration date and attributes in add_new_key command.
+
+ * appl/bsd/su.c (main): Don't handle '-' option with getopt.
+
+ * appl/telnet/telnet/externs.h: Removed protection for multiple
+ inclusions of termio(s).h since it broke definition of termio
+ macro on POSIX systems.
+
+ * lib/krb/lifetime.c (krb_life_to_time): If you want to disable
+ AFS compatible long lifetimes set krb_no_long_lifetimes = 1.
+
+ Please note that the long lifetimes are 100% compatible up to
+ 10h so this should rarely be necessary.
+
+ * lib/krb/krb_equiv.c (krb_equiv): If you don't want to use
+ ipaddress protection of tickets set krb_ignore_ip_address. This
+ makes it possible for an intruder to steal a ticket and then use
+ it from som other machine anywhere on the net.
+
+ * kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one
+ local address. Accept request on all interfaces.
+
+ * admin/kdb_edit.c (change_principal): Don't accept illegal
+ dates. Courtesy of gertz@lysator.liu.se.
+
+ * configure.in: AIX specific libraries needed when using standard
+ libc routine getttyent, IBM should be ashamed!
+
+ * lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t
+ problem.
+
+ * Added strdup for su and rlogin.
+
+ * Fix for old syslog macros in appl/bsd/bsd_locl.
+
+ * lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New
+ ifdef HAVE_NEW_DB for new databases residing in one file only.
+
+ * appl/bsd/rlogin.c (oob): Add workaround for Linux.
+
+ * appl/bsd/getpass.c: New routine that reads up to 127 char
+ passwords. Used in su.c and login.c.
+
+ * appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY
+ should not be used on HP-UX.
+
+==========================*** Released 0.2? ***=============================
+
+ksrvutil
+ If there is a dot in the about to be added principals name there is
+ no need to ask for instance name.
+
+kerberos & kadmind
+ Logfiles are created with small permissions (600).
+
+krb.conf and krb.realms
+ Use domain part as realm name if there is no match in krb.realms.
+ Use kerberos.REALMNAME if there is no match in krb.realms.
+
+rlogin
+ The rlogin client is supported both with and without encryption,
+ there is no rlogind yet though.
+
+login
+ There is login program that supports the -f option. Both kerberos
+ and /etc/passwd authentication is enabled.
+
+ Vendors login programs typically have no -f option (needed by
+ telnetd) and also does not know how to verify passwords againts
+ kerberos.
+
+appl/bsd/*
+ Now uses POSIX signals.
+
+kdb_edit, kadmin
+ Generate random passwords if administrator enters empty password.
+
+lib/kafs
+ New library to support AFS. Routines:
+ int k_hasafs(void);
+ int k_afsklog(...); or some other name
+ int k_setpag(void);
+ int k_unlog(void);
+ int k_pioctl(char *, int, struct ViceIoctl *, int);
+
+ Library supports more than one single entry point AFS syscalls
+ (needed be HP/UX and OSF/1 when running DFS). Doesn't rely on
+ transarc headers or library code. Same binaries can be used both on
+ machines running AFS and others.
+
+ This library is used in telnetd, login and the r* programs.
+
+telnet & telnetd
+ Based on telnet.95.05.31.NE but with the encryption hacks from
+ ftp.funet.fi:/pub/unix/security/esrasrc-1.0 added. This encryption
+ stuff needed some more modifications (done by joda@nada.kth.se)
+ before it was usable. Telnet has also been modified to use GNU
+ autoconf.
+
+Numerous other changes that are long since forgotten.
diff --git a/crypto/kerberosIV/PROBLEMS b/crypto/kerberosIV/PROBLEMS
new file mode 100644
index 000000000000..f6eeeef3e858
--- /dev/null
+++ b/crypto/kerberosIV/PROBLEMS
@@ -0,0 +1,74 @@
+
+Problems compiling Kerberos
+===========================
+
+Many compilers require a switch to become ANSI compliant. Since kth-krb
+is written in ANSI C it is necessary to specify the name of the compiler
+to be used and the required switch to make it ANSI compliant. This is
+most easily done when running configure using the `env' command. For
+instance to build under HP-UX using the native compiler do:
+
+ datan$ env CC="cc -Ae" ./configure
+
+In general `gcc' works. The following combinations have also been
+verified to successfully compile the distribution:
+
+`HP-UX'
+ `cc -Ae'
+
+`Digital UNIX'
+ `cc -std1'
+
+`AIX'
+ `xlc'
+
+`Solaris 2.x'
+ `cc' (unbundled one)
+
+`IRIX'
+ `cc'
+
+Linux problems
+--------------
+
+Some systems have lost `/usr/include/ndbm.h' which is necessary to
+build kth-krb correctly. There is a `ndbm.h.Linux' right next to the
+source distribution.
+
+There has been reports of non-working `libdb' on some Linux
+distributions. If that happens, use the `--without-berkeley-db' when
+configuring.
+
+HP-UX problems
+--------------
+
+The shared library `/usr/lib/libndbm.sl' doesn't exist on all systems.
+To make problems even worse, there is never an archive version for
+static linking either. Therefore, when building "truly portable"
+binaries first install GNU gdbm or Berkeley DB, and make sure that you
+are linking against that library.
+
+Cray problems
+-------------
+
+`rlogind' won't work on Crays until `forkpty()' has been ported, in the
+mean time use `telnetd'.
+
+AIX problems
+------------
+
+`gcc' version 2.7.2.1 has a bug which makes it miscompile
+`appl/telnet/telnetd/sys_term.c' (and possibily `appl/bsd/forkpty.c'),
+if used with too much optimization.
+
+C2 problems
+-----------
+
+The programs that checks passwords works with `passwd', OTP, and
+Kerberos paswords. This is problem if you use C2 security (or use some
+other password database), that normally keeps passwords in some obscure
+place. If you want to use Kerberos with C2 security you will have to
+think about what kind of changes are necessary. See also the discussion
+about Digital's SIA and C2 security, see *Note Digital SIA::.
+
+
diff --git a/crypto/kerberosIV/README b/crypto/kerberosIV/README
new file mode 100644
index 000000000000..064761495f48
--- /dev/null
+++ b/crypto/kerberosIV/README
@@ -0,0 +1,44 @@
+This is a severly hacked up version of Eric Young's eBones-p9 kerberos
+version. The DES library has been updated with his 3.23 version and
+numerous patches collected over the years have been applied to both
+the kerberos and DES sources, most notably the CMU patches for extended
+lifetimes that AFS uses. There is also support for AFS built into most
+programs.
+
+The source has been changed to use ANSI C and POSIX to the largest
+possible extent. The code in util/et and appl/bsd have not been
+updated in this way though (they really need it).
+
+Telnet and telnetd are based on the telnet.95.10.23.NE.tar.Z. Kerberos
+authentication is the default and warnings are issued by telnetd if
+the telnet client does not turn on encryption.
+
+The r* programs in appl/bsd have been updated with newer sources from
+NetBSD and FreeBSD. NOTE: use of telnet is prefered to the use of
+rlogin which is a temporary hack and not an Internet standard (and has
+only been documented quite recently). Telnet uses kerberos
+authentication to prevent the passing of cleartext passwords and is
+thus superior to rlogin.
+
+The distribution has been configured to primarily use kerberos
+authentication with a fallback to /etc/passwd passwords. This should
+make it easy to do a slow migration to kerberos. OTP support is also
+included in login, popper, and ftpd.
+
+All programs in this distribution follow these conventions:
+
+/usr/athena/bin: User programs
+/usr/athena/sbin: Administrator programs
+/usr/athena/libexec: Daemons
+/etc: Configuration files
+/var/log: Logfiles
+/var/kerberos: Kerberos database and ACL files
+
+A W3-page is at http://www.pdc.kth.se/kth-krb/
+
+You can get some documentation from ftp://ftp.pdc.kth.se/pub/krb/doc.
+
+Please report bugs and problems to kth-krb-bugs@nada.kth.se
+
+There is a mailing list discussing kerberos at krb4@sics.se, send a
+message to majordomo@sics.se to subscribe.
diff --git a/crypto/kerberosIV/README-WIN32 b/crypto/kerberosIV/README-WIN32
new file mode 100644
index 000000000000..ba74c46f2172
--- /dev/null
+++ b/crypto/kerberosIV/README-WIN32
@@ -0,0 +1,30 @@
+It should be possible to build several of the libraries and the GUI
+telnet ``voodoo'' on Win95/NT. In case you don't want to try there
+are binaries available at
+ftp://ftp.pdc.kth.se/pub/krb/binaries/i386-unknown-winnt4.0.
+
+In case you want to build from source and possibly hack some on them
+yourself here's a short guide:
+
+You need to build the libraries (DLLs) first and in this order:
+
+lib/roken
+lib/des
+lib/krb
+lib/kclient
+
+And then the two applications:
+
+appl/krbmanager
+appl/voodoo
+
+In each case there is a Visual-C++ generated makefile with the name
+*.mak in the corresponding directory. You might be able to load that
+into Microsoft whatever Studio and you might be able to just run nmake
+on them.
+
+Once you have ended up with 4 DLLs and 2 EXEs you only have to place
+them in a directory in your PATH and start voodoo.
+
+In case it doesn't work, you have discovered bugs or added some more
+features the mail address to use is <kth-krb-bugs@nada.kth.se>
diff --git a/crypto/kerberosIV/TODO b/crypto/kerberosIV/TODO
new file mode 100644
index 000000000000..66aa1f13b8c2
--- /dev/null
+++ b/crypto/kerberosIV/TODO
@@ -0,0 +1,42 @@
+-*- indented-text -*-
+rlogind, rshd, popper, ftpd (telnetd uses nonce?)
+ Add a replay cache.
+
+telnet, rlogin, rsh, rcp
+ Some form of support for ticket forwarding, perhaps only for AFS tickets.
+
+telnet, telnetd
+ Add negotiation for keep-alives.
+
+rlogind
+ Fix utmp logging.
+
+documentation
+ Write more info on:
+ * how to use
+
+rshd
+ Read default environment from /etc/default/login and other files.
+ Encryption without secondary port is bugged, it currently does no
+ encryption. But, nobody uses it anyway.
+
+autoconf
+
+libraries
+ generate archive and shared libraries in some portable way.
+
+k_get_all_addrs
+ for Cray UNICOS
+
+ftpd
+
+kx
+ Compress and recode X protocol?
+
+kip
+ Other kinds of encapsulations?
+ Tunnel device as loadable kernel module.
+ Speed?
+
+BUGS
+ Where?
diff --git a/crypto/kerberosIV/acconfig.h b/crypto/kerberosIV/acconfig.h
new file mode 100644
index 000000000000..bb7b7aa83214
--- /dev/null
+++ b/crypto/kerberosIV/acconfig.h
@@ -0,0 +1,282 @@
+/* $Id: acconfig.h,v 1.71 1997/06/01 22:32:24 assar Exp $ */
+
+/* Define this if RETSIGTYPE == void */
+#undef VOID_RETSIGTYPE
+
+/* Define this if struct utmp have ut_user */
+#undef HAVE_UT_USER
+
+/* Define this if struct utmp have ut_host */
+#undef HAVE_UT_HOST
+
+/* Define this if struct utmp have ut_addr */
+#undef HAVE_UT_ADDR
+
+/* Define this if struct utmp have ut_type */
+#undef HAVE_UT_TYPE
+
+/* Define this if struct utmp have ut_pid */
+#undef HAVE_UT_PID
+
+/* Define this if struct utmp have ut_id */
+#undef HAVE_UT_ID
+
+/* Define this if struct utmpx have ut_syslen */
+#undef HAVE_UT_SYSLEN
+
+/* Define this if struct winsize is declared in sys/termios.h */
+#undef HAVE_STRUCT_WINSIZE
+
+/* Define this if struct winsize have ws_xpixel */
+#undef HAVE_WS_XPIXEL
+
+/* Define this if struct winsize have ws_ypixel */
+#undef HAVE_WS_YPIXEL
+
+/* Define this to be the directory where the dictionary for cracklib */
+/* resides */
+#undef DICTPATH
+
+/* Define this if you want to use SOCKS v5 */
+#undef SOCKS
+
+/* Define this to the path of the mail spool directory */
+#undef KRB4_MAILDIR
+
+/* Define this if `struct sockaddr' includes sa_len */
+#undef SOCKADDR_HAS_SA_LEN
+
+/* Define this if `struct siaentity' includes ouid */
+#undef SIAENTITY_HAS_OUID
+
+/* Define if getlogin has POSIX flavour, as opposed to BSD */
+#undef POSIX_GETLOGIN
+
+/* Define if getpwnam_r has POSIX flavour */
+#undef POSIX_GETPWNAM_R
+
+/* define if getcwd() is broken (such as in SunOS) */
+#undef BROKEN_GETCWD
+
+/* define if the system is missing a prototype for crypt() */
+#undef NEED_CRYPT_PROTO
+
+/* define if the system is missing a prototype for strtok_r() */
+#undef NEED_STRTOK_R_PROTO
+
+/* define if /bin/ls takes -A */
+#undef HAVE_LS_A
+
+/* define if you have h_errno */
+#undef HAVE_H_ERRNO
+
+/* define if you have h_errlist but not hstrerror */
+#undef HAVE_H_ERRLIST
+
+/* define if you have h_nerr but not hstrerror */
+#undef HAVE_H_NERR
+
+/* define if your system doesn't declare h_errlist */
+#undef HAVE_H_ERRLIST_DECLARATION
+
+/* define if your system doesn't declare h_nerr */
+#undef HAVE_H_NERR_DECLARATION
+
+/* define this if you need a declaration for h_errno */
+#undef HAVE_H_ERRNO_DECLARATION
+
+/* define if you need a declaration for optarg */
+#undef HAVE_OPTARG_DECLARATION
+
+/* define if you need a declaration for optind */
+#undef HAVE_OPTIND_DECLARATION
+
+/* define if you need a declaration for opterr */
+#undef HAVE_OPTERR_DECLARATION
+
+/* define if you need a declaration for optopt */
+#undef HAVE_OPTOPT_DECLARATION
+
+/* define if you need a declaration for __progname */
+#undef HAVE___PROGNAME_DECLARATION
+
+@BOTTOM@
+
+#undef HAVE_INT8_T
+#undef HAVE_INT16_T
+#undef HAVE_INT32_T
+#undef HAVE_INT64_T
+#undef HAVE_U_INT8_T
+#undef HAVE_U_INT16_T
+#undef HAVE_U_INT32_T
+#undef HAVE_U_INT64_T
+
+#define RCSID(msg) \
+static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
+
+/*
+ * Set ORGANIZATION to be the desired organization string printed
+ * by the 'kinit' program. It may have spaces.
+ */
+#define ORGANIZATION "eBones International"
+
+#if 0
+#undef BINDIR
+#undef LIBDIR
+#undef LIBEXECDIR
+#undef SBINDIR
+#endif
+
+#if 0
+#define KRB_CNF_FILES { "/etc/krb.conf", "/etc/kerberosIV/krb.conf", 0}
+#define KRB_RLM_FILES { "/etc/krb.realms", "/etc/kerberosIV/krb.realms", 0}
+#define KRB_EQUIV "/etc/krb.equiv"
+
+#define KEYFILE "/etc/srvtab"
+
+#define KRBDIR "/var/kerberos"
+#define DBM_FILE KRBDIR "/principal"
+#define DEFAULT_ACL_DIR KRBDIR
+
+#define KRBLOG "/var/log/kerberos.log" /* master server */
+#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */
+#define KADM_SYSLOG "/var/log/admin_server.syslog"
+#define K_LOGFIL "/var/log/kpropd.log"
+#endif
+
+/* Maximum values on all known systems */
+#define MaxHostNameLen (64+4)
+#define MaxPathLen (1024+4)
+
+/*
+ * Define NDBM if you are using the 4.3 ndbm library (which is part of
+ * libc). If not defined, 4.2 dbm will be assumed.
+ */
+#if defined(HAVE_DBM_FIRSTKEY)
+#define NDBM
+#endif
+
+/* ftp stuff -------------------------------------------------- */
+
+#define KERBEROS
+
+/* telnet stuff ----------------------------------------------- */
+
+/* define this if you have kerberos 4 */
+#undef KRB4
+
+/* define this if you want encryption */
+#undef ENCRYPTION
+
+/* define this if you want authentication */
+#undef AUTHENTICATION
+
+#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
+#define AUTHENTICATION 1
+#endif
+
+/* Set this if you want des encryption */
+#undef DES_ENCRYPTION
+
+/* Set this to the default system lead string for telnetd
+ * can contain %-escapes: %s=sysname, %m=machine, %r=os-release
+ * %v=os-version, %t=tty, %h=hostname, %d=date and time
+ */
+#undef USE_IM
+
+/* define this if you want diagnostics in telnetd */
+#undef DIAGNOSTICS
+
+/* define this if you want support for broken ENV_{VALUE,VAR} systems */
+#undef ENV_HACK
+
+/* */
+#undef OLD_ENVIRON
+
+/* Used with login -p */
+#undef LOGIN_ARGS
+
+/* Define if there are working stream ptys */
+#undef STREAMSPTY
+
+/* set this to a sensible login */
+#ifndef LOGIN_PATH
+#define LOGIN_PATH BINDIR "/login"
+#endif
+
+
+/* ------------------------------------------------------------ */
+
+/*
+ * Define this if your ndbm-library really is berkeley db and creates
+ * files that ends in .db.
+ */
+#undef HAVE_NEW_DB
+
+/* Define this if you have a working getmsg */
+#undef HAVE_GETMSG
+
+/* Define to enable new master key code */
+#undef RANDOM_MKEY
+
+/* Location of the master key file, default value lives in <kdc.h> */
+#undef MKEYFILE
+
+/* Define if you don't want support for afs, might be a good idea on
+ AIX if you don't have afs */
+#undef NO_AFS
+
+/* Define if you have a readline compatible library */
+#undef HAVE_READLINE
+
+#ifdef VOID_RETSIGTYPE
+#define SIGRETURN(x) return
+#else
+#define SIGRETURN(x) return (RETSIGTYPE)(x)
+#endif
+
+/* Define this if your compiler supports '#pragma weak' */
+#undef HAVE_PRAGMA_WEAK
+
+/* Temporary fixes for krb_{rd,mk}_safe */
+#define DES_QUAD_GUESS 0
+#define DES_QUAD_NEW 1
+#define DES_QUAD_OLD 2
+
+/* Set this to one of the constants above to specify default checksum
+ type to emit */
+#undef DES_QUAD_DEFAULT
+
+/*
+ * AIX braindamage!
+ */
+#if _AIX
+#define _ALL_SOURCE
+#define _POSIX_SOURCE
+/* this is left for hysteric reasons :-) */
+#define unix /* well, ok... */
+#endif
+
+/*
+ * SunOS braindamage! (Sun include files are generally braindead)
+ */
+#if (defined(sun) || defined(__sun))
+#if defined(__svr4__) || defined(__SVR4)
+#define SunOS 5
+#else
+#define SunOS 4
+#endif
+#endif
+
+#if defined(__sgi) || defined(sgi)
+#if defined(__SYSTYPE_SVR4) || defined(_SYSTYPE_SVR4)
+#define IRIX 5
+#else
+#define IRIX 4
+#endif
+#endif
+
+/* IRIX 4 braindamage */
+#if IRIX == 4 && !defined(__STDC__)
+#define __STDC__ 0
+#endif
diff --git a/crypto/kerberosIV/aclocal.m4 b/crypto/kerberosIV/aclocal.m4
new file mode 100644
index 000000000000..133e19d93e43
--- /dev/null
+++ b/crypto/kerberosIV/aclocal.m4
@@ -0,0 +1,543 @@
+dnl
+dnl $Id: aclocal.m4,v 1.38 1997/05/18 18:47:30 assar Exp $
+dnl
+
+dnl
+dnl General tests
+dnl
+
+dnl
+dnl Look for function in any of the specified libraries
+dnl
+
+dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments)
+AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [
+
+AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(ac_cv_funclib_$1,
+[
+if eval "test \"\$ac_cv_func_$1\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" $2; do
+ if test -n "$ac_lib"; then
+ ac_lib="-l$ac_lib"
+ LIBS="$ac_lib $ac_save_LIBS"
+ fi
+ AC_TRY_LINK([$3],[$1($4)],eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break)
+ done
+ eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}"
+ LIBS="$ac_save_LIBS"
+fi
+])
+
+eval "ac_res=\$ac_cv_funclib_$1"
+
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs $1"@@@
+@@@libs="$libs $2"@@@
+END
+
+changequote(, )dnl
+eval "ac_tr_func=HAVE_`echo $1 | tr '[a-z]' '[A-Z]'`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+eval "LIB_$1=$ac_res"
+changequote([, ])dnl
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_$1=yes"
+ eval "LIB_$1="
+ AC_DEFINE_UNQUOTED($ac_tr_func)
+ AC_MSG_RESULT([yes])
+ ;;
+ no)
+ eval "ac_cv_func_$1=no"
+ eval "LIB_$1="
+ AC_MSG_RESULT([no])
+ ;;
+ *)
+ eval "ac_cv_func_$1=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ AC_DEFINE_UNQUOTED($ac_tr_func)
+ AC_DEFINE_UNQUOTED($ac_tr_lib)
+ AC_MSG_RESULT([yes, in $ac_res])
+ ;;
+esac
+AC_SUBST(LIB_$1)
+])
+
+dnl AC_FIND_FUNC(func, libraries, includes, arguments)
+AC_DEFUN(AC_FIND_FUNC, [
+AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4])
+if test -n "$LIB_$1"; then
+ LIBS="$LIB_$1 $LIBS"
+fi
+])
+
+dnl
+dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal
+dnl libraries
+
+AC_DEFUN(AC_BROKEN,
+[for ac_func in $1
+do
+AC_CHECK_FUNC($ac_func, [
+changequote(, )dnl
+ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'`
+changequote([, ])dnl
+AC_DEFINE_UNQUOTED($ac_tr_func)],[LIBOBJS="$LIBOBJS ${ac_func}.o"])
+# autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs $1"@@@
+END
+done
+AC_SUBST(LIBOBJS)dnl
+])
+
+dnl
+dnl Mix between AC_FIND_FUNC and AC_BROKEN
+dnl
+
+AC_DEFUN(AC_FIND_IF_NOT_BROKEN,
+[AC_FIND_FUNC([$1], [$2], [$3], [$4])
+if eval "test \"$ac_cv_func_$1\" != yes"; then
+LIBOBJS="$LIBOBJS $1.o"
+fi
+AC_SUBST(LIBOBJS)dnl
+])
+
+dnl
+dnl
+dnl
+
+dnl AC_TEST_PACKAGE(package,header,lib,linkline)
+AC_DEFUN(AC_TEST_PACKAGE,
+[
+AC_MSG_CHECKING(for $1)
+AC_ARG_WITH($1,
+[ --with-$1=dir use $1 in dir],
+[if test "$with_$1" = "no"; then
+ with_$1=
+fi]
+)
+AC_ARG_WITH($1-lib,
+[ --with-$1-lib=dir use $1-lib in dir],
+[if test "$withval" = "yes" -o "$withval" = "no"; then
+ AC_MSG_ERROR([No argument for --with-$1-lib])
+elif test "X$with_$1" = "X"; then
+ with_$1=yes
+fi]
+)
+AC_ARG_WITH($1-include,
+[ --with-$1-include=dir use $1-include in dir],
+[if test "$withval" = "yes" -o "$withval" = "no"; then
+ AC_MSG_ERROR([No argument for --with-$1-include])
+elif test "X$with_$1" = "X"; then
+ with_$1=yes
+fi]
+)
+
+define([foo], translit($1, [a-z], [A-Z]))
+: << END
+@@@syms="$syms foo"@@@
+END
+
+if test -n "$with_$1"; then
+ AC_DEFINE([foo])
+ if test "$with_$1" != "yes"; then
+ $1_dir=$with_$1
+ fi
+dnl Try to find include
+ if test -n "$with_$1_include"; then
+ trydir=$with_$1_include
+ elif test "$with_$1" != "yes"; then
+ trydir="$with_$1 $with_$1/include"
+ else
+ trydir=
+ fi
+ found=
+ for i in $trydir ""; do
+ if test -n "$i"; then
+ if test -f $i/$2; then
+ found=yes; res=$i; break
+ fi
+ else
+ AC_TRY_CPP([#include <$2>], [found=yes; res=$i; break])
+ fi
+ done
+ if test -n "$found"; then
+ $1_include=$res
+ else
+ AC_MSG_ERROR(Cannot find $2)
+ fi
+dnl Try to find lib
+ if test -n "$with_$1_lib"; then
+ trydir=$with_$1_lib
+ elif test "$with_$1" != "yes"; then
+ trydir="$with_$1 $with_$1/lib"
+ else
+ trydir=
+ fi
+ found=
+ for i in $trydir ""; do
+ if test -n "$i"; then
+ if test -f $i/$3; then
+ found=yes; res=$i; break
+ fi
+ else
+ old_LIBS=$LIBS
+ LIBS="$4 $LIBS"
+ AC_TRY_LINK([], [], [found=yes; res=$i; LIBS=$old_LIBS; break])
+ LIBS=$old_LIBS
+ fi
+ done
+ if test -n "$found"; then
+ $1_lib=$res
+ else
+ AC_MSG_ERROR(Cannot find $3)
+ fi
+ AC_MSG_RESULT([headers $$1_include, libraries $$1_lib])
+ AC_DEFINE_UNQUOTED(foo)
+ if test -n "$$1_include"; then
+ foo[INCLUDE]="-I$$1_include"
+ fi
+ AC_SUBST(foo[INCLUDE])
+ if test -n "$$1_lib"; then
+ foo[LIB]="-L$$1_lib"
+ fi
+ foo[LIB]="$foo[LIB] $4"
+ AC_SUBST(foo[LIB])
+else
+ AC_MSG_RESULT(no)
+fi
+undefine([foo])
+])
+
+dnl
+dnl Check if we need the declaration of a variable
+dnl
+
+dnl AC_HAVE_DECLARATION(includes, variable)
+AC_DEFUN(AC_CHECK_DECLARATION, [
+AC_MSG_CHECKING([if $2 is properly declared])
+AC_CACHE_VAL(ac_cv_var_$2_declaration, [
+AC_TRY_COMPILE([$1
+extern struct { int foo; } $2;],
+[$2.foo = 1;],
+eval "ac_cv_var_$2_declaration=no",
+eval "ac_cv_var_$2_declaration=yes")
+])
+
+ac_tr_var=[HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION]
+
+define([foo], [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION])
+: << END
+@@@syms="$syms foo"@@@
+END
+undefine([foo])
+
+AC_MSG_RESULT($ac_cv_var_$2_declaration)
+if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then
+ AC_DEFINE_UNQUOTED($ac_tr_var)
+fi
+])
+
+dnl
+dnl
+dnl
+
+dnl AC_CHECK_VAR(includes, variable)
+AC_DEFUN(AC_CHECK_VAR, [
+AC_MSG_CHECKING(for $2)
+AC_CACHE_VAL(ac_cv_var_$2, [
+AC_TRY_LINK([extern int $2;
+int foo() { return $2; }],
+ [foo()],
+ ac_cv_var_$2=yes, ac_cv_var_$2=no)
+])
+eval "ac_tr_var=[HAVE_]translit($2,[a-z],[A-Z])"
+
+define([foo], [HAVE_]translit($2, [a-z], [A-Z]))
+: << END
+@@@syms="$syms foo"@@@
+END
+undefine([foo])
+
+AC_MSG_RESULT(`eval echo \\$ac_cv_var_$2`)
+if test `eval echo \\$ac_cv_var_$2` = yes; then
+ AC_DEFINE_UNQUOTED($ac_tr_var)
+ AC_CHECK_DECLARATION([$1],[$2])
+fi
+])
+
+dnl
+dnl Check if we need the prototype for a function
+dnl
+
+dnl AC_NEED_PROTO(includes, function)
+
+AC_DEFUN(AC_NEED_PROTO, [
+AC_CACHE_CHECK([if $2 needs a prototype], ac_cv_func_$2_noproto,
+AC_TRY_COMPILE([$1],
+[struct foo { int foo; } xx;
+extern int $2 (struct foo*);
+$2(&xx);
+],
+eval "ac_cv_func_$2_noproto=yes",
+eval "ac_cv_func_$2_noproto=no"))
+define([foo], [NEED_]translit($2, [a-z], [A-Z])[_PROTO])
+if test "$ac_cv_func_$2_noproto" = yes; then
+ AC_DEFINE(foo)
+fi
+: << END
+@@@syms="$syms foo"@@@
+END
+undefine([foo])
+])
+
+dnl AC_MSG_RESULT($ac_cv_func_$3_proto)
+dnl if eval "test \"\$ac_cv_func_$3_proto\" = yes"; then
+dnl AC_DEFINE_UNQUOTED($ac_tr_func)
+dnl fi
+dnl ])
+dnl
+dnl AC_DEFUN(AC_NEED_PROTO, [
+dnl AC_MSG_CHECKING([if $3 needs a proto])
+dnl AC_CACHE_VAL(ac_cv_func_$3_proto, [
+dnl AC_TRY_COMPILE([$1],
+dnl [$2],
+dnl eval "ac_cv_func_$3_proto=no",
+dnl eval "ac_cv_func_$3_proto=yes")
+dnl ])
+dnl changequote(, )dnl
+dnl eval "ac_tr_func=NEED_`echo $3 | tr '[a-z]' '[A-Z]'`_PROTO"
+dnl changequote([, ])dnl
+dnl
+dnl define([foo], [NEED_]translit($3, [a-z], [A-Z])[_PROTO])
+dnl : << END
+dnl @@@syms="$syms foo"@@@
+dnl END
+dnl undefine([foo])
+dnl
+dnl AC_MSG_RESULT($ac_cv_func_$3_proto)
+dnl if eval "test \"\$ac_cv_func_$3_proto\" = yes"; then
+dnl AC_DEFINE_UNQUOTED($ac_tr_func)
+dnl fi
+dnl ])
+
+AC_DEFUN(AC_GROK_TYPE, [
+AC_CACHE_VAL(ac_cv_type_$1,
+AC_TRY_COMPILE([
+#include "confdefs.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+],
+$i x;
+,
+eval ac_cv_type_$1=yes,
+eval ac_cv_type_$1=no))])
+
+
+AC_DEFUN(AC_GROK_TYPES, [
+for i in $1; do
+ AC_MSG_CHECKING(for $i)
+ AC_GROK_TYPE($i)
+ eval ac_res=\$ac_cv_type_$i
+ if test "$ac_res" = yes; then
+ type=HAVE_`echo $i | tr '[a-z]' '[A-Z]'`
+ AC_DEFINE_UNQUOTED($type)
+ fi
+ AC_MSG_RESULT($ac_res)
+done
+])
+
+dnl
+dnl Specific tests
+dnl
+
+dnl
+dnl We prefer byacc or yacc because they do not use `alloca'
+dnl
+
+AC_DEFUN(AC_KRB_PROG_YACC,
+[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y')])
+
+dnl
+dnl Also look for EMXOMF for OS/2
+dnl
+
+AC_DEFUN(AC_KRB_PROG_RANLIB,
+[AC_CHECK_PROGS(RANLIB, ranlib EMXOMF, :)])
+
+dnl
+dnl Better test for ln -s, ln or cp
+dnl
+
+AC_DEFUN(AC_KRB_PROG_LN_S,
+[AC_MSG_CHECKING(for ln -s or something else)
+AC_CACHE_VAL(ac_cv_prog_LN_S,
+[rm -f conftestdata
+if ln -s X conftestdata 2>/dev/null
+then
+ rm -f conftestdata
+ ac_cv_prog_LN_S="ln -s"
+else
+ touch conftestdata1
+ if ln conftestdata1 conftestdata2; then
+ rm -f conftestdata*
+ ac_cv_prog_LN_S=ln
+ else
+ ac_cv_prog_LN_S=cp
+ fi
+fi])dnl
+LN_S="$ac_cv_prog_LN_S"
+AC_MSG_RESULT($ac_cv_prog_LN_S)
+AC_SUBST(LN_S)dnl
+])
+
+dnl
+dnl NEXTSTEP is not posix compliant by default,
+dnl you need a switch -posix to the compiler
+dnl
+
+AC_DEFUN(AC_KRB_SYS_NEXTSTEP, [
+AC_MSG_CHECKING(for NEXTSTEP)
+AC_CACHE_VAL(krb_cv_sys_nextstep,
+AC_EGREP_CPP(yes,
+[#ifdef NeXT
+ yes
+#endif
+], krb_cv_sys_nextstep=yes, krb_cv_sys_nextstep=no) )
+if test "$krb_cv_sys_nextstep" = "yes"; then
+ CFLAGS="$CFLAGS -posix"
+ LIBS="$LIBS -posix"
+fi
+AC_MSG_RESULT($krb_cv_sys_nextstep)
+])
+
+dnl
+dnl AIX have a very different syscall convention
+dnl
+AC_DEFUN(AC_KRB_SYS_AIX, [
+AC_MSG_CHECKING(for AIX)
+AC_CACHE_VAL(krb_cv_sys_aix,
+AC_EGREP_CPP(yes,
+[#ifdef _AIX
+ yes
+#endif
+], krb_cv_sys_aix=yes, krb_cv_sys_aix=no) )
+AC_MSG_RESULT($krb_cv_sys_aix)
+])
+
+dnl
+dnl test for broken getcwd in (SunOS braindamage)
+dnl
+
+AC_DEFUN(AC_KRB_FUNC_GETCWD_BROKEN, [
+if test "$ac_cv_func_getcwd" = yes; then
+AC_MSG_CHECKING(if getcwd is broken)
+AC_CACHE_VAL(ac_cv_func_getcwd_broken, [
+ac_cv_func_getcwd_broken=no
+
+AC_TRY_RUN([
+#include <errno.h>
+char *getcwd(char*, int);
+
+void *popen(char *cmd, char *mode)
+{
+ errno = ENOTTY;
+ return 0;
+}
+
+int main()
+{
+ char *ret;
+ ret = getcwd(0, 1024);
+ if(ret == 0 && errno == ENOTTY)
+ return 0;
+ return 1;
+}
+], ac_cv_func_getcwd_broken=yes,:,:)
+])
+if test "$ac_cv_func_getcwd_broken" = yes; then
+ AC_DEFINE(BROKEN_GETCWD, 1)dnl
+ LIBOBJS="$LIBOBJS getcwd.o"
+ AC_SUBST(LIBOBJS)dnl
+ AC_MSG_RESULT($ac_cv_func_getcwd_broken)
+else
+ AC_MSG_RESULT([seems ok])
+fi
+fi
+])
+
+
+AC_DEFUN(AC_HAVE_PRAGMA_WEAK, [
+if test "${with_shared}" = "yes"; then
+AC_MSG_CHECKING(for pragma weak)
+AC_CACHE_VAL(ac_have_pragma_weak, [
+ac_have_pragma_weak=no
+cat > conftest_foo.$ac_ext <<'EOF'
+[#]line __oline__ "configure"
+#include "confdefs.h"
+#pragma weak foo = _foo
+int _foo = 17;
+EOF
+cat > conftest_bar.$ac_ext <<'EOF'
+[#]line __oline__ "configure"
+#include "confdefs.h"
+extern int foo;
+
+int t() {
+ return foo;
+}
+
+int main() {
+ return t();
+}
+EOF
+if AC_TRY_EVAL('CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&AC_FD_CC'); then
+ac_have_pragma_weak=yes
+fi
+rm -rf conftest*
+])
+if test "$ac_have_pragma_weak" = "yes"; then
+ AC_DEFINE(HAVE_PRAGMA_WEAK, 1)dnl
+fi
+AC_MSG_RESULT($ac_have_pragma_weak)
+fi
+])
+
+dnl
+dnl Search for struct winsize
+dnl
+
+AC_DEFUN(AC_KRB_STRUCT_WINSIZE, [
+AC_MSG_CHECKING(for struct winsize)
+AC_CACHE_VAL(ac_cv_struct_winsize, [
+ac_cv_struct_winsize=no
+for i in sys/termios.h sys/ioctl.h; do
+AC_EGREP_HEADER(
+changequote(, )dnl
+struct[ ]*winsize,dnl
+changequote([,])dnl
+$i, ac_cv_struct_winsize=yes; break)dnl
+done
+])
+if test "$ac_cv_struct_winsize" = "yes"; then
+ AC_DEFINE(HAVE_STRUCT_WINSIZE, 1)dnl
+fi
+AC_MSG_RESULT($ac_cv_struct_winsize)
+AC_EGREP_HEADER(ws_xpixel, termios.h, AC_DEFINE(HAVE_WS_XPIXEL))
+AC_EGREP_HEADER(ws_ypixel, termios.h, AC_DEFINE(HAVE_WS_YPIXEL))
+])
diff --git a/crypto/kerberosIV/admin/Makefile.in b/crypto/kerberosIV/admin/Makefile.in
new file mode 100644
index 000000000000..d0b68b1532ef
--- /dev/null
+++ b/crypto/kerberosIV/admin/Makefile.in
@@ -0,0 +1,104 @@
+# $Id: Makefile.in,v 1.26 1997/05/04 08:33:50 assar Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+LD_FLAGS = @LD_FLAGS@
+LIBS = @LIBS@
+LIB_DBM = @LIB_DBM@
+
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+sbindir = @sbindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROGS = ext_srvtab$(EXECSUFFIX) \
+ kdb_destroy$(EXECSUFFIX) \
+ kdb_edit$(EXECSUFFIX) \
+ kdb_init$(EXECSUFFIX) \
+ kdb_util$(EXECSUFFIX) \
+ kstash$(EXECSUFFIX)
+
+SOURCES = ext_srvtab.c kdb_destroy.c kdb_edit.c \
+ kdb_init.c kdb_util.c kstash.c
+
+OBJECTS = ext_srvtab.o kdb_destroy.o kdb_edit.o \
+ kdb_init.o kdb_util.o kstash.o
+
+all: $(PROGS)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(sbindir)
+ for x in $(PROGS); do \
+ $(INSTALL_PROGRAM) $$x $(sbindir)/`echo $$x|sed '$(transform)'`; \
+ done
+
+uninstall:
+ for x in $(PROGS); do \
+ rm -f $(sbindir)/`echo $$x|sed '$(transform)'`; \
+ done
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+check:
+
+clean:
+ rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *.tab.c *~
+
+realclean: distclean
+ rm -f TAGS
+
+dist: $(DISTFILES)
+ for file in $(DISTFILES); do \
+ ln $$file ../`cat ../.fname`/lib \
+ || cp -p $$file ../`cat ../.fname`/lib; \
+ done
+
+KLIB=-L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes
+LIBROKEN= -L../lib/roken -lroken
+
+ext_srvtab$(EXECSUFFIX): ext_srvtab.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ ext_srvtab.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+kdb_destroy$(EXECSUFFIX): kdb_destroy.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_destroy.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+kdb_edit$(EXECSUFFIX): kdb_edit.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_edit.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+kdb_init$(EXECSUFFIX): kdb_init.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_init.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+kdb_util$(EXECSUFFIX): kdb_util.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_util.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+kstash$(EXECSUFFIX): kstash.o
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kstash.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+$(OBJECTS): ../include/config.h
diff --git a/crypto/kerberosIV/admin/adm_locl.h b/crypto/kerberosIV/admin/adm_locl.h
new file mode 100644
index 000000000000..6cbd20dfde9a
--- /dev/null
+++ b/crypto/kerberosIV/admin/adm_locl.h
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: adm_locl.h,v 1.16 1997/04/20 05:46:14 assar Exp $ */
+
+#ifndef __adm_locl_h
+#define __adm_locl_h
+
+#include "config.h"
+#include "protos.h"
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif /* !TIME_WITH_SYS_TIME */
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <signal.h>
+#include <errno.h>
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#include <err.h>
+
+#include <roken.h>
+
+#include <des.h>
+#include <krb.h>
+#include <krb_db.h>
+#include <kdc.h>
+#include <kadm.h>
+
+#endif /* __adm_locl_h */
diff --git a/crypto/kerberosIV/admin/ext_srvtab.c b/crypto/kerberosIV/admin/ext_srvtab.c
new file mode 100644
index 000000000000..9c029219d899
--- /dev/null
+++ b/crypto/kerberosIV/admin/ext_srvtab.c
@@ -0,0 +1,143 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Description
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: ext_srvtab.c,v 1.13 1997/05/02 14:27:33 assar Exp $");
+
+static des_cblock master_key;
+static des_cblock session_key;
+static des_key_schedule master_key_schedule;
+static char realm[REALM_SZ];
+
+static void
+usage(void)
+{
+ fprintf(stderr,
+ "Usage: %s [-n] [-r realm] instance [instance ...]\n",
+ __progname);
+ exit(1);
+}
+
+static void
+StampOutSecrets(void)
+{
+ memset(master_key, 0, sizeof master_key);
+ memset(session_key, 0, sizeof session_key);
+ memset(master_key_schedule, 0, sizeof master_key_schedule);
+}
+
+static void
+Die(void)
+{
+ StampOutSecrets();
+ exit(1);
+}
+
+static void
+FWrite(void *p, int size, int n, FILE *f)
+{
+ if (fwrite(p, size, n, f) != n) {
+ printf("Error writing output file. Terminating.\n");
+ Die();
+ }
+}
+
+int
+main(int argc, char **argv)
+{
+ FILE *fout;
+ char fname[1024];
+ int fopen_errs = 0;
+ int arg;
+ Principal princs[40];
+ int more;
+ int prompt = KDB_GET_PROMPT;
+ int n, i;
+
+ set_progname (argv[0]);
+ memset(realm, 0, sizeof(realm));
+
+ /* Parse commandline arguments */
+ if (argc < 2)
+ usage();
+ else {
+ for (i = 1; i < argc; i++) {
+ if (strcmp(argv[i], "-n") == 0)
+ prompt = FALSE;
+ else if (strcmp(argv[i], "-r") == 0) {
+ if (++i >= argc)
+ usage();
+ else {
+ strcpy(realm, argv[i]);
+ /*
+ * This is to humor the broken way commandline
+ * argument parsing is done. Later, this
+ * program ignores everything that starts with -.
+ */
+ argv[i][0] = '-';
+ }
+ }
+ else if (argv[i][0] == '-')
+ usage();
+ else
+ if (!k_isinst(argv[i])) {
+ warnx("bad instance name: %s", argv[i]);
+ usage();
+ }
+ }
+ }
+
+ if (kdb_get_master_key (prompt, &master_key, master_key_schedule) != 0)
+ errx (1, "Couldn't read master key.");
+
+ if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) {
+ exit(1);
+ }
+
+ /* For each arg, search for instances of arg, and produce */
+ /* srvtab file */
+ if (!realm[0])
+ if (krb_get_lrealm(realm, 1) != KSUCCESS)
+ errx (1, "couldn't get local realm");
+ umask(077);
+
+ for (arg = 1; arg < argc; arg++) {
+ if (argv[arg][0] == '-')
+ continue;
+ snprintf(fname, sizeof(fname), "%s-new-srvtab", argv[arg]);
+ if ((fout = fopen(fname, "w")) == NULL) {
+ warn("Couldn't create file '%s'.", fname);
+ fopen_errs++;
+ continue;
+ }
+ printf("Generating '%s'....\n", fname);
+ n = kerb_get_principal("*", argv[arg], &princs[0], 40, &more);
+ if (more)
+ fprintf(stderr, "More than 40 found...\n");
+ for (i = 0; i < n; i++) {
+ FWrite(princs[i].name, strlen(princs[i].name) + 1, 1, fout);
+ FWrite(princs[i].instance, strlen(princs[i].instance) + 1,
+ 1, fout);
+ FWrite(realm, strlen(realm) + 1, 1, fout);
+ FWrite(&princs[i].key_version,
+ sizeof(princs[i].key_version), 1, fout);
+ copy_to_key(&princs[i].key_low, &princs[i].key_high, session_key);
+ kdb_encrypt_key (&session_key, &session_key,
+ &master_key, master_key_schedule, DES_DECRYPT);
+ FWrite(session_key, sizeof session_key, 1, fout);
+ }
+ fclose(fout);
+ }
+
+ StampOutSecrets();
+
+ return fopen_errs; /* 0 errors if successful */
+
+}
diff --git a/crypto/kerberosIV/admin/kdb_destroy.c b/crypto/kerberosIV/admin/kdb_destroy.c
new file mode 100644
index 000000000000..fca339f0dd6b
--- /dev/null
+++ b/crypto/kerberosIV/admin/kdb_destroy.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Description.
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: kdb_destroy.c,v 1.7 1997/03/31 02:25:21 assar Exp $");
+
+int
+main(int argc, char **argv)
+{
+ char answer[10]; /* user input */
+ char dbm[256]; /* database path and name */
+ char dbm1[256]; /* database path and name */
+#ifdef HAVE_NEW_DB
+ char *file; /* database file names */
+#else
+ char *file1, *file2; /* database file names */
+#endif
+
+ set_progname (argv[0]);
+
+ strcpy(dbm, DBM_FILE);
+#ifdef HAVE_NEW_DB
+ file = strcat(dbm, ".db");
+#else
+ strcpy(dbm1, DBM_FILE);
+ file1 = strcat(dbm, ".dir");
+ file2 = strcat(dbm1, ".pag");
+#endif
+
+ printf("You are about to destroy the Kerberos database ");
+ printf("on this machine.\n");
+ printf("Are you sure you want to do this (y/n)? ");
+ fgets(answer, sizeof(answer), stdin);
+
+ if (answer[0] == 'y' || answer[0] == 'Y') {
+#ifdef HAVE_NEW_DB
+ if (unlink(file) == 0)
+#else
+ if (unlink(file1) == 0 && unlink(file2) == 0)
+#endif
+ {
+ warnx ("Database deleted at %s", DBM_FILE);
+ return 0;
+ }
+ else
+ warn ("Database cannot be deleted at %s", DBM_FILE);
+ } else
+ warnx ("Database not deleted at %s", DBM_FILE);
+ return 1;
+}
diff --git a/crypto/kerberosIV/admin/kdb_edit.c b/crypto/kerberosIV/admin/kdb_edit.c
new file mode 100644
index 000000000000..5d07135e9780
--- /dev/null
+++ b/crypto/kerberosIV/admin/kdb_edit.c
@@ -0,0 +1,404 @@
+/*
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * This routine changes the Kerberos encryption keys for principals,
+ * i.e., users or services.
+ */
+
+/*
+ * exit returns 0 ==> success -1 ==> error
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: kdb_edit.c,v 1.25 1997/05/07 01:34:05 assar Exp $");
+
+#ifdef DEBUG
+extern kerb_debug;
+#endif
+
+#define zaptime(foo) memset((foo), 0, sizeof(*(foo)))
+
+static int nflag = 0;
+static int debug;
+
+static des_cblock new_key;
+
+static int i, j;
+static int more;
+
+static char input_name[ANAME_SZ];
+static char input_instance[INST_SZ];
+
+#define MAX_PRINCIPAL 10
+static Principal principal_data[MAX_PRINCIPAL];
+
+static Principal old_principal;
+static Principal default_princ;
+
+static des_cblock master_key;
+static des_cblock session_key;
+static des_key_schedule master_key_schedule;
+static char pw_str[255];
+static long master_key_version;
+
+static void
+Usage(void)
+{
+ fprintf(stderr, "Usage: %s [-n]\n", __progname);
+ exit(1);
+}
+
+static char *
+n_gets(char *buf, int size)
+{
+ char *p;
+ char *ret;
+ ret = fgets(buf, size, stdin);
+
+ if (ret && (p = strchr(buf, '\n')))
+ *p = 0;
+ return ret;
+}
+
+
+static int
+change_principal(void)
+{
+ static char temp[255];
+ int creating = 0;
+ int editpw = 0;
+ int changed = 0;
+ long temp_long; /* Don't change to int32_t, used by scanf */
+ int n;
+ struct tm *tp, edate;
+
+ fprintf(stdout, "\nPrincipal name: ");
+ fflush(stdout);
+ if (!n_gets(input_name, sizeof(input_name)) || *input_name == '\0')
+ return 0;
+ fprintf(stdout, "Instance: ");
+ fflush(stdout);
+ /* instance can be null */
+ n_gets(input_instance, sizeof(input_instance));
+ j = kerb_get_principal(input_name, input_instance, principal_data,
+ MAX_PRINCIPAL, &more);
+ if (!j) {
+ fprintf(stdout, "\n\07\07<Not found>, Create [y] ? ");
+ fflush(stdout);
+ n_gets(temp, sizeof(temp)); /* Default case should work, it didn't */
+ if (temp[0] != 'y' && temp[0] != 'Y' && temp[0] != '\0')
+ return -1;
+ /* make a new principal, fill in defaults */
+ j = 1;
+ creating = 1;
+ strcpy(principal_data[0].name, input_name);
+ strcpy(principal_data[0].instance, input_instance);
+ principal_data[0].old = NULL;
+ principal_data[0].exp_date = default_princ.exp_date;
+ if (strcmp(input_instance, "admin") == 0)
+ principal_data[0].max_life = 1 + (CLOCK_SKEW/(5*60)); /*5+5 minutes*/
+ else if (strcmp(input_instance, "root") == 0)
+ principal_data[0].max_life = 96; /* 8 hours */
+ else
+ principal_data[0].max_life = default_princ.max_life;
+ principal_data[0].attributes = default_princ.attributes;
+ principal_data[0].kdc_key_ver = (unsigned char) master_key_version;
+ principal_data[0].key_version = 0; /* bumped up later */
+ }
+ tp = k_localtime(&principal_data[0].exp_date);
+ snprintf(principal_data[0].exp_date_txt,
+ sizeof(principal_data[0].exp_date_txt),
+ "%4d-%02d-%02d",
+ tp->tm_year + 1900,
+ tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */
+ for (i = 0; i < j; i++) {
+ for (;;) {
+ fprintf(stdout,
+ "\nPrincipal: %s, Instance: %s, kdc_key_ver: %d",
+ principal_data[i].name, principal_data[i].instance,
+ principal_data[i].kdc_key_ver);
+ fflush(stdout);
+ editpw = 1;
+ changed = 0;
+ if (!creating) {
+ /*
+ * copy the existing data so we can use the old values
+ * for the qualifier clause of the replace
+ */
+ principal_data[i].old = (char *) &old_principal;
+ memcpy(&old_principal, &principal_data[i],
+ sizeof(old_principal));
+ printf("\nChange password [n] ? ");
+ n_gets(temp, sizeof(temp));
+ if (strcmp("y", temp) && strcmp("Y", temp))
+ editpw = 0;
+ }
+ /* password */
+ if (editpw) {
+#ifdef NOENCRYPTION
+ placebo_read_pw_string(pw_str, sizeof pw_str,
+ "\nNew Password: ", TRUE);
+#else
+ if(des_read_pw_string(pw_str, sizeof pw_str,
+ "\nNew Password: ", TRUE))
+ continue;
+#endif
+ if ( strcmp(pw_str, "RANDOM") == 0
+ || strcmp(pw_str, "") == 0) {
+ printf("\nRandom password [y] ? ");
+ n_gets(temp, sizeof(temp));
+ if (!strcmp("n", temp) || !strcmp("N", temp)) {
+ /* no, use literal */
+#ifdef NOENCRYPTION
+ memset(new_key, 0, sizeof(des_cblock));
+ new_key[0] = 127;
+#else
+ des_string_to_key(pw_str, &new_key);
+#endif
+ memset(pw_str, 0, sizeof pw_str); /* "RANDOM" */
+ } else {
+#ifdef NOENCRYPTION
+ memset(new_key, 0, sizeof(des_cblock));
+ new_key[0] = 127;
+#else
+ des_new_random_key(&new_key);
+#endif
+ memset(pw_str, 0, sizeof pw_str);
+ }
+ } else if (!strcmp(pw_str, "NULL")) {
+ printf("\nNull Key [y] ? ");
+ n_gets(temp, sizeof(temp));
+ if (!strcmp("n", temp) || !strcmp("N", temp)) {
+ /* no, use literal */
+#ifdef NOENCRYPTION
+ memset(new_key, 0, sizeof(des_cblock));
+ new_key[0] = 127;
+#else
+ des_string_to_key(pw_str, &new_key);
+#endif
+ memset(pw_str, 0, sizeof pw_str); /* "NULL" */
+ } else {
+
+ principal_data[i].key_low = 0;
+ principal_data[i].key_high = 0;
+ goto null_key;
+ }
+ } else {
+#ifdef NOENCRYPTION
+ memset(new_key, 0, sizeof(des_cblock));
+ new_key[0] = 127;
+#else
+ des_string_to_key(pw_str, &new_key);
+#endif
+ memset(pw_str, 0, sizeof pw_str);
+ }
+
+ /* seal it under the kerberos master key */
+ kdb_encrypt_key (&new_key, &new_key,
+ &master_key, master_key_schedule,
+ DES_ENCRYPT);
+ copy_from_key(new_key,
+ &principal_data[i].key_low,
+ &principal_data[i].key_high);
+ memset(new_key, 0, sizeof(new_key));
+ null_key:
+ /* set master key version */
+ principal_data[i].kdc_key_ver =
+ (unsigned char) master_key_version;
+ /* bump key version # */
+ principal_data[i].key_version++;
+ fprintf(stdout,
+ "\nPrincipal's new key version = %d\n",
+ principal_data[i].key_version);
+ fflush(stdout);
+ changed = 1;
+ }
+ /* expiration date */
+ fprintf(stdout, "Expiration date (enter yyyy-mm-dd) [ %s ] ? ",
+ principal_data[i].exp_date_txt);
+ fflush(stdout);
+ zaptime(&edate);
+ while (n_gets(temp, sizeof(temp)) && ((n = strlen(temp)) >
+ sizeof(principal_data[0].exp_date_txt))) {
+ bad_date:
+ fprintf(stdout, "\07\07Date Invalid\n");
+ fprintf(stdout,
+ "Expiration date (enter yyyy-mm-dd) [ %s ] ? ",
+ principal_data[i].exp_date_txt);
+ fflush(stdout);
+ zaptime(&edate);
+ }
+
+ if (*temp) {
+ if (sscanf(temp, "%d-%d-%d", &edate.tm_year,
+ &edate.tm_mon, &edate.tm_mday) != 3)
+ goto bad_date;
+ edate.tm_mon--; /* January is 0, not 1 */
+ edate.tm_hour = 23; /* nearly midnight at the end of the */
+ edate.tm_min = 59; /* specified day */
+ if (krb_check_tm (edate))
+ goto bad_date;
+ edate.tm_year -= 1900;
+ temp_long = tm2time (edate, 1);
+ strcpy(principal_data[i].exp_date_txt, temp);
+ principal_data[i].exp_date = temp_long;
+ changed = 1;
+ }
+
+ /* maximum lifetime */
+ fprintf(stdout, "Max ticket lifetime (*5 minutes) [ %d ] ? ",
+ principal_data[i].max_life);
+ fflush(stdout);
+ while (n_gets(temp, sizeof(temp)) && *temp) {
+ if (sscanf(temp, "%ld", &temp_long) != 1)
+ goto bad_life;
+ if (temp_long > 255 || (temp_long < 0)) {
+ bad_life:
+ fprintf(stdout, "\07\07Invalid, choose 0-255\n");
+ fprintf(stdout,
+ "Max ticket lifetime (*5 minutes) [ %d ] ? ",
+ principal_data[i].max_life);
+ fflush(stdout);
+ continue;
+ }
+ changed = 1;
+ /* dont clobber */
+ principal_data[i].max_life = (unsigned short) temp_long;
+ break;
+ }
+
+ /* attributes */
+ fprintf(stdout, "Attributes [ %d ] ? ",
+ principal_data[i].attributes);
+ fflush(stdout);
+ while (n_gets(temp, sizeof(temp)) && *temp) {
+ if (sscanf(temp, "%ld", &temp_long) != 1)
+ goto bad_att;
+ if (temp_long > 65535 || (temp_long < 0)) {
+ bad_att:
+ fprintf(stdout, "\07\07Invalid, choose 0-65535\n");
+ fprintf(stdout, "Attributes [ %d ] ? ",
+ principal_data[i].attributes);
+ fflush(stdout);
+ continue;
+ }
+ changed = 1;
+ /* dont clobber */
+ principal_data[i].attributes =
+ (unsigned short) temp_long;
+ break;
+ }
+
+ /*
+ * remaining fields -- key versions and mod info, should
+ * not be directly manipulated
+ */
+ if (changed) {
+ if (kerb_put_principal(&principal_data[i], 1)) {
+ fprintf(stdout,
+ "\nError updating Kerberos database");
+ } else {
+ fprintf(stdout, "Edit O.K.");
+ }
+ } else {
+ fprintf(stdout, "Unchanged");
+ }
+
+
+ memset(&principal_data[i].key_low, 0, 4);
+ memset(&principal_data[i].key_high, 0, 4);
+ fflush(stdout);
+ break;
+ }
+ }
+ if (more) {
+ fprintf(stdout, "\nThere were more tuples found ");
+ fprintf(stdout, "than there were space for");
+ }
+ return 1;
+}
+
+static void
+cleanup(void)
+{
+
+ memset(master_key, 0, sizeof(master_key));
+ memset(session_key, 0, sizeof(session_key));
+ memset(master_key_schedule, 0, sizeof(master_key_schedule));
+ memset(principal_data, 0, sizeof(principal_data));
+ memset(new_key, 0, sizeof(new_key));
+ memset(pw_str, 0, sizeof(pw_str));
+}
+
+int
+main(int argc, char **argv)
+{
+ /* Local Declarations */
+
+ long n;
+
+ set_progname (argv[0]);
+
+ while (--argc > 0 && (*++argv)[0] == '-')
+ for (i = 1; argv[0][i] != '\0'; i++) {
+ switch (argv[0][i]) {
+
+ /* debug flag */
+ case 'd':
+ debug = 1;
+ continue;
+
+ /* debug flag */
+#ifdef DEBUG
+ case 'l':
+ kerb_debug |= 1;
+ continue;
+#endif
+ case 'n': /* read MKEYFILE for master key */
+ nflag = 1;
+ continue;
+
+ default:
+ warnx ("illegal flag \"%c\"", argv[0][i]);
+ Usage(); /* Give message and die */
+ }
+ }
+
+ fprintf(stdout, "Opening database...\n");
+ fflush(stdout);
+ kerb_init();
+ if (argc > 0)
+ if (kerb_db_set_name(*argv) != 0)
+ errx (1, "Could not open altername database name");
+
+ if (kdb_get_master_key ((nflag == 0) ? KDB_GET_PROMPT : 0,
+ &master_key, master_key_schedule) != 0)
+ errx (1, "Couldn't read master key.");
+
+ if ((master_key_version = kdb_verify_master_key(&master_key,
+ master_key_schedule,
+ stdout)) < 0)
+ return 1;
+
+ /* Initialize non shared random sequence */
+ des_init_random_number_generator(&master_key);
+
+ /* lookup the default values */
+ n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
+ &default_princ, 1, &more);
+ if (n != 1)
+ errx (1, "Kerberos error on default value lookup, %ld found.", n);
+ fprintf(stdout, "Previous or default values are in [brackets] ,\n");
+ fprintf(stdout, "enter return to leave the same, or new value.\n");
+
+ while (change_principal()) {
+ }
+
+ cleanup();
+ return 0;
+}
diff --git a/crypto/kerberosIV/admin/kdb_init.c b/crypto/kerberosIV/admin/kdb_init.c
new file mode 100644
index 000000000000..b9ea009c5d1c
--- /dev/null
+++ b/crypto/kerberosIV/admin/kdb_init.c
@@ -0,0 +1,174 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * program to initialize the database, reports error if database file
+ * already exists.
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: kdb_init.c,v 1.23 1997/03/30 17:45:05 assar Exp $");
+
+enum ap_op {
+ NULL_KEY, /* setup null keys */
+ MASTER_KEY, /* use master key as new key */
+ RANDOM_KEY /* choose a random key */
+};
+
+static des_cblock master_key;
+static des_key_schedule master_key_schedule;
+
+/* use a return code to indicate success or failure. check the return */
+/* values of the routines called by this routine. */
+
+static int
+add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife)
+{
+ Principal principal;
+ struct tm *tm;
+ des_cblock new_key;
+
+ memset(&principal, 0, sizeof(principal));
+ strncpy(principal.name, name, ANAME_SZ);
+ strncpy(principal.instance, instance, INST_SZ);
+ switch (aap_op) {
+ case NULL_KEY:
+ principal.key_low = 0;
+ principal.key_high = 0;
+ break;
+ case RANDOM_KEY:
+#ifdef NOENCRYPTION
+ memset(new_key, 0, sizeof(des_cblock));
+ new_key[0] = 127;
+#else
+ des_new_random_key(&new_key);
+#endif
+ kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule,
+ DES_ENCRYPT);
+ copy_from_key(new_key, &principal.key_low, &principal.key_high);
+ memset(new_key, 0, sizeof(new_key));
+ break;
+ case MASTER_KEY:
+ memcpy(new_key, master_key, sizeof (des_cblock));
+ kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule,
+ DES_ENCRYPT);
+ copy_from_key(new_key, &principal.key_low, &principal.key_high);
+ break;
+ }
+ principal.exp_date = 946702799; /* Happy new century */
+ strncpy(principal.exp_date_txt, "12/31/99", DATE_SZ);
+ principal.mod_date = time(0);
+
+ tm = k_localtime(&principal.mod_date);
+ principal.attributes = 0;
+ principal.max_life = maxlife;
+
+ principal.kdc_key_ver = 1;
+ principal.key_version = 1;
+
+ strncpy(principal.mod_name, "db_creation", ANAME_SZ);
+ strncpy(principal.mod_instance, "", INST_SZ);
+ principal.old = 0;
+
+ if (kerb_db_put_principal(&principal, 1) != 1)
+ return -1; /* FAIL */
+
+ /* let's play it safe */
+ memset(new_key, 0, sizeof (des_cblock));
+ memset(&principal.key_low, 0, 4);
+ memset(&principal.key_high, 0, 4);
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ char realm[REALM_SZ];
+ char *cp;
+ int code;
+ char *database;
+
+ set_progname (argv[0]);
+
+ if (argc > 3) {
+ fprintf(stderr, "Usage: %s [realm-name] [database-name]\n", argv[0]);
+ return 1;
+ }
+ if (argc == 3) {
+ database = argv[2];
+ --argc;
+ } else
+ database = DBM_FILE;
+
+ /* Do this first, it'll fail if the database exists */
+ if ((code = kerb_db_create(database)) != 0)
+ err (1, "Couldn't create database %s", database);
+ kerb_db_set_name(database);
+
+ if (argc == 2)
+ strncpy(realm, argv[1], REALM_SZ);
+ else {
+ if (krb_get_lrealm(realm, 1) != KSUCCESS)
+ strcpy(realm, KRB_REALM);
+ fprintf(stderr, "Realm name [default %s ]: ", realm);
+ if (fgets(realm, sizeof(realm), stdin) == NULL)
+ errx (1, "\nEOF reading realm");
+ if ((cp = strchr(realm, '\n')))
+ *cp = '\0';
+ if (!*realm) /* no realm given */
+ if (krb_get_lrealm(realm, 1) != KSUCCESS)
+ strcpy(realm, KRB_REALM);
+ }
+ if (!k_isrealm(realm))
+ errx (1, "Bad kerberos realm name \"%s\"", realm);
+#ifndef RANDOM_MKEY
+ printf("You will be prompted for the database Master Password.\n");
+ printf("It is important that you NOT FORGET this password.\n");
+#else
+ printf("To generate a master key, please enter some random data.\n");
+ printf("You do not have to remember this.\n");
+#endif
+ fflush(stdout);
+
+ if (kdb_get_master_key (KDB_GET_TWICE, &master_key,
+ master_key_schedule) != 0)
+ errx (1, "Couldn't read master key.");
+
+#ifdef RANDOM_MKEY
+ if(kdb_kstash(&master_key, MKEYFILE) < 0)
+ err (1, "Error writing master key");
+ fprintf(stderr, "Wrote master key to %s\n", MKEYFILE);
+#endif
+
+ /* Initialize non shared random sequence */
+ des_init_random_number_generator(&master_key);
+
+ /* Maximum lifetime for changepw.kerberos (kadmin) tickets, 10 minutes */
+#define ADMLIFE (1 + (CLOCK_SKEW/(5*60)))
+
+ /* Maximum lifetime for ticket granting tickets, 4 days or 21.25h */
+#define TGTLIFE ((krb_life_to_time(0, 162) >= 24*60*60) ? 161 : 255)
+
+ /* This means that default lifetimes have not been initialized */
+#define DEFLIFE 255
+
+#define NOLIFE 0
+
+ if (
+ add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY, NOLIFE) ||
+ add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY,DEFLIFE)||
+ add_principal(KRB_TICKET_GRANTING_TICKET, realm, RANDOM_KEY, TGTLIFE)||
+ add_principal(PWSERV_NAME, KRB_MASTER, RANDOM_KEY, ADMLIFE)
+ ) {
+ putc ('\n', stderr);
+ errx (1, "couldn't initialize database.");
+ }
+
+ /* play it safe */
+ memset(master_key, 0, sizeof (des_cblock));
+ memset(master_key_schedule, 0, sizeof (des_key_schedule));
+ return 0;
+}
diff --git a/crypto/kerberosIV/admin/kdb_util.c b/crypto/kerberosIV/admin/kdb_util.c
new file mode 100644
index 000000000000..b221fddb1e6b
--- /dev/null
+++ b/crypto/kerberosIV/admin/kdb_util.c
@@ -0,0 +1,496 @@
+/*
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Kerberos database manipulation utility. This program allows you to
+ * dump a kerberos database to an ascii readable file and load this
+ * file into the database. Read locking of the database is done during a
+ * dump operation. NO LOCKING is done during a load operation. Loads
+ * should happen with other processes shutdown.
+ *
+ * Written July 9, 1987 by Jeffrey I. Schiller
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: kdb_util.c,v 1.35 1997/05/07 00:57:45 assar Exp $");
+
+static des_cblock master_key, new_master_key;
+static des_key_schedule master_key_schedule, new_master_key_schedule;
+
+#define zaptime(foo) memset((foo), 0, sizeof(*(foo)))
+
+/* cv_key is a procedure which takes a principle and changes its key,
+ either for a new method of encrypting the keys, or a new master key.
+ if cv_key is null no transformation of key is done (other than net byte
+ order). */
+
+struct callback_args {
+ void (*cv_key)(Principal *);
+ FILE *output_file;
+};
+
+static void
+print_time(FILE *file, time_t timeval)
+{
+ struct tm *tm;
+ tm = gmtime(&timeval);
+ fprintf(file, " %04d%02d%02d%02d%02d",
+ tm->tm_year + 1900,
+ tm->tm_mon + 1,
+ tm->tm_mday,
+ tm->tm_hour,
+ tm->tm_min);
+}
+
+static long
+time_explode(char *cp)
+{
+ char wbuf[5];
+ struct tm tp;
+ int local;
+
+ zaptime(&tp); /* clear out the struct */
+
+ if (strlen(cp) > 10) { /* new format */
+ strncpy(wbuf, cp, 4);
+ wbuf[4] = 0;
+ tp.tm_year = atoi(wbuf) - 1900;
+ cp += 4; /* step over the year */
+ local = 0; /* GMT */
+ } else { /* old format: local time,
+ year is 2 digits, assuming 19xx */
+ wbuf[0] = *cp++;
+ wbuf[1] = *cp++;
+ wbuf[2] = 0;
+ tp.tm_year = atoi(wbuf);
+ local = 1; /* local */
+ }
+
+ wbuf[0] = *cp++;
+ wbuf[1] = *cp++;
+ wbuf[2] = 0;
+ tp.tm_mon = atoi(wbuf)-1;
+
+ wbuf[0] = *cp++;
+ wbuf[1] = *cp++;
+ tp.tm_mday = atoi(wbuf);
+
+ wbuf[0] = *cp++;
+ wbuf[1] = *cp++;
+ tp.tm_hour = atoi(wbuf);
+
+ wbuf[0] = *cp++;
+ wbuf[1] = *cp++;
+ tp.tm_min = atoi(wbuf);
+
+
+ return(tm2time(tp, local));
+}
+
+static int
+dump_db_1(void *arg, Principal *principal)
+{ /* replace null strings with "*" */
+ struct callback_args *a = (struct callback_args *)arg;
+
+ if (principal->instance[0] == '\0') {
+ principal->instance[0] = '*';
+ principal->instance[1] = '\0';
+ }
+ if (principal->mod_name[0] == '\0') {
+ principal->mod_name[0] = '*';
+ principal->mod_name[1] = '\0';
+ }
+ if (principal->mod_instance[0] == '\0') {
+ principal->mod_instance[0] = '*';
+ principal->mod_instance[1] = '\0';
+ }
+ if (a->cv_key != NULL) {
+ (*a->cv_key) (principal);
+ }
+ fprintf(a->output_file, "%s %s %d %d %d %d %x %x",
+ principal->name,
+ principal->instance,
+ principal->max_life,
+ principal->kdc_key_ver,
+ principal->key_version,
+ principal->attributes,
+ (int)htonl (principal->key_low),
+ (int)htonl (principal->key_high));
+ print_time(a->output_file, principal->exp_date);
+ print_time(a->output_file, principal->mod_date);
+ fprintf(a->output_file, " %s %s\n",
+ principal->mod_name,
+ principal->mod_instance);
+ return 0;
+}
+
+static int
+dump_db (char *db_file, FILE *output_file, void (*cv_key) (Principal *))
+{
+ struct callback_args a;
+
+ a.cv_key = cv_key;
+ a.output_file = output_file;
+
+ kerb_db_iterate ((k_iter_proc_t)dump_db_1, &a);
+ return fflush(output_file);
+}
+
+static int
+add_file(void *db, FILE *file)
+{
+ int ret;
+ int lineno = 0;
+ char line[1024];
+ unsigned long key[2]; /* yes, long */
+ Principal pr;
+
+ char exp_date[64], mod_date[64];
+
+ int life, kkvno, kvno;
+
+ while(1){
+ memset(&pr, 0, sizeof(pr));
+ errno = 0;
+ if(fgets(line, sizeof(line), file) == NULL){
+ if(errno != 0)
+ err (1, "fgets");
+ break;
+ }
+ lineno++;
+ ret = sscanf(line, "%s %s %d %d %d %hd %lx %lx %s %s %s %s",
+ pr.name, pr.instance,
+ &life, &kkvno, &kvno,
+ &pr.attributes,
+ &key[0], &key[1],
+ exp_date, mod_date,
+ pr.mod_name, pr.mod_instance);
+ if(ret != 12){
+ warnx("Line %d malformed (ignored)", lineno);
+ continue;
+ }
+ pr.key_low = ntohl (key[0]);
+ pr.key_high = ntohl (key[1]);
+ pr.max_life = life;
+ pr.kdc_key_ver = kkvno;
+ pr.key_version = kvno;
+ pr.exp_date = time_explode(exp_date);
+ pr.mod_date = time_explode(mod_date);
+ if (pr.instance[0] == '*')
+ pr.instance[0] = 0;
+ if (pr.mod_name[0] == '*')
+ pr.mod_name[0] = 0;
+ if (pr.mod_instance[0] == '*')
+ pr.mod_instance[0] = 0;
+ if (kerb_db_update(db, &pr, 1) != 1) {
+ warn ("store %s.%s aborted",
+ pr.name, pr.instance);
+ return 1;
+ }
+ }
+ return 0;
+}
+
+static void
+load_db (char *db_file, FILE *input_file)
+{
+ long *db;
+ int temp1;
+ int code;
+ char *temp_db_file;
+
+ temp1 = strlen(db_file)+2;
+ temp_db_file = malloc (temp1);
+ strcpy(temp_db_file, db_file);
+ strcat(temp_db_file, "~");
+
+ /* Create the database */
+ if ((code = kerb_db_create(temp_db_file)) != 0)
+ err (1, "creating temp database %s", temp_db_file);
+ kerb_db_set_name(temp_db_file);
+ db = kerb_db_begin_update();
+ if (db == NULL)
+ err (1, "opening temp database %s", temp_db_file);
+
+ if(add_file(db, input_file))
+ errx (1, "Load aborted");
+
+ kerb_db_end_update(db);
+ if ((code = kerb_db_rename(temp_db_file, db_file)) != 0)
+ warn("database rename failed");
+ fclose(input_file);
+ free(temp_db_file);
+}
+
+static void
+merge_db(char *db_file, FILE *input_file)
+{
+ void *db;
+
+ db = kerb_db_begin_update();
+ if(db == NULL)
+ err (1, "Couldn't open database");
+ if(add_file(db, input_file))
+ errx (1, "Merge aborted");
+ kerb_db_end_update(db);
+}
+
+static void
+update_ok_file (char *file_name)
+{
+ /* handle slave locking/failure stuff */
+ char *file_ok;
+ int fd;
+ static char ok[]=".dump_ok";
+
+ asprintf (&file_ok, "%s%s", file_name, ok);
+ if (file_ok == NULL)
+ errx (1, "out of memory");
+ if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0400)) < 0)
+ err (1, "Error creating %s", file_ok);
+ free(file_ok);
+ close(fd);
+}
+
+static void
+convert_key_new_master (Principal *p)
+{
+ des_cblock key;
+
+ /* leave null keys alone */
+ if ((p->key_low == 0) && (p->key_high == 0)) return;
+
+ /* move current key to des_cblock for encryption, special case master key
+ since that's changing */
+ if ((strncmp (p->name, KERB_M_NAME, ANAME_SZ) == 0) &&
+ (strncmp (p->instance, KERB_M_INST, INST_SZ) == 0)) {
+ memcpy (key, new_master_key, sizeof(des_cblock));
+ (p->key_version)++;
+ } else {
+ copy_to_key(&p->key_low, &p->key_high, key);
+ kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_DECRYPT);
+ }
+
+ kdb_encrypt_key (&key, &key, &new_master_key, new_master_key_schedule, DES_ENCRYPT);
+
+ copy_from_key(key, &(p->key_low), &(p->key_high));
+ memset(key, 0, sizeof (key)); /* a little paranoia ... */
+
+ (p->kdc_key_ver)++;
+}
+
+static void
+clear_secrets (void)
+{
+ memset(master_key, 0, sizeof (des_cblock));
+ memset(master_key_schedule, 0, sizeof (des_key_schedule));
+ memset(new_master_key, 0, sizeof (des_cblock));
+ memset(new_master_key_schedule, 0, sizeof (des_key_schedule));
+}
+
+static void
+convert_new_master_key (char *db_file, FILE *out)
+{
+#ifdef RANDOM_MKEY
+ errx (1, "Sorry, this function is not available with "
+ "the new master key scheme.");
+#else
+ printf ("\n\nEnter the CURRENT master key.");
+ if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
+ master_key_schedule) != 0) {
+ clear_secrets ();
+ errx (1, "Couldn't get master key.");
+ }
+
+ if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) {
+ clear_secrets ();
+ exit (1);
+ }
+
+ printf ("\n\nNow enter the NEW master key. Do not forget it!!");
+ if (kdb_get_master_key (KDB_GET_TWICE, &new_master_key,
+ new_master_key_schedule) != 0) {
+ clear_secrets ();
+ errx (1, "Couldn't get new master key.");
+ }
+
+ dump_db (db_file, out, convert_key_new_master);
+ {
+ char fname[128];
+ snprintf(fname, sizeof(fname), "%s.new", MKEYFILE);
+ kdb_kstash(&new_master_key, fname);
+ }
+#endif /* RANDOM_MKEY */
+}
+
+static void
+convert_key_old_db (Principal *p)
+{
+ des_cblock key;
+
+ /* leave null keys alone */
+ if ((p->key_low == 0) && (p->key_high == 0)) return;
+
+ copy_to_key(&p->key_low, &p->key_high, key);
+
+#ifndef NOENCRYPTION
+ des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key,
+ (long)sizeof(des_cblock),master_key_schedule,
+ (des_cblock *)master_key_schedule, DES_DECRYPT);
+#endif
+
+ /* make new key, new style */
+ kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_ENCRYPT);
+
+ copy_from_key(key, &(p->key_low), &(p->key_high));
+ memset(key, 0, sizeof (key)); /* a little paranoia ... */
+}
+
+static void
+convert_old_format_db (char *db_file, FILE *out)
+{
+ des_cblock key_from_db;
+ Principal principal_data[1];
+ int n, more;
+
+ if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
+ master_key_schedule) != 0L) {
+ clear_secrets();
+ errx (1, "Couldn't get master key.");
+ }
+
+ /* can't call kdb_verify_master_key because this is an old style db */
+ /* lookup the master key version */
+ n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
+ 1 /* only one please */, &more);
+ if ((n != 1) || more)
+ errx (1, "verify_master_key: Kerberos error on master key lookup, %d found.\n", n);
+
+ /* set up the master key */
+ fprintf(stderr, "Current Kerberos master key version is %d.\n",
+ principal_data[0].kdc_key_ver);
+
+ /*
+ * now use the master key to decrypt (old style) the key in the db, had better
+ * be the same!
+ */
+ copy_to_key(&principal_data[0].key_low,
+ &principal_data[0].key_high,
+ key_from_db);
+#ifndef NOENCRYPTION
+ des_pcbc_encrypt(&key_from_db,&key_from_db,(long)sizeof(key_from_db),
+ master_key_schedule,(des_cblock *)master_key_schedule, DES_DECRYPT);
+#endif
+ /* the decrypted database key had better equal the master key */
+
+ n = memcmp(master_key, key_from_db, sizeof(master_key));
+ memset(key_from_db, 0, sizeof(key_from_db));
+
+ if (n) {
+ fprintf(stderr, "\n\07\07verify_master_key: Invalid master key, ");
+ fprintf(stderr, "does not match database.\n");
+ exit (1);
+ }
+
+ fprintf(stderr, "Master key verified.\n");
+
+ dump_db (db_file, out, convert_key_old_db);
+}
+
+int
+main(int argc, char **argv)
+{
+ int ret;
+ FILE *file;
+ enum {
+ OP_LOAD,
+ OP_MERGE,
+ OP_DUMP,
+ OP_SLAVE_DUMP,
+ OP_NEW_MASTER,
+ OP_CONVERT_OLD_DB
+ } op;
+ char *file_name;
+ char *db_name;
+
+ set_progname (argv[0]);
+
+ if (argc != 3 && argc != 4) {
+ fprintf(stderr, "Usage: %s operation file [database name].\n",
+ argv[0]);
+ fprintf(stderr, "Operation is one of: "
+ "load, merge, dump, slave_dump, new_master_key, "
+ "convert_old_db\n");
+ exit(1);
+ }
+ if (argc == 3)
+ db_name = DBM_FILE;
+ else
+ db_name = argv[3];
+
+ ret = kerb_db_set_name (db_name);
+
+ /* this makes starting slave servers ~14.3 times easier */
+ if(ret && strcmp(argv[1], "load") == 0)
+ ret = kerb_db_create (db_name);
+
+ if(ret)
+ err (1, "Can't open database");
+
+ if (!strcmp(argv[1], "load"))
+ op = OP_LOAD;
+ else if (!strcmp(argv[1], "merge"))
+ op = OP_MERGE;
+ else if (!strcmp(argv[1], "dump"))
+ op = OP_DUMP;
+ else if (!strcmp(argv[1], "slave_dump"))
+ op = OP_SLAVE_DUMP;
+ else if (!strcmp(argv[1], "new_master_key"))
+ op = OP_NEW_MASTER;
+ else if (!strcmp(argv[1], "convert_old_db"))
+ op = OP_CONVERT_OLD_DB;
+ else {
+ warnx ("%s is an invalid operation.", argv[1]);
+ warnx ("Valid operations are \"load\", \"merge\", "
+ "\"dump\", \"slave_dump\", \"new_master_key\", "
+ "and \"convert_old_db\"");
+ return 1;
+ }
+
+ file_name = argv[2];
+ file = fopen(file_name, (op == OP_LOAD || op == OP_MERGE) ? "r" : "w");
+ if (file == NULL)
+ err (1, "open %s", argv[2]);
+
+ switch (op) {
+ case OP_DUMP:
+ if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
+ (fclose(file) == EOF))
+ err (1, "%s", file_name);
+ break;
+ case OP_SLAVE_DUMP:
+ if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
+ (fclose(file) == EOF))
+ err (1, "%s", file_name);
+ update_ok_file (file_name);
+ break;
+ case OP_LOAD:
+ load_db (db_name, file);
+ break;
+ case OP_MERGE:
+ merge_db (db_name, file);
+ break;
+ case OP_NEW_MASTER:
+ convert_new_master_key (db_name, file);
+ printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);
+ break;
+ case OP_CONVERT_OLD_DB:
+ convert_old_format_db (db_name, file);
+ printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);
+ break;
+ }
+ return 0;
+}
diff --git a/crypto/kerberosIV/admin/kstash.c b/crypto/kerberosIV/admin/kstash.c
new file mode 100644
index 000000000000..4595de58ef32
--- /dev/null
+++ b/crypto/kerberosIV/admin/kstash.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Description.
+ */
+
+#include "adm_locl.h"
+
+RCSID("$Id: kstash.c,v 1.10 1997/03/30 17:35:37 assar Exp $");
+
+/* change this later, but krblib_dbm needs it for now */
+
+static des_cblock master_key;
+static des_key_schedule master_key_schedule;
+
+static void
+clear_secrets(void)
+{
+ memset(master_key_schedule, 0, sizeof(master_key_schedule));
+ memset(master_key, 0, sizeof(master_key));
+}
+
+int
+main(int argc, char **argv)
+{
+ long n;
+ int ret = 0;
+ set_progname (argv[0]);
+
+ if ((n = kerb_init()))
+ errx(1, "Kerberos db and cache init failed = %ld\n", n);
+
+ if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
+ master_key_schedule) != 0) {
+ clear_secrets();
+ errx(1, "Couldn't read master key.");
+ }
+
+ if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) {
+ clear_secrets();
+ return 1;
+ }
+
+ ret = kdb_kstash(&master_key, MKEYFILE);
+ if(ret < 0)
+ warn("writing master key");
+ else
+ fprintf(stderr, "Wrote master key to %s\n", MKEYFILE);
+
+ clear_secrets();
+ return ret;
+}
diff --git a/crypto/kerberosIV/appl/Makefile.in b/crypto/kerberosIV/appl/Makefile.in
new file mode 100644
index 000000000000..c9512589525f
--- /dev/null
+++ b/crypto/kerberosIV/appl/Makefile.in
@@ -0,0 +1,43 @@
+# $Id: Makefile.in,v 1.27 1997/05/20 18:58:37 bg Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+SHELL = /bin/sh
+
+@SET_MAKE@
+
+SUBDIRS = sample kauth bsd movemail afsutil \
+ kpopper xnlock kx otp @APPL_KIP_DIR@ ftp telnet
+
+all:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+install:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+uninstall:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+clean:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+mostlyclean: clean
+
+distclean:
+ for i in $(SUBDIRS);\
+ do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+ rm -f Makefile *~
+
+realclean:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
+
+.PHONY: all install uninstall clean distclean realclean mostlyclean
diff --git a/crypto/kerberosIV/appl/bsd/Makefile.in b/crypto/kerberosIV/appl/bsd/Makefile.in
new file mode 100644
index 000000000000..57a810890094
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/Makefile.in
@@ -0,0 +1,135 @@
+# $Id: Makefile.in,v 1.56 1997/05/20 20:35:04 assar Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+
+topdir = ../..
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@ -DBINDIR='"$(bindir)"'
+CFLAGS = @CFLAGS@
+LD_FLAGS = @LD_FLAGS@
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+LIBS = @LIBS@
+LIB_DBM = @LIB_DBM@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+bindir = @bindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+# Beware, these are all setuid root programs
+PROG_SUIDBIN = rsh$(EXECSUFFIX) \
+ rcp$(EXECSUFFIX) \
+ rlogin$(EXECSUFFIX) \
+ su$(EXECSUFFIX)
+PROG_BIN = login$(EXECSUFFIX)
+PROG_LIBEXEC = rshd$(EXECSUFFIX) \
+ rlogind$(EXECSUFFIX)
+PROGS = $(PROG_SUIDBIN) $(PROG_BIN) $(PROG_LIBEXEC)
+
+SOURCES = rsh.c kcmd.c krcmd.c rlogin.c rcp.c rcp_util.c rshd.c \
+ login.c klogin.c login_access.c su.c rlogind.c iruserok.c \
+ login_fbtab.c forkpty.c sysv_default.c sysv_environ.c sysv_shadow.c \
+ utmp_login.c utmpx_login.c stty_default.c encrypt.c rcmd_util.c tty.c
+
+rsh_OBJS = rsh.o kcmd.o krcmd.o encrypt.o rcmd_util.o
+rcp_OBJS = rcp.o rcp_util.o kcmd.o krcmd.o encrypt.o rcmd_util.o
+rlogin_OBJS = rlogin.o kcmd.o krcmd.o encrypt.o rcmd_util.o
+login_OBJS = login.o klogin.o login_fbtab.o login_access.o \
+ sysv_default.o sysv_environ.o sysv_shadow.o \
+ utmp_login.o utmpx_login.o stty_default.o tty.o
+su_OBJS = su.o
+rshd_OBJS = rshd.o iruserok.o encrypt.o rcmd_util.o
+rlogind_OBJS = rlogind.o iruserok.o forkpty.o encrypt.o rcmd_util.o tty.o
+
+
+all: $(PROGS)
+
+Wall:
+ make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $<
+
+install: all
+ $(MKINSTALLDIRS) $(libexecdir)
+ for x in $(PROG_LIBEXEC); do \
+ $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x| sed '$(transform)'`; \
+ done
+ $(MKINSTALLDIRS) $(bindir)
+ for x in $(PROG_BIN); do \
+ $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x| sed '$(transform)'`; \
+ done
+ -for x in $(PROG_SUIDBIN); do \
+ $(INSTALL_PROGRAM) -o root -m 04555 $$x $(bindir)/`echo $$x| sed '$(transform)'`; \
+ done
+
+uninstall:
+ for x in $(PROG_LIBEXEC); do \
+ rm -f $(libexecdir)/`echo $$x| sed '$(transform)'`; \
+ done
+ for x in $(PROG_BIN); do \
+ rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \
+ done
+ for x in $(PROG_SUIDBIN); do \
+ rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \
+ done
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+check:
+
+clean:
+ rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+ rm -f Makefile *.tab.c *~
+
+realclean: distclean
+ rm -f TAGS
+
+dist: $(DISTFILES)
+ for file in $(DISTFILES); do \
+ ln $$file ../`cat ../.fname`/lib \
+ || cp -p $$file ../`cat ../.fname`/lib; \
+ done
+
+KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes
+KLIB_AFS=@KRB_KAFS_LIB@ $(KLIB)
+OTPLIB=-L../../lib/otp -lotp
+LIBROKEN=-L../../lib/roken -lroken
+
+rcp$(EXECSUFFIX): $(rcp_OBJS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rcp_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+rsh$(EXECSUFFIX): $(rsh_OBJS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rsh_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+rshd$(EXECSUFFIX): $(rshd_OBJS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rshd_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+rlogin$(EXECSUFFIX): $(rlogin_OBJS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogin_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+rlogind$(EXECSUFFIX): $(rlogind_OBJS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogind_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+login$(EXECSUFFIX): $(login_OBJS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(login_OBJS) $(OTPLIB) $(KLIB_AFS) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+
+su$(EXECSUFFIX): $(su_OBJS)
+ $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(su_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
diff --git a/crypto/kerberosIV/appl/bsd/README.login b/crypto/kerberosIV/appl/bsd/README.login
new file mode 100644
index 000000000000..c0729690a77f
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/README.login
@@ -0,0 +1,20 @@
+This login has additional functionalities. They are all based on (part of)
+Wietse Venema's logdaemon package.
+
+
+The following defines can be used:
+1) LOGIN_ACCESS to allow access control on a per tty/user combination
+2) LOGALL to log all logins
+
+-Guido
+
+This login has some of Berkeley's paranoid/broken (depending on your point
+of view) Kerberos code conditionalized out, so that by default it works like
+klogin does at MIT-LCS. You can define KLOGIN_PARANOID to re-enable this code.
+This define also controls whether a warning message is printed when logging
+into a system with no krb.conf file, which usually means that Kerberos is
+not configured.
+
+-GAWollman
+
+(removed S/Key, /assar)
diff --git a/crypto/kerberosIV/appl/bsd/bsd_locl.h b/crypto/kerberosIV/appl/bsd/bsd_locl.h
new file mode 100644
index 000000000000..d0b37aa56f66
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/bsd_locl.h
@@ -0,0 +1,380 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: bsd_locl.h,v 1.98 1997/05/25 01:14:17 assar Exp $ */
+
+#define LOGALL
+#define KERBEROS
+#define KLOGIN_PARANOID
+#define LOGIN_ACCESS
+#define PASSWD_FALLBACK
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+/* Any better way to test NO_MOTD? */
+#if (SunOS == 5) || defined(__hpux)
+#define NO_MOTD
+#endif
+
+#ifdef HAVE_SHADOW_H
+#define SYSV_SHADOW
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <setjmp.h>
+
+#include <stdarg.h>
+
+#include <errno.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#ifndef S_ISTXT
+#ifdef S_ISVTX
+#define S_ISTXT S_ISVTX
+#else
+#define S_ISTXT 0
+#endif
+#endif
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_DIRENT_H
+#include <dirent.h>
+#endif
+#include <signal.h>
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif /* HAVE_SYS_RESOURCE_H */
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifndef NCARGS
+#define NCARGS 0x100000 /* (absolute) max # characters in exec arglist */
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+#ifdef HAVE_UTIME_H
+#include <utime.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IP_H
+#include <netinet/ip.h>
+#endif
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_IOCCOM_H
+#include <sys/ioccom.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKIO_H
+#include <sys/sockio.h>
+#endif
+
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif
+
+#ifdef HAVE_SYS_STREAM_H
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif /* HAVE_SYS_UIO_H */
+#include <sys/stream.h>
+#endif /* HAVE_SYS_STREAM_H */
+
+#ifdef HAVE_SYS_PTYVAR_H
+#ifdef HAVE_SYS_PROC_H
+#include <sys/proc.h>
+#endif
+#ifdef HAVE_SYS_TTY_H
+#include <sys/tty.h>
+#endif
+#ifdef HAVE_SYS_PTYIO_H
+#include <sys/ptyio.h>
+#endif
+#include <sys/ptyvar.h>
+#endif /* HAVE_SYS_PTYVAR_H */
+
+/* Cray stuff */
+#ifdef HAVE_UDB_H
+#include <udb.h>
+#endif
+#ifdef HAVE_SYS_CATEGORY_H
+#include <sys/category.h>
+#endif
+
+/* Strange ioctls that are not always defined */
+
+#ifndef TIOCPKT_FLUSHWRITE
+#define TIOCPKT_FLUSHWRITE 0x02
+#endif
+
+#ifndef TIOCPKT_NOSTOP
+#define TIOCPKT_NOSTOP 0x10
+#endif
+
+#ifndef TIOCPKT_DOSTOP
+#define TIOCPKT_DOSTOP 0x20
+#endif
+
+#ifndef TIOCPKT
+#define TIOCPKT _IOW('t', 112, int) /* pty: set/clear packet mode */
+#endif
+
+#ifdef HAVE_LASTLOG_H
+#include <lastlog.h>
+#endif
+
+#ifdef HAVE_LOGIN_H
+#include <login.h>
+#endif
+
+#ifdef HAVE_TTYENT_H
+#include <ttyent.h>
+#endif
+
+#ifdef HAVE_STROPTS_H
+#include <stropts.h>
+#endif
+
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifndef UT_NAMESIZE
+#define UT_NAMESIZE sizeof(((struct utmp *)0)->ut_name)
+#endif
+
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+
+#ifdef HAVE_USERPW_H
+#include <userpw.h>
+#endif /* HAVE_USERPW_H */
+
+#ifdef HAVE_USERSEC_H
+#include <usersec.h>
+#endif /* HAVE_USERSEC_H */
+
+#ifndef PRIO_PROCESS
+#define PRIO_PROCESS 0
+#endif
+
+#include <err.h>
+
+#include <roken.h>
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <des.h>
+#include <krb.h>
+#include <kafs.h>
+
+int kcmd(int *sock, char **ahost, u_int16_t rport, char *locuser,
+ char *remuser, char *cmd, int *fd2p, KTEXT ticket,
+ char *service, char *realm, CREDENTIALS *cred,
+ Key_schedule schedule, MSG_DAT *msg_data,
+ struct sockaddr_in *laddr, struct sockaddr_in *faddr,
+ int32_t authopts);
+
+int krcmd(char **ahost, u_int16_t rport, char *remuser, char *cmd,
+ int *fd2p, char *realm);
+
+int krcmd_mutual(char **ahost, u_int16_t rport, char *remuser,
+ char *cmd,int *fd2p, char *realm,
+ CREDENTIALS *cred, Key_schedule sched);
+
+int klogin(struct passwd *pw, char *instance, char *localhost, char *password);
+
+typedef struct {
+ int cnt;
+ char *buf;
+} BUF;
+
+char *colon(char *cp);
+int okname(char *cp0);
+int susystem(char *s, int userid);
+
+int forkpty(int *amaster, char *name,
+ struct termios *termp, struct winsize *winp);
+
+#ifndef MODEMASK
+#define MODEMASK (S_ISUID|S_ISGID|S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO)
+#endif
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#ifdef HAVE_MAILLOCK_H
+#include <maillock.h>
+#endif
+#include "pathnames.h"
+
+void stty_default (void);
+
+int utmpx_login(char *line, char *user, char *host);
+
+extern char **environ;
+
+void sysv_newenv(int argc, char **argv, struct passwd *pwd,
+ char *term, int pflag);
+
+int login_access(char *user, char *from);
+#ifndef HAVE_IRUSEROK
+int iruserok(u_int32_t raddr, int superuser, const char *ruser,
+ const char *luser);
+#endif
+void fatal(int f, const char *msg, int syserr);
+
+extern int LEFT_JUSTIFIED;
+int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
+ des_cblock *iv);
+int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
+ des_cblock *iv);
+
+void sysv_defaults(void);
+void utmp_login(char *tty, char *username, char *hostname);
+void sleepexit (int);
+
+#ifndef HAVE_SETPRIORITY
+#define setpriority(which, who, niceval) 0
+#endif
+
+#ifndef HAVE_GETPRIORITY
+#define getpriority(which, who) 0
+#endif
+
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#endif
+
+#ifndef _POSIX_VDISABLE
+#define _POSIX_VDISABLE 0
+#endif /* _POSIX_VDISABLE */
+#if SunOS == 4
+#include <sys/ttold.h>
+#endif
+
+#if defined(_AIX)
+#include <sys/termio.h>
+#endif
+
+#ifndef CEOF
+#define CEOF 04
+#endif
+
+/* concession to Sun */
+#ifndef SIGUSR1
+#define SIGUSR1 30
+#endif
+
+#ifndef TIOCPKT_WINDOW
+#define TIOCPKT_WINDOW 0x80
+#endif
+
+int get_shell_port(int kerberos, int encryption);
+int get_login_port(int kerberos, int encryption);
+int speed_t2int (speed_t);
+speed_t int2speed_t (int);
+void ip_options_and_die (int sock, struct sockaddr_in *);
+void warning(const char *fmt, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+
+char *clean_ttyname (char *tty);
+char *make_id (char *tty);
+void prepare_utmp (struct utmp *utmp, char *tty, char *username,
+ char *hostname);
diff --git a/crypto/kerberosIV/appl/bsd/encrypt.c b/crypto/kerberosIV/appl/bsd/encrypt.c
new file mode 100644
index 000000000000..b74f329c4d79
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/encrypt.c
@@ -0,0 +1,311 @@
+/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+ * All rights reserved.
+ *
+ * This file is part of an SSL implementation written
+ * by Eric Young (eay@mincom.oz.au).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification. This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed. If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Eric Young (eay@mincom.oz.au)
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: encrypt.c,v 1.3 1996/04/30 13:50:54 bg Exp $");
+
+#undef BSIZE
+
+/* used in des_read and des_write */
+#define MAXWRITE (1024*16)
+#define BSIZE (MAXWRITE+4)
+
+/* replacements for htonl and ntohl since I have no idea what to do
+ * when faced with machines with 8 byte longs. */
+#define HDRSIZE 4
+
+#define n2l(c,l) (l =((u_int32_t)(*((c)++)))<<24, \
+ l|=((u_int32_t)(*((c)++)))<<16, \
+ l|=((u_int32_t)(*((c)++)))<< 8, \
+ l|=((u_int32_t)(*((c)++))))
+
+#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+/* This has some uglies in it but it works - even over sockets. */
+extern int errno;
+int des_rw_mode=DES_PCBC_MODE;
+int LEFT_JUSTIFIED = 0;
+
+int
+des_enc_read(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv)
+{
+ /* data to be unencrypted */
+ int net_num=0;
+ unsigned char net[BSIZE];
+ /* extra unencrypted data
+ * for when a block of 100 comes in but is des_read one byte at
+ * a time. */
+ static char unnet[BSIZE];
+ static int unnet_start=0;
+ static int unnet_left=0;
+ int i;
+ long num=0,rnum;
+ unsigned char *p;
+
+ /* left over data from last decrypt */
+ if (unnet_left != 0)
+ {
+ if (unnet_left < len)
+ {
+ /* we still still need more data but will return
+ * with the number of bytes we have - should always
+ * check the return value */
+ memcpy(buf,&(unnet[unnet_start]),unnet_left);
+ /* eay 26/08/92 I had the next 2 lines
+ * reversed :-( */
+ i=unnet_left;
+ unnet_start=unnet_left=0;
+ }
+ else
+ {
+ memcpy(buf,&(unnet[unnet_start]),len);
+ unnet_start+=len;
+ unnet_left-=len;
+ i=len;
+ }
+ return(i);
+ }
+
+ /* We need to get more data. */
+ if (len > MAXWRITE) len=MAXWRITE;
+
+ /* first - get the length */
+ net_num=0;
+ while (net_num < HDRSIZE)
+ {
+ i=read(fd,&(net[net_num]),(unsigned int)HDRSIZE-net_num);
+ if ((i == -1) && (errno == EINTR)) continue;
+ if (i <= 0) return(0);
+ net_num+=i;
+ }
+
+ /* we now have at net_num bytes in net */
+ p=net;
+ num=0;
+ n2l(p,num);
+ /* num should be rounded up to the next group of eight
+ * we make sure that we have read a multiple of 8 bytes from the net.
+ */
+ if ((num > MAXWRITE) || (num < 0)) /* error */
+ return(-1);
+ rnum=(num < 8)?8:((num+7)/8*8);
+
+ net_num=0;
+ while (net_num < rnum)
+ {
+ i=read(fd,&(net[net_num]),(unsigned int)rnum-net_num);
+ if ((i == -1) && (errno == EINTR)) continue;
+ if (i <= 0) return(0);
+ net_num+=i;
+ }
+
+ /* Check if there will be data left over. */
+ if (len < num)
+ {
+ if (des_rw_mode & DES_PCBC_MODE)
+ des_pcbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
+ num,sched,iv,DES_DECRYPT);
+ else
+ des_cbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
+ num,sched,iv,DES_DECRYPT);
+ memcpy(buf,unnet,len);
+ unnet_start=len;
+ unnet_left=num-len;
+
+ /* The following line is done because we return num
+ * as the number of bytes read. */
+ num=len;
+ }
+ else
+ {
+ /* >output is a multiple of 8 byes, if len < rnum
+ * >we must be careful. The user must be aware that this
+ * >routine will write more bytes than he asked for.
+ * >The length of the buffer must be correct.
+ * FIXED - Should be ok now 18-9-90 - eay */
+ if (len < rnum)
+ {
+ char tmpbuf[BSIZE];
+
+ if (des_rw_mode & DES_PCBC_MODE)
+ des_pcbc_encrypt((des_cblock *)net,
+ (des_cblock *)tmpbuf,
+ num,sched,iv,DES_DECRYPT);
+ else
+ des_cbc_encrypt((des_cblock *)net,
+ (des_cblock *)tmpbuf,
+ num,sched,iv,DES_DECRYPT);
+
+ /* eay 26/08/92 fix a bug that returned more
+ * bytes than you asked for (returned len bytes :-( */
+ if (LEFT_JUSTIFIED || (len >= 8))
+ memcpy(buf,tmpbuf,num);
+ else
+ memcpy(buf,tmpbuf+(8-num),num); /* Right justified */
+ }
+ else if (num >= 8)
+ {
+ if (des_rw_mode & DES_PCBC_MODE)
+ des_pcbc_encrypt((des_cblock *)net,
+ (des_cblock *)buf,num,sched,iv,
+ DES_DECRYPT);
+ else
+ des_cbc_encrypt((des_cblock *)net,
+ (des_cblock *)buf,num,sched,iv,
+ DES_DECRYPT);
+ }
+ else
+ {
+ if (des_rw_mode & DES_PCBC_MODE)
+ des_pcbc_encrypt((des_cblock *)net,
+ (des_cblock *)buf,8,sched,iv,
+ DES_DECRYPT);
+ else
+ des_cbc_encrypt((des_cblock *)net,
+ (des_cblock *)buf,8,sched,iv,
+ DES_DECRYPT);
+ if (!LEFT_JUSTIFIED)
+ memcpy(buf, buf+(8-num), num); /* Right justified */
+ }
+ }
+ return(num);
+}
+
+int
+des_enc_write(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv)
+{
+ long rnum;
+ int i,j,k,outnum;
+ char outbuf[BSIZE+HDRSIZE];
+ char shortbuf[8];
+ char *p;
+ static int start=1;
+
+ /* If we are sending less than 8 bytes, the same char will look
+ * the same if we don't pad it out with random bytes */
+ if (start)
+ {
+ start=0;
+ srand(time(NULL));
+ }
+
+ /* lets recurse if we want to send the data in small chunks */
+ if (len > MAXWRITE)
+ {
+ j=0;
+ for (i=0; i<len; i+=k)
+ {
+ k=des_enc_write(fd,&(buf[i]),
+ ((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv);
+ if (k < 0)
+ return(k);
+ else
+ j+=k;
+ }
+ return(j);
+ }
+
+ /* write length first */
+ p=outbuf;
+ l2n(len,p);
+
+ /* pad short strings */
+ if (len < 8)
+ {
+ if (LEFT_JUSTIFIED)
+ {
+ p=shortbuf;
+ memcpy(shortbuf,buf,(unsigned int)len);
+ for (i=len; i<8; i++)
+ shortbuf[i]=rand();
+ rnum=8;
+ }
+ else
+ {
+ p=shortbuf;
+ for (i=0; i<8-len; i++)
+ shortbuf[i]=rand();
+ memcpy(shortbuf + 8 - len, buf, len);
+ rnum=8;
+ }
+ }
+ else
+ {
+ p=buf;
+ rnum=((len+7)/8*8); /* round up to nearest eight */
+ }
+
+ if (des_rw_mode & DES_PCBC_MODE)
+ des_pcbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]),
+ (long)((len<8)?8:len),sched,iv,DES_ENCRYPT);
+ else
+ des_cbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]),
+ (long)((len<8)?8:len),sched,iv,DES_ENCRYPT);
+
+ /* output */
+ outnum=rnum+HDRSIZE;
+
+ for (j=0; j<outnum; j+=i)
+ {
+ /* eay 26/08/92 I was not doing writing from where we
+ * got upto. */
+ i=write(fd,&(outbuf[j]),(unsigned int)(outnum-j));
+ if (i == -1)
+ {
+ if (errno == EINTR)
+ i=0;
+ else /* This is really a bad error - very bad
+ * It will stuff-up both ends. */
+ return(-1);
+ }
+ }
+
+ return(len);
+}
diff --git a/crypto/kerberosIV/appl/bsd/forkpty.c b/crypto/kerberosIV/appl/bsd/forkpty.c
new file mode 100644
index 000000000000..5c0aaafa40aa
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/forkpty.c
@@ -0,0 +1,461 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+#ifndef HAVE_FORKPTY
+
+RCSID("$Id: forkpty.c,v 1.52 1997/05/25 07:37:01 assar Exp $");
+
+/* Only CRAY is known to have problems with forkpty(). */
+#if defined(CRAY)
+static int forkpty_ok = 0;
+#else
+static int forkpty_ok = 1;
+#endif
+
+#ifndef HAVE_PTSNAME
+static char *ptsname(int fd)
+{
+#ifdef HAVE_TTYNAME
+ return ttyname(fd);
+#else
+ return NULL;
+#endif
+}
+#endif
+
+#ifndef HAVE_GRANTPT
+#define grantpt(fdm) (0)
+#endif
+
+#ifndef HAVE_UNLOCKPT
+#define unlockpt(fdm) (0)
+#endif
+
+#ifndef HAVE_VHANGUP
+#define vhangup() (0)
+#endif
+
+#ifndef HAVE_REVOKE
+static
+void
+revoke(char *line)
+{
+ int slave;
+ RETSIGTYPE (*ofun)();
+
+ if ( (slave = open(line, O_RDWR)) < 0)
+ return;
+
+ ofun = signal(SIGHUP, SIG_IGN);
+ vhangup();
+ signal(SIGHUP, ofun);
+ /*
+ * Some systems (atleast SunOS4) want to have the slave end open
+ * at all times to prevent a race in the child. Login will close
+ * it so it should really not be a problem. However for the
+ * paranoid we use the close on exec flag so it will only be open
+ * in the parent. Additionally since this will be the controlling
+ * tty of rlogind the final vhangup() in rlogind should hangup all
+ * processes. A working revoke would of course have been prefered
+ * though (sigh).
+ */
+ fcntl(slave, F_SETFD, 1);
+ /* close(slave); */
+}
+#endif
+
+
+static int pty_major, pty_minor;
+
+static void
+pty_scan_start(void)
+{
+ pty_major = -1;
+ pty_minor = 0;
+}
+
+static char *bsd_1 = "0123456789abcdefghijklmnopqrstuv";
+/* there are many more */
+static char *bsd_2 = "pqrstuvwxyzabcdefghijklmnoABCDEFGHIJKLMNOPQRSTUVWXYZ";
+
+static int
+pty_scan_next(char *buf, size_t sz)
+{
+#ifdef CRAY
+ if(++pty_major >= sysconf(_SC_CRAY_NPTY))
+ return -1;
+ snprintf(buf, sz, "/dev/pty/%03d", pty_major);
+#else
+ if(++pty_major == strlen(bsd_1)){
+ pty_major = 0;
+ if(++pty_minor == strlen(bsd_2))
+ return -1;
+ }
+#ifdef __hpux
+ snprintf(buf, sz, "/dev/ptym/pty%c%c", bsd_2[pty_major], bsd_1[pty_minor]);
+#else
+ snprintf(buf, sz, "/dev/pty%c%c", bsd_2[pty_major], bsd_1[pty_minor]);
+#endif /* __hpux */
+#endif /* CRAY */
+ return 0;
+}
+
+static void
+pty_scan_tty(char *buf, size_t sz)
+{
+#ifdef CRAY
+ snprintf(buf, sz, "/dev/ttyp%03d", pty_major);
+#elif defined(__hpux)
+ snprintf(buf, sz, "/dev/pty/tty%c%c", bsd_2[pty_major], bsd_1[pty_minor]);
+#else
+ snprintf(buf, sz, "/dev/tty%c%c", bsd_2[pty_major], bsd_1[pty_minor]);
+#endif
+}
+
+static int
+ptym_open_streams_flavor(char *pts_name, int *streams_pty)
+{
+ /* Try clone device master ptys */
+ const char *const clone[] = { "/dev/ptc", "/dev/ptmx",
+ "/dev/ptm", "/dev/ptym/clone", 0 };
+ int fdm;
+ const char *const *q;
+
+ for (q = clone; *q; q++) {
+ fdm = open(*q, O_RDWR);
+ if (fdm >= 0)
+ break;
+ }
+ if (fdm >= 0) {
+ char *ptr1;
+ if ((ptr1 = ptsname(fdm)) != NULL) /* Get slave's name */
+ strcpy(pts_name, ptr1); /* Return name of slave */
+ else {
+ close(fdm);
+ return(-4);
+ }
+ if (grantpt(fdm) < 0) { /* Grant access to slave */
+ close(fdm);
+ return(-2);
+ }
+ if (unlockpt(fdm) < 0) { /* Clear slave's lock flag */
+ close(fdm);
+ return(-3);
+ }
+ return(fdm); /* return fd of master */
+ }
+ return -1;
+}
+
+static int
+ptym_open_bsd_flavor(char *pts_name, int *streams_pty)
+{
+ int fdm;
+ char ptm[MaxPathLen];
+
+ pty_scan_start();
+
+ while (pty_scan_next(ptm, sizeof(ptm)) != -1) {
+ fdm = open(ptm, O_RDWR);
+ if (fdm < 0)
+ continue;
+#if SunOS == 4
+ /* Avoid a bug in SunOS4 ttydriver */
+ if (fdm > 0) {
+ int pgrp;
+ if ((ioctl(fdm, TIOCGPGRP, &pgrp) == -1)
+ && (errno == EIO))
+ /* All fine */;
+ else {
+ close(fdm);
+ continue;
+ }
+ }
+#endif
+ pty_scan_tty(pts_name, sizeof(ptm));
+#if CRAY
+ /* this is some magic from the telnet code */
+ {
+ struct stat sb;
+ if(stat(pts_name, &sb) < 0) {
+ close(fdm);
+ continue;
+ }
+ if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) {
+ chown(pts_name, 0, 0);
+ chmod(pts_name, 0600);
+ close(fdm);
+ fdm = open(ptm, 2);
+ if (fdm < 0)
+ continue;
+ }
+ }
+ /*
+ * Now it should be safe...check for accessability.
+ */
+ if (access(pts_name, 6) != 0){
+ /* no tty side to pty so skip it */
+ close(fdm);
+ continue;
+ }
+#endif
+ return fdm; /* All done! */
+ }
+
+ /* We failed to find BSD style pty */
+ errno = ENOENT;
+ return -1;
+}
+
+/*
+ *
+ * Open a master pty either using the STREAM flavor or the BSD flavor.
+ * Depending on if there are any free ptys in the different classes we
+ * need to try both. Normally try STREAMS first and then BSD.
+ *
+ * Kludge alert: Under HP-UX 10 and perhaps other systems STREAM ptys
+ * doesn't get initialized properly so we try them in different order
+ * until the problem has been resolved.
+ *
+ */
+static int
+ptym_open(char *pts_name, size_t pts_name_sz, int *streams_pty)
+{
+ int fdm;
+
+#ifdef HAVE__GETPTY
+ {
+ char *p = _getpty(&fdm, O_RDWR, 0600, 1);
+ if (p) {
+ *streams_pty = 1;
+ strcpy (pts_name, p);
+ return fdm;
+ }
+ }
+#endif
+
+#ifdef STREAMSPTY
+ fdm = ptym_open_streams_flavor(pts_name, streams_pty);
+ if (fdm >= 0)
+ {
+ *streams_pty = 1;
+ return fdm;
+ }
+#endif
+
+ fdm = ptym_open_bsd_flavor(pts_name, streams_pty);
+ if (fdm >= 0)
+ {
+ *streams_pty = 0;
+ return fdm;
+ }
+
+#ifndef STREAMSPTY
+ fdm = ptym_open_streams_flavor(pts_name, streams_pty);
+ if (fdm >= 0)
+ {
+ *streams_pty = 1;
+ return fdm;
+ }
+#endif
+
+ return -1;
+}
+
+static int
+maybe_push_modules(int fd, char **modules)
+{
+#ifdef I_PUSH
+ char **p;
+ int err;
+
+ for(p=modules; *p; p++){
+ err=ioctl(fd, I_FIND, *p);
+ if(err == 1)
+ break;
+ if(err < 0 && errno != EINVAL)
+ return -17;
+ /* module not pushed or does not exist */
+ }
+ /* p points to null or to an already pushed module, now push all
+ modules before this one */
+
+ for(p--; p >= modules; p--){
+ err = ioctl(fd, I_PUSH, *p);
+ if(err < 0 && errno != EINVAL)
+ return -17;
+ }
+#endif
+ return 0;
+}
+
+static int
+ptys_open(int fdm, char *pts_name, int streams_pty)
+{
+ int fds;
+
+ if (streams_pty) {
+ /* Streams style slave ptys */
+ if ( (fds = open(pts_name, O_RDWR)) < 0) {
+ close(fdm);
+ return(-5);
+ }
+
+ {
+ char *ttymodules[] = { "ttcompat", "ldterm", "ptem", NULL };
+ char *ptymodules[] = { "pckt", NULL };
+
+ if(maybe_push_modules(fds, ttymodules)<0){
+ close(fdm);
+ close(fds);
+ return -6;
+ }
+ if(maybe_push_modules(fdm, ptymodules)<0){
+ close(fdm);
+ close(fds);
+ return -7;
+ }
+ }
+ } else {
+ /* BSD style slave ptys */
+ struct group *grptr;
+ int gid;
+ if ( (grptr = getgrnam("tty")) != NULL)
+ gid = grptr->gr_gid;
+ else
+ gid = -1; /* group tty is not in the group file */
+
+ /* Grant access to slave */
+ chown(pts_name, getuid(), gid);
+ chmod(pts_name, S_IRUSR | S_IWUSR | S_IWGRP);
+
+ if ( (fds = open(pts_name, O_RDWR)) < 0) {
+ close(fdm);
+ return(-1);
+ }
+ }
+ return(fds);
+}
+
+int
+forkpty(int *ptrfdm,
+ char *slave_name,
+ struct termios *slave_termios,
+ struct winsize *slave_winsize)
+{
+ int fdm, fds, streams_pty;
+ pid_t pid;
+ char pts_name[20];
+
+ if (!forkpty_ok)
+ fatal(0, "Protocol not yet supported, use telnet", 0);
+
+ if ( (fdm = ptym_open(pts_name, sizeof(pts_name), &streams_pty)) < 0)
+ return -1;
+
+ if (slave_name != NULL)
+ strcpy(slave_name, pts_name); /* Return name of slave */
+
+ pid = fork();
+ if (pid < 0)
+ return(-1);
+ else if (pid == 0) { /* Child */
+ if (setsid() < 0)
+ fatal(0, "setsid() failure", errno);
+
+ revoke(slave_name);
+
+#if defined(NeXT) || defined(ultrix)
+ /* The NeXT is severely broken, this makes things slightly
+ * better but we still doesn't get a working pty. If there
+ * where a TIOCSCTTY we could perhaps fix things but... The
+ * same problem also exists in xterm! */
+ if (setpgrp(0, 0) < 0)
+ fatal(0, "NeXT kludge failed setpgrp", errno);
+#endif
+
+ /* SVR4 acquires controlling terminal on open() */
+ if ( (fds = ptys_open(fdm, pts_name, streams_pty)) < 0)
+ return -1;
+ close(fdm); /* All done with master in child */
+
+#if defined(TIOCSCTTY) && !defined(CIBAUD) && !defined(__hpux)
+ /* 44BSD way to acquire controlling terminal */
+ /* !CIBAUD to avoid doing this under SunOS */
+ if (ioctl(fds, TIOCSCTTY, (char *) 0) < 0)
+ return -1;
+#endif
+#if defined(NeXT)
+ {
+ int t = open("/dev/tty", O_RDWR);
+ if (t < 0)
+ fatal(0, "Failed to open /dev/tty", errno);
+ close(fds);
+ fds = t;
+ }
+#endif
+ /* Set slave's termios and window size */
+ if (slave_termios != NULL) {
+ if (tcsetattr(fds, TCSANOW, slave_termios) < 0)
+ return -1;
+ }
+#ifdef TIOCSWINSZ
+ if (slave_winsize != NULL) {
+ if (ioctl(fds, TIOCSWINSZ, slave_winsize) < 0)
+ return -1;
+ }
+#endif
+ /* slave becomes stdin/stdout/stderr of child */
+ if (dup2(fds, STDIN_FILENO) != STDIN_FILENO)
+ return -1;
+ if (dup2(fds, STDOUT_FILENO) != STDOUT_FILENO)
+ return -1;
+ if (dup2(fds, STDERR_FILENO) != STDERR_FILENO)
+ return -1;
+ if (fds > STDERR_FILENO)
+ close(fds);
+ return(0); /* child returns 0 just like fork() */
+ }
+ else { /* Parent */
+ *ptrfdm = fdm; /* Return fd of master */
+ return(pid); /* Parent returns pid of child */
+ }
+}
+#endif /* HAVE_FORKPTY */
diff --git a/crypto/kerberosIV/appl/bsd/iruserok.c b/crypto/kerberosIV/appl/bsd/iruserok.c
new file mode 100644
index 000000000000..8349d8526ab8
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/iruserok.c
@@ -0,0 +1,279 @@
+/*
+ * Copyright (c) 1983, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: iruserok.c,v 1.15 1997/03/23 04:54:00 assar Exp $");
+
+#ifndef HAVE_IRUSEROK
+
+int __check_rhosts_file = 1;
+char *__rcmd_errstr = 0;
+
+/*
+ * Returns "true" if match, 0 if no match.
+ */
+static
+int
+__icheckhost(u_int32_t raddr, const char *lhost)
+{
+ struct hostent *hp;
+ u_long laddr;
+ char **pp;
+
+ /* Try for raw ip address first. */
+ if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1)
+ return (raddr == laddr);
+
+ /* Better be a hostname. */
+ if ((hp = gethostbyname(lhost)) == NULL)
+ return (0);
+
+ /* Spin through ip addresses. */
+ for (pp = hp->h_addr_list; *pp; ++pp)
+ if (memcmp(&raddr, *pp, sizeof(u_long)) == 0)
+ return (1);
+
+ /* No match. */
+ return (0);
+}
+
+#ifndef HAVE_INNETGR
+static int
+innetgr(const char *netgroup, const char *machine,
+ const char *user, const char *domain)
+{
+ return 0;
+}
+#endif
+
+/*
+ * Returns 0 if ok, -1 if not ok.
+ */
+static
+int
+__ivaliduser(FILE *hostf, u_int32_t raddr, const char *luser,
+ const char *ruser)
+{
+ char *user, *p;
+ int ch;
+ char buf[MaxHostNameLen + 128]; /* host + login */
+ char hname[MaxHostNameLen];
+ struct hostent *hp;
+ /* Presumed guilty until proven innocent. */
+ int userok = 0, hostok = 0;
+#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
+ char *ypdomain;
+
+ if (yp_get_default_domain(&ypdomain))
+ ypdomain = NULL;
+#else
+#define ypdomain NULL
+#endif
+ /* We need to get the damn hostname back for netgroup matching. */
+ if ((hp = gethostbyaddr((char *)&raddr,
+ sizeof(u_long),
+ AF_INET)) == NULL)
+ return (-1);
+ strncpy(hname, hp->h_name, sizeof(hname));
+ hname[sizeof(hname) - 1] = '\0';
+
+ while (fgets(buf, sizeof(buf), hostf)) {
+ p = buf;
+ /* Skip lines that are too long. */
+ if (strchr(p, '\n') == NULL) {
+ while ((ch = getc(hostf)) != '\n' && ch != EOF);
+ continue;
+ }
+ if (*p == '\n' || *p == '#') {
+ /* comment... */
+ continue;
+ }
+ while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
+ *p = isupper(*p) ? tolower(*p) : *p;
+ p++;
+ }
+ if (*p == ' ' || *p == '\t') {
+ *p++ = '\0';
+ while (*p == ' ' || *p == '\t')
+ p++;
+ user = p;
+ while (*p != '\n' && *p != ' ' &&
+ *p != '\t' && *p != '\0')
+ p++;
+ } else
+ user = p;
+ *p = '\0';
+ /*
+ * Do +/- and +@/-@ checking. This looks really nasty,
+ * but it matches SunOS's behavior so far as I can tell.
+ */
+ switch(buf[0]) {
+ case '+':
+ if (!buf[1]) { /* '+' matches all hosts */
+ hostok = 1;
+ break;
+ }
+ if (buf[1] == '@') /* match a host by netgroup */
+ hostok = innetgr((char *)&buf[2],
+ (char *)&hname, NULL, ypdomain);
+ else /* match a host by addr */
+ hostok = __icheckhost(raddr,(char *)&buf[1]);
+ break;
+ case '-': /* reject '-' hosts and all their users */
+ if (buf[1] == '@') {
+ if (innetgr((char *)&buf[2],
+ (char *)&hname, NULL, ypdomain))
+ return(-1);
+ } else {
+ if (__icheckhost(raddr,(char *)&buf[1]))
+ return(-1);
+ }
+ break;
+ default: /* if no '+' or '-', do a simple match */
+ hostok = __icheckhost(raddr, buf);
+ break;
+ }
+ switch(*user) {
+ case '+':
+ if (!*(user+1)) { /* '+' matches all users */
+ userok = 1;
+ break;
+ }
+ if (*(user+1) == '@') /* match a user by netgroup */
+ userok = innetgr(user+2, NULL, (char *)ruser,
+ ypdomain);
+ else /* match a user by direct specification */
+ userok = !(strcmp(ruser, user+1));
+ break;
+ case '-': /* if we matched a hostname, */
+ if (hostok) { /* check for user field rejections */
+ if (!*(user+1))
+ return(-1);
+ if (*(user+1) == '@') {
+ if (innetgr(user+2, NULL,
+ (char *)ruser, ypdomain))
+ return(-1);
+ } else {
+ if (!strcmp(ruser, user+1))
+ return(-1);
+ }
+ }
+ break;
+ default: /* no rejections: try to match the user */
+ if (hostok)
+ userok = !(strcmp(ruser,*user ? user : luser));
+ break;
+ }
+ if (hostok && userok)
+ return(0);
+ }
+ return (-1);
+}
+
+/*
+ * New .rhosts strategy: We are passed an ip address. We spin through
+ * hosts.equiv and .rhosts looking for a match. When the .rhosts only
+ * has ip addresses, we don't have to trust a nameserver. When it
+ * contains hostnames, we spin through the list of addresses the nameserver
+ * gives us and look for a match.
+ *
+ * Returns 0 if ok, -1 if not ok.
+ */
+int
+iruserok(u_int32_t raddr, int superuser, const char *ruser, const char *luser)
+{
+ char *cp;
+ struct stat sbuf;
+ struct passwd *pwd;
+ FILE *hostf;
+ uid_t uid;
+ int first;
+ char pbuf[MaxPathLen];
+
+ first = 1;
+ hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
+again:
+ if (hostf) {
+ if (__ivaliduser(hostf, raddr, luser, ruser) == 0) {
+ fclose(hostf);
+ return (0);
+ }
+ fclose(hostf);
+ }
+ if (first == 1 && (__check_rhosts_file || superuser)) {
+ first = 0;
+ if ((pwd = k_getpwnam((char*)luser)) == NULL)
+ return (-1);
+ strcpy(pbuf, pwd->pw_dir);
+ strcat(pbuf, "/.rhosts");
+
+ /*
+ * Change effective uid while opening .rhosts. If root and
+ * reading an NFS mounted file system, can't read files that
+ * are protected read/write owner only.
+ */
+ uid = geteuid();
+ seteuid(pwd->pw_uid);
+ hostf = fopen(pbuf, "r");
+ seteuid(uid);
+
+ if (hostf == NULL)
+ return (-1);
+ /*
+ * If not a regular file, or is owned by someone other than
+ * user or root or if writeable by anyone but the owner, quit.
+ */
+ cp = NULL;
+ if (lstat(pbuf, &sbuf) < 0)
+ cp = ".rhosts lstat failed";
+ else if (!S_ISREG(sbuf.st_mode))
+ cp = ".rhosts not regular file";
+ else if (fstat(fileno(hostf), &sbuf) < 0)
+ cp = ".rhosts fstat failed";
+ else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
+ cp = "bad .rhosts owner";
+ else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
+ cp = ".rhosts writeable by other than owner";
+ /* If there were any problems, quit. */
+ if (cp) {
+ __rcmd_errstr = cp;
+ fclose(hostf);
+ return (-1);
+ }
+ goto again;
+ }
+ return (-1);
+}
+
+#endif /* !HAVE_IRUSEROK */
diff --git a/crypto/kerberosIV/appl/bsd/kcmd.c b/crypto/kerberosIV/appl/bsd/kcmd.c
new file mode 100644
index 000000000000..9fa7ab285aac
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/kcmd.c
@@ -0,0 +1,270 @@
+/*
+ * Copyright (c) 1983, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: kcmd.c,v 1.19 1997/05/02 14:27:42 assar Exp $");
+
+#define START_PORT 5120 /* arbitrary */
+
+static int
+getport(int *alport)
+{
+ struct sockaddr_in sin;
+ int s;
+
+ sin.sin_family = AF_INET;
+ sin.sin_addr.s_addr = INADDR_ANY;
+ s = socket(AF_INET, SOCK_STREAM, 0);
+ if (s < 0)
+ return (-1);
+ for (;;) {
+ sin.sin_port = htons((u_short)*alport);
+ if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
+ return (s);
+ if (errno != EADDRINUSE) {
+ close(s);
+ return (-1);
+ }
+ (*alport)--;
+#ifdef ATHENA_COMPAT
+ if (*alport == IPPORT_RESERVED/2) {
+#else
+ if (*alport == IPPORT_RESERVED) {
+#endif
+ close(s);
+ errno = EAGAIN; /* close */
+ return (-1);
+ }
+ }
+}
+
+int
+kcmd(int *sock,
+ char **ahost,
+ u_int16_t rport,
+ char *locuser,
+ char *remuser,
+ char *cmd,
+ int *fd2p,
+ KTEXT ticket,
+ char *service,
+ char *realm,
+ CREDENTIALS *cred,
+ Key_schedule schedule,
+ MSG_DAT *msg_data,
+ struct sockaddr_in *laddr,
+ struct sockaddr_in *faddr,
+ int32_t authopts)
+{
+ int s, timo = 1;
+ pid_t pid;
+ struct sockaddr_in sin, from;
+ char c;
+#ifdef ATHENA_COMPAT
+ int lport = IPPORT_RESERVED - 1;
+#else
+ int lport = START_PORT;
+#endif
+ struct hostent *hp;
+ int rc;
+ char *host_save;
+ int status;
+
+ pid = getpid();
+ hp = gethostbyname(*ahost);
+ if (hp == NULL) {
+ /* fprintf(stderr, "%s: unknown host\n", *ahost); */
+ return (-1);
+ }
+
+ host_save = strdup(hp->h_name);
+ if (host_save == NULL)
+ return -1;
+ *ahost = host_save;
+
+ /* If realm is null, look up from table */
+ if (realm == NULL || realm[0] == '\0')
+ realm = krb_realmofhost(host_save);
+
+ for (;;) {
+ s = getport(&lport);
+ if (s < 0) {
+ if (errno == EAGAIN)
+ warnx("kcmd(socket): All ports in use\n");
+ else
+ warn("kcmd: socket");
+ return (-1);
+ }
+ sin.sin_family = hp->h_addrtype;
+ memcpy (&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr));
+ sin.sin_port = rport;
+ if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
+ break;
+ close(s);
+ if (errno == EADDRINUSE) {
+ lport--;
+ continue;
+ }
+ /*
+ * don't wait very long for Kerberos rcmd.
+ */
+ if (errno == ECONNREFUSED && timo <= 4) {
+ /* sleep(timo); don't wait at all here */
+ timo *= 2;
+ continue;
+ }
+ if (hp->h_addr_list[1] != NULL) {
+ warn ("kcmd: connect (%s)",
+ inet_ntoa(sin.sin_addr));
+ hp->h_addr_list++;
+ memcpy(&sin.sin_addr,
+ hp->h_addr_list[0],
+ sizeof(sin.sin_addr));
+ fprintf(stderr, "Trying %s...\n",
+ inet_ntoa(sin.sin_addr));
+ continue;
+ }
+ if (errno != ECONNREFUSED)
+ warn ("connect(%s)", hp->h_name);
+ return (-1);
+ }
+ lport--;
+ if (fd2p == 0) {
+ write(s, "", 1);
+ lport = 0;
+ } else {
+ char num[8];
+ int s2 = getport(&lport), s3;
+ int len = sizeof(from);
+
+ if (s2 < 0) {
+ status = -1;
+ goto bad;
+ }
+ listen(s2, 1);
+ snprintf(num, sizeof(num), "%d", lport);
+ if (write(s, num, strlen(num) + 1) != strlen(num) + 1) {
+ warn("kcmd(write): setting up stderr");
+ close(s2);
+ status = -1;
+ goto bad;
+ }
+ {
+ fd_set fds;
+ FD_ZERO(&fds);
+ FD_SET(s, &fds);
+ FD_SET(s2, &fds);
+ status = select(FD_SETSIZE, &fds, NULL, NULL, NULL);
+ if(FD_ISSET(s, &fds)){
+ warnx("kcmd: connection unexpectedly closed.");
+ close(s2);
+ status = -1;
+ goto bad;
+ }
+ }
+ s3 = accept(s2, (struct sockaddr *)&from, &len);
+ close(s2);
+ if (s3 < 0) {
+ warn ("kcmd: accept");
+ lport = 0;
+ status = -1;
+ goto bad;
+ }
+
+ *fd2p = s3;
+ from.sin_port = ntohs((u_short)from.sin_port);
+ if (from.sin_family != AF_INET ||
+ from.sin_port >= IPPORT_RESERVED) {
+ warnx("kcmd(socket): "
+ "protocol failure in circuit setup.");
+ status = -1;
+ goto bad2;
+ }
+ }
+ /*
+ * Kerberos-authenticated service. Don't have to send locuser,
+ * since its already in the ticket, and we'll extract it on
+ * the other side.
+ */
+ /* write(s, locuser, strlen(locuser)+1); */
+
+ /* set up the needed stuff for mutual auth, but only if necessary */
+ if (authopts & KOPT_DO_MUTUAL) {
+ int sin_len;
+ *faddr = sin;
+
+ sin_len = sizeof(struct sockaddr_in);
+ if (getsockname(s, (struct sockaddr *)laddr, &sin_len) < 0) {
+ warn("kcmd(getsockname)");
+ status = -1;
+ goto bad2;
+ }
+ }
+ if ((status = krb_sendauth(authopts, s, ticket, service, *ahost,
+ realm, (unsigned long) getpid(), msg_data,
+ cred, schedule,
+ laddr,
+ faddr,
+ "KCMDV0.1")) != KSUCCESS)
+ goto bad2;
+
+ write(s, remuser, strlen(remuser)+1);
+ write(s, cmd, strlen(cmd)+1);
+
+ if ((rc = read(s, &c, 1)) != 1) {
+ if (rc == -1)
+ warn("read(%s)", *ahost);
+ else
+ warnx("kcmd: bad connection with remote host");
+ status = -1;
+ goto bad2;
+ }
+ if (c != '\0') {
+ while (read(s, &c, 1) == 1) {
+ write(2, &c, 1);
+ if (c == '\n')
+ break;
+ }
+ status = -1;
+ goto bad2;
+ }
+ *sock = s;
+ return (KSUCCESS);
+bad2:
+ if (lport)
+ close(*fd2p);
+bad:
+ close(s);
+ return (status);
+}
diff --git a/crypto/kerberosIV/appl/bsd/klogin.c b/crypto/kerberosIV/appl/bsd/klogin.c
new file mode 100644
index 000000000000..321da64cbf9b
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/klogin.c
@@ -0,0 +1,184 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: klogin.c,v 1.20 1997/05/02 14:27:42 assar Exp $");
+
+#ifdef KERBEROS
+
+#define VERIFY_SERVICE "rcmd"
+
+extern int notickets;
+extern char *krbtkfile_env;
+
+static char tkt_location[MaxPathLen];
+
+/*
+ * Attempt to log the user in using Kerberos authentication
+ *
+ * return 0 on success (will be logged in)
+ * 1 if Kerberos failed (try local password in login)
+ */
+int
+klogin(struct passwd *pw, char *instance, char *localhost, char *password)
+{
+ int kerror;
+ AUTH_DAT authdata;
+ KTEXT_ST ticket;
+ struct hostent *hp;
+ u_int32_t faddr;
+ char realm[REALM_SZ], savehost[MaxHostNameLen];
+ extern int noticketsdontcomplain;
+
+#ifdef KLOGIN_PARANOID
+ noticketsdontcomplain = 0; /* enable warning message */
+#endif
+ /*
+ * Root logins don't use Kerberos.
+ * If we have a realm, try getting a ticket-granting ticket
+ * and using it to authenticate. Otherwise, return
+ * failure so that we can try the normal passwd file
+ * for a password. If that's ok, log the user in
+ * without issuing any tickets.
+ */
+ if (strcmp(pw->pw_name, "root") == 0 ||
+ krb_get_lrealm(realm, 0) != KSUCCESS)
+ return (1);
+
+ noticketsdontcomplain = 0; /* enable warning message */
+
+ /*
+ * get TGT for local realm
+ * tickets are stored in a file named TKT_ROOT plus uid
+ * except for user.root tickets.
+ */
+
+ if (strcmp(instance, "root") != 0)
+ snprintf(tkt_location, sizeof(tkt_location),
+ "%s%u_%u",
+ TKT_ROOT, (unsigned)pw->pw_uid, (unsigned)getpid());
+ else {
+ snprintf(tkt_location, sizeof(tkt_location),
+ "%s_root_%d", TKT_ROOT,
+ (unsigned)pw->pw_uid);
+ }
+ krbtkfile_env = tkt_location;
+ krb_set_tkt_string(tkt_location);
+
+ kerror = krb_get_pw_in_tkt(pw->pw_name, instance,
+ realm, KRB_TICKET_GRANTING_TICKET, realm,
+ DEFAULT_TKT_LIFE, password);
+
+ /*
+ * If we got a TGT, get a local "rcmd" ticket and check it so as to
+ * ensure that we are not talking to a bogus Kerberos server.
+ *
+ * There are 2 cases where we still allow a login:
+ * 1: the VERIFY_SERVICE doesn't exist in the KDC
+ * 2: local host has no srvtab, as (hopefully) indicated by a
+ * return value of RD_AP_UNDEC from krb_rd_req().
+ */
+ if (kerror != INTK_OK) {
+ if (kerror != INTK_BADPW && kerror != KDC_PR_UNKNOWN) {
+ syslog(LOG_ERR, "Kerberos intkt error: %s",
+ krb_get_err_text(kerror));
+ dest_tkt();
+ }
+ return (1);
+ }
+
+ if (chown(TKT_FILE, pw->pw_uid, pw->pw_gid) < 0)
+ syslog(LOG_ERR, "chown tkfile (%s): %m", TKT_FILE);
+
+ strncpy(savehost, krb_get_phost(localhost), sizeof(savehost));
+ savehost[sizeof(savehost)-1] = '\0';
+
+#ifdef KLOGIN_PARANOID
+ /*
+ * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host,
+ * don't allow kerberos login, also log the error condition.
+ */
+
+ kerror = krb_mk_req(&ticket, VERIFY_SERVICE, savehost, realm, 33);
+ if (kerror == KDC_PR_UNKNOWN) {
+ syslog(LOG_NOTICE,
+ "warning: TGT not verified (%s); %s.%s not registered, or srvtab is wrong?",
+ krb_get_err_text(kerror), VERIFY_SERVICE, savehost);
+ notickets = 0;
+ return (1);
+ }
+
+ if (kerror != KSUCCESS) {
+ warnx("unable to use TGT: (%s)", krb_get_err_text(kerror));
+ syslog(LOG_NOTICE, "unable to use TGT: (%s)",
+ krb_get_err_text(kerror));
+ dest_tkt();
+ return (1);
+ }
+
+ if (!(hp = gethostbyname(localhost))) {
+ syslog(LOG_ERR, "couldn't get local host address");
+ dest_tkt();
+ return (1);
+ }
+
+ memcpy(&faddr, hp->h_addr, sizeof(faddr));
+
+ kerror = krb_rd_req(&ticket, VERIFY_SERVICE, savehost, faddr,
+ &authdata, "");
+
+ if (kerror == KSUCCESS) {
+ notickets = 0;
+ return (0);
+ }
+
+ /* undecipherable: probably didn't have a srvtab on the local host */
+ if (kerror == RD_AP_UNDEC) {
+ syslog(LOG_NOTICE, "krb_rd_req: (%s)\n", krb_get_err_text(kerror));
+ dest_tkt();
+ return (1);
+ }
+ /* failed for some other reason */
+ warnx("unable to verify %s ticket: (%s)", VERIFY_SERVICE,
+ krb_get_err_text(kerror));
+ syslog(LOG_NOTICE, "couldn't verify %s ticket: %s", VERIFY_SERVICE,
+ krb_get_err_text(kerror));
+ dest_tkt();
+ return (1);
+#else
+ notickets = 0;
+ return (0);
+#endif
+}
+#endif
diff --git a/crypto/kerberosIV/appl/bsd/krcmd.c b/crypto/kerberosIV/appl/bsd/krcmd.c
new file mode 100644
index 000000000000..8c3c6f3c2172
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/krcmd.c
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: krcmd.c,v 1.10 1997/03/30 18:20:18 joda Exp $");
+
+#define SERVICE_NAME "rcmd"
+
+/*
+ * krcmd: simplified version of Athena's "kcmd"
+ * returns a socket attached to the destination, -1 or krb error on error
+ * if fd2p is non-NULL, another socket is filled in for it
+ */
+
+int
+krcmd(char **ahost, u_short rport, char *remuser, char *cmd, int *fd2p, char *realm)
+{
+ int sock = -1, err = 0;
+ KTEXT_ST ticket;
+ long authopts = 0L;
+
+ err = kcmd(
+ &sock,
+ ahost,
+ rport,
+ NULL, /* locuser not used */
+ remuser,
+ cmd,
+ fd2p,
+ &ticket,
+ SERVICE_NAME,
+ realm,
+ (CREDENTIALS *) NULL, /* credentials not used */
+ 0, /* key schedule not used */
+ (MSG_DAT *) NULL, /* MSG_DAT not used */
+ (struct sockaddr_in *) NULL, /* local addr not used */
+ (struct sockaddr_in *) NULL, /* foreign addr not used */
+ authopts
+ );
+
+ if (err > KSUCCESS && err < MAX_KRB_ERRORS) {
+ warning("krcmd: %s", krb_get_err_text(err));
+ return(-1);
+ }
+ if (err < 0)
+ return(-1);
+ return(sock);
+}
+
+int
+krcmd_mutual(char **ahost, u_short rport, char *remuser, char *cmd, int *fd2p, char *realm, CREDENTIALS *cred, Key_schedule sched)
+{
+ int sock, err;
+ KTEXT_ST ticket;
+ MSG_DAT msg_dat;
+ struct sockaddr_in laddr, faddr;
+ long authopts = KOPT_DO_MUTUAL;
+
+ err = kcmd(
+ &sock,
+ ahost,
+ rport,
+ NULL, /* locuser not used */
+ remuser,
+ cmd,
+ fd2p,
+ &ticket,
+ SERVICE_NAME,
+ realm,
+ cred, /* filled in */
+ sched, /* filled in */
+ &msg_dat, /* filled in */
+ &laddr, /* filled in */
+ &faddr, /* filled in */
+ authopts
+ );
+
+ if (err > KSUCCESS && err < MAX_KRB_ERRORS) {
+ warnx("krcmd_mutual: %s", krb_get_err_text(err));
+ return(-1);
+ }
+
+ if (err < 0)
+ return (-1);
+ return(sock);
+}
diff --git a/crypto/kerberosIV/appl/bsd/login.c b/crypto/kerberosIV/appl/bsd/login.c
new file mode 100644
index 000000000000..c436f8db98bb
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/login.c
@@ -0,0 +1,990 @@
+/*-
+ * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * login [ name ]
+ * login -h hostname (for telnetd, etc.)
+ * login -f name (for pre-authenticated login: datakit, xterm, etc.)
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: login.c,v 1.104 1997/05/20 20:35:06 assar Exp $");
+
+#include <otp.h>
+
+#include "sysv_default.h"
+#ifdef SYSV_SHADOW
+#include "sysv_shadow.h"
+#endif
+
+static void badlogin (char *);
+static void checknologin (void);
+static void dolastlog (int);
+static void getloginname (int);
+static int rootterm (char *);
+static char *stypeof (char *);
+static RETSIGTYPE timedout (int);
+static int doremotelogin (char *);
+void login_fbtab (char *, uid_t, gid_t);
+#ifdef KERBEROS
+int klogin (struct passwd *, char *, char *, char *);
+#endif
+
+#define TTYGRPNAME "tty" /* name of group to own ttys */
+
+/*
+ * This bounds the time given to login. Change it in
+ * `/etc/default/login'.
+ */
+
+static u_int login_timeout;
+
+#ifdef KERBEROS
+int notickets = 1;
+int noticketsdontcomplain = 1;
+char *instance;
+char *krbtkfile_env;
+int authok;
+#endif
+
+#ifdef HAVE_SHADOW_H
+static struct spwd *spwd = NULL;
+#endif
+
+static char *ttyprompt;
+
+static struct passwd *pwd;
+static int failures;
+static char term[64], *hostname, *username, *tty;
+
+static char rusername[100], lusername[100];
+
+static int
+change_passwd(struct passwd *who)
+{
+ int status;
+ int pid;
+ int wpid;
+
+ switch (pid = fork()) {
+ case -1:
+ warn("fork /bin/passwd");
+ sleepexit(1);
+ case 0:
+ execlp("/bin/passwd", "passwd", who->pw_name, (char *) 0);
+ _exit(1);
+ default:
+ while ((wpid = wait(&status)) != -1 && wpid != pid)
+ /* void */ ;
+ return (status);
+ }
+}
+
+#ifndef NO_MOTD /* message of the day stuff */
+
+jmp_buf motdinterrupt;
+
+static RETSIGTYPE
+sigint(int signo)
+{
+ longjmp(motdinterrupt, 1);
+}
+
+static void
+motd(void)
+{
+ int fd, nchars;
+ RETSIGTYPE (*oldint)();
+ char tbuf[8192];
+
+ if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0)
+ return;
+ oldint = signal(SIGINT, sigint);
+ if (setjmp(motdinterrupt) == 0)
+ while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
+ write(fileno(stdout), tbuf, nchars);
+ signal(SIGINT, oldint);
+ close(fd);
+}
+
+#endif /* !NO_MOTD */
+
+#define AUTH_NONE 0
+#define AUTH_OTP 1
+
+/*
+ * getpwnam and try to detect the worst form of NIS attack.
+ */
+
+static struct passwd *
+paranoid_getpwnam (char *user)
+{
+ struct passwd *p;
+
+ p = k_getpwnam (user);
+ if (p == NULL)
+ return p;
+ if (p->pw_uid == 0 && strcmp (username, "root") != 0) {
+ syslog (LOG_ALERT,
+ "NIS attack, user %s has uid 0", username);
+ return NULL;
+ }
+ return p;
+}
+
+int
+main(int argc, char **argv)
+{
+ struct group *gr;
+ int ask, ch, cnt, fflag, hflag, pflag, quietlog, nomailcheck;
+ int rootlogin, rval;
+ int rflag;
+ int changepass = 0;
+ uid_t uid;
+ char *domain, *p, passwd[128], *ttyn;
+ char tbuf[MaxPathLen + 2], tname[sizeof(_PATH_TTY) + 10];
+ char localhost[MaxHostNameLen];
+ char full_hostname[MaxHostNameLen];
+ int auth_level = AUTH_NONE;
+ OtpContext otp_ctx;
+ int mask = 022; /* Default umask (set below) */
+ int maxtrys = 5; /* Default number of allowed failed logins */
+
+ set_progname(argv[0]);
+
+ openlog("login", LOG_ODELAY, LOG_AUTH);
+
+ /* Read defaults file and set the login timeout period. */
+ sysv_defaults();
+ login_timeout = atoi(default_timeout);
+ maxtrys = atoi(default_maxtrys);
+ if (sscanf(default_umask, "%o", &mask) != 1 || (mask & ~0777))
+ syslog(LOG_WARNING, "bad umask default: %s", default_umask);
+ else
+ umask(mask);
+
+ signal(SIGALRM, timedout);
+ alarm(login_timeout);
+ signal(SIGQUIT, SIG_IGN);
+ signal(SIGINT, SIG_IGN);
+ setpriority(PRIO_PROCESS, 0, 0);
+
+ /*
+ * -p is used by getty to tell login not to destroy the environment
+ * -f is used to skip a second login authentication
+ * -h is used by other servers to pass the name of the remote
+ * host to login so that it may be placed in utmp and wtmp
+ * -r is used by old-style rlogind to execute the autologin protocol
+ */
+
+ *full_hostname = '\0';
+ domain = NULL;
+ if (k_gethostname(localhost, sizeof(localhost)) < 0)
+ syslog(LOG_ERR, "couldn't get local hostname: %m");
+ else
+ domain = strchr(localhost, '.');
+
+ fflag = hflag = pflag = rflag = 0;
+ uid = getuid();
+ while ((ch = getopt(argc, argv, "a:d:fh:pr:")) != EOF)
+ switch (ch) {
+ case 'a':
+ if (strcmp (optarg, "none") == 0)
+ auth_level = AUTH_NONE;
+ else if (strcmp (optarg, "otp") == 0)
+ auth_level = AUTH_OTP;
+ else
+ warnx ("bad value for -a: %s", optarg);
+ break;
+ case 'd':
+ break;
+ case 'f':
+ fflag = 1;
+ break;
+ case 'h':
+ if (rflag || hflag) {
+ printf("Only one of -r and -h allowed\n");
+ exit(1);
+ }
+ if (uid)
+ errx(1, "-h option: %s", strerror(EPERM));
+ hflag = 1;
+ strncpy(full_hostname, optarg, sizeof(full_hostname)-1);
+ if (domain && (p = strchr(optarg, '.')) &&
+ strcasecmp(p, domain) == 0)
+ *p = 0;
+ hostname = optarg;
+ break;
+ case 'p':
+ if (getuid()) {
+ warnx("-p for super-user only.");
+ exit(1);
+ }
+ pflag = 1;
+ break;
+ case 'r':
+ if (rflag || hflag) {
+ warnx("Only one of -r and -h allowed\n");
+ exit(1);
+ }
+ if (getuid()) {
+ warnx("-r for super-user only.");
+ exit(1);
+ }
+ rflag = 1;
+ strncpy(full_hostname, optarg, sizeof(full_hostname)-1);
+ if (domain && (p = strchr(optarg, '.')) &&
+ strcasecmp(p, domain) == 0)
+ *p = 0;
+ hostname = optarg;
+ fflag = (doremotelogin(full_hostname) == 0);
+ break;
+ case '?':
+ default:
+ if (!uid)
+ syslog(LOG_ERR, "invalid flag %c", ch);
+ fprintf(stderr,
+ "usage: login [-fp] [-a otp]"
+ "[-h hostname | -r hostname] [username]\n");
+ exit(1);
+ }
+ argc -= optind;
+ argv += optind;
+
+ if (geteuid() != 0) {
+ warnx("only root may use login, use su");
+ /* Or install login setuid root, which is not necessary */
+ sleep(10);
+ exit(1);
+ }
+ /*
+ * Figure out if we should ask for the username or not. The name
+ * may be given on the command line or via the environment, and
+ * it may even be in the terminal input queue.
+ */
+ if (rflag) {
+ username = lusername;
+ ask = 0;
+ } else
+ if (*argv && strchr(*argv, '=')) {
+ ask = 1;
+ } else
+ if (*argv && strcmp(*argv, "-") == 0) {
+ argc--;
+ argv++;
+ ask = 1;
+ } else
+ if (*argv) {
+ username = *argv;
+ ask = 0;
+ argc--;
+ argv++;
+ } else if ((ttyprompt = getenv("TTYPROMPT")) && *ttyprompt) {
+ getloginname(0);
+ ask = 0;
+ } else
+ ask = 1;
+
+ /* Default tty settings. */
+ stty_default();
+
+ for (cnt = getdtablesize(); cnt > 2; cnt--)
+ close(cnt);
+
+ /*
+ * Determine the tty name. BSD takes the basename, SYSV4 takes
+ * whatever remains after stripping the "/dev/" prefix. The code
+ * below should produce sensible results in either environment.
+ */
+ ttyn = ttyname(STDIN_FILENO);
+ if (ttyn == NULL || *ttyn == '\0') {
+ snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
+ ttyn = tname;
+ }
+ if ((tty = strchr(ttyn + 1, '/')))
+ ++tty;
+ else
+ tty = ttyn;
+
+ for (cnt = 0;; ask = 1) {
+ char prompt[128], ss[256];
+ if (ask) {
+ fflag = 0;
+ getloginname(1);
+ }
+ rootlogin = 0;
+ rval = 1;
+#ifdef KERBEROS
+ if ((instance = strchr(username, '.')) != NULL) {
+ if (strcmp(instance, ".root") == 0)
+ rootlogin = 1;
+ *instance++ = '\0';
+ } else
+ instance = "";
+#endif
+ if (strlen(username) > UT_NAMESIZE)
+ username[UT_NAMESIZE] = '\0';
+
+ /*
+ * Note if trying multiple user names; log failures for
+ * previous user name, but don't bother logging one failure
+ * for nonexistent name (mistyped username).
+ */
+ if (failures && strcmp(tbuf, username)) {
+ if (failures > (pwd ? 0 : 1))
+ badlogin(tbuf);
+ failures = 0;
+ }
+ strcpy(tbuf, username);
+
+ pwd = paranoid_getpwnam (username);
+
+ /*
+ * if we have a valid account name, and it doesn't have a
+ * password, or the -f option was specified and the caller
+ * is root or the caller isn't changing their uid, don't
+ * authenticate.
+ */
+ if (pwd) {
+ if (pwd->pw_uid == 0)
+ rootlogin = 1;
+
+ if (fflag && (uid == 0 || uid == pwd->pw_uid)) {
+ /* already authenticated */
+ break;
+ } else if (pwd->pw_passwd[0] == '\0') {
+ /* pretend password okay */
+ rval = 0;
+ goto ttycheck;
+ }
+ }
+
+ fflag = 0;
+
+ setpriority(PRIO_PROCESS, 0, -4);
+
+ if (otp_challenge (&otp_ctx, username,
+ ss, sizeof(ss)) == 0)
+ snprintf (prompt, sizeof(prompt), "%s's %s Password: ",
+ username, ss);
+ else {
+ if (auth_level == AUTH_NONE)
+ snprintf(prompt, sizeof(prompt), "%s's Password: ",
+ username);
+ else {
+ char *s;
+
+ rval = 1;
+ s = otp_error(&otp_ctx);
+ if(s)
+ printf ("OTP: %s\n", s);
+ continue;
+ }
+ }
+
+ if (des_read_pw_string (passwd, sizeof(passwd) - 1, prompt, 0))
+ continue;
+ passwd[sizeof(passwd) - 1] = '\0';
+
+ /* Verify it somehow */
+
+ if (otp_verify_user (&otp_ctx, passwd) == 0)
+ rval = 0;
+ else if (pwd == NULL)
+ ;
+ else if (auth_level == AUTH_NONE) {
+ uid_t pwd_uid = pwd->pw_uid;
+
+ rval = unix_verify_user (username, passwd);
+
+ if (rval == 0)
+ {
+ if (rootlogin && pwd_uid != 0)
+ rootlogin = 0;
+ }
+ else
+ {
+ rval = klogin(pwd, instance, localhost, passwd);
+ if (rval != 0 && rootlogin && pwd_uid != 0)
+ rootlogin = 0;
+ if (rval == 0)
+ authok = 1;
+ }
+ } else {
+ char *s;
+
+ rval = 1;
+ if ((s = otp_error(&otp_ctx)))
+ printf ("OTP: %s\n", s);
+ }
+
+ memset (passwd, 0, sizeof(passwd));
+ setpriority (PRIO_PROCESS, 0, 0);
+
+ /*
+ * Santa Claus, give me a portable and reentrant getpwnam.
+ */
+ pwd = paranoid_getpwnam (username);
+
+ ttycheck:
+ /*
+ * If trying to log in as root without Kerberos,
+ * but with insecure terminal, refuse the login attempt.
+ */
+#ifdef KERBEROS
+ if (authok == 0)
+#endif
+ if (pwd && !rval && rootlogin && !rootterm(tty)
+ && !rootterm(ttyn)) {
+ warnx("%s login refused on this terminal.",
+ pwd->pw_name);
+ if (hostname)
+ syslog(LOG_NOTICE,
+ "LOGIN %s REFUSED FROM %s ON TTY %s",
+ pwd->pw_name, hostname, tty);
+ else
+ syslog(LOG_NOTICE,
+ "LOGIN %s REFUSED ON TTY %s",
+ pwd->pw_name, tty);
+ continue;
+ }
+
+ if (rval == 0)
+ break;
+
+ printf("Login incorrect\n");
+ failures++;
+
+ /* max number of attemps and delays taken from defaults file */
+ /* we allow maxtrys tries, but after 2 we start backing off */
+ if (++cnt > 2) {
+ if (cnt >= maxtrys) {
+ badlogin(username);
+ sleepexit(1);
+ }
+ sleep((u_int)((cnt - 2) * atoi(default_sleep)));
+ }
+ }
+
+ /* committed to login -- turn off timeout */
+ alarm(0);
+
+ endpwent();
+
+#if defined(HAVE_GETUDBNAM) && defined(HAVE_SETLIM)
+ {
+ struct udb *udb;
+ long t;
+ const long maxcpu = 46116860184; /* some random constant */
+ udb = getudbnam(pwd->pw_name);
+ if(udb == UDB_NULL){
+ warnx("Failed to get UDB entry.");
+ exit(1);
+ }
+ t = udb->ue_pcpulim[UDBRC_INTER];
+ if(t == 0 || t > maxcpu)
+ t = CPUUNLIM;
+ else
+ t *= 100 * CLOCKS_PER_SEC;
+
+ if(limit(C_PROC, 0, L_CPU, t) < 0)
+ warn("limit C_PROC");
+
+ t = udb->ue_jcpulim[UDBRC_INTER];
+ if(t == 0 || t > maxcpu)
+ t = CPUUNLIM;
+ else
+ t *= 100 * CLOCKS_PER_SEC;
+
+ if(limit(C_JOBPROCS, 0, L_CPU, t) < 0)
+ warn("limit C_JOBPROCS");
+
+ nice(udb->ue_nice[UDBRC_INTER]);
+ }
+#endif
+ /* if user not super-user, check for disabled logins */
+ if (!rootlogin)
+ checknologin();
+
+ if (chdir(pwd->pw_dir) < 0) {
+ printf("No home directory %s!\n", pwd->pw_dir);
+ if (chdir("/"))
+ exit(0);
+ pwd->pw_dir = "/";
+ printf("Logging in with home = \"/\".\n");
+ }
+
+ quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0;
+ nomailcheck = access(_PATH_NOMAILCHECK, F_OK) == 0;
+
+#if defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE)
+ if (pwd->pw_change || pwd->pw_expire)
+ gettimeofday(&tp, (struct timezone *)NULL);
+
+ if (pwd->pw_change)
+ if (tp.tv_sec >= pwd->pw_change) {
+ printf("Sorry -- your password has expired.\n");
+ changepass=1;
+ } else if (pwd->pw_change - tp.tv_sec <
+ 2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
+ printf("Warning: your password expires on %s",
+ ctime(&pwd->pw_change));
+ if (pwd->pw_expire)
+ if (tp.tv_sec >= pwd->pw_expire) {
+ printf("Sorry -- your account has expired.\n");
+ sleepexit(1);
+ } else if (pwd->pw_expire - tp.tv_sec <
+ 2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
+ printf("Warning: your account expires on %s",
+ ctime(&pwd->pw_expire));
+#endif /* defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) */
+
+ /* Nothing else left to fail -- really log in. */
+
+ /*
+ * Update the utmp files, both BSD and SYSV style.
+ */
+ if (utmpx_login(tty, username, hostname ? hostname : "") != 0
+ && !fflag) {
+ printf("No utmpx entry. You must exec \"login\" from the lowest level \"sh\".\n");
+ sleepexit(0);
+ }
+ utmp_login(ttyn, username, hostname ? hostname : "");
+ dolastlog(quietlog);
+
+ /*
+ * Set device protections, depending on what terminal the
+ * user is logged in. This feature is used on Suns to give
+ * console users better privacy.
+ */
+ login_fbtab(tty, pwd->pw_uid, pwd->pw_gid);
+
+ chown(ttyn, pwd->pw_uid,
+ (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
+ chmod(ttyn, S_IRUSR | S_IWUSR | S_IWGRP);
+ setgid(pwd->pw_gid);
+
+ initgroups(username, pwd->pw_gid);
+
+ if (*pwd->pw_shell == '\0')
+ pwd->pw_shell = _PATH_BSHELL;
+
+ /*
+ * Set up a new environment. With SYSV, some variables are always
+ * preserved; some varables are never preserved, and some variables
+ * are always clobbered. With BSD, nothing is always preserved, and
+ * some variables are always clobbered. We add code to make sure
+ * that LD_* and IFS are never preserved.
+ */
+ if (term[0] == '\0')
+ strncpy(term, stypeof(tty), sizeof(term));
+ /* set up a somewhat censored environment. */
+ sysv_newenv(argc, argv, pwd, term, pflag);
+#ifdef KERBEROS
+ if (krbtkfile_env)
+ setenv("KRBTKFILE", krbtkfile_env, 1);
+#endif
+
+ if (tty[sizeof("tty")-1] == 'd')
+ syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
+
+ /* If fflag is on, assume caller/authenticator has logged root login. */
+ if (rootlogin && fflag == 0)
+ if (hostname)
+ syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s",
+ username, tty, hostname);
+ else
+ syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty);
+
+#ifdef KERBEROS
+ if (!quietlog && notickets == 1 && !noticketsdontcomplain)
+ printf("Warning: no Kerberos tickets issued.\n");
+#endif
+
+#ifdef LOGALL
+ /*
+ * Syslog each successful login, so we don't have to watch hundreds
+ * of wtmp or lastlogin files.
+ */
+ if (hostname) {
+ syslog(LOG_INFO, "login from %s as %s", hostname, pwd->pw_name);
+ } else {
+ syslog(LOG_INFO, "login on %s as %s", tty, pwd->pw_name);
+ }
+#endif
+
+#ifndef NO_MOTD
+ /*
+ * Optionally show the message of the day. System V login leaves
+ * motd and mail stuff up to the shell startup file.
+ */
+ if (!quietlog) {
+ struct stat st;
+#if 0
+ printf("%s\n\t%s %s\n\n",
+ "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
+ "The Regents of the University of California. ",
+ "All rights reserved.");
+#endif
+ motd();
+ if(!nomailcheck){
+ snprintf(tbuf, sizeof(tbuf), "%s/%s", _PATH_MAILDIR, pwd->pw_name);
+ if (stat(tbuf, &st) == 0 && st.st_size != 0)
+ printf("You have %smail.\n",
+ (st.st_mtime > st.st_atime) ? "new " : "");
+ }
+ }
+#endif /* NO_MOTD */
+
+#ifdef LOGIN_ACCESS
+ if (login_access(pwd->pw_name, hostname ? full_hostname : tty) == 0) {
+ printf("Permission denied\n");
+ if (hostname)
+ syslog(LOG_NOTICE, "%s LOGIN REFUSED FROM %s",
+ pwd->pw_name, hostname);
+ else
+ syslog(LOG_NOTICE, "%s LOGIN REFUSED ON %s",
+ pwd->pw_name, tty);
+ sleepexit(1);
+ }
+#endif
+
+ signal(SIGALRM, SIG_DFL);
+ signal(SIGQUIT, SIG_DFL);
+ signal(SIGINT, SIG_DFL);
+ signal(SIGTSTP, SIG_IGN);
+
+ tbuf[0] = '-';
+ strcpy(tbuf + 1, (p = strrchr(pwd->pw_shell, '/')) ?
+ p + 1 : pwd->pw_shell);
+
+#ifdef HAVE_SETLOGIN
+ if (setlogin(pwd->pw_name) < 0)
+ syslog(LOG_ERR, "setlogin() failure: %m");
+#endif
+
+#ifdef HAVE_SETPCRED
+ if (setpcred (pwd->pw_name, NULL) == -1)
+ syslog(LOG_ERR, "setpcred() failure: %m");
+#endif /* HAVE_SETPCRED */
+
+#if defined(SYSV_SHADOW) && defined(HAVE_GETSPNAM)
+ spwd = getspnam (username);
+ endspent ();
+#endif
+ /* Discard permissions last so can't get killed and drop core. */
+ {
+ int uid = rootlogin ? 0 : pwd->pw_uid;
+ if(setuid(uid) != 0){
+ warn("setuid(%d)", uid);
+ if(!rootlogin)
+ exit(1);
+ }
+ }
+
+
+ /*
+ * After dropping privileges and after cleaning up the environment,
+ * optionally run, as the user, /bin/passwd.
+ */
+
+ if (pwd->pw_passwd[0] == 0 &&
+ strcasecmp(default_passreq, "YES") == 0) {
+ printf("You don't have a password. Choose one.\n");
+ if (change_passwd(pwd))
+ sleepexit(0);
+ changepass = 0;
+ }
+
+#ifdef SYSV_SHADOW
+ if (spwd && sysv_expire(spwd)) {
+ if (change_passwd(pwd))
+ sleepexit(0);
+ changepass = 0;
+ }
+#endif /* SYSV_SHADOW */
+ if (changepass) {
+ int res;
+ if ((res=system(_PATH_CHPASS)))
+ sleepexit(1);
+ }
+
+ if (k_hasafs()) {
+ char cell[64];
+ k_setpag();
+ if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
+ k_afsklog(cell, 0);
+ k_afsklog(0, 0);
+ }
+
+ execlp(pwd->pw_shell, tbuf, 0);
+ if (getuid() == 0) {
+ warnx("Can't exec %s, trying %s\n",
+ pwd->pw_shell, _PATH_BSHELL);
+ execlp(_PATH_BSHELL, tbuf, 0);
+ err(1, "%s", _PATH_BSHELL);
+ }
+ err(1, "%s", pwd->pw_shell);
+ return 1;
+}
+
+#ifdef KERBEROS
+#define NBUFSIZ (UT_NAMESIZE + 1 + 5) /* .root suffix */
+#else
+#define NBUFSIZ (UT_NAMESIZE + 1)
+#endif
+
+static void
+getloginname(int prompt)
+{
+ int ch;
+ char *p;
+ static char nbuf[NBUFSIZ];
+
+ for (;;) {
+ if (prompt)
+ if (ttyprompt && *ttyprompt)
+ printf("%s", ttyprompt);
+ else
+ printf("login: ");
+ prompt = 1;
+ for (p = nbuf; (ch = getchar()) != '\n'; ) {
+ if (ch == EOF) {
+ badlogin(username);
+ exit(0);
+ }
+ if (p < nbuf + (NBUFSIZ - 1))
+ *p++ = ch;
+ }
+ if (p > nbuf)
+ if (nbuf[0] == '-')
+ warnx("login names may not start with '-'.");
+ else {
+ *p = '\0';
+ username = nbuf;
+ break;
+ }
+ }
+}
+
+static int
+rootterm(char *ttyn)
+{
+#ifndef HAVE_TTYENT_H
+ return (default_console == 0 || strcmp(default_console, ttyname(0)) == 0);
+#else
+ struct ttyent *t;
+
+ return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
+#endif
+}
+
+static RETSIGTYPE
+timedout(int signo)
+{
+ fprintf(stderr, "Login timed out after %d seconds\n",
+ login_timeout);
+ exit(0);
+}
+
+static void
+checknologin(void)
+{
+ int fd, nchars;
+ char tbuf[8192];
+
+ if ((fd = open(_PATH_NOLOGIN, O_RDONLY, 0)) >= 0) {
+ while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
+ write(fileno(stdout), tbuf, nchars);
+ sleepexit(0);
+ }
+}
+
+static void
+dolastlog(int quiet)
+{
+#if defined(HAVE_LASTLOG_H) || defined(HAVE_LOGIN_H) || defined(SYSV_SHADOW)
+ struct lastlog ll;
+ int fd;
+
+ if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
+ lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
+#ifdef SYSV_SHADOW
+ if (read(fd, &ll, sizeof(ll)) == sizeof(ll) &&
+ ll.ll_time != 0) {
+ if (pwd->pw_uid && spwd && spwd->sp_inact > 0
+ && ll.ll_time / (24 * 60 * 60)
+ + spwd->sp_inact < time(0)) {
+ printf("Your account has been inactive too long.\n");
+ sleepexit(1);
+ }
+ if (!quiet) {
+ printf("Last login: %.*s ",
+ 24-5, ctime(&ll.ll_time));
+ if (*ll.ll_host != '\0') {
+ printf("from %.*s\n",
+ (int)sizeof(ll.ll_host),
+ ll.ll_host);
+ } else
+ printf("on %.*s\n",
+ (int)sizeof(ll.ll_line),
+ ll.ll_line);
+ }
+ }
+ lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
+#else /* SYSV_SHADOW */
+ if (!quiet) {
+ if (read(fd, &ll, sizeof(ll)) == sizeof(ll) &&
+ ll.ll_time != 0) {
+ printf("Last login: %.*s ",
+ 24-5, ctime(&ll.ll_time));
+ if (*ll.ll_host != '\0')
+ printf("from %.*s\n",
+ (int)sizeof(ll.ll_host),
+ ll.ll_host);
+ else
+ printf("on %.*s\n",
+ (int)sizeof(ll.ll_line),
+ ll.ll_line);
+ }
+ lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
+ }
+#endif /* SYSV_SHADOW */
+ memset(&ll, 0, sizeof(ll));
+ time(&ll.ll_time);
+ strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
+ if (hostname)
+ strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
+ write(fd, &ll, sizeof(ll));
+ close(fd);
+ }
+#endif /* DOLASTLOG */
+}
+
+static void
+badlogin(char *name)
+{
+
+ if (failures == 0)
+ return;
+ if (hostname) {
+ syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s",
+ failures, failures > 1 ? "S" : "", hostname);
+ syslog(LOG_AUTHPRIV|LOG_NOTICE,
+ "%d LOGIN FAILURE%s FROM %s, %s",
+ failures, failures > 1 ? "S" : "", hostname, name);
+ } else {
+ syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s",
+ failures, failures > 1 ? "S" : "", tty);
+ syslog(LOG_AUTHPRIV|LOG_NOTICE,
+ "%d LOGIN FAILURE%s ON %s, %s",
+ failures, failures > 1 ? "S" : "", tty, name);
+ }
+}
+
+#undef UNKNOWN
+#define UNKNOWN "su"
+
+static char *
+stypeof(char *ttyid)
+{
+ /* TERM is probably a better guess than anything else. */
+ char *term = getenv("TERM");
+
+ if (term != 0 && term[0] != 0)
+ return term;
+
+ {
+#ifndef HAVE_TTYENT_H
+ return UNKNOWN;
+#else
+ struct ttyent *t;
+ return (ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN);
+#endif
+ }
+}
+
+static void
+xgetstr(char *buf, int cnt, char *err)
+{
+ char ch;
+
+ do {
+ if (read(0, &ch, sizeof(ch)) != sizeof(ch))
+ exit(1);
+ if (--cnt < 0) {
+ fprintf(stderr, "%s too long\r\n", err);
+ sleepexit(1);
+ }
+ *buf++ = ch;
+ } while (ch);
+}
+
+/*
+ * Some old rlogind's unknowingly pass remuser, locuser and
+ * terminal_type/speed so we need to take care of that part of the
+ * protocol here. Also, we can't make a getpeername(2) on the socket
+ * so we have to trust that rlogind resolved the name correctly.
+ */
+
+static int
+doremotelogin(char *host)
+{
+ int code;
+ char *cp;
+
+ xgetstr(rusername, sizeof (rusername), "remuser");
+ xgetstr(lusername, sizeof (lusername), "locuser");
+ xgetstr(term, sizeof(term), "Terminal type");
+ cp = strchr(term, '/');
+ if (cp != 0)
+ *cp = 0; /* For now ignore speed/bg */
+ pwd = k_getpwnam(lusername);
+ if (pwd == NULL)
+ return(-1);
+ code = ruserok(host, (pwd->pw_uid == 0), rusername, lusername);
+ if (code == 0)
+ syslog(LOG_NOTICE,
+ "Warning: An old rlogind accepted login probably from host %s",
+ host);
+ return(code);
+}
+
+void
+sleepexit(int eval)
+{
+
+ sleep(5);
+ exit(eval);
+}
diff --git a/crypto/kerberosIV/appl/bsd/login_access.c b/crypto/kerberosIV/appl/bsd/login_access.c
new file mode 100644
index 000000000000..0e017b10cdfd
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/login_access.c
@@ -0,0 +1,221 @@
+ /*
+ * This module implements a simple but effective form of login access
+ * control based on login names and on host (or domain) names, internet
+ * addresses (or network numbers), or on terminal line names in case of
+ * non-networked logins. Diagnostics are reported through syslog(3).
+ *
+ * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: login_access.c,v 1.15 1997/06/01 03:12:28 assar Exp $");
+
+#ifdef LOGIN_ACCESS
+
+ /* Delimiters for fields and for lists of users, ttys or hosts. */
+
+static char fs[] = ":"; /* field separator */
+static char sep[] = ", \t"; /* list-element separator */
+
+ /* Constants to be used in assignments only, not in comparisons... */
+
+#define YES 1
+#define NO 0
+
+static int list_match(char *list, char *item, int (*match_fn)(char *, char *));
+static int user_match(char *tok, char *string);
+static int from_match(char *tok, char *string);
+static int string_match(char *tok, char *string);
+
+/* login_access - match username/group and host/tty with access control file */
+
+int login_access(char *user, char *from)
+{
+ FILE *fp;
+ char line[BUFSIZ];
+ char *perm; /* becomes permission field */
+ char *users; /* becomes list of login names */
+ char *froms; /* becomes list of terminals or hosts */
+ int match = NO;
+ int end;
+ int lineno = 0; /* for diagnostics */
+ char *foo;
+
+ /*
+ * Process the table one line at a time and stop at the first match.
+ * Blank lines and lines that begin with a '#' character are ignored.
+ * Non-comment lines are broken at the ':' character. All fields are
+ * mandatory. The first field should be a "+" or "-" character. A
+ * non-existing table means no access control.
+ */
+
+ if ((fp = fopen(_PATH_LOGACCESS, "r")) != 0) {
+ while (!match && fgets(line, sizeof(line), fp)) {
+ lineno++;
+ if (line[end = strlen(line) - 1] != '\n') {
+ syslog(LOG_ERR, "%s: line %d: missing newline or line too long",
+ _PATH_LOGACCESS, lineno);
+ continue;
+ }
+ if (line[0] == '#')
+ continue; /* comment line */
+ while (end > 0 && isspace(line[end - 1]))
+ end--;
+ line[end] = 0; /* strip trailing whitespace */
+ if (line[0] == 0) /* skip blank lines */
+ continue;
+ foo = NULL;
+ if (!(perm = strtok_r(line, fs, &foo))
+ || !(users = strtok_r(NULL, fs, &foo))
+ || !(froms = strtok_r(NULL, fs, &foo))
+ || strtok_r(NULL, fs, &foo)) {
+ syslog(LOG_ERR, "%s: line %d: bad field count",
+ _PATH_LOGACCESS,
+ lineno);
+ continue;
+ }
+ if (perm[0] != '+' && perm[0] != '-') {
+ syslog(LOG_ERR, "%s: line %d: bad first field",
+ _PATH_LOGACCESS,
+ lineno);
+ continue;
+ }
+ match = (list_match(froms, from, from_match)
+ && list_match(users, user, user_match));
+ }
+ fclose(fp);
+ } else if (errno != ENOENT) {
+ syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS);
+ }
+ return (match == 0 || (line[0] == '+'));
+}
+
+/* list_match - match an item against a list of tokens with exceptions */
+
+static int
+list_match(char *list, char *item, int (*match_fn)(char *, char *))
+{
+ char *tok;
+ int match = NO;
+ char *foo = NULL;
+
+ /*
+ * Process tokens one at a time. We have exhausted all possible matches
+ * when we reach an "EXCEPT" token or the end of the list. If we do find
+ * a match, look for an "EXCEPT" list and recurse to determine whether
+ * the match is affected by any exceptions.
+ */
+
+ for (tok = strtok_r(list, sep, &foo);
+ tok != NULL;
+ tok = strtok_r(NULL, sep, &foo)) {
+ if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */
+ break;
+ if ((match = (*match_fn) (tok, item)) != 0) /* YES */
+ break;
+ }
+ /* Process exceptions to matches. */
+
+ if (match != NO) {
+ while ((tok = strtok_r(NULL, sep, &foo)) && strcasecmp(tok, "EXCEPT"))
+ /* VOID */ ;
+ if (tok == 0 || list_match(NULL, item, match_fn) == NO)
+ return (match);
+ }
+ return (NO);
+}
+
+/* netgroup_match - match group against machine or user */
+
+static int netgroup_match(char *group, char *machine, char *user)
+{
+#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
+ static char *mydomain = 0;
+
+ if (mydomain == 0)
+ yp_get_default_domain(&mydomain);
+ return (innetgr(group, machine, user, mydomain));
+#else
+ syslog(LOG_ERR, "NIS netgroup support not configured");
+ return 0;
+#endif
+}
+
+/* user_match - match a username against one token */
+
+static int user_match(char *tok, char *string)
+{
+ struct group *group;
+ int i;
+
+ /*
+ * If a token has the magic value "ALL" the match always succeeds.
+ * Otherwise, return YES if the token fully matches the username, or if
+ * the token is a group that contains the username.
+ */
+
+ if (tok[0] == '@') { /* netgroup */
+ return (netgroup_match(tok + 1, (char *) 0, string));
+ } else if (string_match(tok, string)) { /* ALL or exact match */
+ return (YES);
+ } else if ((group = getgrnam(tok)) != 0) { /* try group membership */
+ for (i = 0; group->gr_mem[i]; i++)
+ if (strcasecmp(string, group->gr_mem[i]) == 0)
+ return (YES);
+ }
+ return (NO);
+}
+
+/* from_match - match a host or tty against a list of tokens */
+
+static int from_match(char *tok, char *string)
+{
+ int tok_len;
+ int str_len;
+
+ /*
+ * If a token has the magic value "ALL" the match always succeeds. Return
+ * YES if the token fully matches the string. If the token is a domain
+ * name, return YES if it matches the last fields of the string. If the
+ * token has the magic value "LOCAL", return YES if the string does not
+ * contain a "." character. If the token is a network number, return YES
+ * if it matches the head of the string.
+ */
+
+ if (tok[0] == '@') { /* netgroup */
+ return (netgroup_match(tok + 1, string, (char *) 0));
+ } else if (string_match(tok, string)) { /* ALL or exact match */
+ return (YES);
+ } else if (tok[0] == '.') { /* domain: match last fields */
+ if ((str_len = strlen(string)) > (tok_len = strlen(tok))
+ && strcasecmp(tok, string + str_len - tok_len) == 0)
+ return (YES);
+ } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */
+ if (strchr(string, '.') == 0)
+ return (YES);
+ } else if (tok[(tok_len = strlen(tok)) - 1] == '.' /* network */
+ && strncmp(tok, string, tok_len) == 0) {
+ return (YES);
+ }
+ return (NO);
+}
+
+/* string_match - match a string against one token */
+
+static int string_match(char *tok, char *string)
+{
+
+ /*
+ * If the token has the magic value "ALL" the match always succeeds.
+ * Otherwise, return YES if the token fully matches the string.
+ */
+
+ if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */
+ return (YES);
+ } else if (strcasecmp(tok, string) == 0) { /* try exact match */
+ return (YES);
+ }
+ return (NO);
+}
+#endif /* LOGIN_ACCES */
diff --git a/crypto/kerberosIV/appl/bsd/login_fbtab.c b/crypto/kerberosIV/appl/bsd/login_fbtab.c
new file mode 100644
index 000000000000..f7f53aa57c43
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/login_fbtab.c
@@ -0,0 +1,144 @@
+/************************************************************************
+* Copyright 1995 by Wietse Venema. All rights reserved.
+*
+* This material was originally written and compiled by Wietse Venema at
+* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
+* 1992, 1993, 1994 and 1995.
+*
+* Redistribution and use in source and binary forms are permitted
+* provided that this entire copyright notice is duplicated in all such
+* copies.
+*
+* This software is provided "as is" and without any expressed or implied
+* warranties, including, without limitation, the implied warranties of
+* merchantibility and fitness for any particular purpose.
+************************************************************************/
+/*
+ SYNOPSIS
+ void login_fbtab(tty, uid, gid)
+ char *tty;
+ uid_t uid;
+ gid_t gid;
+
+ DESCRIPTION
+ This module implements device security as described in the
+ SunOS 4.1.x fbtab(5) and SunOS 5.x logindevperm(4) manual
+ pages. The program first looks for /etc/fbtab. If that file
+ cannot be opened it attempts to process /etc/logindevperm.
+ We expect entries with the folowing format:
+
+ Comments start with a # and extend to the end of the line.
+
+ Blank lines or lines with only a comment are ignored.
+
+ All other lines consist of three fields delimited by
+ whitespace: a login device (/dev/console), an octal
+ permission number (0600), and a ":"-delimited list of
+ devices (/dev/kbd:/dev/mouse). All device names are
+ absolute paths. A path that ends in "/*" refers to all
+ directory entries except "." and "..".
+
+ If the tty argument (relative path) matches a login device
+ name (absolute path), the permissions of the devices in the
+ ":"-delimited list are set as specified in the second
+ field, and their ownership is changed to that of the uid
+ and gid arguments.
+
+ DIAGNOSTICS
+ Problems are reported via the syslog daemon with severity
+ LOG_ERR.
+
+ BUGS
+
+ AUTHOR
+ Wietse Venema (wietse@wzv.win.tue.nl)
+ Eindhoven University of Technology
+ The Netherlands
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: login_fbtab.c,v 1.10 1997/06/01 03:12:54 assar Exp $");
+
+void login_protect (char *, char *, int, uid_t, gid_t);
+void login_fbtab (char *tty, uid_t uid, gid_t gid);
+
+#define WSPACE " \t\n"
+
+/* login_fbtab - apply protections specified in /etc/fbtab or logindevperm */
+
+void
+login_fbtab(char *tty, uid_t uid, gid_t gid)
+{
+ FILE *fp;
+ char buf[BUFSIZ];
+ char *devname;
+ char *cp;
+ int prot;
+ char *table;
+ char *foo;
+
+ if ((fp = fopen(table = _PATH_FBTAB, "r")) == 0
+ && (fp = fopen(table = _PATH_LOGINDEVPERM, "r")) == 0)
+ return;
+
+ while (fgets(buf, sizeof(buf), fp)) {
+ if ((cp = strchr(buf, '#')) != 0)
+ *cp = 0; /* strip comment */
+ foo = NULL;
+ if ((cp = devname = strtok_r(buf, WSPACE, &foo)) == 0)
+ continue; /* empty or comment */
+ if (strncmp(devname, "/dev/", 5) != 0
+ || (cp = strtok_r(NULL, WSPACE, &foo)) == 0
+ || *cp != '0'
+ || sscanf(cp, "%o", &prot) == 0
+ || prot == 0
+ || (prot & 0777) != prot
+ || (cp = strtok_r(NULL, WSPACE, &foo)) == 0) {
+ syslog(LOG_ERR, "%s: bad entry: %s", table, cp ? cp : "(null)");
+ continue;
+ }
+ if (strcmp(devname + 5, tty) == 0) {
+ foo = NULL;
+ for (cp = strtok_r(cp, ":", &foo);
+ cp;
+ cp = strtok_r(NULL, ":", &foo)) {
+ login_protect(table, cp, prot, uid, gid);
+ }
+ }
+ }
+ fclose(fp);
+}
+
+/* login_protect - protect one device entry */
+
+void
+login_protect(char *table, char *path, int mask, uid_t uid, gid_t gid)
+{
+ char buf[BUFSIZ];
+ int pathlen = strlen(path);
+ struct dirent *ent;
+ DIR *dir;
+
+ if (strcmp("/*", path + pathlen - 2) != 0) {
+ if (chmod(path, mask) && errno != ENOENT)
+ syslog(LOG_ERR, "%s: chmod(%s): %m", table, path);
+ if (chown(path, uid, gid) && errno != ENOENT)
+ syslog(LOG_ERR, "%s: chown(%s): %m", table, path);
+ } else {
+ strcpy(buf, path);
+ buf[pathlen - 1] = 0;
+ if ((dir = opendir(buf)) == 0) {
+ syslog(LOG_ERR, "%s: opendir(%s): %m", table, path);
+ } else {
+ while ((ent = readdir(dir)) != 0) {
+ if (strcmp(ent->d_name, ".") != 0
+ && strcmp(ent->d_name, "..") != 0) {
+ strcpy(buf + pathlen - 1, ent->d_name);
+ login_protect(table, buf, mask, uid, gid);
+ }
+ }
+ closedir(dir);
+ }
+ }
+}
diff --git a/crypto/kerberosIV/appl/bsd/pathnames.h b/crypto/kerberosIV/appl/bsd/pathnames.h
new file mode 100644
index 000000000000..3c10bff02404
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/pathnames.h
@@ -0,0 +1,191 @@
+/*
+ * Copyright (c) 1989 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * from: @(#)pathnames.h 5.2 (Berkeley) 4/9/90
+ * $Id: pathnames.h,v 1.23 1996/11/17 06:36:42 joda Exp $
+ */
+
+/******* First fix default path, we stick to _PATH_DEFPATH everywhere */
+
+#if !defined(_PATH_DEFPATH) && defined(_PATH_USERPATH)
+#define _PATH_DEFPATH _PATH_USERPATH
+#endif
+
+#if defined(_PATH_DEFPATH) && !defined(_DEF_PATH)
+#define _DEF_PATH _PATH_DEFPATH
+#endif
+
+#if !defined(_PATH_DEFPATH) && defined(_DEF_PATH)
+#define _PATH_DEFPATH _DEF_PATH
+#endif
+
+#ifndef _PATH_DEFPATH
+#define _PATH_DEFPATH "/usr/ucb:/usr/bin:/bin"
+#define _DEF_PATH _PATH_DEFPATH
+#endif /* !_PATH_DEFPATH */
+
+#ifndef _PATH_DEFSUPATH
+#define _PATH_DEFSUPATH "/usr/sbin:" _DEF_PATH
+#endif /* _PATH_DEFSUPATH */
+
+/******* Default PATH fixed! */
+
+#undef _PATH_RLOGIN /* Redifine rlogin */
+#define _PATH_RLOGIN BINDIR "/rlogin"
+
+#undef _PATH_RSH /* Redifine rsh */
+#define _PATH_RSH BINDIR "/rsh"
+
+#undef _PATH_LOGIN
+#define _PATH_LOGIN BINDIR "/login"
+
+/******* The rest is fallback defaults */
+
+#ifndef _PATH_DEV
+#define _PATH_DEV "/dev/"
+#endif
+
+#ifndef _PATH_CP
+#define _PATH_CP "/bin/cp"
+#endif /* _PATH_CP */
+
+#ifndef _PATH_SHELLS
+#define _PATH_SHELLS "/etc/shells"
+#endif /* _PATH_SHELLS */
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif /* _PATH_BSHELL */
+
+#ifndef _PATH_CSHELL
+#define _PATH_CSHELL "/bin/csh"
+#endif /* _PATH_CSHELL */
+
+#ifndef _PATH_NOLOGIN
+#define _PATH_NOLOGIN "/etc/nologin"
+#endif /* _PATH_NOLOGIN */
+
+#ifndef _PATH_TTY
+#define _PATH_TTY "/dev/tty"
+#endif /* _PATH_TTY */
+
+#ifndef _PATH_HUSHLOGIN
+#define _PATH_HUSHLOGIN ".hushlogin"
+#endif /* _PATH_HUSHLOGIN */
+
+#ifndef _PATH_NOMAILCHECK
+#define _PATH_NOMAILCHECK ".nomailcheck"
+#endif /* _PATH_NOMAILCHECK */
+
+#ifndef _PATH_MOTDFILE
+#define _PATH_MOTDFILE "/etc/motd"
+#endif /* _PATH_MOTDFILE */
+
+#ifndef _PATH_LOGACCESS
+#define _PATH_LOGACCESS "/etc/login.access"
+#endif /* _PATH_LOGACCESS */
+
+#ifndef _PATH_HEQUIV
+#define _PATH_HEQUIV "/etc/hosts.equiv"
+#endif
+
+#ifndef _PATH_FBTAB
+#define _PATH_FBTAB "/etc/fbtab"
+#endif /* _PATH_FBTAB */
+
+#ifndef _PATH_LOGINDEVPERM
+#define _PATH_LOGINDEVPERM "/etc/logindevperm"
+#endif /* _PATH_LOGINDEVPERM */
+
+#ifndef _PATH_CHPASS
+#define _PATH_CHPASS "/usr/bin/passwd"
+#endif /* _PATH_CHPASS */
+
+#if defined(__hpux)
+#define __FALLBACK_MAILDIR__ "/usr/mail"
+#else
+#define __FALLBACK_MAILDIR__ "/usr/spool/mail"
+#endif
+
+#ifndef KRB4_MAILDIR
+#ifndef _PATH_MAILDIR
+#ifdef MAILDIR
+#define _PATH_MAILDIR MAILDIR
+#else
+#define _PATH_MAILDIR __FALLBACK_MAILDIR__
+#endif
+#endif /* _PATH_MAILDIR */
+#define KRB4_MAILDIR _PATH_MAILDIR
+#endif
+
+#ifndef _PATH_LASTLOG
+#define _PATH_LASTLOG "/var/adm/lastlog"
+#endif
+
+#if defined(UTMP_FILE) && !defined(_PATH_UTMP)
+#define _PATH_UTMP UTMP_FILE
+#endif
+
+#ifndef _PATH_UTMP
+#define _PATH_UTMP "/etc/utmp"
+#endif
+
+#if defined(WTMP_FILE) && !defined(_PATH_WTMP)
+#define _PATH_WTMP WTMP_FILE
+#endif
+
+#ifndef _PATH_WTMP
+#define _PATH_WTMP "/usr/adm/wtmp"
+#endif
+
+#ifndef _PATH_ETC_DEFAULT_LOGIN
+#define _PATH_ETC_DEFAULT_LOGIN "/etc/default/login"
+#endif
+
+#ifndef _PATH_ETC_ENVIRONMENT
+#define _PATH_ETC_ENVIRONMENT "/etc/environment"
+#endif
+
+/*
+ * NeXT KLUDGE ALERT!!!!!!!!!!!!!!!!!!
+ * Some sort of bug in the NEXTSTEP cpp.
+ */
+#ifdef NeXT
+#undef _PATH_DEFSUPATH
+#define _PATH_DEFSUPATH "/usr/sbin:/usr/ucb:/usr/bin:/bin"
+#undef _PATH_RLOGIN
+#define _PATH_RLOGIN "/usr/athena/bin/rlogin"
+#undef _PATH_RSH
+#define _PATH_RSH "/usr/athena/bin/rsh"
+#undef _PATH_LOGIN
+#define _PATH_LOGIN "/usr/athena/bin/login"
+#endif
diff --git a/crypto/kerberosIV/appl/bsd/rcmd_util.c b/crypto/kerberosIV/appl/bsd/rcmd_util.c
new file mode 100644
index 000000000000..466900954a91
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rcmd_util.c
@@ -0,0 +1,246 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rcmd_util.c,v 1.15 1997/05/02 14:27:44 assar Exp $");
+
+int
+get_login_port(int kerberos, int encryption)
+{
+ char *service="login";
+ int port=htons(513);
+
+ if(kerberos && encryption){
+ service="eklogin";
+ port=htons(2105);
+ }
+
+ if(kerberos && !encryption){
+ service="klogin";
+ port=htons(543);
+ }
+ return k_getportbyname (service, "tcp", port);
+}
+
+int
+get_shell_port(int kerberos, int encryption)
+{
+ char *service="shell";
+ int port=htons(514);
+
+ if(kerberos && encryption){
+ service="ekshell";
+ port=htons(545);
+ }
+
+ if(kerberos && !encryption){
+ service="kshell";
+ port=htons(544);
+ }
+
+ return k_getportbyname (service, "tcp", port);
+}
+
+/*
+ * On reasonable systems, `cf[gs]et[io]speed' use values of bit/s
+ * directly, and the following functions are just identity functions.
+ * This is however a slower way of doing those
+ * should-be-but-are-not-always idenity functions.
+ */
+
+static struct { int speed; int bps; } conv[] = {
+#ifdef B0
+ {B0, 0},
+#endif
+#ifdef B50
+ {B50, 50},
+#endif
+#ifdef B75
+ {B75, 75},
+#endif
+#ifdef B110
+ {B110, 110},
+#endif
+#ifdef B134
+ {B134, 134},
+#endif
+#ifdef B150
+ {B150, 150},
+#endif
+#ifdef B200
+ {B200, 200},
+#endif
+#ifdef B300
+ {B300, 300},
+#endif
+#ifdef B600
+ {B600, 600},
+#endif
+#ifdef B1200
+ {B1200, 1200},
+#endif
+#ifdef B1800
+ {B1800, 1800},
+#endif
+#ifdef B2400
+ {B2400, 2400},
+#endif
+#ifdef B4800
+ {B4800, 4800},
+#endif
+#ifdef B9600
+ {B9600, 9600},
+#endif
+#ifdef B19200
+ {B19200, 19200},
+#endif
+#ifdef B38400
+ {B38400, 38400},
+#endif
+#ifdef B57600
+ {B57600, 57600},
+#endif
+#ifdef B115200
+ {B115200, 115200},
+#endif
+#ifdef B153600
+ {B153600, 153600},
+#endif
+#ifdef B230400
+ {B230400, 230400},
+#endif
+#ifdef B307200
+ {B307200, 307200},
+#endif
+#ifdef B460800
+ {B460800, 460800},
+#endif
+};
+
+#define N (sizeof(conv)/sizeof(*conv))
+
+int
+speed_t2int (speed_t s)
+{
+ int l, r, m;
+
+ l = 0;
+ r = N - 1;
+ while(l <= r) {
+ m = (l + r) / 2;
+ if (conv[m].speed == s)
+ return conv[m].bps;
+ else if(conv[m].speed < s)
+ l = m + 1;
+ else
+ r = m - 1;
+ }
+ return -1;
+}
+
+/*
+ *
+ */
+
+speed_t
+int2speed_t (int i)
+{
+ int l, r, m;
+
+ l = 0;
+ r = N - 1;
+ while(l <= r) {
+ m = (l + r) / 2;
+ if (conv[m].bps == i)
+ return conv[m].speed;
+ else if(conv[m].bps < i)
+ l = m + 1;
+ else
+ r = m - 1;
+ }
+ return -1;
+}
+
+/*
+ * If there are any IP options on `sock', die.
+ */
+
+void
+ip_options_and_die (int sock, struct sockaddr_in *fromp)
+{
+#if defined(IP_OPTIONS) && defined(HAVE_GETSOCKOPT)
+ u_char optbuf[BUFSIZ/3], *cp;
+ char lbuf[BUFSIZ], *lp;
+ int optsize = sizeof(optbuf), ipproto;
+ struct protoent *ip;
+
+ if ((ip = getprotobyname("ip")) != NULL)
+ ipproto = ip->p_proto;
+ else
+ ipproto = IPPROTO_IP;
+ if (getsockopt(sock, ipproto, IP_OPTIONS,
+ (void *)optbuf, &optsize) == 0 &&
+ optsize != 0) {
+ lp = lbuf;
+ for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3)
+ snprintf(lp, sizeof(lbuf) - (lp - lbuf), " %2.2x", *cp);
+ syslog(LOG_NOTICE,
+ "Connection received from %s using IP options (dead):%s",
+ inet_ntoa(fromp->sin_addr), lbuf);
+ exit(1);
+ }
+#endif
+}
+
+void
+warning(const char *fmt, ...)
+{
+ char *rstar_no_warn = getenv("RSTAR_NO_WARN");
+ va_list args;
+
+ va_start(args, fmt);
+ if (rstar_no_warn == NULL)
+ rstar_no_warn = "";
+ if (strncmp(rstar_no_warn, "yes", 3) != 0) {
+ /* XXX */
+ fprintf(stderr, "%s: warning, using standard ", __progname);
+ warnx(fmt, args);
+ }
+ va_end(args);
+}
diff --git a/crypto/kerberosIV/appl/bsd/rcp.c b/crypto/kerberosIV/appl/bsd/rcp.c
new file mode 100644
index 000000000000..6dfb4726680a
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rcp.c
@@ -0,0 +1,1019 @@
+/*
+ * Copyright (c) 1983, 1990, 1992, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rcp.c,v 1.43 1997/05/13 09:41:26 bg Exp $");
+
+/* Globals */
+static char dst_realm_buf[REALM_SZ];
+static char *dest_realm = NULL;
+static int use_kerberos = 1;
+
+static int doencrypt = 0;
+#define OPTIONS "dfKk:prtx"
+
+static int errs, rem;
+static struct passwd *pwd;
+static u_short port;
+static uid_t userid;
+static int pflag, iamremote, iamrecursive, targetshouldbedirectory;
+
+#define CMDNEEDS 64
+static char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */
+
+void rsource(char *name, struct stat *statp);
+
+#define SERVICE_NAME "rcmd"
+
+CREDENTIALS cred;
+MSG_DAT msg_data;
+struct sockaddr_in foreign, local;
+Key_schedule schedule;
+
+KTEXT_ST ticket;
+AUTH_DAT kdata;
+
+static void
+send_auth(char *h, char *r)
+{
+ int lslen, fslen, status;
+ long opts;
+
+ lslen = sizeof(struct sockaddr_in);
+ if (getsockname(rem, (struct sockaddr *)&local, &lslen) < 0)
+ err(1, "getsockname");
+ fslen = sizeof(struct sockaddr_in);
+ if (getpeername(rem, (struct sockaddr *)&foreign, &fslen) < 0)
+ err(1, "getpeername");
+ if ((r == NULL) || (*r == '\0'))
+ r = krb_realmofhost(h);
+ opts = KOPT_DO_MUTUAL;
+ if ((status = krb_sendauth(opts, rem, &ticket, SERVICE_NAME, h, r,
+ (unsigned long)getpid(), &msg_data, &cred,
+ schedule, &local,
+ &foreign, "KCMDV0.1")) != KSUCCESS)
+ errx(1, "krb_sendauth failure: %s", krb_get_err_text(status));
+}
+
+static void
+answer_auth(void)
+{
+ int lslen, fslen, status;
+ long opts;
+ char inst[INST_SZ], v[9];
+
+ lslen = sizeof(struct sockaddr_in);
+ if (getsockname(rem, (struct sockaddr *)&local, &lslen) < 0)
+ err(1, "getsockname");
+ fslen = sizeof(struct sockaddr_in);
+ if(getpeername(rem, (struct sockaddr *)&foreign, &fslen) < 0)
+ err(1, "getperrname");
+ k_getsockinst(rem, inst, sizeof(inst));
+ opts = KOPT_DO_MUTUAL;
+ if ((status = krb_recvauth(opts, rem, &ticket, SERVICE_NAME, inst,
+ &foreign, &local,
+ &kdata, "", schedule, v)) != KSUCCESS)
+ errx(1, "krb_recvauth failure: %s", krb_get_err_text(status));
+}
+
+static int
+des_read(int fd, char *buf, int len)
+{
+ if (doencrypt)
+ return(des_enc_read(fd, buf, len, schedule,
+ (iamremote? &kdata.session : &cred.session)));
+ else
+ return(read(fd, buf, len));
+}
+
+static int
+des_write(int fd, char *buf, int len)
+{
+ if (doencrypt)
+ return(des_enc_write(fd, buf, len, schedule,
+ (iamremote? &kdata.session : &cred.session)));
+ else
+ return(write(fd, buf, len));
+}
+
+static void run_err(const char *fmt, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+
+
+static void
+run_err(const char *fmt, ...)
+{
+ char errbuf[1024];
+
+ va_list args;
+ va_start(args, fmt);
+ ++errs;
+#define RCPERR "\001rcp: "
+ strcpy (errbuf, RCPERR);
+ vsnprintf (errbuf + strlen(RCPERR), sizeof(errbuf) - strlen(RCPERR),
+ fmt, args);
+ strcat (errbuf, "\n");
+ des_write (rem, errbuf, strlen(errbuf));
+ if (!iamremote)
+ vwarnx(fmt, args);
+ va_end(args);
+}
+
+static void
+verifydir(char *cp)
+{
+ struct stat stb;
+
+ if (!stat(cp, &stb)) {
+ if (S_ISDIR(stb.st_mode))
+ return;
+ errno = ENOTDIR;
+ }
+ run_err("%s: %s", cp, strerror(errno));
+ exit(1);
+}
+
+#define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y))
+
+static BUF *
+allocbuf(BUF *bp, int fd, int blksize)
+{
+ struct stat stb;
+ size_t size;
+
+ if (fstat(fd, &stb) < 0) {
+ run_err("fstat: %s", strerror(errno));
+ return (0);
+ }
+#ifdef HAVE_ST_BLKSIZE
+ size = ROUNDUP(stb.st_blksize, blksize);
+#else
+ size = blksize;
+#endif
+ if (size == 0)
+ size = blksize;
+ if (bp->cnt >= size)
+ return (bp);
+ if (bp->buf == NULL)
+ bp->buf = malloc(size);
+ else
+ bp->buf = realloc(bp->buf, size);
+ if (bp->buf == NULL) {
+ bp->cnt = 0;
+ run_err("%s", strerror(errno));
+ return (0);
+ }
+ bp->cnt = size;
+ return (bp);
+}
+
+static void
+usage(void)
+{
+ fprintf(stderr, "%s\n\t%s\n",
+ "usage: rcp [-Kpx] [-k realm] f1 f2",
+ "or: rcp [-Kprx] [-k realm] f1 ... fn directory");
+ exit(1);
+}
+
+static void
+oldw(const char *s)
+{
+ char *rstar_no_warn = getenv("RSTAR_NO_WARN");
+ if (rstar_no_warn == 0)
+ rstar_no_warn = "";
+ if (strncmp(rstar_no_warn, "yes", 3) != 0)
+ warnx("%s, using standard rcp", s);
+}
+
+static RETSIGTYPE
+lostconn(int signo)
+{
+ if (!iamremote)
+ warnx("lost connection");
+ exit(1);
+}
+
+static int
+response(void)
+{
+ char ch, *cp, resp, rbuf[BUFSIZ];
+
+ if (des_read(rem, &resp, sizeof(resp)) != sizeof(resp))
+ lostconn(0);
+
+ cp = rbuf;
+ switch(resp) {
+ case 0: /* ok */
+ return (0);
+ default:
+ *cp++ = resp;
+ /* FALLTHROUGH */
+ case 1: /* error, followed by error msg */
+ case 2: /* fatal error, "" */
+ do {
+ if (des_read(rem, &ch, sizeof(ch)) != sizeof(ch))
+ lostconn(0);
+ *cp++ = ch;
+ } while (cp < &rbuf[BUFSIZ] && ch != '\n');
+
+ if (!iamremote)
+ write(STDERR_FILENO, rbuf, cp - rbuf);
+ ++errs;
+ if (resp == 1)
+ return (-1);
+ exit(1);
+ }
+ /* NOTREACHED */
+}
+
+static void
+source(int argc, char **argv)
+{
+ struct stat stb;
+ static BUF buffer;
+ BUF *bp;
+ off_t i;
+ int amt, fd, haderr, indx, result;
+ char *last, *name, buf[BUFSIZ];
+
+ for (indx = 0; indx < argc; ++indx) {
+ name = argv[indx];
+ if ((fd = open(name, O_RDONLY, 0)) < 0)
+ goto syserr;
+ if (fstat(fd, &stb)) {
+syserr: run_err("%s: %s", name, strerror(errno));
+ goto next;
+ }
+ switch (stb.st_mode & S_IFMT) {
+ case S_IFREG:
+ break;
+ case S_IFDIR:
+ if (iamrecursive) {
+ rsource(name, &stb);
+ goto next;
+ }
+ /* FALLTHROUGH */
+ default:
+ run_err("%s: not a regular file", name);
+ goto next;
+ }
+ if ((last = strrchr(name, '/')) == NULL)
+ last = name;
+ else
+ ++last;
+ if (pflag) {
+ /*
+ * Make it compatible with possible future
+ * versions expecting microseconds.
+ */
+ snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n",
+ (long)stb.st_mtime, (long)stb.st_atime);
+ des_write(rem, buf, strlen(buf));
+ if (response() < 0)
+ goto next;
+ }
+ snprintf(buf, sizeof(buf), "C%04o %ld %s\n",
+ (int)stb.st_mode & MODEMASK, (long) stb.st_size, last);
+ des_write(rem, buf, strlen(buf));
+ if (response() < 0)
+ goto next;
+ if ((bp = allocbuf(&buffer, fd, BUFSIZ)) == NULL) {
+next: close(fd);
+ continue;
+ }
+
+ /* Keep writing after an error so that we stay sync'd up. */
+ for (haderr = i = 0; i < stb.st_size; i += bp->cnt) {
+ amt = bp->cnt;
+ if (i + amt > stb.st_size)
+ amt = stb.st_size - i;
+ if (!haderr) {
+ result = read(fd, bp->buf, amt);
+ if (result != amt)
+ haderr = result >= 0 ? EIO : errno;
+ }
+ if (haderr)
+ des_write(rem, bp->buf, amt);
+ else {
+ result = des_write(rem, bp->buf, amt);
+ if (result != amt)
+ haderr = result >= 0 ? EIO : errno;
+ }
+ }
+ if (close(fd) && !haderr)
+ haderr = errno;
+ if (!haderr)
+ des_write(rem, "", 1);
+ else
+ run_err("%s: %s", name, strerror(haderr));
+ response();
+ }
+}
+
+void
+rsource(char *name, struct stat *statp)
+{
+ DIR *dirp;
+ struct dirent *dp;
+ char *last, *vect[1], path[MaxPathLen];
+
+ if (!(dirp = opendir(name))) {
+ run_err("%s: %s", name, strerror(errno));
+ return;
+ }
+ last = strrchr(name, '/');
+ if (last == 0)
+ last = name;
+ else
+ last++;
+ if (pflag) {
+ snprintf(path, sizeof(path), "T%ld 0 %ld 0\n",
+ (long)statp->st_mtime, (long)statp->st_atime);
+ des_write(rem, path, strlen(path));
+ if (response() < 0) {
+ closedir(dirp);
+ return;
+ }
+ }
+ snprintf(path, sizeof(path),
+ "D%04o %d %s\n", (int)statp->st_mode & MODEMASK, 0, last);
+ des_write(rem, path, strlen(path));
+ if (response() < 0) {
+ closedir(dirp);
+ return;
+ }
+ while ((dp = readdir(dirp))) {
+ if (dp->d_ino == 0)
+ continue;
+ if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
+ continue;
+ if (strlen(name) + 1 + strlen(dp->d_name) >= MaxPathLen - 1) {
+ run_err("%s/%s: name too long", name, dp->d_name);
+ continue;
+ }
+ if (snprintf(path, sizeof(path),
+ "%s/%s", name, dp->d_name) >= sizeof(path)) {
+ run_err("%s/%s: name too long", name, dp->d_name);
+ continue;
+ }
+ vect[0] = path;
+ source(1, vect);
+ }
+ closedir(dirp);
+ des_write(rem, "E\n", 2);
+ response();
+}
+
+static int
+kerberos(char **host, char *bp, char *locuser, char *user)
+{
+ int sock = -1, err;
+again:
+ if (use_kerberos) {
+ rem = KSUCCESS;
+ errno = 0;
+ if (dest_realm == NULL)
+ dest_realm = krb_realmofhost(*host);
+
+#if 0
+ rem = krcmd(host, port, user, bp, 0, dest_realm);
+#else
+ err = kcmd(
+ &sock,
+ host,
+ port,
+ NULL, /* locuser not used */
+ user,
+ bp,
+ 0,
+ &ticket,
+ SERVICE_NAME,
+ dest_realm,
+ (CREDENTIALS *) NULL, /* credentials not used */
+ 0, /* key schedule not used */
+ (MSG_DAT *) NULL, /* MSG_DAT not used */
+ (struct sockaddr_in *) NULL, /* local addr not used */
+ (struct sockaddr_in *) NULL, /* foreign addr not used */
+ 0L); /* authopts */
+ if (err > KSUCCESS && err < MAX_KRB_ERRORS) {
+ warnx("kcmd: %s", krb_get_err_text(err));
+ rem = -1;
+ } else if (err < 0)
+ rem = -1;
+ else
+ rem = sock;
+#endif
+ if (rem < 0) {
+ use_kerberos = 0;
+ port = get_shell_port(use_kerberos, 0);
+ if (errno == ECONNREFUSED)
+ oldw("remote host doesn't support Kerberos");
+ else if (errno == ENOENT)
+ oldw("can't provide Kerberos authentication data");
+ goto again;
+ }
+ } else {
+ if (doencrypt)
+ errx(1,
+ "the -x option requires Kerberos authentication");
+ if (geteuid() != 0) {
+ errx(1, "not installed setuid root, "
+ "only root may use non kerberized rcp");
+ }
+ rem = rcmd(host, port, locuser, user, bp, 0);
+ }
+ return (rem);
+}
+
+static void
+toremote(char *targ, int argc, char **argv)
+{
+ int i, len;
+#ifdef IP_TOS
+ int tos;
+#endif
+ char *bp, *host, *src, *suser, *thost, *tuser;
+
+ *targ++ = 0;
+ if (*targ == 0)
+ targ = ".";
+
+ if ((thost = strchr(argv[argc - 1], '@'))) {
+ /* user@host */
+ *thost++ = 0;
+ tuser = argv[argc - 1];
+ if (*tuser == '\0')
+ tuser = NULL;
+ else if (!okname(tuser))
+ exit(1);
+ } else {
+ thost = argv[argc - 1];
+ tuser = NULL;
+ }
+
+ for (i = 0; i < argc - 1; i++) {
+ src = colon(argv[i]);
+ if (src) { /* remote to remote */
+ *src++ = 0;
+ if (*src == 0)
+ src = ".";
+ host = strchr(argv[i], '@');
+ len = strlen(_PATH_RSH) + strlen(argv[i]) +
+ strlen(src) + (tuser ? strlen(tuser) : 0) +
+ strlen(thost) + strlen(targ) + CMDNEEDS + 20;
+ if (!(bp = malloc(len)))
+ err(1, " ");
+ if (host) {
+ *host++ = 0;
+ suser = argv[i];
+ if (*suser == '\0')
+ suser = pwd->pw_name;
+ else if (!okname(suser))
+ continue;
+ snprintf(bp, len,
+ "%s %s -l %s -n %s %s '%s%s%s:%s'",
+ _PATH_RSH, host, suser, cmd, src,
+ tuser ? tuser : "", tuser ? "@" : "",
+ thost, targ);
+ } else
+ snprintf(bp, len,
+ "exec %s %s -n %s %s '%s%s%s:%s'",
+ _PATH_RSH, argv[i], cmd, src,
+ tuser ? tuser : "", tuser ? "@" : "",
+ thost, targ);
+ susystem(bp, userid);
+ free(bp);
+ } else { /* local to remote */
+ if (rem == -1) {
+ len = strlen(targ) + CMDNEEDS + 20;
+ if (!(bp = malloc(len)))
+ err(1, " ");
+ snprintf(bp, len, "%s -t %s", cmd, targ);
+ host = thost;
+ if (use_kerberos)
+ rem = kerberos(&host, bp,
+#ifdef __CYGWIN32__
+ tuser,
+#else
+ pwd->pw_name,
+#endif
+ tuser ? tuser : pwd->pw_name);
+ else
+ rem = rcmd(&host, port,
+#ifdef __CYGWIN32__
+ tuser,
+#else
+ pwd->pw_name,
+#endif
+ tuser ? tuser : pwd->pw_name,
+ bp, 0);
+ if (rem < 0)
+ exit(1);
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+ tos = IPTOS_THROUGHPUT;
+ if (setsockopt(rem, IPPROTO_IP, IP_TOS,
+ (void *)&tos, sizeof(int)) < 0)
+ warn("TOS (ignored)");
+#endif /* IP_TOS */
+ if (doencrypt)
+ send_auth(host, dest_realm);
+ if (response() < 0)
+ exit(1);
+ free(bp);
+ setuid(userid);
+ }
+ source(1, argv+i);
+ }
+ }
+}
+
+static void
+sink(int argc, char **argv)
+{
+ static BUF buffer;
+ struct stat stb;
+ struct timeval tv[2];
+ enum { YES, NO, DISPLAYED } wrerr;
+ BUF *bp;
+ off_t i, j;
+ int amt, count, exists, first, mask, mode, ofd, omode;
+ int setimes, size, targisdir, wrerrno=0;
+ char ch, *cp, *np, *targ, *why, *vect[1], buf[BUFSIZ];
+
+#define atime tv[0]
+#define mtime tv[1]
+#define SCREWUP(str) { why = str; goto screwup; }
+
+ setimes = targisdir = 0;
+ mask = umask(0);
+ if (!pflag)
+ umask(mask);
+ if (argc != 1) {
+ run_err("ambiguous target");
+ exit(1);
+ }
+ targ = *argv;
+ if (targetshouldbedirectory)
+ verifydir(targ);
+ des_write(rem, "", 1);
+ if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
+ targisdir = 1;
+ for (first = 1;; first = 0) {
+ cp = buf;
+ if (des_read(rem, cp, 1) <= 0)
+ return;
+ if (*cp++ == '\n')
+ SCREWUP("unexpected <newline>");
+ do {
+ if (des_read(rem, &ch, sizeof(ch)) != sizeof(ch))
+ SCREWUP("lost connection");
+ *cp++ = ch;
+ } while (cp < &buf[BUFSIZ - 1] && ch != '\n');
+ *cp = 0;
+
+ if (buf[0] == '\01' || buf[0] == '\02') {
+ if (iamremote == 0)
+ write(STDERR_FILENO,
+ buf + 1, strlen(buf + 1));
+ if (buf[0] == '\02')
+ exit(1);
+ ++errs;
+ continue;
+ }
+ if (buf[0] == 'E') {
+ des_write(rem, "", 1);
+ return;
+ }
+
+ if (ch == '\n')
+ *--cp = 0;
+
+#define getnum(t) (t) = 0; while (isdigit(*cp)) (t) = (t) * 10 + (*cp++ - '0');
+ cp = buf;
+ if (*cp == 'T') {
+ setimes++;
+ cp++;
+ getnum(mtime.tv_sec);
+ if (*cp++ != ' ')
+ SCREWUP("mtime.sec not delimited");
+ getnum(mtime.tv_usec);
+ if (*cp++ != ' ')
+ SCREWUP("mtime.usec not delimited");
+ getnum(atime.tv_sec);
+ if (*cp++ != ' ')
+ SCREWUP("atime.sec not delimited");
+ getnum(atime.tv_usec);
+ if (*cp++ != '\0')
+ SCREWUP("atime.usec not delimited");
+ des_write(rem, "", 1);
+ continue;
+ }
+ if (*cp != 'C' && *cp != 'D') {
+ /*
+ * Check for the case "rcp remote:foo\* local:bar".
+ * In this case, the line "No match." can be returned
+ * by the shell before the rcp command on the remote is
+ * executed so the ^Aerror_message convention isn't
+ * followed.
+ */
+ if (first) {
+ run_err("%s", cp);
+ exit(1);
+ }
+ SCREWUP("expected control record");
+ }
+ mode = 0;
+ for (++cp; cp < buf + 5; cp++) {
+ if (*cp < '0' || *cp > '7')
+ SCREWUP("bad mode");
+ mode = (mode << 3) | (*cp - '0');
+ }
+ if (*cp++ != ' ')
+ SCREWUP("mode not delimited");
+
+ for (size = 0; isdigit(*cp);)
+ size = size * 10 + (*cp++ - '0');
+ if (*cp++ != ' ')
+ SCREWUP("size not delimited");
+ if (targisdir) {
+ static char *namebuf;
+ static int cursize;
+ size_t need;
+
+ need = strlen(targ) + strlen(cp) + 250;
+ if (need > cursize) {
+ if (!(namebuf = malloc(need)))
+ run_err("%s", strerror(errno));
+ }
+ snprintf(namebuf, need, "%s%s%s", targ,
+ *targ ? "/" : "", cp);
+ np = namebuf;
+ } else
+ np = targ;
+ exists = stat(np, &stb) == 0;
+ if (buf[0] == 'D') {
+ int mod_flag = pflag;
+ if (exists) {
+ if (!S_ISDIR(stb.st_mode)) {
+ errno = ENOTDIR;
+ goto bad;
+ }
+ if (pflag)
+ chmod(np, mode);
+ } else {
+ /* Handle copying from a read-only directory */
+ mod_flag = 1;
+ if (mkdir(np, mode | S_IRWXU) < 0)
+ goto bad;
+ }
+ vect[0] = np;
+ sink(1, vect);
+ if (setimes) {
+ struct utimbuf times;
+ times.actime = atime.tv_sec;
+ times.modtime = mtime.tv_sec;
+ setimes = 0;
+ if (utime(np, &times) < 0)
+ run_err("%s: set times: %s",
+ np, strerror(errno));
+ }
+ if (mod_flag)
+ chmod(np, mode);
+ continue;
+ }
+ omode = mode;
+ mode |= S_IWRITE;
+ if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
+bad: run_err("%s: %s", np, strerror(errno));
+ continue;
+ }
+ des_write(rem, "", 1);
+ if ((bp = allocbuf(&buffer, ofd, BUFSIZ)) == NULL) {
+ close(ofd);
+ continue;
+ }
+ cp = bp->buf;
+ wrerr = NO;
+ for (count = i = 0; i < size; i += BUFSIZ) {
+ amt = BUFSIZ;
+ if (i + amt > size)
+ amt = size - i;
+ count += amt;
+ do {
+ j = des_read(rem, cp, amt);
+ if (j <= 0) {
+ run_err("%s", j ? strerror(errno) :
+ "dropped connection");
+ exit(1);
+ }
+ amt -= j;
+ cp += j;
+ } while (amt > 0);
+ if (count == bp->cnt) {
+ /* Keep reading so we stay sync'd up. */
+ if (wrerr == NO) {
+ j = write(ofd, bp->buf, count);
+ if (j != count) {
+ wrerr = YES;
+ wrerrno = j >= 0 ? EIO : errno;
+ }
+ }
+ count = 0;
+ cp = bp->buf;
+ }
+ }
+ if (count != 0 && wrerr == NO &&
+ (j = write(ofd, bp->buf, count)) != count) {
+ wrerr = YES;
+ wrerrno = j >= 0 ? EIO : errno;
+ }
+ if (ftruncate(ofd, size)) {
+ run_err("%s: truncate: %s", np, strerror(errno));
+ wrerr = DISPLAYED;
+ }
+ if (pflag) {
+ if (exists || omode != mode)
+#ifdef HAVE_FCHMOD
+ if (fchmod(ofd, omode))
+#else
+ if (chmod(np, omode))
+#endif
+ run_err("%s: set mode: %s",
+ np, strerror(errno));
+ } else {
+ if (!exists && omode != mode)
+#ifdef HAVE_FCHMOD
+ if (fchmod(ofd, omode & ~mask))
+#else
+ if (chmod(np, omode & ~mask))
+#endif
+ run_err("%s: set mode: %s",
+ np, strerror(errno));
+ }
+ close(ofd);
+ response();
+ if (setimes && wrerr == NO) {
+ struct utimbuf times;
+ times.actime = atime.tv_sec;
+ times.modtime = mtime.tv_sec;
+ setimes = 0;
+ if (utime(np, &times) < 0) {
+ run_err("%s: set times: %s",
+ np, strerror(errno));
+ wrerr = DISPLAYED;
+ }
+ }
+ switch(wrerr) {
+ case YES:
+ run_err("%s: %s", np, strerror(wrerrno));
+ break;
+ case NO:
+ des_write(rem, "", 1);
+ break;
+ case DISPLAYED:
+ break;
+ }
+ }
+screwup:
+ run_err("protocol error: %s", why);
+ exit(1);
+}
+
+static void
+tolocal(int argc, char **argv)
+{
+ int i, len;
+#ifdef IP_TOS
+ int tos;
+#endif
+ char *bp, *host, *src, *suser;
+
+ for (i = 0; i < argc - 1; i++) {
+ if (!(src = colon(argv[i]))) { /* Local to local. */
+ len = strlen(_PATH_CP) + strlen(argv[i]) +
+ strlen(argv[argc - 1]) + 20;
+ if (!(bp = malloc(len)))
+ err(1, " ");
+ snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP,
+ iamrecursive ? " -r" : "", pflag ? " -p" : "",
+ argv[i], argv[argc - 1]);
+ if (susystem(bp, userid))
+ ++errs;
+ free(bp);
+ continue;
+ }
+ *src++ = 0;
+ if (*src == 0)
+ src = ".";
+ if ((host = strchr(argv[i], '@')) == NULL) {
+#ifdef __CYGWIN32__
+ errx (1, "Sorry, you need to specify the username");
+#else
+ host = argv[i];
+ suser = pwd->pw_name;
+#endif
+ } else {
+ *host++ = 0;
+ suser = argv[i];
+ if (*suser == '\0')
+#ifdef __CYGWIN32__
+ errx (1, "Sorry, you need to specify the username");
+#else
+ suser = pwd->pw_name;
+#endif
+ else if (!okname(suser))
+ continue;
+ }
+ len = strlen(src) + CMDNEEDS + 20;
+ if ((bp = malloc(len)) == NULL)
+ err(1, " ");
+ snprintf(bp, len, "%s -f %s", cmd, src);
+ rem =
+ use_kerberos ?
+ kerberos(&host, bp,
+#ifndef __CYGWIN32__
+ pwd->pw_name,
+#else
+ suser,
+#endif
+ suser) :
+ rcmd(&host, port,
+#ifndef __CYGWIN32__
+ pwd->pw_name,
+#else
+ suser,
+#endif
+ suser, bp, 0);
+ free(bp);
+ if (rem < 0) {
+ ++errs;
+ continue;
+ }
+ seteuid(userid);
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+ tos = IPTOS_THROUGHPUT;
+ if (setsockopt(rem, IPPROTO_IP, IP_TOS, (void *)&tos,
+ sizeof(int)) < 0)
+ warn("TOS (ignored)");
+#endif /* IP_TOS */
+ if (doencrypt)
+ send_auth(host, dest_realm);
+ sink(1, argv + argc - 1);
+ seteuid(0);
+ close(rem);
+ rem = -1;
+ }
+}
+
+
+int
+main(int argc, char **argv)
+{
+ int ch, fflag, tflag;
+ char *targ;
+
+ set_progname(argv[0]);
+ fflag = tflag = 0;
+ while ((ch = getopt(argc, argv, OPTIONS)) != EOF)
+ switch(ch) { /* User-visible flags. */
+ case 'K':
+ use_kerberos = 0;
+ break;
+ case 'k':
+ dest_realm = dst_realm_buf;
+ strncpy(dst_realm_buf, optarg, REALM_SZ);
+ break;
+ case 'x':
+ doencrypt = 1;
+ LEFT_JUSTIFIED = 1;
+ break;
+ case 'p':
+ pflag = 1;
+ break;
+ case 'r':
+ iamrecursive = 1;
+ break;
+ /* Server options. */
+ case 'd':
+ targetshouldbedirectory = 1;
+ break;
+ case 'f': /* "from" */
+ iamremote = 1;
+ fflag = 1;
+ break;
+ case 't': /* "to" */
+ iamremote = 1;
+ tflag = 1;
+ break;
+ case '?':
+ default:
+ usage();
+ }
+ argc -= optind;
+ argv += optind;
+
+ /* Rcp implements encrypted file transfer without using the
+ * kshell service, pass 0 for no encryption */
+ port = get_shell_port(use_kerberos, 0);
+
+#ifndef __CYGWIN32__
+ if ((pwd = k_getpwuid(userid = getuid())) == NULL)
+ errx(1, "unknown user %d", (int)userid);
+#endif
+
+ rem = STDIN_FILENO; /* XXX */
+
+ if (fflag) { /* Follow "protocol", send data. */
+ if (doencrypt)
+ answer_auth();
+ response();
+ setuid(userid);
+ if (k_hasafs()) {
+ /* Sometimes we will need cell specific tokens
+ * to be able to read and write files, thus,
+ * the token stuff done in rshd might not
+ * suffice.
+ */
+ char cell[64];
+ if (k_afs_cell_of_file(pwd->pw_dir,
+ cell, sizeof(cell)) == 0)
+ k_afsklog(cell, 0);
+ k_afsklog(0, 0);
+ }
+ source(argc, argv);
+ exit(errs);
+ }
+
+ if (tflag) { /* Receive data. */
+ if (doencrypt)
+ answer_auth();
+ setuid(userid);
+ if (k_hasafs()) {
+ char cell[64];
+ if (k_afs_cell_of_file(pwd->pw_dir,
+ cell, sizeof(cell)) == 0)
+ k_afsklog(cell, 0);
+ k_afsklog(0, 0);
+ }
+ sink(argc, argv);
+ exit(errs);
+ }
+
+ if (argc < 2)
+ usage();
+ if (argc > 2)
+ targetshouldbedirectory = 1;
+
+ rem = -1;
+ /* Command to be executed on remote system using "rsh". */
+ snprintf(cmd, sizeof(cmd),
+ "rcp%s%s%s%s", iamrecursive ? " -r" : "",
+ (doencrypt && use_kerberos ? " -x" : ""),
+ pflag ? " -p" : "", targetshouldbedirectory ? " -d" : "");
+
+ signal(SIGPIPE, lostconn);
+
+ if ((targ = colon(argv[argc - 1]))) /* Dest is remote host. */
+ toremote(targ, argc, argv);
+ else {
+ tolocal(argc, argv); /* Dest is local host. */
+ if (targetshouldbedirectory)
+ verifydir(argv[argc - 1]);
+ }
+ exit(errs);
+}
diff --git a/crypto/kerberosIV/appl/bsd/rcp_util.c b/crypto/kerberosIV/appl/bsd/rcp_util.c
new file mode 100644
index 000000000000..6f0c5f06ea06
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rcp_util.c
@@ -0,0 +1,97 @@
+/*-
+ * Copyright (c) 1992, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rcp_util.c,v 1.7 1996/11/17 20:23:05 assar Exp $");
+
+char *
+colon(char *cp)
+{
+ if (*cp == ':') /* Leading colon is part of file name. */
+ return (0);
+
+ for (; *cp; ++cp) {
+ if (*cp == ':')
+ return (cp);
+ if (*cp == '/')
+ return (0);
+ }
+ return (0);
+}
+
+int
+okname(char *cp0)
+{
+ int c;
+ char *cp;
+
+ cp = cp0;
+ do {
+ c = *cp;
+ if (c & 0200)
+ goto bad;
+ if (!isalpha(c) && !isdigit(c) && c != '_' && c != '-')
+ goto bad;
+ } while (*++cp);
+ return (1);
+
+bad: warnx("%s: invalid user name", cp0);
+ return (0);
+}
+
+int
+susystem(char *s, int userid)
+{
+ RETSIGTYPE (*istat)(), (*qstat)();
+ int status;
+ pid_t pid;
+
+ pid = fork();
+ switch (pid) {
+ case -1:
+ return (127);
+
+ case 0:
+ setuid(userid);
+ execl(_PATH_BSHELL, "sh", "-c", s, NULL);
+ _exit(127);
+ }
+ istat = signal(SIGINT, SIG_IGN);
+ qstat = signal(SIGQUIT, SIG_IGN);
+ if (waitpid(pid, &status, 0) < 0)
+ status = -1;
+ signal(SIGINT, istat);
+ signal(SIGQUIT, qstat);
+ return (status);
+}
diff --git a/crypto/kerberosIV/appl/bsd/rlogin.c b/crypto/kerberosIV/appl/bsd/rlogin.c
new file mode 100644
index 000000000000..27aa8f032d37
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rlogin.c
@@ -0,0 +1,707 @@
+/*
+ * Copyright (c) 1983, 1990, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * rlogin - remote login
+ */
+#include "bsd_locl.h"
+
+RCSID("$Id: rlogin.c,v 1.61 1997/05/25 01:14:47 assar Exp $");
+
+CREDENTIALS cred;
+Key_schedule schedule;
+int use_kerberos = 1, doencrypt;
+char dst_realm_buf[REALM_SZ], *dest_realm = NULL;
+
+#ifndef CCEQ
+#define c2uc(x) ((unsigned char) x)
+#define CCEQ__(val, c) (c == val ? val != c2uc(_POSIX_VDISABLE) : 0)
+#define CCEQ(val, c) CCEQ__(c2uc(val), c2uc(c))
+#endif
+
+int eight, rem;
+struct termios deftty;
+
+int noescape;
+char escapechar = '~';
+
+struct winsize winsize;
+
+int parent, rcvcnt;
+char rcvbuf[8 * 1024];
+
+int child;
+
+static void
+echo(char c)
+{
+ char *p;
+ char buf[8];
+
+ p = buf;
+ c &= 0177;
+ *p++ = escapechar;
+ if (c < ' ') {
+ *p++ = '^';
+ *p++ = c + '@';
+ } else if (c == 0177) {
+ *p++ = '^';
+ *p++ = '?';
+ } else
+ *p++ = c;
+ *p++ = '\r';
+ *p++ = '\n';
+ write(STDOUT_FILENO, buf, p - buf);
+}
+
+static void
+mode(int f)
+{
+ struct termios tty;
+
+ switch (f) {
+ case 0:
+ tcsetattr(0, TCSANOW, &deftty);
+ break;
+ case 1:
+ tcgetattr(0, &deftty);
+ tty = deftty;
+ /* This is loosely derived from sys/compat/tty_compat.c. */
+ tty.c_lflag &= ~(ECHO|ICANON|ISIG|IEXTEN);
+ tty.c_iflag &= ~ICRNL;
+ tty.c_oflag &= ~OPOST;
+ tty.c_cc[VMIN] = 1;
+ tty.c_cc[VTIME] = 0;
+ if (eight) {
+ tty.c_iflag &= IXOFF;
+ tty.c_cflag &= ~(CSIZE|PARENB);
+ tty.c_cflag |= CS8;
+ }
+ tcsetattr(0, TCSANOW, &tty);
+ break;
+ default:
+ return;
+ }
+}
+
+static void
+done(int status)
+{
+ int w, wstatus;
+
+ mode(0);
+ if (child > 0) {
+ /* make sure catch_child does not snap it up */
+ signal(SIGCHLD, SIG_DFL);
+ if (kill(child, SIGKILL) >= 0)
+ while ((w = wait(&wstatus)) > 0 && w != child);
+ }
+ exit(status);
+}
+
+static
+RETSIGTYPE
+catch_child(int foo)
+{
+ int status;
+ int pid;
+
+ for (;;) {
+ pid = waitpid(-1, &status, WNOHANG|WUNTRACED);
+ if (pid == 0)
+ return;
+ /* if the child (reader) dies, just quit */
+ if (pid < 0 || (pid == child && !WIFSTOPPED(status)))
+ done(WTERMSIG(status) | WEXITSTATUS(status));
+ }
+ /* NOTREACHED */
+}
+
+/*
+ * There is a race in the SunOS5 rlogind. If the slave end has not yet
+ * been opened by the child when setting tty size the size is reset to
+ * zero when the child opens it. Therefore we send the window update
+ * twice.
+ */
+
+static int tty_kludge = 1;
+
+/* Return the number of OOB bytes processed. */
+static int
+oob_real(void)
+{
+ struct termios tty;
+ int atmark, n, out, rcvd;
+ char waste[BUFSIZ], mark;
+
+ out = O_RDWR;
+ rcvd = 0;
+ if (recv(rem, &mark, 1, MSG_OOB) < 0) {
+ return -1;
+ }
+ if (mark & TIOCPKT_WINDOW) {
+ /* Let server know about window size changes */
+ kill(parent, SIGUSR1);
+ } else if (tty_kludge) {
+ /* Let server know about window size changes */
+ kill(parent, SIGUSR1);
+ tty_kludge = 0;
+ }
+ if (!eight && (mark & TIOCPKT_NOSTOP)) {
+ tcgetattr(0, &tty);
+ tty.c_iflag &= ~IXON;
+ tcsetattr(0, TCSANOW, &tty);
+ }
+ if (!eight && (mark & TIOCPKT_DOSTOP)) {
+ tcgetattr(0, &tty);
+ tty.c_iflag |= (deftty.c_iflag & IXON);
+ tcsetattr(0, TCSANOW, &tty);
+ }
+ if (mark & TIOCPKT_FLUSHWRITE) {
+#ifdef TCOFLUSH
+ tcflush(1, TCOFLUSH);
+#else
+ ioctl(1, TIOCFLUSH, (char *)&out);
+#endif
+ for (;;) {
+ if (ioctl(rem, SIOCATMARK, &atmark) < 0) {
+ warn("ioctl");
+ break;
+ }
+ if (atmark)
+ break;
+ n = read(rem, waste, sizeof (waste));
+ if (n <= 0)
+ break;
+ }
+ /*
+ * Don't want any pending data to be output, so clear the recv
+ * buffer. If we were hanging on a write when interrupted,
+ * don't want it to restart. If we were reading, restart
+ * anyway.
+ */
+ rcvcnt = 0;
+ }
+
+ /* oob does not do FLUSHREAD (alas!) */
+ return 1;
+}
+
+/* reader: read from remote: line -> 1 */
+static int
+reader(void)
+{
+ int n, remaining;
+ char *bufp;
+ int kludgep = 1;
+
+ bufp = rcvbuf;
+ for (;;) {
+ fd_set readfds, exceptfds;
+ while ((remaining = rcvcnt - (bufp - rcvbuf)) > 0) {
+ n = write(STDOUT_FILENO, bufp, remaining);
+ if (n < 0) {
+ if (errno != EINTR)
+ return (-1);
+ continue;
+ }
+ bufp += n;
+ }
+ bufp = rcvbuf;
+ rcvcnt = 0;
+
+ FD_ZERO (&readfds);
+ FD_SET (rem, &readfds);
+ FD_ZERO (&exceptfds);
+ if (kludgep)
+ FD_SET (rem, &exceptfds);
+ if (select(rem+1, &readfds, 0, &exceptfds, 0) == -1) {
+ if (errno == EINTR)
+ continue; /* Got signal */
+ else
+ errx(1, "select failed mysteriously");
+ }
+
+ if (!FD_ISSET(rem, &exceptfds) && !FD_ISSET(rem, &readfds)) {
+ warnx("select: nothing to read?");
+ continue;
+ }
+
+ if (FD_ISSET(rem, &exceptfds)) {
+ int foo = oob_real ();
+ if (foo >= 1)
+ continue; /* First check if there is more OOB data. */
+ else if (foo < 0)
+ kludgep = 0;
+ }
+
+ if (!FD_ISSET(rem, &readfds))
+ continue; /* Nothing to read. */
+
+ kludgep = 1;
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ rcvcnt = des_enc_read(rem, rcvbuf,
+ sizeof(rcvbuf),
+ schedule, &cred.session);
+ else
+#endif
+ rcvcnt = read(rem, rcvbuf, sizeof (rcvbuf));
+ if (rcvcnt == 0)
+ return (0);
+ if (rcvcnt < 0) {
+ if (errno == EINTR)
+ continue;
+ warn("read");
+ return (-1);
+ }
+ }
+}
+
+/*
+ * Send the window size to the server via the magic escape
+ */
+static void
+sendwindow(void)
+{
+ char obuf[4 + 4 * sizeof (u_int16_t)];
+ unsigned short *p;
+
+ p = (u_int16_t *)(obuf + 4);
+ obuf[0] = 0377;
+ obuf[1] = 0377;
+ obuf[2] = 's';
+ obuf[3] = 's';
+ *p++ = htons(winsize.ws_row);
+ *p++ = htons(winsize.ws_col);
+#ifdef HAVE_WS_XPIXEL
+ *p++ = htons(winsize.ws_xpixel);
+#else
+ *p++ = htons(0);
+#endif
+#ifdef HAVE_WS_YPIXEL
+ *p++ = htons(winsize.ws_ypixel);
+#else
+ *p++ = htons(0);
+#endif
+
+#ifndef NOENCRYPTION
+ if(doencrypt)
+ des_enc_write(rem, obuf, sizeof(obuf), schedule,
+ &cred.session);
+ else
+#endif
+ write(rem, obuf, sizeof(obuf));
+}
+
+static
+RETSIGTYPE
+sigwinch(int foo)
+{
+ struct winsize ws;
+
+ if (get_window_size(0, &ws) == 0 &&
+ memcmp(&ws, &winsize, sizeof(ws))) {
+ winsize = ws;
+ sendwindow();
+ }
+}
+
+static void
+stop(int all)
+{
+ mode(0);
+ signal(SIGCHLD, SIG_IGN);
+ kill(all ? 0 : getpid(), SIGTSTP);
+ signal(SIGCHLD, catch_child);
+ mode(1);
+#ifdef SIGWINCH
+ kill(SIGWINCH, getpid()); /* check for size changes, if caught */
+#endif
+}
+
+/*
+ * writer: write to remote: 0 -> line.
+ * ~. terminate
+ * ~^Z suspend rlogin process.
+ * ~<delayed-suspend char> suspend rlogin process, but leave reader alone.
+ */
+static void
+writer(void)
+{
+ int bol, local, n;
+ char c;
+
+ bol = 1; /* beginning of line */
+ local = 0;
+ for (;;) {
+ n = read(STDIN_FILENO, &c, 1);
+ if (n <= 0) {
+ if (n < 0 && errno == EINTR)
+ continue;
+ break;
+ }
+ /*
+ * If we're at the beginning of the line and recognize a
+ * command character, then we echo locally. Otherwise,
+ * characters are echo'd remotely. If the command character
+ * is doubled, this acts as a force and local echo is
+ * suppressed.
+ */
+ if (bol) {
+ bol = 0;
+ if (!noescape && c == escapechar) {
+ local = 1;
+ continue;
+ }
+ } else if (local) {
+ local = 0;
+ if (c == '.' || CCEQ(deftty.c_cc[VEOF], c)) {
+ echo(c);
+ break;
+ }
+ if (CCEQ(deftty.c_cc[VSUSP], c)) {
+ bol = 1;
+ echo(c);
+ stop(1);
+ continue;
+ }
+#ifdef VDSUSP
+ /* Is VDSUSP called something else on Linux?
+ * Perhaps VDELAY is a better thing? */
+ if (CCEQ(deftty.c_cc[VDSUSP], c)) {
+ bol = 1;
+ echo(c);
+ stop(0);
+ continue;
+ }
+#endif /* VDSUSP */
+ if (c != escapechar)
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ des_enc_write(rem, &escapechar,1, schedule, &cred.session);
+ else
+#endif
+ write(rem, &escapechar, 1);
+ }
+
+ if (doencrypt) {
+#ifdef NOENCRYPTION
+ if (write(rem, &c, 1) == 0) {
+#else
+ if (des_enc_write(rem, &c, 1, schedule, &cred.session) == 0) {
+#endif
+ warnx("line gone");
+ break;
+ }
+ } else
+ if (write(rem, &c, 1) == 0) {
+ warnx("line gone");
+ break;
+ }
+ bol = CCEQ(deftty.c_cc[VKILL], c) ||
+ CCEQ(deftty.c_cc[VEOF], c) ||
+ CCEQ(deftty.c_cc[VINTR], c) ||
+ CCEQ(deftty.c_cc[VSUSP], c) ||
+ c == '\r' || c == '\n';
+ }
+}
+
+static
+RETSIGTYPE
+lostpeer(int foo)
+{
+ signal(SIGPIPE, SIG_IGN);
+ warnx("\aconnection closed.\r");
+ done(1);
+}
+
+/*
+ * This is called in the parent when the reader process gets the
+ * out-of-band (urgent) request to turn on the window-changing
+ * protocol. It is signalled from the child(reader).
+ */
+static
+RETSIGTYPE
+sigusr1(int foo)
+{
+ /*
+ * Now we now daemon supports winsize hack,
+ */
+ sendwindow();
+#ifdef SIGWINCH
+ signal(SIGWINCH, sigwinch); /* so we start to support it */
+#endif
+ SIGRETURN(0);
+}
+
+static void
+doit(void)
+{
+ signal(SIGINT, SIG_IGN);
+ signal(SIGHUP, SIG_IGN);
+ signal(SIGQUIT, SIG_IGN);
+
+ signal(SIGCHLD, catch_child);
+
+ /*
+ * Child sends parent this signal for window size hack.
+ */
+ signal(SIGUSR1, sigusr1);
+
+ signal(SIGPIPE, lostpeer);
+
+ mode(1);
+ parent = getpid();
+ child = fork();
+ if (child == -1) {
+ warn("fork");
+ done(1);
+ }
+ if (child == 0) {
+ signal(SIGCHLD, SIG_IGN);
+ signal(SIGTTOU, SIG_IGN);
+ if (reader() == 0)
+ errx(1, "connection closed.\r");
+ sleep(1);
+ errx(1, "\aconnection closed.\r");
+ }
+
+ writer();
+ warnx("closed connection.\r");
+ done(0);
+}
+
+static void
+usage(void)
+{
+ fprintf(stderr,
+ "usage: rlogin [ -%s]%s[-e char] [ -l username ] host\n",
+ "8DEKLdx", " [-k realm] ");
+ exit(1);
+}
+
+static u_int
+getescape(char *p)
+{
+ long val;
+ int len;
+
+ if ((len = strlen(p)) == 1) /* use any single char, including '\' */
+ return ((u_int)*p);
+ /* otherwise, \nnn */
+ if (*p == '\\' && len >= 2 && len <= 4) {
+ val = strtol(++p, NULL, 8);
+ for (;;) {
+ if (!*++p)
+ return ((u_int)val);
+ if (*p < '0' || *p > '8')
+ break;
+ }
+ }
+ warnx("illegal option value -- e");
+ usage();
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ struct passwd *pw;
+ int sv_port, user_port = 0;
+ int argoff, ch, dflag, Dflag, one, uid;
+ char *host, *user, term[1024];
+
+ argoff = dflag = Dflag = 0;
+ one = 1;
+ host = user = NULL;
+
+ set_progname(argv[0]);
+
+ /* handle "rlogin host flags" */
+ if (argc > 2 && argv[1][0] != '-') {
+ host = argv[1];
+ argoff = 1;
+ }
+
+#define OPTIONS "8DEKLde:k:l:xp:"
+ while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != EOF)
+ switch(ch) {
+ case '8':
+ eight = 1;
+ break;
+ case 'D':
+ Dflag = 1;
+ break;
+ case 'E':
+ noescape = 1;
+ break;
+ case 'K':
+ use_kerberos = 0;
+ break;
+ case 'd':
+ dflag = 1;
+ break;
+ case 'e':
+ noescape = 0;
+ escapechar = getescape(optarg);
+ break;
+ case 'k':
+ dest_realm = dst_realm_buf;
+ strncpy(dest_realm, optarg, REALM_SZ);
+ break;
+ case 'l':
+ user = optarg;
+ break;
+ case 'x':
+ doencrypt = 1;
+ break;
+ case 'p':
+ user_port = htons(atoi(optarg));
+ break;
+ case '?':
+ default:
+ usage();
+ }
+ optind += argoff;
+ argc -= optind;
+ argv += optind;
+
+ /* if haven't gotten a host yet, do so */
+ if (!host && !(host = *argv++))
+ usage();
+
+ if (*argv)
+ usage();
+
+ if (!(pw = k_getpwuid(uid = getuid())))
+ errx(1, "unknown user id.");
+ if (!user)
+ user = pw->pw_name;
+
+
+ if (user_port)
+ sv_port = user_port;
+ else
+ sv_port = get_login_port(use_kerberos, doencrypt);
+
+ {
+ char *p = getenv("TERM");
+ struct termios tty;
+ int i;
+
+ if (p == NULL)
+ p = "network";
+
+ if (tcgetattr(0, &tty) == 0
+ && (i = speed_t2int (cfgetospeed(&tty))) > 0)
+ snprintf (term, sizeof(term),
+ "%s/%d",
+ p, i);
+ else
+ snprintf (term, sizeof(term),
+ "%s",
+ p);
+ }
+
+ get_window_size(0, &winsize);
+
+ try_connect:
+ if (use_kerberos) {
+ struct hostent *hp;
+
+ /* Fully qualify hostname (needed for krb_realmofhost). */
+ hp = gethostbyname(host);
+ if (hp != NULL && !(host = strdup(hp->h_name))) {
+ errno = ENOMEM;
+ err(1, NULL);
+ }
+
+ rem = KSUCCESS;
+ errno = 0;
+ if (dest_realm == NULL)
+ dest_realm = krb_realmofhost(host);
+
+ if (doencrypt)
+ rem = krcmd_mutual(&host, sv_port, user, term, 0,
+ dest_realm, &cred, schedule);
+ else
+ rem = krcmd(&host, sv_port, user, term, 0,
+ dest_realm);
+ if (rem < 0) {
+ use_kerberos = 0;
+ if (user_port == 0)
+ sv_port = get_login_port(use_kerberos,
+ doencrypt);
+ if (errno == ECONNREFUSED)
+ warning("remote host doesn't support Kerberos");
+ if (errno == ENOENT)
+ warning("can't provide Kerberos auth data");
+ goto try_connect;
+ }
+ } else {
+ if (doencrypt)
+ errx(1, "the -x flag requires Kerberos authentication.");
+ if (geteuid() != 0)
+ errx(1, "not installed setuid root, "
+ "only root may use non kerberized rlogin");
+ rem = rcmd(&host, sv_port, pw->pw_name, user, term, 0);
+ }
+
+ if (rem < 0)
+ exit(1);
+
+#ifdef HAVE_SETSOCKOPT
+#ifdef SO_DEBUG
+ if (dflag &&
+ setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one,
+ sizeof(one)) < 0)
+ warn("setsockopt");
+#endif
+#ifdef TCP_NODELAY
+ if (Dflag &&
+ setsockopt(rem, IPPROTO_TCP, TCP_NODELAY, (void *)&one,
+ sizeof(one)) < 0)
+ warn("setsockopt(TCP_NODELAY)");
+#endif
+#ifdef IP_TOS
+ one = IPTOS_LOWDELAY;
+ if (setsockopt(rem, IPPROTO_IP, IP_TOS, (void *)&one, sizeof(int)) < 0)
+ warn("setsockopt(IP_TOS)");
+#endif /* IP_TOS */
+#endif /* HAVE_SETSOCKOPT */
+
+ setuid(uid);
+ doit();
+ return 0;
+}
diff --git a/crypto/kerberosIV/appl/bsd/rlogind.c b/crypto/kerberosIV/appl/bsd/rlogind.c
new file mode 100644
index 000000000000..c5d807749675
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rlogind.c
@@ -0,0 +1,934 @@
+/*-
+ * Copyright (c) 1983, 1988, 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * remote login server:
+ * \0
+ * remuser\0
+ * locuser\0
+ * terminal_type/speed\0
+ * data
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rlogind.c,v 1.100 1997/05/25 01:15:20 assar Exp $");
+
+extern int __check_rhosts_file;
+
+char *INSECURE_MESSAGE =
+"\r\n*** Connection not encrypted! Communication may be eavesdropped. ***"
+"\r\n*** Use telnet or rlogin -x instead! ***\r\n";
+
+#ifndef NOENCRYPTION
+char *SECURE_MESSAGE =
+"This rlogin session is using DES encryption for all transmissions.\r\n";
+#else
+#define SECURE_MESSAGE INSECURE_MESSAGE
+#endif
+
+AUTH_DAT *kdata;
+KTEXT ticket;
+u_char auth_buf[sizeof(AUTH_DAT)];
+u_char tick_buf[sizeof(KTEXT_ST)];
+Key_schedule schedule;
+int doencrypt, retval, use_kerberos, vacuous;
+
+#define ARGSTR "Daip:lnkvxL:"
+
+char *env[2];
+#define NMAX 30
+char lusername[NMAX+1], rusername[NMAX+1];
+static char term[64] = "TERM=";
+#define ENVSIZE (sizeof("TERM=")-1) /* skip null for concatenation */
+int keepalive = 1;
+int check_all = 0;
+int no_delay = 0;
+
+struct passwd *pwd;
+
+static const char *new_login = _PATH_LOGIN;
+
+static void doit (int, struct sockaddr_in *);
+static int control (int, char *, int);
+static void protocol (int, int);
+static RETSIGTYPE cleanup (int);
+void fatal (int, const char *, int);
+static int do_rlogin (struct sockaddr_in *);
+static void setup_term (int);
+static int do_krb_login (struct sockaddr_in *);
+static void usage (void);
+
+static int
+readstream(int p, char *ibuf, int bufsize)
+{
+#ifndef HAVE_GETMSG
+ return read(p, ibuf, bufsize);
+#else
+ static int flowison = -1; /* current state of flow: -1 is unknown */
+ static struct strbuf strbufc, strbufd;
+ static unsigned char ctlbuf[BUFSIZ];
+ static int use_read = 1;
+
+ int flags = 0;
+ int ret;
+ struct termios tsp;
+
+ struct iocblk ip;
+ char vstop, vstart;
+ int ixon;
+ int newflow;
+
+ if (use_read)
+ {
+ ret = read(p, ibuf, bufsize);
+ if (ret < 0 && errno == EBADMSG)
+ use_read = 0;
+ else
+ return ret;
+ }
+
+ strbufc.maxlen = BUFSIZ;
+ strbufc.buf = (char *)ctlbuf;
+ strbufd.maxlen = bufsize-1;
+ strbufd.len = 0;
+ strbufd.buf = ibuf+1;
+ ibuf[0] = 0;
+
+ ret = getmsg(p, &strbufc, &strbufd, &flags);
+ if (ret < 0) /* error of some sort -- probably EAGAIN */
+ return(-1);
+
+ if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) {
+ /* data message */
+ if (strbufd.len > 0) { /* real data */
+ return(strbufd.len + 1); /* count header char */
+ } else {
+ /* nothing there */
+ errno = EAGAIN;
+ return(-1);
+ }
+ }
+
+ /*
+ * It's a control message. Return 1, to look at the flag we set
+ */
+
+ switch (ctlbuf[0]) {
+ case M_FLUSH:
+ if (ibuf[1] & FLUSHW)
+ ibuf[0] = TIOCPKT_FLUSHWRITE;
+ return(1);
+
+ case M_IOCTL:
+ memcpy(&ip, (ibuf+1), sizeof(ip));
+
+ switch (ip.ioc_cmd) {
+#ifdef TCSETS
+ case TCSETS:
+ case TCSETSW:
+ case TCSETSF:
+ memcpy(&tsp,
+ (ibuf+1 + sizeof(struct iocblk)),
+ sizeof(tsp));
+ vstop = tsp.c_cc[VSTOP];
+ vstart = tsp.c_cc[VSTART];
+ ixon = tsp.c_iflag & IXON;
+ break;
+#endif
+ default:
+ errno = EAGAIN;
+ return(-1);
+ }
+
+ newflow = (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0;
+ if (newflow != flowison) { /* it's a change */
+ flowison = newflow;
+ ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP;
+ return(1);
+ }
+ }
+
+ /* nothing worth doing anything about */
+ errno = EAGAIN;
+ return(-1);
+#endif
+}
+
+#ifdef HAVE_UTMPX_H
+static int
+logout(const char *line)
+{
+ struct utmpx utmpx, *utxp;
+ int ret = 1;
+
+ setutxent ();
+ memset(&utmpx, 0, sizeof(utmpx));
+ utmpx.ut_type = USER_PROCESS;
+ strncpy(utmpx.ut_line, line, sizeof(utmpx.ut_line));
+ utxp = getutxline(&utmpx);
+ if (utxp) {
+ strcpy(utxp->ut_user, "");
+ utxp->ut_type = DEAD_PROCESS;
+#ifdef _STRUCT___EXIT_STATUS
+ utxp->ut_exit.__e_termination = 0;
+ utxp->ut_exit.__e_exit = 0;
+#elif defined(__osf__) /* XXX */
+ utxp->ut_exit.ut_termination = 0;
+ utxp->ut_exit.ut_exit = 0;
+#else
+ utxp->ut_exit.e_termination = 0;
+ utxp->ut_exit.e_exit = 0;
+#endif
+ gettimeofday(&utxp->ut_tv, NULL);
+ pututxline(utxp);
+#ifdef WTMPX_FILE
+ updwtmpx(WTMPX_FILE, utxp);
+#else
+ ret = 0;
+#endif
+ }
+ endutxent();
+ return ret;
+}
+#else
+static int
+logout(const char *line)
+{
+ FILE *fp;
+ struct utmp ut;
+ int rval;
+
+ if (!(fp = fopen(_PATH_UTMP, "r+")))
+ return(0);
+ rval = 1;
+ while (fread(&ut, sizeof(struct utmp), 1, fp) == 1) {
+ if (!ut.ut_name[0] ||
+ strncmp(ut.ut_line, line, sizeof(ut.ut_line)))
+ continue;
+ memset(ut.ut_name, 0, sizeof(ut.ut_name));
+#ifdef HAVE_UT_HOST
+ memset(ut.ut_host, 0, sizeof(ut.ut_host));
+#endif
+ time(&ut.ut_time);
+ fseek(fp, (long)-sizeof(struct utmp), SEEK_CUR);
+ fwrite(&ut, sizeof(struct utmp), 1, fp);
+ fseek(fp, (long)0, SEEK_CUR);
+ rval = 0;
+ }
+ fclose(fp);
+ return(rval);
+}
+#endif
+
+#ifndef HAVE_LOGWTMP
+static void
+logwtmp(const char *line, const char *name, const char *host)
+{
+ struct utmp ut;
+ struct stat buf;
+ int fd;
+
+ memset (&ut, 0, sizeof(ut));
+ if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) < 0)
+ return;
+ if (!fstat(fd, &buf)) {
+ strncpy(ut.ut_line, line, sizeof(ut.ut_line));
+ strncpy(ut.ut_name, name, sizeof(ut.ut_name));
+#ifdef HAVE_UT_HOST
+ strncpy(ut.ut_host, host, sizeof(ut.ut_host));
+#endif
+#ifdef HAVE_UT_PID
+ ut.ut_pid = getpid();
+#endif
+#ifdef HAVE_UT_TYPE
+ if(name[0])
+ ut.ut_type = USER_PROCESS;
+ else
+ ut.ut_type = DEAD_PROCESS;
+#endif
+ time(&ut.ut_time);
+ if (write(fd, &ut, sizeof(struct utmp)) !=
+ sizeof(struct utmp))
+ ftruncate(fd, buf.st_size);
+ }
+ close(fd);
+}
+#endif
+
+int
+main(int argc, char **argv)
+{
+ struct sockaddr_in from;
+ int ch, fromlen, on;
+ int interactive = 0;
+ int portnum = 0;
+
+ set_progname(argv[0]);
+
+ openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH);
+
+ opterr = 0;
+ while ((ch = getopt(argc, argv, ARGSTR)) != EOF)
+ switch (ch) {
+ case 'D':
+ no_delay = 1;
+ break;
+ case 'a':
+ break;
+ case 'i':
+ interactive = 1;
+ break;
+ case 'p':
+ portnum = htons(atoi(optarg));
+ break;
+ case 'l':
+ __check_rhosts_file = 0;
+ break;
+ case 'n':
+ keepalive = 0;
+ break;
+ case 'k':
+ use_kerberos = 1;
+ break;
+ case 'v':
+ vacuous = 1;
+ break;
+ case 'x':
+ doencrypt = 1;
+ break;
+ case 'L':
+ new_login = optarg;
+ break;
+ case '?':
+ default:
+ usage();
+ break;
+ }
+ argc -= optind;
+ argv += optind;
+
+ if (use_kerberos && vacuous) {
+ usage();
+ fatal(STDERR_FILENO, "only one of -k and -v allowed", 0);
+ }
+ if (interactive) {
+ if(portnum == 0)
+ portnum = get_login_port (use_kerberos, doencrypt);
+ mini_inetd (portnum);
+ }
+
+ fromlen = sizeof (from);
+ if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
+ syslog(LOG_ERR,"Can't get peer name of remote host: %m");
+ fatal(STDERR_FILENO, "Can't get peer name of remote host", 1);
+ }
+ on = 1;
+#ifdef HAVE_SETSOCKOPT
+#ifdef SO_KEEPALIVE
+ if (keepalive &&
+ setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+ sizeof (on)) < 0)
+ syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
+#endif
+#ifdef TCP_NODELAY
+ if (no_delay &&
+ setsockopt(0, IPPROTO_TCP, TCP_NODELAY, (void *)&on,
+ sizeof(on)) < 0)
+ syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m");
+#endif
+
+#ifdef IP_TOS
+ on = IPTOS_LOWDELAY;
+ if (setsockopt(0, IPPROTO_IP, IP_TOS, (void *)&on, sizeof(int)) < 0)
+ syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
+#endif
+#endif /* HAVE_SETSOCKOPT */
+ doit(0, &from);
+ return 0;
+}
+
+int child;
+int netf;
+char line[MaxPathLen];
+int confirmed;
+
+struct winsize win = { 0, 0, 0, 0 };
+
+
+static void
+doit(int f, struct sockaddr_in *fromp)
+{
+ int master, pid, on = 1;
+ int authenticated = 0;
+ char hostname[2 * MaxHostNameLen + 1];
+ char c;
+
+ alarm(60);
+ read(f, &c, 1);
+
+ if (c != 0)
+ exit(1);
+ if (vacuous)
+ fatal(f, "Remote host requires Kerberos authentication", 0);
+
+ alarm(0);
+ inaddr2str (fromp->sin_addr, hostname, sizeof(hostname));
+
+ if (use_kerberos) {
+ retval = do_krb_login(fromp);
+ if (retval == 0)
+ authenticated++;
+ else if (retval > 0)
+ fatal(f, krb_get_err_text(retval), 0);
+ write(f, &c, 1);
+ confirmed = 1; /* we sent the null! */
+ } else {
+ fromp->sin_port = ntohs((u_short)fromp->sin_port);
+ if (fromp->sin_family != AF_INET ||
+ fromp->sin_port >= IPPORT_RESERVED ||
+ fromp->sin_port < IPPORT_RESERVED/2) {
+ syslog(LOG_NOTICE, "Connection from %s on illegal port",
+ inet_ntoa(fromp->sin_addr));
+ fatal(f, "Permission denied", 0);
+ }
+ ip_options_and_die (0, fromp);
+ if (do_rlogin(fromp) == 0)
+ authenticated++;
+ }
+ if (confirmed == 0) {
+ write(f, "", 1);
+ confirmed = 1; /* we sent the null! */
+ }
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ des_enc_write(f, SECURE_MESSAGE,
+ strlen(SECURE_MESSAGE),
+ schedule, &kdata->session);
+ else
+#endif
+ write(f, INSECURE_MESSAGE, strlen(INSECURE_MESSAGE));
+ netf = f;
+
+ pid = forkpty(&master, line, NULL, NULL);
+ if (pid < 0) {
+ if (errno == ENOENT)
+ fatal(f, "Out of ptys", 0);
+ else
+ fatal(f, "Forkpty", 1);
+ }
+ if (pid == 0) {
+ if (f > 2) /* f should always be 0, but... */
+ close(f);
+ setup_term(0);
+ if (lusername[0] == '-'){
+ syslog(LOG_ERR, "tried to pass user \"%s\" to login",
+ lusername);
+ fatal(STDERR_FILENO, "invalid user", 0);
+ }
+ if (authenticated) {
+ if (use_kerberos && (pwd->pw_uid == 0))
+ syslog(LOG_INFO|LOG_AUTH,
+ "ROOT Kerberos login from %s on %s\n",
+ krb_unparse_name_long(kdata->pname,
+ kdata->pinst,
+ kdata->prealm),
+ hostname);
+
+ execl(new_login, "login", "-p",
+ "-h", hostname, "-f", "--", lusername, 0);
+ } else
+ execl(new_login, "login", "-p",
+ "-h", hostname, "--", lusername, 0);
+ fatal(STDERR_FILENO, new_login, 1);
+ /*NOTREACHED*/
+ }
+ /*
+ * If encrypted, don't turn on NBIO or the des read/write
+ * routines will croak.
+ */
+
+ if (!doencrypt)
+ ioctl(f, FIONBIO, &on);
+ ioctl(master, FIONBIO, &on);
+ ioctl(master, TIOCPKT, &on);
+ signal(SIGTSTP, SIG_IGN);
+ signal(SIGCHLD, cleanup);
+ setsid();
+ protocol(f, master);
+ signal(SIGCHLD, SIG_IGN);
+ cleanup(0);
+}
+
+const char magic[2] = { 0377, 0377 };
+
+/*
+ * Handle a "control" request (signaled by magic being present)
+ * in the data stream. For now, we are only willing to handle
+ * window size changes.
+ */
+static int
+control(int master, char *cp, int n)
+{
+ struct winsize w;
+ char *p;
+ u_int32_t tmp;
+
+ if (n < 4 + 4 * sizeof (u_int16_t) || cp[2] != 's' || cp[3] != 's')
+ return (0);
+#ifdef TIOCSWINSZ
+ p = cp + 4;
+ p += krb_get_int(p, &tmp, 2, 0);
+ w.ws_row = tmp;
+ p += krb_get_int(p, &tmp, 2, 0);
+ w.ws_col = tmp;
+
+ p += krb_get_int(p, &tmp, 2, 0);
+#ifdef HAVE_WS_XPIXEL
+ w.ws_xpixel = tmp;
+#endif
+ p += krb_get_int(p, &tmp, 2, 0);
+#ifdef HAVE_WS_YPIXEL
+ w.ws_ypixel = tmp;
+#endif
+ ioctl(master, TIOCSWINSZ, &w);
+#endif
+ return p - cp;
+}
+
+static
+void
+send_oob(int fd, char c)
+{
+ static char last_oob = 0xFF;
+
+#if (SunOS == 5) || defined(__hpux)
+ /*
+ * PSoriasis and HP-UX always send TIOCPKT_DOSTOP at startup so we
+ * can avoid sending OOB data and thus not break on Linux by merging
+ * TIOCPKT_DOSTOP into the first TIOCPKT_WINDOW.
+ */
+ static int oob_kludge = 2;
+ if (oob_kludge == 2)
+ {
+ oob_kludge--; /* First time send nothing */
+ return;
+ }
+ else if (oob_kludge == 1)
+ {
+ oob_kludge--; /* Second time merge TIOCPKT_WINDOW */
+ c |= TIOCPKT_WINDOW;
+ }
+#endif
+
+#define pkcontrol(c) ((c)&(TIOCPKT_FLUSHWRITE|TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))
+ c = pkcontrol(c);
+ /* Multiple OOB data breaks on Linux, avoid it when possible. */
+ if (c != last_oob)
+ send(fd, &c, 1, MSG_OOB);
+ last_oob = c;
+}
+
+/*
+ * rlogin "protocol" machine.
+ */
+static void
+protocol(int f, int master)
+{
+ char pibuf[1024+1], fibuf[1024], *pbp, *fbp;
+ int pcc = 0, fcc = 0;
+ int cc, nfd, n;
+ char cntl;
+ unsigned char oob_queue = 0;
+
+ /*
+ * Must ignore SIGTTOU, otherwise we'll stop
+ * when we try and set slave pty's window shape
+ * (our controlling tty is the master pty).
+ */
+ signal(SIGTTOU, SIG_IGN);
+
+ send_oob(f, TIOCPKT_WINDOW); /* indicate new rlogin */
+
+ if (f > master)
+ nfd = f + 1;
+ else
+ nfd = master + 1;
+ if (nfd > FD_SETSIZE) {
+ syslog(LOG_ERR, "select mask too small, increase FD_SETSIZE");
+ fatal(f, "internal error (select mask too small)", 0);
+ }
+ for (;;) {
+ fd_set ibits, obits, ebits, *omask;
+
+ FD_ZERO(&ebits);
+ FD_ZERO(&ibits);
+ FD_ZERO(&obits);
+ omask = (fd_set *)NULL;
+ if (fcc) {
+ FD_SET(master, &obits);
+ omask = &obits;
+ } else
+ FD_SET(f, &ibits);
+ if (pcc >= 0)
+ if (pcc) {
+ FD_SET(f, &obits);
+ omask = &obits;
+ } else
+ FD_SET(master, &ibits);
+ FD_SET(master, &ebits);
+ if ((n = select(nfd, &ibits, omask, &ebits, 0)) < 0) {
+ if (errno == EINTR)
+ continue;
+ fatal(f, "select", 1);
+ }
+ if (n == 0) {
+ /* shouldn't happen... */
+ sleep(5);
+ continue;
+ }
+ if (FD_ISSET(master, &ebits)) {
+ cc = readstream(master, &cntl, 1);
+ if (cc == 1 && pkcontrol(cntl)) {
+#if 0 /* Kludge around */
+ send_oob(f, cntl);
+#endif
+ oob_queue = cntl;
+ if (cntl & TIOCPKT_FLUSHWRITE) {
+ pcc = 0;
+ FD_CLR(master, &ibits);
+ }
+ }
+ }
+ if (FD_ISSET(f, &ibits)) {
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ fcc = des_enc_read(f, fibuf,
+ sizeof(fibuf),
+ schedule, &kdata->session);
+ else
+#endif
+ fcc = read(f, fibuf, sizeof(fibuf));
+ if (fcc < 0 && errno == EWOULDBLOCK)
+ fcc = 0;
+ else {
+ char *cp;
+ int left, n;
+
+ if (fcc <= 0)
+ break;
+ fbp = fibuf;
+
+ top:
+ for (cp = fibuf; cp < fibuf+fcc-1; cp++)
+ if (cp[0] == magic[0] &&
+ cp[1] == magic[1]) {
+ left = fcc - (cp-fibuf);
+ n = control(master, cp, left);
+ if (n) {
+ left -= n;
+ if (left > 0)
+ memmove(cp, cp+n, left);
+ fcc -= n;
+ goto top; /* n^2 */
+ }
+ }
+ FD_SET(master, &obits); /* try write */
+ }
+ }
+
+ if (FD_ISSET(master, &obits) && fcc > 0) {
+ cc = write(master, fbp, fcc);
+ if (cc > 0) {
+ fcc -= cc;
+ fbp += cc;
+ }
+ }
+
+ if (FD_ISSET(master, &ibits)) {
+ pcc = readstream(master, pibuf, sizeof (pibuf));
+ pbp = pibuf;
+ if (pcc < 0 && errno == EWOULDBLOCK)
+ pcc = 0;
+ else if (pcc <= 0)
+ break;
+ else if (pibuf[0] == 0) {
+ pbp++, pcc--;
+ if (!doencrypt)
+ FD_SET(f, &obits); /* try write */
+ } else {
+ if (pkcontrol(pibuf[0])) {
+ oob_queue = pibuf[0];
+#if 0 /* Kludge around */
+ send_oob(f, pibuf[0]);
+#endif
+ }
+ pcc = 0;
+ }
+ }
+ if ((FD_ISSET(f, &obits)) && pcc > 0) {
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ cc = des_enc_write(f, pbp, pcc, schedule, &kdata->session);
+ else
+#endif
+ cc = write(f, pbp, pcc);
+ if (cc < 0 && errno == EWOULDBLOCK) {
+ /*
+ * This happens when we try write after read
+ * from p, but some old kernels balk at large
+ * writes even when select returns true.
+ */
+ if (!FD_ISSET(master, &ibits))
+ sleep(5);
+ continue;
+ }
+ if (cc > 0) {
+ pcc -= cc;
+ pbp += cc;
+ /* Only send urg data when normal data
+ * has just been sent.
+ * Linux has deep problems with more
+ * than one byte of OOB data.
+ */
+ if (oob_queue) {
+ send_oob (f, oob_queue);
+ oob_queue = 0;
+ }
+ }
+ }
+ }
+}
+
+static RETSIGTYPE
+cleanup(int signo)
+{
+ char *p = clean_ttyname (line);
+
+ if (logout(p) == 0)
+ logwtmp(p, "", "");
+ chmod(line, 0666);
+ chown(line, 0, 0);
+ *p = 'p';
+ chmod(line, 0666);
+ chown(line, 0, 0);
+ shutdown(netf, 2);
+ signal(SIGHUP, SIG_IGN);
+#ifdef HAVE_VHANGUP
+ vhangup();
+#endif /* HAVE_VHANGUP */
+ exit(1);
+}
+
+void
+fatal(int f, const char *msg, int syserr)
+{
+ int len;
+ char buf[BUFSIZ], *bp = buf;
+
+ /*
+ * Prepend binary one to message if we haven't sent
+ * the magic null as confirmation.
+ */
+ if (!confirmed)
+ *bp++ = '\01'; /* error indicator */
+ if (syserr)
+ snprintf(bp, sizeof(buf) - (bp - buf),
+ "rlogind: %s: %s.\r\n",
+ msg, strerror(errno));
+ else
+ snprintf(bp, sizeof(buf) - (bp - buf),
+ "rlogind: %s.\r\n", msg);
+ len = strlen(bp);
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ des_enc_write(f, buf, bp + len - buf, schedule, &kdata->session);
+ else
+#endif
+ write(f, buf, bp + len - buf);
+ exit(1);
+}
+
+static void
+xgetstr(char *buf, int cnt, char *errmsg)
+{
+ char c;
+
+ do {
+ if (read(0, &c, 1) != 1)
+ exit(1);
+ if (--cnt < 0)
+ fatal(STDOUT_FILENO, errmsg, 0);
+ *buf++ = c;
+ } while (c != 0);
+}
+
+static int
+do_rlogin(struct sockaddr_in *dest)
+{
+ xgetstr(rusername, sizeof(rusername), "remuser too long");
+ xgetstr(lusername, sizeof(lusername), "locuser too long");
+ xgetstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long");
+
+ pwd = k_getpwnam(lusername);
+ if (pwd == NULL)
+ return (-1);
+ if (pwd->pw_uid == 0 && strcmp("root", lusername) != 0)
+ {
+ syslog(LOG_ALERT, "NIS attack, user %s has uid 0", lusername);
+ return (-1);
+ }
+ return (iruserok(dest->sin_addr.s_addr,
+ (pwd->pw_uid == 0),
+ rusername,
+ lusername));
+}
+
+static void
+setup_term(int fd)
+{
+ char *cp = strchr(term+ENVSIZE, '/');
+ char *speed;
+ struct termios tt;
+
+ tcgetattr(fd, &tt);
+ if (cp) {
+ int s;
+
+ *cp++ = '\0';
+ speed = cp;
+ cp = strchr(speed, '/');
+ if (cp)
+ *cp++ = '\0';
+ s = int2speed_t (atoi (speed));
+ if (s > 0) {
+ cfsetospeed (&tt, s);
+ cfsetispeed (&tt, s);
+ }
+ }
+
+ tt.c_iflag &= ~INPCK;
+ tt.c_iflag |= ICRNL|IXON;
+ tt.c_oflag |= OPOST|ONLCR;
+#ifdef TAB3
+ tt.c_oflag |= TAB3;
+#endif /* TAB3 */
+#ifdef ONLRET
+ tt.c_oflag &= ~ONLRET;
+#endif /* ONLRET */
+ tt.c_lflag |= (ECHO|ECHOE|ECHOK|ISIG|ICANON);
+ tt.c_cflag &= ~PARENB;
+ tt.c_cflag |= CS8;
+ tt.c_cc[VMIN] = 1;
+ tt.c_cc[VTIME] = 0;
+ tt.c_cc[VEOF] = CEOF;
+ tcsetattr(fd, TCSAFLUSH, &tt);
+
+ env[0] = term;
+ env[1] = 0;
+ environ = env;
+}
+
+#define VERSION_SIZE 9
+
+/*
+ * Do the remote kerberos login to the named host with the
+ * given inet address
+ *
+ * Return 0 on valid authorization
+ * Return -1 on valid authentication, no authorization
+ * Return >0 for error conditions
+ */
+static int
+do_krb_login(struct sockaddr_in *dest)
+{
+ int rc;
+ char instance[INST_SZ], version[VERSION_SIZE];
+ long authopts = 0L; /* !mutual */
+ struct sockaddr_in faddr;
+
+ kdata = (AUTH_DAT *) auth_buf;
+ ticket = (KTEXT) tick_buf;
+
+ k_getsockinst(0, instance, sizeof(instance));
+
+ if (doencrypt) {
+ rc = sizeof(faddr);
+ if (getsockname(0, (struct sockaddr *)&faddr, &rc))
+ return (-1);
+ authopts = KOPT_DO_MUTUAL;
+ rc = krb_recvauth(
+ authopts, 0,
+ ticket, "rcmd",
+ instance, dest, &faddr,
+ kdata, "", schedule, version);
+ des_set_key(&kdata->session, schedule);
+
+ } else
+ rc = krb_recvauth(
+ authopts, 0,
+ ticket, "rcmd",
+ instance, dest, (struct sockaddr_in *) 0,
+ kdata, "", 0, version);
+
+ if (rc != KSUCCESS)
+ return (rc);
+
+ xgetstr(lusername, sizeof(lusername), "locuser");
+ /* get the "cmd" in the rcmd protocol */
+ xgetstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type");
+
+ pwd = k_getpwnam(lusername);
+ if (pwd == NULL)
+ return (-1);
+ if (pwd->pw_uid == 0 && strcmp("root", lusername) != 0)
+ {
+ syslog(LOG_ALERT, "NIS attack, user %s has uid 0", lusername);
+ return (-1);
+ }
+
+ /* returns nonzero for no access */
+ if (kuserok(kdata, lusername) != 0)
+ return (-1);
+
+ return (0);
+
+}
+
+static void
+usage(void)
+{
+ syslog(LOG_ERR,
+ "usage: rlogind [-Dailn] [-p port] [-x] [-L login] [-k | -v]");
+ exit(1);
+}
diff --git a/crypto/kerberosIV/appl/bsd/rsh.c b/crypto/kerberosIV/appl/bsd/rsh.c
new file mode 100644
index 000000000000..329ebf73ffe5
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rsh.c
@@ -0,0 +1,353 @@
+/*-
+ * Copyright (c) 1983, 1990 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rsh.c,v 1.35 1997/03/30 18:20:22 joda Exp $");
+
+CREDENTIALS cred;
+Key_schedule schedule;
+int use_kerberos = 1, doencrypt;
+char dst_realm_buf[REALM_SZ], *dest_realm;
+
+/*
+ * rsh - remote shell
+ */
+int rfd2;
+
+static void
+usage(void)
+{
+ fprintf(stderr,
+ "usage: rsh [-ndKx] [-k realm] [-l login] host [command]\n");
+ exit(1);
+}
+
+static char *
+copyargs(char **argv)
+{
+ int cc;
+ char **ap, *p;
+ char *args;
+
+ cc = 0;
+ for (ap = argv; *ap; ++ap)
+ cc += strlen(*ap) + 1;
+ if (!(args = malloc(cc)))
+ errx(1, "Out of memory.");
+ for (p = args, ap = argv; *ap; ++ap) {
+ strcpy(p, *ap);
+ for (p = strcpy(p, *ap); *p; ++p);
+ if (ap[1])
+ *p++ = ' ';
+ }
+ return(args);
+}
+
+static RETSIGTYPE
+sendsig(int signo_)
+{
+ char signo = signo_;
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ des_enc_write(rfd2, &signo, 1, schedule, &cred.session);
+ else
+#endif
+ write(rfd2, &signo, 1);
+}
+
+static void
+talk(int nflag, sigset_t omask, int pid, int rem)
+{
+ int cc, wc;
+ char *bp;
+ fd_set readfrom, ready, rembits;
+ char buf[BUFSIZ];
+
+ if (pid == 0) {
+ if (nflag)
+ goto done;
+
+ close(rfd2);
+
+ reread: errno = 0;
+ if ((cc = read(0, buf, sizeof buf)) <= 0)
+ goto done;
+ bp = buf;
+
+ rewrite: FD_ZERO(&rembits);
+ FD_SET(rem, &rembits);
+ if (select(16, 0, &rembits, 0, 0) < 0) {
+ if (errno != EINTR)
+ err(1, "select");
+ goto rewrite;
+ }
+ if (!FD_ISSET(rem, &rembits))
+ goto rewrite;
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ wc = des_enc_write(rem, bp, cc, schedule, &cred.session);
+ else
+#endif
+ wc = write(rem, bp, cc);
+ if (wc < 0) {
+ if (errno == EWOULDBLOCK)
+ goto rewrite;
+ goto done;
+ }
+ bp += wc;
+ cc -= wc;
+ if (cc == 0)
+ goto reread;
+ goto rewrite;
+ done:
+ shutdown(rem, 1);
+ exit(0);
+ }
+
+ if (sigprocmask(SIG_SETMASK, &omask, 0) != 0)
+ warn("sigprocmask");
+ FD_ZERO(&readfrom);
+ FD_SET(rem, &readfrom);
+ FD_SET(rfd2, &readfrom);
+ do {
+ ready = readfrom;
+ if (select(16, &ready, 0, 0, 0) < 0) {
+ if (errno != EINTR)
+ err(1, "select");
+ continue;
+ }
+ if (FD_ISSET(rfd2, &ready)) {
+ errno = 0;
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ cc = des_enc_read(rfd2, buf, sizeof buf,
+ schedule, &cred.session);
+ else
+#endif
+ cc = read(rfd2, buf, sizeof buf);
+ if (cc <= 0) {
+ if (errno != EWOULDBLOCK)
+ FD_CLR(rfd2, &readfrom);
+ } else
+ write(2, buf, cc);
+ }
+ if (FD_ISSET(rem, &ready)) {
+ errno = 0;
+#ifndef NOENCRYPTION
+ if (doencrypt)
+ cc = des_enc_read(rem, buf, sizeof buf,
+ schedule, &cred.session);
+ else
+#endif
+ cc = read(rem, buf, sizeof buf);
+ if (cc <= 0) {
+ if (errno != EWOULDBLOCK)
+ FD_CLR(rem, &readfrom);
+ } else
+ write(1, buf, cc);
+ }
+ } while (FD_ISSET(rfd2, &readfrom) || FD_ISSET(rem, &readfrom));
+}
+
+int
+main(int argc, char **argv)
+{
+ struct passwd *pw;
+ int sv_port;
+ sigset_t omask;
+ int argoff, ch, dflag, nflag, nfork, one, pid, rem, uid;
+ char *args, *host, *user, *local_user;
+
+ argoff = dflag = nflag = nfork = 0;
+ one = 1;
+ host = user = NULL;
+ pid = 1;
+
+ set_progname(argv[0]);
+
+ /* handle "rsh host flags" */
+ if (!host && argc > 2 && argv[1][0] != '-') {
+ host = argv[1];
+ argoff = 1;
+ }
+
+#define OPTIONS "+8KLde:k:l:nwx"
+ while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != EOF)
+ switch(ch) {
+ case 'K':
+ use_kerberos = 0;
+ break;
+ case 'L': /* -8Lew are ignored to allow rlogin aliases */
+ case 'e':
+ case 'w':
+ case '8':
+ break;
+ case 'd':
+ dflag = 1;
+ break;
+ case 'l':
+ user = optarg;
+ break;
+ case 'k':
+ dest_realm = dst_realm_buf;
+ strncpy(dest_realm, optarg, REALM_SZ);
+ break;
+ case 'n':
+ nflag = nfork = 1;
+ break;
+ case 'x':
+ doencrypt = 1;
+ break;
+ case '?':
+ default:
+ usage();
+ }
+ optind += argoff;
+
+ /* if haven't gotten a host yet, do so */
+ if (!host && !(host = argv[optind++]))
+ usage();
+
+ /* if no further arguments, must have been called as rlogin. */
+ if (!argv[optind]) {
+ *argv = "rlogin";
+ setuid(getuid());
+ execv(_PATH_RLOGIN, argv);
+ err(1, "can't exec %s", _PATH_RLOGIN);
+ }
+
+ argc -= optind;
+ argv += optind;
+
+#ifndef __CYGWIN32__
+ if (!(pw = k_getpwuid(uid = getuid())))
+ errx(1, "unknown user id.");
+ local_user = pw->pw_name;
+ if (!user)
+ user = local_user;
+#else
+ if (!user)
+ errx(1, "Sorry, you need to specify the username (with -l)");
+ local_user = user;
+#endif
+
+ /* -n must still fork but does not turn of the -n functionality */
+ if (doencrypt)
+ nfork = 0;
+
+ args = copyargs(argv);
+
+ sv_port=get_shell_port(use_kerberos, doencrypt);
+
+try_connect:
+ if (use_kerberos) {
+ rem = KSUCCESS;
+ errno = 0;
+ if (dest_realm == NULL)
+ dest_realm = krb_realmofhost(host);
+
+ if (doencrypt)
+ rem = krcmd_mutual(&host, sv_port, user, args,
+ &rfd2, dest_realm, &cred, schedule);
+ else
+ rem = krcmd(&host, sv_port, user, args, &rfd2,
+ dest_realm);
+ if (rem < 0) {
+ if (errno == ECONNREFUSED)
+ warning("remote host doesn't support Kerberos");
+ if (errno == ENOENT)
+ warning("can't provide Kerberos auth data");
+ use_kerberos = 0;
+ sv_port=get_shell_port(use_kerberos, doencrypt);
+ goto try_connect;
+ }
+ } else {
+ if (doencrypt)
+ errx(1, "the -x flag requires Kerberos authentication.");
+ if (geteuid() != 0)
+ errx(1, "not installed setuid root, "
+ "only root may use non kerberized rsh");
+ rem = rcmd(&host, sv_port, local_user, user, args, &rfd2);
+ }
+
+ if (rem < 0)
+ exit(1);
+
+ if (rfd2 < 0)
+ errx(1, "can't establish stderr.");
+#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
+ if (dflag) {
+ if (setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one,
+ sizeof(one)) < 0)
+ warn("setsockopt");
+ if (setsockopt(rfd2, SOL_SOCKET, SO_DEBUG, (void *)&one,
+ sizeof(one)) < 0)
+ warn("setsockopt");
+ }
+#endif
+
+ setuid(uid);
+ {
+ sigset_t sigmsk;
+ sigemptyset(&sigmsk);
+ sigaddset(&sigmsk, SIGINT);
+ sigaddset(&sigmsk, SIGQUIT);
+ sigaddset(&sigmsk, SIGTERM);
+ if (sigprocmask(SIG_BLOCK, &sigmsk, &omask) != 0)
+ warn("sigprocmask");
+ }
+ if (signal(SIGINT, SIG_IGN) != SIG_IGN)
+ signal(SIGINT, sendsig);
+ if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
+ signal(SIGQUIT, sendsig);
+ if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
+ signal(SIGTERM, sendsig);
+
+ if (!nfork) {
+ pid = fork();
+ if (pid < 0)
+ err(1, "fork");
+ }
+
+ if (!doencrypt) {
+ ioctl(rfd2, FIONBIO, &one);
+ ioctl(rem, FIONBIO, &one);
+ }
+
+ talk(nflag, omask, pid, rem);
+
+ if (!nflag)
+ kill(pid, SIGKILL);
+ exit(0);
+}
diff --git a/crypto/kerberosIV/appl/bsd/rshd.c b/crypto/kerberosIV/appl/bsd/rshd.c
new file mode 100644
index 000000000000..75ca1df454ba
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/rshd.c
@@ -0,0 +1,635 @@
+/*-
+ * Copyright (c) 1988, 1989, 1992, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * remote shell server:
+ * [port]\0
+ * remuser\0
+ * locuser\0
+ * command\0
+ * data
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: rshd.c,v 1.51 1997/05/13 09:42:39 bg Exp $");
+
+extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */
+extern int __check_rhosts_file;
+
+static int keepalive = 1;
+static int log_success; /* If TRUE, log all successful accesses */
+static int new_pag = 1; /* Put process in new PAG by default */
+static int no_inetd = 0;
+static int sent_null;
+
+static void doit (struct sockaddr_in *);
+static void error (const char *, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+static void usage (void);
+
+#define VERSION_SIZE 9
+#define SECURE_MESSAGE "This rsh session is using DES encryption for all transmissions.\r\n"
+#define OPTIONS "alnkvxLp:Pi"
+AUTH_DAT authbuf;
+KTEXT_ST tickbuf;
+int doencrypt, use_kerberos, vacuous;
+Key_schedule schedule;
+
+int
+main(int argc, char *argv[])
+{
+ struct linger linger;
+ int ch, on = 1, fromlen;
+ struct sockaddr_in from;
+ int portnum = 0;
+
+ set_progname(argv[0]);
+
+ openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
+
+ opterr = 0;
+ while ((ch = getopt(argc, argv, OPTIONS)) != EOF)
+ switch (ch) {
+ case 'a':
+ break;
+ case 'l':
+ __check_rhosts_file = 0;
+ break;
+ case 'n':
+ keepalive = 0;
+ break;
+ case 'k':
+ use_kerberos = 1;
+ break;
+
+ case 'v':
+ vacuous = 1;
+ break;
+
+ case 'x':
+ doencrypt = 1;
+ break;
+ case 'L':
+ log_success = 1;
+ break;
+ case 'p':
+ portnum = htons(atoi(optarg));
+ break;
+ case 'P':
+ new_pag = 0;
+ break;
+ case 'i':
+ no_inetd = 1;
+ break;
+ case '?':
+ default:
+ usage();
+ break;
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ if (use_kerberos && vacuous) {
+ syslog(LOG_ERR, "only one of -k and -v allowed");
+ exit(2);
+ }
+ if (doencrypt && !use_kerberos) {
+ syslog(LOG_ERR, "-k is required for -x");
+ exit(2);
+ }
+
+ if (no_inetd) {
+ if(portnum == 0)
+ portnum = get_shell_port (use_kerberos, doencrypt);
+ mini_inetd (portnum);
+ }
+
+ fromlen = sizeof (from);
+ if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
+ syslog(LOG_ERR, "getpeername: %m");
+ _exit(1);
+ }
+#ifdef HAVE_SETSOCKOPT
+#ifdef SO_KEEPALIVE
+ if (keepalive &&
+ setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+ sizeof(on)) < 0)
+ syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
+#endif
+#ifdef SO_LINGER
+ linger.l_onoff = 1;
+ linger.l_linger = 60; /* XXX */
+ if (setsockopt(0, SOL_SOCKET, SO_LINGER, (void *)&linger,
+ sizeof (linger)) < 0)
+ syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m");
+#endif
+#endif /* HAVE_SETSOCKOPT */
+ doit(&from);
+ /* NOTREACHED */
+ return 0;
+}
+
+char username[20] = "USER=";
+char homedir[64] = "HOME=";
+char shell[64] = "SHELL=";
+char path[100] = "PATH=";
+char *envinit[] =
+{homedir, shell, path, username, 0};
+
+static void
+xgetstr(char *buf, int cnt, char *err)
+{
+ char c;
+
+ do {
+ if (read(STDIN_FILENO, &c, 1) != 1)
+ exit(1);
+ *buf++ = c;
+ if (--cnt == 0) {
+ error("%s too long\n", err);
+ exit(1);
+ }
+ } while (c != 0);
+}
+
+static void
+doit(struct sockaddr_in *fromp)
+{
+ struct passwd *pwd;
+ u_short port;
+ fd_set ready, readfrom;
+ int cc, nfd, pv[2], pid, s;
+ int one = 1;
+ const char *errorhost = "";
+ char *errorstr;
+ char *cp, sig, buf[BUFSIZ];
+ char cmdbuf[NCARGS+1], locuser[16], remuser[16];
+ char remotehost[2 * MaxHostNameLen + 1];
+
+ AUTH_DAT *kdata;
+ KTEXT ticket;
+ char instance[INST_SZ], version[VERSION_SIZE];
+ struct sockaddr_in fromaddr;
+ int rc;
+ long authopts;
+ int pv1[2], pv2[2];
+ fd_set wready, writeto;
+
+ fromaddr = *fromp;
+
+ signal(SIGINT, SIG_DFL);
+ signal(SIGQUIT, SIG_DFL);
+ signal(SIGTERM, SIG_DFL);
+#ifdef DEBUG
+ { int t = open(_PATH_TTY, 2);
+ if (t >= 0) {
+ ioctl(t, TIOCNOTTY, (char *)0);
+ close(t);
+ }
+ }
+#endif
+ fromp->sin_port = ntohs((u_short)fromp->sin_port);
+ if (fromp->sin_family != AF_INET) {
+ syslog(LOG_ERR, "malformed \"from\" address (af %d)\n",
+ fromp->sin_family);
+ exit(1);
+ }
+
+
+ if (!use_kerberos) {
+ ip_options_and_die (0, fromp);
+ if (fromp->sin_port >= IPPORT_RESERVED ||
+ fromp->sin_port < IPPORT_RESERVED/2) {
+ syslog(LOG_NOTICE|LOG_AUTH,
+ "Connection from %s on illegal port %u",
+ inet_ntoa(fromp->sin_addr),
+ fromp->sin_port);
+ exit(1);
+ }
+ }
+
+ alarm(60);
+ port = 0;
+ for (;;) {
+ char c;
+ if ((cc = read(STDIN_FILENO, &c, 1)) != 1) {
+ if (cc < 0)
+ syslog(LOG_NOTICE, "read: %m");
+ shutdown(0, 1+1);
+ exit(1);
+ }
+ if (c== 0)
+ break;
+ port = port * 10 + c - '0';
+ }
+
+ alarm(0);
+ if (port != 0) {
+ int lport = IPPORT_RESERVED - 1;
+ s = rresvport(&lport);
+ if (s < 0) {
+ syslog(LOG_ERR, "can't get stderr port: %m");
+ exit(1);
+ }
+ if (!use_kerberos)
+ if (port >= IPPORT_RESERVED) {
+ syslog(LOG_ERR, "2nd port not reserved\n");
+ exit(1);
+ }
+ fromp->sin_port = htons(port);
+ if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) {
+ syslog(LOG_INFO, "connect second port %d: %m", port);
+ exit(1);
+ }
+ }
+
+ if (vacuous) {
+ error("rshd: remote host requires Kerberos authentication\n");
+ exit(1);
+ }
+
+ errorstr = NULL;
+ inaddr2str (fromp->sin_addr, remotehost, sizeof(remotehost));
+
+ if (use_kerberos) {
+ kdata = &authbuf;
+ ticket = &tickbuf;
+ authopts = 0L;
+ k_getsockinst(0, instance, sizeof(instance));
+ version[VERSION_SIZE - 1] = '\0';
+ if (doencrypt) {
+ struct sockaddr_in local_addr;
+ rc = sizeof(local_addr);
+ if (getsockname(0, (struct sockaddr *)&local_addr,
+ &rc) < 0) {
+ syslog(LOG_ERR, "getsockname: %m");
+ error("rlogind: getsockname: %m");
+ exit(1);
+ }
+ authopts = KOPT_DO_MUTUAL;
+ rc = krb_recvauth(authopts, 0, ticket,
+ "rcmd", instance, &fromaddr,
+ &local_addr, kdata, "", schedule,
+ version);
+#ifndef NOENCRYPTION
+ des_set_key(&kdata->session, schedule);
+#else
+ memset(schedule, 0, sizeof(schedule));
+#endif
+ } else
+ rc = krb_recvauth(authopts, 0, ticket, "rcmd",
+ instance, &fromaddr,
+ (struct sockaddr_in *) 0,
+ kdata, "", 0, version);
+ if (rc != KSUCCESS) {
+ error("Kerberos authentication failure: %s\n",
+ krb_get_err_text(rc));
+ exit(1);
+ }
+ } else
+ xgetstr(remuser, sizeof(remuser), "remuser");
+
+ xgetstr(locuser, sizeof(locuser), "locuser");
+ xgetstr(cmdbuf, sizeof(cmdbuf), "command");
+ setpwent();
+ pwd = k_getpwnam(locuser);
+ if (pwd == NULL) {
+ syslog(LOG_INFO|LOG_AUTH,
+ "%s@%s as %s: unknown login. cmd='%.80s'",
+ remuser, remotehost, locuser, cmdbuf);
+ if (errorstr == NULL)
+ errorstr = "Login incorrect.\n";
+ goto fail;
+ }
+ if (pwd->pw_uid == 0 && strcmp("root", locuser) != 0)
+ {
+ syslog(LOG_ALERT, "NIS attack, user %s has uid 0", locuser);
+ if (errorstr == NULL)
+ errorstr = "Login incorrect.\n";
+ goto fail;
+ }
+ if (chdir(pwd->pw_dir) < 0) {
+ chdir("/");
+#ifdef notdef
+ syslog(LOG_INFO|LOG_AUTH,
+ "%s@%s as %s: no home directory. cmd='%.80s'",
+ remuser, remotehost, locuser, cmdbuf);
+ error("No remote directory.\n");
+ exit(1);
+#endif
+ }
+
+ if (use_kerberos) {
+ if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') {
+ if (kuserok(kdata, locuser) != 0) {
+ syslog(LOG_INFO|LOG_AUTH,
+ "Kerberos rsh denied to %s",
+ krb_unparse_name_long(kdata->pname,
+ kdata->pinst,
+ kdata->prealm));
+ error("Permission denied.\n");
+ exit(1);
+ }
+ }
+ } else
+
+ if (errorstr ||
+ pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
+ iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0,
+ remuser, locuser) < 0) {
+ if (__rcmd_errstr)
+ syslog(LOG_INFO|LOG_AUTH,
+ "%s@%s as %s: permission denied (%s). cmd='%.80s'",
+ remuser, remotehost, locuser,
+ __rcmd_errstr, cmdbuf);
+ else
+ syslog(LOG_INFO|LOG_AUTH,
+ "%s@%s as %s: permission denied. cmd='%.80s'",
+ remuser, remotehost, locuser, cmdbuf);
+ fail:
+ if (errorstr == NULL)
+ errorstr = "Permission denied.\n";
+ error(errorstr, errorhost);
+ exit(1);
+ }
+
+ if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) {
+ error("Logins currently disabled.\n");
+ exit(1);
+ }
+
+ write(STDERR_FILENO, "\0", 1);
+ sent_null = 1;
+
+ if (port) {
+ if (pipe(pv) < 0) {
+ error("Can't make pipe.\n");
+ exit(1);
+ }
+ if (doencrypt) {
+ if (pipe(pv1) < 0) {
+ error("Can't make 2nd pipe.\n");
+ exit(1);
+ }
+ if (pipe(pv2) < 0) {
+ error("Can't make 3rd pipe.\n");
+ exit(1);
+ }
+ }
+ pid = fork();
+ if (pid == -1) {
+ error("Can't fork; try again.\n");
+ exit(1);
+ }
+ if (pid) {
+ if (doencrypt) {
+ static char msg[] = SECURE_MESSAGE;
+ close(pv1[1]);
+ close(pv2[0]);
+#ifndef NOENCRYPTION
+ des_enc_write(s, msg, sizeof(msg) - 1, schedule, &kdata->session);
+#else
+ write(s, msg, sizeof(msg) - 1);
+#endif
+ } else {
+ close(0);
+ close(1);
+ }
+ close(2);
+ close(pv[1]);
+
+ FD_ZERO(&readfrom);
+ FD_SET(s, &readfrom);
+ FD_SET(pv[0], &readfrom);
+ if (pv[0] > s)
+ nfd = pv[0];
+ else
+ nfd = s;
+ if (doencrypt) {
+ FD_ZERO(&writeto);
+ FD_SET(pv2[1], &writeto);
+ FD_SET(pv1[0], &readfrom);
+ FD_SET(STDIN_FILENO, &readfrom);
+
+ nfd = max(nfd, pv2[1]);
+ nfd = max(nfd, pv1[0]);
+ } else
+ ioctl(pv[0], FIONBIO, (char *)&one);
+
+ /* should set s nbio! */
+ nfd++;
+ do {
+ ready = readfrom;
+ if (doencrypt) {
+ wready = writeto;
+ if (select(nfd, &ready,
+ &wready, 0,
+ (struct timeval *) 0) < 0)
+ break;
+ } else
+ if (select(nfd, &ready, 0,
+ 0, (struct timeval *)0) < 0)
+ break;
+ if (FD_ISSET(s, &ready)) {
+ int ret;
+ if (doencrypt)
+#ifndef NOENCRYPTION
+ ret = des_enc_read(s, &sig, 1, schedule, &kdata->session);
+#else
+ ret = read(s, &sig, 1);
+#endif
+ else
+ ret = read(s, &sig, 1);
+ if (ret <= 0)
+ FD_CLR(s, &readfrom);
+ else
+ kill(-pid, sig);
+ }
+ if (FD_ISSET(pv[0], &ready)) {
+ errno = 0;
+ cc = read(pv[0], buf, sizeof(buf));
+ if (cc <= 0) {
+ shutdown(s, 1+1);
+ FD_CLR(pv[0], &readfrom);
+ } else {
+ if (doencrypt)
+#ifndef NOENCRYPTION
+ des_enc_write(s, buf, cc, schedule, &kdata->session);
+#else
+ write(s, buf, cc);
+#endif
+ else
+ (void)
+ write(s, buf, cc);
+ }
+ }
+ if (doencrypt && FD_ISSET(pv1[0], &ready)) {
+ errno = 0;
+ cc = read(pv1[0], buf, sizeof(buf));
+ if (cc <= 0) {
+ shutdown(pv1[0], 1+1);
+ FD_CLR(pv1[0], &readfrom);
+ } else
+#ifndef NOENCRYPTION
+ des_enc_write(STDOUT_FILENO, buf, cc, schedule, &kdata->session);
+#else
+ write(STDOUT_FILENO, buf, cc);
+#endif
+ }
+
+ if (doencrypt
+ && FD_ISSET(STDIN_FILENO, &ready)
+ && FD_ISSET(pv2[1], &wready)) {
+ errno = 0;
+#ifndef NOENCRYPTION
+ cc = des_enc_read(STDIN_FILENO, buf, sizeof(buf), schedule, &kdata->session);
+#else
+ cc = read(STDIN_FILENO, buf, sizeof(buf));
+#endif
+ if (cc <= 0) {
+ shutdown(STDIN_FILENO, 0);
+ FD_CLR(STDIN_FILENO, &readfrom);
+ close(pv2[1]);
+ FD_CLR(pv2[1], &writeto);
+ } else
+ write(pv2[1], buf, cc);
+ }
+
+ } while (FD_ISSET(s, &readfrom) ||
+ (doencrypt && FD_ISSET(pv1[0], &readfrom)) ||
+ FD_ISSET(pv[0], &readfrom));
+ exit(0);
+ }
+ setsid();
+ close(s);
+ close(pv[0]);
+ if (doencrypt) {
+ close(pv1[0]);
+ close(pv2[1]);
+ dup2(pv1[1], 1);
+ dup2(pv2[0], 0);
+ close(pv1[1]);
+ close(pv2[0]);
+ }
+ dup2(pv[1], 2);
+ close(pv[1]);
+ }
+ if (*pwd->pw_shell == '\0')
+ pwd->pw_shell = _PATH_BSHELL;
+#ifdef HAVE_SETLOGIN
+ if (setlogin(pwd->pw_name) < 0)
+ syslog(LOG_ERR, "setlogin() failed: %m");
+#endif
+
+#ifdef HAVE_SETPCRED
+ if (setpcred (pwd->pw_name, NULL) == -1)
+ syslog(LOG_ERR, "setpcred() failure: %m");
+#endif /* HAVE_SETPCRED */
+ setgid((gid_t)pwd->pw_gid);
+ initgroups(pwd->pw_name, pwd->pw_gid);
+ setuid((uid_t)pwd->pw_uid);
+ strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
+
+ /* Need to extend path to find rcp */
+ strncat(path, BINDIR, sizeof(path)-1);
+ strncat(path, ":", sizeof(path)-1);
+ strncat(path, _PATH_DEFPATH, sizeof(path)-1);
+ path[sizeof(path)-1] = '\0';
+
+ strncat(shell, pwd->pw_shell, sizeof(shell)-7);
+ strncat(username, pwd->pw_name, sizeof(username)-6);
+ cp = strrchr(pwd->pw_shell, '/');
+ if (cp)
+ cp++;
+ else
+ cp = pwd->pw_shell;
+ endpwent();
+ if (log_success || pwd->pw_uid == 0) {
+ if (use_kerberos)
+ syslog(LOG_INFO|LOG_AUTH,
+ "Kerberos shell from %s on %s as %s, cmd='%.80s'",
+ krb_unparse_name_long(kdata->pname,
+ kdata->pinst,
+ kdata->prealm),
+ remotehost, locuser, cmdbuf);
+ else
+ syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'",
+ remuser, remotehost, locuser, cmdbuf);
+ }
+ if (k_hasafs()) {
+ if (new_pag)
+ k_setpag(); /* Put users process in an new pag */
+ k_afsklog(0, 0);
+ }
+ execle(pwd->pw_shell, cp, "-c", cmdbuf, 0, envinit);
+ err(1, pwd->pw_shell);
+}
+
+/*
+ * Report error to client. Note: can't be used until second socket has
+ * connected to client, or older clients will hang waiting for that
+ * connection first.
+ */
+
+static void
+error(const char *fmt, ...)
+{
+ va_list ap;
+ int len;
+ char *bp, buf[BUFSIZ];
+
+ va_start(ap, fmt);
+ bp = buf;
+ if (sent_null == 0) {
+ *bp++ = 1;
+ len = 1;
+ } else
+ len = 0;
+ len = vsnprintf (bp, sizeof(buf) - len, fmt, ap);
+ write (STDERR_FILENO, buf, len);
+ va_end(ap);
+}
+
+static void
+usage()
+{
+
+ syslog(LOG_ERR,
+ "usage: rshd [-alnkvxLPi] [-p port]");
+ exit(2);
+}
diff --git a/crypto/kerberosIV/appl/bsd/stty_default.c b/crypto/kerberosIV/appl/bsd/stty_default.c
new file mode 100644
index 000000000000..b7112c1b6943
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/stty_default.c
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: stty_default.c,v 1.6 1997/04/01 08:17:17 joda Exp $");
+
+#include <termios.h>
+
+/* HP-UX 9.0 termios doesn't define these */
+#ifndef FLUSHO
+#define FLUSHO 0
+#endif
+
+#ifndef XTABS
+#define XTABS 0
+#endif
+
+#ifndef OXTABS
+#define OXTABS XTABS
+#endif
+
+/* Ultrix... */
+#ifndef ECHOPRT
+#define ECHOPRT 0
+#endif
+
+#ifndef ECHOCTL
+#define ECHOCTL 0
+#endif
+
+#ifndef ECHOKE
+#define ECHOKE 0
+#endif
+
+#ifndef IMAXBEL
+#define IMAXBEL 0
+#endif
+
+#define Ctl(x) ((x) ^ 0100)
+
+void
+stty_default(void)
+{
+ struct termios termios;
+
+ /*
+ * Finalize the terminal settings. Some systems default to 8 bits,
+ * others to 7, so we should leave that alone.
+ */
+ tcgetattr(0, &termios);
+
+ termios.c_iflag |= (BRKINT|IGNPAR|ICRNL|IXON|IMAXBEL);
+ termios.c_iflag &= ~IXANY;
+
+ termios.c_lflag |= (ISIG|IEXTEN|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE);
+ termios.c_lflag &= ~(ECHOPRT|TOSTOP|FLUSHO);
+
+ termios.c_oflag |= (OPOST|ONLCR);
+ termios.c_oflag &= ~OXTABS;
+
+ termios.c_cc[VINTR] = Ctl('C');
+ termios.c_cc[VERASE] = Ctl('H');
+ termios.c_cc[VKILL] = Ctl('U');
+ termios.c_cc[VEOF] = Ctl('D');
+
+ termios.c_cc[VSUSP] = Ctl('Z');
+
+ tcsetattr(0, TCSANOW, &termios);
+}
diff --git a/crypto/kerberosIV/appl/bsd/su.c b/crypto/kerberosIV/appl/bsd/su.c
new file mode 100644
index 000000000000..8c610e1d3036
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/su.c
@@ -0,0 +1,452 @@
+/*
+ * Copyright (c) 1988 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID ("$Id: su.c,v 1.59 1997/05/26 17:45:54 bg Exp $");
+
+#ifdef SYSV_SHADOW
+#include "sysv_shadow.h"
+#endif
+
+static int kerberos (char *username, char *user, int uid);
+static int chshell (char *sh);
+static char *ontty (void);
+static int koktologin (char *name, char *realm, char *toname);
+static int chshell (char *sh);
+
+/* Handle '-' option after all the getopt options */
+#define ARGSTR "Kflmi:"
+
+static int use_kerberos = 1;
+static char *root_inst = "root";
+
+int
+main (int argc, char **argv)
+{
+ struct passwd *pwd;
+ char *p, **g;
+ struct group *gr;
+ uid_t ruid;
+ int asme, ch, asthem, fastlogin, prio;
+ enum { UNSET, YES, NO } iscsh = UNSET;
+ char *user, *shell, *avshell, *username, **np;
+ char shellbuf[MaxPathLen], avshellbuf[MaxPathLen];
+
+ set_progname (argv[0]);
+
+ asme = asthem = fastlogin = 0;
+ while ((ch = getopt (argc, argv, ARGSTR)) != EOF)
+ switch ((char) ch) {
+ case 'K':
+ use_kerberos = 0;
+ break;
+ case 'f':
+ fastlogin = 1;
+ break;
+ case 'l':
+ asme = 0;
+ asthem = 1;
+ break;
+ case 'm':
+ asme = 1;
+ asthem = 0;
+ break;
+ case 'i':
+ root_inst = optarg;
+ break;
+ case '?':
+ default:
+ fprintf (stderr,
+ "usage: su [-Kflm] [-i root-instance] [-] [login]\n");
+ exit (1);
+ }
+ /* Don't handle '-' option with getopt */
+ if (optind < argc && strcmp (argv[optind], "-") == 0) {
+ asme = 0;
+ asthem = 1;
+ optind++;
+ }
+ argv += optind;
+
+ if (use_kerberos) {
+ int fd = open (KEYFILE, O_RDONLY);
+
+ if (fd >= 0)
+ close (fd);
+ else
+ use_kerberos = 0;
+ }
+ errno = 0;
+ prio = getpriority (PRIO_PROCESS, 0);
+ if (errno)
+ prio = 0;
+ setpriority (PRIO_PROCESS, 0, -2);
+ openlog ("su", LOG_CONS, 0);
+
+ /* get current login name and shell */
+ ruid = getuid ();
+ username = getlogin ();
+ if (username == NULL || (pwd = k_getpwnam (username)) == NULL ||
+ pwd->pw_uid != ruid)
+ pwd = k_getpwuid (ruid);
+ if (pwd == NULL)
+ errx (1, "who are you?");
+ username = strdup (pwd->pw_name);
+ if (asme)
+ if (pwd->pw_shell && *pwd->pw_shell)
+ shell = strcpy (shellbuf, pwd->pw_shell);
+ else {
+ shell = _PATH_BSHELL;
+ iscsh = NO;
+ }
+
+ /* get target login information, default to root */
+ user = *argv ? *argv : "root";
+ np = *argv ? argv : argv - 1;
+
+ pwd = k_getpwnam (user);
+ if (pwd == NULL)
+ errx (1, "unknown login %s", user);
+ if (pwd->pw_uid == 0 && strcmp ("root", user) != 0) {
+ syslog (LOG_ALERT, "NIS attack, user %s has uid 0", user);
+ errx (1, "unknown login %s", user);
+ }
+ if (!use_kerberos || kerberos (username, user, pwd->pw_uid)) {
+#ifndef PASSWD_FALLBACK
+ errx (1, "won't use /etc/passwd authentication");
+#endif
+ /* getpwnam() is not reentrant and kerberos might use it! */
+ pwd = k_getpwnam (user);
+ if (pwd == NULL)
+ errx (1, "unknown login %s", user);
+ /* only allow those in group zero to su to root. */
+ if (pwd->pw_uid == 0 && (gr = getgrgid ((gid_t) 0)))
+ for (g = gr->gr_mem;; ++g) {
+ if (!*g) {
+#if 1
+ /* if group 0 is empty or only
+ contains root su is still ok. */
+ if (gr->gr_mem[0] == 0)
+ break; /* group 0 is empty */
+ if (gr->gr_mem[1] == 0 &&
+ strcmp (gr->gr_mem[0], "root") == 0)
+ break; /* only root in group 0 */
+#endif
+ errx (1, "you are not in the correct group to su %s.",
+ user);
+ }
+ if (!strcmp (username, *g))
+ break;
+ }
+ /* if target requires a password, verify it */
+ if (ruid && *pwd->pw_passwd) {
+ char prompt[128];
+ char passwd[256];
+
+ snprintf (prompt, sizeof(prompt), "%s's Password: ", pwd->pw_name);
+ if (des_read_pw_string (passwd, sizeof (passwd),
+ prompt, 0)) {
+ memset (passwd, 0, sizeof (passwd));
+ exit (1);
+ }
+ if (strcmp (pwd->pw_passwd,
+ crypt (passwd, pwd->pw_passwd))) {
+ memset (passwd, 0, sizeof (passwd));
+ syslog (LOG_AUTH | LOG_WARNING,
+ "BAD SU %s to %s%s", username,
+ user, ontty ());
+ errx (1, "Sorry");
+ }
+ memset (passwd, 0, sizeof (passwd));
+ }
+ }
+ if (asme) {
+ /* if asme and non-standard target shell, must be root */
+ if (!chshell (pwd->pw_shell) && ruid)
+ errx (1, "permission denied (shell '%s' not in /etc/shells).",
+ pwd->pw_shell);
+ } else if (pwd->pw_shell && *pwd->pw_shell) {
+ shell = pwd->pw_shell;
+ iscsh = UNSET;
+ } else {
+ shell = _PATH_BSHELL;
+ iscsh = NO;
+ }
+
+ if ((p = strrchr (shell, '/')) != 0)
+ avshell = p + 1;
+ else
+ avshell = shell;
+
+ /* if we're forking a csh, we want to slightly muck the args */
+ if (iscsh == UNSET)
+ iscsh = strcmp (avshell, "csh") ? NO : YES;
+
+ /* set permissions */
+
+ if (setgid (pwd->pw_gid) < 0)
+ err (1, "setgid");
+ if (initgroups (user, pwd->pw_gid))
+ errx (1, "initgroups failed.");
+
+ if (setuid (pwd->pw_uid) < 0)
+ err (1, "setuid");
+
+ if (!asme) {
+ if (asthem) {
+ char *k = getenv ("KRBTKFILE");
+ char *t = getenv ("TERM");
+
+ environ = malloc (10 * sizeof (char *));
+ environ[0] = NULL;
+ setenv ("PATH", _PATH_DEFPATH, 1);
+ if (t)
+ setenv ("TERM", t, 1);
+ if (k)
+ setenv ("KRBTKFILE", k, 1);
+ if (chdir (pwd->pw_dir) < 0)
+ errx (1, "no directory");
+ }
+ if (asthem || pwd->pw_uid)
+ setenv ("USER", pwd->pw_name, 1);
+ setenv ("HOME", pwd->pw_dir, 1);
+ setenv ("SHELL", shell, 1);
+ }
+ if (iscsh == YES) {
+ if (fastlogin)
+ *np-- = "-f";
+ if (asme)
+ *np-- = "-m";
+ }
+ if (asthem) {
+ avshellbuf[0] = '-';
+ strcpy (avshellbuf + 1, avshell);
+ avshell = avshellbuf;
+ } else if (iscsh == YES) {
+ /* csh strips the first character... */
+ avshellbuf[0] = '_';
+ strcpy (avshellbuf + 1, avshell);
+ avshell = avshellbuf;
+ }
+ *np = avshell;
+
+ if (ruid != 0)
+ syslog (LOG_NOTICE | LOG_AUTH, "%s to %s%s",
+ username, user, ontty ());
+
+ setpriority (PRIO_PROCESS, 0, prio);
+
+ if (k_hasafs ()) {
+ int code;
+
+ if (k_setpag () != 0)
+ warn ("setpag");
+ code = k_afsklog (0, 0);
+ if (code != KSUCCESS && code != KDC_PR_UNKNOWN)
+ warnx ("afsklog: %s", krb_get_err_text (code));
+ }
+ execv (shell, np);
+ warn ("execv(%s)", shell);
+ if (getuid () == 0) {
+ execv (_PATH_BSHELL, np);
+ warn ("execv(%s)", _PATH_BSHELL);
+ }
+ exit (1);
+}
+
+static int
+chshell (char *sh)
+{
+ char *cp;
+
+ while ((cp = getusershell ()) != NULL)
+ if (!strcmp (cp, sh))
+ return (1);
+ return (0);
+}
+
+static char *
+ontty (void)
+{
+ char *p;
+ static char buf[MaxPathLen + 4];
+
+ buf[0] = 0;
+ if ((p = ttyname (STDERR_FILENO)) != 0)
+ snprintf (buf, sizeof(buf), " on %s", p);
+ return (buf);
+}
+
+static int
+kerberos (char *username, char *user, int uid)
+{
+ KTEXT_ST ticket;
+ AUTH_DAT authdata;
+ struct hostent *hp;
+ int kerno;
+ u_long faddr;
+ char lrealm[REALM_SZ], krbtkfile[MaxPathLen];
+ char hostname[MaxHostNameLen], savehost[MaxHostNameLen];
+
+ if (krb_get_lrealm (lrealm, 1) != KSUCCESS)
+ return (1);
+ if (koktologin (username, lrealm, user) && !uid) {
+#ifndef PASSWD_FALLBACK
+ warnx ("not in %s's ACL.", user);
+#endif
+ return (1);
+ }
+ snprintf (krbtkfile, sizeof(krbtkfile),
+ "%s_%s_to_%s_%u", TKT_ROOT, username, user,
+ (unsigned) getpid ());
+
+ setenv ("KRBTKFILE", krbtkfile, 1);
+ krb_set_tkt_string (krbtkfile);
+ /*
+ * Little trick here -- if we are su'ing to root, we need to get a ticket
+ * for "xxx.root", where xxx represents the name of the person su'ing.
+ * Otherwise (non-root case), we need to get a ticket for "yyy.", where
+ * yyy represents the name of the person being su'd to, and the instance
+ * is null
+ *
+ * We should have a way to set the ticket lifetime, with a system default
+ * for root.
+ */
+ {
+ char prompt[128];
+ char passw[256];
+
+ snprintf (prompt, sizeof(prompt),
+ "%s's Password: ",
+ krb_unparse_name_long ((uid == 0 ? username : user),
+ (uid == 0 ? root_inst : ""),
+ lrealm));
+ if (des_read_pw_string (passw, sizeof (passw), prompt, 0)) {
+ memset (passw, 0, sizeof (passw));
+ return (1);
+ }
+ if (strlen(passw) == 0)
+ return (1); /* Empty passwords is not allowed */
+ kerno = krb_get_pw_in_tkt ((uid == 0 ? username : user),
+ (uid == 0 ? root_inst : ""), lrealm,
+ KRB_TICKET_GRANTING_TICKET,
+ lrealm,
+ DEFAULT_TKT_LIFE,
+ passw);
+ memset (passw, 0, strlen (passw));
+ }
+
+ if (kerno != KSUCCESS) {
+ if (kerno == KDC_PR_UNKNOWN) {
+ warnx ("principal unknown: %s",
+ krb_unparse_name_long ((uid == 0 ? username : user),
+ (uid == 0 ? root_inst : ""),
+ lrealm));
+ return (1);
+ }
+ warnx ("unable to su: %s", krb_get_err_text (kerno));
+ syslog (LOG_NOTICE | LOG_AUTH,
+ "BAD SU: %s to %s%s: %s",
+ username, user, ontty (), krb_get_err_text (kerno));
+ return (1);
+ }
+ if (chown (krbtkfile, uid, -1) < 0) {
+ warn ("chown");
+ unlink (krbtkfile);
+ return (1);
+ }
+ setpriority (PRIO_PROCESS, 0, -2);
+
+ if (k_gethostname (hostname, sizeof (hostname)) == -1) {
+ warn ("gethostname");
+ dest_tkt ();
+ return (1);
+ }
+ strncpy (savehost, krb_get_phost (hostname), sizeof (savehost));
+ savehost[sizeof (savehost) - 1] = '\0';
+
+ kerno = krb_mk_req (&ticket, "rcmd", savehost, lrealm, 33);
+
+ if (kerno == KDC_PR_UNKNOWN) {
+ warnx ("Warning: TGT not verified.");
+ syslog (LOG_NOTICE | LOG_AUTH,
+ "%s to %s%s, TGT not verified (%s); "
+ "%s.%s not registered?",
+ username, user, ontty (), krb_get_err_text (kerno),
+ "rcmd", savehost);
+#ifdef KLOGIN_PARANOID
+ /*
+ * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host, *
+ * don't allow kerberos login, also log the error condition.
+ */
+ warnx ("Trying local password!");
+ return (1);
+#endif
+ } else if (kerno != KSUCCESS) {
+ warnx ("Unable to use TGT: %s", krb_get_err_text (kerno));
+ syslog (LOG_NOTICE | LOG_AUTH, "failed su: %s to %s%s: %s",
+ username, user, ontty (), krb_get_err_text (kerno));
+ dest_tkt ();
+ return (1);
+ } else {
+ if (!(hp = gethostbyname (hostname))) {
+ warnx ("can't get addr of %s", hostname);
+ dest_tkt ();
+ return (1);
+ }
+ memcpy (&faddr, hp->h_addr, sizeof (faddr));
+
+ if ((kerno = krb_rd_req (&ticket, "rcmd", savehost, faddr,
+ &authdata, "")) != KSUCCESS) {
+ warnx ("unable to verify rcmd ticket: %s",
+ krb_get_err_text (kerno));
+ syslog (LOG_NOTICE | LOG_AUTH,
+ "failed su: %s to %s%s: %s", username,
+ user, ontty (), krb_get_err_text (kerno));
+ dest_tkt ();
+ return (1);
+ }
+ }
+ fprintf (stderr, "Don't forget to kdestroy before exiting the shell.\n");
+ return (0);
+}
+
+static int
+koktologin (char *name, char *realm, char *toname)
+{
+ return krb_kuserok (name,
+ strcmp (toname, "root") == 0 ? root_inst : "",
+ realm,
+ toname);
+}
diff --git a/crypto/kerberosIV/appl/bsd/sysv_default.c b/crypto/kerberosIV/appl/bsd/sysv_default.c
new file mode 100644
index 000000000000..cb36b849454f
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/sysv_default.c
@@ -0,0 +1,95 @@
+/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: sysv_default.c,v 1.9 1997/03/31 01:47:59 assar Exp $");
+
+#include "sysv_default.h"
+
+ /*
+ * Default values for stuff that can be read from the defaults file. The
+ * SunOS 5.1 documentation is incomplete and often disagrees with reality.
+ */
+
+static char default_umask_value[] = "022";
+
+char *default_console = 0;
+char *default_altsh = "YES";
+char *default_passreq = "NO";
+char *default_timezone= 0;
+char *default_hz = 0;
+char *default_path = _PATH_DEFPATH;
+char *default_supath = _PATH_DEFSUPATH;
+char *default_ulimit = 0;
+char *default_timeout = "60";
+char *default_umask = default_umask_value;
+char *default_sleep = "4";
+char *default_maxtrys = "5";
+
+static struct sysv_default {
+ char **valptr;
+ char *prefix;
+ int prefix_len;
+} defaults[] = {
+ {&default_console, "CONSOLE=", sizeof("CONSOLE=") -1},
+ {&default_altsh, "ALTSHELL=", sizeof("ALTSHELL=") -1},
+ {&default_passreq, "PASSREQ=", sizeof("PASSREQ=") -1},
+ {&default_timezone, "TIMEZONE=", sizeof("TIMEZONE=") -1},
+ {&default_hz, "HZ=", sizeof("HZ=") -1},
+ {&default_path, "PATH=", sizeof("PATH=") -1},
+ {&default_supath, "SUPATH=", sizeof("SUPATH=") -1},
+ {&default_ulimit, "ULIMIT=", sizeof("ULIMIT=") -1},
+ {&default_timeout, "TIMEOUT=", sizeof("TIMEOUT=") -1},
+ {&default_umask, "UMASK=", sizeof("UMASK=") -1},
+ {&default_sleep, "SLEEPTIME=", sizeof("SLEEPTIME=") -1},
+ {&default_maxtrys, "MAXTRYS=", sizeof("MAXTRYS=") -1},
+ {0},
+};
+
+#define trim(s) { \
+ char *cp = s + strlen(s); \
+ while (cp > s && isspace(cp[-1])) \
+ cp--; \
+ *cp = 0; \
+}
+
+/* sysv_defaults - read login defaults file */
+
+void
+sysv_defaults()
+{
+ struct sysv_default *dp;
+ FILE *fp;
+ char buf[BUFSIZ];
+
+ if ((fp = fopen(_PATH_ETC_DEFAULT_LOGIN, "r"))) {
+
+ /* Stupid quadratic algorithm. */
+
+ while (fgets(buf, sizeof(buf), fp)) {
+
+ /* Skip comments and blank lines. */
+
+ if (buf[0] == '#')
+ continue;
+ trim(buf);
+ if (buf[0] == 0)
+ continue;
+
+ /* Assign defaults from file. */
+
+#define STREQN(x,y,l) (x[0] == y[0] && strncmp(x,y,l) == 0)
+
+ for (dp = defaults; dp->valptr; dp++) {
+ if (STREQN(buf, dp->prefix, dp->prefix_len)) {
+ if ((*(dp->valptr) = strdup(buf + dp->prefix_len)) == 0) {
+ warnx("Insufficient memory resources - try later.");
+ sleepexit(1);
+ }
+ break;
+ }
+ }
+ }
+ fclose(fp);
+ }
+}
diff --git a/crypto/kerberosIV/appl/bsd/sysv_default.h b/crypto/kerberosIV/appl/bsd/sysv_default.h
new file mode 100644
index 000000000000..00560594d3c9
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/sysv_default.h
@@ -0,0 +1,18 @@
+/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
+
+/* $Id: sysv_default.h,v 1.5 1996/10/27 23:51:14 assar Exp $ */
+
+extern char *default_console;
+extern char *default_altsh;
+extern char *default_passreq;
+extern char *default_timezone;
+extern char *default_hz;
+extern char *default_path;
+extern char *default_supath;
+extern char *default_ulimit;
+extern char *default_timeout;
+extern char *default_umask;
+extern char *default_sleep;
+extern char *default_maxtrys;
+
+void sysv_defaults(void);
diff --git a/crypto/kerberosIV/appl/bsd/sysv_environ.c b/crypto/kerberosIV/appl/bsd/sysv_environ.c
new file mode 100644
index 000000000000..f5e782d0da38
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/sysv_environ.c
@@ -0,0 +1,192 @@
+/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: sysv_environ.c,v 1.21 1997/05/14 17:34:15 joda Exp $");
+
+#ifdef HAVE_ULIMIT_H
+#include <ulimit.h>
+#endif
+
+#ifndef UL_SETFSIZE
+#define UL_SETFSIZE 2
+#endif
+
+#include "sysv_default.h"
+
+/*
+ * Set
+ */
+
+static void
+read_etc_environment (void)
+{
+ FILE *f;
+ char buf[BUFSIZ];
+
+ f = fopen(_PATH_ETC_ENVIRONMENT, "r");
+ if (f) {
+ char *val;
+
+ while (fgets (buf, sizeof(buf), f) != NULL) {
+ if (buf[0] == '\n' || buf[0] == '#')
+ continue;
+ buf[strlen(buf) - 1] = '\0';
+ val = strchr (buf, '=');
+ if (val == NULL)
+ continue;
+ *val = '\0';
+ setenv(buf, val + 1, 1);
+ }
+ fclose (f);
+ }
+}
+
+ /*
+ * Environment variables that are preserved (but may still be overruled by
+ * other means). Only TERM and TZ appear to survive (SunOS 5.1). These are
+ * typically inherited from the ttymon process.
+ */
+
+static struct preserved {
+ char *name;
+ char *value;
+} preserved[] = {
+ {"TZ", 0},
+ {"TERM", 0},
+ {0},
+};
+
+ /*
+ * Environment variables that are not preserved and that cannot be specified
+ * via commandline or stdin. Except for the LD_xxx (runtime linker) stuff,
+ * the list applies to most SYSV systems. The manpage mentions only that
+ * SHELL and PATH are censored. HOME, LOGNAME and MAIL are always
+ * overwritten; they are in the list to make the censoring explicit.
+ */
+
+static struct censored {
+ char *prefix;
+ int length;
+} censored[] = {
+ {"SHELL=", sizeof("SHELL=") - 1},
+ {"HOME=", sizeof("HOME=") - 1},
+ {"LOGNAME=", sizeof("LOGNAME=") - 1},
+ {"MAIL=", sizeof("MAIL=") - 1},
+ {"CDPATH=", sizeof("CDPATH=") - 1},
+ {"IFS=", sizeof("IFS=") - 1},
+ {"PATH=", sizeof("PATH=") - 1},
+ {"LD_", sizeof("LD_") - 1},
+ {0},
+};
+
+/* sysv_newenv - set up final environment after logging in */
+
+void sysv_newenv(int argc, char **argv, struct passwd *pwd,
+ char *term, int pflag)
+{
+ unsigned umask_val;
+ long limit_val;
+ char buf[BUFSIZ];
+ int count = 0;
+ struct censored *cp;
+ struct preserved *pp;
+
+ /* Preserve a selection of the environment. */
+
+ for (pp = preserved; pp->name; pp++)
+ pp->value = getenv(pp->name);
+
+ /*
+ * Note: it is a bad idea to assign a static array to the global environ
+ * variable. Reason is that putenv() can run into problems when it tries
+ * to realloc() the environment table. Instead, we just clear environ[0]
+ * and let putenv() work things out.
+ */
+
+ if (!pflag && environ)
+ environ[0] = 0;
+
+ /* Restore preserved environment variables. */
+
+ for (pp = preserved; pp->name; pp++)
+ if (pp->value)
+ setenv(pp->name, pp->value, 1);
+
+ /* The TERM definition from e.g. rlogind can override an existing one. */
+
+ if (term[0])
+ setenv("TERM", term, 1);
+
+ /*
+ * Environment definitions from the command line overrule existing ones,
+ * but can be overruled by definitions from stdin. Some variables are
+ * censored.
+ *
+ * Omission: we do not support environment definitions from stdin.
+ */
+
+#define STREQN(x,y,l) (x[0] == y[0] && strncmp(x,y,l) == 0)
+
+ while (argc && *argv) {
+ if (strchr(*argv, '=') == 0) {
+ snprintf(buf, sizeof(buf), "L%d", count++);
+ setenv(buf, *argv, 1);
+ } else {
+ for (cp = censored; cp->prefix; cp++)
+ if (STREQN(*argv, cp->prefix, cp->length))
+ break;
+ if (cp->prefix == 0)
+ putenv(*argv);
+ }
+ argc--, argv++;
+ }
+
+ /* PATH is always reset. */
+
+ setenv("PATH", pwd->pw_uid ? default_path : default_supath, 1);
+
+ /* Undocumented: HOME, MAIL and LOGNAME are always reset (SunOS 5.1). */
+
+ setenv("HOME", pwd->pw_dir, 1);
+ {
+ char *sep = "/";
+ if(KRB4_MAILDIR[strlen(KRB4_MAILDIR) - 1] == '/')
+ sep = "";
+ k_concat(buf, sizeof(buf), KRB4_MAILDIR, sep, pwd->pw_name, NULL);
+ }
+ setenv("MAIL", buf, 1);
+ setenv("LOGNAME", pwd->pw_name, 1);
+ setenv("USER", pwd->pw_name, 1);
+
+ /*
+ * Variables that may be set according to specifications in the defaults
+ * file. HZ and TZ are set only if they are still uninitialized.
+ *
+ * Extension: when ALTSHELL=YES, we set the SHELL variable even if it is
+ * /bin/sh.
+ */
+
+ if (strcasecmp(default_altsh, "YES") == 0)
+ setenv("SHELL", pwd->pw_shell, 1);
+ if (default_hz)
+ setenv("HZ", default_hz, 0);
+ if (default_timezone)
+ setenv("TZ", default_timezone, 0);
+
+ /* Non-environment stuff. */
+
+ if (default_umask) {
+ if (sscanf(default_umask, "%o", &umask_val) == 1 && umask_val)
+ umask(umask_val);
+ }
+#ifdef HAVE_ULIMIT
+ if (default_ulimit) {
+ if (sscanf(default_ulimit, "%ld", &limit_val) == 1 && limit_val)
+ if (ulimit(UL_SETFSIZE, limit_val) < 0)
+ warn ("ulimit(UL_SETFSIZE, %ld)", limit_val);
+ }
+#endif
+ read_etc_environment();
+}
+
diff --git a/crypto/kerberosIV/appl/bsd/sysv_shadow.c b/crypto/kerberosIV/appl/bsd/sysv_shadow.c
new file mode 100644
index 000000000000..68394414129c
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/sysv_shadow.c
@@ -0,0 +1,45 @@
+/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: sysv_shadow.c,v 1.7 1997/03/23 04:56:05 assar Exp $");
+
+#ifdef SYSV_SHADOW
+
+#include <sysv_shadow.h>
+
+/* sysv_expire - check account and password expiration times */
+
+int
+sysv_expire(struct spwd *spwd)
+{
+ long today;
+
+ tzset();
+ today = time(0);
+
+ if (spwd->sp_expire > 0) {
+ if (today > spwd->sp_expire) {
+ printf("Your account has expired.\n");
+ sleepexit(1);
+ } else if (spwd->sp_expire - today < 14) {
+ printf("Your account will expire in %d days.\n",
+ (int)(spwd->sp_expire - today));
+ return (0);
+ }
+ }
+ if (spwd->sp_max > 0) {
+ if (today > (spwd->sp_lstchg + spwd->sp_max)) {
+ printf("Your password has expired. Choose a new one.\n");
+ return (1);
+ } else if (spwd->sp_warn > 0
+ && (today > (spwd->sp_lstchg + spwd->sp_max - spwd->sp_warn))) {
+ printf("Your password will expire in %d days.\n",
+ (int)(spwd->sp_lstchg + spwd->sp_max - today));
+ return (0);
+ }
+ }
+ return (0);
+}
+
+#endif /* SYSV_SHADOW */
diff --git a/crypto/kerberosIV/appl/bsd/sysv_shadow.h b/crypto/kerberosIV/appl/bsd/sysv_shadow.h
new file mode 100644
index 000000000000..4f07b49a0d23
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/sysv_shadow.h
@@ -0,0 +1,5 @@
+/* $Id: sysv_shadow.h,v 1.6 1997/03/23 04:55:51 assar Exp $ */
+
+#include <shadow.h>
+
+extern sysv_expire(struct spwd *);
diff --git a/crypto/kerberosIV/appl/bsd/tty.c b/crypto/kerberosIV/appl/bsd/tty.c
new file mode 100644
index 000000000000..3192426a8a54
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/tty.c
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: tty.c,v 1.2 1997/05/25 01:14:22 assar Exp $");
+
+/*
+ * Clean the tty name. Return a pointer to the cleaned version.
+ */
+
+char *
+clean_ttyname (char *tty)
+{
+ char *res = tty;
+
+ if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0)
+ res += strlen(_PATH_DEV);
+ if (strncmp (res, "pty/", 4) == 0)
+ res += 4;
+ if (strncmp (res, "ptym/", 5) == 0)
+ res += 5;
+ return res;
+}
+
+/*
+ * Generate a name usable as an `ut_id', typically without `tty'.
+ */
+
+char *
+make_id (char *tty)
+{
+ char *res = tty;
+
+ if (strncmp (res, "pts/", 4) == 0)
+ res += 4;
+ if (strncmp (res, "tty", 3) == 0)
+ res += 3;
+ return res;
+}
diff --git a/crypto/kerberosIV/appl/bsd/utmp_login.c b/crypto/kerberosIV/appl/bsd/utmp_login.c
new file mode 100644
index 000000000000..da3f96a99047
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/utmp_login.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: utmp_login.c,v 1.13 1997/05/20 13:46:21 assar Exp $");
+
+void
+prepare_utmp (struct utmp *utmp, char *tty, char *username, char *hostname)
+{
+ char *ttyx = clean_ttyname (tty);
+
+ memset(utmp, 0, sizeof(*utmp));
+ utmp->ut_time = time(NULL);
+ strncpy(utmp->ut_line, ttyx, sizeof(utmp->ut_line));
+ strncpy(utmp->ut_name, username, sizeof(utmp->ut_name));
+
+# ifdef HAVE_UT_USER
+ strncpy(utmp->ut_user, username, sizeof(utmp->ut_user));
+# endif
+
+# ifdef HAVE_UT_ADDR
+ if (hostname[0]) {
+ struct hostent *he;
+ if ((he = gethostbyname(hostname)))
+ memcpy(&utmp->ut_addr, he->h_addr_list[0],
+ sizeof(utmp->ut_addr));
+ }
+# endif
+
+# ifdef HAVE_UT_HOST
+ strncpy(utmp->ut_host, hostname, sizeof(utmp->ut_host));
+# endif
+
+# ifdef HAVE_UT_TYPE
+ utmp->ut_type = USER_PROCESS;
+# endif
+
+# ifdef HAVE_UT_PID
+ utmp->ut_pid = getpid();
+# endif
+
+# ifdef HAVE_UT_ID
+ strncpy(utmp->ut_id, make_id(ttyx), sizeof(utmp->ut_id));
+# endif
+}
+
+#ifdef HAVE_UTMPX_H
+void utmp_login(char *tty, char *username, char *hostname) { return; }
+#else
+
+/* update utmp and wtmp - the BSD way */
+
+void utmp_login(char *tty, char *username, char *hostname)
+{
+ struct utmp utmp;
+ int fd;
+
+ prepare_utmp (&utmp, tty, username, hostname);
+
+#ifdef HAVE_SETUTENT
+ utmpname(_PATH_UTMP);
+ setutent();
+ pututline(&utmp);
+ endutent();
+#else
+
+#ifdef HAVE_TTYSLOT
+ {
+ int ttyno;
+ ttyno = ttyslot();
+ if (ttyno > 0 && (fd = open(_PATH_UTMP, O_WRONLY, 0)) >= 0) {
+ lseek(fd, (long)(ttyno * sizeof(struct utmp)), SEEK_SET);
+ write(fd, &utmp, sizeof(struct utmp));
+ close(fd);
+ }
+ }
+#endif /* HAVE_TTYSLOT */
+#endif /* HAVE_SETUTENT */
+
+ if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
+ write(fd, &utmp, sizeof(struct utmp));
+ close(fd);
+ }
+}
+#endif /* !HAVE_UTMPX_H */
diff --git a/crypto/kerberosIV/appl/bsd/utmpx_login.c b/crypto/kerberosIV/appl/bsd/utmpx_login.c
new file mode 100644
index 000000000000..005eca56b30b
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/utmpx_login.c
@@ -0,0 +1,88 @@
+/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
+
+#include "bsd_locl.h"
+
+RCSID("$Id: utmpx_login.c,v 1.20 1997/06/01 03:13:15 assar Exp $");
+
+/* utmpx_login - update utmp and wtmp after login */
+
+#ifndef HAVE_UTMPX_H
+int utmpx_login(char *line, char *user, char *host) { return 0; }
+#else
+
+static void
+utmpx_update(struct utmpx *ut, char *line, char *user, char *host)
+{
+ struct timeval tmp;
+ char *clean_tty = clean_ttyname(line);
+
+ strncpy(ut->ut_line, clean_tty, sizeof(ut->ut_line));
+#ifdef HAVE_UT_ID
+ strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id));
+#endif
+ strncpy(ut->ut_user, user, sizeof(ut->ut_user));
+ strncpy(ut->ut_host, host, sizeof(ut->ut_host));
+#ifdef HAVE_UT_SYSLEN
+ ut->ut_syslen = strlen(host) + 1;
+ if (ut->ut_syslen > sizeof(ut->ut_host))
+ ut->ut_syslen = sizeof(ut->ut_host);
+#endif
+ ut->ut_type = USER_PROCESS;
+ gettimeofday (&tmp, 0);
+ ut->ut_tv.tv_sec = tmp.tv_sec;
+ ut->ut_tv.tv_usec = tmp.tv_usec;
+ pututxline(ut);
+#ifdef WTMPX_FILE
+ updwtmpx(WTMPX_FILE, ut);
+#elif defined(WTMP_FILE)
+ {
+ struct utmp utmp;
+ int fd;
+
+ prepare_utmp (&utmp, line, user, host);
+ if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
+ write(fd, &utmp, sizeof(struct utmp));
+ close(fd);
+ }
+ }
+#endif
+}
+
+int
+utmpx_login(char *line, char *user, char *host)
+{
+ struct utmpx *ut;
+ pid_t mypid = getpid();
+ int ret = (-1);
+
+ /*
+ * SYSV4 ttymon and login use tty port names with the "/dev/" prefix
+ * stripped off. Rlogind and telnetd, on the other hand, make utmpx
+ * entries with device names like /dev/pts/nnn. We therefore cannot use
+ * getutxline(). Return nonzero if no utmp entry was found with our own
+ * process ID for a login or user process.
+ */
+
+ while ((ut = getutxent())) {
+ /* Try to find a reusable entry */
+ if (ut->ut_pid == mypid
+ && ( ut->ut_type == INIT_PROCESS
+ || ut->ut_type == LOGIN_PROCESS
+ || ut->ut_type == USER_PROCESS)) {
+ utmpx_update(ut, line, user, host);
+ ret = 0;
+ break;
+ }
+ }
+ if (ret == -1) {
+ /* Grow utmpx file by one record. */
+ struct utmpx newut;
+ memset(&newut, 0, sizeof(newut));
+ newut.ut_pid = mypid;
+ utmpx_update(&newut, line, user, host);
+ ret = 0;
+ }
+ endutxent();
+ return (ret);
+}
+#endif /* HAVE_UTMPX_H */
diff --git a/crypto/kerberosIV/appl/ftp/Makefile.in b/crypto/kerberosIV/appl/ftp/Makefile.in
new file mode 100644
index 000000000000..6d0c4207ee48
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/Makefile.in
@@ -0,0 +1,41 @@
+# $Id: Makefile.in,v 1.9 1997/03/23 13:03:54 assar Exp $
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+
+SHELL = /bin/sh
+
+@SET_MAKE@
+
+CC = @CC@
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+
+INSTALL = @INSTALL@
+
+prefix = @prefix@
+
+SUBDIRS=common ftp ftpd
+
+all:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+install: all
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+uninstall:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+clean cleandir:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+distclean:
+ for i in $(SUBDIRS); \
+ do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+ rm -f Makefile *~
diff --git a/crypto/kerberosIV/appl/ftp/common/Makefile.in b/crypto/kerberosIV/appl/ftp/common/Makefile.in
new file mode 100644
index 000000000000..9ce1aa598bd1
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/Makefile.in
@@ -0,0 +1,52 @@
+# $Id: Makefile.in,v 1.17 1997/05/18 20:00:06 assar Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+
+INSTALL = @INSTALL@
+
+prefix = @prefix@
+
+SOURCES = base64.c glob.c sockbuf.c buffer.c
+OBJECTS = $(libcommon_OBJS)
+
+libcommon_OBJS = base64.o glob.o sockbuf.o buffer.o
+
+LIBNAME = $(LIBPREFIX)common
+LIBEXT = a
+LIBPREFIX = @LIBPREFIX@
+LIB = $(LIBNAME).$(LIBEXT)
+
+all: $(LIB)
+
+.c.o:
+ $(CC) -c $(CFLAGS) -I$(srcdir) -I../../../include $(DEFS) $<
+
+$(LIB): $(libcommon_OBJS)
+ rm -f $@
+ ar cr $@ $(libcommon_OBJS)
+ -$(RANLIB) $@
+
+install:
+
+uninstall:
+
+TAGS: $(SOURCES)
+ etags $(SOURCES)
+
+clean cleandir:
+ rm -f *~ *.o libcommon.a core \#*
+
+distclean:
+ rm -f Makefile
+
+$(OBJECTS): ../../../include/config.h
diff --git a/crypto/kerberosIV/appl/ftp/common/base64.c b/crypto/kerberosIV/appl/ftp/common/base64.c
new file mode 100644
index 000000000000..648f32dfd4a5
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/base64.c
@@ -0,0 +1,149 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: base64.c,v 1.6 1997/05/30 17:24:06 assar Exp $");
+#endif
+#include <stdlib.h>
+#include <string.h>
+#include "base64.h"
+
+static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+static int pos(char c)
+{
+ char *p;
+ for(p = base64; *p; p++)
+ if(*p == c)
+ return p - base64;
+ return -1;
+}
+
+int base64_encode(const void *data, int size, char **str)
+{
+ char *s, *p;
+ int i;
+ int c;
+ unsigned char *q;
+
+ p = s = (char*)malloc(size*4/3+4);
+ q = (unsigned char*)data;
+ i=0;
+ for(i = 0; i < size;){
+ c=q[i++];
+ c*=256;
+ if(i < size)
+ c+=q[i];
+ i++;
+ c*=256;
+ if(i < size)
+ c+=q[i];
+ i++;
+ p[0]=base64[(c&0x00fc0000) >> 18];
+ p[1]=base64[(c&0x0003f000) >> 12];
+ p[2]=base64[(c&0x00000fc0) >> 6];
+ p[3]=base64[(c&0x0000003f) >> 0];
+ if(i > size)
+ p[3]='=';
+ if(i > size+1)
+ p[2]='=';
+ p+=4;
+ }
+ *p=0;
+ *str = s;
+ return strlen(s);
+}
+
+int base64_decode(const char *str, void *data)
+{
+ const char *p;
+ unsigned char *q;
+ int c;
+ int x;
+ int done = 0;
+ q=(unsigned char*)data;
+ for(p=str; *p && !done; p+=4){
+ x = pos(p[0]);
+ if(x >= 0)
+ c = x;
+ else{
+ done = 3;
+ break;
+ }
+ c*=64;
+
+ x = pos(p[1]);
+ if(x >= 0)
+ c += x;
+ else
+ return -1;
+ c*=64;
+
+ if(p[2] == '=')
+ done++;
+ else{
+ x = pos(p[2]);
+ if(x >= 0)
+ c += x;
+ else
+ return -1;
+ }
+ c*=64;
+
+ if(p[3] == '=')
+ done++;
+ else{
+ if(done)
+ return -1;
+ x = pos(p[3]);
+ if(x >= 0)
+ c += x;
+ else
+ return -1;
+ }
+ if(done < 3)
+ *q++=(c&0x00ff0000)>>16;
+
+ if(done < 2)
+ *q++=(c&0x0000ff00)>>8;
+ if(done < 1)
+ *q++=(c&0x000000ff)>>0;
+ }
+ return q - (unsigned char*)data;
+}
diff --git a/crypto/kerberosIV/appl/ftp/common/base64.h b/crypto/kerberosIV/appl/ftp/common/base64.h
new file mode 100644
index 000000000000..fe799a2dccf0
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/base64.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: base64.h,v 1.5 1997/04/01 08:17:19 joda Exp $ */
+
+#ifndef _BASE64_H_
+#define _BASE64_H_
+
+int base64_encode(const void *data, int size, char **str);
+int base64_decode(const char *str, void *data);
+
+#endif
diff --git a/crypto/kerberosIV/appl/ftp/common/buffer.c b/crypto/kerberosIV/appl/ftp/common/buffer.c
new file mode 100644
index 000000000000..5b7829a5da96
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/buffer.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "common.h"
+#include <stdio.h>
+#include "roken.h"
+
+RCSID("$Id: buffer.c,v 1.1 1997/05/18 19:59:24 assar Exp $");
+
+/*
+ * Allocate a buffer enough to handle st->st_blksize, if
+ * there is such a field, otherwise BUFSIZ.
+ */
+
+void *
+alloc_buffer (void *oldbuf, size_t *sz, struct stat *st)
+{
+ size_t new_sz;
+
+ new_sz = BUFSIZ;
+#ifdef HAVE_ST_BLKSIZE
+ if (st)
+ new_sz = max(BUFSIZ, st->st_blksize);
+#endif
+ if(new_sz > *sz) {
+ if (oldbuf)
+ free (oldbuf);
+ oldbuf = malloc (new_sz);
+ if (oldbuf == NULL) {
+ warn ("malloc");
+ *sz = 0;
+ return NULL;
+ }
+ *sz = new_sz;
+ }
+ return oldbuf;
+}
+
diff --git a/crypto/kerberosIV/appl/ftp/common/common.h b/crypto/kerberosIV/appl/ftp/common/common.h
new file mode 100644
index 000000000000..4ec3149998b0
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/common.h
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: common.h,v 1.9 1997/05/18 19:59:58 assar Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifndef __COMMON_H__
+#define __COMMON_H__
+
+#include "base64.h"
+
+void set_buffer_size(int, int);
+
+#include <stdlib.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+void *alloc_buffer (void *oldbuf, size_t *sz, struct stat *st);
+
+#endif /* __COMMON_H__ */
diff --git a/crypto/kerberosIV/appl/ftp/common/glob.c b/crypto/kerberosIV/appl/ftp/common/glob.c
new file mode 100644
index 000000000000..8f19d7ca4dab
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/glob.c
@@ -0,0 +1,835 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * glob(3) -- a superset of the one defined in POSIX 1003.2.
+ *
+ * The [!...] convention to negate a range is supported (SysV, Posix, ksh).
+ *
+ * Optional extra services, controlled by flags not defined by POSIX:
+ *
+ * GLOB_QUOTE:
+ * Escaping convention: \ inhibits any special meaning the following
+ * character might have (except \ at end of string is retained).
+ * GLOB_MAGCHAR:
+ * Set in gl_flags if pattern contained a globbing character.
+ * GLOB_NOMAGIC:
+ * Same as GLOB_NOCHECK, but it will only append pattern if it did
+ * not contain any magic characters. [Used in csh style globbing]
+ * GLOB_ALTDIRFUNC:
+ * Use alternately specified directory access functions.
+ * GLOB_TILDE:
+ * expand ~user/foo to the /home/dir/of/user/foo
+ * GLOB_BRACE:
+ * expand {1,2}{a,b} to 1a 1b 2a 2b
+ * gl_matchc:
+ * Number of matches in the current invocation of glob.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#include <ctype.h>
+#ifdef HAVE_DIRENT_H
+#include <dirent.h>
+#endif
+#include <errno.h>
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "glob.h"
+#include "roken.h"
+
+#define CHAR_DOLLAR '$'
+#define CHAR_DOT '.'
+#define CHAR_EOS '\0'
+#define CHAR_LBRACKET '['
+#define CHAR_NOT '!'
+#define CHAR_QUESTION '?'
+#define CHAR_QUOTE '\\'
+#define CHAR_RANGE '-'
+#define CHAR_RBRACKET ']'
+#define CHAR_SEP '/'
+#define CHAR_STAR '*'
+#define CHAR_TILDE '~'
+#define CHAR_UNDERSCORE '_'
+#define CHAR_LBRACE '{'
+#define CHAR_RBRACE '}'
+#define CHAR_SLASH '/'
+#define CHAR_COMMA ','
+
+#ifndef DEBUG
+
+#define M_QUOTE 0x8000
+#define M_PROTECT 0x4000
+#define M_MASK 0xffff
+#define M_ASCII 0x00ff
+
+typedef u_short Char;
+
+#else
+
+#define M_QUOTE 0x80
+#define M_PROTECT 0x40
+#define M_MASK 0xff
+#define M_ASCII 0x7f
+
+typedef char Char;
+
+#endif
+
+
+#define CHAR(c) ((Char)((c)&M_ASCII))
+#define META(c) ((Char)((c)|M_QUOTE))
+#define M_ALL META('*')
+#define M_END META(']')
+#define M_NOT META('!')
+#define M_ONE META('?')
+#define M_RNG META('-')
+#define M_SET META('[')
+#define ismeta(c) (((c)&M_QUOTE) != 0)
+
+
+static int compare (const void *, const void *);
+static void g_Ctoc (const Char *, char *);
+static int g_lstat (Char *, struct stat *, glob_t *);
+static DIR *g_opendir (Char *, glob_t *);
+static Char *g_strchr (Char *, int);
+#ifdef notdef
+static Char *g_strcat (Char *, const Char *);
+#endif
+static int g_stat (Char *, struct stat *, glob_t *);
+static int glob0 (const Char *, glob_t *);
+static int glob1 (Char *, glob_t *);
+static int glob2 (Char *, Char *, Char *, glob_t *);
+static int glob3 (Char *, Char *, Char *, Char *, glob_t *);
+static int globextend (const Char *, glob_t *);
+static const Char * globtilde (const Char *, Char *, glob_t *);
+static int globexp1 (const Char *, glob_t *);
+static int globexp2 (const Char *, const Char *, glob_t *, int *);
+static int match (Char *, Char *, Char *);
+#ifdef DEBUG
+static void qprintf (const char *, Char *);
+#endif
+
+int
+glob(const char *pattern,
+ int flags,
+ int (*errfunc)(const char *, int),
+ glob_t *pglob)
+{
+ const u_char *patnext;
+ int c;
+ Char *bufnext, *bufend, patbuf[MaxPathLen+1];
+
+ patnext = (u_char *) pattern;
+ if (!(flags & GLOB_APPEND)) {
+ pglob->gl_pathc = 0;
+ pglob->gl_pathv = NULL;
+ if (!(flags & GLOB_DOOFFS))
+ pglob->gl_offs = 0;
+ }
+ pglob->gl_flags = flags & ~GLOB_MAGCHAR;
+ pglob->gl_errfunc = errfunc;
+ pglob->gl_matchc = 0;
+
+ bufnext = patbuf;
+ bufend = bufnext + MaxPathLen;
+ if (flags & GLOB_QUOTE) {
+ /* Protect the quoted characters. */
+ while (bufnext < bufend && (c = *patnext++) != CHAR_EOS)
+ if (c == CHAR_QUOTE) {
+ if ((c = *patnext++) == CHAR_EOS) {
+ c = CHAR_QUOTE;
+ --patnext;
+ }
+ *bufnext++ = c | M_PROTECT;
+ }
+ else
+ *bufnext++ = c;
+ }
+ else
+ while (bufnext < bufend && (c = *patnext++) != CHAR_EOS)
+ *bufnext++ = c;
+ *bufnext = CHAR_EOS;
+
+ if (flags & GLOB_BRACE)
+ return globexp1(patbuf, pglob);
+ else
+ return glob0(patbuf, pglob);
+}
+
+/*
+ * Expand recursively a glob {} pattern. When there is no more expansion
+ * invoke the standard globbing routine to glob the rest of the magic
+ * characters
+ */
+static int globexp1(const Char *pattern, glob_t *pglob)
+{
+ const Char* ptr = pattern;
+ int rv;
+
+ /* Protect a single {}, for find(1), like csh */
+ if (pattern[0] == CHAR_LBRACE && pattern[1] == CHAR_RBRACE && pattern[2] == CHAR_EOS)
+ return glob0(pattern, pglob);
+
+ while ((ptr = (const Char *) g_strchr((Char *) ptr, CHAR_LBRACE)) != NULL)
+ if (!globexp2(ptr, pattern, pglob, &rv))
+ return rv;
+
+ return glob0(pattern, pglob);
+}
+
+
+/*
+ * Recursive brace globbing helper. Tries to expand a single brace.
+ * If it succeeds then it invokes globexp1 with the new pattern.
+ * If it fails then it tries to glob the rest of the pattern and returns.
+ */
+static int globexp2(const Char *ptr, const Char *pattern,
+ glob_t *pglob, int *rv)
+{
+ int i;
+ Char *lm, *ls;
+ const Char *pe, *pm, *pl;
+ Char patbuf[MaxPathLen + 1];
+
+ /* copy part up to the brace */
+ for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
+ continue;
+ ls = lm;
+
+ /* Find the balanced brace */
+ for (i = 0, pe = ++ptr; *pe; pe++)
+ if (*pe == CHAR_LBRACKET) {
+ /* Ignore everything between [] */
+ for (pm = pe++; *pe != CHAR_RBRACKET && *pe != CHAR_EOS; pe++)
+ continue;
+ if (*pe == CHAR_EOS) {
+ /*
+ * We could not find a matching CHAR_RBRACKET.
+ * Ignore and just look for CHAR_RBRACE
+ */
+ pe = pm;
+ }
+ }
+ else if (*pe == CHAR_LBRACE)
+ i++;
+ else if (*pe == CHAR_RBRACE) {
+ if (i == 0)
+ break;
+ i--;
+ }
+
+ /* Non matching braces; just glob the pattern */
+ if (i != 0 || *pe == CHAR_EOS) {
+ *rv = glob0(patbuf, pglob);
+ return 0;
+ }
+
+ for (i = 0, pl = pm = ptr; pm <= pe; pm++)
+ switch (*pm) {
+ case CHAR_LBRACKET:
+ /* Ignore everything between [] */
+ for (pl = pm++; *pm != CHAR_RBRACKET && *pm != CHAR_EOS; pm++)
+ continue;
+ if (*pm == CHAR_EOS) {
+ /*
+ * We could not find a matching CHAR_RBRACKET.
+ * Ignore and just look for CHAR_RBRACE
+ */
+ pm = pl;
+ }
+ break;
+
+ case CHAR_LBRACE:
+ i++;
+ break;
+
+ case CHAR_RBRACE:
+ if (i) {
+ i--;
+ break;
+ }
+ /* FALLTHROUGH */
+ case CHAR_COMMA:
+ if (i && *pm == CHAR_COMMA)
+ break;
+ else {
+ /* Append the current string */
+ for (lm = ls; (pl < pm); *lm++ = *pl++)
+ continue;
+ /*
+ * Append the rest of the pattern after the
+ * closing brace
+ */
+ for (pl = pe + 1; (*lm++ = *pl++) != CHAR_EOS;)
+ continue;
+
+ /* Expand the current pattern */
+#ifdef DEBUG
+ qprintf("globexp2:", patbuf);
+#endif
+ *rv = globexp1(patbuf, pglob);
+
+ /* move after the comma, to the next string */
+ pl = pm + 1;
+ }
+ break;
+
+ default:
+ break;
+ }
+ *rv = 0;
+ return 0;
+}
+
+
+
+/*
+ * expand tilde from the passwd file.
+ */
+static const Char *
+globtilde(const Char *pattern, Char *patbuf, glob_t *pglob)
+{
+ struct passwd *pwd;
+ char *h;
+ const Char *p;
+ Char *b;
+
+ if (*pattern != CHAR_TILDE || !(pglob->gl_flags & GLOB_TILDE))
+ return pattern;
+
+ /* Copy up to the end of the string or / */
+ for (p = pattern + 1, h = (char *) patbuf; *p && *p != CHAR_SLASH;
+ *h++ = *p++)
+ continue;
+
+ *h = CHAR_EOS;
+
+ if (((char *) patbuf)[0] == CHAR_EOS) {
+ /*
+ * handle a plain ~ or ~/ by expanding $HOME
+ * first and then trying the password file
+ */
+ if ((h = getenv("HOME")) == NULL) {
+ if ((pwd = k_getpwuid(getuid())) == NULL)
+ return pattern;
+ else
+ h = pwd->pw_dir;
+ }
+ }
+ else {
+ /*
+ * Expand a ~user
+ */
+ if ((pwd = k_getpwnam((char*) patbuf)) == NULL)
+ return pattern;
+ else
+ h = pwd->pw_dir;
+ }
+
+ /* Copy the home directory */
+ for (b = patbuf; *h; *b++ = *h++)
+ continue;
+
+ /* Append the rest of the pattern */
+ while ((*b++ = *p++) != CHAR_EOS)
+ continue;
+
+ return patbuf;
+}
+
+
+/*
+ * The main glob() routine: compiles the pattern (optionally processing
+ * quotes), calls glob1() to do the real pattern matching, and finally
+ * sorts the list (unless unsorted operation is requested). Returns 0
+ * if things went well, nonzero if errors occurred. It is not an error
+ * to find no matches.
+ */
+static int
+glob0(const Char *pattern, glob_t *pglob)
+{
+ const Char *qpatnext;
+ int c, err, oldpathc;
+ Char *bufnext, patbuf[MaxPathLen+1];
+
+ qpatnext = globtilde(pattern, patbuf, pglob);
+ oldpathc = pglob->gl_pathc;
+ bufnext = patbuf;
+
+ /* We don't need to check for buffer overflow any more. */
+ while ((c = *qpatnext++) != CHAR_EOS) {
+ switch (c) {
+ case CHAR_LBRACKET:
+ c = *qpatnext;
+ if (c == CHAR_NOT)
+ ++qpatnext;
+ if (*qpatnext == CHAR_EOS ||
+ g_strchr((Char *) qpatnext+1, CHAR_RBRACKET) == NULL) {
+ *bufnext++ = CHAR_LBRACKET;
+ if (c == CHAR_NOT)
+ --qpatnext;
+ break;
+ }
+ *bufnext++ = M_SET;
+ if (c == CHAR_NOT)
+ *bufnext++ = M_NOT;
+ c = *qpatnext+